Mercurial > dropbear
annotate svr-main.c @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 13:42:08 +0800 |
parents | 2c9d635a1c04 |
children |
rev | line source |
---|---|
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
290 | 4 * Copyright (c) 2002-2006 Matt Johnston |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "dbutil.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "session.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "buffer.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "signkey.h" |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "runopts.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
795
diff
changeset
|
31 #include "dbrandom.h" |
795 | 32 #include "crypto_desc.h" |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
34 static size_t listensockets(int *sock, size_t sockcount, int *maxfd); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 static void sigchld_handler(int dummy); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 static void sigsegv_handler(int); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 static void sigintterm_handler(int fish); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1275
diff
changeset
|
38 static void main_inetd(void); |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
39 static void main_noinetd(int argc, char ** argv, const char* multipath); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1275
diff
changeset
|
40 static void commonsetup(void); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
42 #if defined(DBMULTI_dropbear) || !DROPBEAR_MULTI |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
43 #if defined(DBMULTI_dropbear) && DROPBEAR_MULTI |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
44 int dropbear_main(int argc, char ** argv, const char* multipath) |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 #else |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 int main(int argc, char ** argv) |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 #endif |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 { |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
49 #if !DROPBEAR_MULTI |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
50 const char* multipath = NULL; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
51 #endif |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
52 |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
53 _dropbear_exit = svr_dropbear_exit; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
54 _dropbear_log = svr_dropbear_log; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
55 |
425 | 56 disallow_core(); |
57 | |
1861 | 58 if (argc < 1) { |
59 dropbear_exit("Bad argc"); | |
60 } | |
61 | |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
62 /* get commandline options */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
63 svr_getopts(argc, argv); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
64 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
65 #if INETD_MODE |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
66 /* service program mode */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
67 if (svr_opts.inetdmode) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
68 main_inetd(); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
69 /* notreached */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
70 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
71 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
72 |
1861 | 73 #if DROPBEAR_DO_REEXEC |
74 if (svr_opts.reexec_child) { | |
75 #ifdef PR_SET_NAME | |
76 /* Fix the "Name:" in /proc/pid/status, otherwise it's | |
77 a FD number from fexecve. | |
78 Failure doesn't really matter, it's mostly aesthetic */ | |
79 prctl(PR_SET_NAME, basename(argv[0]), 0, 0); | |
80 #endif | |
81 main_inetd(); | |
82 /* notreached */ | |
83 } | |
84 #endif | |
85 | |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
86 #if NON_INETD_MODE |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
87 main_noinetd(argc, argv, multipath); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
88 /* notreached */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
89 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
90 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
91 dropbear_exit("Compiled without normal mode, can't run without -i\n"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
92 return -1; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
93 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
94 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
95 |
1861 | 96 #if INETD_MODE || DROPBEAR_DO_REEXEC |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
97 static void main_inetd() { |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
98 char *host, *port = NULL; |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
99 |
1716
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
100 /* Set up handlers, syslog */ |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
101 commonsetup(); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
102 |
1716
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
103 seedrandom(); |
6ea18ca8fc03
Delay seedrandom until connections
Matt Johnston <matt@ucc.asn.au>
parents:
1706
diff
changeset
|
104 |
1861 | 105 if (!svr_opts.reexec_child) { |
106 /* In case our inetd was lax in logging source addresses */ | |
107 get_socket_address(0, NULL, NULL, &host, &port, 0); | |
108 dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port); | |
109 m_free(host); | |
110 m_free(port); | |
1498 | 111 |
1861 | 112 /* Don't check the return value - it may just fail since inetd has |
113 * already done setsid() after forking (xinetd on Darwin appears to do | |
114 * this */ | |
115 setsid(); | |
116 } | |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
117 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
118 /* Start service program |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
119 * -1 is a dummy childpipe, just something we can close() without |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
120 * mattering. */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
121 svr_session(0, -1); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
122 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
123 /* notreached */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
124 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
125 #endif /* INETD_MODE */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
126 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1495
diff
changeset
|
127 #if NON_INETD_MODE |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
128 static void main_noinetd(int argc, char ** argv, const char* multipath) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 fd_set fds; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 unsigned int i, j; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 int val; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 int maxsock = -1; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 int listensocks[MAX_LISTEN_ADDR]; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
