lbbs/src/test_ssh_server.c

/* SPDX-License-Identifier: GPL-3.0-or-later */
/*
 * test_ssh_server
 *   - tester for network server with SSH support
 *
 * Copyright (C) 2004-2025 by Leaflet <leaflet@leafok.com>
 */

// This test was written based on libssh example/proxy.c

#include "log.h"
#include <stdio.h>
#include <libssh/callbacks.h>
#include <libssh/libssh.h>
#include <libssh/server.h>

#ifndef BUF_SIZE
#define BUF_SIZE 2048
#endif

#define SSH_HOST_RSA_KEYFILE "../conf/ssh_host_rsa_key"

#define USER "test"
#define PASSWORD "123456"

static ssh_channel SSH_channel;
static int authenticated = 0;
static int tries = 0;
static int error = 0;

static int auth_password(ssh_session session, const char *user,
                                                 const char *password, void *userdata)
{
        (void)userdata;

        log_common("Authenticating user %s pwd %s\n", user, password);
        if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0)
        {
                authenticated = 1;
                log_common("Authenticated\n");
                return SSH_AUTH_SUCCESS;
        }
        if (tries >= 3)
        {
                log_error("Too many authentication tries\n");
                ssh_disconnect(session);
                error = 1;
                return SSH_AUTH_DENIED;
        }
        tries++;
        return SSH_AUTH_DENIED;
}

static int pty_request(ssh_session session, ssh_channel channel, const char *term,
                                           int x, int y, int px, int py, void *userdata)
{
        (void)session;
        (void)channel;
        (void)term;
        (void)x;
        (void)y;
        (void)px;
        (void)py;
        (void)userdata;
        log_common("Allocated terminal\n");
        return 0;
}

static int shell_request(ssh_session session, ssh_channel channel, void *userdata)
{
        (void)session;
        (void)channel;
        (void)userdata;
        log_common("Allocated shell\n");
        return 0;
}

struct ssh_channel_callbacks_struct channel_cb = {
        .channel_pty_request_function = pty_request,
        .channel_shell_request_function = shell_request};

static ssh_channel channel_open(ssh_session session, void *userdata)
{
        (void)session;
        (void)userdata;

        if (SSH_channel != NULL)
                return NULL;

        log_common("Allocated session channel\n");
        SSH_channel = ssh_channel_new(session);
        ssh_callbacks_init(&channel_cb);
        ssh_set_channel_callbacks(SSH_channel, &channel_cb);

        return SSH_channel;
}

int ssh_server(const char *hostaddr, unsigned int port)
{
        ssh_bind sshbind;
        ssh_session session;
        ssh_event event;

        struct ssh_server_callbacks_struct cb = {
                .userdata = NULL,
                .auth_password_function = auth_password,
                .channel_open_request_session_function = channel_open};

        long int ssh_timeout = 0;

        char buf[BUF_SIZE];
        char host[128] = "";
        int i, r;

        int ssh_log_level = SSH_LOG_PROTOCOL;

        ssh_init();

        sshbind = ssh_bind_new();

        if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEYFILE) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_KEY_EXCHANGE, "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_C_S, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_S_C, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_S_C, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0)
        {
                log_error("Error setting SSH bind options: %s\n", ssh_get_error(sshbind));
                ssh_bind_free(sshbind);
                return -1;
        }

        if (ssh_bind_listen(sshbind) < 0)
        {
                log_error("Error listening at SSH server port: %s\n", ssh_get_error(sshbind));
                ssh_bind_free(sshbind);
                return -1;
        }

        while (1)
        {
                session = ssh_new();

                if (ssh_bind_accept(sshbind, session) == SSH_OK)
                {
                        pid_t pid = fork();
                        switch (pid)
                        {
                        case 0:
                                ssh_bind_free(sshbind);

                                ssh_callbacks_init(&cb);
                                ssh_set_server_callbacks(session, &cb);

                                ssh_timeout = 60; // second
                                if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
                                {
                                        log_error("Error setting SSH options: %s\n", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }

                                if (ssh_handle_key_exchange(session))
                                {
                                        log_error("ssh_handle_key_exchange: %s\n", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }
                                ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_GSSAPI_MIC);

