Mercurial > dropbear
comparison svr-main.c @ 579:8c737cd7c1af
merge of '48fdaa8706d1acda35e9d564adc9a1fbc96c18c8'
and '658fd03abd21e0da7c4c89b9fff9dc693c72daae'
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 27 Feb 2010 11:53:18 +0000 |
| parents | 005530560594 |
| children | a98a2138364a |
comparison
equal
deleted
inserted
replaced
| 577:69e98c45db7c | 579:8c737cd7c1af |
|---|---|
| 75 } | 75 } |
| 76 #endif | 76 #endif |
| 77 | 77 |
| 78 #ifdef INETD_MODE | 78 #ifdef INETD_MODE |
| 79 static void main_inetd() { | 79 static void main_inetd() { |
| 80 | 80 char *host, *port = NULL; |
| 81 struct sockaddr_storage remoteaddr; | |
| 82 socklen_t remoteaddrlen; | |
| 83 char * addrstring = NULL; | |
| 84 | 81 |
| 85 /* Set up handlers, syslog, seed random */ | 82 /* Set up handlers, syslog, seed random */ |
| 86 commonsetup(); | 83 commonsetup(); |
| 87 | 84 |
| 88 remoteaddrlen = sizeof(remoteaddr); | |
| 89 if (getpeername(0, (struct sockaddr*)&remoteaddr, &remoteaddrlen) < 0) { | |
| 90 dropbear_exit("Unable to getpeername: %s", strerror(errno)); | |
| 91 } | |
| 92 | |
| 93 /* In case our inetd was lax in logging source addresses */ | 85 /* In case our inetd was lax in logging source addresses */ |
| 94 addrstring = getaddrstring(&remoteaddr, 1); | 86 get_socket_address(0, NULL, NULL, &host, &port, 0); |
| 95 dropbear_log(LOG_INFO, "Child connection from %s", addrstring); | 87 dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port); |
| 88 m_free(host); | |
| 89 m_free(port); | |
| 96 | 90 |
| 97 /* Don't check the return value - it may just fail since inetd has | 91 /* Don't check the return value - it may just fail since inetd has |
| 98 * already done setsid() after forking (xinetd on Darwin appears to do | 92 * already done setsid() after forking (xinetd on Darwin appears to do |
| 99 * this */ | 93 * this */ |
| 100 setsid(); | 94 setsid(); |
| 101 | 95 |
| 102 /* Start service program | 96 /* Start service program |
| 103 * -1 is a dummy childpipe, just something we can close() without | 97 * -1 is a dummy childpipe, just something we can close() without |
| 104 * mattering. */ | 98 * mattering. */ |
| 105 svr_session(0, -1, getaddrhostname(&remoteaddr), addrstring); | 99 svr_session(0, -1); |
| 106 | 100 |
| 107 /* notreached */ | 101 /* notreached */ |
| 108 } | 102 } |
| 109 #endif /* INETD_MODE */ | 103 #endif /* INETD_MODE */ |
| 110 | 104 |
| 131 | 125 |
| 132 /* sockets to identify pre-authenticated clients */ | 126 /* sockets to identify pre-authenticated clients */ |
| 133 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { | 127 for (i = 0; i < MAX_UNAUTH_CLIENTS; i++) { |
| 134 childpipes[i] = -1; | 128 childpipes[i] = -1; |
| 135 } | 129 } |
| 136 bzero(preauth_addrs, sizeof(preauth_addrs)); | 130 memset(preauth_addrs, 0x0, sizeof(preauth_addrs)); |
| 137 | 131 |
| 138 /* Set up the listening sockets */ | 132 /* Set up the listening sockets */ |
| 139 listensockcount = listensockets(listensocks, MAX_LISTEN_ADDR, &maxsock); | 133 listensockcount = listensockets(listensocks, MAX_LISTEN_ADDR, &maxsock); |
| 140 if (listensockcount == 0) | 134 if (listensockcount == 0) |
| 141 { | 135 { |
| 216 } | 210 } |
| 217 } | 211 } |
| 218 | 212 |
| 219 /* handle each socket which has something to say */ | 213 /* handle each socket which has something to say */ |
| 220 for (i = 0; i < listensockcount; i++) { | 214 for (i = 0; i < listensockcount; i++) { |
| 221 | |
| 222 struct sockaddr_storage remoteaddr; | |
| 223 socklen_t remoteaddrlen = 0; | |
| 224 size_t num_unauthed_for_addr = 0; | 215 size_t num_unauthed_for_addr = 0; |
| 225 size_t num_unauthed_total = 0; | 216 size_t num_unauthed_total = 0; |
| 226 char * remote_addr_str = NULL; | 217 char *remote_host = NULL, *remote_port = NULL; |
| 227 pid_t fork_ret = 0; | 218 pid_t fork_ret = 0; |
