lshd.c 20 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
/* lshd.c
 *
 * main server program.
4
5
 *
 * $Id$ */
Niels Möller's avatar
Niels Möller committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
Niels Möller's avatar
Niels Möller committed
23
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24
 */
Niels Möller's avatar
Niels Möller committed
25

26
#include "algorithms.h"
27
28
#include "alist.h"
#include "atoms.h"
29
#include "channel.h"
30
#include "channel_commands.h"
31
#include "charset.h"
32
#include "compress.h"
33
#include "connection_commands.h"
34
#include "crypto.h"
35
#include "daemon.h"
36
#include "dsa.h"
37
#include "format.h"
38
#include "handshake.h"
Niels Möller's avatar
Niels Möller committed
39
#include "io.h"
40
#include "io_commands.h"
41
#include "lookup_verifier.h"
42
#include "randomness.h"
Niels Möller's avatar
Niels Möller committed
43
#include "reaper.h"
Niels Möller's avatar
Niels Möller committed
44
#include "server.h"
45
#include "server_authorization.h"
46
#include "server_keyexchange.h"
47
48
#include "server_pty.h"
#include "server_session.h"
49
#include "sexp.h"
Balázs Scheidler's avatar
Balázs Scheidler committed
50
#include "sexp_commands.h"
51
#include "spki_commands.h"
52
#include "srp.h"
Niels Möller's avatar
Niels Möller committed
53
#include "ssh.h"
54
55
#include "tcpforward.h"
#include "tcpforward_commands.h"
56
#include "tcpforward_commands.h"
57
#include "server_userauth.h"
58
#include "version.h"
59
60
61
#include "werror.h"
#include "xalloc.h"

62
#include "lsh_argp.h"
63

64
65
66
67
68
69
70
71
72
73
74
/* Forward declarations */
struct command_simple options2local;
#define OPTIONS2LOCAL (&options2local.super.super)

static struct command options2keyfile;
#define OPTIONS2KEYFILE (&options2keyfile.super)

struct command_simple options2signature_algorithms;
#define OPTIONS2SIGNATURE_ALGORITHMS \
  (&options2signature_algorithms.super.super)

75
76
77
78
79
80
81
82
83
84
85
86
#include "lshd.c.x"

#include <assert.h>

#include <errno.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
87
#if HAVE_UNISTD_H
88
#include <unistd.h>
89
#endif
90

91
92
/* Option parsing */

93
94
95
96
97
const char *argp_program_version
= "lshd-" VERSION ", secsh protocol version " SERVER_PROTOCOL_VERSION;

const char *argp_program_bug_address = BUG_ADDRESS;

Niels Möller's avatar
Niels Möller committed
98
99
100
101
102
103
/* The definition of SBINDIR is currently broken */
#if 0
# define KERBEROS_HELPER SBINDIR "/lsh-krb-checkpw"
#else
# define KERBEROS_HELPER PREFIX "/sbin/lsh-krb-checkpw"
#endif
104

105
#define OPT_NO 0x400
106
107
#define OPT_SSH1_FALLBACK 0x200
#define OPT_INTERFACE 0x201
108

109
#define OPT_TCPIP_FORWARD 0x202
110
#define OPT_NO_TCPIP_FORWARD (OPT_TCPIP_FORWARD | OPT_NO)
111
112
#define OPT_PTY 0x203
#define OPT_NO_PTY (OPT_PTY | OPT_NO)
113

114
#define OPT_DAEMONIC 0x204
115
#define OPT_NO_DAEMONIC (OPT_DAEMONIC | OPT_NO)
116
#define OPT_PIDFILE 0x205
117
118
#define OPT_NO_PIDFILE (OPT_PIDFILE | OPT_NO)
#define OPT_CORE 0x207
119

120
121
122
123
124
125
#define OPT_SRP 0x210
#define OPT_NO_SRP (OPT_SRP | OPT_NO)
#define OPT_DH 0x211
#define OPT_NO_DH (OPT_DH | OPT_NO)

