lshd.c 21.7 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
50
#include "sexp_commands.h"
51
#include "spki_commands.h"
52
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
53
#include "ssh.h"
54
55
#include "tcpforward.h"
#include "tcpforward_commands.h"
56
#include "tcpforward_commands.h"
57
#include "server_userauth.h"
58
#include "version.h"
59
60
61
#include "werror.h"
#include "xalloc.h"

62
#include "lsh_argp.h"
63

64
65
66
67
68
69
70
71
72
73
74
/* Forward declarations */
struct command_simple options2local;
#define OPTIONS2LOCAL (&options2local.super.super)

static struct command options2keyfile;
#define OPTIONS2KEYFILE (&options2keyfile.super)

struct command_simple options2signature_algorithms;
#define OPTIONS2SIGNATURE_ALGORITHMS \
  (&options2signature_algorithms.super.super)

75
76
77
78
79
80
81
82
83
84
85
86
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
87
#if HAVE_UNISTD_H
88
#include <unistd.h>
89
#endif
90

91
92
/* Option parsing */

93
94
95
96
97
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

Niels Möller's avatar
Niels Möller committed
98
99
100
101
102
103
/* The definition of SBINDIR is currently broken */
#if 0
# define KERBEROS_HELPER SBINDIR "/lsh-krb-checkpw"
#else
# define KERBEROS_HELPER PREFIX "/sbin/lsh-krb-checkpw"
#endif
104

105
#define OPT_NO 0x400
106
107
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
108

109
#define OPT_TCPIP_FORWARD 0x202
110
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
111
112
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
113

114
#define OPT_DAEMONIC 0x204
115
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
116
#define OPT_PIDFILE 0x205
117
118
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
119

120
121
122
123
124
125
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
126
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
127
#define OPT_PASSWORD 0x221
128
129
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

130
#define OPT_ROOT_LOGIN 0x222
131
132
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

133
134
135
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

136
137
#define OPT_PASSWORD_HELPER 0x224

138
139
#define OPT_LOGIN_SHELL 0x225

140
141
142
143
144
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
145
       (backend object io_backend)
146
147
       (e object exception_handler)
       
148
       (reaper object reap)
149
       (random object randomness_with_poll)
150
       
151
       (signature_algorithms object alist)
152
153
154
155
156
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
157

158
159
160
161
162
163
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
164
165
       (with_publickey . int)
       (with_password . int)
166
       (allow_root . int)
167
       (pw_helper . "const char *")
168
       (login_shell . "const char *")
169
       
170
       (with_tcpip_forward . int)
171
       (with_pty . int)
172
       
173
174
175
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
176
177
178
179
180
181
       (sshd1 object ssh1_fallback)
       (daemonic . int)
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
182
183
*/

184
185
186
187
188
189
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
190
    case EXC_RESOLVE:
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
208
static struct lshd_options *
209
make_lshd_options(struct io_backend *backend)
210
{
Niels Möller's avatar
Niels Möller committed
211
  NEW(lshd_options, self);
212

213
  init_algorithms_options(&self->super, all_symmetric_algorithms());
214
215

  self->backend = backend;
216
217
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
218
  self->reaper = make_reaper(backend);
219
  self->random = make_default_random(self->reaper, self->e);
220

221
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
222
223
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
224
225
226
227
228

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
229
230
231
232
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

233
234
235
236
237
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
238
239
  self->with_publickey = 1;
  self->with_password = 1;
240
  self->with_tcpip_forward = 1;
241
  self->with_pty = 1;
242
  self->allow_root = 0;
243
  self->pw_helper = NULL;
244
  self->login_shell = NULL;
245
  
246
247
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
248
249
  
  self->sshd1 = NULL;
250
251
252
253
254
255
  self->daemonic = 0;

  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
256
257
258
259
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
260
/* Port to listen on */
261
DEFINE_COMMAND_SIMPLE(options2local, a)
Niels Möller's avatar
Niels Möller committed
262
263
264
265
266
267
{
  CAST(lshd_options, options, a);
  return &options->local->super;
}

/* alist of signature algorithms */
268
DEFINE_COMMAND_SIMPLE(options2signature_algorithms, a)
Niels Möller's avatar
Niels Möller committed
269
270
271
272
273
274
275
276
277
278
279
280
281
282
{
  CAST(lshd_options, options, a);
  return &options->signature_algorithms->super;
}

