Commit 9f63de7e authored by Balázs Scheidler's avatar Balázs Scheidler Committed by Niels Möller
Browse files

* src/lshd.c (main): Create an authorization_db class (Bazsi).

Rev: src/lshd.c:1.61
parent 93a34f51
...@@ -29,28 +29,30 @@ ...@@ -29,28 +29,30 @@
#include "channel.h" #include "channel.h"
#include "channel_commands.h" #include "channel_commands.h"
#include "charset.h" #include "charset.h"
#include "compress.h"
#include "connection_commands.h" #include "connection_commands.h"
#include "crypto.h" #include "crypto.h"
#include "format.h" #include "format.h"
#include "io.h" #include "io.h"
#include "io_commands.h" #include "io_commands.h"
#include "server_password.h" #include "lookup_verifier.h"
#include "server_session.h"
#include "randomness.h" #include "randomness.h"
#include "read_scan.h"
#include "reaper.h" #include "reaper.h"
#include "server.h" #include "server.h"
#include "server_authorization.h"
#include "server_keyexchange.h" #include "server_keyexchange.h"
#include "server_password.h"
#include "server_pty.h"
#include "server_publickey.h"
#include "server_session.h"
#include "sexp.h" #include "sexp.h"
#include "ssh.h" #include "ssh.h"
#include "tcpforward.h"
#include "tcpforward_commands.h"
#include "tcpforward_commands.h" #include "tcpforward_commands.h"
#include "userauth.h" #include "userauth.h"
#include "werror.h" #include "werror.h"
#include "xalloc.h" #include "xalloc.h"
#include "compress.h"
#include "server_pty.h"
#include "tcpforward.h"
#include "tcpforward_commands.h"
#include "getopt.h" #include "getopt.h"
...@@ -104,32 +106,34 @@ void usage(void) ...@@ -104,32 +106,34 @@ void usage(void)
/* GABA: /* GABA:
(class (class
(name read_key) (name read_key)
(super sexp_handler) (super command_continuation)
(vars (vars
(random object randomness) (random object randomness)
;; Maps hostkey algorithm to a keyinfo structure ;; Maps hostkey algorithm to a keyinfo structure
(keys object alist))) (keys object alist)))
*/ */
static int do_read_key(struct sexp_handler *h, struct sexp *private) static void do_read_key(struct command_continuation *s,
struct lsh_object *a)
{ {
CAST(read_key, closure, h); CAST(read_key, closure, s);
CAST_SUBTYPE(sexp, private, a);
struct sexp_iterator *i; struct sexp_iterator *i;
struct sexp *e; struct sexp *e;
mpz_t p, q, g, y, x; mpz_t p, q, g, y, x;
int res;
if (!sexp_check_type(private, "private-key", &i)) if (!sexp_check_type(private, "private-key", &i))
{ {
werror("lshd: Host key file does not contain a private key."); werror("lshd: Host key file does not contain a private key.");
return LSH_FAIL | LSH_DIE; return;
} }
e = SEXP_GET(i); e = SEXP_GET(i);
if (! (e && sexp_check_type(e, "dsa", &i))) if (! (e && sexp_check_type(e, "dsa", &i)))
{ {
werror("lshd: Unknown key type (only dsa is supported)\n"); werror("lshd: Unknown key type (only dsa is supported)\n");
return LSH_FAIL | LSH_DIE; return;
} }
mpz_init(p); mpz_init(p);
...@@ -155,8 +159,6 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private) ...@@ -155,8 +159,6 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private)
{ {
werror("lshd: Host key doesn't work.\n"); werror("lshd: Host key doesn't work.\n");
mpz_clear(tmp); mpz_clear(tmp);
res = LSH_FAIL | LSH_DIE;
} }
else else
{ {
...@@ -177,11 +179,11 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private) ...@@ -177,11 +179,11 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private)
ALIST_SET(closure->keys, ATOM_SSH_DSS, ALIST_SET(closure->keys, ATOM_SSH_DSS,
make_keypair_info(public, private)); make_keypair_info(public, private));
