lshd.c 23.9 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
50
#include "sexp_commands.h"
51
#include "spki_commands.h"
52
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
53
#include "ssh.h"
54
55
#include "tcpforward.h"
#include "tcpforward_commands.h"
56
#include "tcpforward_commands.h"
57
#include "server_userauth.h"
58
#include "version.h"
59
60
61
#include "werror.h"
#include "xalloc.h"

62
#include "lsh_argp.h"
63

64
/* Forward declarations */
65
66
struct command options2local;
#define OPTIONS2LOCAL (&options2local.super)
67

68
struct command options2keyfile;
69
70
#define OPTIONS2KEYFILE (&options2keyfile.super)

71
struct command options2signature_algorithms;
72
#define OPTIONS2SIGNATURE_ALGORITHMS \
73
  (&options2signature_algorithms.super)
74

75
76
77
78
79
80
81
82
83
84
85
86
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
87
#if HAVE_UNISTD_H
88
#include <unistd.h>
89
#endif
90

91
92
/* Option parsing */

93
94
95
96
97
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

Niels Möller's avatar
Niels Möller committed
98
99
100
101
102
103
/* The definition of SBINDIR is currently broken */
#if 0
# define KERBEROS_HELPER SBINDIR "/lsh-krb-checkpw"
#else
# define KERBEROS_HELPER PREFIX "/sbin/lsh-krb-checkpw"
#endif
104

105
#define OPT_NO 0x400
106
107
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
108

109
#define OPT_TCPIP_FORWARD 0x202
110
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
111
112
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
113
114
#define OPT_SUBSYSTEMS 0x204
#define OPT_NO_SUBSYSTEMS (OPT_SUBSYSTEMS | OPT_NO)
115

116
#define OPT_DAEMONIC 0x205
117
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
118
#define OPT_PIDFILE 0x206
119
120
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
121
122
#define OPT_SYSLOG 0x208
#define OPT_NO_SYSLOG (OPT_SYSLOG | OPT_NO)
123

124
125
126
127
128
129
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
130
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
131
#define OPT_PASSWORD 0x221
132
133
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

134
#define OPT_ROOT_LOGIN 0x222
135
136
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

137
138
139
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

140
141
#define OPT_PASSWORD_HELPER 0x224

142
143
#define OPT_LOGIN_SHELL 0x225

144
145
146
147
148
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
149
150
       (e object exception_handler)
       
151
       (reaper object reap)
152
       (random object randomness_with_poll)
153
       
154
       (signature_algorithms object alist)
155
156
157
158
159
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
160

161
162
163
164
165
166
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
167
168
       (with_publickey . int)
       (with_password . int)
169
       (allow_root . int)
170
       (pw_helper . "const char *")
171
       (login_shell . "const char *")
172
       
173
       (with_tcpip_forward . int)
174
       (with_pty . int)
175
       (subsystems . "const char **")
176
       
177
178
179
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
180
181
       (sshd1 object ssh1_fallback)
       (daemonic . int)
182
       (no_syslog . int)
183
184
185
186
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
187
188
*/

189
190
191
192
193
194
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
195
    case EXC_RESOLVE:
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
213
static struct lshd_options *
214
make_lshd_options(void)
215
{
Niels Möller's avatar
Niels Möller committed
216
  NEW(lshd_options, self);
217

218
  init_algorithms_options(&self->super, all_symmetric_algorithms());
219

220
221
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
222
  self->reaper = make_reaper();
223
  self->random = make_default_random(self->reaper, self->e);
224

225
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
226
227
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
228
229
230
231
232

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
233
234
235
236
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

237
238
239
240
241
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
242
243
  self->with_publickey = 1;
  self->with_password = 1;
244
  self->with_tcpip_forward = 1;
245
  self->with_pty = 1;
246
247
  self->subsystems = NULL;
  
248
  self->allow_root = 0;
249
  self->pw_helper = NULL;
250
  self->login_shell = NULL;
251
  
252
253
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
254
255
  
  self->sshd1 = NULL;
256
  self->daemonic = 0;
257
258
  self->no_syslog = 0;
  
