lshd.c 23.7 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
50
#include "sexp_commands.h"
51
#include "spki_commands.h"
52
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
53
#include "ssh.h"
54
55
#include "tcpforward.h"
#include "tcpforward_commands.h"
56
#include "tcpforward_commands.h"
57
#include "server_userauth.h"
58
#include "version.h"
59
60
61
#include "werror.h"
#include "xalloc.h"

62
#include "lsh_argp.h"
63

64
/* Forward declarations */
65
66
struct command options2local;
#define OPTIONS2LOCAL (&options2local.super)
67

68
69
struct command options2keys;
#define OPTIONS2KEYS (&options2keys.super)
70

71
#if 0
72
struct command options2signature_algorithms;
73
#define OPTIONS2SIGNATURE_ALGORITHMS \
74
  (&options2signature_algorithms.super)
75
#endif
76

77
78
79
80
81
82
83
84
85
86
87
88
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
89
#if HAVE_UNISTD_H
90
#include <unistd.h>
91
#endif
92

93
94
/* Option parsing */

95
96
97
98
99
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

Niels Möller's avatar
Niels Möller committed
100
101
102
103
104
105
/* The definition of SBINDIR is currently broken */
#if 0
# define KERBEROS_HELPER SBINDIR "/lsh-krb-checkpw"
#else
# define KERBEROS_HELPER PREFIX "/sbin/lsh-krb-checkpw"
#endif
106

107
#define OPT_NO 0x400
108
109
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
110

111
#define OPT_TCPIP_FORWARD 0x202
112
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
113
114
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
115
116
#define OPT_SUBSYSTEMS 0x204
#define OPT_NO_SUBSYSTEMS (OPT_SUBSYSTEMS | OPT_NO)
117

118
#define OPT_DAEMONIC 0x205
119
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
120
#define OPT_PIDFILE 0x206
121
122
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
123
124
#define OPT_SYSLOG 0x208
#define OPT_NO_SYSLOG (OPT_SYSLOG | OPT_NO)
125

126
127
128
129
130
131
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
132
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
133
#define OPT_PASSWORD 0x221
134
135
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

136
#define OPT_ROOT_LOGIN 0x222
137
138
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

139
140
141
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

142
143
#define OPT_PASSWORD_HELPER 0x224

144
145
#define OPT_LOGIN_SHELL 0x225

146
147
148
149
150
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
151
152
       (e object exception_handler)
       
153
       (reaper object reap)
154
       (random object randomness_with_poll)
155
       
156
       (signature_algorithms object alist)
157
158
159
160
161
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
162

163
164
165
166
167
168
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
169
170
       (with_publickey . int)
       (with_password . int)
171
       (allow_root . int)
172
       (pw_helper . "const char *")
173
       (login_shell . "const char *")
174
       
175
       (with_tcpip_forward . int)
176
       (with_pty . int)
177
       (subsystems . "const char **")
178
       
179
180
181
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
182
183
       (sshd1 object ssh1_fallback)
       (daemonic . int)
184
       (no_syslog . int)
185
186
187
188
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
189
190
*/

191
192
193
194
195
196
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
197
    case EXC_RESOLVE:
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
215
static struct lshd_options *
216
make_lshd_options(void)
217
{
Niels Möller's avatar
Niels Möller committed
218
  NEW(lshd_options, self);
219

220
  init_algorithms_options(&self->super, all_symmetric_algorithms());
221

222
223
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
224
  self->reaper = make_reaper();
225
  self->random = make_default_random(self->reaper, self->e);
226

227
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
228
229
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
230
231
232
233
234

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
235
236
237
238
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

239
240
241
242
243
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
244
245
  self->with_publickey = 1;
  self->with_password = 1;
246
  self->with_tcpip_forward = 1;
247
  self->with_pty = 1;
248
249
  self->subsystems = NULL;
  
250
  self->allow_root = 0;
251
  self->pw_helper = NULL;
252
  self->login_shell = NULL;
253
  
254
255
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
256
257
  
  self->sshd1 = NULL;
258
  self->daemonic = 0;
259
260
  self->no_syslog = 0;
  