134 size_t listensockcount = 0; |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
135 FILE *pidfile = NULL; |
1861 | 136 int execfd = -1; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
138 int childpipes[MAX_UNAUTH_CLIENTS]; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
139 char * preauth_addrs[MAX_UNAUTH_CLIENTS]; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
140 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 int childsock; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 int childpipe[2]; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 |
1861 | 144 (void)argc; |
145 (void)argv; | |
1873
2c9d635a1c04
Avoid unused argument warning when reexec is unused
Matt Johnston <matt@ucc.asn.au>
parents:
1870
diff
changeset
|
146 (void)multipath; |
1861 | 147 |
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
148 /* Note: commonsetup() must happen before we daemon()ise. Otherwise |
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
149 daemon() will chdir("/"), and we won't be able to find local-dir |
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
150 hostkeys. */ |
379
b66a00272a90
Load hostkeys before daemon(), since daemon()'s chdir("/") will prevent us
Matt Johnston <matt@ucc.asn.au>
parents:
323
diff
changeset
|
151 commonsetup(); |
b66a00272a90
Load hostkeys before daemon(), since daemon()'s chdir("/") will prevent us
Matt Johnston <matt@ucc.asn.au>
parents:
323
diff
changeset
|
152 |
447
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
153 /* sockets to identify pre-authenticated clients */ |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
154 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
155 childpipes[i] = -1; |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
156 } |
539
07a58e4da1ac
use memset() rather than bzero()
Matt Johnston <matt@ucc.asn.au>
parents:
476
diff
changeset
|
157 memset(preauth_addrs, 0x0, sizeof(preauth_addrs)); |
1861 | 158 |
447
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
159 /* Set up the listening sockets */ |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
160 listensockcount = listensockets(listensocks, MAX_LISTEN_ADDR, &maxsock); |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
161 if (listensockcount == 0) |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
162 { |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
163 dropbear_exit("No listening ports available."); |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
164 } |
278805938dcf
Patch from Nicolai Ehemann to try binding before going to the background,
Matt Johnston <matt@ucc.asn.au>
parents:
445
diff
changeset
|
165 |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
166 for (i = 0; i < listensockcount; i++) { |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
167 FD_SET(listensocks[i], &fds); |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
168 } |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
169 |
1861 | 170 #if DROPBEAR_DO_REEXEC |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
171 if (multipath) { |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
172 execfd = open(multipath, O_CLOEXEC|O_RDONLY); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
173 } else { |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
174 execfd = open(argv[0], O_CLOEXEC|O_RDONLY); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
175 } |
1861 | 176 if (execfd < 0) { |
177 /* Just fallback to straight fork */ | |
178 TRACE(("Couldn't open own binary %s, disabling re-exec: %s", argv[0], strerror(errno))) | |
179 } | |
180 #endif | |
181 | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 /* fork */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 if (svr_opts.forkbg) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 int closefds = 0; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
185 #if !DEBUG_TRACE |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1084
diff
changeset
|
186 if (!opts.usingsyslog) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 closefds = 1; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 #endif |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 if (daemon(0, closefds) < 0) { |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
191 dropbear_exit("Failed to daemonize: %s", strerror(errno)); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 /* should be done after syslog is working */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 if (svr_opts.forkbg) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 dropbear_log(LOG_INFO, "Running in background"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 } else { |
445
edbee0596531
"backgrounding" is more user-understandable than "forking"
Matt Johnston <matt@ucc.asn.au>
parents:
435
diff
changeset
|
199 dropbear_log(LOG_INFO, "Not backgrounding"); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 /* create a PID file so that we can be killed easily */ |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
298
diff
changeset
|
203 pidfile = fopen(svr_opts.pidfile, "w"); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 if (pidfile) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 fprintf(pidfile, "%d\n", getpid()); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 fclose(pidfile); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 /* incoming connection select loop */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 for(;;) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 |
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1508
diff
changeset
|
212 DROPBEAR_FD_ZERO(&fds); |
1861 | 213 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 /* listening sockets */ |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
215 for (i = 0; i < listensockcount; i++) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 FD_SET(listensocks[i], &fds); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 /* pre-authentication clients */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 if (childpipes[i] >= 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 FD_SET(childpipes[i], &fds); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 maxsock = MAX(maxsock, childpipes[i]); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
447
diff
changeset
|
227 val = select(maxsock+1, &fds, NULL, NULL, NULL); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
229 if (ses.exitflag) { |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
298
diff
changeset
|
230 unlink(svr_opts.pidfile); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 dropbear_exit("Terminated by signal"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 } |
1861 | 233 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 if (val == 0) { |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
447
diff
changeset
|
235 /* timeout reached - shouldn't happen. eh */ |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 if (val < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 if (errno == EINTR) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 dropbear_exit("Listening socket error"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
