/src/dropbear/src/svr-session.c

Source (jump to first uncovered line)
/*
 * Dropbear - a SSH2 server
 * 
 * Copyright (c) 2002,2003 Matt Johnston
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. */

#include "includes.h"
#include "session.h"
#include "dbutil.h"
#include "packet.h"
#include "algo.h"
#include "buffer.h"
#include "dss.h"
#include "ssh.h"
#include "dbrandom.h"
#include "kex.h"
#include "channel.h"
#include "chansession.h"
#include "atomicio.h"
#include "tcpfwd.h"
#include "service.h"
#include "auth.h"
#include "runopts.h"
#include "crypto_desc.h"
#include "fuzz.h"

static void svr_remoteclosed(void);
static void svr_algos_initialise(void);

struct serversession svr_ses; /* GLOBAL */

static const packettype svr_packettypes[] = {
  {SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
  {SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
  {SSH_MSG_USERAUTH_REQUEST, recv_msg_userauth_request}, /* server */
  {SSH_MSG_SERVICE_REQUEST, recv_msg_service_request}, /* server */
  {SSH_MSG_KEXINIT, recv_msg_kexinit},
  {SSH_MSG_KEXDH_INIT, recv_msg_kexdh_init}, /* server */
  {SSH_MSG_NEWKEYS, recv_msg_newkeys},
  {SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_remotetcp},
  {SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request},
  {SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
  {SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
  {SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
  {SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
  {SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
  {SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, /* for keepalive */
  {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, /* client */
#if DROPBEAR_LISTENERS
  {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
  {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
#endif
  {0, NULL} /* End */
};

static const struct ChanType *svr_chantypes[] = {
  &svrchansess,
#if DROPBEAR_SVR_LOCALTCPFWD
  &svr_chan_tcpdirect,
#endif
  NULL /* Null termination is mandatory. */
};

static void
svr_session_cleanup(void) {
  /* free potential public key options */
  svr_pubkey_options_cleanup();

  m_free(svr_ses.addrstring);
  m_free(svr_ses.remotehost);
  m_free(svr_ses.childpids);
  svr_ses.childpidsize = 0;

#if DROPBEAR_PLUGIN
        if (svr_ses.plugin_handle != NULL) {
            if (svr_ses.plugin_instance) {
                svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance);
                svr_ses.plugin_instance = NULL;
            }

            dlclose(svr_ses.plugin_handle);
            svr_ses.plugin_handle = NULL;
        }
#endif
}

void svr_session(int sock, int childpipe) {
  char *host, *port;
  size_t len;

  common_session_init(sock, sock);

  /* Initialise server specific parts of the session */
  svr_ses.childpipe = childpipe;
#if DROPBEAR_VFORK
  svr_ses.server_pid = getpid();
#endif

  /* for logging the remote address */
  get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
  len = strlen(host) + strlen(port) + 2;
  svr_ses.addrstring = m_malloc(len);
  snprintf(svr_ses.addrstring, len, "%s:%s", host, port);
  m_free(host);
  m_free(port);

#if DROPBEAR_PLUGIN
        /* Initializes the PLUGIN Plugin */
        svr_ses.plugin_handle = NULL;
        svr_ses.plugin_instance = NULL;
        if (svr_opts.pubkey_plugin) {
#if DEBUG_TRACE
            const int verbose = debug_trace;
#else
            const int verbose = 0;
#endif
            PubkeyExtPlugin_newFn  pluginConstructor;

            /* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */
            svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
            if (svr_ses.plugin_handle == NULL) {
                dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror());
            }
            pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
            if (!pluginConstructor) {
                dropbear_exit("plugin constructor method not found in external pubkey plugin");
            }

