diff --git a/defs.h b/defs.h index 6c37b99c..e9050cf9 100644 --- a/defs.h +++ b/defs.h @@ -79,6 +79,7 @@ typedef struct MontgomeryPoint MontgomeryPoint; typedef struct EdwardsCurve EdwardsCurve; typedef struct EdwardsPoint EdwardsPoint; +typedef struct SshServerConfig SshServerConfig; typedef struct SftpServer SftpServer; typedef struct SftpServerVtable SftpServerVtable; diff --git a/ssh.c b/ssh.c index 6ef60453..3ac5534f 100644 --- a/ssh.c +++ b/ssh.c @@ -283,7 +283,7 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv, #else NULL, #endif - &ssh->stats, transport_child_layer, false); + &ssh->stats, transport_child_layer, NULL); ssh_connect_ppl(ssh, ssh->base_layer); if (userauth_layer) diff --git a/ssh1connection-server.c b/ssh1connection-server.c index 14a54ae7..41786306 100644 --- a/ssh1connection-server.c +++ b/ssh1connection-server.c @@ -45,6 +45,14 @@ static const struct SshChannelVtable ssh1sesschan_vtable = { NULL /* hint_channel_is_simple */, }; +void ssh1connection_server_configure( + PacketProtocolLayer *ppl, const SshServerConfig *ssc) +{ + struct ssh1_connection_state *s = + container_of(ppl, struct ssh1_connection_state, ppl); + s->ssc = ssc; +} + void ssh1_connection_direction_specific_setup( struct ssh1_connection_state *s) { diff --git a/ssh1connection.h b/ssh1connection.h index a9ef072a..0e5a71fd 100644 --- a/ssh1connection.h +++ b/ssh1connection.h @@ -52,6 +52,8 @@ struct ssh1_connection_state { bool compressing; /* used in server mode only */ bool sent_exit_status; /* also for server mode */ + const SshServerConfig *ssc; + ConnectionLayer cl; PacketProtocolLayer ppl; }; diff --git a/ssh1login-server.c b/ssh1login-server.c index c27882d7..9d9685a9 100644 --- a/ssh1login-server.c +++ b/ssh1login-server.c @@ -17,6 +17,8 @@ struct ssh1_login_server_state { PacketProtocolLayer *successor_layer; + const SshServerConfig *ssc; + int remote_protoflags; int local_protoflags; unsigned long supported_ciphers_mask, supported_auths_mask; @@ -70,12 +72,13 @@ static void no_progress(void *param, int action, int phase, int iprogress) {} PacketProtocolLayer *ssh1_login_server_new( PacketProtocolLayer *successor_layer, RSAKey *hostkey, - AuthPolicy *authpolicy) + AuthPolicy *authpolicy, const SshServerConfig *ssc) { struct ssh1_login_server_state *s = snew(struct ssh1_login_server_state); memset(s, 0, sizeof(*s)); s->ppl.vt = &ssh1_login_server_vtable; + s->ssc = ssc; s->hostkey = hostkey; s->authpolicy = authpolicy; diff --git a/ssh2connection-server.c b/ssh2connection-server.c index 274d9e3e..a8ff1b0a 100644 --- a/ssh2connection-server.c +++ b/ssh2connection-server.c @@ -14,11 +14,13 @@ #include "sshserver.h" void ssh2connection_server_configure( - PacketProtocolLayer *ppl, const SftpServerVtable *sftpserver_vt) + PacketProtocolLayer *ppl, const SftpServerVtable *sftpserver_vt, + const SshServerConfig *ssc) { struct ssh2_connection_state *s = container_of(ppl, struct ssh2_connection_state, ppl); s->sftpserver_vt = sftpserver_vt; + s->ssc = ssc; } static ChanopenResult chan_open_session( diff --git a/ssh2connection.h b/ssh2connection.h index 3858414c..82145fca 100644 --- a/ssh2connection.h +++ b/ssh2connection.h @@ -41,6 +41,7 @@ struct ssh2_connection_state { int antispoof_ret; const SftpServerVtable *sftpserver_vt; + const SshServerConfig *ssc; /* * These store the list of global requests that we're waiting for diff --git a/ssh2transport.c b/ssh2transport.c index 5e8955a0..d73211ab 100644 --- a/ssh2transport.c +++ b/ssh2transport.c @@ -115,7 +115,7 @@ PacketProtocolLayer *ssh2_transport_new( const char *client_greeting, const char *server_greeting, struct ssh_connection_shared_gss_state *shgss, struct DataTransferStats *stats, PacketProtocolLayer *higher_layer, - bool is_server) + const SshServerConfig *ssc) { struct ssh2_transport_state *s = snew(struct ssh2_transport_state); memset(s, 0, sizeof(*s)); @@ -151,7 +151,8 @@ PacketProtocolLayer *ssh2_transport_new( s->outgoing_kexinit = strbuf_new(); s->incoming_kexinit = strbuf_new(); - if (is_server) { + if (ssc) { + s->ssc = ssc; s->client_kexinit = s->incoming_kexinit; s->server_kexinit = s->outgoing_kexinit; s->out.mkkey_adjust = 1; diff --git a/ssh2transport.h b/ssh2transport.h index 37bc5708..ca5236a9 100644 --- a/ssh2transport.h +++ b/ssh2transport.h @@ -139,6 +139,8 @@ struct ssh2_transport_state { struct DataTransferStats *stats; + const SshServerConfig *ssc; + char *client_greeting, *server_greeting; bool kex_in_progress; diff --git a/ssh2userauth-server.c b/ssh2userauth-server.c index 465a710f..b515afeb 100644 --- a/ssh2userauth-server.c +++ b/ssh2userauth-server.c @@ -24,6 +24,7 @@ struct ssh2_userauth_server_state { ptrlen session_id; AuthPolicy *authpolicy; + const SshServerConfig *ssc; ptrlen username, service, method; unsigned methods, this_method; @@ -64,7 +65,8 @@ static void free_auth_kbdint(AuthKbdInt *aki) } PacketProtocolLayer *ssh2_userauth_server_new( - PacketProtocolLayer *successor_layer, AuthPolicy *authpolicy) + PacketProtocolLayer *successor_layer, AuthPolicy *authpolicy, + const SshServerConfig *ssc) { struct ssh2_userauth_server_state *s = snew(struct ssh2_userauth_server_state); @@ -73,6 +75,7 @@ PacketProtocolLayer *ssh2_userauth_server_new( s->successor_layer = successor_layer; s->authpolicy = authpolicy; + s->ssc = ssc; return &s->ppl; } diff --git a/sshppl.h b/sshppl.h index d6b1140a..baae1d83 100644 --- a/sshppl.h +++ b/sshppl.h @@ -103,7 +103,7 @@ PacketProtocolLayer *ssh2_transport_new( const char *client_greeting, const char *server_greeting, struct ssh_connection_shared_gss_state *shgss, struct DataTransferStats *stats, PacketProtocolLayer *higher_layer, - bool is_server); + const SshServerConfig *ssc); PacketProtocolLayer *ssh2_userauth_new( PacketProtocolLayer *successor_layer, const char *hostname, const char *fullhostname, diff --git a/sshserver.c b/sshserver.c index 5c34bb35..700d793b 100644 --- a/sshserver.c +++ b/sshserver.c @@ -36,6 +36,7 @@ struct server { bool frozen; Conf *conf; + const SshServerConfig *ssc; ssh_key *const *hostkeys; int nhostkeys; RSAKey *hostkey1; @@ -223,7 +224,8 @@ static const PlugVtable ssh_server_plugvt = { }; Plug *ssh_server_plug( - Conf *conf, ssh_key *const *hostkeys, int nhostkeys, + Conf *conf, const SshServerConfig *ssc, + ssh_key *const *hostkeys, int nhostkeys, RSAKey *hostkey1, AuthPolicy *authpolicy, LogPolicy *logpolicy, const SftpServerVtable *sftpserver_vt) { @@ -233,6 +235,7 @@ Plug *ssh_server_plug( srv->plug.vt = &ssh_server_plugvt; srv->conf = conf_copy(conf); + srv->ssc = ssc; srv->logctx = log_init(logpolicy, conf); conf_set_bool(srv->conf, CONF_ssh_no_shell, true); srv->nhostkeys = nhostkeys; @@ -431,7 +434,8 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv, connection_layer = ssh2_connection_new( &srv->ssh, NULL, false, srv->conf, ssh_verstring_get_local(old_bpp), &srv->cl); - ssh2connection_server_configure(connection_layer, srv->sftpserver_vt); + ssh2connection_server_configure(connection_layer, + srv->sftpserver_vt, srv->ssc); server_connect_ppl(srv, connection_layer); if (conf_get_bool(srv->conf, CONF_ssh_no_userauth)) { @@ -439,7 +443,7 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv, transport_child_layer = connection_layer; } else { userauth_layer = ssh2_userauth_server_new( - connection_layer, srv->authpolicy); + connection_layer, srv->authpolicy, srv->ssc); server_connect_ppl(srv, userauth_layer); transport_child_layer = userauth_layer; } @@ -453,7 +457,7 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv, #else NULL, #endif - &srv->stats, transport_child_layer, true); + &srv->stats, transport_child_layer, srv->ssc); ssh2_transport_provide_hostkeys( srv->base_layer, srv->hostkeys, srv->nhostkeys); if (userauth_layer) @@ -466,10 +470,11 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv, server_connect_bpp(srv); connection_layer = ssh1_connection_new(&srv->ssh, srv->conf, &srv->cl); + ssh1connection_server_configure(connection_layer, srv->ssc); server_connect_ppl(srv, connection_layer); srv->base_layer = ssh1_login_server_new( - connection_layer, srv->hostkey1, srv->authpolicy); + connection_layer, srv->hostkey1, srv->authpolicy, srv->ssc); server_connect_ppl(srv, srv->base_layer); } diff --git a/sshserver.h b/sshserver.h index 2d6f8298..c91eb724 100644 --- a/sshserver.h +++ b/sshserver.h @@ -1,7 +1,12 @@ typedef struct AuthPolicy AuthPolicy; +struct SshServerConfig { + int dummy; /* no fields in here yet */ +}; + Plug *ssh_server_plug( - Conf *conf, ssh_key *const *hostkeys, int nhostkeys, + Conf *conf, const SshServerConfig *ssc, + ssh_key *const *hostkeys, int nhostkeys, RSAKey *hostkey1, AuthPolicy *authpolicy, LogPolicy *logpolicy, const SftpServerVtable *sftpserver_vt); void ssh_server_start(Plug *plug, Socket *socket); @@ -67,16 +72,20 @@ RSAKey *auth_publickey_ssh1( bool auth_successful(AuthPolicy *, ptrlen username, unsigned method); PacketProtocolLayer *ssh2_userauth_server_new( - PacketProtocolLayer *successor_layer, AuthPolicy *authpolicy); + PacketProtocolLayer *successor_layer, AuthPolicy *authpolicy, + const SshServerConfig *ssc); void ssh2_userauth_server_set_transport_layer( PacketProtocolLayer *userauth, PacketProtocolLayer *transport); void ssh2connection_server_configure( - PacketProtocolLayer *ppl, const SftpServerVtable *sftpserver_vt); + PacketProtocolLayer *ppl, const SftpServerVtable *sftpserver_vt, + const SshServerConfig *ssc); +void ssh1connection_server_configure( + PacketProtocolLayer *ppl, const SshServerConfig *ssc); PacketProtocolLayer *ssh1_login_server_new( PacketProtocolLayer *successor_layer, RSAKey *hostkey, - AuthPolicy *authpolicy); + AuthPolicy *authpolicy, const SshServerConfig *ssc); Channel *sesschan_new(SshChannel *c, LogContext *logctx, const SftpServerVtable *sftpserver_vt); diff --git a/unix/uxserver.c b/unix/uxserver.c index 0e7a4512..04229a29 100644 --- a/unix/uxserver.c +++ b/unix/uxserver.c @@ -366,6 +366,7 @@ int main(int argc, char **argv) RSAKey *hostkey1 = NULL; AuthPolicy ap; + SshServerConfig ssc; Conf *conf = conf_new(); load_open_settings(NULL, conf); @@ -374,6 +375,8 @@ int main(int argc, char **argv) ap.ssh1keys = NULL; ap.ssh2keys = NULL; + memset(&ssc, 0, sizeof(ssc)); + if (argc <= 1) { /* * We're going to terminate with an error message below, @@ -548,7 +551,7 @@ int main(int argc, char **argv) { Plug *plug = ssh_server_plug( - conf, hostkeys, nhostkeys, hostkey1, &ap, server_logpolicy, + conf, &ssc, hostkeys, nhostkeys, hostkey1, &ap, server_logpolicy, &unix_live_sftpserver_vt); ssh_server_start(plug, make_fd_socket(0, 1, -1, plug)); }