261
262
263
264
  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
265
266
267
268
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
269
/* Port to listen on */
270
271
272
273
274
DEFINE_COMMAND(options2local)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
275
276
{
  CAST(lshd_options, options, a);
277
  COMMAND_RETURN(c, options->local);
Niels Möller's avatar
Niels Möller committed
278
279
280
}

/* alist of signature algorithms */
281
282
283
284
285
DEFINE_COMMAND(options2signature_algorithms)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
286
287
{
  CAST(lshd_options, options, a);
288
  COMMAND_RETURN(c, options->signature_algorithms);
Niels Möller's avatar
Niels Möller committed
289
290
}

291

292
293
/* FIXME: Call read_host_key directly from main instead. */
DEFINE_COMMAND(options2keys)
294
295
296
     (struct command *ignored UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
297
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
298
299
300
{
  CAST(lshd_options, options, a);

301
302
  struct alist *keys = make_alist(0, -1);
  read_host_key(options->hostkey, options->signature_algorithms, keys);
Niels Möller's avatar
Niels Möller committed
303

304
  COMMAND_RETURN(c, keys);
Niels Möller's avatar
Niels Möller committed
305
306
307
}


308
309
310
311
312
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
313
    "Listen on this network interface.", 0 }, 
314
315
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
316
317
318
319
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
320

321
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
322
323
324
325
326
327
328
329
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
330
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
331

332
333
334
335
336
337
338
339
340
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
341
342
343
344
345

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
346

347
348
349
350
  { "login-shell", OPT_LOGIN_SHELL, "Program", 0,
    "Use this program as the login shell for all users. "
    "(Experimental)", 0 },
  
351
352
353
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
354
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
Niels Möller's avatar
Niels Möller committed
355
    "Don't recognize kerberos passwords (default behaviour).", 0 },
356

357
358
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
359
    "(Experimental).", 0 },
360

361
  { NULL, 0, NULL, 0, "Offered services:", 0 },
362

363
364
365
366
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
367
368
369
370

  { "subsystems", OPT_SUBSYSTEMS, "List of subsystem names and programs", 0,
    "For example `sftp=/usr/sbin/sftp-server,foosystem=/usr/bin/foo' "
    "(experimental).", 0},
371
  
372
373
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
374
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
375
376
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
377
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
378
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
379
380
  { "no-syslog", OPT_NO_SYSLOG, NULL, 0, "Don't use syslog (by default, syslog is used "
    "when running in daemonic mode).", 0 },
381
382
383
384
385
386
387
388
389
390
391
392
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
/* NOTE: Modifies the argument string. */
static const char **
parse_subsystem_list(char *arg)
{
  const char **subsystems;
  char *separator;
  unsigned length;
  unsigned i;
  
  /* First count the number of elements. */
  for (length = 1, i = 0; arg[i]; i++)
    if (arg[i] == ',')
      length++;

  subsystems = lsh_space_alloc((length * 2 + 1) * sizeof(*subsystems));

  for (i = 0; ; i++)
    {
      subsystems[2*i] = arg;

      separator = strchr(arg, '=');

      if (!separator)
	goto fail;

      *separator = '\0';

      subsystems[2*i+1] = arg = separator + 1;
      
      separator = strchr(arg, ',');

      if (i == (length - 1))
	break;
      
      if (!separator)
	goto fail;

      *separator = '\0';
      arg = separator + 1;
    }
  if (separator)
    {
    fail:
      lsh_space_free(subsystems);
      return NULL;
    }
  return subsystems;
}

442
443
444
445
446
447
448
449
450
451
452
453
static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
454
      state->child_inputs[2] = NULL;
455
456
      break;
    case ARGP_KEY_END:
457
      {
458
	struct user_db *user_db = NULL;
459
460
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
461
	  user_db = make_unix_user_db(self->reaper,
462
463
				      self->pw_helper, self->login_shell,
				      self->allow_root);
464
	  
465
466
467
468
469
470
471
472
473
474
475
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
476
477
			  &make_dh_server(make_dh1(&self->random->super))
			  ->super);
478
479
480
481
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
482
		assert(user_db);
483
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
484
		ALIST_SET(self->super.algorithms,
485
			  ATOM_SRP_RING1_SHA1_LOCAL,
486
487
			  &make_srp_server(make_srp1(&self->random->super),
					   user_db)
488
			  ->super);
489
490
491
492
493
494
495
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
496
	  self->local = make_address_info_c(self->interface, self->port, 0);
497
	else
498
	  self->local = make_address_info_c(self->interface, "ssh", 22);
499
      