            /* Create an instance of the plugin */
            svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
            if (svr_ses.plugin_instance == NULL) {
                dropbear_exit("external plugin initialization failed");
            }
            /* Check if the plugin is compatible */
            if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) ||
                 (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) {
                dropbear_exit("plugin version check failed: "
                              "Dropbear=%d.%d, plugin=%d.%d",
                        DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
                        svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
            }
            if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) {
                dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: "
                              "Dropbear=%d.%d, plugin=%d.%d",
                        DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
                        svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
            }
            dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin);
        }
#endif

  svr_authinitialise();
  chaninitialise(svr_chantypes);
  svr_chansessinitialise();
  svr_algos_initialise();

  get_socket_address(ses.sock_in, NULL, NULL, 
      &svr_ses.remotehost, NULL, 1);

  /* set up messages etc */
  ses.remoteclosed = svr_remoteclosed;
  ses.extra_session_cleanup = svr_session_cleanup;

  /* packet handlers */
  ses.packettypes = svr_packettypes;

  ses.isserver = 1;

  /* We're ready to go now */
  ses.init_done = 1;

  /* exchange identification, version etc */
  send_session_identification();
  
  kexfirstinitialise(); /* initialise the kex state */

  /* start off with key exchange */
  send_msg_kexinit();

#if DROPBEAR_FUZZ
    if (fuzz.fuzzing) {
        fuzz_svr_hook_preloop();
    }
#endif

  /* Run the main for-loop. */
  session_loop(svr_chansess_checksignal);

  /* Not reached */

}

/* cleanup and exit - format must be <= 100 chars */
void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
  char exitmsg[150];
  char fullmsg[300];
  char fromaddr[60];
  int i;
  int add_delay = 0;

#if DROPBEAR_PLUGIN
  if ((ses.plugin_session != NULL)) {
    svr_ses.plugin_instance->delete_session(ses.plugin_session);
  }
  ses.plugin_session = NULL;
  svr_opts.pubkey_plugin_options = NULL;
  m_free(svr_opts.pubkey_plugin);
#endif

  /* Render the formatted exit message */
  vsnprintf(exitmsg, sizeof(exitmsg), format, param);

  /* svr_ses.addrstring may not be set for some early exits, or for
  the listener process */
  fromaddr[0] = '\0';
  if (svr_ses.addrstring) {
      snprintf(fromaddr, sizeof(fromaddr), " from <%s>", svr_ses.addrstring);
    }

  /* Add the prefix depending on session/auth state */
  if (!ses.init_done) {
    /* before session init */
    snprintf(fullmsg, sizeof(fullmsg), "Early exit%s: %s", fromaddr, exitmsg);
  } else if (ses.authstate.authdone) {
    /* user has authenticated */
    snprintf(fullmsg, sizeof(fullmsg),
        "Exit (%s)%s: %s", 
        ses.authstate.pw_name, fromaddr, exitmsg);
  } else if (ses.authstate.pw_name) {
    /* we have a potential user */
    snprintf(fullmsg, sizeof(fullmsg), 
        "Exit before auth%s: (user '%s', %u fails): %s",
        fromaddr, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
    add_delay = 1;
  } else {
    /* before userauth */
    snprintf(fullmsg, sizeof(fullmsg), "Exit before auth%s: %s", fromaddr, exitmsg);
    add_delay = 1;
  }

  dropbear_log(LOG_INFO, "%s", fullmsg);

  /* To make it harder for attackers, introduce a delay to keep an
   * unauthenticated session open a bit longer, thus blocking a connection
   * slot until after the delay. Without this, while there is a limit on
   * the amount of attempts an attacker can make at the same time
   * (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt
   * is still short and thus for each of the allowed parallel attempts
   * many attempts can be chained one after the other. The attempt rate is
   * then:
   *     "MAX_UNAUTH_PER_IP / <process time of one attempt>".
   * With the delay, this rate becomes:
   *     "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
   */
  if ((add_delay != 0) && (UNAUTH_CLOSE_DELAY > 0)) {
    TRACE(("svr_dropbear_exit: start delay of %d seconds", UNAUTH_CLOSE_DELAY));
    sleep(UNAUTH_CLOSE_DELAY);
    TRACE(("svr_dropbear_exit: end delay of %d seconds", UNAUTH_CLOSE_DELAY));
  }