#define OPT_PUBLICKEY 0x220
126
#define OPT_NO_PUBLICKEY (OPT_PUBLICKEY | OPT_NO)
127
#define OPT_PASSWORD 0x221
128
129
#define OPT_NO_PASSWORD (OPT_PASSWORD | OPT_NO)

130
#define OPT_ROOT_LOGIN 0x222
131
132
#define OPT_NO_ROOT_LOGIN (OPT_ROOT_LOGIN | OPT_NO)

133
134
135
#define OPT_KERBEROS_PASSWD 0x223
#define OPT_NO_KERBEROS_PASSWD (OPT_KERBEROS_PASSWD | OPT_NO)

136
137
#define OPT_PASSWORD_HELPER 0x224

138
139
140
141
142
/* GABA:
   (class
     (name lshd_options)
     (super algorithms_options)
     (vars
143
       (backend object io_backend)
144
145
       (e object exception_handler)
       
146
       (reaper object reap)
147
       (random object randomness_with_poll)
148
       
149
       (signature_algorithms object alist)
150
151
152
153
154
       (style . sexp_argp_state)
       (interface . "char *")
       (port . "char *")
       (hostkey . "char *")
       (local object address_info)
155

156
157
158
159
160
161
       (with_srp_keyexchange . int)
       (with_dh_keyexchange . int)

       ;; (kexinit object make_kexinit)
       (kex_algorithms object int_list)
       
162
163
       (with_publickey . int)
       (with_password . int)
164
       (allow_root . int)
165
166
       (pw_helper . "const char *")
       
167
       (with_tcpip_forward . int)
168
       (with_pty . int)
169
       
170
171
172
       (userauth_methods object int_list)
       (userauth_algorithms object alist)
       
173
174
175
176
177
178
       (sshd1 object ssh1_fallback)
       (daemonic . int)
       (corefile . int)
       (pid_file . "const char *")
       ; -1 means use pid file iff we're in daemonic mode
       (use_pid_file . int)))
179
180
*/

181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
static void
do_exc_lshd_handler(struct exception_handler *s,
		    const struct exception *e)
{
  switch(e->type)
    {
    case EXC_SEXP_SYNTAX:
    case EXC_SPKI_TYPE:
    case EXC_RANDOMNESS_LOW_ENTROPY:
      werror("lshd: %z\n", e->msg);
      exit(EXIT_FAILURE);
    default:
      EXCEPTION_RAISE(s->parent, e);
    }
}

static struct exception_handler *
make_lshd_exception_handler(struct exception_handler *parent,
			    const char *context)
{
  return make_exception_handler(do_exc_lshd_handler, parent, context);
}

Niels Möller's avatar
Niels Möller committed
204
static struct lshd_options *
205
make_lshd_options(struct io_backend *backend)
206
{
Niels Möller's avatar
Niels Möller committed
207
  NEW(lshd_options, self);
208

209
  init_algorithms_options(&self->super, all_symmetric_algorithms());
210
211

  self->backend = backend;
212
213
  self->e = make_lshd_exception_handler(&default_exception_handler,
					HANDLER_CONTEXT);
214
  self->reaper = make_reaper(backend);
215
  self->random = make_default_random(self->reaper, self->e);
216

217
  self->signature_algorithms = all_signature_algorithms(&self->random->super);
218
219
  self->style = SEXP_TRANSPORT;
  self->interface = NULL;
220
221
222
223
224

  /* Default behaviour is to lookup the "ssh" service, and fall back
   * to port 22 if that fails. */
  self->port = NULL;
  
225
226
227
228
  /* FIXME: this should perhaps use sysconfdir */  
  self->hostkey = "/etc/lsh_host_key";
  self->local = NULL;

229
230
231
232
233
  self->with_dh_keyexchange = 1;
  self->with_srp_keyexchange = 0;

  self->kex_algorithms = NULL;
  
