Some more sanity-checking of args, and just warn and ignore OpenSSH args

--HG--
extra : convert_revision : 94cf58a3a50848156aaaf757d0a72163c0355406

cli-runopts.c

@@ -44,7 +44,7 @@ static void addforward(char* str, struct TCPFwdList** fwdlist);
 static void printhelp() {
 
 	fprintf(stderr, "Dropbear client v%s\n"
-					"Usage: %s [options] user@host\n"
+					"Usage: %s [options] [user@]host\n"
 					"Options are:\n"
 					"-p <remoteport>\n"
 					"-t    Allocate a pty\n"
@@ -58,6 +58,7 @@ static void printhelp() {
 #ifdef ENABLE_CLI_REMOTETCPFWD
 					"-R <listenport:remotehost:remoteport> Remote port forwarding\n"
 #endif
+					"-l <username>\n"
 					,DROPBEAR_VERSION, cli_opts.progname);
 }
 
@@ -75,6 +76,7 @@ void cli_getopts(int argc, char ** argv) {
 #ifdef ENABLE_CLI_REMOTETCPFWD
 	int nextisremote = 0;
 #endif
+	char* dummy = NULL; /* Not used for anything real */
 
 	/* see printhelp() for options */
 	cli_opts.progname = argv[0];
@@ -138,6 +140,12 @@ void cli_getopts(int argc, char ** argv) {
 		if (argv[i][0] == '-') {
 			/* A flag *waves* */
 
+			if (strlen(argv[i]) > 2) {
+					fprintf(stderr, 
+						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
+					continue;
+			}
+
 			switch (argv[i][1]) {
 				case 'p': /* remoteport */
 					next = &cli_opts.remoteport;
@@ -163,10 +171,30 @@ void cli_getopts(int argc, char ** argv) {
 					nextisremote = 1;
 					break;
 #endif
-				default:
+				case 'l':
-					fprintf(stderr, "Unknown argument '%s'\n", argv[i]);
+					next = &cli_opts.username;
+					break;
+				case 'h':
 					printhelp();
-					exit(EXIT_FAILURE);
+					exit(EXIT_SUCCESS);
+					break;
+				case 'F':
+				case 'e':
+				case 'c':
+				case 'm':
+				case 'D':
+#ifndef ENABLE_CLI_REMOTETCPFWD
+				case 'R':
+#endif
+#ifndef ENABLE_CLI_LOCALTCPFWD
+				case 'L':
+#endif
+				case 'o':
+				case 'b':
+					next = &dummy;
+				default:
+					fprintf(stderr, 
+						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
 					break;
 			} /* Switch */
 
@@ -208,7 +236,8 @@ void cli_getopts(int argc, char ** argv) {
 	}
 
 	if (cli_opts.remotehost == NULL) {
-		dropbear_exit("Bad syntax");
+		printhelp();
+		exit(EXIT_FAILURE);
 	}
 
 	if (cli_opts.remoteport == NULL) {

cli-tcpfwd.c

@@ -32,6 +32,8 @@ void setup_localtcp() {
 
 	int ret;
 
+	TRACE(("enter setup_localtcp"));
+
 	if (cli_opts.localfwds == NULL) {
 		TRACE(("cli_opts.localfwds == NULL"));
 	}
@@ -49,6 +51,7 @@ void setup_localtcp() {
 
 		cli_opts.localfwds = cli_opts.localfwds->next;
 	}
+	TRACE(("leave setup_localtcp"));
 
 }
 
@@ -96,6 +99,8 @@ void setup_remotetcp() {
 
 	struct TCPFwdList * iter = NULL;
 
+	TRACE(("enter setup_remotetcp"));
+
 	if (cli_opts.remotefwds == NULL) {
 		TRACE(("cli_opts.remotefwds == NULL"));
 	}
@@ -106,6 +111,7 @@ void setup_remotetcp() {
 		send_msg_global_request_remotetcp(iter->listenport);
 		iter = iter->next;
 	}
+	TRACE(("leave setup_remotetcp"));
 }
 
 static int newtcpforwarded(struct Channel * channel) {

options.h

@@ -47,19 +47,20 @@
  * if you want to use this) */
 /*#define NO_FAST_EXPTMOD*/
 
-/* Enable X11 Forwarding */
+/* Enable X11 Forwarding - server only */
 #define ENABLE_X11FWD
 
 /* Enable TCP Fowarding */
-/* "-L" style forwarding (client listening port forwarded via server) */
+/* 'Local' is "-L" style (client listening port forwarded via server)
+ * 'Remote' is "-R" style (server listening port forwarded via client) */
+
 #define ENABLE_CLI_LOCALTCPFWD
-/* "-R" style forwarding (server listening port forwarded via client) */
 #define ENABLE_CLI_REMOTETCPFWD
 
 #define ENABLE_SVR_LOCALTCPFWD
 #define ENABLE_SVR_REMOTETCPFWD
 
-/* Enable Authentication Agent Forwarding */
+/* Enable Authentication Agent Forwarding - server only for now */
 #define ENABLE_AGENTFWD
 
 /* Encryption - at least one required.
@@ -113,8 +114,11 @@
 
 /* Authentication types to enable, at least one required.
    RFC Draft requires pubkey auth, and recommends password */
-#define DROPBEAR_PASSWORD_AUTH
+#define DROPBEAR_SVR_PASSWORD_AUTH
-#define DROPBEAR_PUBKEY_AUTH
+#define DROPBEAR_SVR_PUBKEY_AUTH
+
+#define DROPBEAR_CLI_PASSWORD_AUTH
+#define DROPBEAR_CLI_PUBKEY_AUTH
 
 /* Random device to use - you must specify _one only_.
  * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
@@ -136,7 +140,7 @@
 #define MAX_UNAUTH_CLIENTS 30
 #endif
 
-/* Maximum number of failed authentication tries */
+/* Maximum number of failed authentication tries (server option) */
 #ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
 #endif
@@ -159,8 +163,9 @@
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 #endif
 
-/* This is used by the scp binary when used as a client binary */
+/* This is used by the scp binary when used as a client binary. If you're
-#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
+ * not using the Dropbear client, you'll need to change it */
+#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
 
 /* Multi-purpose binary configuration has now moved. Look at the top
  * of the Makefile for instructions, or INSTALL */