From af62c0f9f1f6382fe88c8ae5e514f70c0b5b6d05 Mon Sep 17 00:00:00 2001 From: Jan Moskyto Matejka Date: Wed, 7 Dec 2016 14:15:35 +0100 Subject: [PATCH] LibSSH may be switched off together with RPKI --- configure.in | 19 +++++- lib/Makefile | 2 +- lib/libssh.c | 106 -------------------------------- lib/libssh.h | 123 ------------------------------------- lib/socket.h | 7 ++- proto/babel/babel.h | 4 -- proto/rpki/packets.c | 2 +- proto/rpki/rpki.c | 2 +- proto/rpki/ssh_transport.c | 8 --- sysdep/autoconf.h.in | 3 + sysdep/unix/io.c | 17 ++++- 11 files changed, 45 insertions(+), 248 deletions(-) delete mode 100644 lib/libssh.c delete mode 100644 lib/libssh.h diff --git a/configure.in b/configure.in index 41a67e74..3c9df3a9 100644 --- a/configure.in +++ b/configure.in @@ -10,6 +10,7 @@ AC_ARG_ENABLE(debug, [ --enable-debug enable internal debugging routin AC_ARG_ENABLE(memcheck, [ --enable-memcheck check memory allocations when debugging (default: enabled)],,enable_memcheck=yes) AC_ARG_ENABLE(client, [ --enable-client enable building of BIRD client (default: enabled)],,enable_client=yes) AC_ARG_ENABLE(pthreads, [ --enable-pthreads enable POSIX threads support (default: detect)],,enable_pthreads=try) +AC_ARG_ENABLE(libssh, [ --enable-libssh enable LibSSH support together with RPKI protocol (default: detect)],,enable_libssh=try) AC_ARG_WITH(sysconfig, [ --with-sysconfig=FILE use specified BIRD system configuration file]) AC_ARG_WITH(protocols, [ --with-protocols=LIST include specified routing protocols (default: all)],,[with_protocols="all"]) AC_ARG_WITH(sysinclude, [ --with-sysinclude=PATH search for system includes on specified place]) @@ -86,6 +87,21 @@ if test "$enable_pthreads" != no ; then fi fi +if test "$enable_libssh" != no ; then + AC_CHECK_LIB(ssh, ssh_connect) + if test $ac_cv_lib_ssh_ssh_connect = yes ; then + proto_rpki=rpki + enable_libssh=yes + AC_DEFINE(HAVE_LIBSSH) + else + if test "$enable_libssh" = yes ; then + AC_MSG_ERROR([LibSSH not available.]) + else + enable_libssh=no + fi + fi +fi + if test "$bird_cflags_default" = yes ; then BIRD_CHECK_GCC_OPTION(bird_cv_c_option_wno_pointer_sign, -Wno-pointer-sign, -Wall) BIRD_CHECK_GCC_OPTION(bird_cv_c_option_fno_strict_aliasing, -fno-strict-aliasing) @@ -168,7 +184,7 @@ fi AC_SUBST(iproutedir) # all_protocols="$proto_bfd babel bgp ospf pipe radv rip static" -all_protocols="$proto_bfd babel ospf pipe radv rip rpki static " +all_protocols="$proto_bfd ospf pipe radv rip $proto_rpki static " all_protocols=`echo $all_protocols | sed 's/ /,/g'` @@ -227,7 +243,6 @@ if test "$enable_debug" = yes ; then fi DAEMON_LIBS= -AC_CHECK_LIB(dl, dlopen, DAEMON_LIBS="-ldl") AC_SUBST(DAEMON_LIBS) CLIENT=birdcl diff --git a/lib/Makefile b/lib/Makefile index 1634e5e5..a9aae66f 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -2,6 +2,6 @@ src := bitops.c checksum.c ip.c lists.c md5.c net.c patmatch.c printf.c sha1.c s obj := $(src-o-files) $(all-client) -src := bitops.c checksum.c event.c idm.c ip.c libssh.c lists.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c +src := bitops.c checksum.c event.c idm.c ip.c lists.