Mercurial > dropbear
annotate svr-main.c @ 1920:1489449eceb1
Check authorized_keys permissions as the user
This is necessary on NFS with squash root.
Based on work from Chris Dragan
This commit also tidies some trailing whitespace.
Fixes github pull #107
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 30 Mar 2022 12:56:09 +0800 |
parents | 2c9d635a1c04 |
children |
rev | line source |
---|---|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
290 | 4 * Copyright (c) 2002-2006 Matt Johnston |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "dbutil.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "session.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "buffer.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "signkey.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "runopts.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
795
diff
changeset
|
31 #include "dbrandom.h" |
795 | 32 #include "crypto_desc.h" |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
34 static size_t listensockets(int *sock, size_t sockcount, int *maxfd); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 static void sigchld_handler(int dummy); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 static void sigsegv_handler(int); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 static void sigintterm_handler(int fish); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1275
diff
changeset
|
38 static void main_inetd(void); |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
39 static void main_noinetd(int argc, char ** argv, const char* multipath); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1275
diff
changeset
|
40 static void commonsetup(void); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
42 #if defined(DBMULTI_dropbear) || !DROPBEAR_MULTI |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
43 #if defined(DBMULTI_dropbear) && DROPBEAR_MULTI |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
44 int dropbear_main(int argc, char ** argv, const char* multipath) |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 #else |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 int main(int argc, char ** argv) |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 #endif |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 { |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
49 #if !DROPBEAR_MULTI |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
50 const char* multipath = NULL; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
51 #endif |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
52 |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
53 _dropbear_exit = svr_dropbear_exit; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
54 _dropbear_log = svr_dropbear_log; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
55 |
425 | 56 disallow_core(); |
57 | |
1861 | 58 if (argc < 1) { |
59 dropbear_exit("Bad argc"); | |
60 } | |
61 | |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
62 /* get commandline options */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
63 svr_getopts(argc, argv); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
64 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
65 #if INETD_MODE |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
66 /* service program mode */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
67 if (svr_opts.inetdmode) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
68 main_inetd(); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
69 /* notreached */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
70 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
71 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
72 |
1861 | 73 #if DROPBEAR_DO_REEXEC |
74 if (svr_opts.reexec_child) { | |
75 #ifdef PR_SET_NAME | |
76 /* Fix the "Name:" in /proc/pid/status, otherwise it's | |
77 a FD number from fexecve. | |
78 Failure doesn't really matter, it's mostly aesthetic */ | |
79 prctl(PR_SET_NAME, basename(argv[0]), 0, 0); | |
80 #endif | |
81 main_inetd(); | |
82 /* notreached */ | |
83 } | |
84 #endif | |
85 | |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
86 #if NON_INETD_MODE |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
87 main_noinetd(argc, argv, multipath); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
88 /* notreached */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
89 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
90 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
91 dropbear_exit("Compiled without normal mode, can't run without -i\n"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
92 return -1; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
93 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
94 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
95 |
1861 | 96 #if INETD_MODE || DROPBEAR_DO_REEXEC |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
97 static void main_inetd() { |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
98 char *host, *port = NULL; |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
99 |
1716
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
100 /* Set up handlers, syslog */ |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
101 commonsetup(); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
102 |
1716
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
103 seedrandom(); |
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
104 |
1861 | 105 if (!svr_opts.reexec_child) { |
106 /* In case our inetd was lax in logging source addresses */ | |
107 get_socket_address(0, NULL, NULL, &host, &port, 0); | |
108 dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port); | |
109 m_free(host); | |
110 m_free(port); | |
1498 | 111 |
1861 | 112 /* Don't check the return value - it may just fail since inetd has |
113 * already done setsid() after forking (xinetd on Darwin appears to do | |
114 * this */ | |
115 setsid(); | |
116 } | |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
117 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
118 /* Start service program |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
119 * -1 is a dummy childpipe, just something we can close() without |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
120 * mattering. */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
121 svr_session(0, -1); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
122 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
123 /* notreached */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
124 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
125 #endif /* INETD_MODE */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
126 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
127 #if NON_INETD_MODE |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
