search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Tomato 1.28
[tomato.git] / release / src / router / dropbear / svr-runopts.c
blob4f1355a6b9e1f88ba6737d284b44cc1f684c67c3
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "runopts.h"
27 #include "signkey.h"
28 #include "buffer.h"
29 #include "dbutil.h"
30 #include "algo.h"
31
32 svr_runopts svr_opts; /* GLOBAL */
33
34 static void printhelp(const char * progname);
35 static void addportandaddress(char* spec);
36
37 static void printhelp(const char * progname) {
38
39 fprintf(stderr, "Dropbear sshd v%s\n"
40 "Usage: %s [options]\n"
41 "Options are:\n"
42 "-b bannerfile Display the contents of bannerfile"
43 " before user login\n"
44 " (default: none)\n"
45 #ifdef DROPBEAR_DSS
46 "-d dsskeyfile Use dsskeyfile for the dss host key\n"
47 " (default: %s)\n"
48 #endif
49 #ifdef DROPBEAR_RSA
50 "-r rsakeyfile Use rsakeyfile for the rsa host key\n"
51 " (default: %s)\n"
52 #endif
53 "-F Don't fork into background\n"
54 #ifdef DISABLE_SYSLOG
55 "(Syslog support not compiled in, using stderr)\n"
56 #else
57 "-E Log to stderr rather than syslog\n"
58 #endif
59 #ifdef DO_MOTD
60 "-m Don't display the motd on login\n"
61 #endif
62 "-w Disallow root logins\n"
63 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
64 "-s Disable password logins\n"
65 "-g Disable password logins for root\n"
66 #endif
67 #ifdef ENABLE_SVR_LOCALTCPFWD
68 "-j Disable local port forwarding\n"
69 #endif
70 #ifdef ENABLE_SVR_REMOTETCPFWD
71 "-k Disable remote port forwarding\n"
72 "-a Allow connections to forwarded ports from any host\n"
73 #endif
74 "-p [address:]port\n"
75 " Listen on specified tcp port (and optionally address),\n"
76 " up to %d can be specified\n"
77 " (default port is %s if none specified)\n"
78 "-P PidFile Create pid file PidFile\n"
79 " (default %s)\n"
80 #ifdef INETD_MODE
81 "-i Start for inetd\n"
82 #endif
83 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
84 "-K <keepalive> (0 is never, default %d)\n"
85 "-I <idle_timeout> (0 is never, default %d)\n"
86 #ifdef DEBUG_TRACE
87 "-v verbose (compiled with DEBUG_TRACE)\n"
88 #endif
89 ,DROPBEAR_VERSION, progname,
90 #ifdef DROPBEAR_DSS
91 DSS_PRIV_FILENAME,
92 #endif
93 #ifdef DROPBEAR_RSA
94 RSA_PRIV_FILENAME,
95 #endif
96 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
97 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
98 }
99
100 void svr_getopts(int argc, char ** argv) {
101
102 unsigned int i;
103 char ** next = 0;
104 int nextisport = 0;
105 char* recv_window_arg = NULL;
106 char* keepalive_arg = NULL;
107 char* idle_timeout_arg = NULL;
108
109 /* see printhelp() for options */
110 svr_opts.rsakeyfile = NULL;
111 svr_opts.dsskeyfile = NULL;
112 svr_opts.bannerfile = NULL;
113 svr_opts.banner = NULL;
114 svr_opts.forkbg = 1;
115 svr_opts.norootlogin = 0;
116 svr_opts.noauthpass = 0;
117 svr_opts.norootpass = 0;
118 svr_opts.inetdmode = 0;
119 svr_opts.portcount = 0;
120 svr_opts.hostkey = NULL;
121 svr_opts.pidfile = DROPBEAR_PIDFILE;
122 #ifdef ENABLE_SVR_LOCALTCPFWD
123 svr_opts.nolocaltcp = 0;
124 #endif
125 #ifdef ENABLE_SVR_REMOTETCPFWD
126 svr_opts.noremotetcp = 0;
127 #endif
128 /* not yet
129 opts.ipv4 = 1;
130 opts.ipv6 = 1;
131 */