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c obj := $(src-o-files) $(all-daemon) diff --git a/lib/libssh.c b/lib/libssh.c deleted file mode 100644 index 9449ab30..00000000 --- a/lib/libssh.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * BIRD -- Mockup of SSH Library for loading LibSSH using dlopen - * - * (c) 2015 CZ.NIC - * - * This file was part of SSH Library: http://www.libssh.org/ - * (c) 2003-2009 by Aris Adamantiadis (SSH Library) - * - * Can be freely distributed and used under the terms of the GNU GPL. - */ - -#include -#include "nest/bird.h" -#include "lib/libssh.h" - -#define FILENAME_OF_SHARED_OBJECT_LIBSSH "libssh.so" - -struct ssh_function { - void **fn; - const char *name; -}; - -ssh_session (*ssh_new)(void); -void (*ssh_set_blocking)(ssh_session session, int blocking); -int (*ssh_options_set)(ssh_session session, enum ssh_options_e type, const void *value); -int (*ssh_connect)(ssh_session session); -socket_t (*ssh_get_fd)(ssh_session session); -int (*ssh_is_server_known)(ssh_session session); -int (*ssh_userauth_publickey_auto)(ssh_session session, const char *username, const char *passphrase); -const char * (*ssh_get_error)(void *error); -int (*ssh_get_error_code)(void *error); -void (*ssh_disconnect)(ssh_session session); -void (*ssh_free)(ssh_session session); - -ssh_channel (*ssh_channel_new)(ssh_session session); -int (*ssh_channel_is_open)(ssh_channel channel); -int (*ssh_channel_close)(ssh_channel channel); -void (*ssh_channel_free)(ssh_channel channel); -int (*ssh_channel_open_session)(ssh_channel channel); -int (*ssh_channel_request_subsystem)(ssh_channel channel, const char *subsystem); -int (*ssh_channel_read_nonblocking)(ssh_channel channel, void *dest, uint32_t count, int is_stderr); -int (*ssh_channel_is_eof)(ssh_channel channel); -int (*ssh_channel_select)(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct timeval * timeout); -int (*ssh_channel_write)(ssh_channel channel, const void *data, uint32_t len); - -#define SSH_FN(x) { .fn = (void **) &x, .name = #x } -static struct ssh_function all_ssh_fn[] = { - SSH_FN(ssh_new), - SSH_FN(ssh_set_blocking), - SSH_FN(ssh_options_set), - SSH_FN(ssh_connect), - SSH_FN(ssh_get_fd), - SSH_FN(ssh_is_server_known), - SSH_FN(ssh_userauth_publickey_auto), - SSH_FN(ssh_get_error), - SSH_FN(ssh_get_error_code), - SSH_FN(ssh_disconnect), - SSH_FN(ssh_free), - SSH_FN(ssh_channel_new), - SSH_FN(ssh_channel_is_open), - SSH_FN(ssh_channel_close), - SSH_FN(ssh_channel_free), - SSH_FN(ssh_channel_open_session), - SSH_FN(ssh_channel_request_subsystem), - SSH_FN(ssh_channel_read_nonblocking), - SSH_FN(ssh_channel_is_eof), - SSH_FN(ssh_channel_select), - SSH_FN(ssh_channel_write), -}; -#undef SSH_FN - -static void *libssh; - -/** - * load_libssh - Prepare all ssh_* functions - * - * Initialize for use all ssh_* functions. Returns normally NULL. - * If an error occurs then returns static string with the error description. - */ -const char * -load_libssh(void) -{ - char *err_buf; - - libssh = dlopen(FILENAME_OF_SHARED_OBJECT_LIBSSH, RTLD_LAZY); - if (!libssh) - { - /* This would be probably often