128 static void main_noinetd(int argc, char ** argv, const char* multipath) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 fd_set fds; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 unsigned int i, j; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 int val; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 int maxsock = -1; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 int listensocks[MAX_LISTEN_ADDR]; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
134 size_t listensockcount = 0; |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
135 FILE *pidfile = NULL; |
1861 | 136 int execfd = -1; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
138 int childpipes[MAX_UNAUTH_CLIENTS]; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
139 char * preauth_addrs[MAX_UNAUTH_CLIENTS]; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
140 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 int childsock; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 int childpipe[2]; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 |
1861 | 144 (void)argc; |
145 (void)argv; | |
1873
2c9d635a1c04
Avoid unused argument warning when reexec is unused
Matt Johnston <matt@ucc.asn.au>
parents:
1870
diff
changeset
|
146 (void)multipath; |
1861 | 147 |
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
148 /* Note: commonsetup() must happen before we daemon()ise. Otherwise |
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
149 daemon() will chdir("/"), and we won't be able to find local-dir |
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
150 hostkeys. */ |
379
b66a00272a90
Load hostkeys before daemon(), since daemon()'s chdir("/") will prevent us
Matt Johnston <matt@ucc.asn.au>
parents:
323
diff
changeset
|
151 commonsetup(); |
b66a00272a90
Load hostkeys before daemon(), since daemon()'s chdir("/") will prevent us
Matt Johnston <matt@ucc.asn.au>
parents:
323
diff
changeset
|
152 |
447
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
153 /* sockets to identify pre-authenticated clients */ |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
154 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
155 childpipes[i] = -1; |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
156 } |
539
07a58e4da1ac
use memset() rather than bzero()
Matt Johnston <matt@ucc.asn.au>
parents:
476
diff
changeset
|
157 memset(preauth_addrs, 0x0, sizeof(preauth_addrs)); |
1861 | 158 |
447
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
159 /* Set up the listening sockets */ |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
160 listensockcount = listensockets(listensocks, MAX_LISTEN_ADDR, &maxsock); |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
161 if (listensockcount == 0) |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
162 { |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
163 dropbear_exit("No listening ports available."); |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
164 } |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
165 |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
166 for (i = 0; i < listensockcount; i++) { |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
167 FD_SET(listensocks[i], &fds); |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
168 } |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
169 |
1861 | 170 #if DROPBEAR_DO_REEXEC |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
171 if (multipath) { |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
172 execfd = open(multipath, O_CLOEXEC|O_RDONLY); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
173 } else { |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
174 execfd = open(argv[0], O_CLOEXEC|O_RDONLY); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
175 } |
1861 | 176 if (execfd < 0) { |
177 /* Just fallback to straight fork */ | |
178 TRACE(("Couldn't open own binary %s, disabling re-exec: %s", argv[0], strerror(errno))) | |
179 } | |
180 #endif | |
181 | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 /* fork */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 if (svr_opts.forkbg) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 int closefds = 0; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
185 #if !DEBUG_TRACE |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1084
diff
changeset
|
186 if (!opts.usingsyslog) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 closefds = 1; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 #endif |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 if (daemon(0, closefds) < 0) { |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
191 dropbear_exit("Failed to daemonize: %s", strerror(errno)); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 /* should be done after syslog is working */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 if (svr_opts.forkbg) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 dropbear_log(LOG_INFO, "Running in background"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 } else { |
445
edbee0596531
"backgrounding" is more user-understandable than "forking"
Matt Johnston <matt@ucc.asn.au>
parents:
435
diff
changeset
|
199 dropbear_log(LOG_INFO, "Not backgrounding"); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 /* create a PID file so that we can be killed easily */ |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
298
diff
changeset
|
203 pidfile = fopen(svr_opts.pidfile, "w"); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 if (pidfile) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 fprintf(pidfile, "%d\n", getpid()); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 fclose(pidfile); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 /* incoming connection select loop */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 for(;;) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 |
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1508
diff
changeset
|
212 DROPBEAR_FD_ZERO(&fds); |
1861 | 213 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 /* listening sockets */ |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
215 for (i = 0; i < listensockcount; i++) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 FD_SET(listensocks[i], &fds); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 /* pre-authentication clients */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 if (childpipes[i] >= 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 FD_SET(childpipes[i], &fds); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 maxsock = MAX(maxsock, childpipes[i]); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
447
diff
changeset
|
227 val = select(maxsock+1, &fds, NULL, NULL, NULL); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
229 if (ses.exitflag) { |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
298
diff
changeset
|
230 unlink(svr_opts.pidfile); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 dropbear_exit("Terminated by signal"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 } |
1861 | 233 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 if (val == 0) { |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
447
diff
changeset
|
