lshd.c 22.3 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
50
#include "sexp_commands.h"
51
#include "spki_commands.h"
52
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
53
#include "ssh.h"
54
55
#include "tcpforward.h"
#include "tcpforward_commands.h"
56
#include "tcpforward_commands.h"
57
#include "server_userauth.h"
58
#include "version.h"
59
60
61
#include "werror.h"
#include "xalloc.h"

62
#include "lsh_argp.h"
63

64
/* Forward declarations */
65
66
struct command options2local;
#define OPTIONS2LOCAL (&options2local.super)
67

68
struct command options2keyfile;
69
70
#define OPTIONS2KEYFILE (&options2keyfile.super)

71
struct command options2signature_algorithms;
72
#define OPTIONS2SIGNATURE_ALGORITHMS \
73
  (&options2signature_algorithms.super)
74

75
76
77
78
79
80
81
82
83
84
85
86
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
87
#if HAVE_UNISTD_H
88
#include <unistd.h>
89
#endif
90

91
92
/* Option parsing */

93
94
95
96
97
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

Niels Möller's avatar
Niels Möller committed
98
99
100
101
102
103
/* The definition of SBINDIR is currently broken */
#if 0
# define KERBEROS_HELPER SBINDIR "/lsh-krb-checkpw"
#else
# define KERBEROS_HELPER PREFIX "/sbin/lsh-krb-checkpw"
#endif
104

105
#define OPT_NO 0x400
106
107
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
108

109
#define OPT_TCPIP_FORWARD 0x202
110
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
111
112
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
113

114
#define OPT_DAEMONIC 0x204
115
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
116
#define OPT_PIDFILE 0x205
117
118
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
119
120
#define OPT_SYSLOG 0x208
#define OPT_NO_SYSLOG (OPT_SYSLOG | OPT_NO)
121

122
123
124
125
126
127
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
128
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
129
#define OPT_PASSWORD 0x221
130
131
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

132
#define OPT_ROOT_LOGIN 0x222
133
134
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

135
136
137
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

138
139
#define OPT_PASSWORD_HELPER 0x224

140
141
#define OPT_LOGIN_SHELL 0x225

142
143
144
145
146
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
147
       (backend object io_backend)
148
149
       (e object exception_handler)
       
150
       (reaper object reap)
151
       (random object randomness_with_poll)
152
       
153
       (signature_algorithms object alist)
154
155
156
157
158
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
159

160
161
162
163
164
165
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
166
167
       (with_publickey . int)
       (with_password . int)
168
       (allow_root . int)
169
       (pw_helper . "const char *")
170
       (login_shell . "const char *")
171
       
172
       (with_tcpip_forward . int)
173
       (with_pty . int)
174
       
175
176
177
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
178
179
       (sshd1 object ssh1_fallback)
       (daemonic . int)
180
       (no_syslog . int)
181
182
183
184
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
185
186
*/

187
188
189
190
191
192
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
193
    case EXC_RESOLVE:
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
211
static struct lshd_options *
212
make_lshd_options(struct io_backend *backend)
213
{
Niels Möller's avatar
Niels Möller committed
214
  NEW(lshd_options, self);
215

216
  init_algorithms_options(&self->super, all_symmetric_algorithms());
217
218

  self->backend = backend;
219
220
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
221
  self->reaper = make_reaper(backend);
222
  self->random = make_default_random(self->reaper, self->e);
223

224
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
225
226
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
227
228
229
230
231

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
232
233
234
235
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

236
237
238
239
240
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
241
242
  self->with_publickey = 1;
  self->with_password = 1;
243
  self->with_tcpip_forward = 1;
244
  self->with_pty = 1;
245
  self->allow_root = 0;
246
  self->pw_helper = NULL;
247
  self->login_shell = NULL;
248
  
249
250
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
251
252
  
  self->sshd1 = NULL;
253
  self->daemonic = 0;
254
255
  self->no_syslog = 0;
  
256
257
258
259
  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
260
261
262
263
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
264
/* Port to listen on */
265
266
267
268
269
DEFINE_COMMAND(options2local)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
270
271
{
  CAST(lshd_options, options, a);
272
  COMMAND_RETURN(c, options->local);
Niels Möller's avatar
Niels Möller committed
273
274
275
}

/* alist of signature algorithms */
276
277
278
279
280
DEFINE_COMMAND(options2signature_algorithms)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
281
282
{
  CAST(lshd_options, options, a);
283
  COMMAND_RETURN(c, options->signature_algorithms);
Niels Möller's avatar
Niels Möller committed
284
285
286
}

/* Read server's private key */
287
288
289
290
291
292

DEFINE_COMMAND(options2keyfile)
     (struct command *ignored UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e)
Niels Möller's avatar
Niels Möller committed
293
294
295
{
  CAST(lshd_options, options, a);
  
