lshd.c 19.8 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
Niels Möller's avatar
Niels Möller committed
38
#include "io.h"
39
#include "io_commands.h"
40
#include "lookup_verifier.h"
41
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
42
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
43
#include "server.h"
44
#include "server_authorization.h"
45
#include "server_keyexchange.h"
46
47
#include "server_pty.h"
#include "server_session.h"
48
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
49
#include "sexp_commands.h"
50
#include "spki_commands.h"
51
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
52
#include "ssh.h"
53
54
#include "tcpforward.h"
#include "tcpforward_commands.h"
55
#include "tcpforward_commands.h"
56
#include "server_userauth.h"
57
#include "version.h"
58
59
60
#include "werror.h"
#include "xalloc.h"

61
#include "lsh_argp.h"
62

63
64
65
66
67
68
69
70
71
72
73
/* Forward declarations */
struct command_simple options2local;
#define OPTIONS2LOCAL (&options2local.super.super)

static struct command options2keyfile;
#define OPTIONS2KEYFILE (&options2keyfile.super)

struct command_simple options2signature_algorithms;
#define OPTIONS2SIGNATURE_ALGORITHMS \
  (&options2signature_algorithms.super.super)

74
75
76
77
78
79
80
81
82
83
84
85
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
86
#if HAVE_UNISTD_H
87
#include <unistd.h>
88
#endif
89

90
#if 0
91
/* Block size for stdout and stderr buffers */
Niels Möller's avatar
Niels Möller committed
92
#define BLOCK_SIZE 32768
93
#endif
94
95
96

/* Option parsing */

97
98
99
100
101
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

102
103
#define KERBEROS_HELPER PREFIX "lsh-krb-checkpw"

104
#define OPT_NO 0x400
105
106
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
107

108
#define OPT_TCPIP_FORWARD 0x202
109
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
110
111
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
112

113
#define OPT_DAEMONIC 0x204
114
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
115
#define OPT_PIDFILE 0x205
116
117
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
118

119
120
121
122
123
124
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
125
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
126
#define OPT_PASSWORD 0x221
127
128
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

129
#define OPT_ROOT_LOGIN 0x222
130
131
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

132
133
134
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

135
136
#define OPT_PASSWORD_HELPER 0x224

137
138
139
140
141
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
142
       (backend object io_backend)
143
144
       (e object exception_handler)
       
145
       (reaper object reap)
146
       (random object randomness_with_poll)
147
       
148
       (signature_algorithms object alist)
149
150
151
152
153
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
154

155
156
157
158
159
160
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
161
162
       (with_publickey . int)
       (with_password . int)
163
       (allow_root . int)
164
165
       (pw_helper . "const char *")
       
166
       (with_tcpip_forward . int)
167
       (with_pty . int)
168
       
169
170
171
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
172
173
174
175
176
177
       (sshd1 object ssh1_fallback)
       (daemonic . int)
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
178
179
*/

180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
203
static struct lshd_options *
204
make_lshd_options(struct io_backend *backend)
205
{
Niels Möller's avatar
Niels Möller committed
206
  NEW(lshd_options, self);
207

208
  init_algorithms_options(&self->super, all_symmetric_algorithms());
209
210

  self->backend = backend;
211
212
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
213
  self->reaper = make_reaper();
214
  self->random = make_default_random(self->reaper, self->e);
215

216
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
217
218
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
219
220
221
222
223

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
224
225
226
227
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

228
229
230
231
232
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
233
234
  self->with_publickey = 1;
  self->with_password = 1;
235
  self->with_tcpip_forward = 1;
236
  self->with_pty = 1;
237
  self->allow_root = 0;
238
  self->pw_helper = NULL;
239
  
240
241
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
242
243
  
  self->sshd1 = NULL;
244
245
246
247
248
249
  self->daemonic = 0;

  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
250
251
252
253
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
254
/* Port to listen on */
255
DEFINE_COMMAND_SIMPLE(options2local, a)
Niels Möller's avatar
Niels Möller committed
256
257
258
259
260
261
{
  CAST(lshd_options, options, a);
  return &options->local->super;
}

/* alist of signature algorithms */
262
DEFINE_COMMAND_SIMPLE(options2signature_algorithms, a)
Niels Möller's avatar
Niels Möller committed
263
264
265
266
267
268
269
270
271
272
273
274
275
276
{
  CAST(lshd_options, options, a);
  return &options->signature_algorithms->super;
}

/* Read server's private key */
static void
do_options2keyfile(struct command *ignored UNUSED,
		   struct lsh_object *a,
		   struct command_continuation *c,
		   struct exception_handler *e)
{
  CAST(lshd_options, options, a);
  
277
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}

static struct command options2keyfile =
STATIC_COMMAND(do_options2keyfile);


295
296
297
298
299
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
300
    "Listen on this network interface.", 0 }, 
301
302
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
303
304
305
306
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
307

308
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
309
310
311
312
313
314
315
316
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
317
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
318

319
320
321
322
323
324
325
326
327
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
328
329
330
331
332

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
333

334
335
336
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
337
338
339
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
    "Don't recognize kerberos passwords (default behaviour)." },

340
341
342
343
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
    "(experimental).", 0 },
  
344
  { NULL, 0, NULL, 0, "Offered services:", 0 },
345

346
347
348
349
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
350
  
351
352
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
353
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
354
355
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
356
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
357
358
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
    