234
235
  self->with_publickey = 1;
  self->with_password = 1;
236
  self->with_tcpip_forward = 1;
237
  self->with_pty = 1;
238
  self->allow_root = 0;
239
  self->pw_helper = NULL;
240
  
241
242
  self->userauth_methods = NULL;
  self->userauth_algorithms = NULL;
243
244
  
  self->sshd1 = NULL;
245
246
247
248
249
250
  self->daemonic = 0;

  /* FIXME: Make the default a configure time option? */
  self->pid_file = "/var/run/lshd.pid";
  self->use_pid_file = -1;
  self->corefile = 0;
251
252
253
254
  
  return self;
}

Niels Möller's avatar
Niels Möller committed
255
/* Port to listen on */
256
DEFINE_COMMAND_SIMPLE(options2local, a)
Niels Möller's avatar
Niels Möller committed
257
258
259
260
261
262
{
  CAST(lshd_options, options, a);
  return &options->local->super;
}

/* alist of signature algorithms */
263
DEFINE_COMMAND_SIMPLE(options2signature_algorithms, a)
Niels Möller's avatar
Niels Möller committed
264
265
266
267
268
269
270
271
272
273
274
275
276
277
{
  CAST(lshd_options, options, a);
  return &options->signature_algorithms->super;
}

/* Read server's private key */
static void
do_options2keyfile(struct command *ignored UNUSED,
		   struct lsh_object *a,
		   struct command_continuation *c,
		   struct exception_handler *e)
{
  CAST(lshd_options, options, a);
  
278
  struct lsh_fd *f;
Niels Möller's avatar
Niels Möller committed
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295

  f = io_read_file(options->backend, options->hostkey, e);

  if (f)
    COMMAND_RETURN(c, f);
  else
    {
      werror("Failed to open '%z' (errno = %i): %z.\n",
	     options->hostkey, errno, STRERROR(errno));
      EXCEPTION_RAISE(e, make_io_exception(EXC_IO_OPEN_READ, NULL, errno, NULL));
    }
}

static struct command options2keyfile =
STATIC_COMMAND(do_options2keyfile);


296
297
298
299
300
static const struct argp_option
main_options[] =
{
  /* Name, key, arg-name, flags, doc, group */
  { "interface", OPT_INTERFACE, "interface", 0,
301
    "Listen on this network interface.", 0 }, 
302
303
  { "port", 'p', "Port", 0, "Listen on this port.", 0 },
  { "host-key", 'h', "Key file", 0, "Location of the server's private key.", 0},
304
305
306
307
#if WITH_SSH1_FALLBACK
  { "ssh1-fallback", OPT_SSH1_FALLBACK, "File name", OPTION_ARG_OPTIONAL,
    "Location of the sshd1 program, for falling back to version 1 of the Secure Shell protocol.", 0 },
#endif /* WITH_SSH1_FALLBACK */
308

309
  { NULL, 0, NULL, 0, "Keyexchange options:", 0 },
310
311
312
313
314
315
316
317
#if WITH_SRP
  { "srp-keyexchange", OPT_SRP, NULL, 0, "Enable experimental SRP support.", 0 },
  { "no-srp-keyexchange", OPT_NO_SRP, NULL, 0, "Disable experimental SRP support (default).", 0 },
#endif /* WITH_SRP */

  { "dh-keyexchange", OPT_DH, NULL, 0, "Enable DH support (default).", 0 },
  { "no-dh-keyexchange", OPT_NO_DH, NULL, 0, "Disable DH support.", 0 },
  
318
  { NULL, 0, NULL, 0, "User authentication options:", 0 },
319

320
321
322
323
324
325
326
327
328
  { "password", OPT_PASSWORD, NULL, 0,
    "Enable password user authentication (default).", 0},
  { "no-password", OPT_NO_PASSWORD, NULL, 0,
    "Disable password user authentication.", 0},

  { "publickey", OPT_PUBLICKEY, NULL, 0,
    "Enable publickey user authentication (default).", 0},
  { "no-publickey", OPT_NO_PUBLICKEY, NULL, 0,
    "Disable publickey user authentication.", 0},
329
330
331
332
333

