Add options for disabling weak encryption methods.

[ffftp/ffftp.git] / putty / CMDLINE.C

/*\r
 * cmdline.c - command-line parsing shared between many of the\r
 * PuTTY applications\r
 */\r
\r
#include <stdio.h>\r
#include <assert.h>\r
#include <stdlib.h>\r
#include "putty.h"\r
\r
/*\r
 * Some command-line parameters need to be saved up until after\r
 * we've loaded the saved session which will form the basis of our\r
 * eventual running configuration. For this we use the macro\r
 * SAVEABLE, which notices if the `need_save' parameter is set and\r
 * saves the parameter and value on a list.\r
 * \r
 * We also assign priorities to saved parameters, just to slightly\r
 * ameliorate silly ordering problems. For example, if you specify\r
 * a saved session to load, it will be loaded _before_ all your\r
 * local modifications such as -L are evaluated; and if you specify\r
 * a protocol and a port, the protocol is set up first so that the\r
 * port can override its choice of port number.\r
 * \r
 * (In fact -load is not saved at all, since in at least Plink the\r
 * processing of further command-line options depends on whether or\r
 * not the loaded session contained a hostname. So it must be\r
 * executed immediately.)\r
 */\r
\r
#define NPRIORITIES 2\r
\r
struct cmdline_saved_param {\r
    char *p, *value;\r
};\r
struct cmdline_saved_param_set {\r
    struct cmdline_saved_param *params;\r
    int nsaved, savesize;\r
};\r
\r
/*\r
 * C guarantees this structure will be initialised to all zero at\r
 * program start, which is exactly what we want.\r
 */\r
static struct cmdline_saved_param_set saves[NPRIORITIES];\r
\r
static void cmdline_save_param(char *p, char *value, int pri)\r
{\r
    if (saves[pri].nsaved >= saves[pri].savesize) {\r
        saves[pri].savesize = saves[pri].nsaved + 32;\r
        saves[pri].params = sresize(saves[pri].params, saves[pri].savesize,\r
                                    struct cmdline_saved_param);\r
    }\r
    saves[pri].params[saves[pri].nsaved].p = p;\r
    saves[pri].params[saves[pri].nsaved].value = value;\r
    saves[pri].nsaved++;\r
}\r
\r
static char *cmdline_password = NULL;\r
\r
void cmdline_cleanup(void)\r
{\r
    int pri;\r
\r
    if (cmdline_password) {\r
        smemclr(cmdline_password, strlen(cmdline_password));\r
        sfree(cmdline_password);\r
        cmdline_password = NULL;\r
    }\r
    \r
    for (pri = 0; pri < NPRIORITIES; pri++) {\r
        sfree(saves[pri].params);\r
        saves[pri].params = NULL;\r
        saves[pri].savesize = 0;\r
        saves[pri].nsaved = 0;\r
    }\r
}\r
\r
#define SAVEABLE(pri) do { \\r
    if (need_save) { cmdline_save_param(p, value, pri); return ret; } \\r
} while (0)\r
\r
/*\r
 * Similar interface to get_userpass_input(), except that here a -1\r
 * return means that we aren't capable of processing the prompt and\r
 * someone else should do it.\r
 */\r
int cmdline_get_passwd_input(prompts_t *p, unsigned char *in, int inlen) {\r
\r
    static int tried_once = 0;\r
\r
    /*\r
     * We only handle prompts which don't echo (which we assume to be\r
     * passwords), and (currently) we only cope with a password prompt\r
     * that comes in a prompt-set on its own.\r
     */\r
    if (!cmdline_password || in || p->n_prompts != 1 || p->prompts[0]->echo) {\r
        return -1;\r
    }\r
\r
    /*\r
     * If we've tried once, return utter failure (no more passwords left\r
     * to try).\r
     */\r
    if (tried_once)\r
        return 0;\r
\r
    prompt_set_result(p->prompts[0], cmdline_password);\r
    smemclr(cmdline_password, strlen(cmdline_password));\r
    sfree(cmdline_password);\r
    cmdline_password = NULL;\r
    tried_once = 1;\r
    return 1;\r
}\r
\r
/*\r
 * Here we have a flags word which describes the capabilities of\r
 * the particular tool on whose behalf we're running. We will\r
 * refuse certain command-line options if a particular tool\r
 * inherently can't do anything sensible. For example, the file\r
 * transfer tools (psftp, pscp) can't do a great deal with protocol\r
 * selections (ever tried running scp over telnet?) or with port\r
 * forwarding (even if it wasn't a hideously bad idea, they don't\r
 * have the select() infrastructure to make them work).\r
 */\r
int cmdline_tooltype = 0;\r
\r
static int cmdline_check_unavailable(int flag, char *p)\r
{\r
    if (cmdline_tooltype & flag) {\r
        cmdline_error("option \"%s\" not available in this tool", p);\r
        return 1;\r
    }\r
    return 0;\r
}\r
\r
#define UNAVAILABLE_IN(flag) do { \\r
    if (cmdline_check_unavailable(flag, p)) return ret; \\r
} while (0)\r
\r
/*\r
 * Process a standard command-line parameter. `p' is the parameter\r
 * in question; `value' is the subsequent element of argv, which\r
 * may or may not be required as an operand to the parameter.\r
 * If `need_save' is 1, arguments which need to be saved as\r
 * described at this top of this file are, for later execution;\r
 * if 0, they are processed normally. (-1 is a special value used\r
 * by pterm to count arguments for a preliminary pass through the\r
 * argument list; it causes immediate return with an appropriate\r
 * value with no action taken.)\r
 * Return value is 2 if both arguments were used; 1 if only p was\r
 * used; 0 if the parameter wasn't one we recognised; -2 if it\r
 * should have been 2 but value was NULL.\r
 */\r
\r
#define RETURN(x) do { \\r
    if ((x) == 2 && !value) return -2; \\r
    ret = x; \\r
    if (need_save < 0) return x; \\r
} while (0)\r
\r
int cmdline_process_param(char *p, char *value, int need_save, Conf *conf)\r
{\r
    int ret = 0;\r
\r
    if (!strcmp(p, "-load")) {\r
        RETURN(2);\r
        /* This parameter must be processed immediately rather than being\r
         * saved. */\r
        do_defaults(value, conf);\r
        loaded_session = TRUE;\r
        cmdline_session_name = dupstr(value);\r
        return 2;\r
    }\r
    if (!strcmp(p, "-ssh")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        default_protocol = PROT_SSH;\r
        default_port = 22;\r
        conf_set_int(conf, CONF_protocol, default_protocol);\r
        conf_set_int(conf, CONF_port, default_port);\r
        return 1;\r
    }\r
    if (!strcmp(p, "-telnet")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        default_protocol = PROT_TELNET;\r
        default_port = 23;\r
        conf_set_int(conf, CONF_protocol, default_protocol);\r
        conf_set_int(conf, CONF_port, default_port);\r
        return 1;\r
    }\r
    if (!strcmp(p, "-rlogin")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        default_protocol = PROT_RLOGIN;\r
        default_port = 513;\r
        conf_set_int(conf, CONF_protocol, default_protocol);\r
        conf_set_int(conf, CONF_port, default_port);\r
        return 1;\r
    }\r
    if (!strcmp(p, "-raw")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        default_protocol = PROT_RAW;\r
        conf_set_int(conf, CONF_protocol, default_protocol);\r
    }\r
    if (!strcmp(p, "-serial")) {\r
        RETURN(1);\r
        /* Serial is not NONNETWORK in an odd sense of the word */\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        default_protocol = PROT_SERIAL;\r
        conf_set_int(conf, CONF_protocol, default_protocol);\r
        /* The host parameter will already be loaded into CONF_host,\r
         * so copy it across */\r
        conf_set_str(conf, CONF_serline, conf_get_str(conf, CONF_host));\r
    }\r
    if (!strcmp(p, "-v")) {\r
        RETURN(1);\r
        flags |= FLAG_VERBOSE;\r
    }\r
    if (!strcmp(p, "-l")) {\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_str(conf, CONF_username, value);\r
    }\r
    if (!strcmp(p, "-loghost")) {\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_str(conf, CONF_loghost, value);\r
    }\r
    if ((!strcmp(p, "-L") || !strcmp(p, "-R") || !strcmp(p, "-D"))) {\r
        char type, *q, *qq, *key, *val;\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        if (strcmp(p, "-D")) {\r
            /*\r
             * For -L or -R forwarding types:\r
             *\r
             * We expect _at least_ two colons in this string. The\r
             * possible formats are `sourceport:desthost:destport',\r
             * or `sourceip:sourceport:desthost:destport' if you're\r
             * specifying a particular loopback address. We need to\r
             * replace the one between source and dest with a \t;\r
             * this means we must find the second-to-last colon in\r
             * the string.\r
             *\r
             * (This looks like a foolish way of doing it given the\r
             * existence of strrchr, but it's more efficient than\r
             * two strrchrs - not to mention that the second strrchr\r
             * would require us to modify the input string!)\r
             */\r
\r
            type = p[1];               /* 'L' or 'R' */\r
\r
            q = qq = strchr(value, ':');\r
            while (qq) {\r
                char *qqq = strchr(qq+1, ':');\r
                if (qqq)\r
                    q = qq;\r
                qq = qqq;\r
            }\r
\r
            if (!q) {\r
                cmdline_error("-%c expects at least two colons in its"\r
                              " argument", type);\r
