lshd.c 23.7 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Niels Möller's avatar
Niels Möller committed
50
#include "spki.h"
51
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
52
#include "ssh.h"
53
54
#include "tcpforward.h"
#include "tcpforward_commands.h"
55
#include "tcpforward_commands.h"
56
#include "server_userauth.h"
57
#include "version.h"
58
59
60
#include "werror.h"
#include "xalloc.h"

61
#include "lsh_argp.h"
62

63
/* Forward declarations */
64
65
struct command options2local;
#define OPTIONS2LOCAL (&options2local.super)
66

67
68
struct command options2keys;
#define OPTIONS2KEYS (&options2keys.super)
69

70
#if 0
71
struct command options2signature_algorithms;
72
#define OPTIONS2SIGNATURE_ALGORITHMS \
73
  (&options2signature_algorithms.super)
74
#endif
75

76
77
78
79
80
81
82
83
84
85
86
87
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
88
#if HAVE_UNISTD_H
89
#include <unistd.h>
90
#endif
91

92
93
/* Option parsing */

94
95
96
97
98
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

Niels Möller's avatar
Niels Möller committed
99
100
101
102
103
104
/* The definition of SBINDIR is currently broken */
#if 0
# define KERBEROS_HELPER SBINDIR "/lsh-krb-checkpw"
#else
# define KERBEROS_HELPER PREFIX "/sbin/lsh-krb-checkpw"
#endif
105

106
#define OPT_NO 0x400
107
108
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
109

110
#define OPT_TCPIP_FORWARD 0x202
111
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
112
113
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
114
115
#define OPT_SUBSYSTEMS 0x204
#define OPT_NO_SUBSYSTEMS (OPT_SUBSYSTEMS | OPT_NO)
116

117
#define OPT_DAEMONIC 0x205
118
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
119
#define OPT_PIDFILE 0x206
120
121
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
122
123
#define OPT_SYSLOG 0x208
#define OPT_NO_SYSLOG (OPT_SYSLOG | OPT_NO)
124

125
126
127
128
129
130
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
131
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
132
#define OPT_PASSWORD 0x221
133
134
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

135
#define OPT_ROOT_LOGIN 0x222
136
137
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

138
139
140
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

141
142
#define OPT_PASSWORD_HELPER 0x224

143
144
#define OPT_LOGIN_SHELL 0x225

145
146
147
148
149
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
150
151
       (e object exception_handler)
       
152
       (reaper object reap)
153
       (random object randomness_with_poll)
154
       
155
       (signature_algorithms object alist)
156
157
158
159
160
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
161

162
163
164
165
166
167
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
168
169
       (with_publickey . int)
       (with_password . int)
170
       (allow_root . int)
171
       (pw_helper . "const char *")
172
       (login_shell . "const char *")
173
       
174
       (with_tcpip_forward . int)
175
       (with_pty . int)
176
       (subsystems . "const char **")
177
       
178
179
180
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
181
182
       (sshd1 object ssh1_fallback)
       (daemonic . int)
183
       (no_syslog . int)
184
185
186
187
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
188
189
*/

190
191
192
193
194
195
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
196
    case EXC_RESOLVE:
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
214
static struct lshd_options *
215
make_lshd_options(void)
216
{
Niels Möller's avatar
Niels Möller committed
217
  NEW(lshd_options, self);
218

219
  init_algorithms_options(&self->super, all_symmetric_algorithms());
220

221
222
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
223
  self->reaper = make_reaper();
224
  self->random = make_default_random(self->reaper, self->e);
225

226
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
227
228
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
229
230
231
232
233

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
234
235
236
237
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

238
239
240
241
242
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
243
244
  self->with_publickey = 1;
  self->with_password = 1;
245
  self->with_tcpip_forward = 1;
246
  self->with_pty = 1;
247
248
  self->subsystems = NULL;
  
249
  self->allow_root = 0;
250
  self->pw_helper = NULL;
251
  self->login_shell = NULL;
252
  
253
254
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
255
256
  
  self->sshd1 = NULL;
257
  self->daemonic = 0;
258
259
  self->no_syslog = 0;
  
260
261
262
263
  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
264
265
266
267
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
268
/* Port to listen on */
269
270
271
272
273
DEFINE_COMMAND(options2local)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
274
275
{
  CAST(lshd_options, options, a);
276
  COMMAND_RETURN(c, options->local);
Niels Möller's avatar
Niels Möller committed
277
278
279
}

