lbbs/src/test_ssh_server.c

/* SPDX-License-Identifier: GPL-3.0-or-later */
/*
 * test_ssh_server
 *   - tester for network server with SSH support
 *
 * Copyright (C) 2004-2025  Leaflet <leaflet@leafok.com>
 */

// This test was written based on libssh example/proxy.c

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "log.h"
#include <stdio.h>
#include <libssh/callbacks.h>
#include <libssh/libssh.h>
#include <libssh/server.h>

enum test_ssh_server_constant_t
{
        BUF_SIZE = 2048,
};

static const char SSH_HOST_RSA_KEYFILE[] = "../conf/ssh_host_rsa_key";

static const char USER[] = "test";
static const char PASSWORD[] = "123456";

static ssh_channel SSH_channel;
static int authenticated = 0;
static int tries = 0;
static int error = 0;

static int auth_password(ssh_session session, const char *user,
                                                 const char *password, void *userdata)
{
        (void)userdata;

        log_common("Authenticating user %s pwd %s\n", user, password);
        if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0)
        {
                authenticated = 1;
                log_common("Authenticated\n");
                return SSH_AUTH_SUCCESS;
        }
        if (tries >= 3)
        {
                log_error("Too many authentication tries\n");
                ssh_disconnect(session);
                error = 1;
                return SSH_AUTH_DENIED;
        }
        tries++;
        return SSH_AUTH_DENIED;
}

static int pty_request(ssh_session session, ssh_channel channel, const char *term,
                                           int x, int y, int px, int py, void *userdata)
{
        (void)session;
        (void)channel;
        (void)term;
        (void)x;
        (void)y;
        (void)px;
        (void)py;
        (void)userdata;
        log_common("Allocated terminal\n");
        return 0;
}

static int shell_request(ssh_session session, ssh_channel channel, void *userdata)
{
        (void)session;
        (void)channel;
        (void)userdata;
        log_common("Allocated shell\n");
        return 0;
}

struct ssh_channel_callbacks_struct channel_cb = {
        .channel_pty_request_function = pty_request,
        .channel_shell_request_function = shell_request};

static ssh_channel channel_open(ssh_session session, void *userdata)
{
        (void)session;
        (void)userdata;

        if (SSH_channel != NULL)
                return NULL;

        log_common("Allocated session channel\n");
        SSH_channel = ssh_channel_new(session);
        ssh_callbacks_init(&channel_cb);
        ssh_set_channel_callbacks(SSH_channel, &channel_cb);

        return SSH_channel;
}

int ssh_server(const char *hostaddr, unsigned int port)
{
        ssh_bind sshbind;
        ssh_session session;
        ssh_event event;

        struct ssh_server_callbacks_struct cb = {
                .userdata = NULL,
                .auth_password_function = auth_password,
                .channel_open_request_session_function = channel_open};

        long int ssh_timeout = 0;

        char buf[BUF_SIZE];
        char host[128] = "";
        int i, r;

        int ssh_log_level = SSH_LOG_PROTOCOL;

        ssh_init();

        sshbind = ssh_bind_new();

        if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEYFILE) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_KEY_EXCHANGE, "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_C_S, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_S_C, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_S_C, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0)
        {
                log_error("Error setting SSH bind options: %s\n", ssh_get_error(sshbind));
                ssh_bind_free(sshbind);
                return -1;
        }

        if (ssh_bind_listen(sshbind) < 0)
        {
                log_error("Error listening at SSH server port: %s\n", ssh_get_error(sshbind));
                ssh_bind_free(sshbind);
                return -1;
        }

        while (1)
        {
                session = ssh_new();

                if (ssh_bind_accept(sshbind, session) == SSH_OK)
                {
                        pid_t pid = fork();
                        switch (pid)
                        {
                        case 0:
                                ssh_bind_free(sshbind);

                                ssh_callbacks_init(&cb);
                                ssh_set_server_callbacks(session, &cb);

                                ssh_timeout = 60; // second
                                if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
                                {
                                        log_error("Error setting SSH options: %s\n", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }

                                if (ssh_handle_key_exchange(session))
                                {
                                        log_error("ssh_handle_key_exchange: %s\n", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }
                                ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_GSSAPI_MIC);

