| 1 |
/* SPDX-License-Identifier: GPL-3.0-or-later */
|
| 2 |
/*
|
| 3 |
* test_ssh_server
|
| 4 |
* - tester for network server with SSH support
|
| 5 |
*
|
| 6 |
* Copyright (C) 2004-2025 Leaflet <leaflet@leafok.com>
|
| 7 |
*/
|
| 8 |
|
| 9 |
// This test was written based on libssh example/proxy.c
|
| 10 |
|
| 11 |
#include "log.h"
|
| 12 |
#include <stdio.h>
|
| 13 |
#include <libssh/callbacks.h>
|
| 14 |
#include <libssh/libssh.h>
|
| 15 |
#include <libssh/server.h>
|
| 16 |
|
| 17 |
#ifndef BUF_SIZE
|
| 18 |
#define BUF_SIZE 2048
|
| 19 |
#endif
|
| 20 |
|
| 21 |
#define SSH_HOST_RSA_KEYFILE "../conf/ssh_host_rsa_key"
|
| 22 |
|
| 23 |
#define USER "test"
|
| 24 |
#define PASSWORD "123456"
|
| 25 |
|
| 26 |
static ssh_channel SSH_channel;
|
| 27 |
static int authenticated = 0;
|
| 28 |
static int tries = 0;
|
| 29 |
static int error = 0;
|
| 30 |
|
| 31 |
static int auth_password(ssh_session session, const char *user,
|
| 32 |
const char *password, void *userdata)
|
| 33 |
{
|
| 34 |
(void)userdata;
|
| 35 |
|
| 36 |
log_common("Authenticating user %s pwd %s\n", user, password);
|
| 37 |
if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0)
|
| 38 |
{
|
| 39 |
authenticated = 1;
|
| 40 |
log_common("Authenticated\n");
|
| 41 |
return SSH_AUTH_SUCCESS;
|
| 42 |
}
|
| 43 |
if (tries >= 3)
|
| 44 |
{
|
| 45 |
log_error("Too many authentication tries\n");
|
| 46 |
ssh_disconnect(session);
|
| 47 |
error = 1;
|
| 48 |
return SSH_AUTH_DENIED;
|
| 49 |
}
|
| 50 |
tries++;
|
| 51 |
return SSH_AUTH_DENIED;
|
| 52 |
}
|
| 53 |
|
| 54 |
static int pty_request(ssh_session session, ssh_channel channel, const char *term,
|
| 55 |
int x, int y, int px, int py, void *userdata)
|
| 56 |
{
|
| 57 |
(void)session;
|
| 58 |
(void)channel;
|
| 59 |
(void)term;
|
| 60 |
(void)x;
|
| 61 |
(void)y;
|
| 62 |
(void)px;
|
| 63 |
(void)py;
|
| 64 |
(void)userdata;
|
| 65 |
log_common("Allocated terminal\n");
|
| 66 |
return 0;
|
| 67 |
}
|
| 68 |
|
| 69 |
static int shell_request(ssh_session session, ssh_channel channel, void *userdata)
|
| 70 |
{
|
| 71 |
(void)session;
|
| 72 |
(void)channel;
|
| 73 |
(void)userdata;
|
| 74 |
log_common("Allocated shell\n");
|
| 75 |
return 0;
|
| 76 |
}
|
| 77 |
|
| 78 |
struct ssh_channel_callbacks_struct channel_cb = {
|
| 79 |
.channel_pty_request_function = pty_request,
|
| 80 |
.channel_shell_request_function = shell_request};
|
| 81 |
|
| 82 |
static ssh_channel channel_open(ssh_session session, void *userdata)
|
| 83 |
{
|
| 84 |
(void)session;
|
| 85 |
(void)userdata;
|
| 86 |
|
| 87 |
if (SSH_channel != NULL)
|
| 88 |
return NULL;
|
| 89 |
|
| 90 |
log_common("Allocated session channel\n");
|
| 91 |
SSH_channel = ssh_channel_new(session);
|
| 92 |
ssh_callbacks_init(&channel_cb);
|
| 93 |
ssh_set_channel_callbacks(SSH_channel, &channel_cb);
|
| 94 |
|
| 95 |
return SSH_channel;
|
| 96 |
}
|
| 97 |
|
| 98 |
int ssh_server(const char *hostaddr, unsigned int port)
|
| 99 |
{
