From 65d2a88dd2aaef7344cfa62918e3ddf4c72ca50a Mon Sep 17 00:00:00 2001 From: Pavel TvrdĂ­k Date: Thu, 17 Sep 2015 17:15:30 +0200 Subject: RPKI protocol with one cache server per protocol The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ... --- lib/Makefile | 6 ++- lib/libssh.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++ lib/libssh.h | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/resource.c | 4 +- lib/resource.h | 2 +- lib/socket.h | 24 ++++++++++- 6 files changed, 260 insertions(+), 5 deletions(-) create mode 100644 lib/libssh.c create mode 100644 lib/libssh.h (limited to 'lib') diff --git a/lib/Makefile b/lib/Makefile index 8e372bd3..1634e5e5 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -1,3 +1,7 @@ -src := bitops.c checksum.c event.c idm.c ip.c lists.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c +src := bitops.c checksum.c ip.c lists.c md5.c net.c patmatch.c printf.c sha1.c sha256.c sha512.c slists.c xmalloc.c +obj := $(src-o-files) +$(all-client) + +src := bitops.c checksum.c event.c idm.c ip.c libssh.c lists.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c obj := $(src-o-files) $(all-daemon) diff --git a/lib/libssh.c b/lib/libssh.c new file mode 100644 index 00000000..9449ab30 --- /dev/null +++ b/lib/libssh.c @@ -0,0 +1,106 @@ +/* + * BIRD -- Mockup of SSH Library for loading LibSSH using dlopen + * + * (c) 2015 CZ.NIC + * + * This file was part of SSH Library: http://www.libssh.org/ + * (c) 2003-2009 by Aris Adamantiadis (SSH Library) + * + * Can be freely distributed and used under the terms of the GNU GPL. + */ + +#include +#include "nest/bird.h" +#include "lib/libssh.h" + +#define FILENAME_OF_SHARED_OBJECT_LIBSSH "libssh.so" + +struct ssh_function { + void **fn; + const char *name; +}; + +ssh_session (*ssh_new)(void); +void (*ssh_set_blocking)(ssh_session session, int blocking); +int (*ssh_options_set)(ssh_session session, enum ssh_options_e type, const void *value); +int (*ssh_connect)(ssh_session session); +socket_t (*ssh_get_fd)(ssh_session session); +int (*ssh_is_server_known)(ssh_session session); +int (*ssh_userauth_publickey_auto)(ssh_session session, const char *username, const char *passphrase); +const char * (*ssh_get_error)(void *error); +int (*ssh_get_error_code)(void *error); +void (*ssh_disconnect)(ssh_session session); +void (*ssh_free)(ssh_session session); + +ssh_channel (*ssh_channel_new)(ssh_session session); +int (*ssh_channel_is_open)(ssh_channel channel); +int (*ssh_channel_close)(ssh_channel channel); +void (*ssh_channel_free)(ssh_channel channel); +int (*ssh_channel_open_session)(ssh_channel channel); +int (*ssh_channel_request_subsystem)(ssh_channel channel, const char *subsystem); +int (*ssh_channel_read_nonblocking)(ssh_channel channel, void *dest, uint32_t count, int is_stderr); +int (*ssh_channel_is_eof)(ssh_channel channel); +int (*ssh_channel_select)(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct timeval * timeout); +int (*ssh_channel_write)(ssh_channel channel, const void *data, uint32_t len); + +#define SSH_FN(x) { .fn = (void **) &x, .name = #x } +static struct ssh_function all_ssh_fn[] = { + SSH_FN(ssh_new), + SSH_FN(ssh_set_blocking), + SSH_FN(ssh_options_set), + SSH_FN(ssh_connect), + SSH_FN(ssh_get_fd), + SSH_FN(ssh_is_server_known), + SSH_FN(ssh_userauth_publickey_auto), + SSH_FN(ssh_get_error), + SSH_FN(ssh_get_error_code), + SSH_FN(ssh_disconnect), + SSH_FN(ssh_free), + SSH_FN(ssh_channel_new), + SSH_FN(ssh_channel_is_open), + SSH_FN(ssh_channel_close), + SSH_FN(ssh_channel_free), + SSH_FN(ssh_channel_open_session), + SSH_FN(ssh_channel_request_subsystem), + SSH_FN(ssh_channel_read_nonblocking), + SSH_FN(ssh_channel_is_eof), + SSH_FN(ssh_channel_select), + SSH_FN(ssh_channel_write), +}; +#undef