#if DATAFELLOWS_SSH2_SSH_DSA_KLUDGE #if DATAFELLOWS_WORKAROUNDS
ALIST_SET(closure->keys, ATOM_SSH_DSS_KLUDGE, ALIST_SET(closure->keys, ATOM_SSH_DSS_KLUDGE,
make_keypair_info(public, make_keypair_info(public,
make_dsa_signer_kludge(private))); make_dsa_signer_kludge(private)));
#endif #endif /* DATAFELLOWS_WORKAROUNDS */
verbose("lshd: Using (public) hostkey:\n" verbose("lshd: Using (public) hostkey:\n"
" p=%xn\n" " p=%xn\n"
...@@ -189,12 +191,8 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private) ...@@ -189,12 +191,8 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private)
" g=%xn\n" " g=%xn\n"
" y=%xn\n", " y=%xn\n",
p, q, g, y); p, q, g, y);
res = LSH_OK | LSH_CLOSE;
} }
} }
else
res = LSH_FAIL | LSH_DIE;
/* Cleanup */ /* Cleanup */
mpz_clear(p); mpz_clear(p);
...@@ -202,8 +200,6 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private) ...@@ -202,8 +200,6 @@ static int do_read_key(struct sexp_handler *h, struct sexp *private)
mpz_clear(g); mpz_clear(g);
mpz_clear(y); mpz_clear(y);
mpz_clear(x); mpz_clear(x);
return res;
} }
static int read_host_key(const char *name, static int read_host_key(const char *name,
...@@ -222,13 +218,14 @@ static int read_host_key(const char *name, ...@@ -222,13 +218,14 @@ static int read_host_key(const char *name,
int res; int res;
NEW(read_key, handler); NEW(read_key, handler);
handler->super.handler = do_read_key; handler->super.c = do_read_key;
handler->random = r; handler->random = r;
handler->keys = keys; handler->keys = keys;
res = blocking_read(fd, make_read_sexp(&handler->super, res = blocking_read(fd,
SEXP_TRANSPORT, 0)); make_read_sexp(SEXP_TRANSPORT, 1,
&handler->super, &ignore_exception_handler));
close(fd); close(fd);
KILL(handler); KILL(handler);
...@@ -310,7 +307,8 @@ int main(int argc, char **argv) ...@@ -310,7 +307,8 @@ int main(int argc, char **argv)
struct keyexchange_algorithm *kex; struct keyexchange_algorithm *kex;
struct alist *algorithms; struct alist *algorithms;
struct make_kexinit *make_kexinit; struct make_kexinit *make_kexinit;
struct alist *authorization_lookup;
NEW(io_backend, backend); NEW(io_backend, backend);
/* For filtering messages. Could perhaps also be used when converting /* For filtering messages. Could perhaps also be used when converting
...@@ -445,6 +443,20 @@ int main(int argc, char **argv) ...@@ -445,6 +443,20 @@ int main(int argc, char **argv)
kex = make_dh_server(dh, keys); kex = make_dh_server(dh, keys);
authorization_lookup
= make_alist(1
#if DATAFELLOWS_WORKAROUNDS
+1,
ATOM_SSH_DSS_KLUDGE, make_authorization_db(make_dsa_kludge_algorithm(NULL),
&md5_algorithm)
#endif
,ATOM_SSH_DSS, make_authorization_db(make_dsa_algorithm(NULL),
&md5_algorithm),
-1);
ALIST_SET(algorithms, ATOM_DIFFIE_HELLMAN_GROUP1_SHA1, kex); ALIST_SET(algorithms, ATOM_DIFFIE_HELLMAN_GROUP1_SHA1, kex);
make_kexinit make_kexinit
...@@ -496,9 +508,13 @@ int main(int argc, char **argv) ...@@ -496,9 +508,13 @@ int main(int argc, char **argv)
(make_alist (make_alist
(1, ATOM_SSH_USERAUTH, (1, ATOM_SSH_USERAUTH,
lshd_services(make_userauth_service lshd_services(make_userauth_service
(make_int_list(1, ATOM_PASSWORD, -1), (make_int_list(2,
make_alist(1, ATOM_PASSWORD, ATOM_PASSWORD,
&unix_userauth.super, -1), ATOM_PUBLICKEY, -1),
make_alist(2,
ATOM_PASSWORD, &unix_userauth.super,
ATOM_PUBLICKEY, make_userauth_publickey(authorization_lookup),
-1),
make_alist(1, ATOM_SSH_CONNECTION, make_alist(1, ATOM_SSH_CONNECTION,
lshd_connection_service lshd_connection_service
(make_server_connection_service (make_server_connection_service
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment