responder/ssh/sshsrv.c

	sshsrv.c revision 909a86af4eb99f5d311d7136cab78dca535ae304
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen/*
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    Authors:
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        Jan Cholasta <jcholast@redhat.com>
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen    Copyright (C) 2012 Red Hat
37fb6d7f94e846c2df3c388f017ffe1dcbd7b9daTimo Sirainen
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen    This program is free software; you can redistribute it and/or modify
b780aa272b742a43579cdb523cc79cc8d4521306Timo Sirainen    it under the terms of the GNU General Public License as published by
b9f564d00b7a115f465ffd6840341c7b8f9bfc8aTimo Sirainen    the Free Software Foundation; either version 3 of the License, or
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    (at your option) any later version.
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    This program is distributed in the hope that it will be useful,
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen    but WITHOUT ANY WARRANTY; without even the implied warranty of
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen    GNU General Public License for more details.
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen    You should have received a copy of the GNU General Public License
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    along with this program.  If not, see <http://www.gnu.org/licenses/>.
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen*/
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen#include <popt.h>
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen#include "util/util.h"
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen#include "confdb/confdb.h"
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen#include "monitor/monitor_interfaces.h"
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen#include "responder/common/responder.h"
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen#include "responder/common/responder_sbus.h"
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen#include "responder/ssh/sshsrv_private.h"
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen#include "providers/data_provider.h"
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainenstruct sbus_method monitor_ssh_methods[] = {
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    { MON_CLI_METHOD_PING, monitor_common_pong },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    { MON_CLI_METHOD_RES_INIT, monitor_common_res_init },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    { MON_CLI_METHOD_ROTATE, responder_logrotate },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    { NULL, NULL }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen};
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenstruct sbus_interface monitor_ssh_interface = {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    MONITOR_INTERFACE,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    MONITOR_PATH,
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen    SBUS_DEFAULT_VTABLE,
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen    monitor_ssh_methods,
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    NULL
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen};
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainenstatic struct sbus_method ssh_dp_methods[] = {
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    { NULL, NULL }
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen};
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainenstruct sbus_interface ssh_dp_interface = {
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainen    DP_INTERFACE,
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen    DP_PATH,
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainen    SBUS_DEFAULT_VTABLE,
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainen    ssh_dp_methods,
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainen    NULL
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen};
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainenstatic void ssh_dp_reconnect_init(struct sbus_connection *conn,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                                  int status, void *pvt)
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen{
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn);
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    int ret;
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    /* Did we reconnect successfully? */
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    if (status == SBUS_RECONNECT_SUCCESS) {
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen        DEBUG(SSSDBG_TRACE_FUNC, ("Reconnected to the Data Provider.\n"));
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        /* Identify ourselves to the data provider */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        ret = dp_common_send_id(be_conn->conn,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                                DATA_PROVIDER_VERSION,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                                "SSH");
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        /* all fine */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        if (ret == EOK) {
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen            handle_requests_after_reconnect(be_conn->rctx);
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen            return;
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen        }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    /* Failed to reconnect */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    DEBUG(SSSDBG_FATAL_FAILURE, ("Could not reconnect to %s provider.\n",
e4bfd63908a36efc0caf1de4219585359ea9336eTimo Sirainen                                 be_conn->domain->name));
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen}
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenint ssh_process_init(TALLOC_CTX *mem_ctx,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                     struct tevent_context *ev,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                     struct confdb_ctx *cdb)
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen{
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainen    struct resp_ctx *rctx;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    struct sss_cmd_table *ssh_cmds;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    struct ssh_ctx *ssh_ctx;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    struct be_conn *iter;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    int ret;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    int max_retries;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    ssh_cmds = get_ssh_cmds();
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    ret = sss_process_init(mem_ctx, ev, cdb,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                           ssh_cmds,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                           SSS_SSH_SOCKET_NAME, NULL,
12ab808b472ed51923945efac4156a380bd58d57Timo Sirainen                           CONFDB_SSH_CONF_ENTRY,
12ab808b472ed51923945efac4156a380bd58d57Timo Sirainen                           SSS_SSH_SBUS_SERVICE_NAME,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                           SSS_SSH_SBUS_SERVICE_VERSION,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                           &monitor_ssh_interface,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen                           "SSH",
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen                           &ssh_dp_interface,
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen                           &rctx);
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    if (ret != EOK) {
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen        DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n"));
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        return ret;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    ssh_ctx = talloc_zero(rctx, struct ssh_ctx);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    if (!ssh_ctx) {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing ssh_ctx\n"));
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        ret = ENOMEM;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        goto fail;
b215a8a123623782554a83f3025ef4e771bd8f01Timo Sirainen    }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    ssh_ctx->rctx = rctx;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    ssh_ctx->rctx->pvt_ctx = ssh_ctx;
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    ret = sss_names_init_from_args(ssh_ctx,
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen                                   "(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen                                   "%1$s@%2$s", &ssh_ctx->snctx);
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen    if (ret != EOK) {
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen        DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing regex data\n"));
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen        goto fail;
9cd7d57709534174b5bc45aad3c94e7353e199d4Timo Sirainen    }
f9007013ea59b844e95fe32022eaf8852ba7e5a6Timo Sirainen
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen    /* Enable automatic reconnection to the Data Provider */
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen    ret = confdb_get_int(ssh_ctx->rctx->cdb,
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen                         CONFDB_SSH_CONF_ENTRY,
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen                         CONFDB_SERVICE_RECON_RETRIES,
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen                         3, &max_retries);
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen    if (ret != EOK) {
fc4b301e2dd86c096b9c41ad1b011b752fffd570Timo Sirainen        DEBUG(SSSDBG_FATAL_FAILURE,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen              ("Failed to set up automatic reconnection\n"));
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen        goto fail;
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen    }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen    for (iter = ssh_ctx->rctx->be_conns; iter; iter = iter->next) {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen        sbus_reconnect_init(iter->conn, max_retries,
1cfdcb36985904eff281fc6d7ea2d13b3c375980Timo Sirainen                            ssh_dp_reconnect_init, iter);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen    }
fc4b301e2dd86c096b9c41ad1b011b752fffd570Timo Sirainen
12ab808b472ed51923945efac4156a380bd58d57Timo Sirainen    /* Get responder options */

