/src/dropbear/src/svr-session.c

Source (jump to first uncovered line)
/*
 * Dropbear - a SSH2 server
 * 
 * Copyright (c) 2002,2003 Matt Johnston
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. */

#include "includes.h"
#include "session.h"
#include "dbutil.h"
#include "packet.h"
#include "algo.h"
#include "buffer.h"
#include "dss.h"
#include "ssh.h"
#include "dbrandom.h"
#include "kex.h"
#include "channel.h"
#include "chansession.h"
#include "atomicio.h"
#include "tcpfwd.h"
#include "service.h"
#include "auth.h"
#include "runopts.h"
#include "crypto_desc.h"
#include "fuzz.h"

static void svr_remoteclosed(void);
static void svr_algos_initialise(void);

struct serversession svr_ses; /* GLOBAL */

static const packettype svr_packettypes[] = {
  {SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
  {SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
  {SSH_MSG_USERAUTH_REQUEST, recv_msg_userauth_request}, /* server */
  {SSH_MSG_SERVICE_REQUEST, recv_msg_service_request}, /* server */
  {SSH_MSG_KEXINIT, recv_msg_kexinit},
  {SSH_MSG_KEXDH_INIT, recv_msg_kexdh_init}, /* server */
  {SSH_MSG_NEWKEYS, recv_msg_newkeys},
  {SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_remotetcp},
  {SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request},
  {SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
  {SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
  {SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
  {SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
  {SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
  {SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, /* for keepalive */
  {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, /* client */
#if DROPBEAR_LISTENERS
  {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
  {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
#endif
  {0, NULL} /* End */
};

static const struct ChanType *svr_chantypes[] = {
  &svrchansess,
#if DROPBEAR_SVR_LOCALTCPFWD
  &svr_chan_tcpdirect,
#endif
#if DROPBEAR_SVR_LOCALSTREAMFWD
  &svr_chan_streamlocal,
#endif
  NULL /* Null termination is mandatory. */
};

static void
svr_session_cleanup(void) {
  /* free potential public key options */
  svr_pubkey_options_cleanup();

  m_free(svr_ses.addrstring);
  m_free(svr_ses.remotehost);
  m_free(svr_ses.childpids);
  svr_ses.childpidsize = 0;

#if DROPBEAR_PLUGIN
        if (svr_ses.plugin_handle != NULL) {
            if (svr_ses.plugin_instance) {
                svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance);
                svr_ses.plugin_instance = NULL;
            }

            dlclose(svr_ses.plugin_handle);
            svr_ses.plugin_handle = NULL;
        }
#endif
}

void svr_session(int sock, int childpipe) {
  char *host, *port;
  size_t len;

  common_session_init(sock, sock);

  /* Initialise server specific parts of the session */
  svr_ses.childpipe = childpipe;
#if DROPBEAR_VFORK
  svr_ses.server_pid = getpid();
#endif

  /* for logging the remote address */
  get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
  len = strlen(host) + strlen(port) + 2;
  svr_ses.addrstring = m_malloc(len);
  snprintf(svr_ses.addrstring, len, "%s:%s", host, port);
  m_free(host);
  m_free(port);

#if DROPBEAR_PLUGIN
        /* Initializes the PLUGIN Plugin */
        svr_ses.plugin_handle = NULL;
        svr_ses.plugin_instance = NULL;
        if (svr_opts.pubkey_plugin) {
#if DEBUG_TRACE
            const int verbose = debug_trace;
#else
            const int verbose = 0;
#endif
            PubkeyExtPlugin_newFn  pluginConstructor;

            /* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */
            svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
            if (svr_ses.plugin_handle == NULL) {
                dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror());
            }
            pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
            if (!pluginConstructor) {
                dropbear_exit("plugin constructor method not found in external pubkey plugin");
            }

