lshd.c 25.9 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Niels Möller's avatar
Niels Möller committed
50
#include "spki.h"
51
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
52
#include "ssh.h"
53
54
#include "tcpforward.h"
#include "tcpforward_commands.h"
55
#include "tcpforward_commands.h"
56
#include "server_userauth.h"
57
#include "version.h"
58
59
60
#include "werror.h"
#include "xalloc.h"

61
#include "lsh_argp.h"
62

63
/* Forward declarations */
64
65
struct command options2local;
#define OPTIONS2LOCAL (&options2local.super)
66

67
68
struct command options2keys;
#define OPTIONS2KEYS (&options2keys.super)
69

70
71
struct command_2 close_on_sighup;
#define CLOSE_ON_SIGHUP (&close_on_sighup.super.super)
72

73
74
75
76
77
78
79
80
81
82
83
84
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
85
#if HAVE_UNISTD_H
86
#include <unistd.h>
87
#endif
88

89
90
/* Option parsing */

91
92
93
94
95
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

Niels Möller's avatar
Niels Möller committed
96
97
98
99
100
101
/* The definition of SBINDIR is currently broken */
#if 0
# define KERBEROS_HELPER SBINDIR "/lsh-krb-checkpw"
#else
# define KERBEROS_HELPER PREFIX "/sbin/lsh-krb-checkpw"
#endif
102

103
#define OPT_NO 0x400
104
105
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
106

107
#define OPT_TCPIP_FORWARD 0x202
108
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
109
110
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
111
112
#define OPT_SUBSYSTEMS 0x204
#define OPT_NO_SUBSYSTEMS (OPT_SUBSYSTEMS | OPT_NO)
113

114
#define OPT_DAEMONIC 0x205
115
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
116
#define OPT_PIDFILE 0x206
117
118
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
119
120
#define OPT_SYSLOG 0x208
#define OPT_NO_SYSLOG (OPT_SYSLOG | OPT_NO)
121

122
123
124
125
126
127
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
128
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
129
#define OPT_PASSWORD 0x221
130
131
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

132
#define OPT_ROOT_LOGIN 0x222
133
134
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

135
136
137
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

138
139
#define OPT_PASSWORD_HELPER 0x224

140
141
#define OPT_LOGIN_SHELL 0x225

142
143
144
145
146
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
147
148
       (e object exception_handler)
       
149
       (reaper object reaper)
150
       (random object randomness)
151
       
152
       (signature_algorithms object alist)
153
154
155
156
157
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
158

159
160
161
162
163
164
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
165
166
       (with_publickey . int)
       (with_password . int)
167
       (allow_root . int)
168
       (pw_helper . "const char *")
169
       (login_shell . "const char *")
170
       
171
       (with_tcpip_forward . int)
172
       (with_pty . int)
173
       (subsystems . "const char **")
174
       
175
176
177
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
178
179
       (sshd1 object ssh1_fallback)
       (daemonic . int)
180
       (no_syslog . int)
181
182
183
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
184
185
186
187
       (use_pid_file . int)
       ; Resources that should be killed when SIGHUP is received,
       ; or when the program exits.
       (resources object resource_list)))
188
189
*/

190
191
192
193
194
195
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
196
    case EXC_RESOLVE:
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
214
static struct lshd_options *
215
make_lshd_options(void)
216
{
Niels Möller's avatar
Niels Möller committed
217
  NEW(lshd_options, self);
218

219
  init_algorithms_options(&self->super, all_symmetric_algorithms());
220

221
222
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
223
  self->reaper = make_reaper();
224
  self->random = make_system_random();
225

226
227
  self->signature_algorithms = all_signature_algorithms(self->random); /* OK to initialize with NULL */
   
228
229
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
230
231
232
233
234

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
235
236
237
238
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

239
240
241
242
243
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
244
245
  self->with_publickey = 1;
  self->with_password = 1;
246
  self->with_tcpip_forward = 1;
247
  self->with_pty = 1;
248
249
  self->subsystems = NULL;
  