                                event = ssh_event_new();
                                ssh_event_add_session(event, session);

                                while (!(authenticated && SSH_channel != NULL))
                                {
                                        if (error)
                                                break;
                                        r = ssh_event_dopoll(event, -1);
                                        if (r == SSH_ERROR)
                                        {
                                                log_error("Error : %s\n", ssh_get_error(session));
                                                ssh_disconnect(session);
                                                _exit(1);
                                        }
                                }

                                if (error)
                                {
                                        log_error("Error, exiting loop\n");
                                        _exit(1);
                                }
                                else
                                {
                                        log_common("Authenticated and got a channel\n");
                                }

                                ssh_timeout = 0;
                                if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
                                {
                                        log_error("Error setting SSH options: %s\n", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }

                                snprintf(buf, sizeof(buf), "Hello, welcome to the Sample SSH proxy.\r\nPlease select your destination: ");
                                ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
                                do
                                {
                                        i = ssh_channel_read(SSH_channel, buf, sizeof(buf), 0);
                                        if (i > 0)
                                        {
                                                ssh_channel_write(SSH_channel, buf, (uint32_t)i);
                                                if (strlen(host) + (size_t)i < sizeof(host))
                                                {
                                                        strncat(host, buf, (size_t)i);
                                                }
                                                if (strchr(host, '\x0d'))
                                                {
                                                        *strchr(host, '\x0d') = '\0';
                                                        ssh_channel_write(SSH_channel, "\n", 1);
                                                        break;
                                                }
                                        }
                                        else
                                        {
                                                log_error("Error: %s\n", ssh_get_error(session));
                                                _exit(1);
                                        }
                                } while (i > 0);
                                snprintf(buf, sizeof(buf), "Trying to connect to \"%s\"\r\n", host);
                                ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
                                log_common("%s", buf);

                                ssh_disconnect(session);
                                ssh_free(session);

                                _exit(0);
                        case -1:
                                log_error("Failed to fork\n");
                                break;
                        }
                }
                else
                {
                        log_error("%s\n", ssh_get_error(sshbind));
                }

                /* Since the session has been passed to a child fork, do some cleaning
                 * up at the parent process. */
                ssh_disconnect(session);
                ssh_free(session);
        }

        ssh_bind_free(sshbind);
        ssh_finalize();

        return 0;
}

int main(int argc, char *argv[])
{
        if (log_begin("../log/bbsd.log", "../log/error.log") < 0)
        {
                printf("Open log error\n");
                return -1;
        }

        log_common_redir(STDOUT_FILENO);
        log_error_redir(STDERR_FILENO);

        ssh_server("0.0.0.0", 2322);

        log_end();