repeated problem */ - char *help_msg = "You have to install libssh library."; - err_buf = mb_alloc(&root_pool, 512); /* FIXME: free memory */ - bsnprintf(err_buf, 512, "%s. %s", dlerror(), help_msg); - return err_buf; - } - - dlerror(); /* Clear any existing error */ - - for (int i = 0; i < sizeof(all_ssh_fn)/sizeof(all_ssh_fn[0]); i++) - { - *all_ssh_fn[i].fn = (void *) dlsym(libssh, all_ssh_fn[i].name); - err_buf = dlerror(); - if (err_buf) - return err_buf; - } - - return NULL; -} diff --git a/lib/libssh.h b/lib/libssh.h deleted file mode 100644 index 74e11e59..00000000 --- a/lib/libssh.h +++ /dev/null @@ -1,123 +0,0 @@ -/* - * BIRD -- Mockup headers of SSH Library for loading LibSSH using dlopen - * - * (c) 2015 CZ.NIC - * - * This file was part of SSH Library: http://www.libssh.org/ - * (c) 2003-2009 by Aris Adamantiadis (SSH Library) - * - * Can be freely distributed and used under the terms of the GNU GPL. - */ - -#ifndef _BIRD_LIBSSH_H_ -#define _BIRD_LIBSSH_H_ - -#include -#include - -typedef struct ssh_session_struct* ssh_session; -typedef struct ssh_channel_struct* ssh_channel; - -/* Error return codes */ -#define SSH_OK 0 /* No error */ -#define SSH_ERROR -1 /* Error of some kind */ -#define SSH_AGAIN -2 /* The nonblocking call must be repeated */ -#define SSH_EOF -127 /* We have already a eof */ - -enum ssh_server_known_e { - SSH_SERVER_ERROR=-1, - SSH_SERVER_NOT_KNOWN=0, - SSH_SERVER_KNOWN_OK, - SSH_SERVER_KNOWN_CHANGED, - SSH_SERVER_FOUND_OTHER, - SSH_SERVER_FILE_NOT_FOUND -}; - -enum ssh_auth_e { - SSH_AUTH_SUCCESS=0, - SSH_AUTH_DENIED, - SSH_AUTH_PARTIAL, - SSH_AUTH_INFO, - SSH_AUTH_AGAIN, - SSH_AUTH_ERROR=-1 -}; - -enum ssh_error_types_e { - SSH_NO_ERROR=0, - SSH_REQUEST_DENIED, - SSH_FATAL, - SSH_EINTR -}; - -enum ssh_options_e { - SSH_OPTIONS_HOST, - SSH_OPTIONS_PORT, - SSH_OPTIONS_PORT_STR, - SSH_OPTIONS_FD, - SSH_OPTIONS_USER, - SSH_OPTIONS_SSH_DIR, - SSH_OPTIONS_IDENTITY, - SSH_OPTIONS_ADD_IDENTITY, - SSH_OPTIONS_KNOWNHOSTS, - SSH_OPTIONS_TIMEOUT, - SSH_OPTIONS_TIMEOUT_USEC, - SSH_OPTIONS_SSH1, - SSH_OPTIONS_SSH2, - SSH_OPTIONS_LOG_VERBOSITY, - SSH_OPTIONS_LOG_VERBOSITY_STR, - SSH_OPTIONS_CIPHERS_C_S, - SSH_OPTIONS_CIPHERS_S_C, - SSH_OPTIONS_COMPRESSION_C_S, - SSH_OPTIONS_COMPRESSION_S_C, - SSH_OPTIONS_PROXYCOMMAND, - SSH_OPTIONS_BINDADDR, - SSH_OPTIONS_STRICTHOSTKEYCHECK, - SSH_OPTIONS_COMPRESSION, - SSH_OPTIONS_COMPRESSION_LEVEL, - SSH_OPTIONS_KEY_EXCHANGE, - SSH_OPTIONS_HOSTKEYS, - SSH_OPTIONS_GSSAPI_SERVER_IDENTITY, - SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, - SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, - SSH_OPTIONS_HMAC_C_S, - SSH_OPTIONS_HMAC_S_C, -}; - -enum { - SSH_LOG_NOLOG=0, /* No logging at all */ - SSH_LOG_WARNING, /* Only warnings */ - SSH_LOG_PROTOCOL, /* High level protocol information */ - SSH_LOG_PACKET, /* Lower level protocol informations, packet level */ - SSH_LOG_FUNCTIONS /* Every function path */ -}; - -#ifndef socket_t -typedef int socket_t; -#endif - -extern ssh_session (*ssh_new)(void); -extern void (*ssh_set_blocking)(ssh_session session, int blocking); -extern int (*ssh_options_set)(ssh_session