| 228 size_t conn_idx = 0; | 219 size_t conn_idx = 0; |
| 220 struct sockaddr_storage remoteaddr; | |
| 221 socklen_t remoteaddrlen; | |
| 229 | 222 |
| 230 if (!FD_ISSET(listensocks[i], &fds)) | 223 if (!FD_ISSET(listensocks[i], &fds)) |
| 231 continue; | 224 continue; |
| 232 | 225 |
| 233 remoteaddrlen = sizeof(remoteaddr); | 226 remoteaddrlen = sizeof(remoteaddr); |
| 238 /* accept failed */ | 231 /* accept failed */ |
| 239 continue; | 232 continue; |
| 240 } | 233 } |
| 241 | 234 |
| 242 /* Limit the number of unauthenticated connections per IP */ | 235 /* Limit the number of unauthenticated connections per IP */ |
| 243 remote_addr_str = getaddrstring(&remoteaddr, 0); | 236 getaddrstring(&remoteaddr, &remote_host, NULL, 0); |
| 244 | 237 |
| 245 num_unauthed_for_addr = 0; | 238 num_unauthed_for_addr = 0; |
| 246 num_unauthed_total = 0; | 239 num_unauthed_total = 0; |
| 247 for (j = 0; j < MAX_UNAUTH_CLIENTS; j++) { | 240 for (j = 0; j < MAX_UNAUTH_CLIENTS; j++) { |
| 248 if (childpipes[j] >= 0) { | 241 if (childpipes[j] >= 0) { |
| 249 num_unauthed_total++; | 242 num_unauthed_total++; |
| 250 if (strcmp(remote_addr_str, preauth_addrs[j]) == 0) { | 243 if (strcmp(remote_host, preauth_addrs[j]) == 0) { |
| 251 num_unauthed_for_addr++; | 244 num_unauthed_for_addr++; |
| 252 } | 245 } |
| 253 } else { | 246 } else { |
| 254 /* a free slot */ | 247 /* a free slot */ |
| 255 conn_idx = j; | 248 conn_idx = j; |
| 278 } else if (fork_ret > 0) { | 271 } else if (fork_ret > 0) { |
| 279 | 272 |
| 280 /* parent */ | 273 /* parent */ |
| 281 childpipes[conn_idx] = childpipe[0]; | 274 childpipes[conn_idx] = childpipe[0]; |
| 282 m_close(childpipe[1]); | 275 m_close(childpipe[1]); |
| 283 preauth_addrs[conn_idx] = remote_addr_str; | 276 preauth_addrs[conn_idx] = remote_host; |
| 284 remote_addr_str = NULL; | 277 remote_host = NULL; |
| 285 | 278 |
| 286 } else { | 279 } else { |
| 287 | 280 |
| 288 /* child */ | 281 /* child */ |
| 289 char * addrstring = NULL; | |
| 290 #ifdef DEBUG_FORKGPROF | 282 #ifdef DEBUG_FORKGPROF |
| 291 extern void _start(void), etext(void); | 283 extern void _start(void), etext(void); |
| 292 monstartup((u_long)&_start, (u_long)&etext); | 284 monstartup((u_long)&_start, (u_long)&etext); |
| 293 #endif /* DEBUG_FORKGPROF */ | 285 #endif /* DEBUG_FORKGPROF */ |
| 294 | 286 |
| 295 m_free(remote_addr_str); | 287 getaddrstring(&remoteaddr, NULL, &remote_port, 0); |
| 296 addrstring = getaddrstring(&remoteaddr, 1); | 288 dropbear_log(LOG_INFO, "Child connection from %s:%s", remote_host, remote_port); |
| 297 dropbear_log(LOG_INFO, "Child connection from %s", addrstring); | 289 m_free(remote_host); |
| 290 m_free(remote_port); | |
| 298 | 291 |
| 299 #ifndef DEBUG_NOFORK | 292 #ifndef DEBUG_NOFORK |
| 300 if (setsid() < 0) { | 293 if (setsid() < 0) { |
| 301 dropbear_exit("setsid: %s", strerror(errno)); | 294 dropbear_exit("setsid: %s", strerror(errno)); |
| 302 } | 295 } |
| 308 } | 301 } |
| 309 | 302 |
| 310 m_close(childpipe[0]); | 303 m_close(childpipe[0]); |
| 311 | 304 |
| 312 /* start the session */ | 305 /* start the session */ |
| 313 svr_session(childsock, childpipe[1], | 306 svr_session(childsock, childpipe[1]); |
| 314 getaddrhostname(&remoteaddr), | |
| 315 addrstring); | |
| 316 /* don't return */ | 307 /* don't return */ |
| 317 dropbear_assert(0); | 308 dropbear_assert(0); |
| 318 } | 309 } |
| 319 | 310 |
| 320 out: | 311 out: |
| 321 /* This section is important for the parent too */ | 312 /* This section is important for the parent too */ |
| 322 m_close(childsock); | 313 m_close(childsock); |
| 323 if (remote_addr_str) { | 314 if (remote_host) { |
| 324 m_free(remote_addr_str); | 315 m_free(remote_host); |
| 325 } | 316 } |
| 326 } | 317 } |
| 327 } /* for(;;) loop */ | 318 } /* for(;;) loop */ |
| 328 | 319 |
| 329 /* don't reach here */ | 320 /* don't reach here */ |