SSH_FN + +static void *libssh; + +/** + * load_libssh - Prepare all ssh_* functions + * + * Initialize for use all ssh_* functions. Returns normally NULL. + * If an error occurs then returns static string with the error description. + */ +const char * +load_libssh(void) +{ + char *err_buf; + + libssh = dlopen(FILENAME_OF_SHARED_OBJECT_LIBSSH, RTLD_LAZY); + if (!libssh) + { + /* This would be probably often repeated problem */ + char *help_msg = "You have to install libssh library."; + err_buf = mb_alloc(&root_pool, 512); /* FIXME: free memory */ + bsnprintf(err_buf, 512, "%s. %s", dlerror(), help_msg); + return err_buf; + } + + dlerror(); /* Clear any existing error */ + + for (int i = 0; i < sizeof(all_ssh_fn)/sizeof(all_ssh_fn[0]); i++) + { + *all_ssh_fn[i].fn = (void *) dlsym(libssh, all_ssh_fn[i].name); + err_buf = dlerror(); + if (err_buf) + return err_buf; + } + + return NULL; +} diff --git a/lib/libssh.h b/lib/libssh.h new file mode 100644 index 00000000..74e11e59 --- /dev/null +++ b/lib/libssh.h @@ -0,0 +1,123 @@ +/* + * BIRD -- Mockup headers of SSH Library for loading LibSSH using dlopen + * + * (c) 2015 CZ.NIC + * + * This file was part of SSH Library: http://www.libssh.org/ + * (c) 2003-2009 by Aris Adamantiadis (SSH Library) + * + * Can be freely distributed and used under the terms of the GNU GPL. + */ + +#ifndef _BIRD_LIBSSH_H_ +#define _BIRD_LIBSSH_H_ + +#include +#include + +typedef struct ssh_session_struct* ssh_session; +typedef struct ssh_channel_struct* ssh_channel; + +/* Error return codes */ +#define SSH_OK 0 /* No error */ +#define SSH_ERROR -1 /* Error of some kind */ +#define SSH_AGAIN -2 /* The nonblocking call must be repeated */ +#define SSH_EOF -127 /* We have already a eof */ + +enum ssh_server_known_e { + SSH_SERVER_ERROR=-1, + SSH_SERVER_NOT_KNOWN=0, + SSH_SERVER_KNOWN_OK, + SSH_SERVER_KNOWN_CHANGED, + SSH_SERVER_FOUND_OTHER, + SSH_SERVER_FILE_NOT_FOUND +}; + +enum ssh_auth_e { + SSH_AUTH_SUCCESS=0, + SSH_AUTH_DENIED, + SSH_AUTH_PARTIAL, + SSH_AUTH_INFO, + SSH_AUTH_AGAIN, + SSH_AUTH_ERROR=-1 +}; + +enum ssh_error_types_e { + SSH_NO_ERROR=0, + SSH_REQUEST_DENIED, + SSH_FATAL, + SSH_EINTR +}; + +enum ssh_options_e { + SSH_OPTIONS_HOST, + SSH_OPTIONS_PORT, + SSH_OPTIONS_PORT_STR, + SSH_OPTIONS_FD, + SSH_OPTIONS_USER, + SSH_OPTIONS_SSH_DIR, + SSH_OPTIONS_IDENTITY, + SSH_OPTIONS_ADD_IDENTITY, + SSH_OPTIONS_KNOWNHOSTS, + SSH_OPTIONS_TIMEOUT, + SSH_OPTIONS_TIMEOUT_USEC, + SSH_OPTIONS_SSH1, + SSH_OPTIONS_SSH2, + SSH_OPTIONS_LOG_VERBOSITY, + SSH_OPTIONS_LOG_VERBOSITY_STR, + SSH_OPTIONS_CIPHERS_C_S, + SSH_OPTIONS_CIPHERS_S_C, + SSH_OPTIONS_COMPRESSION_C_S, + SSH_OPTIONS_COMPRESSION_S_C, + SSH_OPTIONS_PROXYCOMMAND, + SSH_OPTIONS_BINDADDR, + SSH_OPTIONS_STRICTHOSTKEYCHECK, + SSH_OPTIONS_COMPRESSION, + SSH_OPTIONS_COMPRESSION_LEVEL, + SSH_OPTIONS_KEY_EXCHANGE, + SSH_OPTIONS_HOSTKEYS, + SSH_OPTIONS_GSSAPI_SERVER_IDENTITY, + SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, + SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, + SSH_OPTIONS_HMAC_C_S, + SSH_OPTIONS_HMAC_S_C, +}; + +enum { + SSH_LOG_NOLOG=0, /* No logging at all */ + SSH_LOG_WARNING, /* Only warnings */ + SSH_LOG_PROTOCOL, /* High level protocol information */ + SSH_LOG_PACKET, /* Lower level protocol informations, packet level */ + SSH_LOG_FUNCTIONS /* Every function path */ +}; + +#ifndef socket_t +typedef int socket_t; +#endif + +extern ssh_session (*ssh_new)(void); +extern void (*ssh_set_blocking)(ssh_session session, int blocking); +extern int (*ssh_options_set)(ssh_session session, enum ssh_options_e type, const void *value); +extern int (*ssh_connect)(ssh_session session); +extern