  { "root-login", OPT_ROOT_LOGIN, NULL, 0,
    "Allow root to login.", 0 },
  { "no-root-login", OPT_NO_ROOT_LOGIN, NULL, 0,
    "Don't allow root to login (default).", 0 },
334

335
336
337
  { "kerberos-passwords", OPT_KERBEROS_PASSWD, NULL, 0,
    "Recognize kerberos passwords, using the helper program "
    "\"" KERBEROS_HELPER "\". This option is experimental.", 0 },
338
  { "no-kerberos-passwords", OPT_NO_KERBEROS_PASSWD, NULL, 0,
Niels Möller's avatar
Niels Möller committed
339
    "Don't recognize kerberos passwords (default behaviour).", 0 },
340

341
342
343
344
  { "password-helper", OPT_PASSWORD_HELPER, "Program", 0,
    "Use the named helper program for password verification. "
    "(experimental).", 0 },
  
345
  { NULL, 0, NULL, 0, "Offered services:", 0 },
346

347
348
349
350
#if WITH_PTY_SUPPORT
  { "pty-support", OPT_PTY, NULL, 0, "Enable pty allocation (default).", 0 },
  { "no-pty-support", OPT_NO_PTY, NULL, 0, "Disable pty allocation.", 0 },
#endif /* WITH_PTY_SUPPORT */
351
  
352
353
  { NULL, 0, NULL, 0, "Daemonic behaviour", 0 },
  { "daemonic", OPT_DAEMONIC, NULL, 0, "Run in the background, redirect stdio to /dev/null, and chdir to /.", 0 },
354
  { "no-daemonic", OPT_NO_DAEMONIC, NULL, 0, "Run in the foreground, with messages to stderr (default).", 0 },
355
356
  { "pid-file", OPT_PIDFILE, "file name", 0, "Create a pid file. When running in daemonic mode, "
    "the default is /var/run/lshd.pid.", 0 },
357
  { "no-pid-file", OPT_NO_PIDFILE, NULL, 0, "Don't use any pid file. Default in non-daemonic mode.", 0 },
358
359
  { "enable-core", OPT_CORE, NULL, 0, "Dump core on fatal errors (disabled by default).", 0 },
    
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
  { NULL, 0, NULL, 0, NULL, 0 }
};

static const struct argp_child
main_argp_children[] =
{
  { &sexp_input_argp, 0, "", 0 },
  { &algorithms_argp, 0, "", 0 },
  { &werror_argp, 0, "", 0 },
  { NULL, 0, NULL, 0}
};

static error_t
main_argp_parser(int key, char *arg, struct argp_state *state)
{
  CAST(lshd_options, self, state->input);
  
  switch(key)
    {
    default:
      return ARGP_ERR_UNKNOWN;
    case ARGP_KEY_INIT:
      state->child_inputs[0] = &self->style;
      state->child_inputs[1] = &self->super;
384
      state->child_inputs[2] = NULL;
385
386
      break;
    case ARGP_KEY_END:
387
      {
388
	struct user_db *user_db = NULL;
389
390
	
	if (self->with_password || self->with_publickey || self->with_srp_keyexchange)
391
392
	  user_db = make_unix_user_db(self->backend, self->reaper,
				      self->pw_helper, self->allow_root);
393
	  