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
520
			  ATOM_PASSWORD,
521
			  &make_userauth_password(user_db)->super);
522
523
524
	      }
	    if (self->with_publickey)
	      {
525
526
527
528
529
		/* FIXME: Doesn't use spki */
		struct lookup_verifier *key_db
		  = make_authorization_db(ssh_format("authorized_keys_sha1"),
					  &sha1_algorithm);
		
530
531
532
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
533
			  &make_userauth_publickey
534
535
536
537
			  (user_db,
			   make_alist(2,
				      ATOM_SSH_DSS, key_db,
				      ATOM_SSH_RSA, key_db,
538
539
				      -1))
			  ->super);
540
541
	      }
	  }
542
543
544
545
546
547
        if (self->with_srp_keyexchange)
          ALIST_SET(self->userauth_algorithms,
                    ATOM_NONE,
                    &server_userauth_none.super);

        if (!self->userauth_algorithms->size)
548
	  argp_error(state, "All user authentication methods disabled.");
549

550
551
	break;
      }
552
553
554
555
556
557
558
559
560
561
562
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
563

564
565
566
567
568
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
569

570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
601
602
603
604

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
605
606

    case OPT_KERBEROS_PASSWD:
607
      self->pw_helper = KERBEROS_HELPER;
608
609
610
611
612
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
613
614
615
616

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
617
618
619
620

    case OPT_LOGIN_SHELL:
      self->login_shell = arg;
      break;
621
      
622
#if WITH_TCP_FORWARD
623
624
625
626
627
628
629
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
630
631
632
633
634
635
636
637
638
639
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
640
641
642
643
644
645
646
647
648
649
650

    case OPT_SUBSYSTEMS:
      self->subsystems = parse_subsystem_list(arg);
      if (!self->subsystems)
	argp_error(state, "Invalid subsystem list.");
      break;

    case OPT_NO_SUBSYSTEMS:
      self->subsystems = NULL;
      break;
      
651
652
653
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;
654
      
655
656
657
658
    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

659
660
661
662
    case OPT_NO_SYSLOG:
      self->no_syslog = 1;
      break;
      
663
664
665
666
667
668
669
670
671
672
673
674
    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
675
676
677
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
678

Niels Möller's avatar
Niels Möller committed
679
680
681
682
683
684
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
685
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
686
687
};

688

689
690
/* GABA:
   (expr
691
     (name make_lshd_listen)
692
     (params
693
       (handshake object handshake_info)
694
       (init object make_kexinit)
695
       (services object command) )
696
     (expr (lambda (options)
697
             (let ((keys (options2keys options)))
698
699
700
701
702
703
704
705
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 (options2local options))))))
706
707
*/

708

709
/* Invoked when starting the ssh-connection service */
710
711
/* GABA:
   (expr
712
     (name make_lshd_connection_service)
713
     (params
714
715
       (hooks object object_list))
     (expr
716
717
718
719
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
720
721
722
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
723
724
*/

725
#if WITH_GCOV
726
727
728
729
730
731
/* Catch SIGTERM and call exit(). That way, profiling info is written
 * properly when the process is terminated. */

static void
do_terminate_callback(struct lsh_callback *s UNUSED)
{
732
  io_final();
733
734
735
  exit(0);
}

736
static struct lsh_callback
737
738
739
740
terminate_callback =
{ STATIC_HEADER, do_terminate_callback };

static void
741
install_terminate_handler(void)
742
{
743
  io_signal_handler(SIGTERM, &terminate_callback);
744
}
745

746
#endif /* WITH_GCOV */
747

Niels Möller's avatar
Niels Möller committed
748
749
int main(int argc, char **argv)
{
750
  struct lshd_options *options;
751

752
  io_init();
753

754
#if WITH_GCOV
755
  install_terminate_handler();
756
#endif
757
  
Niels Möller's avatar
Niels Möller committed
758
759
760
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
761