#if DROPBEAR_VFORK
  /* For uclinux only the main server process should cleanup - we don't want
   * forked children doing that */
  if (svr_ses.server_pid == getpid())
#endif
  {
    /* must be after we've done with username etc */
    session_cleanup();
  }

#if DROPBEAR_FUZZ
  /* longjmp before cleaning up svr_opts */
    if (fuzz.do_jmp) {
        longjmp(fuzz.jmp, 1);
    }
#endif

  if (svr_opts.hostkey) {
    sign_key_free(svr_opts.hostkey);
    svr_opts.hostkey = NULL;
  }
  for (i = 0; i < DROPBEAR_MAX_PORTS; i++) {
    m_free(svr_opts.addresses[i]);
    m_free(svr_opts.ports[i]);
  }

    
  exit(exitcode);

}

/* priority is priority as with syslog() */
void svr_dropbear_log(int priority, const char* format, va_list param) {

  char printbuf[1024];
  char datestr[20];
  time_t timesec;
  int havetrace = 0;

  vsnprintf(printbuf, sizeof(printbuf), format, param);

#ifndef DISABLE_SYSLOG
  if (opts.usingsyslog) {
    syslog(priority, "%s", printbuf);
  }
#endif

  /* if we are using DEBUG_TRACE, we want to print to stderr even if
   * syslog is used, so it is included in error reports */
#if DEBUG_TRACE
  havetrace = debug_trace;
#endif

  if (!opts.usingsyslog || havetrace) {
    struct tm * local_tm = NULL;
    timesec = time(NULL);
    local_tm = localtime(&timesec);
    if (local_tm == NULL
      || strftime(datestr, sizeof(datestr), "%b %d %H:%M:%S", 
            local_tm) == 0)
    {
      /* upon failure, just print the epoch-seconds time. */
      snprintf(datestr, sizeof(datestr), "%d", (int)timesec);
    }
    fprintf(stderr, "[%d] %s %s\n", getpid(), datestr, printbuf);
  }
}

/* called when the remote side closes the connection */
static void svr_remoteclosed() {

  m_close(ses.sock_in);
  if (ses.sock_in != ses.sock_out) {
    m_close(ses.sock_out);
  }
  ses.sock_in = -1;
  ses.sock_out = -1;
  dropbear_close("Exited normally");

}

static void svr_algos_initialise(void) {
  algo_type *algo;
  for (algo = sshkex; algo->name; algo++) {
#if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
    if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
      algo->usable = 0;
    }
#endif
#if DROPBEAR_EXT_INFO
    if (strcmp(algo->name, SSH_EXT_INFO_C) == 0) {
      algo->usable = 0;
    }
#endif
  }
}