                                event = ssh_event_new();
                                ssh_event_add_session(event, session);

                                while (!(authenticated && SSH_channel != NULL))
                                {
                                        if (error)
                                                break;
                                        r = ssh_event_dopoll(event, -1);
                                        if (r == SSH_ERROR)
                                        {
                                                log_error("Error : %s\n", ssh_get_error(session));
                                                ssh_disconnect(session);
                                                _exit(1);
                                        }
                                }

                                if (error)
                                {
                                        log_error("Error, exiting loop\n");
                                        _exit(1);
                                }
                                else
                                {
                                        log_common("Authenticated and got a channel\n");
                                }

                                ssh_timeout = 0;
                                if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
                                {
                                        log_error("Error setting SSH options: %s\n", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }

                                snprintf(buf, sizeof(buf), "Hello, welcome to the Sample SSH proxy.\r\nPlease select your destination: ");
                                ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
                                do
                                {
                                        i = ssh_channel_read(SSH_channel, buf, sizeof(buf), 0);
                                        if (i > 0)
                                        {
                                                ssh_channel_write(SSH_channel, buf, (uint32_t)i);
                                                if (strlen(host) + (size_t)i < sizeof(host))
                                                {
                                                        strncat(host, buf, (size_t)i);
                                                }
                                                if (strchr(host, '\x0d'))
                                                {
                                                        *strchr(host, '\x0d') = '\0';
                                                        ssh_channel_write(SSH_channel, "\n", 1);
                                                        break;
                                                }
                                        }
                                        else
                                        {
                                                log_error("Error: %s\n", ssh_get_error(session));
                                                _exit(1);
                                        }
                                } while (i > 0);
                                snprintf(buf, sizeof(buf), "Trying to connect to \"%s\"\r\n", host);
                                ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
                                log_common("%s", buf);

                                ssh_disconnect(session);
                                ssh_free(session);

                                _exit(0);
                        case -1:
                                log_error("Failed to fork\n");
                                break;
                        }
                }
                else
                {
                        log_error("%s\n", ssh_get_error(sshbind));
                }

                /* Since the session has been passed to a child fork, do some cleaning
                 * up at the parent process. */
                ssh_disconnect(session);
                ssh_free(session);
        }

        ssh_bind_free(sshbind);
        ssh_finalize();

        return 0;
}

int main(int argc, char *argv[])
{
        if (log_begin("../log/bbsd.log", "../log/error.log") < 0)
        {
                printf("Open log error\n");
                return -1;
        }

        log_common_redir(STDOUT_FILENO);
        log_error_redir(STDERR_FILENO);

        ssh_server("0.0.0.0", 2322);

        log_end();

