lshd.c 19.8 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
50
#include "sexp_commands.h"
51
#include "spki_commands.h"
52
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
53
#include "ssh.h"
54
55
#include "tcpforward.h"
#include "tcpforward_commands.h"
56
#include "tcpforward_commands.h"
57
#include "server_userauth.h"
58
#include "version.h"
59
60
61
#include "werror.h"
#include "xalloc.h"

62
#include "lsh_argp.h"
63

64
65
66
67
68
69
70
71
72
73
74
/* Forward declarations */
struct command_simple options2local;
#define OPTIONS2LOCAL (&options2local.super.super)

static struct command options2keyfile;
#define OPTIONS2KEYFILE (&options2keyfile.super)

struct command_simple options2signature_algorithms;
#define OPTIONS2SIGNATURE_ALGORITHMS \
  (&options2signature_algorithms.super.super)

75
76
77
78
79
80
81
82
83
84
85
86
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
87
#if HAVE_UNISTD_H
88
#include <unistd.h>
89
#endif
90

91
92
/* Option parsing */

93
94
95
96
97
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

98
99
#define KERBEROS_HELPER PREFIX "lsh-krb-checkpw"

100
#define OPT_NO 0x400
101
102
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
103

104
#define OPT_TCPIP_FORWARD 0x202
105
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
106
107
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
108

109
#define OPT_DAEMONIC 0x204
110
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
111
#define OPT_PIDFILE 0x205
112
113
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
114

115
116
117
118
119
120
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
121
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
122
#define OPT_PASSWORD 0x221
123
124
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

125
#define OPT_ROOT_LOGIN 0x222
126
127
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

128
129
130
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

131
132
#define OPT_PASSWORD_HELPER 0x224

133
134
135
136
137
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
138
       (backend object io_backend)
139
140
       (e object exception_handler)
       
141
       (reaper object reap)
142
       (random object randomness_with_poll)
143
       
144
       (signature_algorithms object alist)
145
146
147
148
149
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
150

151
152
153
154
155
156
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
157
158
       (with_publickey . int)
       (with_password . int)
159
       (allow_root . int)
160
161
       (pw_helper . "const char *")
       
162
       (with_tcpip_forward . int)
163
       (with_pty . int)
164
       
165
166
167
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
168
169
170
171
172
173
       (sshd1 object ssh1_fallback)
       (daemonic . int)
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
174
175
*/

176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
199
static struct lshd_options *
200
make_lshd_options(struct io_backend *backend)
201
{
Niels Möller's avatar
Niels Möller committed
202
  NEW(lshd_options, self);
203

204
  init_algorithms_options(&self->super, all_symmetric_algorithms());
205
206

  self->backend = backend;
207
208
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
209
  self->reaper = make_reaper(backend);
210
  self->random = make_default_random(self->reaper, self->e);
211

212
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
213
214
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
215
216
217
218
219

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
220
221
222
223
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

224
225
226
227
228
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
229
230
  self->with_publickey = 1;
  self->with_password = 1;
231
  self->with_tcpip_forward = 1;
232
  self->with_pty = 1;
233
  self->allow_root = 0;
234
  self->pw_helper = NULL;
235
  
236
237
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
238
239
  
  self->sshd1 = NULL;
240
241
242
243
244
245
  self->daemonic = 0;

  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
246
247
248
249
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
250
/* Port to listen on */
251
DEFINE_COMMAND_SIMPLE(options2local, a)
Niels Möller's avatar
Niels Möller committed
252
253
254
255
256
257
{
  CAST(lshd_options, options, a);
  return &options->local->super;
}

/* alist of signature algorithms */
258
DEFINE_COMMAND_SIMPLE(options2signature_algorithms, a)
Niels Möller's avatar
Niels Möller committed
259
260
261
262
263
264
265
266
267
268
269
270
271
272
{
  CAST(lshd_options, options, a);
  return &options->signature_algorithms->super;
}

/* Read server's private key */
static void
do_options2keyfile(struct command *ignored UNUSED,
		   struct lsh_object *a,
		   struct command_continuation *c,
		   struct exception_handler *e)
{
  CAST(lshd_options, options, a);
  
273
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}

static struct command options2keyfile =
STATIC_COMMAND(do_options2keyfile);


291
292
293
294
295
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
296
    "Listen on this network interface.", 0 }, 
297
298
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
299
300
301
302
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
303

304
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
305
306
307
308
309
310
311
312
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
313
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
314

315
316
317
318
319
320
321
322
323
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
324
325
326
327
328

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
329

330
331
332
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
333
334
335
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
    "Don't recognize kerberos passwords (default behaviour)." },

336
337
338
339
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
    "(experimental).", 0 },
  
340
  { NULL, 0, NULL, 0, "Offered services:", 0 },
341

342
343
344
345
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
346
  
347
348
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
349
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
350
351
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
352
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
353
354
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
    
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
379
      state->child_inputs[2] = NULL;
380
381
      break;
    case ARGP_KEY_END:
382
383
384
385
      {
	struct user_db *db = NULL;
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
386
387
	  db = make_unix_user_db(self->backend, self->reaper,
				 self->pw_helper, self->allow_root);
388
	  
