diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2019-07-06 01:43:10 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2019-07-06 01:43:10 +0200 |
| commit | 7977be8365673f7f47c1e45f0508f099b7b94246 (patch) | |
| tree | 58fa4fd528cc612c232d30ea7a7cf1060fa20420 /src/options.c | |
| parent | 012a207b03ce131b7edd7360d9322f0bc02bfaab (diff) | |
| parent | c64928e8e0211edf2ccfa628dfa41e5bd62ef8ae (diff) | |
Merge branch 'master' into coverity_scan
Diffstat (limited to 'src/options.c')
| -rw-r--r-- | src/options.c | 55 |
1 files changed, 45 insertions, 10 deletions
diff --git a/src/options.c b/src/options.c index ffb5339..10838ad 100644 --- a/src/options.c +++ b/src/options.c @@ -41,6 +41,9 @@ #ifdef WIN32 #include <ws2tcpip.h> #endif +#ifdef ENABLE_SHA512 +#include <openssl/sha.h> +#endif #ifdef HAVE_CONFIG_H #include "config.h" @@ -107,7 +110,7 @@ static const struct option_usage usage[] = { "The special level 5 (or higher) includes xfer logging (lots of output)\n" }, /** --libpcap */ - {"interface", 0, OPT_STR, {.str = "eth0"}, + {"interface", 0, OPT_STR, {.str = NULL}, #ifndef HAVE_PCAP "(Not available on this platform.)\n" #endif @@ -169,6 +172,22 @@ static const struct option_usage usage[] = { "Tune the number of empty pings to send with each explicit acknowledgement.\n" "Empty pings can compensate for ICMP sequence number inspection.\n" }, + /** --force-md5 */ + {"force-md5", 0, OPT_BOOL, {.num = 0}, + "Force MD5 as challenge response checksum generator.\n" +#ifndef ENABLE_SHA512 + "This is the default for this configuration.\n" +#endif + }, + /** --force-sha512 */ + {"force-sha512", 0, OPT_BOOL, {.num = 0}, + "Force SHA512 as challenge response checksum generator.\n" +#ifdef ENABLE_SHA512 + "This is the default for this configuration.\n" +#else + "SHA512 is not available for this configuration.\n" +#endif + }, /** --daemon */ {"pidfile", 0, OPT_STR, {.str = "/run/ptunnel.pid"}, #ifdef WIN32 @@ -237,6 +256,8 @@ static struct option long_options[] = { {"resend-interval", required_argument, 0, 't'}, {"payload-size", required_argument, 0, 'y'}, {"empty-pings", required_argument, 0, 'E'}, + {"force-md5", no_argument, &opts.force_md5, 1}, + {"force-sha512", no_argument, &opts.force_sha512, 1}, {"daemon", optional_argument, 0, 'd'}, {"syslog", no_argument, 0, 'S'}, {"user", optional_argument, 0, 'u'}, @@ -250,8 +271,11 @@ static struct option long_options[] = { static const void *get_default_optval(enum option_type opttype, const char *optname) { for (unsigned i = 0; i < ARRAY_SIZE(long_options); ++i) { - if (strncmp(long_options[i].name, optname, BUFSIZ /* not optimal */) == 0) { - assert(usage[i].otype == opttype); + if (strncmp(long_options[i].name, optname, BUFSIZ /* not optimal */) == 0 && + strlen(long_options[i].name) == strlen(optname)) + { + assert(usage[i].otype == opttype && + (usage[i].otype != OPT_STR || usage[i].str)); return &usage[i].str; } } @@ -274,9 +298,6 @@ static void set_options_defaults(void) { opts.given_dst_port = *(uint32_t *) get_default_optval(OPT_DEC32, "remote-port"); opts.max_tunnels = *(uint32_t *) get_default_optval(OPT_DEC32, "connections"); opts.log_level = *(int *) get_default_optval(OPT_DEC32, "verbosity"); -#ifdef HAVE_PCAP - opts.pcap_device = strdup(*(char **)get_default_optval(OPT_STR, "libpcap")); -#endif opts.log_path = strdup(*(char **)get_default_optval(OPT_STR, "logfile")); opts.log_file = stdout; opts.print_stats = *(int *) get_default_optval(OPT_BOOL, "statistics"); @@ -421,7 +442,7 @@ int parse_options(int argc, char **argv) { * since you have to pass long options as '--option=value'. Commonly used * '--option value' is *NOT* allowed for some libc implementations. */ - c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L::o::sP:d::Su::g::C::e::w:a:t:y:E:h", &long_options[0], &oidx); + c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L:o::sP:d::Su::g::C::e::w:a:t:y:E:h", &long_options[0], &oidx); if (c == -1) break; switch (c) { @@ -498,13 +519,17 @@ int parse_options(int argc, char **argv) { if (opts.password) free(opts.password); opts.password = strdup(optarg); - pt_log(kLog_debug, "Password set - unauthenicated connections will be refused.\n"); - // Compute the password digest + pt_log(kLog_debug, "%s\n", "Password set - unauthenicated connections will be refused."); + /* Compute the md5 password digest */ md5_init(&state); md5_append(&state, (md5_byte_t*)optarg, strnlen(opts.password, BUFSIZ /* not optimal */)); - md5_finish(&state, &opts.password_digest[0]); + md5_finish(&state, &opts.md5_password_digest[0]); // Hide the password in process listing memset(optarg, '*', strnlen(optarg, BUFSIZ /* not optimal */)); +#ifdef ENABLE_SHA512 + pt_log(kLog_debug, "%s\n", "Password set - sha512 authentication enabled."); + SHA512(optarg, strnlen(opts.password, BUFSIZ /* not optimal */), &opts.sha512_password_digest[0]); +#endif break; #ifndef WIN32 case 'd': @@ -609,6 +634,16 @@ int parse_options(int argc, char **argv) { exit(1); } +#if ENABLE_SHA512 + if (opts.force_md5) { + pt_log(kLog_error, "%s\n", "You are forcing md5 but sha512 is available."); + } +#else + if (opts.force_sha512) { + pt_log(kLog_error, "%s\n", "You are forcing sha512 but it isn't available."); + } +#endif + if (opts.given_proxy_hostname) { if ((ret = host_to_addr(opts.given_proxy_hostname, &opts.given_proxy_ip)) != 0) { pt_log(kLog_error, "Failed to look up %s as destination address: %s\n", |