Coverage Report

Created: 2023-09-25 06:08

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Dropbear - a SSH2 server
3		*
4		* Copyright (c) 2002,2003 Matt Johnston
5		* All rights reserved.
6		*
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in
15		* all copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23		* SOFTWARE. */
24
25		#include "includes.h"
26		#include "session.h"
27		#include "dbutil.h"
28		#include "packet.h"
29		#include "algo.h"
30		#include "buffer.h"
31		#include "dss.h"
32		#include "ssh.h"
33		#include "dbrandom.h"
34		#include "kex.h"
35		#include "channel.h"
36		#include "chansession.h"
37		#include "atomicio.h"
38		#include "tcpfwd.h"
39		#include "service.h"
40		#include "auth.h"
41		#include "runopts.h"
42		#include "crypto_desc.h"
43		#include "fuzz.h"
44
45		static void svr_remoteclosed(void);
46		static void svr_algos_initialise(void);
47
48		struct serversession svr_ses; /* GLOBAL */
49
50		static const packettype svr_packettypes[] = {
51		{SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
52		{SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
53		{SSH_MSG_USERAUTH_REQUEST, recv_msg_userauth_request}, /* server */
54		{SSH_MSG_SERVICE_REQUEST, recv_msg_service_request}, /* server */
55		{SSH_MSG_KEXINIT, recv_msg_kexinit},
56		{SSH_MSG_KEXDH_INIT, recv_msg_kexdh_init}, /* server */
57		{SSH_MSG_NEWKEYS, recv_msg_newkeys},
58		{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_remotetcp},
59		{SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request},
60		{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
61		{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
62		{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
63		{SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
64		{SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
65		{SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, /* for keepalive */
66		{SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, /* client */
67		#if DROPBEAR_LISTENERS
68		{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
69		{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
70		#endif
71		{0, NULL} /* End */
72		};
73
74		static const struct ChanType *svr_chantypes[] = {
75		&svrchansess,
76		#if DROPBEAR_SVR_LOCALTCPFWD
77		&svr_chan_tcpdirect,
78		#endif
79		NULL /* Null termination is mandatory. */
80		};
81
82		static void
83	0	svr_session_cleanup(void) {
84		/* free potential public key options */
85	0	svr_pubkey_options_cleanup();
86
87	0	m_free(svr_ses.addrstring);
88	0	m_free(svr_ses.remotehost);
89	0	m_free(svr_ses.childpids);
90	0	svr_ses.childpidsize = 0;
91
92		#if DROPBEAR_PLUGIN
93		if (svr_ses.plugin_handle != NULL) {
94		if (svr_ses.plugin_instance) {
95		svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance);
96		svr_ses.plugin_instance = NULL;
97		}
98
99		dlclose(svr_ses.plugin_handle);
100		svr_ses.plugin_handle = NULL;
101		}
102		#endif
103	0	}
104
105	0	void svr_session(int sock, int childpipe) {
106	0	char host, port;
107	0	size_t len;
108
109	0	common_session_init(sock, sock);
110
111		/* Initialise server specific parts of the session */
112	0	svr_ses.childpipe = childpipe;
113		#if DROPBEAR_VFORK
114		svr_ses.server_pid = getpid();
115		#endif
116
117		/* for logging the remote address */
118	0	get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
119	0	len = strlen(host) + strlen(port) + 2;
120	0	svr_ses.addrstring = m_malloc(len);
121	0	snprintf(svr_ses.addrstring, len, "%s:%s", host, port);
122	0	m_free(host);
123	0	m_free(port);
124
125		#if DROPBEAR_PLUGIN
126		/* Initializes the PLUGIN Plugin */
127		svr_ses.plugin_handle = NULL;
128		svr_ses.plugin_instance = NULL;
129		if (svr_opts.pubkey_plugin) {
130		#if DEBUG_TRACE
131		const int verbose = debug_trace;
132		#else
133		const int verbose = 0;
134		#endif