389
390
391
392
393
394
395
396
397
398
399
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
400
401
			  &make_dh_server(make_dh1(&self->random->super))
			  ->super);
402
403
404
405
406
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
		assert(db);
407
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
408
		ALIST_SET(self->super.algorithms,
409
			  ATOM_SRP_RING1_SHA1_LOCAL,
410
411
			  &make_srp_server(make_srp1(&self->random->super), db)
			  ->super);
412
413
414
415
416
417
418
419
420
421
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
	  self->local = make_address_info_c(arg, self->port, 0);
	else
	  self->local = make_address_info_c(arg, "ssh", 22);
422
      
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
443
444
			  ATOM_PASSWORD,
			  &make_userauth_password(db)->super);
445
446
447
448
449
450
451
	      }
	    if (self->with_publickey)
	      {
		/* Doesn't use spki */
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
452
			  &make_userauth_publickey
453
454
455
456
457
			  (db,
			   make_alist(1,
				      ATOM_SSH_DSS,
				      make_authorization_db(ssh_format("authorized_keys_sha1"),
							    &sha1_algorithm),
458
459
				      -1))
			  ->super);
460
461
462
463
	      }
	  }
	else
	  argp_error(state, "All user authentication methods disabled.");
464
465
466

	/* Start background poll */
	RANDOM_POLL_BACKGROUND(self->random->poller);
467
468
469
	
	break;
      }
470
471
472
473
474
475
476
477
478
479
480
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
481

482
483
484
485
486
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
487

488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
519
520
521
522

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
523
524

    case OPT_KERBEROS_PASSWD:
525
      self->pw_helper = KERBEROS_HELPER;
526
527
528
529
530
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
531
532
533
534

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
535
      
536
#if WITH_TCP_FORWARD
537
538
539
540
541
542
543
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
544
545
546
547
548
549
550
551
552
553
554
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
	  
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;

    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
575
576
577
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
578

Niels Möller's avatar
Niels Möller committed
579
580
581
582
583
584
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
585
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
586
587
};

588

589
590
/* GABA:
   (expr
591
     (name make_lshd_listen)
592
     (params
593
       (backend object io_backend)
594
       (handshake object handshake_info)
595
       (init object make_kexinit)
596
       (services object command) )
597
     (expr (lambda (options)
598
599
600
601
602
603
604
605
606
607
608
609
             (let ((keys 
		    (spki_read_hostkeys (options2signature_algorithms options)
			                (options2keyfile options))))
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 backend
		 (options2local options))))))
610
611
*/

612

613
/* Invoked when starting the ssh-connection service */
614
615
/* GABA:
   (expr
616
     (name make_lshd_connection_service)
617
     (params
618
619
       (hooks object object_list))
     (expr
620
621
622
623
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
624
625
626
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
627
628
*/

629

Niels Möller's avatar
Niels Möller committed
630
631
int main(int argc, char **argv)
{
632
  struct lshd_options *options;
633
634

  struct io_backend *backend = make_io_backend();
635

Niels Möller's avatar
Niels Möller committed
636
637
638
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
639

640
641
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
642

643
  options = make_lshd_options(backend);
644
  
Niels Möller's avatar
Niels Möller committed
645
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
646

647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
  
  if (options->daemonic)
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
677
678
679
680
681
682
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
683

684
  {
685
686
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
687
688
    struct command *session_setup;
    
689
690
    /* Supported channel requests */
    struct alist *supported_channel_requests
691
      = make_alist(2,
692
693
		   ATOM_SHELL, make_shell_handler(backend),
		   ATOM_EXEC, make_exec_handler(backend),
694
695
		   -1);
    
696
697
698
#if WITH_PTY_SUPPORT
    if (options->with_pty)
      ALIST_SET(supported_channel_requests,
699
		ATOM_PTY_REQ, &pty_request_handler.super);
700
701
702
703
#endif /* WITH_PTY_SUPPORT */

    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
704
    
705
#if WITH_TCP_FORWARD
706
    if (options->with_tcpip_forward)
707
      connection_hooks = make_object_list
708
709
	(4,
	 session_setup,
Niels Möller's avatar
Niels Möller committed
710
	 make_tcpip_forward_hook(backend),
711
712
713
714
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
715
716
    else
#endif
717
718
      connection_hooks
	= make_object_list (1, session_setup, -1);
719
    {
720
721
722
      /* FIXME: We should check that we have at least one host key. We
       * should also extract the host-key algorithms for which we have
       * keys, instead of hardcoding ssh-dss below. */
723

724
725
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
726
      CAST_SUBTYPE(command, server_listen, 		   
727
728
		   make_lshd_listen
		   (backend,
729
730
731
732
		    make_handshake_info(CONNECTION_SERVER,
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
733
					&options->random->super,
734
735
					options->super.algorithms,
					options->sshd1),
736
		    make_simple_kexinit
737
		    (&options->random->super,
738
739
740
741
742
743
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
744
745
746
747
748
749
750
751
752
753
		    make_offer_service
		    (make_alist
		     (2, ATOM_SSH_CONNECTION, connection_service,
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
754
      COMMAND_CALL(server_listen, options,
755
		   &discard_continuation,
756
757
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
758
		    options->e,
759
		    HANDLER_CONTEXT));
760
    }
761
  }
Niels Möller's avatar
Niels Möller committed
762
  
763
  io_run(backend);
Niels Möller's avatar
Niels Möller committed
764
765
766

  return 0;
}