            /* Create an instance of the plugin */
            svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
            if (svr_ses.plugin_instance == NULL) {
                dropbear_exit("external plugin initialization failed");
            }
            /* Check if the plugin is compatible */
            if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) ||
                 (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) {
                dropbear_exit("plugin version check failed: "
                              "Dropbear=%d.%d, plugin=%d.%d",
                        DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
                        svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
            }
            if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) {
                dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: "
                              "Dropbear=%d.%d, plugin=%d.%d",
                        DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
                        svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
            }
            dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin);
        }
#endif

  svr_authinitialise();
  chaninitialise(svr_chantypes);
  svr_chansessinitialise();
  svr_algos_initialise();

  get_socket_address(ses.sock_in, NULL, NULL, 
      &svr_ses.remotehost, NULL, 1);

  /* set up messages etc */
  ses.remoteclosed = svr_remoteclosed;
  ses.extra_session_cleanup = svr_session_cleanup;

  /* packet handlers */
  ses.packettypes = svr_packettypes;

  ses.isserver = 1;

  /* We're ready to go now */
  ses.init_done = 1;

  /* exchange identification, version etc */
  send_session_identification();
  
  kexfirstinitialise(); /* initialise the kex state */

  /* start off with key exchange */
  send_msg_kexinit();

#if DROPBEAR_FUZZ
    if (fuzz.fuzzing) {
        fuzz_svr_hook_preloop();
    }
#endif

  /* Run the main for-loop. */
  session_loop(svr_chansess_checksignal);

  /* Not reached */

}

/* cleanup and exit - format must be <= 100 chars */
void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
  char exitmsg[150];
  char fullmsg[300];
  char fromaddr[60];
  int i;
  int add_delay = 0;

#if DROPBEAR_PLUGIN
  if ((ses.plugin_session != NULL)) {
    svr_ses.plugin_instance->delete_session(ses.plugin_session);
  }
  ses.plugin_session = NULL;
  svr_opts.pubkey_plugin_options = NULL;
  m_free(svr_opts.pubkey_plugin);
#endif

  /* Render the formatted exit message */
  vsnprintf(exitmsg, sizeof(exitmsg), format, param);

  /* svr_ses.addrstring may not be set for some early exits, or for
  the listener process */
  fromaddr[0] = '\0';
  if (svr_ses.addrstring) {
      snprintf(fromaddr, sizeof(fromaddr), " from <%s>", svr_ses.addrstring);
    }

  /* Add the prefix depending on session/auth state */
  if (!ses.init_done) {
    /* before session init */
    snprintf(fullmsg, sizeof(fullmsg), "Early exit%s: %s", fromaddr, exitmsg);
  } else if (ses.authstate.authdone) {
    /* user has authenticated */
    snprintf(fullmsg, sizeof(fullmsg),
        "Exit (%s)%s: %s", 
        ses.authstate.pw_name, fromaddr, exitmsg);
  } else if (ses.authstate.pw_name) {
    /* we have a potential user */
    snprintf(fullmsg, sizeof(fullmsg), 
        "Exit before auth%s: (user '%s', %u fails): %s",
        fromaddr, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
    add_delay = 1;
  } else {
    /* before userauth */
    snprintf(fullmsg, sizeof(fullmsg), "Exit before auth%s: %s", fromaddr, exitmsg);
    add_delay = 1;
  }

  dropbear_log(LOG_INFO, "%s", fullmsg);

  /* To make it harder for attackers, introduce a delay to keep an
   * unauthenticated session open a bit longer, thus blocking a connection
   * slot until after the delay. Without this, while there is a limit on
   * the amount of attempts an attacker can make at the same time
   * (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt
   * is still short and thus for each of the allowed parallel attempts
   * many attempts can be chained one after the other. The attempt rate is
   * then:
   *     "MAX_UNAUTH_PER_IP / <process time of one attempt>".
   * With the delay, this rate becomes:
   *     "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
   */
  if ((add_delay != 0) && (UNAUTH_CLOSE_DELAY > 0)) {
    TRACE(("svr_dropbear_exit: start delay of %d seconds", UNAUTH_CLOSE_DELAY));
    sleep(UNAUTH_CLOSE_DELAY);
    TRACE(("svr_dropbear_exit: end delay of %d seconds", UNAUTH_CLOSE_DELAY));
  }