296
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
297
298
299
300
301
302
303
304
305
306
307
308
309
310

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}


311
312
313
314
315
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
316
    "Listen on this network interface.", 0 }, 
317
318
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
319
320
321
322
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
323

324
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
325
326
327
328
329
330
331
332
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
333
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
334

335
336
337
338
339
340
341
342
343
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
344
345
346
347
348

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
349

350
351
352
353
  { "login-shell", OPT_LOGIN_SHELL, "Program", 0,
    "Use this program as the login shell for all users. "
    "(Experimental)", 0 },
  
354
355
356
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
357
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
Niels Möller's avatar
Niels Möller committed
358
    "Don't recognize kerberos passwords (default behaviour).", 0 },
359

360
361
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
362
    "(Experimental).", 0 },
363

364
  { NULL, 0, NULL, 0, "Offered services:", 0 },
365

366
367
368
369
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
370
  
371
372
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
373
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
374
375
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
376
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
377
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
378
379
  { "no-syslog", OPT_NO_SYSLOG, NULL, 0, "Don't use syslog (by default, syslog is used "
    "when running in daemonic mode).", 0 },
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
404
      state->child_inputs[2] = NULL;
405
406
      break;
    case ARGP_KEY_END:
407
      {
408
	struct user_db *user_db = NULL;
409
410
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
411
	  user_db = make_unix_user_db(self->backend, self->reaper,
412
413
				      self->pw_helper, self->login_shell,
				      self->allow_root);
414
	  
415
416
417
418
419
420
421
422
423
424
425
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
426
427
			  &make_dh_server(make_dh1(&self->random->super))
			  ->super);
428
429
430
431
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
432
		assert(user_db);
433
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
434
		ALIST_SET(self->super.algorithms,
435
			  ATOM_SRP_RING1_SHA1_LOCAL,
436
437
			  &make_srp_server(make_srp1(&self->random->super),
					   user_db)
438
			  ->super);
439
440
441
442
443
444
445
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
446
	  self->local = make_address_info_c(self->interface, self->port, 0);
447
	else
448
	  self->local = make_address_info_c(self->interface, "ssh", 22);
449
      
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
470
			  ATOM_PASSWORD,
471
			  &make_userauth_password(user_db)->super);
472
473
474
	      }
	    if (self->with_publickey)
	      {
475
476
477
478
479
		/* FIXME: Doesn't use spki */
		struct lookup_verifier *key_db
		  = make_authorization_db(ssh_format("authorized_keys_sha1"),
					  &sha1_algorithm);
		
480
481
482
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
483
			  &make_userauth_publickey
484
485
486
487
			  (user_db,
			   make_alist(2,
				      ATOM_SSH_DSS, key_db,
				      ATOM_SSH_RSA, key_db,
488
489
				      -1))
			  ->super);
490
491
	      }
	  }
492
493
494
495
496
497
        if (self->with_srp_keyexchange)
          ALIST_SET(self->userauth_algorithms,
                    ATOM_NONE,
                    &server_userauth_none.super);

        if (!self->userauth_algorithms->size)
498
	  argp_error(state, "All user authentication methods disabled.");
499

500
501
	break;
      }
502
503
504
505
506
507
508
509
510
511
512
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
513

514
515
516
517
518
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
519

520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
551
552
553
554

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
555
556

    case OPT_KERBEROS_PASSWD:
557
      self->pw_helper = KERBEROS_HELPER;
558
559
560
561
562
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
563
564
565
566

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
567
568
569
570

    case OPT_LOGIN_SHELL:
      self->login_shell = arg;
      break;
571
      
572
#if WITH_TCP_FORWARD
573
574
575
576
577
578
579
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
580
581
582
583
584
585
586
587
588
589
590
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
	  
591
592
593
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;
594
      
595
596
597
598
    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

599
600
601
602
    case OPT_NO_SYSLOG:
      self->no_syslog = 1;
      break;
      
603
604
605
606
607
608
609
610
611
612
613
614
    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
615
616
617
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
618

Niels Möller's avatar
Niels Möller committed
619
620
621
622
623
624
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
625
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
626
627
};

628

629
630
/* GABA:
   (expr
631
     (name make_lshd_listen)
632
     (params
633
       (backend object io_backend)
634
       (handshake object handshake_info)
635
       (init object make_kexinit)
636
       (services object command) )
637
     (expr (lambda (options)
638
639
640
641
642
643
644
645
646
647
648
649
             (let ((keys 
		    (spki_read_hostkeys (options2signature_algorithms options)
			                (options2keyfile options))))
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 backend
		 (options2local options))))))
650
651
*/