|
| 100 |
ssh_bind sshbind;
|
| 101 |
ssh_session session;
|
| 102 |
ssh_event event;
|
| 103 |
|
| 104 |
struct ssh_server_callbacks_struct cb = {
|
| 105 |
.userdata = NULL,
|
| 106 |
.auth_password_function = auth_password,
|
| 107 |
.channel_open_request_session_function = channel_open};
|
| 108 |
|
| 109 |
long int ssh_timeout = 0;
|
| 110 |
|
| 111 |
char buf[BUF_SIZE];
|
| 112 |
char host[128] = "";
|
| 113 |
int i, r;
|
| 114 |
|
| 115 |
int ssh_log_level = SSH_LOG_PROTOCOL;
|
| 116 |
|
| 117 |
ssh_init();
|
| 118 |
|
| 119 |
sshbind = ssh_bind_new();
|
| 120 |
|
| 121 |
if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 ||
|
| 122 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 ||
|
| 123 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEYFILE) < 0 ||
|
| 124 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 ||
|
| 125 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256") < 0 ||
|
| 126 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_KEY_EXCHANGE, "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1") < 0 ||
|
| 127 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_C_S, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 ||
|
| 128 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HMAC_S_C, "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1") < 0 ||
|
| 129 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 ||
|
| 130 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_S_C, "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com") < 0 ||
|
| 131 |
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0)
|
| 132 |
{
|
| 133 |
log_error("Error setting SSH bind options: %s\n", ssh_get_error(sshbind));
|
| 134 |
ssh_bind_free(sshbind);
|
| 135 |
return -1;
|
| 136 |
}
|
| 137 |
|
| 138 |
if (ssh_bind_listen(sshbind) < 0)
|
| 139 |
{
|
| 140 |
log_error("Error listening at SSH server port: %s\n", ssh_get_error(sshbind));
|
| 141 |
ssh_bind_free(sshbind);
|
| 142 |
return -1;
|
| 143 |
}
|
| 144 |
|
| 145 |
while (1)
|
| 146 |
{
|
| 147 |
session = ssh_new();
|
| 148 |
|
| 149 |
if (ssh_bind_accept(sshbind, session) == SSH_OK)
|
| 150 |
{
|
| 151 |
pid_t pid = fork();
|
| 152 |
switch (pid)
|
| 153 |
{
|
| 154 |
case 0:
|
| 155 |
ssh_bind_free(sshbind);
|
| 156 |
|
| 157 |
ssh_callbacks_init(&cb);
|
| 158 |
ssh_set_server_callbacks(session, &cb);
|
| 159 |
|
| 160 |
ssh_timeout = 60; // second
|
| 161 |
if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
|
| 162 |
{
|
| 163 |
log_error("Error setting SSH options: %s\n", ssh_get_error(session));
|
| 164 |
ssh_disconnect(session);
|
| 165 |
_exit(1);
|
| 166 |
}
|
| 167 |
|
| 168 |
if (ssh_handle_key_exchange(session))
|
| 169 |
{
|
| 170 |
log_error("ssh_handle_key_exchange: %s\n", ssh_get_error(session));
|
| 171 |
ssh_disconnect(session);
|
| 172 |
_exit(1);
|
| 173 |
}
|
| 174 |
ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_GSSAPI_MIC);
|
| 175 |
|
| 176 |
event = ssh_event_new();