#if DROPBEAR_VFORK
  /* For uclinux only the main server process should cleanup - we don't want
   * forked children doing that */
  if (svr_ses.server_pid == getpid())
#endif
  {
    /* must be after we've done with username etc */
    session_cleanup();
  }

#if DROPBEAR_FUZZ
  /* longjmp before cleaning up svr_opts */
    if (fuzz.do_jmp) {
        longjmp(fuzz.jmp, 1);
    }
#endif

  if (svr_opts.hostkey) {
    sign_key_free(svr_opts.hostkey);
    svr_opts.hostkey = NULL;
  }
  for (i = 0; i < DROPBEAR_MAX_PORTS; i++) {
    m_free(svr_opts.addresses[i]);
    m_free(svr_opts.ports[i]);
  }

    
  exit(exitcode);

}

/* priority is priority as with syslog() */
void svr_dropbear_log(int priority, const char* format, va_list param) {

  char printbuf[1024];
  char datestr[20];
  time_t timesec;
  int havetrace = 0;

  vsnprintf(printbuf, sizeof(printbuf), format, param);

#ifndef DISABLE_SYSLOG
  if (opts.usingsyslog) {
    syslog(priority, "%s", printbuf);
  }
#endif

  /* if we are using DEBUG_TRACE, we want to print to stderr even if
   * syslog is used, so it is included in error reports */
#if DEBUG_TRACE
  havetrace = debug_trace;
#endif

  if (!opts.usingsyslog || havetrace) {
    struct tm * local_tm = NULL;
    timesec = time(NULL);
    local_tm = localtime(&timesec);
    if (local_tm == NULL
      || strftime(datestr, sizeof(datestr), "%b %d %H:%M:%S", 
            local_tm) == 0)
    {
      /* upon failure, just print the epoch-seconds time. */
      snprintf(datestr, sizeof(datestr), "%d", (int)timesec);
    }
    fprintf(stderr, "[%d] %s %s\n", getpid(), datestr, printbuf);
  }
}

/* called when the remote side closes the connection */
static void svr_remoteclosed() {

  m_close(ses.sock_in);
  if (ses.sock_in != ses.sock_out) {
    m_close(ses.sock_out);
  }
  ses.sock_in = -1;
  ses.sock_out = -1;
  dropbear_close("Exited normally");

}

static void svr_algos_initialise(void) {
  algo_type *algo;
  for (algo = sshkex; algo->name; algo++) {
#if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
    if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
      algo->usable = 0;
    }
#endif
#if DROPBEAR_EXT_INFO
    if (strcmp(algo->name, SSH_EXT_INFO_C) == 0) {
      algo->usable = 0;
    }
#endif
    if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) {
      algo->usable = 0;
    }
  }
}


