Mercurial > dropbear
annotate svr-main.c @ 1861:2b3a8026a6ce
Add re-exec for server
This allows ASLR to re-randomize the address
space for every connection, preventing some
vulnerabilities from being exploitable by
repeated probing.
Overhead (memory and time) is yet to be confirmed.
At present this is only enabled on Linux. Other BSD platforms
with fexecve() would probably also work though have not been tested.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 30 Jan 2022 10:14:56 +0800 |
| parents | 6ea18ca8fc03 |
| children | adfcdfb161a4 |
| rev | line source |
|---|---|
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
| 290 | 4 * Copyright (c) 2002-2006 Matt Johnston |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "dbutil.h" |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "session.h" |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "buffer.h" |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "signkey.h" |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "runopts.h" |
|
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
795
diff
changeset
|
31 #include "dbrandom.h" |
| 795 | 32 #include "crypto_desc.h" |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
34 static size_t listensockets(int *sock, size_t sockcount, int *maxfd); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 static void sigchld_handler(int dummy); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 static void sigsegv_handler(int); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 static void sigintterm_handler(int fish); |
|
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1275
diff
changeset
|
38 static void main_inetd(void); |
| 1861 | 39 static void main_noinetd(int argc, char ** argv); |
|
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1275
diff
changeset
|
40 static void commonsetup(void); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
42 #if defined(DBMULTI_dropbear) || !DROPBEAR_MULTI |
|
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
43 #if defined(DBMULTI_dropbear) && DROPBEAR_MULTI |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 int dropbear_main(int argc, char ** argv) |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 #else |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 int main(int argc, char ** argv) |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 #endif |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 { |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
49 _dropbear_exit = svr_dropbear_exit; |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
50 _dropbear_log = svr_dropbear_log; |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
51 |
| 425 | 52 disallow_core(); |
| 53 | |
| 1861 | 54 if (argc < 1) { |
| 55 dropbear_exit("Bad argc"); | |
| 56 } | |
| 57 | |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
58 /* get commandline options */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
59 svr_getopts(argc, argv); |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
60 |
|
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
61 #if INETD_MODE |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
62 /* service program mode */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
63 if (svr_opts.inetdmode) { |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
64 main_inetd(); |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
65 /* notreached */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
66 } |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
67 #endif |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
68 |
| 1861 | 69 #if DROPBEAR_DO_REEXEC |
| 70 if (svr_opts.reexec_child) { | |
| 71 #ifdef PR_SET_NAME | |
| 72 /* Fix the "Name:" in /proc/pid/status, otherwise it's | |
| 73 a FD number from fexecve. | |
| 74 Failure doesn't really matter, it's mostly aesthetic */ | |
| 75 prctl(PR_SET_NAME, basename(argv[0]), 0, 0); | |
| 76 #endif | |
| 77 main_inetd(); | |
| 78 /* notreached */ | |
| 79 } | |
| 80 #endif | |
| 81 | |
|
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
82 #if NON_INETD_MODE |
| 1861 | 83 main_noinetd(argc, argv); |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
84 /* notreached */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
85 #endif |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
86 |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
87 dropbear_exit("Compiled without normal mode, can't run without -i\n"); |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
88 return -1; |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
89 } |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
90 #endif |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
91 |
| 1861 | 92 #if INETD_MODE || DROPBEAR_DO_REEXEC |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
93 static void main_inetd() { |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
94 char *host, *port = NULL; |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
95 |
|
1716
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
96 /* Set up handlers, syslog */ |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
97 commonsetup(); |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
98 |
|
1716
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
99 seedrandom(); |
|
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
100 |
| 1861 | 101 if (!svr_opts.reexec_child) { |
| 102 /* In case our inetd was lax in logging source addresses */ | |
| 103 get_socket_address(0, NULL, NULL, &host, &port, 0); | |
| 104 dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port); | |
| 105 m_free(host); | |
| 106 m_free(port); | |
| 1498 | 107 |
| 1861 | 108 /* Don't check the return value - it may just fail since inetd has |
| 109 * already done setsid() after forking (xinetd on Darwin appears to do | |
| 110 * this */ | |
| 111 setsid(); | |
| 112 } | |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
113 |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
114 /* Start service program |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
115 * -1 is a dummy childpipe, just something we can close() without |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
116 * mattering. */ |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
117 svr_session(0, -1); |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
118 |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
119 /* notreached */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
120 } |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
121 #endif /* INETD_MODE */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
122 |
|