socket_t (*ssh_get_fd)(ssh_session session); +extern int (*ssh_is_server_known)(ssh_session session); +extern int (*ssh_userauth_publickey_auto)(ssh_session session, const char *username, const char *passphrase); +extern const char * (*ssh_get_error)(void *error); +extern int (*ssh_get_error_code)(void *error); +extern void (*ssh_disconnect)(ssh_session session); +extern void (*ssh_free)(ssh_session session); + +extern ssh_channel (*ssh_channel_new)(ssh_session session); +extern int (*ssh_channel_is_open)(ssh_channel channel); +extern int (*ssh_channel_close)(ssh_channel channel); +extern void (*ssh_channel_free)(ssh_channel channel); +extern int (*ssh_channel_open_session)(ssh_channel channel); +extern int (*ssh_channel_request_subsystem)(ssh_channel channel, const char *subsystem); +extern int (*ssh_channel_read_nonblocking)(ssh_channel channel, void *dest, uint32_t count, int is_stderr); +extern int (*ssh_channel_is_eof)(ssh_channel channel); +extern int (*ssh_channel_select)(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct timeval * timeout); +extern int (*ssh_channel_write)(ssh_channel channel, const void *data, uint32_t len); + +const char *load_libssh(void); + +#endif /* _BIRD_LIBSSH_H_ */ diff --git a/lib/resource.c b/lib/resource.c index 68718dfb..ab8c800f 100644 --- a/lib/resource.c +++ b/lib/resource.c @@ -31,7 +31,7 @@ struct pool { resource r; list inside; - char *name; + const char *name; }; static void pool_dump(resource *); @@ -61,7 +61,7 @@ static int indent; * parent pool. */ pool * -rp_new(pool *p, char *name) +rp_new(pool *p, const char *name) { pool *z = ralloc(p, &pool_class); z->name = name; diff --git a/lib/resource.h b/lib/resource.h index 1a62d389..1a0568b4 100644 --- a/lib/resource.h +++ b/lib/resource.h @@ -37,7 +37,7 @@ struct resclass { typedef struct pool pool; void resource_init(void); -pool *rp_new(pool *, char *); /* Create new pool */ +pool *rp_new(pool *, const char *); /* Create new pool */ void rfree(void *); /* Free single resource */ void rdump(void *); /* Dump to debug output */ size_t rmemsize(void *res); /* Return size of memory used by the resource */ diff --git a/lib/socket.h b/lib/socket.h index 7d1aa7ef..ce06a19c 100644 --- a/lib/socket.h +++ b/lib/socket.h @@ -12,6 +12,24 @@ #include #include "lib/resource.h" +#include "lib/libssh.h" + +struct ssh_sock { + const char *username; /* (Required) SSH user name */ + const char *server_hostkey_path; /* (Optional) Filepath to the SSH public key of remote side, can be knownhost file */ + const char *client_privkey_path; /* (Optional) Filepath to the SSH private key of BIRD */ + const char *subsystem; /* (Optional) Name of SSH subsytem */ + ssh_session session; /* Internal */ + ssh_channel channel; /* Internal */ + int state; /* Internal */ +#define SK_SSH_CONNECT 0 /* Start state */ +#define SK_SSH_SERVER_KNOWN 1 /* Internal */ +#define SK_SSH_USERAUTH 2 /* Internal */ +#define SK_SSH_CHANNEL 3 /* Internal */ +#define SK_SSH_SESSION 4 /* Internal */ +#define SK_SSH_SUBSYSTEM 5 /* Internal */ +#define SK_SSH_ESTABLISHED 6 /* Final state */ +}; typedef struct birdsock { resource r; @@ -20,6 +38,7 @@ typedef struct birdsock { int subtype; /* Socket subtype */ void *data; /* User data */ ip_addr saddr, daddr; /* IPA_NONE = unspecified */ + const char *host; /* Alternative to daddr, NULL = unspecified */ uint sport, dport; /* 0 = unspecified (for IP: protocol type) */ int tos; /* TOS / traffic class, -1 = default */ int priority; /* Local socket priority, -1 = default */ @@ -52,7 +71,8 @@ typedef struct birdsock { node n; void *rbuf_alloc, *tbuf_alloc; char *password; /* Password for MD5 authentication */ - char *err; /* Error message */ + const char *err; /* Error message */ + struct ssh_sock *ssh; /* Used in SK_SSH */ } sock; sock *sock_new(pool *); /* Allocate new socket */ @@ -115,6 +135,8 @@ extern int sk_priority_control; /* Suggested priority for control traffic, shou #define SK_MAGIC 7 /* Internal use by sysdep code */ #define SK_UNIX_PASSIVE 8 #define SK_UNIX 9 +#define SK_SSH_ACTIVE 10 /* - - * * - ? - DA = host */ +#define SK_SSH 11 /* * Socket subtypes -- cgit v1.2.3 From 69ae5784509d51ee928c99b8b066f68a166bfe18 Mon Sep 17 00:00:00 2001 From: Pavel Tvrdik Date: Wed, 29 Jun 2016 12:08:28 +0200 Subject: Add `.asn' operator to all ROA prefixes in filters Example: bird> eval (1.2.0.0/16 max 20 as 1234).asn 1234 Todo: Should be described in user docs --- filter/config.Y | 3 ++- filter/filter.c | 10 ++++++++++ lib/net.h | 3 +++ 3 files changed, 15 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/filter/config.Y b/filter/config.Y index 3e70a63e..6783ea10 100644 --- a/filter/config.Y +++ b/filter/config.Y @@ -278,7 +278,7 @@ CF_KEYWORDS(FUNCTION, PRINT, PRINTN, UNSET, RETURN, TRUE, FALSE, RT, RO, UNKNOWN, GENERIC, FROM, GW, NET, MASK, PROTO, SOURCE, SCOPE, CAST, DEST, IFNAME, IFINDEX, PREFERENCE, - ROA_CHECK, + ROA_CHECK, ASN, LEN, DEFINED, ADD, DELETE, CONTAINS, RESET, @@ -740,6 +740,7 @@ term: | term '.' IP { $$ = f_new_inst(); $$->code = P('c','p'); $$->a1.p = $1; $$->aux = T_IP; } | term '.' LEN { $$ = f_new_inst(); $$->code = 'L'; $$->a1.p = $1; } + | term '.' ASN { $$ = f_new_inst(); $$->code = P('R','a'); $$->a1.p = $1; } | term '.' MASK '(' term ')' { $$ = f_new_inst(); $$->code = P('i','M'); $$->a1.p = $1; $$->a2.p = $5; } | term '.' FIRST { $$ = f_new_inst(); $$->code = P('a','f'); $$->a1.p = $1; } | term '.' LAST { $$ = f_new_inst(); $$->code = P('a','l'); $$->a1.p = $1; } diff --git a/filter/filter.c b/filter/filter.c index 47c5e63d..ba1ba753 100644 --- a/filter/filter.c +++ b/filter/filter.c @@ -1029,6 +1029,16 @@ interpret(struct f_inst *what) default: runtime( "Prefix, path, clist or eclist expected" ); } break; + case P('R','a'): /* Get ROA ASN */ + ONEARG; + if (v1.type != T_NET || !net_is_roa(v1.val.net)) + runtime( "ROA expected" ); + + res.type = T_INT; + res.val.i = (v1.val.net->type == NET_ROA4) ? + ((net_addr_roa4 *) v1.val.net)->asn : + ((net_addr_roa6 *) v1.val.net)->asn; + break; case P('c','p'): /* Convert prefix to ... */ ONEARG; if (v1.type != T_NET) diff --git a/lib/net.h b/lib/net.h index d9137c4a..3deedb1f 100644 --- a/lib/net.h +++ b/lib/net.h @@ -171,6 +171,9 @@ static inline int net_type_match(const net_addr *a, u32 mask) static inline int net_is_ip(const net_addr *a) { return (a->type == NET_IP4) || (a->type == NET_IP6); } +static inline int net_is_roa(const net_addr *a) +{ return (a->type == NET_ROA4) || (a->type == NET_ROA6); } + static inline ip4_addr net4_prefix(const net_addr *a) { return ((net_addr_ip4 *) a)->prefix; } -- cgit v1.2.3 From af62c0f9f1f6382fe88c8ae5e514f70c0b5b6d05 Mon Sep 17 00:00:00 2001 From: Jan Moskyto Matejka Date: Wed, 7 Dec 2016 14:15:35 +0100 Subject: LibSSH may be switched off together with RPKI --- configure.in | 19 ++++++- lib/Makefile | 2 +- lib/libssh.c | 106 -------------------------------------- lib/libssh.h | 123 --------------------------------------------- lib/socket.h | 7 ++- proto/babel/babel.h | 4 -- proto/rpki/packets.c | 2 +- proto/rpki/rpki.c | 2 +- proto/rpki/ssh_transport.c | 8 --- sysdep/autoconf.h.in | 3 ++ sysdep/unix/io.c | 17 ++++++- 11 files changed, 45 insertions(+), 248 deletions(-) delete mode 100644 lib/libssh.c delete mode 100644 lib/libssh.h (limited to 'lib') diff --git a/configure.in b/configure.in index 41a67e74..3c9df3a9 100644 --- a/configure.in +++ b/configure.in @@ -10,6 +10,7 @@ AC_ARG_ENABLE(debug, [ --enable-debug enable internal debugging routin AC_ARG_ENABLE(memcheck, [ --enable-memcheck check memory allocations when debugging (default: enabled)],,enable_memcheck=yes) AC_ARG_ENABLE(client, [ --enable-client enable building of BIRD client (default: enabled)],,enable_client=yes) AC_ARG_ENABLE(pthreads, [ --enable-pthreads enable POSIX threads support (default: detect)],,enable_pthreads=try) +AC_ARG_ENABLE(libssh, [ --enable-libssh enable LibSSH support together with RPKI protocol (default: detect)],,enable_libssh=try) AC_ARG_WITH(sysconfig, [ --with-sysconfig=FILE use specified BIRD system configuration file]) AC_ARG_WITH(protocols, [ --with-protocols=LIST include specified routing protocols (default: all)],,[with_protocols="all"]) AC_ARG_WITH(sysinclude, [ --with-sysinclude=PATH search for system includes on specified place]) @@ -86,6 +87,21 @@ if test "$enable_pthreads" != no ; then fi fi +if test "$enable_libssh" != no ; then + AC_CHECK_LIB(ssh, ssh_connect) + if test $ac_cv_lib_ssh_ssh_connect = yes ; then + proto_rpki=rpki + enable_libssh=yes + AC_DEFINE(HAVE_LIBSSH) + else + if test "$enable_libssh" = yes ; then + AC_MSG_ERROR([LibSSH not available.]) + else + enable_libssh=no + fi + fi +fi + if test "$bird_cflags_default" = yes ; then BIRD_CHECK_GCC_OPTION(bird_cv_c_option_wno_pointer_sign, -Wno-pointer-sign, -Wall) BIRD_CHECK_GCC_OPTION(bird_cv_c_option_fno_strict_aliasing, -fno-strict-aliasing) @@ -168,7 +184,7 @@ fi AC_SUBST(iproutedir) # all_protocols="$proto_bfd babel bgp ospf pipe radv rip static" -all_protocols="$proto_bfd babel ospf pipe radv rip rpki static " +all_protocols="$proto_bfd ospf pipe radv rip $proto_rpki static " all_protocols=`echo $all_protocols | sed 's/ /,/g'` @@ -227,7 +243,6 @@ if test "$enable_debug" = yes ; then fi DAEMON_LIBS= -AC_CHECK_LIB(dl, dlopen, DAEMON_LIBS="-ldl") AC_SUBST(DAEMON_LIBS) CLIENT=birdcl diff --git a/lib/Makefile b/lib/Makefile index 1634e5e5..a9aae66f 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -2,6 +2,6 @@ src := bitops.c checksum.c ip.c lists.c md5.c net.c patmatch.c printf.c sha1.c s obj := $(src-o-files) $(all-client) -src := bitops.c checksum.c event.c idm.c ip.c libssh.c lists.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c +src := bitops.c checksum.c event.c idm.c ip.c lists.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c obj := $(src-o-files) $(all-daemon) diff --git a/lib/libssh.c b/lib/libssh.c deleted file mode 100644 index 9449ab30..00000000 --- a/lib/libssh.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * BIRD -- Mockup of SSH Library for loading LibSSH using dlopen - * - * (c) 2015 CZ.NIC - * - * This file was part of SSH Library: http://www.libssh.org/ - * (c) 2003-2009 by Aris Adamantiadis (SSH Library) - * - * Can be freely distributed and used under the terms of the GNU GPL. - */ - -#include -#include "nest/bird.h" -#include "lib/libssh.h" - -#define FILENAME_OF_SHARED_OBJECT_LIBSSH "libssh.so" - -struct ssh_function { - void **fn; - const char *name; -}; - -ssh_session (*ssh_new)(void); -void (*ssh_set_blocking)(ssh_session session, int blocking); -int (*ssh_options_set)(ssh_session session, enum ssh_options_e type, const void *value); -int (*ssh_connect)(ssh_session session); -socket_t (*ssh_get_fd)(ssh_session session); -int (*ssh_is_server_known)(ssh_session session); -int (*ssh_userauth_publickey_auto)(ssh_session session, const char *username, const char *passphrase); -const char * (*ssh_get_error)(void *error); -int (*ssh_get_error_code)(void *error); -void (*ssh_disconnect)(ssh_session session); -void (*ssh_free)(ssh_session session); - -ssh_channel (*ssh_channel_new)(ssh_session session); -int (*ssh_channel_is_open)(ssh_channel channel); -int (*ssh_channel_close)(ssh_channel channel); -void (*ssh_channel_free)(ssh_channel channel); -int (*ssh_channel_open_session)(ssh_channel channel); -int (*ssh_channel_request_subsystem)(ssh_channel channel, const char *subsystem); -int (*ssh_channel_read_nonblocking)(ssh_channel channel, void *dest, uint32_t count, int is_stderr); -int (*ssh_channel_is_eof)(ssh_channel channel); -int (*ssh_channel_select)(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct timeval * timeout); -int (*ssh_channel_write)(ssh_channel channel, const void *data, uint32_t len); - -#define SSH_FN(x) { .fn = (void **) &x, .name = #x } -static struct ssh_function all_ssh_fn[] = { - SSH_FN(ssh_new), - SSH_FN(ssh_set_blocking), - SSH_FN(ssh_options_set), - SSH_FN(ssh_connect), - SSH_FN(ssh_get_fd), - SSH_FN(ssh_is_server_known), - SSH_FN(ssh_userauth_publickey_auto), - SSH_FN(ssh_get_error), - SSH_FN(ssh_get_error_code), - SSH_FN(ssh_disconnect), - SSH_FN(ssh_free), - SSH_FN(ssh_channel_new), - SSH_FN(ssh_channel_is_open), - SSH_FN(ssh_channel_close), - SSH_FN(ssh_channel_free), - SSH_FN(ssh_channel_open_session), - SSH_FN(ssh_channel_request_subsystem), - SSH_FN(ssh_channel_read_nonblocking), - SSH_FN(ssh_channel_is_eof), - SSH_FN(ssh_channel_select), - SSH_FN(ssh_channel_write), -}; -#undef SSH_FN - -static void *libssh; - -/** - * load_libssh - Prepare all ssh_* functions - * - * Initialize for use all ssh_* functions. Returns normally NULL. - * If an error occurs then returns static string with the error description. - */ -const char * -load_libssh(void) -{ - char *err_buf; - - libssh = dlopen(FILENAME_OF_SHARED_OBJECT_LIBSSH, RTLD_LAZY); - if (!libssh) - { - /* This would be probably often repeated problem */ - char *help_msg = "You have to install libssh library."; - err_buf = mb_alloc(&root_pool, 512); /* FIXME: free memory */ - bsnprintf(err_buf, 512, "%s. %s", dlerror(), help_msg); - return err_buf; - } - - dlerror(); /* Clear any existing error */ - - for (int i = 0; i < sizeof(all_ssh_fn)/sizeof(all_ssh_fn[0]); i++) - { - *all_ssh_fn[i].fn = (void *) dlsym(libssh, all_ssh_fn[i].name); - err_buf = dlerror(); - if (err_buf) - return err_buf; - } - - return NULL; -} diff --git a/lib/libssh.h b/lib/libssh.h deleted file mode 100644 index 74e11e59..00000000 --- a/lib/libssh.h +++ /dev/null @@ -1,123 +0,0 @@ -/* - * BIRD -- Mockup headers of SSH Library for loading LibSSH using dlopen - * - * (c) 2015 CZ.NIC - * - * This file was part of SSH Library: http://www.libssh.org/ - * (c) 2003-2009 by Aris Adamantiadis (SSH Library) - * - * Can be freely distributed and used under the terms of the GNU GPL. - */ - -#ifndef _BIRD_LIBSSH_H_ -#define _BIRD_LIBSSH_H_ - -#include -#include - -typedef struct ssh_session_struct* ssh_session; -typedef struct ssh_channel_struct* ssh_channel; - -/* Error return codes */ -#define SSH_OK 0 /* No error */ -#define SSH_ERROR -1 /* Error of some kind */ -#define SSH_AGAIN -2 /* The nonblocking call must be repeated */ -#define SSH_EOF -127 /* We have already a eof */ - -enum ssh_server_known_e { - SSH_SERVER_ERROR=-1, - SSH_SERVER_NOT_KNOWN=0, - SSH_SERVER_KNOWN_OK, - SSH_SERVER_KNOWN_CHANGED, - SSH_SERVER_FOUND_OTHER, - SSH_SERVER_FILE_NOT_FOUND -}; - -enum ssh_auth_e { - SSH_AUTH_SUCCESS=0, - SSH_AUTH_DENIED, - SSH_AUTH_PARTIAL, - SSH_AUTH_INFO, - SSH_AUTH_AGAIN, - SSH_AUTH_ERROR=-1 -}; - -enum ssh_error_types_e { - SSH_NO_ERROR=0, - SSH_REQUEST_DENIED, - SSH_FATAL, - SSH_EINTR -}; - -enum ssh_options_e { - SSH_OPTIONS_HOST, - SSH_OPTIONS_PORT, - SSH_OPTIONS_PORT_STR, - SSH_OPTIONS_FD, - SSH_OPTIONS_USER, - SSH_OPTIONS_SSH_DIR, - SSH_OPTIONS_IDENTITY, - SSH_OPTIONS_ADD_IDENTITY, - SSH_OPTIONS_KNOWNHOSTS, - SSH_OPTIONS_TIMEOUT, - SSH_OPTIONS_TIMEOUT_USEC, - SSH_OPTIONS_SSH1, - SSH_OPTIONS_SSH2, - SSH_OPTIONS_LOG_VERBOSITY, - SSH_OPTIONS_LOG_VERBOSITY_STR, - SSH_OPTIONS_CIPHERS_C_S, - SSH_OPTIONS_CIPHERS_S_C, - SSH_OPTIONS_COMPRESSION_C_S, - SSH_OPTIONS_COMPRESSION_S_C, - SSH_OPTIONS_PROXYCOMMAND, - SSH_OPTIONS_BINDADDR, - SSH_OPTIONS_STRICTHOSTKEYCHECK, - SSH_OPTIONS_COMPRESSION, - SSH_OPTIONS_COMPRESSION_LEVEL, - SSH_OPTIONS_KEY_EXCHANGE, - SSH_OPTIONS_HOSTKEYS, - SSH_OPTIONS_GSSAPI_SERVER_IDENTITY, - SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, - SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, - SSH_OPTIONS_HMAC_C_S, - SSH_OPTIONS_HMAC_S_C, -}; - -enum { - SSH_LOG_NOLOG=0, /* No logging at all */ - SSH_LOG_WARNING, /* Only warnings */ - SSH_LOG_PROTOCOL, /* High level protocol information */ - SSH_LOG_PACKET, /* Lower level protocol informations, packet level */ - SSH_LOG_FUNCTIONS /* Every function path */ -}; - -#ifndef socket_t -typedef int socket_t; -#endif - -extern ssh_session (*ssh_new)(void); -extern void (*ssh_set_blocking)(ssh_session session, int blocking); -extern int (*ssh_options_set)(ssh_session session, enum ssh_options_e type, const void *value); -extern int (*ssh_connect)(ssh_session session); -extern socket_t (*ssh_get_fd)(ssh_session session); -extern int (*ssh_is_server_known)(ssh_session session); -extern int (*ssh_userauth_publickey_auto)(ssh_session session, const char *username, const char *passphrase); -extern const char * (*ssh_get_error)(void *error); -extern int (*ssh_get_error_code)(void *error); -extern void (*ssh_disconnect)(ssh_session session); -extern void (*ssh_free)(ssh_session session); - -extern ssh_channel (*ssh_channel_new)(ssh_session session); -extern int (*ssh_channel_is_open)(ssh_channel channel); -extern int (*ssh_channel_close)(ssh_channel channel); -extern void (*ssh_channel_free)(ssh_channel channel); -extern int (*ssh_channel_open_session)(ssh_channel channel); -extern int (*ssh_channel_request_subsystem)(ssh_channel channel, const char *subsystem); -extern int (*ssh_channel_read_nonblocking)(ssh_channel channel, void *dest, uint32_t count, int is_stderr); -extern int (*ssh_channel_is_eof)(ssh_channel channel); -extern int (*ssh_channel_select)(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct timeval * timeout); -extern int (*ssh_channel_write)(ssh_channel channel, const void *data, uint32_t len); - -const char *load_libssh(void); - -#endif /* _BIRD_LIBSSH_H_ */ diff --git a/lib/socket.h b/lib/socket.h index ce06a19c..99bac6f8 100644 --- a/lib/socket.h +++ b/lib/socket.h @@ -12,8 +12,12 @@ #include #include "lib/resource.h" -#include "lib/libssh.h" +#ifdef HAVE_LIBSSH +#define LIBSSH_LEGACY_0_4 +#include +#endif +#ifdef HAVE_LIBSSH struct ssh_sock { const char *username; /* (Required) SSH user name */ const char *server_hostkey_path; /* (Optional) Filepath to the SSH public key of remote side, can be knownhost file */ @@ -30,6 +34,7 @@ struct ssh_sock { #define SK_SSH_SUBSYSTEM 5 /* Internal */ #define SK_SSH_ESTABLISHED 6 /* Final state */ }; +#endif typedef struct birdsock { resource r; diff --git a/proto/babel/babel.h b/proto/babel/babel.h index 920a6764..04689976 100644 --- a/proto/babel/babel.h +++ b/proto/babel/babel.h @@ -23,10 +23,6 @@ #include "lib/string.h" #include "sysdep/unix/timer.h" -#ifndef IPV6 -#error "The Babel protocol only speaks IPv6" -#endif - #define EA_BABEL_METRIC EA_CODE(EAP_BABEL, 0) #define EA_BABEL_ROUTER_ID EA_CODE(EAP_BABEL, 1) diff --git a/proto/rpki/packets.c b/proto/rpki/packets.c index c80343c5..22b0b54f 100644 --- a/proto/rpki/packets.c +++ b/proto/rpki/packets.c @@ -1019,7 +1019,7 @@ rpki_send_error_pdu(struct