250
  self->allow_root = 0;
251
  self->pw_helper = NULL;
252
  self->login_shell = NULL;
253
  
254
255
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
256
257
  
  self->sshd1 = NULL;
258
  self->daemonic = 0;
259
260
  self->no_syslog = 0;
  
261
262
263
264
  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
265
266
267
268
269
270

  self->resources = make_resource_list();
  /* Not strictly needed for gc, but makes sure the
   * resource list is killed properly by gc_final. */
  gc_global(&self->resources->super);

271
272
273
  return self;
}

Niels Möller's avatar
Niels Möller committed
274
/* Port to listen on */
275
276
277
278
279
DEFINE_COMMAND(options2local)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
280
281
{
  CAST(lshd_options, options, a);
282
  COMMAND_RETURN(c, options->local);
Niels Möller's avatar
Niels Möller committed
283
284
285
}

/* alist of signature algorithms */
286
287
288
289
290
DEFINE_COMMAND(options2signature_algorithms)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
291
292
{
  CAST(lshd_options, options, a);
293
  COMMAND_RETURN(c, options->signature_algorithms);
Niels Möller's avatar
Niels Möller committed
294
295
}

296

297
298
/* FIXME: Call read_host_key directly from main instead. */
DEFINE_COMMAND(options2keys)
299
300
301
     (struct command *ignored UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
302
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
303
304
305
{
  CAST(lshd_options, options, a);

306
307
308
  struct alist *keys = make_alist(0, -1);
  read_host_key(options->hostkey, options->signature_algorithms, keys);
  COMMAND_RETURN(c, keys);
Niels Möller's avatar
Niels Möller committed
309
310
}

311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
/* GABA:
   (class
     (name pid_file_resource)
     (super resource)
     (vars
       (file . "const char *")))
*/

static void
do_kill_pid_file(struct resource *s)
{
  CAST(pid_file_resource, self, s);
  if (self->super.alive)
    {
      self->super.alive = 0;
      if (unlink(self->file) < 0)
	werror("Unlinking pidfile failed (errno = %i): %z\n",
	       errno, STRERROR(errno));
    }
}

static struct resource *
make_pid_file_resource(const char *file)
{
  NEW(pid_file_resource, self);
  init_resource(&self->super, do_kill_pid_file);
  self->file = file;

  return &self->super;
}

/* GABA:
   (class
     (name sighup_close_callback)
     (super lsh_callback)
     (vars
       (resources object resource_list)))
*/

static void
do_sighup_close_callback(struct lsh_callback *s)
{
  CAST(sighup_close_callback, self, s);
  unsigned nfiles;
  
  werror("SIGHUP received.\n");
  KILL_RESOURCE_LIST(self->resources);
  
  nfiles = io_nfiles();

  if (nfiles)
    werror("Waiting for active connections to terminate, "
	   "%i files still open.\n", nfiles);
}

static struct lsh_callback *
make_sighup_close_callback(struct lshd_options *options)
{
  NEW(sighup_close_callback, self);
  self->super.f = do_sighup_close_callback;
  self->resources = options->resources;

  return &self->super;
}

/* (close_on_sighup options file) */
DEFINE_COMMAND2(close_on_sighup)
     (struct command_2 *ignored UNUSED,
      struct lsh_object *a1,
      struct lsh_object *a2,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
{
  CAST(lshd_options, options, a1);
  CAST(lsh_fd, fd, a2);

  remember_resource(options->resources, &fd->super);

  COMMAND_RETURN(c, a2);
}
Niels Möller's avatar
Niels Möller committed
391

392
393
394
395
396
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
397
    "Listen on this network interface.", 0 }, 
398
399
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
400
401
402
403
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
404

405
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
406
407
408
409
410
411
412
413
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
414
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
415

416
417
418
419
420
421
422
423
424
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
425
426
427
428
429

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
430

431
432
433
434
  { "login-shell", OPT_LOGIN_SHELL, "Program", 0,
    "Use this program as the login shell for all users. "
    "(Experimental)", 0 },
  