Coverage Report

Created: 2025-07-18 06:52

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Dropbear - a SSH2 server
3		*
4		* Copyright (c) 2002,2003 Matt Johnston
5		* All rights reserved.
6		*
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in
15		* all copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23		* SOFTWARE. */
24
25		#include "includes.h"
26		#include "session.h"
27		#include "dbutil.h"
28		#include "packet.h"
29		#include "algo.h"
30		#include "buffer.h"
31		#include "dss.h"
32		#include "ssh.h"
33		#include "dbrandom.h"
34		#include "kex.h"
35		#include "channel.h"
36		#include "chansession.h"
37		#include "atomicio.h"
38		#include "tcpfwd.h"
39		#include "service.h"
40		#include "auth.h"
41		#include "runopts.h"
42		#include "crypto_desc.h"
43		#include "fuzz.h"
44
45		static void svr_remoteclosed(void);
46		static void svr_algos_initialise(void);
47
48		struct serversession svr_ses; /* GLOBAL */
49
50		static const packettype svr_packettypes[] = {
51		{SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
52		{SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
53		{SSH_MSG_USERAUTH_REQUEST, recv_msg_userauth_request}, /* server */
54		{SSH_MSG_SERVICE_REQUEST, recv_msg_service_request}, /* server */
55		{SSH_MSG_KEXINIT, recv_msg_kexinit},
56		{SSH_MSG_KEXDH_INIT, recv_msg_kexdh_init}, /* server */
57		{SSH_MSG_NEWKEYS, recv_msg_newkeys},
58		{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_remotetcp},
59		{SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request},
60		{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
61		{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
62		{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
63		{SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
64		{SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
65		{SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, /* for keepalive */
66		{SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, /* client */
67		#if DROPBEAR_LISTENERS
68		{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
69		{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
70		#endif
71		{0, NULL} /* End */
72		};
73
74		static const struct ChanType *svr_chantypes[] = {
75		&svrchansess,
76		#if DROPBEAR_SVR_LOCALTCPFWD
77		&svr_chan_tcpdirect,
78		#endif
79		#if DROPBEAR_SVR_LOCALSTREAMFWD
80		&svr_chan_streamlocal,
81		#endif
82		NULL /* Null termination is mandatory. */
83		};
84
85		static void
86	2.98k	svr_session_cleanup(void) {
87		/* free potential public key options */
88	2.98k	svr_pubkey_options_cleanup();
89
90	2.98k	m_free(svr_ses.addrstring);
91	2.98k	m_free(svr_ses.remotehost);
92	2.98k	m_free(svr_ses.childpids);
93	2.98k	svr_ses.childpidsize = 0;
94
95		#if DROPBEAR_PLUGIN
96		if (svr_ses.plugin_handle != NULL) {
97		if (svr_ses.plugin_instance) {
98		svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance);
99		svr_ses.plugin_instance = NULL;
100		}
101
102		dlclose(svr_ses.plugin_handle);
103		svr_ses.plugin_handle = NULL;
104		}
105		#endif
106	2.98k	}
107
108	2.98k	void svr_session(int sock, int childpipe) {
109	2.98k	char host, port;
110	2.98k	size_t len;
111
112	2.98k	common_session_init(sock, sock);
113
114		/* Initialise server specific parts of the session */
115	2.98k	svr_ses.childpipe = childpipe;
116		#if DROPBEAR_VFORK
117		svr_ses.server_pid = getpid();
118		#endif
119
120		/* for logging the remote address */
121	2.98k	get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
122	2.98k	len = strlen(host) + strlen(port) + 2;
123	2.98k	svr_ses.addrstring = m_malloc(len);
124	2.98k	snprintf(svr_ses.addrstring, len, "%s:%s", host, port);
125	2.98k	m_free(host);
126	2.98k	m_free(port);
127
128		#if DROPBEAR_PLUGIN
129		/* Initializes the PLUGIN Plugin */
130		svr_ses.plugin_handle = NULL;
131		svr_ses.plugin_instance = NULL;
132		if (svr_opts.pubkey_plugin) {
133		#if DEBUG_TRACE
134		const int verbose = debug_trace;
135		#else
136		const int verbose = 0;
137		#endif
138		PubkeyExtPlugin_newFn pluginConstructor;