rpki_cache *cache, const enum pdu_error_type error_co u32 pdu_size = 16 + err_pdu_len + msg_len; byte pdu[pdu_size]; - memset(pdu, sizeof(pdu), 0); + memset(pdu, 0, sizeof(pdu)); struct pdu_error *e = (void *) pdu; e->ver = cache->version; diff --git a/proto/rpki/rpki.c b/proto/rpki/rpki.c index 6eac2b82..6360dbaf 100644 --- a/proto/rpki/rpki.c +++ b/proto/rpki/rpki.c @@ -887,7 +887,7 @@ rpki_check_config(struct rpki_config *cf) /* Set default port numbers */ switch (cf->tr_config.type) { - case RPKI_SSH_PORT: + case RPKI_TR_SSH: cf->port = RPKI_SSH_PORT; break; default: diff --git a/proto/rpki/ssh_transport.c b/proto/rpki/ssh_transport.c index 8fc32626..cd49ab90 100644 --- a/proto/rpki/ssh_transport.c +++ b/proto/rpki/ssh_transport.c @@ -16,7 +16,6 @@ #include #include "rpki.h" -#include "lib/libssh.h" static int rpki_tr_ssh_open(struct rpki_tr_sock *tr) @@ -26,13 +25,6 @@ rpki_tr_ssh_open(struct rpki_tr_sock *tr) struct rpki_tr_ssh_config *ssh_cf = (void *) cf->tr_config.spec; sock *sk = tr->sk; - const char *err_msg; - if ((err_msg = load_libssh()) != NULL) - { - CACHE_TRACE(D_EVENTS, cache, "%s", err_msg); - return RPKI_TR_ERROR; - } - sk->type = SK_SSH_ACTIVE; sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock)); sk->ssh->username = ssh_cf->user; diff --git a/sysdep/autoconf.h.in b/sysdep/autoconf.h.in index b746eb34..a68f3e90 100644 --- a/sysdep/autoconf.h.in +++ b/sysdep/autoconf.h.in @@ -68,4 +68,7 @@ /* We have stdint.h */ #undef HAVE_STDINT_H +/* We have LibSSH */ +#undef HAVE_LIBSSH + #define CONFIG_PATH ? diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c index cb57ffea..e3e2f5f8 100644 --- a/sysdep/unix/io.c +++ b/sysdep/unix/io.c @@ -36,7 +36,6 @@ #include "lib/socket.h" #include "lib/event.h" #include "lib/string.h" -#include "lib/libssh.h" #include "nest/iface.h" #include "sysdep/unix/unix.h" @@ -1070,6 +1069,7 @@ sk_free_bufs(sock *s) } } +#ifdef HAVE_LIBSSH static void sk_ssh_free(sock *s) { @@ -1095,6 +1095,7 @@ sk_ssh_free(sock *s) ssh->session = NULL; } } +#endif static void sk_free(resource *r) @@ -1103,8 +1104,10 @@ sk_free(resource *r) sk_free_bufs(s); +#ifdef HAVE_LIBSSH if (s->type == SK_SSH || s->type == SK_SSH_ACTIVE) sk_ssh_free(s); +#endif if (s->fd < 0) return; @@ -1399,6 +1402,7 @@ sk_passive_connected(sock *s, int type) return 1; } +#ifdef HAVE_LIBSSH /* * Return SSH_OK or SSH_AGAIN or SSH_ERROR */ @@ -1591,6 +1595,7 @@ sk_open_ssh(sock *s) err: return -1; } +#endif /** * sk_open - open a socket @@ -1657,10 +1662,12 @@ sk_open(sock *s) do_bind = bind_port || ipa_nonzero(bind_addr); break; +#ifdef HAVE_LIBSSH case SK_SSH_ACTIVE: s->ttx = ""; /* Force s->ttx != s->tpos */ fd = sk_open_ssh(s); break; +#endif case SK_UDP: fd = socket(af, SOCK_DGRAM, IPPROTO_UDP); @@ -1935,6 +1942,7 @@ sk_maybe_write(sock *s) reset_tx_buffer(s); return 1; +#ifdef HAVE_LIBSSH case SK_SSH: while (s->ttx != s->tpos) { @@ -1954,6 +1962,7 @@ sk_maybe_write(sock *s) } reset_tx_buffer(s); return 1; +#endif case SK_UDP: case SK_IP: @@ -2070,6 +2079,7 @@ call_rx_hook(sock *s, int size) } } +#ifdef HAVE_LIBSSH static int sk_read_ssh(sock *s) { @@ -2114,6 +2124,7 @@ sk_read_ssh(sock *s) return 0; /* No data is available on the socket */ } +#endif /* sk_read() and sk_write() are called from BFD's event loop */ @@ -2154,8 +2165,10 @@ sk_read(sock *s, int revents) return 0; } +#ifdef HAVE_LIBSSH case SK_SSH: return sk_read_ssh(s); +#endif case SK_MAGIC: return s->rx_hook(s, 0); @@ -2195,6 +2208,7 @@ sk_write(sock *s) return 0; } +#ifdef HAVE_LIBSSH case SK_SSH_ACTIVE: { switch (sk_ssh_connect(s)) @@ -2213,6 +2227,7 @@ sk_write(sock *s) } return 0; } +#endif default: if (s->ttx != s->tpos && sk_maybe_write(s) > 0) -- cgit v1.2.3