lshd.c 18.9 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "format.h"
Niels Möller's avatar
Niels Möller committed
37
#include "io.h"
38
#include "io_commands.h"
39
#include "lookup_verifier.h"
40
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
41
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
42
#include "server.h"
43
#include "server_authorization.h"
44
#include "server_keyexchange.h"
45
46
#include "server_pty.h"
#include "server_session.h"
47
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
48
#include "sexp_commands.h"
49
#include "spki_commands.h"
50
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
51
#include "ssh.h"
52
53
#include "tcpforward.h"
#include "tcpforward_commands.h"
54
#include "tcpforward_commands.h"
55
#include "server_userauth.h"
56
#include "version.h"
57
58
59
#include "werror.h"
#include "xalloc.h"

60
#include "lsh_argp.h"
61

62
63
64
65
66
67
68
69
70
71
72
/* Forward declarations */
struct command_simple options2local;
#define OPTIONS2LOCAL (&options2local.super.super)

static struct command options2keyfile;
#define OPTIONS2KEYFILE (&options2keyfile.super)

struct command_simple options2signature_algorithms;
#define OPTIONS2SIGNATURE_ALGORITHMS \
  (&options2signature_algorithms.super.super)

73
74
75
76
77
78
79
80
81
82
83
84
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
85
#if HAVE_UNISTD_H
86
#include <unistd.h>
87
#endif
88

89
/* Block size for stdout and stderr buffers */
Niels Möller's avatar
Niels Möller committed
90
91
#define BLOCK_SIZE 32768

92
93
94

/* Option parsing */

95
96
97
98
99
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

100
#define OPT_NO 0x400
101
102
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
103

104
#define OPT_TCPIP_FORWARD 0x202
105
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
106
107
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
108

109
#define OPT_DAEMONIC 0x204
110
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
111
#define OPT_PIDFILE 0x205
112
113
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
114

115
116
117
118
119
120
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
121
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
122
#define OPT_PASSWORD 0x221
123
124
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

125
#define OPT_ROOT_LOGIN 0x222
126
127
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

128
129
130
131
132
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
133
       (backend object io_backend)
134
       (random object randomness)
135
       (signature_algorithms object alist)
136
137
138
139
140
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
141

142
143
144
145
146
147
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
148
149
       (with_publickey . int)
       (with_password . int)
150
151
       (allow_root . int)

152
       (with_tcpip_forward . int)
153
       (with_pty . int)
154
       
155
156
157
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
158
159
160
161
162
163
       (sshd1 object ssh1_fallback)
       (daemonic . int)
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
164
165
*/

Niels Möller's avatar
Niels Möller committed
166
static struct lshd_options *
167
make_lshd_options(struct io_backend *backend)
168
{
Niels Möller's avatar
Niels Möller committed
169
  NEW(lshd_options, self);
170

171
  init_algorithms_options(&self->super, many_algorithms(0, -1));
172
173

  self->backend = backend;
174
175
  self->random = make_reasonably_random();
  
176
177
  self->signature_algorithms
    = make_alist(1,
178
		 ATOM_DSA, make_dsa_algorithm(self->random), -1);
179
180
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
181
182
183
184
185

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
186
187
188
189
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

190
191
192
193
194
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
195
196
  self->with_publickey = 1;
  self->with_password = 1;
197
  self->with_tcpip_forward = 1;
198
  self->with_pty = 1;
199
200
  self->allow_root = 0;
  
201
202
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
203
204
  
  self->sshd1 = NULL;
205
206
207
208
209
210
  self->daemonic = 0;

  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
211
212
213
214
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
/* Port to listen on */
COMMAND_SIMPLE(options2local)
{
  CAST(lshd_options, options, a);
  return &options->local->super;
}

/* alist of signature algorithms */
COMMAND_SIMPLE(options2signature_algorithms)
{
  CAST(lshd_options, options, a);
  return &options->signature_algorithms->super;
}

/* Read server's private key */
static void
do_options2keyfile(struct command *ignored UNUSED,
		   struct lsh_object *a,
		   struct command_continuation *c,
		   struct exception_handler *e)
{
  CAST(lshd_options, options, a);
  