        return 0;
}
1	sysadm	1.12	/* SPDX-License-Identifier: GPL-3.0-or-later */
2			/*
3			* test_ssh_server
4			* - tester for network server with SSH support
5			*
6	sysadm	1.13	* Copyright (C) 2004-2025 Leaflet <leaflet@leafok.com>
7	sysadm	1.12	*/
8	sysadm	1.8
9			// This test was written based on libssh example/proxy.c
10	sysadm	1.7
11	sysadm	1.15	#ifdef HAVE_CONFIG_H
12			#include "config.h"
13			#endif
14
15	sysadm	1.1	#include "log.h"
16			#include <stdio.h>
17	sysadm	1.9	#include <libssh/callbacks.h>
18	sysadm	1.1	#include <libssh/libssh.h>
19			#include <libssh/server.h>
20
21	sysadm	1.14	enum test_ssh_server_constant_t
22			{
23			BUF_SIZE = 2048,
24			};
25	sysadm	1.2
26	sysadm	1.14	static const char SSH_HOST_RSA_KEYFILE[] = "../conf/ssh_host_rsa_key";
27	sysadm	1.2
28	sysadm	1.14	static const char USER[] = "test";
29			static const char PASSWORD[] = "123456";
30	sysadm	1.2
31	sysadm	1.4	static ssh_channel SSH_channel;
32	sysadm	1.2	static int authenticated = 0;
33			static int tries = 0;
34			static int error = 0;
35
36			static int auth_password(ssh_session session, const char *user,
37			const char password, void userdata)
38	sysadm	1.1	{
39	sysadm	1.2	(void)userdata;
40
41	sysadm	1.3	log_common("Authenticating user %s pwd %s\n", user, password);
42	sysadm	1.2	if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0)
43	sysadm	1.1	{
44	sysadm	1.2	authenticated = 1;
45	sysadm	1.3	log_common("Authenticated\n");
46	sysadm	1.1	return SSH_AUTH_SUCCESS;
47			}
48	sysadm	1.2	if (tries >= 3)
49			{
50			log_error("Too many authentication tries\n");
51			ssh_disconnect(session);
52			error = 1;
53			return SSH_AUTH_DENIED;
54			}
55			tries++;
56			return SSH_AUTH_DENIED;
57			}
58
59			static int pty_request(ssh_session session, ssh_channel channel, const char *term,
60			int x, int y, int px, int py, void *userdata)
61			{
62			(void)session;
63			(void)channel;
64			(void)term;
65			(void)x;
66			(void)y;
67			(void)px;
68			(void)py;
69			(void)userdata;
70	sysadm	1.3	log_common("Allocated terminal\n");
71	sysadm	1.2	return 0;
72			}
73
74			static int shell_request(ssh_session session, ssh_channel channel, void *userdata)
75			{
76			(void)session;
77			(void)channel;
78			(void)userdata;
79	sysadm	1.3	log_common("Allocated shell\n");
80	sysadm	1.2	return 0;
81			}
82	sysadm	1.4
83	sysadm	1.2	struct ssh_channel_callbacks_struct channel_cb = {
84			.channel_pty_request_function = pty_request,
85			.channel_shell_request_function = shell_request};
86
87	sysadm	1.11	static ssh_channel channel_open(ssh_session session, void *userdata)
88	sysadm	1.2	{
89			(void)session;
90			(void)userdata;
91	sysadm	1.1
92	sysadm	1.4	if (SSH_channel != NULL)
93	sysadm	1.2	return NULL;
94
95	sysadm	1.3	log_common("Allocated session channel\n");
96	sysadm	1.4	SSH_channel = ssh_channel_new(session);
97	sysadm	1.2	ssh_callbacks_init(&channel_cb);
98	sysadm	1.4	ssh_set_channel_callbacks(SSH_channel, &channel_cb);
99	sysadm	1.2
100	sysadm	1.4	return SSH_channel;
101	sysadm	1.1	}
102
103			int ssh_server(const char *hostaddr, unsigned int port)
104			{
105	sysadm	1.4	ssh_bind sshbind;
106	sysadm	1.2	ssh_session session;
107			ssh_event event;
108
109	sysadm	1.1	struct ssh_server_callbacks_struct cb = {
110			.userdata = NULL,
111	sysadm	1.2	.auth_password_function = auth_password,
112	sysadm	1.11	.channel_open_request_session_function = channel_open};
113	sysadm	1.2
114	sysadm	1.10	long int ssh_timeout = 0;
115
116	sysadm	1.2	char buf[BUF_SIZE];
117			char host[128] = "";
118			int i, r;
119
120	sysadm	1.6	int ssh_log_level = SSH_LOG_PROTOCOL;
121	sysadm	1.1
122			ssh_init();
123
124			sshbind = ssh_bind_new();
125
126			if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 \|\|
127			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 \|\|
128	sysadm	1.6	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEYFILE) < 0 \|\|
129	sysadm	1.5	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 \|\|
130	sysadm	1.6	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 \|\|
131	sysadm	1.5	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_KEY_EXCHANGE, "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1") < 0 \|\|
132			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_C_S, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 \|\|
