lshd.c 19.6 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
Niels Möller's avatar
Niels Möller committed
38
#include "io.h"
39
#include "io_commands.h"
40
#include "lookup_verifier.h"
41
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
42
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
43
#include "server.h"
44
#include "server_authorization.h"
45
#include "server_keyexchange.h"
46
47
#include "server_pty.h"
#include "server_session.h"
48
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
49
#include "sexp_commands.h"
50
#include "spki_commands.h"
51
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
52
#include "ssh.h"
53
54
#include "tcpforward.h"
#include "tcpforward_commands.h"
55
#include "tcpforward_commands.h"
56
#include "server_userauth.h"
57
#include "version.h"
58
59
60
#include "werror.h"
#include "xalloc.h"

61
#include "lsh_argp.h"
62

63
64
65
66
67
68
69
70
71
72
73
/* Forward declarations */
struct command_simple options2local;
#define OPTIONS2LOCAL (&options2local.super.super)

static struct command options2keyfile;
#define OPTIONS2KEYFILE (&options2keyfile.super)

struct command_simple options2signature_algorithms;
#define OPTIONS2SIGNATURE_ALGORITHMS \
  (&options2signature_algorithms.super.super)

74
75
76
77
78
79
80
81
82
83
84
85
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
86
#if HAVE_UNISTD_H
87
#include <unistd.h>
88
#endif
89

90
/* Block size for stdout and stderr buffers */
Niels Möller's avatar
Niels Möller committed
91
92
#define BLOCK_SIZE 32768

93
94
95

/* Option parsing */

96
97
98
99
100
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

101
102
#define KERBEROS_HELPER PREFIX "lsh-krb-checkpw"

103
#define OPT_NO 0x400
104
105
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
106

107
#define OPT_TCPIP_FORWARD 0x202
108
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
109
110
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
111

112
#define OPT_DAEMONIC 0x204
113
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
114
#define OPT_PIDFILE 0x205
115
116
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
117

118
119
120
121
122
123
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
124
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
125
#define OPT_PASSWORD 0x221
126
127
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

128
#define OPT_ROOT_LOGIN 0x222
129
130
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

131
132
133
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

134
135
#define OPT_PASSWORD_HELPER 0x224

136
137
138
139
140
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
141
       (backend object io_backend)
142
       (reaper object reap)
143
       (random object randomness)
144
       (signature_algorithms object alist)
145
146
147
148
149
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
150

151
152
153
154
155
156
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
157
158
       (with_publickey . int)
       (with_password . int)
159
       (allow_root . int)
160
161
       (pw_helper . "const char *")
       
162
       (with_tcpip_forward . int)
163
       (with_pty . int)
164
       
165
166
167
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
168
169
170
171
172
173
       (sshd1 object ssh1_fallback)
       (daemonic . int)
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
174
175
*/

Niels Möller's avatar
Niels Möller committed
176
static struct lshd_options *
177
make_lshd_options(struct io_backend *backend)
178
{
Niels Möller's avatar
Niels Möller committed
179
  NEW(lshd_options, self);
180

181
  init_algorithms_options(&self->super, all_symmetric_algorithms());
182
183

  self->backend = backend;
184
  self->reaper = make_reaper();
185
  self->random = make_reasonably_random();
186
187
188

  /* FIXME: We don't support rsa yet in the rest of the code! */
  self->signature_algorithms = all_signature_algorithms(self->random);
189
190
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
191
192
193
194
195

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
196
197
198
199
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

200
201
202
203
204
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
205
206
  self->with_publickey = 1;
  self->with_password = 1;
207
  self->with_tcpip_forward = 1;
208
  self->with_pty = 1;
209
  self->allow_root = 0;
210
  self->pw_helper = NULL;
211
  
212
213
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
214
215
  
  self->sshd1 = NULL;
216
217
218
219
220
221
  self->daemonic = 0;

  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
222
223
224
225
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
/* Port to listen on */
COMMAND_SIMPLE(options2local)
{
  CAST(lshd_options, options, a);
  return &options->local->super;
}

/* alist of signature algorithms */
COMMAND_SIMPLE(options2signature_algorithms)
{
  CAST(lshd_options, options, a);
  return &options->signature_algorithms->super;
}

/* Read server's private key */
static void
do_options2keyfile(struct command *ignored UNUSED,
		   struct lsh_object *a,
		   struct command_continuation *c,
		   struct exception_handler *e)
{
  CAST(lshd_options, options, a);
  
249
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}

static struct command options2keyfile =
STATIC_COMMAND(do_options2keyfile);


267
268
269
270
271
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
272
    "Listen on this network interface.", 0 }, 
273
274
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
275
276
277
278
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
279

280
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
281
282
283
284
285
286
287
288
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
289
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
290

291
292
293
294
295
296
297
298
299
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
300
301
302
303
304

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
305

306
307
308
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
309
310
311
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
    "Don't recognize kerberos passwords (default behaviour)." },

312
313
314
315
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
    "(experimental).", 0 },
  
316
  { NULL, 0, NULL, 0, "Offered services:", 0 },
317

318
319
320
321
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
322
  
323
324
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
325
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
326
327
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
328
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
329
330
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
    
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
355
      state->child_inputs[2] = NULL;
356
357
      break;
    case ARGP_KEY_END:
358
359
360
361
      {
	struct user_db *db = NULL;
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
362
363
	  db = make_unix_user_db(self->backend, self->reaper,
				 self->pw_helper, self->allow_root);
364
	  