435
436
437
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
438
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
Niels Möller's avatar
Niels Möller committed
439
    "Don't recognize kerberos passwords (default behaviour).", 0 },
440

441
442
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
443
    "(Experimental).", 0 },
444

445
  { NULL, 0, NULL, 0, "Offered services:", 0 },
446

447
448
449
450
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
451
452
453
454

  { "subsystems", OPT_SUBSYSTEMS, "List of subsystem names and programs", 0,
    "For example `sftp=/usr/sbin/sftp-server,foosystem=/usr/bin/foo' "
    "(experimental).", 0},
455
  
456
457
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
458
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
459
460
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
461
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
462
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
463
464
  { "no-syslog", OPT_NO_SYSLOG, NULL, 0, "Don't use syslog (by default, syslog is used "
    "when running in daemonic mode).", 0 },
465
466
467
468
469
470
471
472
473
474
475
476
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
/* NOTE: Modifies the argument string. */
static const char **
parse_subsystem_list(char *arg)
{
  const char **subsystems;
  char *separator;
  unsigned length;
  unsigned i;
  
  /* First count the number of elements. */
  for (length = 1, i = 0; arg[i]; i++)
    if (arg[i] == ',')
      length++;

  subsystems = lsh_space_alloc((length * 2 + 1) * sizeof(*subsystems));

  for (i = 0; ; i++)
    {
      subsystems[2*i] = arg;

      separator = strchr(arg, '=');

      if (!separator)
	goto fail;

      *separator = '\0';

      subsystems[2*i+1] = arg = separator + 1;
      
      separator = strchr(arg, ',');

      if (i == (length - 1))
	break;
      
      if (!separator)
	goto fail;

      *separator = '\0';
      arg = separator + 1;
    }
  if (separator)
    {
    fail:
      lsh_space_free(subsystems);
      return NULL;
    }
  return subsystems;
}

526
527
528
529
530
531
532
533
534
535
536
537
static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
538
      state->child_inputs[2] = NULL;
539
540
      break;
    case ARGP_KEY_END:
541
      {
542
	struct user_db *user_db = NULL;
543
	
544
545
546
547
	if (!self->random)
	  argp_failure( state, EXIT_FAILURE, 0,  "No randomness generator available.");


548
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
549
	  user_db = make_unix_user_db(self->reaper,
550
551
				      self->pw_helper, self->login_shell,
				      self->allow_root);
552
	  
553
554
555
556
557
558
559
560
561
562
563
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
564
			  &make_dh_server(make_dh1(self->random))
565
			  ->super);
566
567
568
569
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
570
		assert(user_db);
571
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
572
		ALIST_SET(self->super.algorithms,
573
			  ATOM_SRP_RING1_SHA1_LOCAL,
574
			  &make_srp_server(make_srp1(self->random),
575
					   user_db)
576
			  ->super);
577
578
579
580
581
582
583
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
584
	  self->local = make_address_info_c(self->interface, self->port, 0);
585
	else
586
	  self->local = make_address_info_c(self->interface, "ssh", 22);
587
      
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
608
			  ATOM_PASSWORD,
609
			  &make_userauth_password(user_db)->super);
610
611
612
	      }
	    if (self->with_publickey)
	      {
613
614
615
		/* FIXME: Doesn't use spki */
		struct lookup_verifier *key_db
		  = make_authorization_db(ssh_format("authorized_keys_sha1"),
616
					  &crypto_sha1_algorithm);
617
		
618
619
620
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
621
			  &make_userauth_publickey
622
623
624
625
			  (user_db,
			   make_alist(2,
				      ATOM_SSH_DSS, key_db,
				      ATOM_SSH_RSA, key_db,
626
627
				      -1))
			  ->super);
628
629
	      }
	  }
630
631
632
633
634
635
        if (self->with_srp_keyexchange)
          ALIST_SET(self->userauth_algorithms,
                    ATOM_NONE,
                    &server_userauth_none.super);

        if (!self->userauth_algorithms->size)
636
	  argp_error(state, "All user authentication methods disabled.");
637