238
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}

static struct command options2keyfile =
STATIC_COMMAND(do_options2keyfile);


256
257
258
259
260
261
262
263
264
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
    "Listen on this network interface", 0 }, 
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},

265
266
267
268
269
270
271
272
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
273
274
275
276
277
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */

278
279
280
281
282
283
284
285
286
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
287
288
289
290
291

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
292
  
293
294
295
296
297
#if WITH_TCP_FORWARD
  { "tcp-forward", OPT_TCPIP_FORWARD, NULL, 0, "Enable tcpip forwarding (default).", 0 },
  { "no-tcp-forward", OPT_NO_TCPIP_FORWARD, NULL, 0, "Disable tcpip forwarding.", 0 },
#endif /* WITH_TCP_FORWARD */

298
299
300
301
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
302
  
303
304
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
305
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
306
307
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
308
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
309
310
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
    
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
335
      state->child_inputs[2] = NULL;
336
      break;
337
#if 0
338
339
340
    case ARGP_KEY_ARG:
      argp_error(state, "Spurious arguments.");
      break;
341
#endif  
342
    case ARGP_KEY_END:
343
344
345
346
347
      {
	struct user_db *db = NULL;
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
	  db = make_unix_user_db(self->backend, self->allow_root);
348
	  
349
350
351
352
353
354
355
356
357
358
359
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
360
			  make_dh_server(make_dh1(self->random)));
361
362
363
364
365
366
367
368
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
		assert(db);
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_SRP_GROUP1_SHA1,
369
			  make_srp_server(make_srp1(self->random), db));
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
	      }
#endif /* WITH_SRP */
	    
#if 0
	    self->kexinit
	      = make_simple_kexinit(self->random,
				    kex_algorithms,
				    make_int_list(1, ATOM_SSH_DSS, -1),
				    self->super.crypto_algorithms,
				    self->super.mac_algorithms,
				    self->super.compression_algorithms,
				    make_int_list(0, -1));
#endif
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
	  self->local = make_address_info_c(arg, self->port, 0);
	else
	  self->local = make_address_info_c(arg, "ssh", 22);
391
      
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PASSWORD, make_userauth_password(db));
	      }
	    if (self->with_publickey)
	      {
		/* Doesn't use spki */
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
			  make_userauth_publickey
			  (db,
			   make_alist(1,
				      ATOM_SSH_DSS,
				      make_authorization_db(ssh_format("authorized_keys_sha1"),
							    &sha1_algorithm),
				      
				      -1)));
	      }
	  }
	else
	  argp_error(state, "All user authentication methods disabled.");
	
	break;
      }
435
436
437
438
439
440
441
442
443
444
445
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
446

447
448
449
450
451
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
452

453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
484
485
486
487

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
488
      
489
#if WITH_TCP_FORWARD
490
491
492
493
494
495
496
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
497
498
499
500
501
502
503
504
505
506
507
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
	  
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;

    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
528
529
530
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
531

Niels Möller's avatar
Niels Möller committed
532
533
534
535
536
537
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
538
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
539
540
};

541

542
543
544
545
546
/* GABA:
   (expr
     (name lshd_listen)
     (params
       (listen object command)
547
       (handshake object handshake_info)
548
       (services object command) )
549
550
551
552
553
554
     (expr (lambda (options)
             (services (connection_handshake
	                    handshake
			    (spki_read_hostkeys (options2signature_algorithms options)
			                        (options2keyfile options))
			    (log_peer (listen (options2local options))))))))
555
556
*/

557
/* Invoked when the client requests the userauth service. */
558
559
/* GABA:
   (expr
560
561
     (name lshd_services)
     (params 
562
       (userauth object command))
563
564
565
566
567
     (expr
       (lambda (connection)
         ((userauth connection) connection))))
*/