139
140		/* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */
141		svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
142		if (svr_ses.plugin_handle == NULL) {
143		dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror());
144		}
145		pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
146		if (!pluginConstructor) {
147		dropbear_exit("plugin constructor method not found in external pubkey plugin");
148		}
149
150		/* Create an instance of the plugin */
151		svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
152		if (svr_ses.plugin_instance == NULL) {
153		dropbear_exit("external plugin initialization failed");
154		}
155		/* Check if the plugin is compatible */
156		if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) \|\|
157		(svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) {
158		dropbear_exit("plugin version check failed: "
159		"Dropbear=%d.%d, plugin=%d.%d",
160		DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
161		svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
162		}
163		if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) {
164		dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: "
165		"Dropbear=%d.%d, plugin=%d.%d",
166		DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
167		svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
168		}
169		dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin);
170		}
171		#endif
172
173	2.98k	svr_authinitialise();
174	2.98k	chaninitialise(svr_chantypes);
175	2.98k	svr_chansessinitialise();
176	2.98k	svr_algos_initialise();
177
178	2.98k	get_socket_address(ses.sock_in, NULL, NULL,
179	2.98k	&svr_ses.remotehost, NULL, 1);
180
181		/* set up messages etc */
182	2.98k	ses.remoteclosed = svr_remoteclosed;
183	2.98k	ses.extra_session_cleanup = svr_session_cleanup;
184
185		/* packet handlers */
186	2.98k	ses.packettypes = svr_packettypes;
187
188	2.98k	ses.isserver = 1;
189
190		/* We're ready to go now */
191	2.98k	ses.init_done = 1;
192
193		/* exchange identification, version etc */
194	2.98k	send_session_identification();
195
196	2.98k	kexfirstinitialise(); /* initialise the kex state */
197
198		/* start off with key exchange */
199	2.98k	send_msg_kexinit();
200
201	2.98k	#if DROPBEAR_FUZZ
202	2.98k	if (fuzz.fuzzing) {
203	2.98k	fuzz_svr_hook_preloop();
204	2.98k	}
205	2.98k	#endif
206
207		/* Run the main for-loop. */
208	2.98k	session_loop(svr_chansess_checksignal);
209
210		/* Not reached */
211
212	2.98k	}
213
214		/* cleanup and exit - format must be <= 100 chars */
215	2.98k	void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
216	2.98k	char exitmsg[150];
217	2.98k	char fullmsg[300];
218	2.98k	char fromaddr[60];
219	2.98k	int i;
220	2.98k	int add_delay = 0;
221
222		#if DROPBEAR_PLUGIN
223		if ((ses.plugin_session != NULL)) {
224		svr_ses.plugin_instance->delete_session(ses.plugin_session);
225		}
226		ses.plugin_session = NULL;
227		svr_opts.pubkey_plugin_options = NULL;
228		m_free(svr_opts.pubkey_plugin);
229		#endif
230
231		/* Render the formatted exit message */
232	2.98k	vsnprintf(exitmsg, sizeof(exitmsg), format, param);
233
234		/* svr_ses.addrstring may not be set for some early exits, or for
235		the listener process */
236	2.98k	fromaddr[0] = '\0';
237	2.98k	if (svr_ses.addrstring) {
238	2.98k	snprintf(fromaddr, sizeof(fromaddr), " from <%s>", svr_ses.addrstring);
239	2.98k	}
240
241		/* Add the prefix depending on session/auth state */
242	2.98k	if (!ses.init_done) {
243		/* before session init */
244	0	snprintf(fullmsg, sizeof(fullmsg), "Early exit%s: %s", fromaddr, exitmsg);
245	2.98k	} else if (ses.authstate.authdone) {
246		/* user has authenticated */
247	0	snprintf(fullmsg, sizeof(fullmsg),
248	0	"Exit (%s)%s: %s",
249	0	ses.authstate.pw_name, fromaddr, exitmsg);
250	2.98k	} else if (ses.authstate.pw_name) {
251		/* we have a potential user */
252	17	snprintf(fullmsg, sizeof(fullmsg),
253	17	"Exit before auth%s: (user '%s', %u fails): %s",
254	17	fromaddr, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