638
639
	break;
      }
640
641
642
643
644
645
646
647
648
649
650
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
651

652
653
654
655
656
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
657

658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
689
690
691
692

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
693
694

    case OPT_KERBEROS_PASSWD:
695
      self->pw_helper = KERBEROS_HELPER;
696
697
698
699
700
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
701
702
703
704

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
705
706
707
708

    case OPT_LOGIN_SHELL:
      self->login_shell = arg;
      break;
709
      
710
#if WITH_TCP_FORWARD
711
712
713
714
715
716
717
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
718
719
720
721
722
723
724
725
726
727
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
728
729
730
731
732
733
734
735
736
737
738

    case OPT_SUBSYSTEMS:
      self->subsystems = parse_subsystem_list(arg);
      if (!self->subsystems)
	argp_error(state, "Invalid subsystem list.");
      break;

    case OPT_NO_SUBSYSTEMS:
      self->subsystems = NULL;
      break;
      
739
740
741
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;
742
      
743
744
745
746
    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

747
748
749
750
    case OPT_NO_SYSLOG:
      self->no_syslog = 1;
      break;
      
751
752
753
754
755
756
757
758
759
760
761
762
    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
763
764
765
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
766

Niels Möller's avatar
Niels Möller committed
767
768
769
770
771
772
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
773
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
774
775
};

776

777
778
/* GABA:
   (expr
779
     (name make_lshd_listen)
780
     (params
781
       (handshake object handshake_info)
782
       (init object make_kexinit)
783
       (services object command) )
784
     (expr (lambda (options)
785
             (let ((keys (options2keys options)))
786
787
788
789
790
791
792
793
794
	       (close_on_sighup options
	         (listen_callback
	           (lambda (lv)
    	             (services (connection_handshake
    	           		  handshake
    	           		  (kexinit_filter init keys)
    	           		  keys 
    	           		  (log_peer lv))))
	           (options2local options) ))))))
795
796
*/

797

798
/* Invoked when starting the ssh-connection service */
799
800
/* GABA:
   (expr
801
     (name make_lshd_connection_service)
802
     (params
803
804
       (hooks object object_list))
     (expr
805
806
807
808
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
809
810
811
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
812
813
*/

814
815
816
static void
do_terminate_callback(struct lsh_callback *s UNUSED)
{
817
  io_final();
818
819
820
821
822
823

  /* If we're using GCOV, just call exit(). That way, profiling info
   * is written properly when the process is terminated. */
#if !WITH_GCOV
  kill(getpid(), SIGKILL);
#endif
824
825
826
  exit(0);
}

827
static struct lsh_callback
828
sigterm_handler = { STATIC_HEADER, do_terminate_callback };
829
830

static void
831
install_signal_handlers(struct lshd_options *options)
832
{
833
834
835
  io_signal_handler(SIGTERM, &sigterm_handler);
  io_signal_handler(SIGHUP,
		    make_sighup_close_callback(options));
836
}
837

838
839
int
main(int argc, char **argv)
Niels Möller's avatar
Niels Möller committed
840
{
841
  struct lshd_options *options;
842

843
  io_init();
844
  
Niels Möller's avatar
Niels Möller committed
845
846
847
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
848

849
850
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
851

852
  options = make_lshd_options();
853
854
855

  if (!options)
    return EXIT_FAILURE;
856
857

  install_signal_handlers(options);
858
  
Niels Möller's avatar
Niels Möller committed
859
  trace("Parsing options...\n");
Niels Möller's avatar
Niels Möller committed
860
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
Niels Möller's avatar
Niels Möller committed
861
  trace("Parsing options... done\n");  
862

863
864
865
866
867
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
868

869
870
871
872
873
874
  if (!options->random) 
    {
      werror("Failed to initialize randomness generator.\n");
      return EXIT_FAILURE;
    }
  