|
| 177 |
ssh_event_add_session(event, session);
|
| 178 |
|
| 179 |
while (!(authenticated && SSH_channel != NULL))
|
| 180 |
{
|
| 181 |
if (error)
|
| 182 |
break;
|
| 183 |
r = ssh_event_dopoll(event, -1);
|
| 184 |
if (r == SSH_ERROR)
|
| 185 |
{
|
| 186 |
log_error("Error : %s\n", ssh_get_error(session));
|
| 187 |
ssh_disconnect(session);
|
| 188 |
_exit(1);
|
| 189 |
}
|
| 190 |
}
|
| 191 |
|
| 192 |
if (error)
|
| 193 |
{
|
| 194 |
log_error("Error, exiting loop\n");
|
| 195 |
_exit(1);
|
| 196 |
}
|
| 197 |
else
|
| 198 |
{
|
| 199 |
log_common("Authenticated and got a channel\n");
|
| 200 |
}
|
| 201 |
|
| 202 |
ssh_timeout = 0;
|
| 203 |
if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
|
| 204 |
{
|
| 205 |
log_error("Error setting SSH options: %s\n", ssh_get_error(session));
|
| 206 |
ssh_disconnect(session);
|
| 207 |
_exit(1);
|
| 208 |
}
|
| 209 |
|
| 210 |
snprintf(buf, sizeof(buf), "Hello, welcome to the Sample SSH proxy.\r\nPlease select your destination: ");
|
| 211 |
ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
|
| 212 |
do
|
| 213 |
{
|
| 214 |
i = ssh_channel_read(SSH_channel, buf, sizeof(buf), 0);
|
| 215 |
if (i > 0)
|
| 216 |
{
|
| 217 |
ssh_channel_write(SSH_channel, buf, (uint32_t)i);
|
| 218 |
if (strlen(host) + (size_t)i < sizeof(host))
|
| 219 |
{
|
| 220 |
strncat(host, buf, (size_t)i);
|
| 221 |
}
|
| 222 |
if (strchr(host, '\x0d'))
|
| 223 |
{
|
| 224 |
*strchr(host, '\x0d') = '\0';
|
| 225 |
ssh_channel_write(SSH_channel, "\n", 1);
|
| 226 |
break;
|
| 227 |
}
|
| 228 |
}
|
| 229 |
else
|
| 230 |
{
|
| 231 |
log_error("Error: %s\n", ssh_get_error(session));
|
| 232 |
_exit(1);
|
| 233 |
}
|
| 234 |
} while (i > 0);
|
| 235 |
snprintf(buf, sizeof(buf), "Trying to connect to \"%s\"\r\n", host);
|
| 236 |
ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
|
| 237 |
log_common("%s", buf);
|
| 238 |
|
| 239 |
ssh_disconnect(session);
|
| 240 |
ssh_free(session);
|
| 241 |
|
| 242 |
_exit(0);
|
| 243 |
case -1:
|
| 244 |
log_error("Failed to fork\n");
|
| 245 |
break;
|
| 246 |
}
|
| 247 |
}
|
| 248 |
else
|
| 249 |
{
|
| 250 |
log_error("%s\n", ssh_get_error(sshbind));
|
| 251 |
}
|
| 252 |
|
| 253 |
/* Since the session has been passed to a child fork, do some cleaning
|
| 254 |
* up at the parent process. */
|
| 255 |
ssh_disconnect(session);
|
| 256 |
ssh_free(session);
|
| 257 |
}
|
| 258 |
|
| 259 |
ssh_bind_free(sshbind);
|
| 260 |
ssh_finalize();
|
| 261 |
|
| 262 |
return 0;
|
| 263 |
}
|
| 264 |
|
| 265 |
int main(int argc, char *argv[])
|
| 266 |
{
|
| 267 |
if (log_begin("../log/bbsd.log", "../log/error.log") < 0)
|
| 268 |
{
|
| 269 |
printf("Open log error\n");
|
| 270 |
return -1;
|
| 271 |
}
|
| 272 |
|
| 273 |
log_common_redir(STDOUT_FILENO);
|
| 274 |
log_error_redir(STDERR_FILENO);
|
| 275 |
|
| 276 |
ssh_server("0.0.0.0", 2322);
|
| 277 |
|
| 278 |
log_end();
|
| 279 |
|
| 280 |
return 0;
|
| 281 |
}
|
Parent Directory
| 
Revision Log