246 /* close fds which have been authed or closed - svr-auth.c handles |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 * closing the auth sockets on success */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 if (childpipes[i] >= 0 && FD_ISSET(childpipes[i], &fds)) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
250 m_close(childpipes[i]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 childpipes[i] = -1; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
252 m_free(preauth_addrs[i]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 /* handle each socket which has something to say */ |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
257 for (i = 0; i < listensockcount; i++) { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
258 size_t num_unauthed_for_addr = 0; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
259 size_t num_unauthed_total = 0; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
260 char *remote_host = NULL, *remote_port = NULL; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
261 pid_t fork_ret = 0; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
262 size_t conn_idx = 0; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
263 struct sockaddr_storage remoteaddr; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
264 socklen_t remoteaddrlen; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
265 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 if (!FD_ISSET(listensocks[i], &fds)) |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
268 |
62 | 269 remoteaddrlen = sizeof(remoteaddr); |
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
270 childsock = accept(listensocks[i], |
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
271 (struct sockaddr*)&remoteaddr, &remoteaddrlen); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 if (childsock < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
274 /* accept failed */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
275 continue; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
276 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
277 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
278 /* Limit the number of unauthenticated connections per IP */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
279 getaddrstring(&remoteaddr, &remote_host, NULL, 0); |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
280 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
281 num_unauthed_for_addr = 0; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
282 num_unauthed_total = 0; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
283 for (j = 0; j < MAX_UNAUTH_CLIENTS; j++) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
284 if (childpipes[j] >= 0) { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
285 num_unauthed_total++; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
286 if (strcmp(remote_host, preauth_addrs[j]) == 0) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
287 num_unauthed_for_addr++; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
288 } |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
289 } else { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
290 /* a free slot */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
291 conn_idx = j; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
292 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
293 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
294 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
295 if (num_unauthed_total >= MAX_UNAUTH_CLIENTS |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
296 || num_unauthed_for_addr >= MAX_UNAUTH_PER_IP) { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
297 goto out; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
298 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
299 |
687 | 300 seedrandom(); |
301 | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 if (pipe(childpipe) < 0) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
303 TRACE(("error creating child pipe")) |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
304 goto out; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
305 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
306 |
1677
e05c0e394f1d
Make DEBUG_NOFORK a #if not #ifdef
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
307 #if DEBUG_NOFORK |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
308 fork_ret = 0; |
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
309 #else |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
310 fork_ret = fork(); |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
311 #endif |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
312 if (fork_ret < 0) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
313 dropbear_log(LOG_WARNING, "Error forking: %s", strerror(errno)); |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
314 goto out; |
687 | 315 } |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
316 |
723 | 317 addrandom((void*)&fork_ret, sizeof(fork_ret)); |
1861 | 318 |
687 | 319 if (fork_ret > 0) { |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
320 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
321 /* parent */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
322 childpipes[conn_idx] = childpipe[0]; |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
323 m_close(childpipe[1]); |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
324 preauth_addrs[conn_idx] = remote_host; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
325 remote_host = NULL; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
326 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
327 } else { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
329 /* child */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
330 getaddrstring(&remoteaddr, NULL, &remote_port, 0); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
331 dropbear_log(LOG_INFO, "Child connection from %s:%s", remote_host, remote_port); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
332 m_free(remote_host); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
333 m_free(remote_port); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
334 |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
335 #ifndef DEBUG_NOFORK |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 if (setsid() < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
337 dropbear_exit("setsid: %s", strerror(errno)); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 } |
476
df7f7da7f6e4
- Rework pubkey options to be more careful about buffer lengths. Needs review.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
339 #endif |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
341 /* make sure we close sockets */ |
1270
6d00eca524fe
rename loop variable
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
342 for (j = 0; j < listensockcount; j++) { |
6d00eca524fe
rename loop variable
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