235 /* timeout reached - shouldn't happen. eh */ |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 if (val < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 if (errno == EINTR) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 dropbear_exit("Listening socket error"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
246 /* close fds which have been authed or closed - svr-auth.c handles |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 * closing the auth sockets on success */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 if (childpipes[i] >= 0 && FD_ISSET(childpipes[i], &fds)) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
250 m_close(childpipes[i]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 childpipes[i] = -1; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
252 m_free(preauth_addrs[i]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 /* handle each socket which has something to say */ |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
257 for (i = 0; i < listensockcount; i++) { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
258 size_t num_unauthed_for_addr = 0; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
259 size_t num_unauthed_total = 0; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
260 char *remote_host = NULL, *remote_port = NULL; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
261 pid_t fork_ret = 0; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
262 size_t conn_idx = 0; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
263 struct sockaddr_storage remoteaddr; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
264 socklen_t remoteaddrlen; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
265 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 if (!FD_ISSET(listensocks[i], &fds)) |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
268 |
62 | 269 remoteaddrlen = sizeof(remoteaddr); |
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
270 childsock = accept(listensocks[i], |
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
271 (struct sockaddr*)&remoteaddr, &remoteaddrlen); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 if (childsock < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
274 /* accept failed */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
275 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
276 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
277 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
278 /* Limit the number of unauthenticated connections per IP */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
279 getaddrstring(&remoteaddr, &remote_host, NULL, 0); |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
280 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
281 num_unauthed_for_addr = 0; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
282 num_unauthed_total = 0; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
283 for (j = 0; j < MAX_UNAUTH_CLIENTS; j++) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
284 if (childpipes[j] >= 0) { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
285 num_unauthed_total++; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
286 if (strcmp(remote_host, preauth_addrs[j]) == 0) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
287 num_unauthed_for_addr++; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
288 } |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
289 } else { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
290 /* a free slot */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
291 conn_idx = j; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
292 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
293 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
294 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
295 if (num_unauthed_total >= MAX_UNAUTH_CLIENTS |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
296 || num_unauthed_for_addr >= MAX_UNAUTH_PER_IP) { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
297 goto out; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
298 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
299 |
687 | 300 seedrandom(); |
301 | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 if (pipe(childpipe) < 0) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
303 TRACE(("error creating child pipe")) |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
304 goto out; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
305 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
306 |
1677
e05c0e394f1d
Make DEBUG_NOFORK a #if not #ifdef
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
307 #if DEBUG_NOFORK |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
308 fork_ret = 0; |
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
309 #else |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
310 fork_ret = fork(); |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
311 #endif |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
312 if (fork_ret < 0) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
313 dropbear_log(LOG_WARNING, "Error forking: %s", strerror(errno)); |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
314 goto out; |
687 | 315 } |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
316 |
723 | 317 addrandom((void*)&fork_ret, sizeof(fork_ret)); |
1861 | 318 |
687 | 319 if (fork_ret > 0) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
320 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
321 /* parent */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
322 childpipes[conn_idx] = childpipe[0]; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
323 m_close(childpipe[1]); |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
324 preauth_addrs[conn_idx] = remote_host; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
325 remote_host = NULL; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
326 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
327 } else { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
329 /* child */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
330 getaddrstring(&remoteaddr, NULL, &remote_port, 0); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
331 dropbear_log(LOG_INFO, "Child connection from %s:%s", remote_host, remote_port); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
332 m_free(remote_host); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
333 m_free(remote_port); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
334 |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
335 #ifndef DEBUG_NOFORK |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 if (setsid() < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
337 dropbear_exit("setsid: %s", strerror(errno)); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 } |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
339 #endif |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
341 /* make sure we close sockets */ |
1270
6d00eca524fe
rename loop variable
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
342 for (j = 0; j < listensockcount; j++) { |