133			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_S_C, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 \|\|
134			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 \|\|
135			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_S_C, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 \|\|
136	sysadm	1.1	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0)
137			{
138			log_error("Error setting SSH bind options: %s\n", ssh_get_error(sshbind));
139	sysadm	1.2	ssh_bind_free(sshbind);
140	sysadm	1.1	return -1;
141			}
142
143			if (ssh_bind_listen(sshbind) < 0)
144			{
145			log_error("Error listening at SSH server port: %s\n", ssh_get_error(sshbind));
146	sysadm	1.2	ssh_bind_free(sshbind);
147	sysadm	1.1	return -1;
148			}
149
150			while (1)
151			{
152			session = ssh_new();
153
154	sysadm	1.2	if (ssh_bind_accept(sshbind, session) == SSH_OK)
155	sysadm	1.1	{
156	sysadm	1.2	pid_t pid = fork();
157			switch (pid)
158			{
159			case 0:
160			ssh_bind_free(sshbind);
161
162			ssh_callbacks_init(&cb);
163			ssh_set_server_callbacks(session, &cb);
164
165	sysadm	1.10	ssh_timeout = 60; // second
166			if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
167			{
168			log_error("Error setting SSH options: %s\n", ssh_get_error(session));
169			ssh_disconnect(session);
170			_exit(1);
171			}
172
173	sysadm	1.2	if (ssh_handle_key_exchange(session))
174			{
175			log_error("ssh_handle_key_exchange: %s\n", ssh_get_error(session));
176	sysadm	1.10	ssh_disconnect(session);
177			_exit(1);
178	sysadm	1.2	}
179			ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD \| SSH_AUTH_METHOD_GSSAPI_MIC);
180
181			event = ssh_event_new();
182			ssh_event_add_session(event, session);
183
184	sysadm	1.4	while (!(authenticated && SSH_channel != NULL))
185	sysadm	1.2	{
186			if (error)
187			break;
188			r = ssh_event_dopoll(event, -1);
189			if (r == SSH_ERROR)
190			{
191			log_error("Error : %s\n", ssh_get_error(session));
192			ssh_disconnect(session);
193			_exit(1);
194			}
195			}
196
197			if (error)
198			{
199			log_error("Error, exiting loop\n");
200			_exit(1);
201			}
202			else
203			{
204	sysadm	1.3	log_common("Authenticated and got a channel\n");
205	sysadm	1.2	}
206
207	sysadm	1.10	ssh_timeout = 0;
208			if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
209			{
210			log_error("Error setting SSH options: %s\n", ssh_get_error(session));
211			ssh_disconnect(session);
212			_exit(1);
213			}
214
215	sysadm	1.2	snprintf(buf, sizeof(buf), "Hello, welcome to the Sample SSH proxy.\r\nPlease select your destination: ");
216	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
217	sysadm	1.2	do
218			{
219	sysadm	1.4	i = ssh_channel_read(SSH_channel, buf, sizeof(buf), 0);
220	sysadm	1.2	if (i > 0)
221			{
222	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)i);
223	sysadm	1.2	if (strlen(host) + (size_t)i < sizeof(host))
224			{
225			strncat(host, buf, (size_t)i);
226			}
227			if (strchr(host, '\x0d'))
228			{
229			*strchr(host, '\x0d') = '\0';
230	sysadm	1.4	ssh_channel_write(SSH_channel, "\n", 1);
231	sysadm	1.2	break;
232			}
233			}
234			else
235			{
236			log_error("Error: %s\n", ssh_get_error(session));
237			_exit(1);
238			}
239			} while (i > 0);
240			snprintf(buf, sizeof(buf), "Trying to connect to \"%s\"\r\n", host);
241	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
242	sysadm	1.3	log_common("%s", buf);
243	sysadm	1.2
244			ssh_disconnect(session);
245			ssh_free(session);
246
247			_exit(0);
248			case -1:
249			log_error("Failed to fork\n");
250			break;
251			}
252	sysadm	1.1	}
253	sysadm	1.2	else
254	sysadm	1.1	{
255	sysadm	1.2	log_error("%s\n", ssh_get_error(sshbind));
256	sysadm	1.1	}
257
258	sysadm	1.2	/* Since the session has been passed to a child fork, do some cleaning
259			* up at the parent process. */
260	sysadm	1.1	ssh_disconnect(session);
261			ssh_free(session);
262			}
263
264			ssh_bind_free(sshbind);
265			ssh_finalize();
266
267			return 0;
268			}
269
270			int main(int argc, char *argv[])
271			{
272			if (log_begin("../log/bbsd.log", "../log/error.log") < 0)
273			{
274			printf("Open log error\n");
275			return -1;
276			}
277
278	sysadm	1.3	log_common_redir(STDOUT_FILENO);
279			log_error_redir(STDERR_FILENO);
280	sysadm	1.1
281			ssh_server("0.0.0.0", 2322);
282
283			log_end();
284
285			return 0;
286			}
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1