    /* Get ssh_hash_known_hosts option */
    ret = confdb_get_bool(ssh_ctx->rctx->cdb,
                          CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_HASH_KNOWN_HOSTS,
                          CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS,
                          &ssh_ctx->hash_known_hosts);
    if (ret != EOK) {
        DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n",
              ret, strerror(ret)));
        goto fail;
    }

    /* Get ssh_known_hosts_timeout option */
    ret = confdb_get_int(ssh_ctx->rctx->cdb,
                         CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_KNOWN_HOSTS_TIMEOUT,
                         CONFDB_DEFAULT_SSH_KNOWN_HOSTS_TIMEOUT,
                         &ssh_ctx->known_hosts_timeout);
    if (ret != EOK) {
        DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n",
              ret, strerror(ret)));
        goto fail;
    }

    ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
    if (ret != EOK) {
        DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n"));
        goto fail;
    }

    DEBUG(SSSDBG_TRACE_FUNC, ("SSH Initialization complete\n"));

    return EOK;

fail:
    talloc_free(rctx);
    return ret;
}

int main(int argc, const char *argv[])
{
    int opt;
    poptContext pc;
    struct main_context *main_ctx;
    int ret;

    struct poptOption long_options[] = {
        POPT_AUTOHELP
        SSSD_MAIN_OPTS
        POPT_TABLEEND
    };

    /* Set debug level to invalid value so we can deside if -d 0 was used. */
    debug_level = SSSDBG_INVALID;

    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
    while((opt = poptGetNextOpt(pc)) != -1) {
        switch(opt) {
        default:
            fprintf(stderr, "\nInvalid option %s: %s\n\n",
                  poptBadOption(pc, 0), poptStrerror(opt));
            poptPrintUsage(pc, stderr, 0);
            return 1;
        }
    }

    poptFreeContext(pc);

    DEBUG_INIT(debug_level);

    /* set up things like debug, signals, daemonization, etc... */
    debug_log_file = "sssd_ssh";

    ret = server_setup("sssd[ssh]", 0, CONFDB_SSH_CONF_ENTRY, &main_ctx);
    if (ret != EOK) {
        return 2;
    }

    ret = die_if_parent_died();
    if (ret != EOK) {
        /* This is not fatal, don't return */
        DEBUG(SSSDBG_OP_FAILURE, ("Could not set up to exit "
                                  "when parent process does\n"));
    }

    ret = ssh_process_init(main_ctx,
                           main_ctx->event_ctx,
                           main_ctx->confdb_ctx);
    if (ret != EOK) {
        return 3;
    }

    /* loop on main */
    server_loop(main_ctx);

    return 0;
}