6d00eca524fe
rename loop variable
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
343 m_close(listensocks[j]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
344 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
346 m_close(childpipe[0]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 |
1861 | 348 if (execfd >= 0) { |
349 #if DROPBEAR_DO_REEXEC | |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
350 /* Add "-2" to the args and re-execute ourself. */ |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
351 char **new_argv = m_malloc(sizeof(char*) * (argc+3)); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
352 int pos0 = 0, new_argc = argc+1; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
353 |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
354 /* We need to specially handle "dropbearmulti dropbear". */ |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
355 if (multipath) { |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
356 new_argv[0] = (char*)multipath; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
357 pos0 = 1; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
358 new_argc++; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
359 } |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
360 |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
361 memcpy(&new_argv[pos0], argv, sizeof(char*) * argc); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
362 new_argv[new_argc-1] = "-2"; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
363 new_argv[new_argc] = NULL; |
1861 | 364 |
365 if ((dup2(childsock, STDIN_FILENO) < 0)) { | |
366 dropbear_exit("dup2 failed: %s", strerror(errno)); | |
367 } | |
1866
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
368 if (fcntl(childsock, F_SETFD, FD_CLOEXEC) < 0) { |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
369 TRACE(("cloexec for childsock %d failed: %s", childsock, strerror(errno))) |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
370 } |
1861 | 371 /* Re-execute ourself */ |
372 fexecve(execfd, new_argv, environ); | |
373 /* Not reached on success */ | |
374 | |
1866
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
375 /* Fall back on plain fork otherwise. |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
376 * To be removed in future once re-exec has been well tested */ |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
377 dropbear_log(LOG_WARNING, "fexecve failed, disabling re-exec: %s", strerror(errno)); |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
378 m_close(STDIN_FILENO); |
1861 | 379 m_free(new_argv); |
380 #endif /* DROPBEAR_DO_REEXEC */ | |
381 } | |
382 | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
383 /* start the session */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
384 svr_session(childsock, childpipe[1]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
385 /* don't return */ |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
386 dropbear_assert(0); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
387 } |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
388 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
389 out: |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
390 /* This section is important for the parent too */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
391 m_close(childsock); |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
392 if (remote_host) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
393 m_free(remote_host); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
394 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
395 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 } /* for(;;) loop */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
397 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
398 /* don't reach here */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
399 } |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
400 #endif /* NON_INETD_MODE */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
401 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
402 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
403 /* catch + reap zombie children */ |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
404 static void sigchld_handler(int UNUSED(unused)) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
405 struct sigaction sa_chld; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
406 |
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
407 const int saved_errno = errno; |
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
408 |
1271
26622eee1e8b
Suspicious use of ;
Francois Perrad <francois.perrad@gadz.org>
parents:
1270
diff
changeset
|
409 while(waitpid(-1, NULL, WNOHANG) > 0) {} |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
410 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
411 sa_chld.sa_handler = sigchld_handler; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
412 sa_chld.sa_flags = SA_NOCLDSTOP; |
1001 | 413 sigemptyset(&sa_chld.sa_mask); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
414 if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
415 dropbear_exit("signal() error"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
416 } |
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
417 errno = saved_errno; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
418 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
419 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
420 /* catch any segvs */ |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
421 static void sigsegv_handler(int UNUSED(unused)) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
422 fprintf(stderr, "Aiee, segfault! You should probably report " |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
423 "this as a bug to the developer\n"); |
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
424 _exit(EXIT_FAILURE); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
425 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
426 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
427 /* catch ctrl-c or sigterm */ |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
428 static void sigintterm_handler(int UNUSED(unused)) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
429 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
430 ses.exitflag = 1; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
431 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
432 |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
433 /* Things used by inetd and non-inetd modes */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
434 static void commonsetup() { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
435 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
436 struct sigaction sa_chld; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
437 #ifndef DISABLE_SYSLOG |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1084
diff
changeset
|
438 if (opts.usingsyslog) { |
1211
6ecc133fb2ee
Allow setting syslog identifier via startsyslog().