                return ret;\r
            }\r
\r
            key = dupprintf("%c%.*s", type, q - value, value);\r
            val = dupstr(q+1);\r
        } else {\r
            /*\r
             * Dynamic port forwardings are entered under the same key\r
             * as if they were local (because they occupy the same\r
             * port space - a local and a dynamic forwarding on the\r
             * same local port are mutually exclusive), with the\r
             * special value "D" (which can be distinguished from\r
             * anything in the ordinary -L case by containing no\r
             * colon).\r
             */\r
            key = dupprintf("L%s", value);\r
            val = dupstr("D");\r
        }\r
        conf_set_str_str(conf, CONF_portfwd, key, val);\r
        sfree(key);\r
        sfree(val);\r
    }\r
    if ((!strcmp(p, "-nc"))) {\r
        char *host, *portp;\r
\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
\r
        portp = strchr(value, ':');\r
        if (!portp) {\r
            cmdline_error("-nc expects argument of form 'host:port'");\r
            return ret;\r
        }\r
\r
        host = dupprintf("%.*s", portp - value, value);\r
        conf_set_str(conf, CONF_ssh_nc_host, host);\r
        conf_set_int(conf, CONF_ssh_nc_port, atoi(portp + 1));\r
        sfree(host);\r
    }\r
    if (!strcmp(p, "-m")) {\r
        char *filename, *command;\r
        int cmdlen, cmdsize;\r
        FILE *fp;\r
        int c, d;\r
\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
\r
        filename = value;\r
\r
        cmdlen = cmdsize = 0;\r
        command = NULL;\r
        fp = fopen(filename, "r");\r
        if (!fp) {\r
            cmdline_error("unable to open command file \"%s\"", filename);\r
            return ret;\r
        }\r
        do {\r
            c = fgetc(fp);\r
            d = c;\r
            if (c == EOF)\r
                d = 0;\r
            if (cmdlen >= cmdsize) {\r
                cmdsize = cmdlen + 512;\r
                command = sresize(command, cmdsize, char);\r
            }\r
            command[cmdlen++] = d;\r
        } while (c != EOF);\r
        fclose(fp);\r
        conf_set_str(conf, CONF_remote_cmd, command);\r
        conf_set_str(conf, CONF_remote_cmd2, "");\r
        conf_set_int(conf, CONF_nopty, TRUE);   /* command => no terminal */\r
        sfree(command);\r
    }\r
    if (!strcmp(p, "-P")) {\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(1);                   /* lower priority than -ssh,-telnet */\r
        conf_set_int(conf, CONF_port, atoi(value));\r
    }\r
    if (!strcmp(p, "-pw")) {\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(1);\r
        /* We delay evaluating this until after the protocol is decided,\r
         * so that we can warn if it's of no use with the selected protocol */\r
        if (conf_get_int(conf, CONF_protocol) != PROT_SSH)\r
            cmdline_error("the -pw option can only be used with the "\r
                          "SSH protocol");\r
        else {\r
            cmdline_password = dupstr(value);\r
            /* Assuming that `value' is directly from argv, make a good faith\r
             * attempt to trample it, to stop it showing up in `ps' output\r
             * on Unix-like systems. Not guaranteed, of course. */\r
            smemclr(value, strlen(value));\r
        }\r
    }\r
\r
    if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") ||\r
        !strcmp(p, "-pageant")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_tryagent, TRUE);\r
    }\r
    if (!strcmp(p, "-noagent") || !strcmp(p, "-nopagent") ||\r
        !strcmp(p, "-nopageant")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_tryagent, FALSE);\r
    }\r
\r
    if (!strcmp(p, "-A")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_agentfwd, 1);\r
    }\r
    if (!strcmp(p, "-a")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_agentfwd, 0);\r
    }\r
\r
    if (!strcmp(p, "-X")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_x11_forward, 1);\r
    }\r
    if (!strcmp(p, "-x")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_x11_forward, 0);\r
    }\r
\r
    if (!strcmp(p, "-t")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(1);    /* lower priority than -m */\r
        conf_set_int(conf, CONF_nopty, 0);\r
    }\r
    if (!strcmp(p, "-T")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(1);\r
        conf_set_int(conf, CONF_nopty, 1);\r
    }\r
\r
    if (!strcmp(p, "-N")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_ssh_no_shell, 1);\r
    }\r
\r
    if (!strcmp(p, "-C")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_compression, 1);\r