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
123 #if NON_INETD_MODE |
| 1861 | 124 static void main_noinetd(int argc, char ** argv) { |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 fd_set fds; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 unsigned int i, j; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 int val; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 int maxsock = -1; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 int listensocks[MAX_LISTEN_ADDR]; |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
130 size_t listensockcount = 0; |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
131 FILE *pidfile = NULL; |
| 1861 | 132 int execfd = -1; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
134 int childpipes[MAX_UNAUTH_CLIENTS]; |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
135 char * preauth_addrs[MAX_UNAUTH_CLIENTS]; |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
136 |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 int childsock; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 int childpipe[2]; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 |
| 1861 | 140 (void)argc; |
| 141 (void)argv; | |
| 142 | |
|
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
143 /* Note: commonsetup() must happen before we daemon()ise. Otherwise |
|
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
144 daemon() will chdir("/"), and we won't be able to find local-dir |
|
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
145 hostkeys. */ |
|
379
b66a00272a90
Load hostkeys before daemon(), since daemon()'s chdir("/") will prevent us
Matt Johnston <matt@ucc.asn.au>
parents:
323
diff
changeset
|
146 commonsetup(); |
|
b66a00272a90
Load hostkeys before daemon(), since daemon()'s chdir("/") will prevent us
Matt Johnston <matt@ucc.asn.au>
parents:
323
diff
changeset
|
147 |
|
447
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
148 /* sockets to identify pre-authenticated clients */ |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
149 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
150 childpipes[i] = -1; |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
151 } |
|
539
07a58e4da1ac
use memset() rather than bzero()
Matt Johnston <matt@ucc.asn.au>
parents:
476
diff
changeset
|
152 memset(preauth_addrs, 0x0, sizeof(preauth_addrs)); |
| 1861 | 153 |
|
447
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
154 /* Set up the listening sockets */ |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
155 listensockcount = listensockets(listensocks, MAX_LISTEN_ADDR, &maxsock); |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
156 if (listensockcount == 0) |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
157 { |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
158 dropbear_exit("No listening ports available."); |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
159 } |
|
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
160 |
|
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
161 for (i = 0; i < listensockcount; i++) { |
|
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
162 FD_SET(listensocks[i], &fds); |
|
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
163 } |
|
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
164 |
| 1861 | 165 #if DROPBEAR_DO_REEXEC |
| 166 execfd = open(argv[0], O_CLOEXEC|O_RDONLY); | |
| 167 if (execfd < 0) { | |
| 168 /* Just fallback to straight fork */ | |
| 169 TRACE(("Couldn't open own binary %s, disabling re-exec: %s", argv[0], strerror(errno))) | |
| 170 } | |
| 171 #endif | |
| 172 | |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 /* fork */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 if (svr_opts.forkbg) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 int closefds = 0; |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
176 #if !DEBUG_TRACE |
|
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1084
diff
changeset
|
177 if (!opts.usingsyslog) { |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 closefds = 1; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 #endif |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 if (daemon(0, closefds) < 0) { |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
182 dropbear_exit("Failed to daemonize: %s", strerror(errno)); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 /* should be done after syslog is working */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 if (svr_opts.forkbg) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 dropbear_log(LOG_INFO, "Running in background"); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 } else { |
|
445
edbee0596531
"backgrounding" is more user-understandable than "forking"
Matt Johnston <matt@ucc.asn.au>
parents:
435
diff
changeset
|
190 dropbear_log(LOG_INFO, "Not backgrounding"); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 /* create a PID file so that we can be killed easily */ |
|
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
298
diff
changeset
|
194 pidfile = fopen(svr_opts.pidfile, "w"); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 if (pidfile) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 fprintf(pidfile, "%d\n", getpid()); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 fclose(pidfile); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 /* incoming connection select loop */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 for(;;) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1508
diff
changeset
|
203 DROPBEAR_FD_ZERO(&fds); |
| 1861 | 204 |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 /* listening sockets */ |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
206 for (i = 0; i < listensockcount; i++) { |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 FD_SET(listensocks[i], &fds); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 /* pre-authentication clients */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 if (childpipes[i] >= 0) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 FD_SET(childpipes[i], &fds); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 maxsock = MAX(maxsock, childpipes[i]); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 |
|
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
447
diff
changeset
|
218 val = select(maxsock+1, &fds, NULL, NULL, NULL); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 |
|
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
220 if (ses.exitflag) { |
|
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
298
diff
changeset
|
221 unlink(svr_opts.pidfile); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 dropbear_exit("Terminated by signal"); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 } |