365
366
367
368
369
370
371
372
373
374
375
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
376
			  make_dh_server(make_dh1(self->random)));
377
378
379
380
381
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
		assert(db);
382
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
383
		ALIST_SET(self->super.algorithms,
384
			  ATOM_SRP_RING1_SHA1_LOCAL,
385
			  make_srp_server(make_srp1(self->random), db));
386
387
388
389
390
391
392
393
394
395
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
	  self->local = make_address_info_c(arg, self->port, 0);
	else
	  self->local = make_address_info_c(arg, "ssh", 22);
396
      
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PASSWORD, make_userauth_password(db));
	      }
	    if (self->with_publickey)
	      {
		/* Doesn't use spki */
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
			  make_userauth_publickey
			  (db,
			   make_alist(1,
				      ATOM_SSH_DSS,
				      make_authorization_db(ssh_format("authorized_keys_sha1"),
							    &sha1_algorithm),
				      
				      -1)));
	      }
	  }
	else
	  argp_error(state, "All user authentication methods disabled.");
	
	break;
      }
440
441
442
443
444
445
446
447
448
449
450
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
451

452
453
454
455
456
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
457

458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
489
490
491
492

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
493
494

    case OPT_KERBEROS_PASSWD:
495
      self->pw_helper = KERBEROS_HELPER;
496
497
498
499
500
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
501
502
503
504

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
505
      
506
#if WITH_TCP_FORWARD
507
508
509
510
511
512
513
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
514
515
516
517
518
519
520
521
522
523
524
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
	  
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;

    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
545
546
547
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
548

Niels Möller's avatar
Niels Möller committed
549
550
551
552
553
554
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
555
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
556
557
};

558

559
560
/* GABA:
   (expr
561
     (name make_lshd_listen)
562
     (params
563
       (backend object io_backend)
564
       (handshake object handshake_info)
565
       (init object make_kexinit)
566
       (services object command) )
567
     (expr (lambda (options)
568
569
570
571
572
573
574
575
576
577
578
579
             (let ((keys 
		    (spki_read_hostkeys (options2signature_algorithms options)
			                (options2keyfile options))))
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 backend
		 (options2local options))))))
580
581
*/

582

583
/* Invoked when starting the ssh-connection service */
584
585
/* GABA:
   (expr
586
     (name make_lshd_connection_service)
587
     (params
588
589
       (hooks object object_list))
     (expr
590
591
592
593
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
594
595
596
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
597
598
*/

599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
static void
do_lshd_default_handler(struct exception_handler *s,
			const struct exception *e)
{
  switch(e->type)
    {
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

Niels Möller's avatar
Niels Möller committed
614
static struct exception_handler *
615
616
617
618
619
620
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_lshd_default_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
621
622
int main(int argc, char **argv)
{
623
  struct lshd_options *options;
624
    
625
  NEW(io_backend, backend);
626
  init_backend(backend);
627

Niels Möller's avatar
Niels Möller committed
628
629
630
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
631

632
633
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
634

635
  options = make_lshd_options(backend);
636
  
Niels Möller's avatar
Niels Möller committed
637
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
638

639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
  
  if (options->daemonic)
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
669
670
671
672
673
674
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
675
    
676
  {
677
678
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
679
680
    struct command *session_setup;
    
681
682
    /* Supported channel requests */
    struct alist *supported_channel_requests
683
      = make_alist(2,
684
685
		   ATOM_SHELL, make_shell_handler(backend),
		   ATOM_EXEC, make_exec_handler(backend),
686
687
		   -1);
    
688
689
690
691
692
693
694
695
#if WITH_PTY_SUPPORT
    if (options->with_pty)
      ALIST_SET(supported_channel_requests,
		ATOM_PTY_REQ, &pty_request_handler);
#endif /* WITH_PTY_SUPPORT */

    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
696
    
697
#if WITH_TCP_FORWARD
698
    if (options->with_tcpip_forward)
699
      connection_hooks = make_object_list
700
701
	(4,
	 session_setup,
Niels Möller's avatar
Niels Möller committed
702
	 make_tcpip_forward_hook(backend),
703
704
705
706
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
707
708
    else
#endif
709
710
      connection_hooks
	= make_object_list (1, session_setup, -1);
711
    {
712
713
714
      /* FIXME: We should check that we have at least one host key. We
       * should also extract the host-key algorithms for which we have
       * keys, instead of hardcoding ssh-dss below. */
715

716
717
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
718
      CAST_SUBTYPE(command, server_listen, 		   
719
720
		   make_lshd_listen
		   (backend,
721
722
723
724
725
726
727
		    make_handshake_info(CONNECTION_SERVER,
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
					options->random,
					options->super.algorithms,
					options->sshd1),
728
729
730
731
732
733
734
735
		    make_simple_kexinit
		    (options->random,
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
736
737
738
739
740
741
742
743
744
745
		    make_offer_service
		    (make_alist
		     (2, ATOM_SSH_CONNECTION, connection_service,
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
746
      COMMAND_CALL(server_listen, options,
747
		   &discard_continuation,
748
749
750
751
752
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
		    make_lshd_exception_handler(&default_exception_handler,
						HANDLER_CONTEXT),
		    HANDLER_CONTEXT));
753
    }
754
  }
Niels Möller's avatar
Niels Möller committed
755
  
756
  reaper_run(options->reaper, backend);
Niels Möller's avatar
Niels Möller committed
757
758
759

  return 0;
}