652

653
/* Invoked when starting the ssh-connection service */
654
655
/* GABA:
   (expr
656
     (name make_lshd_connection_service)
657
     (params
658
659
       (hooks object object_list))
     (expr
660
661
662
663
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
664
665
666
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
667
668
*/

669
#if WITH_GCOV
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
/* FIXME: Perhaps move to daemon.c? */
/* Catch SIGTERM and call exit(). That way, profiling info is written
 * properly when the process is terminated. */

static volatile sig_atomic_t terminate;

static void terminate_handler(int signum)
{
  assert(signum == SIGTERM);

  terminate = 1;
}

static void
do_terminate_callback(struct lsh_callback *s UNUSED)
{
686
  gc_final();
687
688
689
  exit(0);
}

690
static struct lsh_callback
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
terminate_callback =
{ STATIC_HEADER, do_terminate_callback };

static void
install_terminate_handler(struct io_backend *backend)
{
  struct sigaction term;
  memset(&term, 0, sizeof(term));

  term.sa_handler = terminate_handler;
  sigemptyset(&term.sa_mask);
  term.sa_flags = 0;

  if (sigaction(SIGTERM, &term, NULL) < 0)
    {
      werror ("Failed to install SIGTERM handler (errno = %i): %z\n",
	      errno, STRERROR(errno));
      exit(EXIT_FAILURE);
    }
  io_signal_handler(backend, &terminate, &terminate_callback);
}
712
#endif /* WITH_GCOV */
713

Niels Möller's avatar
Niels Möller committed
714
715
int main(int argc, char **argv)
{
716
  struct lshd_options *options;
717
718

  struct io_backend *backend = make_io_backend();
719

720
#if WITH_GCOV
721
  install_terminate_handler(backend);
722
#endif
723
  
Niels Möller's avatar
Niels Möller committed
724
725
726
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
727

728
729
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
730

731
  options = make_lshd_options(backend);
732
  
Niels Möller's avatar
Niels Möller committed
733
  trace("Parsing options...\n");
Niels Möller's avatar
Niels Möller committed
734
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
Niels Möller's avatar
Niels Möller committed
735
  trace("Parsing options...\n");  
736

737
738
739
740
741
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
742

743
  if (options->daemonic && !options->no_syslog)
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
767
768
769
770
771
772
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
773

774
775
776
777
778
779
780
  /* NOTE: We have to do this *after* forking into the background,
   * because otherwise we won't be able to waitpid() on the background
   * process. */

  /* Start background poll */
  RANDOM_POLL_BACKGROUND(options->random->poller);
	
781
  {
782
783
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
784
785
    struct command *session_setup;
    
786
787
    /* Supported channel requests */
    struct alist *supported_channel_requests
788
      = make_alist(2,
789
790
		   ATOM_SHELL, make_shell_handler(backend),
		   ATOM_EXEC, make_exec_handler(backend),
791
792
		   -1);
    
793
794
795
#if WITH_PTY_SUPPORT
    if (options->with_pty)
      ALIST_SET(supported_channel_requests,
796
		ATOM_PTY_REQ, &pty_request_handler.super);
797
798
799
800
#endif /* WITH_PTY_SUPPORT */

    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
801
    
802
#if WITH_TCP_FORWARD
803
    if (options->with_tcpip_forward)
804
      connection_hooks = make_object_list
805
806
	(4,
	 session_setup,
Niels Möller's avatar
Niels Möller committed
807
	 make_tcpip_forward_hook(backend),
808
809
810
811
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
812
813
    else
#endif
814
815
      connection_hooks
	= make_object_list (1, session_setup, -1);
816
    {
817
818
819
      /* FIXME: We should check that we have at least one host key. We
       * should also extract the host-key algorithms for which we have
       * keys, instead of hardcoding ssh-dss below. */
820

821
822
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
823
      CAST_SUBTYPE(command, server_listen, 		   
824
825
		   make_lshd_listen
		   (backend,
826
827
828
829
		    make_handshake_info(CONNECTION_SERVER,
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
830
					&options->random->super,
831
832
					options->super.algorithms,
					options->sshd1),
833
		    make_simple_kexinit
834
		    (&options->random->super,
835
836
837
838
839
840
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
841
842
		    make_offer_service
		    (make_alist
843
		     (1,
844
845
846
847
848
849
850
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
851
      COMMAND_CALL(server_listen, options,
852
		   &discard_continuation,
853
854
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
855
		    options->e,
856
		    HANDLER_CONTEXT));
857
    }
858
  }
Niels Möller's avatar
Niels Möller committed
859
  
860
  io_run(backend);
Niels Möller's avatar
Niels Möller committed
861

862
  gc_final();
863
  
Niels Möller's avatar
Niels Möller committed
864
865
  return 0;
}