/* alist of signature algorithms */
280
281
282
283
284
DEFINE_COMMAND(options2signature_algorithms)
     (struct command *s UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
285
286
{
  CAST(lshd_options, options, a);
287
  COMMAND_RETURN(c, options->signature_algorithms);
Niels Möller's avatar
Niels Möller committed
288
289
}

290

291
292
/* FIXME: Call read_host_key directly from main instead. */
DEFINE_COMMAND(options2keys)
293
294
295
     (struct command *ignored UNUSED,
      struct lsh_object *a,
      struct command_continuation *c,
296
      struct exception_handler *e UNUSED)
Niels Möller's avatar
Niels Möller committed
297
298
299
{
  CAST(lshd_options, options, a);

300
301
  struct alist *keys = make_alist(0, -1);
  read_host_key(options->hostkey, options->signature_algorithms, keys);
Niels Möller's avatar
Niels Möller committed
302

303
  COMMAND_RETURN(c, keys);
Niels Möller's avatar
Niels Möller committed
304
305
306
}


307
308
309
310
311
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
312
    "Listen on this network interface.", 0 }, 
313
314
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
315
316
317
318
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
319

320
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
321
322
323
324
325
326
327
328
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
329
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
330

331
332
333
334
335
336
337
338
339
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
340
341
342
343
344

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
345

346
347
348
349
  { "login-shell", OPT_LOGIN_SHELL, "Program", 0,
    "Use this program as the login shell for all users. "
    "(Experimental)", 0 },
  
350
351
352
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
353
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
Niels Möller's avatar
Niels Möller committed
354
    "Don't recognize kerberos passwords (default behaviour).", 0 },
355

356
357
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
358
    "(Experimental).", 0 },
359

360
  { NULL, 0, NULL, 0, "Offered services:", 0 },
361

362
363
364
365
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
366
367
368
369

  { "subsystems", OPT_SUBSYSTEMS, "List of subsystem names and programs", 0,
    "For example `sftp=/usr/sbin/sftp-server,foosystem=/usr/bin/foo' "
    "(experimental).", 0},
370
  
371
372
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
373
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
374
375
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
376
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
377
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
378
379
  { "no-syslog", OPT_NO_SYSLOG, NULL, 0, "Don't use syslog (by default, syslog is used "
    "when running in daemonic mode).", 0 },
380
381
382
383
384
385
386
387
388
389
390
391
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
/* NOTE: Modifies the argument string. */
static const char **
parse_subsystem_list(char *arg)
{
  const char **subsystems;
  char *separator;
  unsigned length;
  unsigned i;
  
  /* First count the number of elements. */
  for (length = 1, i = 0; arg[i]; i++)
    if (arg[i] == ',')
      length++;

  subsystems = lsh_space_alloc((length * 2 + 1) * sizeof(*subsystems));

  for (i = 0; ; i++)
    {
      subsystems[2*i] = arg;

      separator = strchr(arg, '=');

      if (!separator)
	goto fail;

      *separator = '\0';

      subsystems[2*i+1] = arg = separator + 1;
      
      separator = strchr(arg, ',');

      if (i == (length - 1))
	break;
      
      if (!separator)
	goto fail;

      *separator = '\0';
      arg = separator + 1;
    }
  if (separator)
    {
    fail:
      lsh_space_free(subsystems);
      return NULL;
    }
  return subsystems;
}

441
442
443
444
445
446
447
448
449
450
451
452
static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
453
      state->child_inputs[2] = NULL;
454
455
      break;
    case ARGP_KEY_END:
456
      {
457
	struct user_db *user_db = NULL;
458
459
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
460
	  user_db = make_unix_user_db(self->reaper,
461
462
				      self->pw_helper, self->login_shell,
				      self->allow_root);
463
	  
464
465
466
467
468
469
470
471
472
473
474
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
475
476
			  &make_dh_server(make_dh1(&self->random->super))
			  ->super);
477
478
479
480
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
481
		assert(user_db);
482
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
483
		ALIST_SET(self->super.algorithms,
484
			  ATOM_SRP_RING1_SHA1_LOCAL,
485
486
			  &make_srp_server(make_srp1(&self->random->super),
					   user_db)
487
			  ->super);
488
489
490
491
492
493
494
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
495
	  self->local = make_address_info_c(self->interface, self->port, 0);
496
	else
497
	  self->local = make_address_info_c(self->interface, "ssh", 22);
498
      
