2
* Dropbear - a SSH2 server
4
* Copyright (c) 2002,2003 Matt Johnston
7
* Permission is hereby granted, free of charge, to any person obtaining a copy
8
* of this software and associated documentation files (the "Software"), to deal
9
* in the Software without restriction, including without limitation the rights
10
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11
* copies of the Software, and to permit persons to whom the Software is
12
* furnished to do so, subject to the following conditions:
14
* The above copyright notice and this permission notice shall be included in
15
* all copies or substantial portions of the Software.
17
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32
static sign_key * loadhostkeys(const char * dsskeyfile,
33
const char * rsakeyfile);
34
static int readhostkey(const char * filename, sign_key * hostkey, int type);
35
static void printhelp(const char * progname);
37
static void printhelp(const char * progname) {
39
fprintf(stderr, "Dropbear sshd v%s\n"
40
"Usage: %s [options]\n"
42
"-b bannerfile Display the contents of bannerfile"
43
" before user login\n"
46
"-d dsskeyfile Use dsskeyfile for the dss host key\n"
50
"-r rsakeyfile Use rsakeyfile for the rsa host key\n"
53
"-F Don't fork into background\n"
55
"(Syslog support not compiled in, using stderr)\n"
57
"-E Log to stderr rather than syslog\n"
60
"-m Don't display the motd on login\n"
62
"-w Disallow root logins\n"
63
#ifdef DROPBEAR_PASSWORD_AUTH
64
"-s Disable password logins\n"
65
"-g Disable password logins for root\n"
67
#ifndef DISABLE_LOCALTCPFWD
68
"-j Disable local port forwarding\n"
70
#ifndef DISABLE_REMOTETCPFWD
71
"-k Disable remote port forwarding\n"
74
"-i Start for inetd\n"
76
"-p port Listen on specified tcp port, up to %d can be specified\n"
77
" (default %d if none specified)\n"
78
/* "-4/-6 Disable listening on ipv4/ipv6 respectively\n"*/
80
,DROPBEAR_VERSION, progname,
87
DROPBEAR_MAX_PORTS, DROPBEAR_PORT);
90
/* returns NULL on failure, or a pointer to a freshly allocated
91
* runopts structure */
92
runopts * getrunopts(int argc, char ** argv) {
97
unsigned int portnum = 0;
98
char *portstring[DROPBEAR_MAX_PORTS];
99
unsigned int longport;
101
/* see printhelp() for options */
102
opts = (runopts*)m_malloc(sizeof(runopts));
103
opts->rsakeyfile = NULL;
104
opts->dsskeyfile = NULL;
105
opts->bannerfile = NULL;
108
opts->norootlogin = 0;
109
opts->noauthpass = 0;
110
opts->norootpass = 0;
111
opts->nolocaltcp = 0;
112
opts->noremotetcp = 0;
120
#ifndef DISABLE_SYSLOG
125
for (i = 1; i < (unsigned int)argc; i++) {
129
dropbear_exit("Invalid null argument");
135
if (argv[i][0] == '-') {
136
switch (argv[i][1]) {
138
next = &opts->bannerfile;
142
next = &opts->dsskeyfile;
147
next = &opts->rsakeyfile;
153
#ifndef DISABLE_SYSLOG
158
#ifndef DISABLE_LOCALTCPFWD
160
opts->nolocaltcp = 1;
163
#ifndef DISABLE_REMOTETCPFWD
165
opts->noremotetcp = 1;
169
if (portnum < DROPBEAR_MAX_PORTS) {
170
portstring[portnum] = NULL;
171
next = &portstring[portnum];
176
/* motd is displayed by default, -m turns it off */
182
opts->norootlogin = 1;
184
#ifdef DROPBEAR_PASSWORD_AUTH
186
opts->noauthpass = 1;
189
opts->norootpass = 1;
210
fprintf(stderr, "Unknown argument %s\n", argv[i]);
218
if (opts->dsskeyfile == NULL) {
219
opts->dsskeyfile = DSS_PRIV_FILENAME;
221
if (opts->rsakeyfile == NULL) {
222
opts->rsakeyfile = RSA_PRIV_FILENAME;
224
opts->hostkey = loadhostkeys(opts->dsskeyfile, opts->rsakeyfile);
226
if (opts->bannerfile) {
228
if (stat(opts->bannerfile, &buf) != 0) {
229
dropbear_exit("Error opening banner file '%s'",
233
if (buf.st_size > MAX_BANNER_SIZE) {
234
dropbear_exit("Banner file too large, max is %d bytes",
238
opts->banner = buf_new(buf.st_size);
239
if (buf_readfile(opts->banner, opts->bannerfile)!=DROPBEAR_SUCCESS) {
240
dropbear_exit("Error reading banner file '%s'",
243
buf_setpos(opts->banner, 0);
247
if (!(opts->ipv4 || opts->ipv6)) {
248
fprintf(stderr, "You can't disable ipv4 and ipv6.\n");
253
/* create the array of listening ports */
257
opts->ports = m_malloc(sizeof(uint16_t));
258
opts->ports[0] = DROPBEAR_PORT;
260
opts->portcount = portnum;
261
opts->ports = (uint16_t*)m_malloc(sizeof(uint16_t)*portnum);
262
for (i = 0; i < portnum; i++) {
264
longport = atoi(portstring[i]);
265
if (longport <= 65535 && longport > 0) {
266
opts->ports[i] = (uint16_t)longport;
270
fprintf(stderr, "Bad port '%s'\n",
271
portstring[i] ? portstring[i] : "null");
278
void freerunopts(runopts* opts) {
285
sign_key_free(opts->hostkey);
286
opts->hostkey = NULL;
293
/* returns success or failure */
294
static int readhostkey(const char * filename, sign_key * hostkey, int type) {
296
int ret = DROPBEAR_FAILURE;
302
if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
306
if (buf_get_priv_key(buf, hostkey, &type) == DROPBEAR_FAILURE) {
310
ret = DROPBEAR_SUCCESS;
312
if (ret == DROPBEAR_FAILURE) {
313
for (i = 0; sshhostkey[i].name != NULL; i++) {
314
if (sshhostkey[i].val == type) {
315
sshhostkey[i].usable = 0;
319
fprintf(stderr, "Failed reading '%s', disabling %s\n", filename,
320
type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA");
328
static sign_key * loadhostkeys(const char * dsskeyfile,
329
const char * rsakeyfile) {
333
TRACE(("enter loadhostkeys"));
335
hostkey = new_sign_key();
338
(void)readhostkey(rsakeyfile, hostkey, DROPBEAR_SIGNKEY_RSA);
342
(void)readhostkey(dsskeyfile, hostkey, DROPBEAR_SIGNKEY_DSS);
347
&& hostkey->dsskey == NULL
350
&& hostkey->rsakey == NULL
353
dropbear_exit("No hostkeys available");
356
TRACE(("leave loadhostkeys"));