343 m_close(listensocks[j]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
344 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
346 m_close(childpipe[0]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 |
1861 | 348 if (execfd >= 0) { |
349 #if DROPBEAR_DO_REEXEC | |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
350 /* Add "-2" to the args and re-execute ourself. */ |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
351 char **new_argv = m_malloc(sizeof(char*) * (argc+3)); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
352 int pos0 = 0, new_argc = argc+1; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
353 |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
354 /* We need to specially handle "dropbearmulti dropbear". */ |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
355 if (multipath) { |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
356 new_argv[0] = (char*)multipath; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
357 pos0 = 1; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
358 new_argc++; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
359 } |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
360 |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
361 memcpy(&new_argv[pos0], argv, sizeof(char*) * argc); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
362 new_argv[new_argc-1] = "-2"; |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1866
diff
changeset
|
363 new_argv[new_argc] = NULL; |
1861 | 364 |
365 if ((dup2(childsock, STDIN_FILENO) < 0)) { | |
366 dropbear_exit("dup2 failed: %s", strerror(errno)); | |
367 } | |
1866
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
368 if (fcntl(childsock, F_SETFD, FD_CLOEXEC) < 0) { |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
369 TRACE(("cloexec for childsock %d failed: %s", childsock, strerror(errno))) |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
370 } |
1861 | 371 /* Re-execute ourself */ |
372 fexecve(execfd, new_argv, environ); | |
373 /* Not reached on success */ | |
374 | |
1866
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
375 /* Fall back on plain fork otherwise. |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
376 * To be removed in future once re-exec has been well tested */ |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
377 dropbear_log(LOG_WARNING, "fexecve failed, disabling re-exec: %s", strerror(errno)); |
adfcdfb161a4
Fix missing NULL terminator for re-exec
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
378 m_close(STDIN_FILENO); |
1861 | 379 m_free(new_argv); |
380 #endif /* DROPBEAR_DO_REEXEC */ | |
381 } | |
382 | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
383 /* start the session */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
384 svr_session(childsock, childpipe[1]); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
385 /* don't return */ |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
386 dropbear_assert(0); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
387 } |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
388 |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
389 out: |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
390 /* This section is important for the parent too */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
391 m_close(childsock); |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
392 if (remote_host) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
539
diff
changeset
|
393 m_free(remote_host); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
394 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
395 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 } /* for(;;) loop */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
397 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
398 /* don't reach here */ |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
399 } |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
400 #endif /* NON_INETD_MODE */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
401 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
402 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
403 /* catch + reap zombie children */ |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
404 static void sigchld_handler(int UNUSED(unused)) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
405 struct sigaction sa_chld; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
406 |
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
407 const int saved_errno = errno; |
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
408 |
1271
26622eee1e8b
Suspicious use of ;
Francois Perrad <francois.perrad@gadz.org>
parents:
1270
diff
changeset
|
409 while(waitpid(-1, NULL, WNOHANG) > 0) {} |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
410 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
411 sa_chld.sa_handler = sigchld_handler; |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
412 sa_chld.sa_flags = SA_NOCLDSTOP; |
1001 | 413 sigemptyset(&sa_chld.sa_mask); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
414 if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
415 dropbear_exit("signal() error"); |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
416 } |
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
417 errno = saved_errno; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
418 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
419 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
420 /* catch any segvs */ |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
421 static void sigsegv_handler(int UNUSED(unused)) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
422 fprintf(stderr, "Aiee, segfault! You should probably report " |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
423 "this as a bug to the developer\n"); |
893
860e3522f8fc
- Save errno in signal handlers
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
424 _exit(EXIT_FAILURE); |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
425 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
426 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
427 /* catch ctrl-c or sigterm */ |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
101
diff
changeset
|
428 static void sigintterm_handler(int UNUSED(unused)) { |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
429 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
430 ses.exitflag = 1; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
431 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
432 |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
433 /* Things used by inetd and non-inetd modes */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
434 static void commonsetup() { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
435 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
436 struct sigaction sa_chld; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
437 #ifndef DISABLE_SYSLOG |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1084
diff
changeset
|
438 if (opts.usingsyslog) { |
1211
6ecc133fb2ee
Allow setting syslog identifier via startsyslog().
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1210
diff
changeset
|
439 startsyslog(PROGNAME); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
440 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
441 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
442 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
443 /* set up cleanup handler */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
444 if (signal(SIGINT, sigintterm_handler) == SIG_ERR || |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
445 #ifndef DEBUG_VALGRIND |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
446 signal(SIGTERM, sigintterm_handler) == SIG_ERR || |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
447 #endif |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
448 signal(SIGPIPE, SIG_IGN) == SIG_ERR) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
449 dropbear_exit("signal() error"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
450 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
451 |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
452 /* catch and reap zombie children */ |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
453 sa_chld.sa_handler = sigchld_handler; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
454 sa_chld.sa_flags = SA_NOCLDSTOP; |
658
d4d0279710b9
- Initialise sa_mask properly
Matt Johnston <matt@ucc.asn.au>
parents:
656
diff
changeset
|
455 sigemptyset(&sa_chld.sa_mask); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
456 if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
457 dropbear_exit("signal() error"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
458 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
459 if (signal(SIGSEGV, sigsegv_handler) == SIG_ERR) { |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
460 dropbear_exit("signal() error"); |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
461 } |
113
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
462 |
795 | 463 crypto_init(); |
464 | |
113
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
465 /* Now we can setup the hostkeys - needs to be after logging is on, |
775c6cbfe995
Load the hostkeys for inetd too - oops
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
466 * otherwise we might end up blatting error messages to the socket */ |
795 | 467 load_all_hostkeys(); |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
468 } |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
63
diff
changeset
|
469 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
470 /* Set up listening sockets for all the requested ports */ |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
471 static size_t listensockets(int *socks, size_t sockcount, int *maxfd) { |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
472 |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
473 unsigned int i, n; |
62 | 474 char* errstring = NULL; |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
475 size_t sockpos = 0; |
62 | 476 int nsock; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
477 |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
893
diff
changeset
|
478 TRACE(("listensockets: %d to try", svr_opts.portcount)) |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
479 |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
480 for (i = 0; i < svr_opts.portcount; i++) { |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
481 |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
290
diff
changeset
|
482 TRACE(("listening on '%s:%s'", svr_opts.addresses[i], svr_opts.ports[i])) |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
483 |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
484 nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos], |
62 | 485 sockcount - sockpos, |
486 &errstring, maxfd); | |
487 | |
488 if (nsock < 0) { | |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
489 dropbear_log(LOG_WARNING, "Failed listening on '%s': %s", |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
71
diff
changeset
|
490 svr_opts.ports[i], errstring); |
62 | 491 m_free(errstring); |
492 continue; | |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
493 } |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
494 |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
495 for (n = 0; n < (unsigned int)nsock; n++) { |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
496 int sock = socks[sockpos + n]; |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
497 set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY); |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
498 #if DROPBEAR_SERVER_TCP_FAST_OPEN |
1023
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
499 set_listen_fast_open(sock); |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
500 #endif |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
501 } |
a00303a7d247
tcp fastopen for the server
Matt Johnston <matt@ucc.asn.au>
parents:
1001
diff
changeset
|
502 |
62 | 503 sockpos += nsock; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
504 |
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
505 } |
62 | 506 return sockpos; |
30
223b0f5f8dce
Switching to the magical new Makefile, and new dbmulti style
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
507 } |