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
519
			  ATOM_PASSWORD,
520
			  &make_userauth_password(user_db)->super);
521
522
523
	      }
	    if (self->with_publickey)
	      {
524
525
526
527
528
		/* FIXME: Doesn't use spki */
		struct lookup_verifier *key_db
		  = make_authorization_db(ssh_format("authorized_keys_sha1"),
					  &sha1_algorithm);
		
529
530
531
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
532
			  &make_userauth_publickey
533
534
535
536
			  (user_db,
			   make_alist(2,
				      ATOM_SSH_DSS, key_db,
				      ATOM_SSH_RSA, key_db,
537
538
				      -1))
			  ->super);
539
540
	      }
	  }
541
542
543
544
545
546
        if (self->with_srp_keyexchange)
          ALIST_SET(self->userauth_algorithms,
                    ATOM_NONE,
                    &server_userauth_none.super);

        if (!self->userauth_algorithms->size)
547
	  argp_error(state, "All user authentication methods disabled.");
548

549
550
	break;
      }
551
552
553
554
555
556
557
558
559
560
561
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
562

563
564
565
566
567
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
568

569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
600
601
602
603

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
604
605

    case OPT_KERBEROS_PASSWD:
606
      self->pw_helper = KERBEROS_HELPER;
607
608
609
610
611
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
612
613
614
615

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
616
617
618
619

    case OPT_LOGIN_SHELL:
      self->login_shell = arg;
      break;
620
      
621
#if WITH_TCP_FORWARD
622
623
624
625
626
627
628
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
629
630
631
632
633
634
635
636
637
638
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
639
640
641
642
643
644
645
646
647
648
649

    case OPT_SUBSYSTEMS:
      self->subsystems = parse_subsystem_list(arg);
      if (!self->subsystems)
	argp_error(state, "Invalid subsystem list.");
      break;

    case OPT_NO_SUBSYSTEMS:
      self->subsystems = NULL;
      break;
      
650
651
652
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;
653
      
654
655
656
657
    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

658
659
660
661
    case OPT_NO_SYSLOG:
      self->no_syslog = 1;
      break;
      
662
663
664
665
666
667
668
669
670
671
672
673
    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
674
675
676
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
677

Niels Möller's avatar
Niels Möller committed
678
679
680
681
682
683
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
684
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
685
686
};

687

688
689
/* GABA:
   (expr
690
     (name make_lshd_listen)
691
     (params
692
       (handshake object handshake_info)
693
       (init object make_kexinit)
694
       (services object command) )
695
     (expr (lambda (options)
696
             (let ((keys (options2keys options)))
697
698
699
700
701
702
703
704
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 (options2local options))))))
705
706
*/

707

708
/* Invoked when starting the ssh-connection service */
709
710
/* GABA:
   (expr
711
     (name make_lshd_connection_service)
712
     (params
713
714
       (hooks object object_list))
     (expr
715
716
717
718
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
719
720
721
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
722
723
*/

724
#if WITH_GCOV
725
726
727
728
729
730
/* Catch SIGTERM and call exit(). That way, profiling info is written
 * properly when the process is terminated. */

static void
do_terminate_callback(struct lsh_callback *s UNUSED)
{
731
  io_final();
732
733
734
  exit(0);
}

735
static struct lsh_callback
736
737
738
739
terminate_callback =
{ STATIC_HEADER, do_terminate_callback };

static void
740
install_terminate_handler(void)
741
{
742
  io_signal_handler(SIGTERM, &terminate_callback);
743
}
744

745
#endif /* WITH_GCOV */
746

Niels Möller's avatar
Niels Möller committed
747
748
int main(int argc, char **argv)
{
749
  struct lshd_options *options;
750

751
  io_init();
752

753
#if WITH_GCOV
754
  install_terminate_handler();
755
#endif
756
  
Niels Möller's avatar
Niels Möller committed
757
758
759
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
760

