Some more sanity-checking of args, and just warn and ignore OpenSSH args

--HG-- extra : convert_revision : 94cf58a3a50848156aaaf757d0a72163c0355406
2025-02-07 13:21:15 +00:00 · 2004-08-12 14:19:05 +00:00 · 2004-08-12 14:19:05 +00:00 · 986a932636
commit 986a932636
parent 9ea7c3bfcf
3 changed files with 54 additions and 14 deletions
--- a/cli-runopts.c
+++ b/cli-runopts.c
@ -44,7 +44,7 @@ static void addforward(char* str, struct TCPFwdList** fwdlist);
 static void printhelp() {

 	fprintf(stderr, "Dropbear client v%s\n"
-					"Usage: %s [options] user@host\n"
+					"Usage: %s [options] [user@]host\n"
 					"Options are:\n"
 					"-p <remoteport>\n"
 					"-t    Allocate a pty\n"
@ -58,6 +58,7 @@ static void printhelp() {
 #ifdef ENABLE_CLI_REMOTETCPFWD
 					"-R <listenport:remotehost:remoteport> Remote port forwarding\n"
 #endif
+					"-l <username>\n"
 					,DROPBEAR_VERSION, cli_opts.progname);
 }

@ -75,6 +76,7 @@ void cli_getopts(int argc, char ** argv) {
 #ifdef ENABLE_CLI_REMOTETCPFWD
 	int nextisremote = 0;
 #endif
+	char* dummy = NULL; /* Not used for anything real */

 	/* see printhelp() for options */
 	cli_opts.progname = argv[0];
@ -138,6 +140,12 @@ void cli_getopts(int argc, char ** argv) {
 		if (argv[i][0] == '-') {
 			/* A flag *waves* */

+			if (strlen(argv[i]) > 2) {
+					fprintf(stderr, 
+						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
+					continue;
+			}
+
 			switch (argv[i][1]) {
 				case 'p': /* remoteport */
 					next = &cli_opts.remoteport;
@ -163,10 +171,30 @@ void cli_getopts(int argc, char ** argv) {
 					nextisremote = 1;
 					break;
 #endif
-				default:
-					fprintf(stderr, "Unknown argument '%s'\n", argv[i]);
+				case 'l':
+					next = &cli_opts.username;
+					break;
+				case 'h':
 					printhelp();
-					exit(EXIT_FAILURE);
+					exit(EXIT_SUCCESS);
+					break;
+				case 'F':
+				case 'e':
+				case 'c':
+				case 'm':
+				case 'D':
+#ifndef ENABLE_CLI_REMOTETCPFWD
+				case 'R':
+#endif
+#ifndef ENABLE_CLI_LOCALTCPFWD
+				case 'L':
+#endif
+				case 'o':
+				case 'b':
+					next = &dummy;
+				default:
+					fprintf(stderr, 
+						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
 					break;
 			} /* Switch */

@ -208,7 +236,8 @@ void cli_getopts(int argc, char ** argv) {
 	}

 	if (cli_opts.remotehost == NULL) {
-		dropbear_exit("Bad syntax");
+		printhelp();
+		exit(EXIT_FAILURE);
 	}

 	if (cli_opts.remoteport == NULL) {
--- a/cli-tcpfwd.c
+++ b/cli-tcpfwd.c
@ -32,6 +32,8 @@ void setup_localtcp() {

 	int ret;

+	TRACE(("enter setup_localtcp"));
+
 	if (cli_opts.localfwds == NULL) {
 		TRACE(("cli_opts.localfwds == NULL"));
 	}
@ -49,6 +51,7 @@ void setup_localtcp() {

 		cli_opts.localfwds = cli_opts.localfwds->next;
 	}
+	TRACE(("leave setup_localtcp"));

 }

@ -96,6 +99,8 @@ void setup_remotetcp() {

 	struct TCPFwdList * iter = NULL;

+	TRACE(("enter setup_remotetcp"));
+
 	if (cli_opts.remotefwds == NULL) {
 		TRACE(("cli_opts.remotefwds == NULL"));
 	}
@ -106,6 +111,7 @@ void setup_remotetcp() {
 		send_msg_global_request_remotetcp(iter->listenport);
 		iter = iter->next;
 	}
+	TRACE(("leave setup_remotetcp"));
 }

 static int newtcpforwarded(struct Channel * channel) {
--- a/options.h
+++ b/options.h
@ -47,19 +47,20 @@
 * if you want to use this) */
 /*#define NO_FAST_EXPTMOD*/

-/* Enable X11 Forwarding */
+/* Enable X11 Forwarding - server only */
 #define ENABLE_X11FWD

 /* Enable TCP Fowarding */
-/* "-L" style forwarding (client listening port forwarded via server) */
+/* 'Local' is "-L" style (client listening port forwarded via server)
+ * 'Remote' is "-R" style (server listening port forwarded via client) */
+
 #define ENABLE_CLI_LOCALTCPFWD
-/* "-R" style forwarding (server listening port forwarded via client) */
 #define ENABLE_CLI_REMOTETCPFWD

 #define ENABLE_SVR_LOCALTCPFWD
 #define ENABLE_SVR_REMOTETCPFWD

-/* Enable Authentication Agent Forwarding */
+/* Enable Authentication Agent Forwarding - server only for now */
 #define ENABLE_AGENTFWD

 /* Encryption - at least one required.
@ -113,8 +114,11 @@

 /* Authentication types to enable, at least one required.
   RFC Draft requires pubkey auth, and recommends password */
-#define DROPBEAR_PASSWORD_AUTH
-#define DROPBEAR_PUBKEY_AUTH
+#define DROPBEAR_SVR_PASSWORD_AUTH
+#define DROPBEAR_SVR_PUBKEY_AUTH
+
+#define DROPBEAR_CLI_PASSWORD_AUTH
+#define DROPBEAR_CLI_PUBKEY_AUTH

 /* Random device to use - you must specify _one only_.
 * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
@ -136,7 +140,7 @@
 #define MAX_UNAUTH_CLIENTS 30
 #endif

-/* Maximum number of failed authentication tries */
+/* Maximum number of failed authentication tries (server option) */
 #ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
 #endif
@ -159,8 +163,9 @@
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 #endif

-/* This is used by the scp binary when used as a client binary */
-#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
+/* This is used by the scp binary when used as a client binary. If you're
+ * not using the Dropbear client, you'll need to change it */
+#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"

 /* Multi-purpose binary configuration has now moved. Look at the top
 * of the Makefile for instructions, or INSTALL */