Commit 4e7e5c5a authored by Niels Möller's avatar Niels Möller
Browse files

New files

Rev: src/channel.h:1.1
Rev: src/server_userauth.c:1.1
Rev: src/session.h:1.5
parent 838f22df
/* channel.h
*
* Information about one ssh channel.
*/
#ifndef LSH_CHANNEL_H_INCLUDED
#define LSH_CHANNEL_H_INCLUDED
#include "lsh_types.h"
/* Channels are indexed by local channel number in some array. This
* index is not stored in the channel struct. When sending messages on
* the channel, it is identified by the *remote* sides index number,
* and this number must be stored. */
#define CHANNEL_DATA 0
#define CHANNEL_STDERR_DATA 1
#define CHANNEL_EOF 0
#define CHANNEL_CLOSE 1
struct ssh_channel
{
UINT32 channel_number; /* Remote channel number */
UINT32 rec_window_size;
UINT32 rec_max_packet;
UINT32 send_window_size;
UINT32 send_max_packet;
/* Type is CHANNEL_DATA or CHANNEL_STDERR_DATA */
int (*recieve)(struct ssh_channel *self, int type, struct lsh_string *data);
/* Type is CHANNEL_EOF or CHANNEL_CLOSE */
int (*close)(struct ssh_channel *self, int type);
};
#endif /* LSH_CHANNEL_H_INCLUDED */
/* server_userauth.c
*
* Server side user authentication. */
#include "service.h"
#include "userauth.h"
/* FIXME: Supports only password authentication so far. There should
* be some abstraction for handling several authentication methods. */
struct userauth_service
{
struct service super;
struct alist *methods; /* Maps authentication method names to methods */
};
/* Max number of attempts */
#define AUTH_ATTEMPTS 20
/* FIXME: There are no timeouts for authentications. The callouts in
* io.c could be used for timeouts, but it's not clear how the timeout
* handler can close the right connection. */
struct userauth_handler
{
struct packet_handler super;
/* Attempts left */
int attempts;
/* Methods advertised in failure messages */
int *advertised_methods;
struct alist *methods;
};
struct lsh_string *format_userauth_failure(int *methods, int partial)
{
return ssh_format("%c%A%c", SSH_MSG_USERAUTH_FAILURE, methods, partial);
}
struct lsh_string *format_userauth_success()
{
return ssh_format("%c", SSH_MSG_USERAUTH_SUCCESS);
}
/* NOTE: This implementation does not use any partial successes. As
* soon as one authentication request is successful, the
* entire authentication process succeeds. */
static int do_handle_user_auth(struct packet_handler *c,
struct ssh_connection *connection,
struct lsh_string *packet)
{
struct userauth_handler * closure = (struct userauth_handler *) c;
struct simple_buffer buffer;
int msg_number;
struct lsh_string *user;
int requested_service;
int method;
MDEBUG(closure);
simple_buffer_init(&buffer, packet->length, packet->data);
if (parse_uint8(&buffer, &msg_number)
&& (msg_number == SSH_MSG_USERAUTH_REQUEST)
&& parse_string_copy(&buffer, &user)
&& parse_atom(&buffer, &requested_service)
&& parse_atom(&buffer, &method))
{
struct ssh_service *service;
self->attempts--;
struct userauth *auth = ALIST_GET(closure->methods, method);
if (!auth)
return attempts
? A_WRITE(connection->write,
format_userauth_failure(self->advertised_methods,
0))
: LSH_FAIL | LSH_DIE;
if (AUTHENTICATE(auth, user, requested_service,
&buffer, &service))
{
if (service
&& SERVICE_INIT(service, connection))
/* Access granted */
return A_WRITE(connection->write, format_userauth_success());
else
return attempts
? A_WRITE(connection->write,
format_userauth_failure(self->advertised_methods,
0))
: LSH_FAIL | LSH_DIE;
}
}
/* Invalid request */
return LSH_FAIL | LSH_DIE;
}
static int init_userauth(struct service *s, int name, struct ssh_connection *c)
{
struct userauth_service *self = (struct userauth_service *) s;
struct userauth_handler *auth; = xalloc(sizeof(struct userauth_handler));
MDEBUG(self);
auth->super.handler = do_handle_userauth;
auth->methods = self->methods;
auth->attempts = AUTH_ATTEMPTS;
c->dispatch[SSH_MSG_USERAUTH_REQUEST] = &auth->super;
return 1;
}
struct ssh_service *make_userauth_service(struct alist *methods)
{
struct userauth_service *self = xalloc(sizeof(struct userauth_service));
self->super.init = init_userauth;
self->methods = methods;
return &self->super;
}
/* session.h
*
* Manage the ssh-connection service.
*/
#ifndef LSH_SESSION_H_INCLUDED
#define LSH_SESSION_H_INCLUDED
#include "connection.h"
struct ssh_session
{
/* FIXME: This is relevant only for the server side */
uid_t user; /* Authenticated user */
/* Channels are indexed by local number */
struct channel **channels;
/* Allocation of local channel numbers is managed using the same *
* method as is traditionally used for allocation of unix file
* descriptors. */
UINT32 allocated channels;
UINT32 next_channel;
UINT32 max_channel; /* One more than the highest number in use */
};
/* SSH_MSG_GLOBAL_REQUEST */
struct global_request
{
struct lsh_object *header;
int (*handler)(struct global_request *closure,
int want_reply,
struct simple_buffer *args);
};
#define GLOBAL_REQUEST(c, w, a) ((c)->handler((c), (w), (a)))
/* SSH_MSG_CHANNEL_OPEN */
struct channel_request {
struct lsh_object *header;
int (*handler)(struct global_request *closure,
UINT32 channel_number, /* Remote channel number */
UINT32 rec_window_size,
UINT32 rec_max_packet,
struct simple_buffer *args);
};
#define CHANNEL_OPEN(c, n, w, m, a) \
((c)->handler((c), (n), (w), (m), (a)))
struct connection_service
{
struct ssh_service super;
/* Supported global requests */
struct alist *global_requests;
struct alist *channel_requests;
};
#endif /* LSH_SESSION_H_INCLUDED */
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment