Mercurial > dropbear

comparison svr-main.c @ 511:582cb38e4eb5 insecure-nocrypto

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a) to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 06 Nov 2008 13:16:55 +0000
parents df7f7da7f6e4
children 07a58e4da1ac
comparison
equal deleted inserted replaced
361:461c4b1fb35f 511:582cb38e4eb5
26 #include "dbutil.h" 26 #include "dbutil.h"
27 #include "session.h" 27 #include "session.h"
28 #include "buffer.h" 28 #include "buffer.h"
29 #include "signkey.h" 29 #include "signkey.h"
30 #include "runopts.h" 30 #include "runopts.h"
31 #include "random.h"
31 32
32 static size_t listensockets(int *sock, size_t sockcount, int *maxfd); 33 static size_t listensockets(int *sock, size_t sockcount, int *maxfd);
33 static void sigchld_handler(int dummy); 34 static void sigchld_handler(int dummy);
34 static void sigsegv_handler(int); 35 static void sigsegv_handler(int);
35 static void sigintterm_handler(int fish); 36 static void sigintterm_handler(int fish);
49 #endif 50 #endif
50 { 51 {
51 _dropbear_exit = svr_dropbear_exit; 52 _dropbear_exit = svr_dropbear_exit;
52 _dropbear_log = svr_dropbear_log; 53 _dropbear_log = svr_dropbear_log;
53 54
55 disallow_core();
56
54 /* get commandline options */ 57 /* get commandline options */
55 svr_getopts(argc, argv); 58 svr_getopts(argc, argv);
56 59
57 #ifdef INETD_MODE 60 #ifdef INETD_MODE
58 /* service program mode */ 61 /* service program mode */
106 #endif /* INETD_MODE */ 109 #endif /* INETD_MODE */
107 110
108 #ifdef NON_INETD_MODE 111 #ifdef NON_INETD_MODE
109 void main_noinetd() { 112 void main_noinetd() {
110 fd_set fds; 113 fd_set fds;
111 struct timeval seltimeout;
112 unsigned int i, j; 114 unsigned int i, j;
113 int val; 115 int val;
114 int maxsock = -1; 116 int maxsock = -1;
115 int listensocks[MAX_LISTEN_ADDR]; 117 int listensocks[MAX_LISTEN_ADDR];
116 size_t listensockcount = 0; 118 size_t listensockcount = 0;
120 char * preauth_addrs[MAX_UNAUTH_CLIENTS]; 122 char * preauth_addrs[MAX_UNAUTH_CLIENTS];
121 123
122 int childsock; 124 int childsock;
123 int childpipe[2]; 125 int childpipe[2];
124 126
125 /* fork */ 127 /* Note: commonsetup() must happen before we daemon()ise. Otherwise
126 if (svr_opts.forkbg) { 128 daemon() will chdir("/"), and we won't be able to find local-dir
127 int closefds = 0; 129 hostkeys. */
128 #ifndef DEBUG_TRACE
129 if (!svr_opts.usingsyslog) {
130 closefds = 1;
131 }
132 #endif
133 if (daemon(0, closefds) < 0) {
134 dropbear_exit("Failed to daemonize: %s", strerror(errno));
135 }
136 }
137
138 commonsetup(); 130 commonsetup();
139
140 /* should be done after syslog is working */
141 if (svr_opts.forkbg) {
142 dropbear_log(LOG_INFO, "Running in background");
143 } else {
144 dropbear_log(LOG_INFO, "Not forking");
145 }
146
147 /* create a PID file so that we can be killed easily */
148 pidfile = fopen(DROPBEAR_PIDFILE, "w");
149 if (pidfile) {
150 fprintf(pidfile, "%d\n", getpid());
151 fclose(pidfile);
152 }
153 131
154 /* sockets to identify pre-authenticated clients */ 132 /* sockets to identify pre-authenticated clients */
155 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { 133 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) {
156 childpipes[i] = -1; 134 childpipes[i] = -1;
157 } 135 }
162 if (listensockcount == 0) 140 if (listensockcount == 0)
163 { 141 {
164 dropbear_exit("No listening ports available."); 142 dropbear_exit("No listening ports available.");
165 } 143 }
166 144
145 /* fork */
146 if (svr_opts.forkbg) {
147 int closefds = 0;
148 #ifndef DEBUG_TRACE
149 if (!svr_opts.usingsyslog) {
150 closefds = 1;
151 }
152 #endif
153 if (daemon(0, closefds) < 0) {
154 dropbear_exit("Failed to daemonize: %s", strerror(errno));
155 }
156 }
157
158 /* should be done after syslog is working */
159 if (svr_opts.forkbg) {
160 dropbear_log(LOG_INFO, "Running in background");
161 } else {
162 dropbear_log(LOG_INFO, "Not backgrounding");
163 }
164
165 /* create a PID file so that we can be killed easily */
166 pidfile = fopen(svr_opts.pidfile, "w");
167 if (pidfile) {
168 fprintf(pidfile, "%d\n", getpid());
169 fclose(pidfile);
170 }
171
167 /* incoming connection select loop */ 172 /* incoming connection select loop */
168 for(;;) { 173 for(;;) {
169 174
170 FD_ZERO(&fds); 175 FD_ZERO(&fds);
171
172 seltimeout.tv_sec = 60;
173 seltimeout.tv_usec = 0;
174 176
175 /* listening sockets */ 177 /* listening sockets */
176 for (i = 0; i < listensockcount; i++) { 178 for (i = 0; i < listensockcount; i++) {
177 FD_SET(listensocks[i], &fds); 179 FD_SET(listensocks[i], &fds);
178 } 180 }
183 FD_SET(childpipes[i], &fds); 185 FD_SET(childpipes[i], &fds);
184 maxsock = MAX(maxsock, childpipes[i]); 186 maxsock = MAX(maxsock, childpipes[i]);
185 } 187 }
186 } 188 }
187 189
188 val = select(maxsock+1, &fds, NULL, NULL, &seltimeout); 190 val = select(maxsock+1, &fds, NULL, NULL, NULL);
189 191
190 if (exitflag) { 192 if (exitflag) {
191 unlink(DROPBEAR_PIDFILE); 193 unlink(svr_opts.pidfile);
192 dropbear_exit("Terminated by signal"); 194 dropbear_exit("Terminated by signal");
193 } 195 }
194 196
195 if (val == 0) { 197 if (val == 0) {
196 /* timeout reached */ 198 /* timeout reached - shouldn't happen. eh */
197 continue; 199 continue;
198 } 200 }
199 201
200 if (val < 0) { 202 if (val < 0) {
201 if (errno == EINTR) { 203 if (errno == EINTR) {
262 if (pipe(childpipe) < 0) { 264 if (pipe(childpipe) < 0) {
263 TRACE(("error creating child pipe")) 265 TRACE(("error creating child pipe"))
264 goto out; 266 goto out;
265 } 267 }
266 268
269 #ifdef DEBUG_NOFORK
270 fork_ret = 0;
271 #else
267 fork_ret = fork(); 272 fork_ret = fork();
273 #endif
268 if (fork_ret < 0) { 274 if (fork_ret < 0) {
269 dropbear_log(LOG_WARNING, "error forking: %s", strerror(errno)); 275 dropbear_log(LOG_WARNING, "error forking: %s", strerror(errno));
270 goto out; 276 goto out;
271 277
272 } else if (fork_ret > 0) { 278 } else if (fork_ret > 0) {
288 294
289 m_free(remote_addr_str); 295 m_free(remote_addr_str);
290 addrstring = getaddrstring(&remoteaddr, 1); 296 addrstring = getaddrstring(&remoteaddr, 1);
291 dropbear_log(LOG_INFO, "Child connection from %s", addrstring); 297 dropbear_log(LOG_INFO, "Child connection from %s", addrstring);
292 298
299 #ifndef DEBUG_NOFORK
293 if (setsid() < 0) { 300 if (setsid() < 0) {
294 dropbear_exit("setsid: %s", strerror(errno)); 301 dropbear_exit("setsid: %s", strerror(errno));
295 } 302 }
303 #endif
296 304
297 /* make sure we close sockets */ 305 /* make sure we close sockets */
298 for (i = 0; i < listensockcount; i++) { 306 for (i = 0; i < listensockcount; i++) {
299 m_close(listensocks[i]); 307 m_close(listensocks[i]);
300 } 308 }
395 403
396 TRACE(("listensockets: %d to try\n", svr_opts.portcount)) 404 TRACE(("listensockets: %d to try\n", svr_opts.portcount))
397 405
398 for (i = 0; i < svr_opts.portcount; i++) { 406 for (i = 0; i < svr_opts.portcount; i++) {
399 407
400 TRACE(("listening on '%s'", svr_opts.ports[i])) 408 TRACE(("listening on '%s:%s'", svr_opts.addresses[i], svr_opts.ports[i]))
401 409
402 nsock = dropbear_listen("", svr_opts.ports[i], &sock[sockpos], 410 nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &sock[sockpos],
403 sockcount - sockpos, 411 sockcount - sockpos,
404 &errstring, maxfd); 412 &errstring, maxfd);
405 413
406 if (nsock < 0) { 414 if (nsock < 0) {
407 dropbear_log(LOG_WARNING, "Failed listening on '%s': %s", 415 dropbear_log(LOG_WARNING, "Failed listening on '%s': %s",