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
383
      state->child_inputs[2] = NULL;
384
385
      break;
    case ARGP_KEY_END:
386
387
388
389
      {
	struct user_db *db = NULL;
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
390
391
	  db = make_unix_user_db(self->backend, self->reaper,
				 self->pw_helper, self->allow_root);
392
	  
393
394
395
396
397
398
399
400
401
402
403
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
404
			  make_dh_server(make_dh1(&self->random->super)));
405
406
407
408
409
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
		assert(db);
410
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
411
		ALIST_SET(self->super.algorithms,
412
			  ATOM_SRP_RING1_SHA1_LOCAL,
413
			  make_srp_server(make_srp1(&self->random->super), db));
414
415
416
417
418
419
420
421
422
423
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
	  self->local = make_address_info_c(arg, self->port, 0);
	else
	  self->local = make_address_info_c(arg, "ssh", 22);
424
      
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PASSWORD, make_userauth_password(db));
	      }
	    if (self->with_publickey)
	      {
		/* Doesn't use spki */
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
			  make_userauth_publickey
			  (db,
			   make_alist(1,
				      ATOM_SSH_DSS,
				      make_authorization_db(ssh_format("authorized_keys_sha1"),
							    &sha1_algorithm),
				      
				      -1)));
	      }
	  }
	else
	  argp_error(state, "All user authentication methods disabled.");
465
466
467

	/* Start background poll */
	RANDOM_POLL_BACKGROUND(self->random->poller);
468
469
470
	
	break;
      }
471
472
473
474
475
476
477
478
479
480
481
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
482

483
484
485
486
487
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
488

489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
520
521
522
523

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
524
525

    case OPT_KERBEROS_PASSWD:
526
      self->pw_helper = KERBEROS_HELPER;
527
528
529
530
531
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
532
533
534
535

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
536
      
537
#if WITH_TCP_FORWARD
538
539
540
541
542
543
544
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
545
546
547
548
549
550
551
552
553
554
555
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
	  
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;

    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
576
577
578
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
579

Niels Möller's avatar
Niels Möller committed
580
581
582
583
584
585
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
586
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
587
588
};

589

590
591
/* GABA:
   (expr
592
     (name make_lshd_listen)
593
     (params
594
       (backend object io_backend)
595
       (handshake object handshake_info)
596
       (init object make_kexinit)
597
       (services object command) )
598
     (expr (lambda (options)
599
600
601
602
603
604
605
606
607
608
609
610
             (let ((keys 
		    (spki_read_hostkeys (options2signature_algorithms options)
			                (options2keyfile options))))
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 backend
		 (options2local options))))))
611
612
*/

613

614
/* Invoked when starting the ssh-connection service */
615
616
/* GABA:
   (expr
617
     (name make_lshd_connection_service)
618
     (params
619
620
       (hooks object object_list))
     (expr
621
622
623
624
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
625
626
627
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
628
629
*/

630

Niels Möller's avatar
Niels Möller committed
631
632
int main(int argc, char **argv)
{
633
  struct lshd_options *options;
634
    
635
  NEW(io_backend, backend);
636
  init_backend(backend);
637

Niels Möller's avatar
Niels Möller committed
638
639
640
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
641

642
643
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
644

645
  options = make_lshd_options(backend);
646
  
Niels Möller's avatar
Niels Möller committed
647
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
648

649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
  
  if (options->daemonic)
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
679
680
681
682
683
684
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
685

686
  {
687
688
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
689
690
    struct command *session_setup;
    
691
692
    /* Supported channel requests */
    struct alist *supported_channel_requests
693
      = make_alist(2,
694
695
		   ATOM_SHELL, make_shell_handler(backend),
		   ATOM_EXEC, make_exec_handler(backend),
696
697
		   -1);
    
698
699
700
701
702
703
704
705
#if WITH_PTY_SUPPORT
    if (options->with_pty)
      ALIST_SET(supported_channel_requests,
		ATOM_PTY_REQ, &pty_request_handler);
#endif /* WITH_PTY_SUPPORT */

    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
706
    
707
#if WITH_TCP_FORWARD
708
    if (options->with_tcpip_forward)
709
      connection_hooks = make_object_list
710
711
	(4,
	 session_setup,
Niels Möller's avatar
Niels Möller committed
712
	 make_tcpip_forward_hook(backend),
713
714
715
716
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
717
718
    else
#endif
719
720
      connection_hooks
	= make_object_list (1, session_setup, -1);
721
    {
722
723
724
      /* FIXME: We should check that we have at least one host key. We
       * should also extract the host-key algorithms for which we have
       * keys, instead of hardcoding ssh-dss below. */
725

726
727
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
728
      CAST_SUBTYPE(command, server_listen, 		   
729
730
		   make_lshd_listen
		   (backend,
731
732
733
734
		    make_handshake_info(CONNECTION_SERVER,
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
735
					&options->random->super,
736
737
					options->super.algorithms,
					options->sshd1),
738
		    make_simple_kexinit
739
		    (&options->random->super,
740
741
742
743
744
745
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
746
747
748
749
750
751
752
753
754
755
		    make_offer_service
		    (make_alist
		     (2, ATOM_SSH_CONNECTION, connection_service,
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
756
      COMMAND_CALL(server_listen, options,
757
		   &discard_continuation,
758
759
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
760
		    options->e,
761
		    HANDLER_CONTEXT));
762
    }
763
  }
Niels Möller's avatar
Niels Möller committed
764
  
765
  reaper_run(options->reaper, backend);
Niels Möller's avatar
Niels Möller committed
766
767
768

  return 0;
}