/* Read server's private key */
static void
do_options2keyfile(struct command *ignored UNUSED,
		   struct lsh_object *a,
		   struct command_continuation *c,
		   struct exception_handler *e)
{
  CAST(lshd_options, options, a);
  
283
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}

static struct command options2keyfile =
STATIC_COMMAND(do_options2keyfile);


301
302
303
304
305
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
306
    "Listen on this network interface.", 0 }, 
307
308
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
309
310
311
312
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
313

314
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
315
316
317
318
319
320
321
322
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
323
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
324

325
326
327
328
329
330
331
332
333
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
334
335
336
337
338

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
339

340
341
342
343
  { "login-shell", OPT_LOGIN_SHELL, "Program", 0,
    "Use this program as the login shell for all users. "
    "(Experimental)", 0 },
  
344
345
346
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
347
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
Niels Möller's avatar
Niels Möller committed
348
    "Don't recognize kerberos passwords (default behaviour).", 0 },
349

350
351
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
352
    "(Experimental).", 0 },
353
  
354
  { NULL, 0, NULL, 0, "Offered services:", 0 },
355

356
357
358
359
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
360
  
361
362
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
363
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
364
365
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
366
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
367
368
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
    
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
393
      state->child_inputs[2] = NULL;
394
395
      break;
    case ARGP_KEY_END:
396
      {
397
	struct user_db *user_db = NULL;
398
399
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
400
	  user_db = make_unix_user_db(self->backend, self->reaper,
401
402
				      self->pw_helper, self->login_shell,
				      self->allow_root);
403
	  
404
405
406
407
408
409
410
411
412
413
414
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
415
416
			  &make_dh_server(make_dh1(&self->random->super))
			  ->super);
417
418
419
420
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
421
		assert(user_db);
422
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
423
		ALIST_SET(self->super.algorithms,
424
			  ATOM_SRP_RING1_SHA1_LOCAL,
425
426
			  &make_srp_server(make_srp1(&self->random->super),
					   user_db)
427
			  ->super);
428
429
430
431
432
433
434
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
435
	  self->local = make_address_info_c(self->interface, self->port, 0);
436
	else
437
	  self->local = make_address_info_c(self->interface, "ssh", 22);
438
      
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
459
			  ATOM_PASSWORD,
460
			  &make_userauth_password(user_db)->super);
461
462
463
	      }
	    if (self->with_publickey)
	      {
464
465
466
467
468
		/* FIXME: Doesn't use spki */
		struct lookup_verifier *key_db
		  = make_authorization_db(ssh_format("authorized_keys_sha1"),
					  &sha1_algorithm);
		
469
470
471
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
472
			  &make_userauth_publickey
473
474
475
476
			  (user_db,
			   make_alist(2,
				      ATOM_SSH_DSS, key_db,
				      ATOM_SSH_RSA, key_db,
477
478
				      -1))
			  ->super);
479
480
481
482
	      }
	  }
	else
	  argp_error(state, "All user authentication methods disabled.");
483

484
485
	break;
      }
486
487
488
489
490
491
492
493
494
495
496
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
497

498
499
500
501
502
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
503

504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
535
536
537
538

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
539
540

    case OPT_KERBEROS_PASSWD:
541
      self->pw_helper = KERBEROS_HELPER;
542
543
544
545
546
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
547
548
549
550

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
551
552
553
554

    case OPT_LOGIN_SHELL:
      self->login_shell = arg;
      break;
555
      
556
#if WITH_TCP_FORWARD
557
558
559
560
561
562
563
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
564
565
566
567
568
569
570
571
572
573
574
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
	  
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;

    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
595
596
597
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
598

Niels Möller's avatar
Niels Möller committed
599
600
601
602
603
604
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
605
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
606
607
};

608

609
610
/* GABA:
   (expr
611
     (name make_lshd_listen)
612
     (params
613
       (backend object io_backend)
614
       (handshake object handshake_info)
615
       (init object make_kexinit)
616
       (services object command) )
617
     (expr (lambda (options)
618
619
620
621
622
623
624
625
626
627
628
629
             (let ((keys 
		    (spki_read_hostkeys (options2signature_algorithms options)
			                (options2keyfile options))))
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 backend
		 (options2local options))))))
630
631
*/

632

633
/* Invoked when starting the ssh-connection service */
634
635
/* GABA:
   (expr
636
     (name make_lshd_connection_service)
637
     (params
638
639
       (hooks object object_list))
     (expr
640
641
642
643
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
644
645
646
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
647
648
*/