135		PubkeyExtPlugin_newFn pluginConstructor;
136
137		/* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */
138		svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
139		if (svr_ses.plugin_handle == NULL) {
140		dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror());
141		}
142		pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
143		if (!pluginConstructor) {
144		dropbear_exit("plugin constructor method not found in external pubkey plugin");
145		}
146
147		/* Create an instance of the plugin */
148		svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
149		if (svr_ses.plugin_instance == NULL) {
150		dropbear_exit("external plugin initialization failed");
151		}
152		/* Check if the plugin is compatible */
153		if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) \|\|
154		(svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) {
155		dropbear_exit("plugin version check failed: "
156		"Dropbear=%d.%d, plugin=%d.%d",
157		DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
158		svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
159		}
160		if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) {
161		dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: "
162		"Dropbear=%d.%d, plugin=%d.%d",
163		DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
164		svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
165		}
166		dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin);
167		}
168		#endif
169
170	0	svr_authinitialise();
171	0	chaninitialise(svr_chantypes);
172	0	svr_chansessinitialise();
173	0	svr_algos_initialise();
174
175	0	get_socket_address(ses.sock_in, NULL, NULL,
176	0	&svr_ses.remotehost, NULL, 1);
177
178		/* set up messages etc */
179	0	ses.remoteclosed = svr_remoteclosed;
180	0	ses.extra_session_cleanup = svr_session_cleanup;
181
182		/* packet handlers */
183	0	ses.packettypes = svr_packettypes;
184
185	0	ses.isserver = 1;
186
187		/* We're ready to go now */
188	0	ses.init_done = 1;
189
190		/* exchange identification, version etc */
191	0	send_session_identification();
192
193	0	kexfirstinitialise(); /* initialise the kex state */
194
195		/* start off with key exchange */
196	0	send_msg_kexinit();
197
198	0	#if DROPBEAR_FUZZ
199	0	if (fuzz.fuzzing) {
200	0	fuzz_svr_hook_preloop();
201	0	}
202	0	#endif
203
204		/* Run the main for-loop. */
205	0	session_loop(svr_chansess_checksignal);
206
207		/* Not reached */
208
209	0	}
210
211		/* cleanup and exit - format must be <= 100 chars */
212	150	void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
213	150	char exitmsg[150];
214	150	char fullmsg[300];
215	150	char fromaddr[60];
216	150	int i;
217	150	int add_delay = 0;
218
219		#if DROPBEAR_PLUGIN
220		if ((ses.plugin_session != NULL)) {
221		svr_ses.plugin_instance->delete_session(ses.plugin_session);
222		}
223		ses.plugin_session = NULL;
224		svr_opts.pubkey_plugin_options = NULL;
225		m_free(svr_opts.pubkey_plugin);
226		#endif
227
228		/* Render the formatted exit message */
229	150	vsnprintf(exitmsg, sizeof(exitmsg), format, param);
230
231		/* svr_ses.addrstring may not be set for some early exits, or for
232		the listener process */
233	150	fromaddr[0] = '\0';
234	150	if (svr_ses.addrstring) {
235	0	snprintf(fromaddr, sizeof(fromaddr), " from <%s>", svr_ses.addrstring);
236	0	}
237
238		/* Add the prefix depending on session/auth state */
239	150	if (!ses.init_done) {
240		/* before session init */
241	150	snprintf(fullmsg, sizeof(fullmsg), "Early exit%s: %s", fromaddr, exitmsg);
242	150	} else if (ses.authstate.authdone) {
243		/* user has authenticated */
244	0	snprintf(fullmsg, sizeof(fullmsg),
245	0	"Exit (%s)%s: %s",
246	0	ses.authstate.pw_name, fromaddr, exitmsg);
247	0	} else if (ses.authstate.pw_name) {
248		/* we have a potential user */
249	0	snprintf(fullmsg, sizeof(fullmsg),
250	0	"Exit before auth%s: (user '%s', %u fails): %s",