394
395
396
397
398
399
400
401
402
403
404
	if (self->with_dh_keyexchange || self->with_srp_keyexchange)
	  {
	    int i = 0;
	    self->kex_algorithms 
	      = alloc_int_list(self->with_dh_keyexchange + self->with_srp_keyexchange);
	    
	    if (self->with_dh_keyexchange)
	      {
		LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
		ALIST_SET(self->super.algorithms,
			  ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
405
406
			  &make_dh_server(make_dh1(&self->random->super))
			  ->super);
407
408
409
410
	      }
#if WITH_SRP	    
	    if (self->with_srp_keyexchange)
	      {
411
		assert(user_db);
412
		LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
413
		ALIST_SET(self->super.algorithms,
414
			  ATOM_SRP_RING1_SHA1_LOCAL,
415
416
			  &make_srp_server(make_srp1(&self->random->super),
					   user_db)
417
			  ->super);
418
419
420
421
422
423
424
425
426
427
	      }
#endif /* WITH_SRP */
	  }
	else
	  argp_error(state, "All keyexchange algorithms disabled.");

	if (self->port)
	  self->local = make_address_info_c(arg, self->port, 0);
	else
	  self->local = make_address_info_c(arg, "ssh", 22);
428
      
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
	if (!self->local)
	  argp_error(state, "Invalid interface, port or service, %s:%s'.",
		     self->interface ? self->interface : "ANY",
		     self->port);

	if (self->use_pid_file < 0)
	  self->use_pid_file = self->daemonic;

	if (self->with_password || self->with_publickey)
	  {
	    int i = 0;
	    
	    self->userauth_methods
	      = alloc_int_list(self->with_password + self->with_publickey);
	    self->userauth_algorithms = make_alist(0, -1);
	    
	    if (self->with_password)
	      {
		LIST(self->userauth_methods)[i++] = ATOM_PASSWORD;
		ALIST_SET(self->userauth_algorithms,
449
			  ATOM_PASSWORD,
450
			  &make_userauth_password(user_db)->super);
451
452
453
	      }
	    if (self->with_publickey)
	      {
454
455
456
457
458
		/* FIXME: Doesn't use spki */
		struct lookup_verifier *key_db
		  = make_authorization_db(ssh_format("authorized_keys_sha1"),
					  &sha1_algorithm);
		
459
460
461
		LIST(self->userauth_methods)[i++] = ATOM_PUBLICKEY;
		ALIST_SET(self->userauth_algorithms,
			  ATOM_PUBLICKEY,
462
			  &make_userauth_publickey
463
464
465
466
			  (user_db,
			   make_alist(2,
				      ATOM_SSH_DSS, key_db,
				      ATOM_SSH_RSA, key_db,
467
468
				      -1))
			  ->super);
469
470
471
472
	      }
	  }
	else
	  argp_error(state, "All user authentication methods disabled.");
473
474
475

	/* Start background poll */
	RANDOM_POLL_BACKGROUND(self->random->poller);
476
477
478
	
	break;
      }
479
480
481
482
483
484
485
486
487
488
489
    case 'p':
      self->port = arg;
      break;

    case 'h':
      self->hostkey = arg;
      break;

    case OPT_INTERFACE:
      self->interface = arg;
      break;
490

491
492
493
494
495
#if WITH_SSH1_FALLBACK
    case OPT_SSH1_FALLBACK:
      self->sshd1 = make_ssh1_fallback(arg ? arg : SSHD1);
      break;
#endif
Niels Möller's avatar
Niels Möller committed
496

497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
    case OPT_SRP:
      self->with_srp_keyexchange = 1;
      break;

    case OPT_NO_SRP:
      self->with_srp_keyexchange = 0;
      break;
      
    case OPT_DH:
      self->with_dh_keyexchange = 1;
      break;

    case OPT_NO_DH:
      self->with_dh_keyexchange = 0;
      break;
      
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
    case OPT_PASSWORD:
      self->with_password = 1;
      break;
      
    case OPT_NO_PASSWORD:
      self->with_password = 0;
      break;

    case OPT_PUBLICKEY:
      self->with_publickey = 1;
      break;
      
    case OPT_NO_PUBLICKEY:
      self->with_publickey = 0;
      break;
528
529
530
531

    case OPT_ROOT_LOGIN:
      self->allow_root = 1;
      break;
532
533

    case OPT_KERBEROS_PASSWD:
534
      self->pw_helper = KERBEROS_HELPER;
535
536
537
538
539
      break;

    case OPT_NO_KERBEROS_PASSWD:
      self->pw_helper = NULL;
      break;
540
541
542
543

    case OPT_PASSWORD_HELPER:
      self->pw_helper = arg;
      break;
544
      
545
#if WITH_TCP_FORWARD
546
547
548
549
550
551
552
    case OPT_TCPIP_FORWARD:
      self->with_tcpip_forward = 1;
      break;

    case OPT_NO_TCPIP_FORWARD:
      self->with_tcpip_forward = 0;
      break;
553
554
555
556
557
558
559
560
561
562
563
#endif /* WITH_TCP_FORWARD */
      
