lshd.c 14.5 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "format.h"
Niels Möller's avatar
Niels Möller committed
37
#include "io.h"
38
#include "io_commands.h"
39
#include "lookup_verifier.h"
40
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
41
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
42
#include "server.h"
43
#include "server_authorization.h"
44
#include "server_keyexchange.h"
45
46
#include "server_pty.h"
#include "server_session.h"
47
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
48
#include "sexp_commands.h"
49
#include "spki_commands.h"
Niels Möller's avatar
Niels Möller committed
50
#include "ssh.h"
51
52
#include "tcpforward.h"
#include "tcpforward_commands.h"
53
#include "tcpforward_commands.h"
54
#include "server_userauth.h"
55
56
57
#include "werror.h"
#include "xalloc.h"

58
#include "lsh_argp.h"
59

60
61
62
63
64
65
66
67
68
69
70
/* Forward declarations */
struct command_simple options2local;
#define OPTIONS2LOCAL (&options2local.super.super)

static struct command options2keyfile;
#define OPTIONS2KEYFILE (&options2keyfile.super)

struct command_simple options2signature_algorithms;
#define OPTIONS2SIGNATURE_ALGORITHMS \
  (&options2signature_algorithms.super.super)

71
72
73
74
75
76
77
78
79
80
81
82
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
83
#if HAVE_UNISTD_H
84
#include <unistd.h>
85
#endif
86

87
/* Block size for stdout and stderr buffers */
Niels Möller's avatar
Niels Möller committed
88
89
#define BLOCK_SIZE 32768

90
91
92

/* Option parsing */

93
#define OPT_NO 0x400
94
95
96
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
#define OPT_TCPIP_FORWARD 0x202
97
98
99
100
101
102
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
#define OPT_DAEMONIC 0x203
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
#define OPT_PIDFILE 0x204
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
103
104
105
106
107
108

/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
109
110
       (backend object io_backend)
       (signature_algorithms object alist)
111
112
113
114
115
116
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
       (with_tcpip_forward . int)
117
118
119
120
121
122
       (sshd1 object ssh1_fallback)
       (daemonic . int)
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
123
124
*/

Niels Möller's avatar
Niels Möller committed
125
static struct lshd_options *
126
127
128
make_lshd_options(struct io_backend *backend,
		  struct randomness *random,
		  struct alist *algorithms)
129
{
Niels Möller's avatar
Niels Möller committed
130
  NEW(lshd_options, self);
131
132

  init_algorithms_options(&self->super, algorithms);
133
134
135
136
137

  self->backend = backend;
  self->signature_algorithms
    = make_alist(1,
		 ATOM_DSA, make_dsa_algorithm(random), -1);
138
139
140
141
142
143
144
145
146
147
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
  self->port = "ssh";
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

  self->with_tcpip_forward = 1;
  
  self->sshd1 = NULL;
148
149
150
151
152
153
  self->daemonic = 0;

  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
  
  return self;
}

static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
    "Listen on this network interface", 0 }, 
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},

#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */

#if WITH_TCP_FORWARD
  { "tcp-forward", OPT_TCPIP_FORWARD, NULL, 0, "Enable tcpip forwarding (default).", 0 },
  { "no-tcp-forward", OPT_NO_TCPIP_FORWARD, NULL, 0, "Disable tcpip forwarding.", 0 },
#endif /* WITH_TCP_FORWARD */

177
178
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
179
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
180
181
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
182
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
183
184
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
    
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
209
      state->child_inputs[2] = NULL;
210
211
212
213
214
215
216
217
218
219
220
      break;
    case ARGP_KEY_ARG:
      argp_error(state, "Spurious arguments.");
      break;
      
    case ARGP_KEY_END:
      self->local = make_address_info_c(self->interface, self->port);
      if (!self->local)
	argp_error(state, "Invalid interface, port or service, %s:%s'.",
		   self->interface ? self->interface : "ANY",
		   self->port);
221
222
223
      if (self->use_pid_file < 0)
	self->use_pid_file = self->daemonic;
      
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
      break;
      