| 1861 | 224 |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 if (val == 0) { |
|
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
447
diff
changeset
|
226 /* timeout reached - shouldn't happen. eh */ |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 continue; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 if (val < 0) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 if (errno == EINTR) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 continue; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 dropbear_exit("Listening socket error"); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
237 /* close fds which have been authed or closed - svr-auth.c handles |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 * closing the auth sockets on success */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 if (childpipes[i] >= 0 && FD_ISSET(childpipes[i], &fds)) { |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
241 m_close(childpipes[i]); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 childpipes[i] = -1; |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
243 m_free(preauth_addrs[i]); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 /* handle each socket which has something to say */ |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
248 for (i = 0; i < listensockcount; i++) { |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
249 size_t num_unauthed_for_addr = 0; |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
250 size_t num_unauthed_total = 0; |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
251 char *remote_host = NULL, *remote_port = NULL; |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
252 pid_t fork_ret = 0; |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
253 size_t conn_idx = 0; |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
254 struct sockaddr_storage remoteaddr; |
|
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
255 socklen_t remoteaddrlen; |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
256 |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
257 if (!FD_ISSET(listensocks[i], &fds)) |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
258 continue; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
259 |
| 62 | 260 remoteaddrlen = sizeof(remoteaddr); |
|
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
261 childsock = accept(listensocks[i], |
|
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
262 (struct sockaddr*)&remoteaddr, &remoteaddrlen); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
263 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
264 if (childsock < 0) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
265 /* accept failed */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 continue; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
268 |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
269 /* Limit the number of unauthenticated connections per IP */ |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
270 getaddrstring(&remoteaddr, &remote_host, NULL, 0); |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
271 |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
272 num_unauthed_for_addr = 0; |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
273 num_unauthed_total = 0; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
274 for (j = 0; j < MAX_UNAUTH_CLIENTS; j++) { |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
275 if (childpipes[j] >= 0) { |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
276 num_unauthed_total++; |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
277 if (strcmp(remote_host, preauth_addrs[j]) == 0) { |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
278 num_unauthed_for_addr++; |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
279 } |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
280 } else { |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
281 /* a free slot */ |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
282 conn_idx = j; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
283 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
284 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
285 |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
286 if (num_unauthed_total >= MAX_UNAUTH_CLIENTS |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
287 || num_unauthed_for_addr >= MAX_UNAUTH_PER_IP) { |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
288 goto out; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 |
| 687 | 291 seedrandom(); |
| 292 | |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
293 if (pipe(childpipe) < 0) { |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
294 TRACE(("error creating child pipe")) |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
295 goto out; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
296 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
297 |
|
1677
e05c0e394f1d
Make DEBUG_NOFORK a #if not #ifdef
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
298 #if DEBUG_NOFORK |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
299 fork_ret = 0; |
|
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
300 #else |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
301 fork_ret = fork(); |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
302 #endif |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
303 if (fork_ret < 0) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
304 dropbear_log(LOG_WARNING, "Error forking: %s", strerror(errno)); |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
305 goto out; |
| 687 | 306 } |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
307 |
| 723 | 308 addrandom((void*)&fork_ret, sizeof(fork_ret)); |
| 1861 | 309 |
| 687 | 310 if (fork_ret > 0) { |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
311 |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
312 /* parent */ |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
313 childpipes[conn_idx] = childpipe[0]; |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
314 m_close(childpipe[1]); |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
315 preauth_addrs[conn_idx] = remote_host; |
|
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
316 remote_host = NULL; |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
317 |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
318 } else { |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
319 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 /* child */ |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