649
#if WITH_GCOV
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
/* FIXME: Perhaps move to daemon.c? */
/* Catch SIGTERM and call exit(). That way, profiling info is written
 * properly when the process is terminated. */

static volatile sig_atomic_t terminate;

static void terminate_handler(int signum)
{
  assert(signum == SIGTERM);

  terminate = 1;
}

static void
do_terminate_callback(struct lsh_callback *s UNUSED)
{
666
  gc_final();
667
668
669
  exit(0);
}

670
static struct lsh_callback
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
terminate_callback =
{ STATIC_HEADER, do_terminate_callback };

static void
install_terminate_handler(struct io_backend *backend)
{
  struct sigaction term;
  memset(&term, 0, sizeof(term));

  term.sa_handler = terminate_handler;
  sigemptyset(&term.sa_mask);
  term.sa_flags = 0;

  if (sigaction(SIGTERM, &term, NULL) < 0)
    {
      werror ("Failed to install SIGTERM handler (errno = %i): %z\n",
	      errno, STRERROR(errno));
      exit(EXIT_FAILURE);
    }
  io_signal_handler(backend, &terminate, &terminate_callback);
}
692
#endif /* WITH_GCOV */
693

Niels Möller's avatar
Niels Möller committed
694
695
int main(int argc, char **argv)
{
696
  struct lshd_options *options;
697
698

  struct io_backend *backend = make_io_backend();
699

700
#if WITH_GCOV
701
  install_terminate_handler(backend);
702
#endif
703
  
Niels Möller's avatar
Niels Möller committed
704
705
706
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
707

708
709
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
710

711
  options = make_lshd_options(backend);
712
  
Niels Möller's avatar
Niels Möller committed
713
  trace("Parsing options...\n");
Niels Möller's avatar
Niels Möller committed
714
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
Niels Möller's avatar
Niels Möller committed
715
  trace("Parsing options...\n");  
716

717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
  
  if (options->daemonic)
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
747
748
749
750
751
752
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
753

754
755
756
757
758
759
760
  /* NOTE: We have to do this *after* forking into the background,
   * because otherwise we won't be able to waitpid() on the background
   * process. */

  /* Start background poll */
  RANDOM_POLL_BACKGROUND(options->random->poller);
	
761
  {
762
763
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
764
765
    struct command *session_setup;
    
766
767
    /* Supported channel requests */
    struct alist *supported_channel_requests
768
      = make_alist(2,
769
770
		   ATOM_SHELL, make_shell_handler(backend),
		   ATOM_EXEC, make_exec_handler(backend),
771
772
		   -1);
    
773
774
775
#if WITH_PTY_SUPPORT
    if (options->with_pty)
      ALIST_SET(supported_channel_requests,
776
		ATOM_PTY_REQ, &pty_request_handler.super);
777
778
779
780
#endif /* WITH_PTY_SUPPORT */

    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
781
    
782
#if WITH_TCP_FORWARD
783
    if (options->with_tcpip_forward)
784
      connection_hooks = make_object_list
785
786
	(4,
	 session_setup,
Niels Möller's avatar
Niels Möller committed
787
	 make_tcpip_forward_hook(backend),
788
789
790
791
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
792
793
    else
#endif
794
795
      connection_hooks
	= make_object_list (1, session_setup, -1);
796
    {
797
798
799
      /* FIXME: We should check that we have at least one host key. We
       * should also extract the host-key algorithms for which we have
       * keys, instead of hardcoding ssh-dss below. */
800

801
802
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
803
      CAST_SUBTYPE(command, server_listen, 		   
804
805
		   make_lshd_listen
		   (backend,
806
807
808
809
		    make_handshake_info(CONNECTION_SERVER,
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
810
					&options->random->super,
811
812
					options->super.algorithms,
					options->sshd1),
813
		    make_simple_kexinit
814
		    (&options->random->super,
815
816
817
818
819
820
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
821
822
823
824
825
826
827
828
829
830
		    make_offer_service
		    (make_alist
		     (2, ATOM_SSH_CONNECTION, connection_service,
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
831
      COMMAND_CALL(server_listen, options,
832
		   &discard_continuation,
833
834
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
835
		    options->e,
836
		    HANDLER_CONTEXT));
837
    }
838
  }
Niels Möller's avatar
Niels Möller committed
839
  
840
  io_run(backend);
Niels Möller's avatar
Niels Möller committed
841

842
  gc_final();
843
  
Niels Möller's avatar
Niels Möller committed
844
845
  return 0;
}