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
 
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
243

244
245
246
247
248
249
250
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271

    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;

    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
272
273
274
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
275

Niels Möller's avatar
Niels Möller committed
276
277
278
279
280
281
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
282
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
283
284
};

285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
COMMAND_SIMPLE(options2local)
{
  CAST(lshd_options, options, a);
  return &options->local->super;
}

COMMAND_SIMPLE(options2signature_algorithms)
{
  CAST(lshd_options, options, a);
  return &options->signature_algorithms->super;
}

static void
do_options2keyfile(struct command *ignored UNUSED,
		   struct lsh_object *a,
		   struct command_continuation *c,
		   struct exception_handler *e)
{
  CAST(lshd_options, options, a);
  
  struct io_fd *f;

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}

static struct command options2keyfile =
STATIC_COMMAND(do_options2keyfile);

322
323
324
325
326
/* GABA:
   (expr
     (name lshd_listen)
     (params
       (listen object command)
327
       (handshake object handshake_info)
328
       (services object command) )
329
330
331
332
333
334
     (expr (lambda (options)
             (services (connection_handshake
	                    handshake
			    (spki_read_hostkeys (options2signature_algorithms options)
			                        (options2keyfile options))
			    (log_peer (listen (options2local options))))))))
335
336
*/

337
/* Invoked when the client requests the userauth service. */
338
339
/* GABA:
   (expr
340
341
     (name lshd_services)
     (params 
342
       (userauth object command))
343
344
345
346
347
     (expr
       (lambda (connection)
         ((userauth connection) connection))))
*/

348
/* Invoked when starting the ssh-connection service */
349
350
/* GABA:
   (expr
351
     (name lshd_connection_service)
352
     (params
353
354
355
356
       (login object command)     
       (hooks object object_list))
     (expr
       (lambda (user connection)
357
358
359
         ((progn hooks) (login user
	                       ; We have to initialize the connection
			       ; before logging in.
360
	                       (init_connection_service connection))))))
361
362
*/

363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
/* ;; GABA:
   (class
     (name lshd_default_handler)
     (super exception_handler)
     (vars
       (status . "int *")))
*/

static void
do_lshd_default_handler(struct exception_handler *s,
			const struct exception *e)
{
  switch(e->type)
    {
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_lshd_default_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
393
394
int main(int argc, char **argv)
{
395
  struct lshd_options *options;
396
  
Niels Möller's avatar
Niels Möller committed
397
398
  struct reap *reaper;
  
399
400
  struct randomness *r;
  struct alist *algorithms;
Niels Möller's avatar
Niels Möller committed
401
  struct make_kexinit *make_kexinit;
402
  struct alist *authorization_lookup;
403
#if 0
Balázs Scheidler's avatar
Balázs Scheidler committed
404
  struct keypair *hostkey;
405
406
407
408
  struct keyexchange_algorithm *kex;
  struct diffie_hellman_method *dh;
  struct alist *keys;
#endif
409
  
410
  /* FIXME: Why not allocate backend statically? */
411
  NEW(io_backend, backend);
412
  init_backend(backend);
413

Niels Möller's avatar
Niels Möller committed
414
415
416
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
417
418
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
419
420

  r = make_reasonably_random();
Niels Möller's avatar
Niels Möller committed
421
  
422
  algorithms = many_algorithms(1,
423
424
			       ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
			       make_dh_server(make_dh1(r)),
425
			       -1);
426
427
  
  options = make_lshd_options(backend, r, algorithms);
428
  
Niels Möller's avatar
Niels Möller committed
429
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
430

431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
  
  if (options->daemonic)
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
461
462
463
464
465
466
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
467
468

#if 0
469
  /* Read the hostkey */
470
  keys = make_alist(0, -1);
471
472
473
  if (!(hostkey = read_spki_key_file(options->hostkey,
				     make_alist(1, ATOM_DSA, make_dsa_algorithm(r), -1),
				     &ignore_exception_handler)))
474
    {
Niels Möller's avatar
Niels Möller committed
475
      werror("lshd: Could not read hostkey.\n");
476
477
      return EXIT_FAILURE;
    }
Balázs Scheidler's avatar
Balázs Scheidler committed
478
  ALIST_SET(keys, hostkey->type, hostkey);
479
480
#endif
  