761
762
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
763

764
  options = make_lshd_options();
765
  
Niels Möller's avatar
Niels Möller committed
766
  trace("Parsing options...\n");
Niels Möller's avatar
Niels Möller committed
767
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
Niels Möller's avatar
Niels Möller committed
768
  trace("Parsing options... done\n");  
769

770
771
772
773
774
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
775

776
  if (options->daemonic)
777
    {
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
      if (options->no_syslog)
        {
          /* Just put process into the background. --no-syslog is an
           * inappropriate name */
          switch (fork())
            {
            case 0:
              /* Child */
              /* FIXME: Should we create a new process group, close our tty
               * and stdio, etc? */
              trace("forked into background. New pid: %i.\n", getpid());
              break;
              
            case -1:
              /* Error */
              werror("background_process: fork failed (errno = %i): %z\n",
                     errno, STRERROR(errno));
              break;
              
            default:
              /* Parent */
              _exit(EXIT_SUCCESS);
            }
        }
      else
        {
804
#if HAVE_SYSLOG
805
          set_error_syslog("lshd");
806
#else /* !HAVE_SYSLOG */
807
          werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
808
809
#endif /* !HAVE_SYSLOG */

810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
          switch (daemon_init())
            {
            case 0:
              werror("lshd: Spawning into background failed.\n");
              return EXIT_FAILURE;
            case DAEMON_INETD:
              werror("lshd: spawning from inetd not yet supported.\n");
              return EXIT_FAILURE;
            case DAEMON_INIT:
            case DAEMON_NORMAL:
              break;
            default:
              fatal("Internal error\n");
            }
        }
    }
826
827
828
829
830
831
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
832

833
834
835
836
837
838
839
  /* NOTE: We have to do this *after* forking into the background,
   * because otherwise we won't be able to waitpid() on the background
   * process. */

  /* Start background poll */
  RANDOM_POLL_BACKGROUND(options->random->poller);
	
840
  {
841
842
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
843
844
    struct command *session_setup;
    
845
846
    /* Supported channel requests */
    struct alist *supported_channel_requests
847
      = make_alist(2,
Niels Möller's avatar
Niels Möller committed
848
849
		   ATOM_SHELL, &shell_request_handler,
		   ATOM_EXEC, &exec_request_handler,
850
851
		   -1);
    
852
853
#if WITH_PTY_SUPPORT
    if (options->with_pty)
854
855
856
857
      {
        ALIST_SET(supported_channel_requests,
                  ATOM_PTY_REQ, &pty_request_handler.super);
        ALIST_SET(supported_channel_requests,
Niels Möller's avatar
Niels Möller committed
858
                  ATOM_WINDOW_CHANGE, &window_change_request_handler.super);
859
      }
860
861
#endif /* WITH_PTY_SUPPORT */

862
863
864
    if (options->subsystems)
      ALIST_SET(supported_channel_requests,
		ATOM_SUBSYSTEM,
865
		&make_subsystem_handler(options->subsystems)->super);
866
		
867
868
    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
869
    
870
#if WITH_TCP_FORWARD
871
    if (options->with_tcpip_forward)
872
      connection_hooks = make_object_list
873
874
	(4,
	 session_setup,
875
	 make_tcpip_forward_hook(),
876
877
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
878
	 make_direct_tcpip_hook(),
879
	 -1);
880
881
    else
#endif
882
883
      connection_hooks
	= make_object_list (1, session_setup, -1);
884
    {
885
886
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
887
      CAST_SUBTYPE(command, server_listen, 		   
888
		   make_lshd_listen
889
		   (make_handshake_info(CONNECTION_SERVER,
890
891
892
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
893
					&options->random->super,
894
895
					options->super.algorithms,
					options->sshd1),
896
		    make_simple_kexinit
897
		    (&options->random->super,
898
899
900
901
902
903
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
904
905
		    make_offer_service
		    (make_alist
906
		     (1,
907
908
909
910
911
912
913
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
914
      COMMAND_CALL(server_listen, options,
915
		   &discard_continuation,
916
917
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
918
		    options->e,
919
		    HANDLER_CONTEXT));
920
    }
921
  }
Niels Möller's avatar
Niels Möller committed
922
  
923
  io_run();
Niels Möller's avatar
Niels Möller committed
924

925
  io_final();
926
  
Niels Möller's avatar
Niels Möller committed
927
928
  return 0;
}