259
260
261
262
  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
263
264
265
266
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
267
/* Port to listen on */
268
269
270
271
272
DEFINE_COMMAND(options2local)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
273
274
{
  CAST(lshd_options, options, a);
275
  COMMAND_RETURN(c, options->local);
Niels Möller's avatar
Niels Möller committed
276
277
278
}

/* alist of signature algorithms */
279
280
281
282
283
DEFINE_COMMAND(options2signature_algorithms)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
284
285
{
  CAST(lshd_options, options, a);
286
  COMMAND_RETURN(c, options->signature_algorithms);
Niels Möller's avatar
Niels Möller committed
287
288
289
}

/* Read server's private key */
290
291
292
293
294
295

DEFINE_COMMAND(options2keyfile)
     (struct command *ignored UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e)
Niels Möller's avatar
Niels Möller committed
296
297
298
{
  CAST(lshd_options, options, a);
  
299
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
300

301
  f = io_read_file(options->hostkey, e);
Niels Möller's avatar
Niels Möller committed
302
303
304
305
306
307
308
309
310
311
312
313

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}


314
315
316
317
318
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
319
    "Listen on this network interface.", 0 }, 
320
321
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
322
323
324
325
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
326

327
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
328
329
330
331
332
333
334
335
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
336
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
337

338
339
340
341
342
343
344
345
346
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
347
348
349
350
351

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
352

353
354
355
356
  { "login-shell", OPT_LOGIN_SHELL, "Program", 0,
    "Use this program as the login shell for all users. "
    "(Experimental)", 0 },
  
357
358
359
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
360
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
Niels Möller's avatar
Niels Möller committed
361
    "Don't recognize kerberos passwords (default behaviour).", 0 },
362

363
364
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
365
    "(Experimental).", 0 },
366

367
  { NULL, 0, NULL, 0, "Offered services:", 0 },
368

369
370
371
372
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
373
374
375
376

  { "subsystems", OPT_SUBSYSTEMS, "List of subsystem names and programs", 0,
    "For example `sftp=/usr/sbin/sftp-server,foosystem=/usr/bin/foo' "
    "(experimental).", 0},
377
  
378
379
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
380
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
381
382
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
383
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
384
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
385
386
  { "no-syslog", OPT_NO_SYSLOG, NULL, 0, "Don't use syslog (by default, syslog is used "
    "when running in daemonic mode).", 0 },
387
388
389
390
391
392
393
394
395
396
397
398
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
/* NOTE: Modifies the argument string. */
static const char **
parse_subsystem_list(char *arg)
{
  const char **subsystems;
  char *separator;
  unsigned length;
  unsigned i;
  
  /* First count the number of elements. */
  for (length = 1, i = 0; arg[i]; i++)
    if (arg[i] == ',')
      length++;

  subsystems = lsh_space_alloc((length * 2 + 1) * sizeof(*subsystems));

  for (i = 0; ; i++)
    {
      subsystems[2*i] = arg;

      separator = strchr(arg, '=');

      if (!separator)
	goto fail;

      *separator = '\0';

      subsystems[2*i+1] = arg = separator + 1;
      
      separator = strchr(arg, ',');

      if (i == (length - 1))
	break;
      
      if (!separator)
	goto fail;

      *separator = '\0';
      arg = separator + 1;
    }
  if (separator)
    {
    fail:
      lsh_space_free(subsystems);
      return NULL;
    }
  return subsystems;
}

448
449
450
451
452
453
454
455
456
457
458
459
static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
460
      state->child_inputs[2] = NULL;
461
462
      break;
    case ARGP_KEY_END:
463
      {
464
	struct user_db *user_db = NULL;
465
466
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
467
	  user_db = make_unix_user_db(self->reaper,
468
469
				      self->pw_helper, self->login_shell,
				      self->allow_root);
470
	  
471
472
473
474
475
476
477
478
479
480
481
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
482
483
			  &make_dh_server(make_dh1(&self->random->super))
			  ->super);
484
485
486
487
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
488
		assert(user_db);
489
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
490
		ALIST_SET(self->super.algorithms,
491
			  ATOM_SRP_RING1_SHA1_LOCAL,
492
493
			  &make_srp_server(make_srp1(&self->random->super),
					   user_db)
494
			  ->super);
495
496
497
498
499
500
501
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
502
	  self->local = make_address_info_c(self->interface, self->port, 0);
503
	else
504
	  self->local = make_address_info_c(self->interface, "ssh", 22);
505
      