481
  /* FIXME: We should check that we have at least one host key.
482
483
   * We should also extract the host-key algorithms for which we have keys,
   * instead of hardcoding ssh-dss below. */
Niels Möller's avatar
Niels Möller committed
484
 
Niels Möller's avatar
Niels Möller committed
485
  reaper = make_reaper();
Niels Möller's avatar
Niels Möller committed
486

487
#if 0
488
  kex = make_dh_server(dh, keys);
489
490
#endif
  
491
  authorization_lookup
Niels Möller's avatar
Niels Möller committed
492
    = make_alist(1,
493
		 ATOM_SSH_DSS, make_authorization_db(ssh_format("authorized_keys_sha1"),
494
						     /* make_dsa_algorithm(NULL), */
495
						     &sha1_algorithm),
496
497
498
499
		 
		 -1);

  
500
#if 0
501
  ALIST_SET(algorithms, ATOM_DIFFIE_HELLMAN_GROUP1_SHA1, kex);
502
503
#endif
  
504
505
  make_kexinit
    = make_simple_kexinit(r,
506
507
			  make_int_list(1, ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
					-1),
508
			  make_int_list(1, ATOM_SSH_DSS, -1),
Niels Möller's avatar
Niels Möller committed
509
510
511
			  options->super.crypto_algorithms,
			  options->super.mac_algorithms,
			  options->super.compression_algorithms,
512
			  make_int_list(0, -1));
513
514
  
  {
515
516
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
517
518

#if WITH_TCP_FORWARD
519
    if (options->with_tcpip_forward)
520
521
      connection_hooks = make_object_list
	(3,
Niels Möller's avatar
Niels Möller committed
522
	 make_tcpip_forward_hook(backend),
523
524
525
526
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
527
528
    else
#endif
529
      connection_hooks = make_object_list(0, -1);
530
531
532
    {
      struct lsh_object *o = lshd_listen
	(make_simple_listen(backend, NULL),
533
534
535
536
537
538
539
	 make_handshake_info(CONNECTION_SERVER,
			     "lsh - a free ssh",
			     SSH_MAX_PACKET,
			     r,
			     algorithms,
			     make_kexinit,
			     options->sshd1),
540
541
542
543
	 make_offer_service
	 (make_alist
	  (1, ATOM_SSH_USERAUTH,
	   lshd_services(make_userauth_service
544
545
546
547
548
549
550
			 (make_int_list(2,
					ATOM_PASSWORD,
					ATOM_PUBLICKEY, -1),
			  make_alist(2,
				     ATOM_PASSWORD, &unix_userauth.super,
				     ATOM_PUBLICKEY, make_userauth_publickey(authorization_lookup),
				     -1),
551
			  make_alist(1, ATOM_SSH_CONNECTION,
552
553
554
555
				     lshd_connection_service
				     (make_server_connection_service
				      (make_alist
				       (1
556
#if WITH_PTY_SUPPORT
557
					+1, ATOM_PTY_REQ, make_pty_handler()
558
#endif /* WITH_PTY_SUPPORT */
559
560
561
					, ATOM_SHELL,
					make_shell_handler(backend,
							   reaper),
562
					-1)),
563
				      connection_hooks),
564
565
				     -1))),
	   -1)));
566
    
567
      CAST_SUBTYPE(command, server_listen, o);
568
    
569
      COMMAND_CALL(server_listen, options,
570
571
		   &discard_continuation,
		   make_report_exception_handler(EXC_IO, EXC_IO, "lshd: ",
572
573
						 make_lshd_exception_handler(&default_exception_handler,
									     HANDLER_CONTEXT),
574
						 HANDLER_CONTEXT));
575
    }
576
  }
Niels Möller's avatar
Niels Möller committed
577
  
578
  reaper_run(reaper, backend);
Niels Möller's avatar
Niels Möller committed
579
580
581

  return 0;
}