From bef67b1a4c488bc5c71750d07f9e4159e27905d9 Mon Sep 17 00:00:00 2001
From: Antonin Dupont <duponin@locahlo.st>
Date: Fri, 30 Apr 2021 14:02:25 +0200
Subject: [PATCH 1/2] Add custom disclaimer when client connects

---
 tmate-daemon-decoder.c | 5 +++++
 tmate-main.c           | 5 ++++-
 tmate.h                | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tmate-daemon-decoder.c b/tmate-daemon-decoder.c
index 20ce1592a..22b2e7e2e 100644
--- a/tmate-daemon-decoder.c
+++ b/tmate-daemon-decoder.c
@@ -27,6 +27,7 @@ static void tmate_header(struct tmate_session *session,
 			 struct tmate_unpacker *uk)
 {
 	char *ssh_conn_str;
+	char *disclaimer;
 
 	session->client_protocol_version = unpack_int(uk);
 
@@ -56,6 +57,10 @@ static void tmate_header(struct tmate_session *session,
 
 	ssh_conn_str = get_ssh_conn_string(session->session_token_ro);
 	tmate_notify("Note: clear your terminal before sharing readonly access");
+	disclaimer = tmate_settings->disclaimer;
+	if (disclaimer != NULL) {
+		tmate_notify("%s", disclaimer);
+	}
 	tmate_notify("ssh session read only: %s", ssh_conn_str);
 	tmate_set_env("tmate_ssh_ro", ssh_conn_str);
 	free(ssh_conn_str);
diff --git a/tmate-main.c b/tmate-main.c
index 86560ecb6..ad77e66ec 100644
--- a/tmate-main.c
+++ b/tmate-main.c
@@ -102,11 +102,14 @@ int main(int argc, char **argv, char **envp)
 {
 	int opt;
 
-	while ((opt = getopt(argc, argv, "b:h:k:p:q:w:z:xv")) != -1) {
+	while ((opt = getopt(argc, argv, "b:d:h:k:p:q:w:z:xv")) != -1) {
 		switch (opt) {
 		case 'b':
 			tmate_settings->bind_addr = xstrdup(optarg);
 			break;
+		case 'd':
+			tmate_settings->disclaimer = xstrdup(optarg);
+			break;
 		case 'h':
 			tmate_settings->tmate_host = xstrdup(optarg);
 			break;
diff --git a/tmate.h b/tmate.h
index d11a7d14b..ce5884264 100644
--- a/tmate.h
+++ b/tmate.h
@@ -193,6 +193,7 @@ extern void tmate_ssh_server_main(struct tmate_session *session,
 
 struct tmate_settings {
 	const char *keys_dir;
+	const char *disclaimer;
 	const char *authorized_keys_path;
 	int ssh_port;
 	int ssh_port_advertized;

From a04720a6abeb212522cad3153b1bfcd2032fae0a Mon Sep 17 00:00:00 2001
From: Antonin Dupont <duponin@locahlo.st>
Date: Fri, 30 Apr 2021 14:24:05 +0200
Subject: [PATCH 2/2] Add quick documentation about CLI arguments

---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.md b/README.md
index bbcf688f9..cdd989a8a 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,22 @@ The following environment variables are used to configure the server:
 Note that you need to add the *SYS_ADMIN* capability to the container.
 This is needed to create nested containers (namespaces) to secure sessions.
 
+CLI arguments
+-------------
+
+* `-b`: address to bind
+* `-d`: disclaimer to display to client
+* `-h`: tmate hostname
+* `-k`: ssh keys path
+* `-p`: port to bind
+* `-q`: port advertized
+* `-w`: websocket hostname
+* `-z`: websocket port
+* `-x`: use proxy protocol
+* `-v`: log level
+
+For more low-level information please see [tmate-main.c](./tmate-main.c).
+
 License
 --------