session, enum ssh_options_e type, const void *value); -extern int (*ssh_connect)(ssh_session session); -extern socket_t (*ssh_get_fd)(ssh_session session); -extern int (*ssh_is_server_known)(ssh_session session); -extern int (*ssh_userauth_publickey_auto)(ssh_session session, const char *username, const char *passphrase); -extern const char * (*ssh_get_error)(void *error); -extern int (*ssh_get_error_code)(void *error); -extern void (*ssh_disconnect)(ssh_session session); -extern void (*ssh_free)(ssh_session session); - -extern ssh_channel (*ssh_channel_new)(ssh_session session); -extern int (*ssh_channel_is_open)(ssh_channel channel); -extern int (*ssh_channel_close)(ssh_channel channel); -extern void (*ssh_channel_free)(ssh_channel channel); -extern int (*ssh_channel_open_session)(ssh_channel channel); -extern int (*ssh_channel_request_subsystem)(ssh_channel channel, const char *subsystem); -extern int (*ssh_channel_read_nonblocking)(ssh_channel channel, void *dest, uint32_t count, int is_stderr); -extern int (*ssh_channel_is_eof)(ssh_channel channel); -extern int (*ssh_channel_select)(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct timeval * timeout); -extern int (*ssh_channel_write)(ssh_channel channel, const void *data, uint32_t len); - -const char *load_libssh(void); - -#endif /* _BIRD_LIBSSH_H_ */ diff --git a/lib/socket.h b/lib/socket.h index ce06a19c..99bac6f8 100644 --- a/lib/socket.h +++ b/lib/socket.h @@ -12,8 +12,12 @@ #include #include "lib/resource.h" -#include "lib/libssh.h" +#ifdef HAVE_LIBSSH +#define LIBSSH_LEGACY_0_4 +#include +#endif +#ifdef HAVE_LIBSSH struct ssh_sock { const char *username; /* (Required) SSH user name */ const char *server_hostkey_path; /* (Optional) Filepath to the SSH public key of remote side, can be knownhost file */ @@ -30,6 +34,7 @@ struct ssh_sock { #define SK_SSH_SUBSYSTEM 5 /* Internal */ #define SK_SSH_ESTABLISHED 6 /* Final state */ }; +#endif typedef struct birdsock { resource r; diff --git a/proto/babel/babel.h b/proto/babel/babel.h index 920a6764..04689976 100644 --- a/proto/babel/babel.h +++ b/proto/babel/babel.h @@ -23,10 +23,6 @@ #include "lib/string.h" #include "sysdep/unix/timer.h" -#ifndef IPV6 -#error "The Babel protocol only speaks IPv6" -#endif - #define EA_BABEL_METRIC EA_CODE(EAP_BABEL, 0) #define EA_BABEL_ROUTER_ID EA_CODE(EAP_BABEL, 1) diff --git a/proto/rpki/packets.c b/proto/rpki/packets.c index c80343c5..22b0b54f 100644 --- a/proto/rpki/packets.c +++ b/proto/rpki/packets.c @@ -1019,7 +1019,7 @@ rpki_send_error_pdu(struct rpki_cache *cache, const enum pdu_error_type error_co u32 pdu_size = 16 + err_pdu_len + msg_len; byte pdu[pdu_size]; - memset(pdu, sizeof(pdu), 0); + memset(pdu, 0, sizeof(pdu)); struct pdu_error *e = (void *) pdu; e->ver = cache->version; diff --git a/proto/rpki/rpki.c b/proto/rpki/rpki.c index 6eac2b82..6360dbaf 100644 --- a/proto/rpki/rpki.c +++ b/proto/rpki/rpki.c @@ -887,7 +887,7 @@ rpki_check_config(struct rpki_config *cf) /* Set default port numbers */ switch (cf->tr_config.type) { - case RPKI_SSH_PORT: + case RPKI_TR_SSH: cf->port = RPKI_SSH_PORT; break; default: diff --git a/proto/rpki/ssh_transport.c b/proto/rpki/ssh_transport.c index 8fc32626..cd49ab90 100644 --- a/proto/rpki/ssh_transport.c +++ b/proto/rpki/ssh_transport.c @@ -16,7 +16,6 @@ #include #include "rpki.h" -#include "lib/libssh.h" static int rpki_tr_ssh_open(struct rpki_tr_sock *tr) @@ -26,13 +25,6 @@ rpki_tr_ssh_open(struct rpki_tr_sock *tr) struct rpki_tr_ssh_config *ssh_cf = (void *) cf->tr_config.spec; sock *sk = tr->sk; - const char *err_msg; - if ((err_msg = load_libssh()) != NULL) - { - CACHE_TRACE(D_EVENTS, cache, "%s", err_msg); - return RPKI_TR_ERROR; - } - sk->type = SK_SSH_ACTIVE; sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock)); sk->ssh->username = ssh_cf->user; diff --git a/sysdep/autoconf.h.in b/sysdep/autoconf.h.in index b746eb34..a68f3e90 100644 --- a/sysdep/autoconf.h.in +++ b/sysdep/autoconf.h.in @@ -68,4 +68,7 @@ /* We have stdint.h */ #undef HAVE_STDINT_H +/* We have LibSSH */ +#undef HAVE_LIBSSH + #define CONFIG_PATH ? diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c index cb57ffea..e3e2f5f8 100644 --- a/sysdep/unix/io.c +++ b/sysdep/unix/io.c @@ -36,7 +36,6 @@ #include "lib/socket.h" #include "lib/event.h" #include "lib/string.h" -#include "lib/libssh.h" #include "nest/iface.h" #include "sysdep/unix/unix.h" @@ -1070,6 +1069,7 @@ sk_free_bufs(sock *s) } } +#ifdef HAVE_LIBSSH static void sk_ssh_free(sock *s) { @@ -1095,6 +1095,7 @@ sk_ssh_free(sock *s) ssh->session = NULL; } } +#endif static void sk_free(resource *r) @@ -1103,8 +1104,10 @@ sk_free(resource *r) sk_free_bufs(s); +#ifdef HAVE_LIBSSH if (s->type == SK_SSH || s->type == SK_SSH_ACTIVE) sk_ssh_free(s); +#endif if (s->fd < 0) return; @@ -1399,6 +1402,7 @@ sk_passive_connected(sock *s, int type) return 1; } +#ifdef HAVE_LIBSSH /* * Return SSH_OK or SSH_AGAIN or SSH_ERROR */ @@ -1591,6 +1595,7 @@ sk_open_ssh(sock *s) err: return -1; } +#endif /** * sk_open - open a socket @@ -1657,10 +1662,12 @@ sk_open(sock *s) do_bind = bind_port || ipa_nonzero(bind_addr); break; +#ifdef HAVE_LIBSSH case SK_SSH_ACTIVE: s->ttx = ""; /* Force s->ttx != s->tpos */ fd = sk_open_ssh(s); break; +#endif case SK_UDP: fd = socket(af, SOCK_DGRAM, IPPROTO_UDP); @@ -1935,6 +1942,7 @@ sk_maybe_write(sock *s) reset_tx_buffer(s); return 1; +#ifdef HAVE_LIBSSH case SK_SSH: while (s->ttx != s->tpos) { @@ -1954,6 +1962,7 @@ sk_maybe_write(sock *s) } reset_tx_buffer(s); return 1; +#endif case SK_UDP: case SK_IP: @@ -2070,6 +2079,7 @@ call_rx_hook(sock *s, int size) } } +#ifdef HAVE_LIBSSH static int sk_read_ssh(sock *s) { @@ -2114,6 +2124,7 @@ sk_read_ssh(sock *s) return 0; /* No data is available on the socket */ } +#endif /* sk_read() and sk_write() are called from BFD's event loop */ @@ -2154,8 +2165,10 @@ sk_read(sock *s, int revents) return 0; } +#ifdef HAVE_LIBSSH case SK_SSH: return sk_read_ssh(s); +#endif case SK_MAGIC: return s->rx_hook(s, 0); @@ -2195,6 +2208,7 @@ sk_write(sock *s) return 0; } +#ifdef HAVE_LIBSSH case SK_SSH_ACTIVE: { switch (sk_ssh_connect(s)) @@ -2213,6 +2227,7 @@ sk_write(sock *s) } return 0; } +#endif default: if (s->ttx != s->tpos && sk_maybe_write(s) > 0)