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
526
			  ATOM_PASSWORD,
527
			  &make_userauth_password(user_db)->super);
528
529
530
	      }
	    if (self->with_publickey)
	      {
531
532
533
534
535
		/* FIXME: Doesn't use spki */
		struct lookup_verifier *key_db
		  = make_authorization_db(ssh_format("authorized_keys_sha1"),
					  &sha1_algorithm);
		
536
537
538
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
539
			  &make_userauth_publickey
540
541
542
543
			  (user_db,
			   make_alist(2,
				      ATOM_SSH_DSS, key_db,
				      ATOM_SSH_RSA, key_db,
544
545
				      -1))
			  ->super);
546
547
	      }
	  }
548
549
550
551
552
553
        if (self->with_srp_keyexchange)
          ALIST_SET(self->userauth_algorithms,
                    ATOM_NONE,
                    &server_userauth_none.super);

        if (!self->userauth_algorithms->size)
554
	  argp_error(state, "All user authentication methods disabled.");
555

556
557
	break;
      }
558
559
560
561
562
563
564
565
566
567
568
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
569

570
571
572
573
574
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
575

576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
607
608
609
610

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
611
612

    case OPT_KERBEROS_PASSWD:
613
      self->pw_helper = KERBEROS_HELPER;
614
615
616
617
618
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
619
620
621
622

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
623
624
625
626

    case OPT_LOGIN_SHELL:
      self->login_shell = arg;
      break;
627
      
628
#if WITH_TCP_FORWARD
629
630
631
632
633
634
635
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
636
637
638
639
640
641
642
643
644
645
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
646
647
648
649
650
651
652
653
654
655
656

    case OPT_SUBSYSTEMS:
      self->subsystems = parse_subsystem_list(arg);
      if (!self->subsystems)
	argp_error(state, "Invalid subsystem list.");
      break;

    case OPT_NO_SUBSYSTEMS:
      self->subsystems = NULL;
      break;
      
657
658
659
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;
660
      
661
662
663
664
    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

665
666
667
668
    case OPT_NO_SYSLOG:
      self->no_syslog = 1;
      break;
      
669
670
671
672
673
674
675
676
677
678
679
680
    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
681
682
683
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
684

Niels Möller's avatar
Niels Möller committed
685
686
687
688
689
690
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
691
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
692
693
};

694

695
696
/* GABA:
   (expr
697
     (name make_lshd_listen)
698
     (params
699
       (handshake object handshake_info)
700
       (init object make_kexinit)
701
       (services object command) )
702
     (expr (lambda (options)
703
704
705
706
707
708
709
710
711
712
713
             (let ((keys 
		    (spki_read_hostkeys (options2signature_algorithms options)
			                (options2keyfile options))))
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 (options2local options))))))
714
715
*/

716

717
/* Invoked when starting the ssh-connection service */
718
719
/* GABA:
   (expr
720
     (name make_lshd_connection_service)
721
     (params
722
723
       (hooks object object_list))
     (expr
724
725
726
727
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
728
729
730
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
731
732
*/

733
#if WITH_GCOV
734
735
736
737
738
739
/* Catch SIGTERM and call exit(). That way, profiling info is written
 * properly when the process is terminated. */

static void
do_terminate_callback(struct lsh_callback *s UNUSED)
{
740
  io_final();
741
742
743
  exit(0);
}

744
static struct lsh_callback
745
746
747
748
terminate_callback =
{ STATIC_HEADER, do_terminate_callback };

static void
749
install_terminate_handler(void)
750
{
751
  io_signal_handler(SIGTERM, &terminate_callback);
752
}
753

754
#endif /* WITH_GCOV */
755

Niels Möller's avatar
Niels Möller committed
756
757
int main(int argc, char **argv)
{
758
  struct lshd_options *options;
759

760
  io_init();
761

762
#if WITH_GCOV
763
  install_terminate_handler();
764
#endif
765
  
Niels Möller's avatar
Niels Möller committed
766
767
768
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
769