875
  if (options->daemonic)
876
    {
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
      if (options->no_syslog)
        {
          /* Just put process into the background. --no-syslog is an
           * inappropriate name */
          switch (fork())
            {
            case 0:
              /* Child */
              /* FIXME: Should we create a new process group, close our tty
               * and stdio, etc? */
              trace("forked into background. New pid: %i.\n", getpid());
              break;
              
            case -1:
              /* Error */
              werror("background_process: fork failed (errno = %i): %z\n",
                     errno, STRERROR(errno));
              break;
              
            default:
              /* Parent */
              _exit(EXIT_SUCCESS);
            }
        }
      else
        {
903
#if HAVE_SYSLOG
904
          set_error_syslog("lshd");
905
#else /* !HAVE_SYSLOG */
906
          werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
907
908
#endif /* !HAVE_SYSLOG */

909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
          switch (daemon_init())
            {
            case 0:
              werror("lshd: Spawning into background failed.\n");
              return EXIT_FAILURE;
            case DAEMON_INETD:
              werror("lshd: spawning from inetd not yet supported.\n");
              return EXIT_FAILURE;
            case DAEMON_INIT:
            case DAEMON_NORMAL:
              break;
            default:
              fatal("Internal error\n");
            }
        }
    }
925
  
926
  if (options->use_pid_file)
927
    {
928
929
930
931
932
933
934
935
      if (daemon_pidfile(options->pid_file))
	remember_resource(options->resources, 
			  make_pid_file_resource(options->pid_file));
      else
	{
	  werror("lshd seems to be running already.\n");
	  return EXIT_FAILURE;
	}
936
    }
937
  {
938
939
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
940
941
    struct command *session_setup;
    
942
943
    /* Supported channel requests */
    struct alist *supported_channel_requests
944
      = make_alist(2,
Niels Möller's avatar
Niels Möller committed
945
946
		   ATOM_SHELL, &shell_request_handler,
		   ATOM_EXEC, &exec_request_handler,
947
948
		   -1);
    
949
950
#if WITH_PTY_SUPPORT
    if (options->with_pty)
951
952
953
954
      {
        ALIST_SET(supported_channel_requests,
                  ATOM_PTY_REQ, &pty_request_handler.super);
        ALIST_SET(supported_channel_requests,
Niels Möller's avatar
Niels Möller committed
955
                  ATOM_WINDOW_CHANGE, &window_change_request_handler.super);
956
      }
957
958
#endif /* WITH_PTY_SUPPORT */

959
960
961
    if (options->subsystems)
      ALIST_SET(supported_channel_requests,
		ATOM_SUBSYSTEM,
962
		&make_subsystem_handler(options->subsystems)->super);
963
		
964
965
    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
966
    
967
#if WITH_TCP_FORWARD
968
    if (options->with_tcpip_forward)
969
      connection_hooks = make_object_list
970
971
	(4,
	 session_setup,
972
	 make_tcpip_forward_hook(),
973
974
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
975
	 make_direct_tcpip_hook(),
976
	 -1);
977
978
    else
#endif
979
980
      connection_hooks
	= make_object_list (1, session_setup, -1);
981
    {
982
983
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
984
      CAST_SUBTYPE(command, server_listen, 		   
985
		   make_lshd_listen
986
		   (make_handshake_info(CONNECTION_SERVER,
987
988
989
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
990
					options->random,
991
992
					options->super.algorithms,
					options->sshd1),
993
		    make_simple_kexinit
994
		    (options->random,
995
996
997
998
999
1000
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
1001
1002
		    make_offer_service
		    (make_alist
1003
		     (1,
1004
1005
1006
1007
1008
1009
1010
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
1011
      COMMAND_CALL(server_listen, options,
1012
		   &discard_continuation,
1013
1014
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
1015
		    options->e,
1016
		    HANDLER_CONTEXT));
1017
    }
1018
  }
Niels Möller's avatar
Niels Möller committed
1019
  
1020
  io_run();
Niels Möller's avatar
Niels Möller committed
1021

1022
  io_final();
1023
  
Niels Möller's avatar
Niels Möller committed
1024
1025
  return 0;
}