    }\r
\r
    if (!strcmp(p, "-1")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_sshprot, 0);   /* ssh protocol 1 only */\r
    }\r
    if (!strcmp(p, "-2")) {\r
        RETURN(1);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        conf_set_int(conf, CONF_sshprot, 3);   /* ssh protocol 2 only */\r
    }\r
\r
    if (!strcmp(p, "-i")) {\r
        Filename *fn;\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);\r
        SAVEABLE(0);\r
        fn = filename_from_str(value);\r
        conf_set_filename(conf, CONF_keyfile, fn);\r
        filename_free(fn);\r
    }\r
\r
    if (!strcmp(p, "-4") || !strcmp(p, "-ipv4")) {\r
        RETURN(1);\r
        SAVEABLE(1);\r
        conf_set_int(conf, CONF_addressfamily, ADDRTYPE_IPV4);\r
    }\r
    if (!strcmp(p, "-6") || !strcmp(p, "-ipv6")) {\r
        RETURN(1);\r
        SAVEABLE(1);\r
        conf_set_int(conf, CONF_addressfamily, ADDRTYPE_IPV6);\r
    }\r
    if (!strcmp(p, "-sercfg")) {\r
        char* nextitem;\r
        RETURN(2);\r
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);\r
        SAVEABLE(1);\r
        if (conf_get_int(conf, CONF_protocol) != PROT_SERIAL)\r
            cmdline_error("the -sercfg option can only be used with the "\r
                          "serial protocol");\r
        /* Value[0] contains one or more , separated values, like 19200,8,n,1,X */\r
        nextitem = value;\r
        while (nextitem[0] != '\0') {\r
            int length, skip;\r
            char *end = strchr(nextitem, ',');\r
            if (!end) {\r
                length = strlen(nextitem);\r
                skip = 0;\r
            } else {\r
                length = end - nextitem;\r
                nextitem[length] = '\0';\r
                skip = 1;\r
            }\r
            if (length == 1) {\r
                switch (*nextitem) {\r
                  case '1':\r
                  case '2':\r
                    conf_set_int(conf, CONF_serstopbits, 2 * (*nextitem-'0'));\r
                    break;\r
\r
                  case '5':\r
                  case '6':\r
                  case '7':\r
                  case '8':\r
                  case '9':\r
                    conf_set_int(conf, CONF_serdatabits, *nextitem-'0');\r
                    break;\r
\r
                  case 'n':\r
                    conf_set_int(conf, CONF_serparity, SER_PAR_NONE);\r
                    break;\r
                  case 'o':\r
                    conf_set_int(conf, CONF_serparity, SER_PAR_ODD);\r
                    break;\r
                  case 'e':\r
                    conf_set_int(conf, CONF_serparity, SER_PAR_EVEN);\r
                    break;\r
                  case 'm':\r
                    conf_set_int(conf, CONF_serparity, SER_PAR_MARK);\r
                    break;\r
                  case 's':\r
                    conf_set_int(conf, CONF_serparity, SER_PAR_SPACE);\r
                    break;\r
\r
                  case 'N':\r
                    conf_set_int(conf, CONF_serflow, SER_FLOW_NONE);\r
                    break;\r
                  case 'X':\r
                    conf_set_int(conf, CONF_serflow, SER_FLOW_XONXOFF);\r
                    break;\r
                  case 'R':\r
                    conf_set_int(conf, CONF_serflow, SER_FLOW_RTSCTS);\r
                    break;\r
                  case 'D':\r
                    conf_set_int(conf, CONF_serflow, SER_FLOW_DSRDTR);\r
                    break;\r
\r
                  default:\r
                    cmdline_error("Unrecognised suboption \"-sercfg %c\"",\r
                                  *nextitem);\r
                }\r
            } else if (length == 3 && !strncmp(nextitem,"1.5",3)) {\r
                /* Messy special case */\r
                conf_set_int(conf, CONF_serstopbits, 3);\r
            } else {\r
                int serspeed = atoi(nextitem);\r
                if (serspeed != 0) {\r
                    conf_set_int(conf, CONF_serspeed, serspeed);\r
                } else {\r
                    cmdline_error("Unrecognised suboption \"-sercfg %s\"",\r
                                  nextitem);\r
                }\r
            }\r
            nextitem += length + skip;\r
        }\r
    }\r
    return ret;                        /* unrecognised */\r
}\r
\r
void cmdline_run_saved(Conf *conf)\r
{\r
    int pri, i;\r
    for (pri = 0; pri < NPRIORITIES; pri++)\r
        for (i = 0; i < saves[pri].nsaved; i++)\r
            cmdline_process_param(saves[pri].params[i].p,\r
                                  saves[pri].params[i].value, 0, conf);\r
}\r