132 #ifdef DO_MOTD
133 svr_opts.domotd = 1;
134 #endif
135 #ifndef DISABLE_SYSLOG
136 svr_opts.usingsyslog = 1;
137 #endif
138 opts.recv_window = DEFAULT_RECV_WINDOW;
139 opts.keepalive_secs = DEFAULT_KEEPALIVE;
140 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
141
142 #ifdef ENABLE_SVR_REMOTETCPFWD
143 opts.listen_fwd_all = 0;
144 #endif
145
146 for (i = 1; i < (unsigned int)argc; i++) {
147 if (nextisport) {
148 addportandaddress(argv[i]);
149 nextisport = 0;
150 continue;
151 }
152
153 if (next) {
154 *next = argv[i];
155 if (*next == NULL) {
156 dropbear_exit("Invalid null argument");
157 }
158 next = 0x00;
159 continue;
160 }
161
162 if (argv[i][0] == '-') {
163 switch (argv[i][1]) {
164 case 'b':
165 next = &svr_opts.bannerfile;
166 break;
167 #ifdef DROPBEAR_DSS
168 case 'd':
169 next = &svr_opts.dsskeyfile;
170 break;
171 #endif
172 #ifdef DROPBEAR_RSA
173 case 'r':
174 next = &svr_opts.rsakeyfile;
175 break;
176 #endif
177 case 'F':
178 svr_opts.forkbg = 0;
179 break;
180 #ifndef DISABLE_SYSLOG
181 case 'E':
182 svr_opts.usingsyslog = 0;
183 break;
184 #endif
185 #ifdef ENABLE_SVR_LOCALTCPFWD
186 case 'j':
187 svr_opts.nolocaltcp = 1;
188 break;
189 #endif
190 #ifdef ENABLE_SVR_REMOTETCPFWD
191 case 'k':
192 svr_opts.noremotetcp = 1;
193 break;
194 case 'a':
195 opts.listen_fwd_all = 1;
196 break;
197 #endif
198 #ifdef INETD_MODE
199 case 'i':
200 svr_opts.inetdmode = 1;
201 break;
202 #endif
203 case 'p':
204 nextisport = 1;
205 break;
206 case 'P':
207 next = &svr_opts.pidfile;
208 break;
209 #ifdef DO_MOTD
210 /* motd is displayed by default, -m turns it off */
211 case 'm':
212 svr_opts.domotd = 0;
213 break;
214 #endif
215 case 'w':
216 svr_opts.norootlogin = 1;
217 break;
218 case 'W':
219 next = &recv_window_arg;
220 break;
221 case 'K':
222 next = &keepalive_arg;
223 break;
224 case 'I':
225 next = &idle_timeout_arg;
226 break;
227 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
228 case 's':
229 svr_opts.noauthpass = 1;
230 break;
231 case 'g':
232 svr_opts.norootpass = 1;
233 break;
234 #endif
235 case 'h':
236 printhelp(argv[0]);
237 exit(EXIT_FAILURE);
238 break;
239 case 'u':
240 /* backwards compatibility with old urandom option */
241 break;
242 #ifdef DEBUG_TRACE
243 case 'v':
244 debug_trace = 1;
245 break;
246 #endif
247 default:
248 fprintf(stderr, "Unknown argument %s\n", argv[i]);
249 printhelp(argv[0]);
250 exit(EXIT_FAILURE);
251 break;
252 }
253 }
254 }
255
256 /* Set up listening ports */
257 if (svr_opts.portcount == 0) {
258 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT);
259 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS);
260 svr_opts.portcount = 1;
261 }
262
263 if (svr_opts.dsskeyfile == NULL) {
264 svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
265 }
266 if (svr_opts.rsakeyfile == NULL) {
267 svr_opts.rsakeyfile = RSA_PRIV_FILENAME;
268 }
269
270 if (svr_opts.bannerfile) {
271 struct stat buf;
272 if (stat(svr_opts.bannerfile, &buf) != 0) {
273 dropbear_exit("Error opening banner file '%s'",
274 svr_opts.bannerfile);
275 }
276
277 if (buf.st_size > MAX_BANNER_SIZE) {
278 dropbear_exit("Banner file too large, max is %d bytes",
279 MAX_BANNER_SIZE);
280 }
281
282 svr_opts.banner = buf_new(buf.st_size);