        return 0;
}
1	sysadm	1.12	/* SPDX-License-Identifier: GPL-3.0-or-later */
2			/*
3			* test_ssh_server
4			* - tester for network server with SSH support
5			*
6			* Copyright (C) 2004-2025 by Leaflet <leaflet@leafok.com>
7			*/
8	sysadm	1.8
9			// This test was written based on libssh example/proxy.c
10	sysadm	1.7
11	sysadm	1.1	#include "log.h"
12			#include <stdio.h>
13	sysadm	1.9	#include <libssh/callbacks.h>
14	sysadm	1.1	#include <libssh/libssh.h>
15			#include <libssh/server.h>
16
17	sysadm	1.2	#ifndef BUF_SIZE
18			#define BUF_SIZE 2048
19			#endif
20
21	sysadm	1.6	#define SSH_HOST_RSA_KEYFILE "../conf/ssh_host_rsa_key"
22	sysadm	1.2
23			#define USER "test"
24			#define PASSWORD "123456"
25
26	sysadm	1.4	static ssh_channel SSH_channel;
27	sysadm	1.2	static int authenticated = 0;
28			static int tries = 0;
29			static int error = 0;
30
31			static int auth_password(ssh_session session, const char *user,
32			const char password, void userdata)
33	sysadm	1.1	{
34	sysadm	1.2	(void)userdata;
35
36	sysadm	1.3	log_common("Authenticating user %s pwd %s\n", user, password);
37	sysadm	1.2	if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0)
38	sysadm	1.1	{
39	sysadm	1.2	authenticated = 1;
40	sysadm	1.3	log_common("Authenticated\n");
41	sysadm	1.1	return SSH_AUTH_SUCCESS;
42			}
43	sysadm	1.2	if (tries >= 3)
44			{
45			log_error("Too many authentication tries\n");
46			ssh_disconnect(session);
47			error = 1;
48			return SSH_AUTH_DENIED;
49			}
50			tries++;
51			return SSH_AUTH_DENIED;
52			}
53
54			static int pty_request(ssh_session session, ssh_channel channel, const char *term,
55			int x, int y, int px, int py, void *userdata)
56			{
57			(void)session;
58			(void)channel;
59			(void)term;
60			(void)x;
61			(void)y;
62			(void)px;
63			(void)py;
64			(void)userdata;
65	sysadm	1.3	log_common("Allocated terminal\n");
66	sysadm	1.2	return 0;
67			}
68
69			static int shell_request(ssh_session session, ssh_channel channel, void *userdata)
70			{
71			(void)session;
72			(void)channel;
73			(void)userdata;
74	sysadm	1.3	log_common("Allocated shell\n");
75	sysadm	1.2	return 0;
76			}
77	sysadm	1.4
78	sysadm	1.2	struct ssh_channel_callbacks_struct channel_cb = {
79			.channel_pty_request_function = pty_request,
80			.channel_shell_request_function = shell_request};
81
82	sysadm	1.11	static ssh_channel channel_open(ssh_session session, void *userdata)
83	sysadm	1.2	{
84			(void)session;
85			(void)userdata;
86	sysadm	1.1
87	sysadm	1.4	if (SSH_channel != NULL)
88	sysadm	1.2	return NULL;
89
90	sysadm	1.3	log_common("Allocated session channel\n");
91	sysadm	1.4	SSH_channel = ssh_channel_new(session);
92	sysadm	1.2	ssh_callbacks_init(&channel_cb);
93	sysadm	1.4	ssh_set_channel_callbacks(SSH_channel, &channel_cb);
94	sysadm	1.2
95	sysadm	1.4	return SSH_channel;
96	sysadm	1.1	}
97
98			int ssh_server(const char *hostaddr, unsigned int port)
99			{
100	sysadm	1.4	ssh_bind sshbind;
101	sysadm	1.2	ssh_session session;
102			ssh_event event;
103
104	sysadm	1.1	struct ssh_server_callbacks_struct cb = {
105			.userdata = NULL,
106	sysadm	1.2	.auth_password_function = auth_password,
107	sysadm	1.11	.channel_open_request_session_function = channel_open};
108	sysadm	1.2
109	sysadm	1.10	long int ssh_timeout = 0;
110
111	sysadm	1.2	char buf[BUF_SIZE];
112			char host[128] = "";
113			int i, r;
114
115	sysadm	1.6	int ssh_log_level = SSH_LOG_PROTOCOL;
116	sysadm	1.1
117			ssh_init();
118
119			sshbind = ssh_bind_new();
120
121			if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 \|\|
122			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 \|\|
123	sysadm	1.6	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEYFILE) < 0 \|\|
124	sysadm	1.5	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 \|\|
125	sysadm	1.6	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 \|\|
126	sysadm	1.5	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_KEY_EXCHANGE, "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1") < 0 \|\|
127			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_C_S, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 \|\|
128			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_S_C, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 \|\|