568
/* Invoked when starting the ssh-connection service */
569
570
/* GABA:
   (expr
571
     (name lshd_connection_service)
572
     (params
573
574
575
576
       (login object command)     
       (hooks object object_list))
     (expr
       (lambda (user connection)
577
578
579
         ((progn hooks) (login user
	                       ; We have to initialize the connection
			       ; before logging in.
580
	                       (init_connection_service connection))))))
581
582
*/

583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
static void
do_lshd_default_handler(struct exception_handler *s,
			const struct exception *e)
{
  switch(e->type)
    {
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

Niels Möller's avatar
Niels Möller committed
598
static struct exception_handler *
599
600
601
602
603
604
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_lshd_default_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
605
606
int main(int argc, char **argv)
{
607
  struct lshd_options *options;
608
  
Niels Möller's avatar
Niels Möller committed
609
610
  struct reap *reaper;
  
611
  NEW(io_backend, backend);
612
  init_backend(backend);
613

Niels Möller's avatar
Niels Möller committed
614
615
616
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
617

618
619
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
620

621
  options = make_lshd_options(backend);
622
  
Niels Möller's avatar
Niels Möller committed
623
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
624

625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
  
  if (options->daemonic)
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
655
656
657
658
659
660
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
661
  
Niels Möller's avatar
Niels Möller committed
662
  reaper = make_reaper();
663
  
664
  {
665
666
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
667

668
669
    /* Supported channel requests */
    struct alist *supported_channel_requests
670
671
672
      = make_alist(2,
		   ATOM_SHELL, make_shell_handler(backend, reaper),
		   ATOM_EXEC, make_exec_handler(backend, reaper),
673
674
675
		   -1);
    
    
676
#if WITH_TCP_FORWARD
677
    if (options->with_tcpip_forward)
678
679
      connection_hooks = make_object_list
	(3,
Niels Möller's avatar
Niels Möller committed
680
	 make_tcpip_forward_hook(backend),
681
682
683
684
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
685
686
    else
#endif
687
      connection_hooks = make_object_list(0, -1);
688
689
690
691
692
#if WITH_PTY_SUPPORT
    if (options->with_pty)
      ALIST_SET(supported_channel_requests,
		ATOM_PTY_REQ, make_pty_handler());
#endif /* WITH_PTY_SUPPORT */
693
    {
694
695
696
      /* FIXME: We should check that we have at least one host key. We
       * should also extract the host-key algorithms for which we have
       * keys, instead of hardcoding ssh-dss below. */
697
 
698
699
      struct lsh_object *o = lshd_listen
	(make_simple_listen(backend, NULL),
700
701
	 make_handshake_info(CONNECTION_SERVER,
			     "lsh - a free ssh",
702
			     NULL,
703
			     SSH_MAX_PACKET,
704
705
706
707
708
709
710
711
712
713
			     options->random,
			     options->super.algorithms,
			     make_simple_kexinit
			     (options->random,
			      options->kex_algorithms,
			      make_int_list(1, ATOM_SSH_DSS, -1),
			      options->super.crypto_algorithms,
			      options->super.mac_algorithms,
			      options->super.compression_algorithms,
			      make_int_list(0, -1)),
714
			     options->sshd1),
715
716
717
718
	 make_offer_service
	 (make_alist
	  (1, ATOM_SSH_USERAUTH,
	   lshd_services(make_userauth_service
719
720
			 (options->userauth_methods,
			  options->userauth_algorithms,
721
			  make_alist(1, ATOM_SSH_CONNECTION,
722
				     lshd_connection_service
723
				     (make_server_connection_service(supported_channel_requests),
724
				      connection_hooks),
725
726
				     -1))),
	   -1)));
727
    
728
      CAST_SUBTYPE(command, server_listen, o);
729
    
730
      COMMAND_CALL(server_listen, options,
731
		   &discard_continuation,
732
733
734
735
736
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
		    make_lshd_exception_handler(&default_exception_handler,
						HANDLER_CONTEXT),
		    HANDLER_CONTEXT));
737
    }
738
  }
Niels Möller's avatar
Niels Möller committed
739
  
740
  reaper_run(reaper, backend);
Niels Möller's avatar
Niels Möller committed
741
742
743

  return 0;
}