251	0	fromaddr, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
252	0	add_delay = 1;
253	0	} else {
254		/* before userauth */
255	0	snprintf(fullmsg, sizeof(fullmsg), "Exit before auth%s: %s", fromaddr, exitmsg);
256	0	add_delay = 1;
257	0	}
258
259	150	dropbear_log(LOG_INFO, "%s", fullmsg);
260
261		/* To make it harder for attackers, introduce a delay to keep an
262		* unauthenticated session open a bit longer, thus blocking a connection
263		* slot until after the delay. Without this, while there is a limit on
264		* the amount of attempts an attacker can make at the same time
265		* (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt
266		* is still short and thus for each of the allowed parallel attempts
267		* many attempts can be chained one after the other. The attempt rate is
268		* then:
269		* "MAX_UNAUTH_PER_IP / <process time of one attempt>".
270		* With the delay, this rate becomes:
271		* "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
272		*/
273	150	if ((add_delay != 0) && (UNAUTH_CLOSE_DELAY > 0)) {
274	0	TRACE(("svr_dropbear_exit: start delay of %d seconds", UNAUTH_CLOSE_DELAY));
275	0	sleep(UNAUTH_CLOSE_DELAY);
276	0	TRACE(("svr_dropbear_exit: end delay of %d seconds", UNAUTH_CLOSE_DELAY));
277	0	}
278
279		#if DROPBEAR_VFORK
280		/* For uclinux only the main server process should cleanup - we don't want
281		* forked children doing that */
282		if (svr_ses.server_pid == getpid())
283		#endif
284	150	{
285		/* must be after we've done with username etc */
286	150	session_cleanup();
287	150	}
288
289	150	#if DROPBEAR_FUZZ
290		/* longjmp before cleaning up svr_opts */
291	150	if (fuzz.do_jmp) {
292	150	longjmp(fuzz.jmp, 1);
293	150	}
294	0	#endif
295
296	0	if (svr_opts.hostkey) {
297	0	sign_key_free(svr_opts.hostkey);
298	0	svr_opts.hostkey = NULL;
299	0	}
300	0	for (i = 0; i < DROPBEAR_MAX_PORTS; i++) {
301	0	m_free(svr_opts.addresses[i]);
302	0	m_free(svr_opts.ports[i]);
303	0	}
304
305
306	0	exit(exitcode);
307
308	150	}
309
310		/* priority is priority as with syslog() */
311	0	void svr_dropbear_log(int priority, const char* format, va_list param) {
312
313	0	char printbuf[1024];
314	0	char datestr[20];
315	0	time_t timesec;
316	0	int havetrace = 0;
317
318	0	vsnprintf(printbuf, sizeof(printbuf), format, param);
319
320	0	#ifndef DISABLE_SYSLOG
321	0	if (opts.usingsyslog) {
322	0	syslog(priority, "%s", printbuf);
323	0	}
324	0	#endif
325
326		/* if we are using DEBUG_TRACE, we want to print to stderr even if
327		* syslog is used, so it is included in error reports */
328		#if DEBUG_TRACE
329		havetrace = debug_trace;
330		#endif
331
332	0	if (!opts.usingsyslog \|\| havetrace) {
333	0	struct tm * local_tm = NULL;
334	0	timesec = time(NULL);
335	0	local_tm = localtime(&timesec);
336	0	if (local_tm == NULL
337	0	\|\| strftime(datestr, sizeof(datestr), "%b %d %H:%M:%S",
338	0	local_tm) == 0)
339	0	{
340		/* upon failure, just print the epoch-seconds time. */
341	0	snprintf(datestr, sizeof(datestr), "%d", (int)timesec);
342	0	}
343	0	fprintf(stderr, "[%d] %s %s\n", getpid(), datestr, printbuf);
344	0	}
345	0	}
346
347		/* called when the remote side closes the connection */
348	0	static void svr_remoteclosed() {
349
350	0	m_close(ses.sock_in);
351	0	if (ses.sock_in != ses.sock_out) {
352	0	m_close(ses.sock_out);
353	0	}
354	0	ses.sock_in = -1;
355	0	ses.sock_out = -1;
356	0	dropbear_close("Exited normally");
357
358	0	}
359
360	0	static void svr_algos_initialise(void) {
361	0	algo_type *algo;
362	0	for (algo = sshkex; algo->name; algo++) {
363		#if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
364		if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
365		algo->usable = 0;
366		}
367		#endif
368	0	#if DROPBEAR_EXT_INFO
369	0	if (strcmp(algo->name, SSH_EXT_INFO_C) == 0) {
370	0	algo->usable = 0;
371	0	}
372	0	#endif
373	0	}
374	0	}
375