321 getaddrstring(&remoteaddr, NULL, &remote_port, 0); |
|
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
322 dropbear_log(LOG_INFO, "Child connection from %s:%s", remote_host, remote_port); |
|
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
323 m_free(remote_host); |
|
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
324 m_free(remote_port); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
325 |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
326 #ifndef DEBUG_NOFORK |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
327 if (setsid() < 0) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 dropbear_exit("setsid: %s", strerror(errno)); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
329 } |
|
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
330 #endif |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
331 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
332 /* make sure we close sockets */ |
|
1270
6d00eca524fe
rename loop variable
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
333 for (j = 0; j < listensockcount; j++) { |
|
6d00eca524fe
rename loop variable
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
334 m_close(listensocks[j]); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
335 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
337 m_close(childpipe[0]); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 |
| 1861 | 339 if (execfd >= 0) { |
| 340 #if DROPBEAR_DO_REEXEC | |
| 341 /* Add "-2" to the args and re-execute ourself */ | |
| 342 char **new_argv = m_malloc(sizeof(char*) * (argc+1)); | |
| 343 memcpy(new_argv, argv, sizeof(char*) * argc); | |
| 344 new_argv[argc] = "-2"; | |
| 345 | |
| 346 if ((dup2(childsock, STDIN_FILENO) < 0)) { | |
| 347 dropbear_exit("dup2 failed: %s", strerror(errno)); | |
| 348 } | |
| 349 m_close(childsock); | |
| 350 /* Re-execute ourself */ | |
| 351 fexecve(execfd, new_argv, environ); | |
| 352 /* Not reached on success */ | |
| 353 | |
| 354 /* Fall back on plain fork otherwise */ | |
| 355 TRACE(("fexecve failed, disabling re-exec: %s", strerror(errno))) | |
| 356 m_free(new_argv); | |
| 357 #endif /* DROPBEAR_DO_REEXEC */ | |
| 358 } | |
| 359 | |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
360 /* start the session */ |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
361 svr_session(childsock, childpipe[1]); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
362 /* don't return */ |
|
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
363 dropbear_assert(0); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
364 } |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
365 |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
366 out: |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
367 /* This section is important for the parent too */ |
|
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
368 m_close(childsock); |
|
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
369 if (remote_host) { |
|
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
370 m_free(remote_host); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
371 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
372 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
373 } /* for(;;) loop */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
374 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
375 /* don't reach here */ |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
376 } |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
377 #endif /* NON_INETD_MODE */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
378 |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
379 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
380 /* catch + reap zombie children */ |
|
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
381 static void sigchld_handler(int UNUSED(unused)) { |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
382 struct sigaction sa_chld; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
383 |
|
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
384 const int saved_errno = errno; |
|
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
385 |
|
1271
26622eee1e8b
Suspicious use of ;
Francois Perrad <francois.perrad@gadz.org>
parents:
1270
diff
changeset
|
386 while(waitpid(-1, NULL, WNOHANG) > 0) {} |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
387 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
388 sa_chld.sa_handler = sigchld_handler; |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
389 sa_chld.sa_flags = SA_NOCLDSTOP; |
| 1001 | 390 sigemptyset(&sa_chld.sa_mask); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
391 if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
392 dropbear_exit("signal() error"); |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
393 } |
|
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
394 errno = saved_errno; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
395 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
397 /* catch any segvs */ |
|
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
398 static void sigsegv_handler(int UNUSED(unused)) { |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
399 fprintf(stderr, "Aiee, segfault! You should probably report " |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
400 "this as a bug to the developer\n"); |
|
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
401 _exit(EXIT_FAILURE); |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
402 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
403 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
404 /* catch ctrl-c or sigterm */ |
|
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
405 static void sigintterm_handler(int UNUSED(unused)) { |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
406 |
|
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
407 ses.exitflag = 1; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
408 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
409 |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
410 /* Things used by inetd and non-inetd modes */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
411 static void commonsetup() { |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
412 |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
413 struct sigaction sa_chld; |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
414 #ifndef DISABLE_SYSLOG |
|
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1084
diff
changeset
|
415 if (opts.usingsyslog) { |
|
1211
6ecc133fb2ee
Allow setting syslog identifier via startsyslog().