255	17	add_delay = 1;
256	2.96k	} else {
257		/* before userauth */
258	2.96k	snprintf(fullmsg, sizeof(fullmsg), "Exit before auth%s: %s", fromaddr, exitmsg);
259	2.96k	add_delay = 1;
260	2.96k	}
261
262	2.98k	dropbear_log(LOG_INFO, "%s", fullmsg);
263
264		/* To make it harder for attackers, introduce a delay to keep an
265		* unauthenticated session open a bit longer, thus blocking a connection
266		* slot until after the delay. Without this, while there is a limit on
267		* the amount of attempts an attacker can make at the same time
268		* (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt
269		* is still short and thus for each of the allowed parallel attempts
270		* many attempts can be chained one after the other. The attempt rate is
271		* then:
272		* "MAX_UNAUTH_PER_IP / <process time of one attempt>".
273		* With the delay, this rate becomes:
274		* "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
275		*/
276	2.98k	if ((add_delay != 0) && (UNAUTH_CLOSE_DELAY > 0)) {
277	0	TRACE(("svr_dropbear_exit: start delay of %d seconds", UNAUTH_CLOSE_DELAY));
278	0	sleep(UNAUTH_CLOSE_DELAY);
279	0	TRACE(("svr_dropbear_exit: end delay of %d seconds", UNAUTH_CLOSE_DELAY));
280	0	}
281
282		#if DROPBEAR_VFORK
283		/* For uclinux only the main server process should cleanup - we don't want
284		* forked children doing that */
285		if (svr_ses.server_pid == getpid())
286		#endif
287	2.98k	{
288		/* must be after we've done with username etc */
289	2.98k	session_cleanup();
290	2.98k	}
291
292	2.98k	#if DROPBEAR_FUZZ
293		/* longjmp before cleaning up svr_opts */
294	2.98k	if (fuzz.do_jmp) {
295	2.98k	longjmp(fuzz.jmp, 1);
296	2.98k	}
297	0	#endif
298
299	0	if (svr_opts.hostkey) {
300	0	sign_key_free(svr_opts.hostkey);
301	0	svr_opts.hostkey = NULL;
302	0	}
303	0	for (i = 0; i < DROPBEAR_MAX_PORTS; i++) {
304	0	m_free(svr_opts.addresses[i]);
305	0	m_free(svr_opts.ports[i]);
306	0	}
307
308
309	0	exit(exitcode);
310
311	2.98k	}
312
313		/* priority is priority as with syslog() */
314	0	void svr_dropbear_log(int priority, const char* format, va_list param) {
315
316	0	char printbuf[1024];
317	0	char datestr[20];
318	0	time_t timesec;
319	0	int havetrace = 0;
320
321	0	vsnprintf(printbuf, sizeof(printbuf), format, param);
322
323	0	#ifndef DISABLE_SYSLOG
324	0	if (opts.usingsyslog) {
325	0	syslog(priority, "%s", printbuf);
326	0	}
327	0	#endif
328
329		/* if we are using DEBUG_TRACE, we want to print to stderr even if
330		* syslog is used, so it is included in error reports */
331		#if DEBUG_TRACE
332		havetrace = debug_trace;
333		#endif
334
335	0	if (!opts.usingsyslog \|\| havetrace) {
336	0	struct tm * local_tm = NULL;
337	0	timesec = time(NULL);
338	0	local_tm = localtime(&timesec);
339	0	if (local_tm == NULL
340	0	\|\| strftime(datestr, sizeof(datestr), "%b %d %H:%M:%S",
341	0	local_tm) == 0)
342	0	{
343		/* upon failure, just print the epoch-seconds time. */
344	0	snprintf(datestr, sizeof(datestr), "%d", (int)timesec);
345	0	}
346	0	fprintf(stderr, "[%d] %s %s\n", getpid(), datestr, printbuf);
347	0	}
348	0	}
349
350		/* called when the remote side closes the connection */
351	1.32k	static void svr_remoteclosed() {
352
353	1.32k	m_close(ses.sock_in);
354	1.32k	if (ses.sock_in != ses.sock_out) {
355	0	m_close(ses.sock_out);
356	0	}
357	1.32k	ses.sock_in = -1;
358	1.32k	ses.sock_out = -1;
359	1.32k	dropbear_close("Exited normally");
360
361	1.32k	}
362
363	2.98k	static void svr_algos_initialise(void) {
364	2.98k	algo_type *algo;
365	41.7k	for (algo = sshkex; algo->name; algo++) {
366		#if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
367		if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
368		algo->usable = 0;
369		}
370		#endif
371	38.7k	#if DROPBEAR_EXT_INFO
372	38.7k	if (strcmp(algo->name, SSH_EXT_INFO_C) == 0) {
373	2.98k	algo->usable = 0;
374	2.98k	}
375	38.7k	#endif
376	38.7k	if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) {
377	2.98k	algo->usable = 0;
378	2.98k	}
379	38.7k	}
380	2.98k	}
381