129			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 \|\|
130			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_S_C, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 \|\|
131	sysadm	1.1	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0)
132			{
133			log_error("Error setting SSH bind options: %s\n", ssh_get_error(sshbind));
134	sysadm	1.2	ssh_bind_free(sshbind);
135	sysadm	1.1	return -1;
136			}
137
138			if (ssh_bind_listen(sshbind) < 0)
139			{
140			log_error("Error listening at SSH server port: %s\n", ssh_get_error(sshbind));
141	sysadm	1.2	ssh_bind_free(sshbind);
142	sysadm	1.1	return -1;
143			}
144
145			while (1)
146			{
147			session = ssh_new();
148
149	sysadm	1.2	if (ssh_bind_accept(sshbind, session) == SSH_OK)
150	sysadm	1.1	{
151	sysadm	1.2	pid_t pid = fork();
152			switch (pid)
153			{
154			case 0:
155			ssh_bind_free(sshbind);
156
157			ssh_callbacks_init(&cb);
158			ssh_set_server_callbacks(session, &cb);
159
160	sysadm	1.10	ssh_timeout = 60; // second
161			if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
162			{
163			log_error("Error setting SSH options: %s\n", ssh_get_error(session));
164			ssh_disconnect(session);
165			_exit(1);
166			}
167
168	sysadm	1.2	if (ssh_handle_key_exchange(session))
169			{
170			log_error("ssh_handle_key_exchange: %s\n", ssh_get_error(session));
171	sysadm	1.10	ssh_disconnect(session);
172			_exit(1);
173	sysadm	1.2	}
174			ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD \| SSH_AUTH_METHOD_GSSAPI_MIC);
175
176			event = ssh_event_new();
177			ssh_event_add_session(event, session);
178
179	sysadm	1.4	while (!(authenticated && SSH_channel != NULL))
180	sysadm	1.2	{
181			if (error)
182			break;
183			r = ssh_event_dopoll(event, -1);
184			if (r == SSH_ERROR)
185			{
186			log_error("Error : %s\n", ssh_get_error(session));
187			ssh_disconnect(session);
188			_exit(1);
189			}
190			}
191
192			if (error)
193			{
194			log_error("Error, exiting loop\n");
195			_exit(1);
196			}
197			else
198			{
199	sysadm	1.3	log_common("Authenticated and got a channel\n");
200	sysadm	1.2	}
201
202	sysadm	1.10	ssh_timeout = 0;
203			if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
204			{
205			log_error("Error setting SSH options: %s\n", ssh_get_error(session));
206			ssh_disconnect(session);
207			_exit(1);
208			}
209
210	sysadm	1.2	snprintf(buf, sizeof(buf), "Hello, welcome to the Sample SSH proxy.\r\nPlease select your destination: ");
211	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
212	sysadm	1.2	do
213			{
214	sysadm	1.4	i = ssh_channel_read(SSH_channel, buf, sizeof(buf), 0);
215	sysadm	1.2	if (i > 0)
216			{
217	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)i);
218	sysadm	1.2	if (strlen(host) + (size_t)i < sizeof(host))
219			{
220			strncat(host, buf, (size_t)i);
221			}
222			if (strchr(host, '\x0d'))
223			{
224			*strchr(host, '\x0d') = '\0';
225	sysadm	1.4	ssh_channel_write(SSH_channel, "\n", 1);
226	sysadm	1.2	break;
227			}
228			}
229			else
230			{
231			log_error("Error: %s\n", ssh_get_error(session));
232			_exit(1);
233			}
234			} while (i > 0);
235			snprintf(buf, sizeof(buf), "Trying to connect to \"%s\"\r\n", host);
236	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
237	sysadm	1.3	log_common("%s", buf);
238	sysadm	1.2
239			ssh_disconnect(session);
240			ssh_free(session);
241
242			_exit(0);
243			case -1:
244			log_error("Failed to fork\n");
245			break;
246			}
247	sysadm	1.1	}
248	sysadm	1.2	else
249	sysadm	1.1	{
250	sysadm	1.2	log_error("%s\n", ssh_get_error(sshbind));
251	sysadm	1.1	}
252
253	sysadm	1.2	/* Since the session has been passed to a child fork, do some cleaning
254			* up at the parent process. */
255	sysadm	1.1	ssh_disconnect(session);
256			ssh_free(session);
257			}
258
259			ssh_bind_free(sshbind);
260			ssh_finalize();
261
262			return 0;
263			}
264
265			int main(int argc, char *argv[])
266			{
267			if (log_begin("../log/bbsd.log", "../log/error.log") < 0)
268			{
269			printf("Open log error\n");
270			return -1;
271			}
272
273	sysadm	1.3	log_common_redir(STDOUT_FILENO);
274			log_error_redir(STDERR_FILENO);
275	sysadm	1.1
276			ssh_server("0.0.0.0", 2322);
277
278			log_end();
279
280			return 0;
281			}
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1