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1210
diff
changeset
|
416 startsyslog(PROGNAME); |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
417 } |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
418 #endif |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
419 |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
420 /* set up cleanup handler */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
421 if (signal(SIGINT, sigintterm_handler) == SIG_ERR || |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
422 #ifndef DEBUG_VALGRIND |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
423 signal(SIGTERM, sigintterm_handler) == SIG_ERR || |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
424 #endif |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
425 signal(SIGPIPE, SIG_IGN) == SIG_ERR) { |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
426 dropbear_exit("signal() error"); |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
427 } |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
428 |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
429 /* catch and reap zombie children */ |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
430 sa_chld.sa_handler = sigchld_handler; |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
431 sa_chld.sa_flags = SA_NOCLDSTOP; |
|
658
d4d0279710b9
- Initialise sa_mask properly
Matt Johnston <matt@ucc.asn.au>
parents:
656
diff
changeset
|
432 sigemptyset(&sa_chld.sa_mask); |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
433 if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
434 dropbear_exit("signal() error"); |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
435 } |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
436 if (signal(SIGSEGV, sigsegv_handler) == SIG_ERR) { |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
437 dropbear_exit("signal() error"); |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
438 } |
|
113
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
439 |
| 795 | 440 crypto_init(); |
| 441 | |
|
113
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
442 /* Now we can setup the hostkeys - needs to be after logging is on, |
|
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
443 * otherwise we might end up blatting error messages to the socket */ |
| 795 | 444 load_all_hostkeys(); |
|
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
445 } |
|
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
446 |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
447 /* Set up listening sockets for all the requested ports */ |
|
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
448 static size_t listensockets(int *socks, size_t sockcount, int *maxfd) { |
|
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
449 |
|
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
450 unsigned int i, n; |
| 62 | 451 char* errstring = NULL; |
|
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
452 size_t sockpos = 0; |
| 62 | 453 int nsock; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
454 |
|
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
893
diff
changeset
|
455 TRACE(("listensockets: %d to try", svr_opts.portcount)) |
|
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
456 |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
457 for (i = 0; i < svr_opts.portcount; i++) { |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
458 |
|
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
290
diff
changeset
|
459 TRACE(("listening on '%s:%s'", svr_opts.addresses[i], svr_opts.ports[i])) |
|
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
460 |
|
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
461 nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos], |
| 62 | 462 sockcount - sockpos, |
| 463 &errstring, maxfd); | |
| 464 | |
| 465 if (nsock < 0) { | |
|
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
466 dropbear_log(LOG_WARNING, "Failed listening on '%s': %s", |
|
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
467 svr_opts.ports[i], errstring); |
| 62 | 468 m_free(errstring); |
| 469 continue; | |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
470 } |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
471 |
|
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
472 for (n = 0; n < (unsigned int)nsock; n++) { |
|
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
473 int sock = socks[sockpos + n]; |
|
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
474 set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY); |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
475 #if DROPBEAR_SERVER_TCP_FAST_OPEN |
|
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
476 set_listen_fast_open(sock); |
|
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
477 #endif |
|
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
478 } |
|
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
479 |
| 62 | 480 sockpos += nsock; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
481 |
|
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
482 } |
| 62 | 483 return sockpos; |
|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
484 } |