770
771
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
772

773
  options = make_lshd_options();
774
  
Niels Möller's avatar
Niels Möller committed
775
  trace("Parsing options...\n");
Niels Möller's avatar
Niels Möller committed
776
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
Niels Möller's avatar
Niels Möller committed
777
  trace("Parsing options... done\n");  
778

779
780
781
782
783
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
784

785
  if (options->daemonic)
786
    {
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
      if (options->no_syslog)
        {
          /* Just put process into the background. --no-syslog is an
           * inappropriate name */
          switch (fork())
            {
            case 0:
              /* Child */
              /* FIXME: Should we create a new process group, close our tty
               * and stdio, etc? */
              trace("forked into background. New pid: %i.\n", getpid());
              break;
              
            case -1:
              /* Error */
              werror("background_process: fork failed (errno = %i): %z\n",
                     errno, STRERROR(errno));
              break;
              
            default:
              /* Parent */
              _exit(EXIT_SUCCESS);
            }
        }
      else
        {
813
#if HAVE_SYSLOG
814
          set_error_syslog("lshd");
815
#else /* !HAVE_SYSLOG */
816
          werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
817
818
#endif /* !HAVE_SYSLOG */

819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
          switch (daemon_init())
            {
            case 0:
              werror("lshd: Spawning into background failed.\n");
              return EXIT_FAILURE;
            case DAEMON_INETD:
              werror("lshd: spawning from inetd not yet supported.\n");
              return EXIT_FAILURE;
            case DAEMON_INIT:
            case DAEMON_NORMAL:
              break;
            default:
              fatal("Internal error\n");
            }
        }
    }
835
836
837
838
839
840
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
841

842
843
844
845
846
847
848
  /* NOTE: We have to do this *after* forking into the background,
   * because otherwise we won't be able to waitpid() on the background
   * process. */

  /* Start background poll */
  RANDOM_POLL_BACKGROUND(options->random->poller);
	
849
  {
850
851
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
852
853
    struct command *session_setup;
    
854
855
    /* Supported channel requests */
    struct alist *supported_channel_requests
856
      = make_alist(2,
Niels Möller's avatar
Niels Möller committed
857
858
		   ATOM_SHELL, &shell_request_handler,
		   ATOM_EXEC, &exec_request_handler,
859
860
		   -1);
    
861
862
#if WITH_PTY_SUPPORT
    if (options->with_pty)
863
864
865
866
      {
        ALIST_SET(supported_channel_requests,
                  ATOM_PTY_REQ, &pty_request_handler.super);
        ALIST_SET(supported_channel_requests,
Niels Möller's avatar
Niels Möller committed
867
                  ATOM_WINDOW_CHANGE, &window_change_request_handler.super);
868
      }
869
870
#endif /* WITH_PTY_SUPPORT */

871
872
873
    if (options->subsystems)
      ALIST_SET(supported_channel_requests,
		ATOM_SUBSYSTEM,
874
		&make_subsystem_handler(options->subsystems)->super);
875
		
876
877
    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
878
    
879
#if WITH_TCP_FORWARD
880
    if (options->with_tcpip_forward)
881
      connection_hooks = make_object_list
882
883
	(4,
	 session_setup,
884
	 make_tcpip_forward_hook(),
885
886
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
887
	 make_direct_tcpip_hook(),
888
	 -1);
889
890
    else
#endif
891
892
      connection_hooks
	= make_object_list (1, session_setup, -1);
893
    {
894
895
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
896
      CAST_SUBTYPE(command, server_listen, 		   
897
		   make_lshd_listen
898
		   (make_handshake_info(CONNECTION_SERVER,
899
900
901
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
902
					&options->random->super,
903
904
					options->super.algorithms,
					options->sshd1),
905
		    make_simple_kexinit
906
		    (&options->random->super,
907
908
909
910
911
912
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
913
914
		    make_offer_service
		    (make_alist
915
		     (1,
916
917
918
919
920
921
922
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
923
      COMMAND_CALL(server_listen, options,
924
		   &discard_continuation,
925
926
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
927
		    options->e,
928
		    HANDLER_CONTEXT));
929
    }
930
  }
Niels Möller's avatar
Niels Möller committed
931
  
932
  io_run();
Niels Möller's avatar
Niels Möller committed
933

934
  io_final();
935
  
Niels Möller's avatar
Niels Möller committed
936
937
  return 0;
}