#if WITH_PTY_SUPPORT
    case OPT_PTY:
      self->with_pty = 1;
      break;
    case OPT_NO_PTY:
      self->with_pty = 0;
      break;
#endif /* WITH_PTY_SUPPORT */
	  
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
    case OPT_DAEMONIC:
      self->daemonic = 1;
      break;

    case OPT_NO_DAEMONIC:
      self->daemonic = 0;
      break;

    case OPT_PIDFILE:
      self->pid_file = arg;
      self->use_pid_file = 1;
      break;

    case OPT_NO_PIDFILE:
      self->use_pid_file = 0;
      break;

    case OPT_CORE:
      self->corefile = 1;
      break;
584
585
586
    }
  return 0;
}
Niels Möller's avatar
Niels Möller committed
587

Niels Möller's avatar
Niels Möller committed
588
589
590
591
592
593
static const struct argp
main_argp =
{ main_options, main_argp_parser, 
  NULL,
  "Server for the ssh-2 protocol.",
  main_argp_children,
594
  NULL, NULL
Niels Möller's avatar
Niels Möller committed
595
596
};

597

598
599
/* GABA:
   (expr
600
     (name make_lshd_listen)
601
     (params
602
       (backend object io_backend)
603
       (handshake object handshake_info)
604
       (init object make_kexinit)
605
       (services object command) )
606
     (expr (lambda (options)
607
608
609
610
611
612
613
614
615
616
617
618
             (let ((keys 
		    (spki_read_hostkeys (options2signature_algorithms options)
			                (options2keyfile options))))
	       (listen_callback
	         (lambda (lv)
    		   (services (connection_handshake
    				  handshake
    				  (kexinit_filter init keys)
    				  keys 
    				  (log_peer lv))))
		 backend
		 (options2local options))))))
619
620
*/

621

622
/* Invoked when starting the ssh-connection service */
623
624
/* GABA:
   (expr
625
     (name make_lshd_connection_service)
626
     (params
627
628
       (hooks object object_list))
     (expr
629
630
631
632
       (lambda (connection)
         ((progn hooks)
	    ; We have to initialize the connection
	    ; before adding handlers.
633
634
635
	    (init_connection_service
	      ; Disconnect if connection->user is NULL
	      (connection_require_userauth connection)))))))
636
637
*/

638

Niels Möller's avatar
Niels Möller committed
639
640
int main(int argc, char **argv)
{
641
  struct lshd_options *options;
642
643

  struct io_backend *backend = make_io_backend();
644

Niels Möller's avatar
Niels Möller committed
645
646
647
  /* For filtering messages. Could perhaps also be used when converting
   * strings to and from UTF8. */
  setlocale(LC_CTYPE, "");
648

649
650
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);
651

652
  options = make_lshd_options(backend);
653
  
Niels Möller's avatar
Niels Möller committed
654
  argp_parse(&main_argp, argc, argv, 0, NULL, options);
655