283 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
284 dropbear_exit("Error reading banner file '%s'",
285 svr_opts.bannerfile);
286 }
287 buf_setpos(svr_opts.banner, 0);
288
289 }
290
291 if (recv_window_arg) {
292 opts.recv_window = atol(recv_window_arg);
293 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
294 dropbear_exit("Bad recv window '%s'", recv_window_arg);
295 }
296 }
297
298 if (keepalive_arg) {
299 if (m_str_to_uint(keepalive_arg, &opts.keepalive_secs) == DROPBEAR_FAILURE) {
300 dropbear_exit("Bad keepalive '%s'", keepalive_arg);
301 }
302 }
303
304 if (idle_timeout_arg) {
305 if (m_str_to_uint(idle_timeout_arg, &opts.idle_timeout_secs) == DROPBEAR_FAILURE) {
306 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
307 }
308 }
309 }
310
311 static void addportandaddress(char* spec) {
312
313 char *myspec = NULL;
314
315 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) {
316
317 /* We don't free it, it becomes part of the runopt state */
318 myspec = m_strdup(spec);
319
320 /* search for ':', that separates address and port */
321 svr_opts.ports[svr_opts.portcount] = strchr(myspec, ':');
322
323 if (svr_opts.ports[svr_opts.portcount] == NULL) {
324 /* no ':' -> the whole string specifies just a port */
325 svr_opts.ports[svr_opts.portcount] = myspec;
326 } else {
327 /* Split the address/port */
328 svr_opts.ports[svr_opts.portcount][0] = '\0';
329 svr_opts.ports[svr_opts.portcount]++;
330 svr_opts.addresses[svr_opts.portcount] = myspec;
331 }
332
333 if (svr_opts.addresses[svr_opts.portcount] == NULL) {
334 /* no address given -> fill in the default address */
335 svr_opts.addresses[svr_opts.portcount] = m_strdup(DROPBEAR_DEFADDRESS);
336 }
337
338 if (svr_opts.ports[svr_opts.portcount][0] == '\0') {
339 /* empty port -> exit */
340 dropbear_exit("Bad port");
341 }
342
343 svr_opts.portcount++;
344 }
345 }
346
347 static void disablekey(int type, const char* filename) {
348
349 int i;
350
351 for (i = 0; sshhostkey[i].name != NULL; i++) {
352 if (sshhostkey[i].val == type) {
353 sshhostkey[i].usable = 0;
354 break;
355 }
356 }
357 dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename,
358 type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA");
359 }
360
361 /* Must be called after syslog/etc is working */
362 void loadhostkeys() {
363
364 int ret;
365 int type;
366
367 TRACE(("enter loadhostkeys"))
368
369 svr_opts.hostkey = new_sign_key();
370
371 #ifdef DROPBEAR_RSA
372 type = DROPBEAR_SIGNKEY_RSA;
373 ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type);
374 if (ret == DROPBEAR_FAILURE) {
375 disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile);
376 }
377 #endif
378 #ifdef DROPBEAR_DSS
379 type = DROPBEAR_SIGNKEY_DSS;
380 ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type);
381 if (ret == DROPBEAR_FAILURE) {
382 disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile);
383 }
384 #endif
385
386 if ( 1
387 #ifdef DROPBEAR_DSS
388 && svr_opts.hostkey->dsskey == NULL
389 #endif
390 #ifdef DROPBEAR_RSA
391 && svr_opts.hostkey->rsakey == NULL
392 #endif
393 ) {
394 dropbear_exit("No hostkeys available");
395 }
396
397 TRACE(("leave loadhostkeys"))
398 }
Tomato firmware and modifications.