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1210
diff
changeset
|
439 startsyslog(PROGNAME); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
440 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
441 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
442 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
443 /* set up cleanup handler */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
444 if (signal(SIGINT, sigintterm_handler) == SIG_ERR || |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
445 #ifndef DEBUG_VALGRIND |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
446 signal(SIGTERM, sigintterm_handler) == SIG_ERR || |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
447 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
448 signal(SIGPIPE, SIG_IGN) == SIG_ERR) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
449 dropbear_exit("signal() error"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
450 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
451 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
452 /* catch and reap zombie children */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
453 sa_chld.sa_handler = sigchld_handler; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
454 sa_chld.sa_flags = SA_NOCLDSTOP; |
658
d4d0279710b9
- Initialise sa_mask properly
Matt Johnston <matt@ucc.asn.au>
parents:
656
diff
changeset
|
455 sigemptyset(&sa_chld.sa_mask); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
456 if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
457 dropbear_exit("signal() error"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
458 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
459 if (signal(SIGSEGV, sigsegv_handler) == SIG_ERR) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
460 dropbear_exit("signal() error"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
461 } |
113
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
462 |
795 | 463 crypto_init(); |
464 | |
113
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
465 /* Now we can setup the hostkeys - needs to be after logging is on, |
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
466 * otherwise we might end up blatting error messages to the socket */ |
795 | 467 load_all_hostkeys(); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
468 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
469 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
470 /* Set up listening sockets for all the requested ports */ |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
471 static size_t listensockets(int *socks, size_t sockcount, int *maxfd) { |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
472 |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
473 unsigned int i, n; |
62 | 474 char* errstring = NULL; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
475 size_t sockpos = 0; |
62 | 476 int nsock; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
477 |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
893
diff
changeset
|
478 TRACE(("listensockets: %d to try", svr_opts.portcount)) |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
479 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
480 for (i = 0; i < svr_opts.portcount; i++) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
481 |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
290
diff
changeset
|
482 TRACE(("listening on '%s:%s'", svr_opts.addresses[i], svr_opts.ports[i])) |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
483 |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
484 nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos], |
62 | 485 sockcount - sockpos, |
486 &errstring, maxfd); | |
487 | |
488 if (nsock < 0) { | |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
489 dropbear_log(LOG_WARNING, "Failed listening on '%s': %s", |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
490 svr_opts.ports[i], errstring); |
62 | 491 m_free(errstring); |
492 continue; | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
493 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
494 |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
495 for (n = 0; n < (unsigned int)nsock; n++) { |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
496 int sock = socks[sockpos + n]; |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
497 set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY); |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
498 #if DROPBEAR_SERVER_TCP_FAST_OPEN |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
499 set_listen_fast_open(sock); |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
500 #endif |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
501 } |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
502 |
62 | 503 sockpos += nsock; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
504 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
505 } |
62 | 506 return sockpos; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
507 } |