656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
  if (!options->corefile && !daemon_disable_core())
    {
      werror("Disabling of core dumps failed.\n");
      return EXIT_FAILURE;
    }
  
  if (options->daemonic)
    {
#if HAVE_SYSLOG
      set_error_syslog("lshd");
#else /* !HAVE_SYSLOG */
      werror("lshd: No syslog. Further messages will be directed to /dev/null.\n");
#endif /* !HAVE_SYSLOG */
    }

  if (options->daemonic)
    switch (daemon_init())
      {
      case 0:
	werror("lshd: Spawning into background failed.\n");
	return EXIT_FAILURE;
      case DAEMON_INETD:
	werror("lshd: spawning from inetd not yet supported.\n");
	return EXIT_FAILURE;
      case DAEMON_INIT:
      case DAEMON_NORMAL:
	break;
      default:
	fatal("Internal error\n");
      }
686
687
688
689
690
691
  
  if (options->use_pid_file && !daemon_pidfile(options->pid_file))
    {
      werror("lshd seems to be running already.\n");
      return EXIT_FAILURE;
    }
692

693
  {
694
695
    /* Commands to be invoked on the connection */
    struct object_list *connection_hooks;
696
697
    struct command *session_setup;
    
698
699
    /* Supported channel requests */
    struct alist *supported_channel_requests
700
      = make_alist(2,
701
702
		   ATOM_SHELL, make_shell_handler(backend),
		   ATOM_EXEC, make_exec_handler(backend),
703
704
		   -1);
    
705
706
707
#if WITH_PTY_SUPPORT
    if (options->with_pty)
      ALIST_SET(supported_channel_requests,
708
		ATOM_PTY_REQ, &pty_request_handler.super);
709
710
711
712
#endif /* WITH_PTY_SUPPORT */

    session_setup = make_install_fix_channel_open_handler
      (ATOM_SESSION, make_open_session(supported_channel_requests));
713
    
714
#if WITH_TCP_FORWARD
715
    if (options->with_tcpip_forward)
716
      connection_hooks = make_object_list
717
718
	(4,
	 session_setup,
Niels Möller's avatar
Niels Möller committed
719
	 make_tcpip_forward_hook(backend),
720
721
722
723
	 make_install_fix_global_request_handler
	 (ATOM_CANCEL_TCPIP_FORWARD, &tcpip_cancel_forward),
	 make_direct_tcpip_hook(backend),
	 -1);
724
725
    else
#endif
726
727
      connection_hooks
	= make_object_list (1, session_setup, -1);
728
    {
729
730
731
      /* FIXME: We should check that we have at least one host key. We
       * should also extract the host-key algorithms for which we have
       * keys, instead of hardcoding ssh-dss below. */
732

733
734
      CAST_SUBTYPE(command, connection_service,
		   make_lshd_connection_service(connection_hooks));
735
      CAST_SUBTYPE(command, server_listen, 		   
736
737
		   make_lshd_listen
		   (backend,
738
739
740
741
		    make_handshake_info(CONNECTION_SERVER,
					"lsh - a free ssh",
					NULL,
					SSH_MAX_PACKET,
742
					&options->random->super,
743
744
					options->super.algorithms,
					options->sshd1),
745
		    make_simple_kexinit
746
		    (&options->random->super,
747
748
749
750
751
752
		     options->kex_algorithms,
		     options->super.hostkey_algorithms,
		     options->super.crypto_algorithms,
		     options->super.mac_algorithms,
		     options->super.compression_algorithms,
		     make_int_list(0, -1)),
753
754
755
756
757
758
759
760
761
762
		    make_offer_service
		    (make_alist
		     (2, ATOM_SSH_CONNECTION, connection_service,
		      ATOM_SSH_USERAUTH,
		      make_userauth_service(options->userauth_methods,
					    options->userauth_algorithms,
					    make_alist(1, ATOM_SSH_CONNECTION,
						       connection_service,-1)),
		      -1))));
      
763
      COMMAND_CALL(server_listen, options,
764
		   &discard_continuation,
765
766
		   make_report_exception_handler
		   (make_report_exception_info(EXC_IO, EXC_IO, "lshd: "),
767
		    options->e,
768
		    HANDLER_CONTEXT));
769
    }
770
  }
Niels Möller's avatar
Niels Möller committed
771
  
772
  io_run(backend);
Niels Möller's avatar
Niels Möller committed
773
774
775

  return 0;
}