762
763
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
764

765
  options = make_lshd_options();
766
  
Niels Möller's avatar
Niels Möller committed
767
  trace("Parsing options...\n");
Niels Möller's avatar
Niels Möller committed
768
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
Niels Möller's avatar
Niels Möller committed
769
  trace("Parsing options... done\n");  
770

771
772
773
774
775
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
776

777
  if (options->daemonic)
778
    {
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
      if (options->no_syslog)
        {
          /* Just put process into the background. --no-syslog is an
           * inappropriate name */
          switch (fork())
            {
            case 0:
              /* Child */
              /* FIXME: Should we create a new process group, close our tty
               * and stdio, etc? */
              trace("forked into background. New pid: %i.\n", getpid());
              break;
              
            case -1:
              /* Error */
              werror("background_process: fork failed (errno = %i): %z\n",
                     errno, STRERROR(errno));
              break;
              
            default:
              /* Parent */
              _exit(EXIT_SUCCESS);
            }
        }
      else
        {
805
#if HAVE_SYSLOG
806
          set_error_syslog("lshd");
807
#else /* !HAVE_SYSLOG */
808
          werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
809
810
#endif /* !HAVE_SYSLOG */

811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
          switch (daemon_init())
            {
            case 0:
              werror("lshd: Spawning into background failed.\n");
              return EXIT_FAILURE;
            case DAEMON_INETD:
              werror("lshd: spawning from inetd not yet supported.\n");
              return EXIT_FAILURE;
            case DAEMON_INIT:
            case DAEMON_NORMAL:
              break;
            default:
              fatal("Internal error\n");
            }
        }
    }
827
828
829
830
831
832
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
833

834
835
836
837
838
839
840
  /* NOTE: We have to do this *after* forking into the background,
   * because otherwise we won't be able to waitpid() on the background
   * process. */

  /* Start background poll */
  RANDOM_POLL_BACKGROUND(options->random->poller);
	
841
  {
842
843
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
844
845
    struct command *session_setup;
    
846
847
    /* Supported channel requests */
    struct alist *supported_channel_requests
848
      = make_alist(2,
Niels Möller's avatar
Niels Möller committed
849
850
		   ATOM_SHELL, &shell_request_handler,
		   ATOM_EXEC, &exec_request_handler,
851
852
		   -1);
    
853
854
#if WITH_PTY_SUPPORT
    if (options->with_pty)
855
856
857
858
      {
        ALIST_SET(supported_channel_requests,
                  ATOM_PTY_REQ, &pty_request_handler.super);
        ALIST_SET(supported_channel_requests,
Niels Möller's avatar
Niels Möller committed
859
                  ATOM_WINDOW_CHANGE, &window_change_request_handler.super);
860
      }
861
862
#endif /* WITH_PTY_SUPPORT */

863
864
865
    if (options->subsystems)
      ALIST_SET(supported_channel_requests,
		ATOM_SUBSYSTEM,
866
		&make_subsystem_handler(options->subsystems)->super);
867
		
868
869
    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
870
    
871
#if WITH_TCP_FORWARD
872
    if (options->with_tcpip_forward)
873
      connection_hooks = make_object_list
874
875
	(4,
	 session_setup,
876
	 make_tcpip_forward_hook(),
877
878
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
879
	 make_direct_tcpip_hook(),
880
	 -1);
881
882
    else
#endif
883
884
      connection_hooks
	= make_object_list (1, session_setup, -1);
885
    {
886
887
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
888
      CAST_SUBTYPE(command, server_listen, 		   
889
		   make_lshd_listen
890
		   (make_handshake_info(CONNECTION_SERVER,
891
892
893
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
894
					&options->random->super,
895
896
					options->super.algorithms,
					options->sshd1),
897
		    make_simple_kexinit
898
		    (&options->random->super,
899
900
901
902
903
904
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
905
906
		    make_offer_service
		    (make_alist
907
		     (1,
908
909
910
911
912
913
914
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
915
      COMMAND_CALL(server_listen, options,
916
		   &discard_continuation,
917
918
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
919
		    options->e,
920
		    HANDLER_CONTEXT));
921
    }
922
  }
Niels Möller's avatar
Niels Möller committed
923
  
924
  io_run();
Niels Möller's avatar
Niels Möller committed
925

926
  io_final();
927
  
Niels Möller's avatar
Niels Möller committed
928
929
  return 0;
}