aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--CMakeLists.txt5
-rw-r--r--bastion/CMakeLists.txt4
-rw-r--r--bastion/main.c42
-rw-r--r--bastion/proxy.c4
-rw-r--r--bastion/session.c5
-rw-r--r--common/config.h.in3
6 files changed, 38 insertions, 25 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index db4fc3c..34ead63 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -14,16 +14,17 @@ if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
endif()
set(CMAKE_C_FLAGS "-Wall -Werror -Wextra -pedantic")
-set(CMAKE_C_FLAGS_DEBUG "-O0 -g -ggdb -pg -fsanitize=address")
+set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -pg -fsanitize=address")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_MinSizeRel "-Os")
-set(CMAKE_C_FLAGS_RELWITHDEBINFO "-O2 -g -ggdb -pg -fsanitize=address")
+set(CMAKE_C_FLAGS_RELWITHDEBINFO "-O2 -ggdb3 -pg")
option(LIBSSH_VERBOSE_OUTPUT "whether or not verbose output for libssh mode is activated" OFF)
option(SESSION_RECORDING "whether or not recording feature based on lib termrec is activated" ON)
configure_file("common/config.h.in" "common/config.h")
include_directories("${CMAKE_CURRENT_BINARY_DIR}")
+include_directories("${CMAKE_CURRENT_SOURCE_DIR}")
add_subdirectory(bastion)
add_subdirectory(common)
diff --git a/bastion/CMakeLists.txt b/bastion/CMakeLists.txt
index f07111b..298cfe7 100644
--- a/bastion/CMakeLists.txt
+++ b/bastion/CMakeLists.txt
@@ -1,5 +1,4 @@
-include_directories("${bastion_SOURCE_DIR}/external/termrec/libtty")
-include_directories("${bastion_SOURCE_DIR}/")
+include_directories("${PROJECT_SOURCE_DIR}/external/termrec/libtty")
file(GLOB_RECURSE SOURCES *.c)
@@ -14,3 +13,4 @@ install(TARGETS bastion DESTINATION bin)
configure_file("bastion.conf.example.in" "bastion.conf.example")
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/bastion.conf.example" DESTINATION etc/bastion)
+install(DIRECTORY DESTINATION var/log/bastion)
diff --git a/bastion/main.c b/bastion/main.c
index 886bfac..4f93652 100644
--- a/bastion/main.c
+++ b/bastion/main.c
@@ -7,6 +7,7 @@
#include "common/config.h"
#include "common/mysql.h"
#include "session.h"
+#include "state.h"
/* SIGCHLD handler for cleaning up dead children. */
static void sigchld_handler(int signo) {
@@ -24,6 +25,8 @@ __attribute__((noreturn)) static void sigint_handler(int signo)
ssh_disconnect(session);
ssh_free(session);
ssh_bind_free(sshbind);
+ state_clean();
+ config_clean();
ssh_finalize();
db_clean();
exit(0);
@@ -47,22 +50,30 @@ int main()
sa2.sa_flags = 0;
if (sigaction(SIGINT, &sa2, NULL) != 0) {
fprintf(stderr, "Failed to register SIGINT handler\n");
- return 1;
+ return 2;
}
- // Initializing configuration context
- if (config_load() != 0)
- fprintf(stderr, "Failed to load configuration file %s, using built-in defaults.\n", CONFIG_PATH);
-
// Initializing ssh context
- ssh_init();
+ if (ssh_init() != 0) {
+ fprintf(stderr, "Failed to initialize libssh global cryptographic data structures.\n");
+ return 3;
+ };
+
+ // Initializing configuration context
+ if (config_load() != 0) {
+ fprintf(stderr, "Failed to load configuration file %s.\n", CONFIG_PATH);
+ config_clean();
+ ssh_finalize();
+ return 4;
+ }
// Initializing ssh_bind
sshbind = ssh_bind_new();
if (sshbind == NULL) {
fprintf(stderr, "Error initializing ssh_bind\n");
config_clean();
- return 3;
+ ssh_finalize();
+ return 5;
}
int listen_port = config_get_port();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &listen_port);
@@ -73,9 +84,9 @@ int main()
if (ssh_bind_listen(sshbind) < 0) {
printf("Error listening to socket: %s\n", ssh_get_error(sshbind));
ssh_bind_free(sshbind);
- ssh_finalize();
config_clean();
- return 4;
+ ssh_finalize();
+ return 6;
}
while (1) {
@@ -100,9 +111,6 @@ int main()
ssh_bind_free(sshbind);
sshbind = NULL;
- if (db_init() !=0)
- goto child_cleaning;
-
ssh_event event = ssh_event_new();
if (event != NULL) {
/* Blocks until the SSH session ends */
@@ -111,11 +119,11 @@ int main()
} else {
fprintf(stderr, "Could not create polling context\n");
}
-child_cleaning:
+
ssh_disconnect(session);
ssh_free(session);
- ssh_finalize();
config_clean();
+ ssh_finalize();
return 0;
case -1:
@@ -126,17 +134,17 @@ child_cleaning:
ssh_disconnect(session);
ssh_free(session);
ssh_bind_free(sshbind);
- ssh_finalize();
config_clean();
- return 5;
+ ssh_finalize();
+ return 7;
}
/* Since the session has been passed to a child fork, do some cleaning up at the parent process. */
ssh_disconnect(session);
ssh_free(session);
}
ssh_bind_free(sshbind);
- ssh_finalize();
config_clean();
+ ssh_finalize();
db_clean();
return 0;
}
diff --git a/bastion/proxy.c b/bastion/proxy.c
index 7fbf816..f608d31 100644
--- a/bastion/proxy.c
+++ b/bastion/proxy.c
@@ -210,10 +210,10 @@ void handle_proxy_session(ssh_event event, ssh_session session, ssh_channel my_c
break;
}
} while(ssh_channel_is_open(my_channel) && ssh_channel_is_open(pdata.client_channel));
- if (ssh_channel_is_open(my_channel))
- ssh_channel_close(my_channel);
if (ssh_channel_is_open(cdata->my_channel))
ssh_channel_close(cdata->my_channel);
+ if (ssh_channel_is_open(my_channel))
+ ssh_channel_close(my_channel);
client_cleanup(cdata);
}
diff --git a/bastion/session.c b/bastion/session.c
index 5e9f5b8..f86fe44 100644
--- a/bastion/session.c
+++ b/bastion/session.c
@@ -106,13 +106,16 @@ void handle_session(ssh_event event, ssh_session session) {
handle_proxy_session(event, session, sdata.channel);
if (ssh_channel_is_open(sdata.channel)) {
+ ssh_channel_send_eof(sdata.channel);
ssh_channel_close(sdata.channel);
}
/* Wait up to 5 seconds for the client to terminate the session. */
for (int n = 0; n < 50 && (ssh_get_status(session) & SESSION_END) == 0; n++) {
- ssh_event_dopoll(event, 100);
+ if (ssh_event_dopoll(event, 100) == SSH_ERROR)
+ break;
}
state_clean();
+ ssh_channel_free(sdata.channel);
ssh_event_remove_session(event, session);
}
diff --git a/common/config.h.in b/common/config.h.in
index 189e725..a1fe21b 100644
--- a/common/config.h.in
+++ b/common/config.h.in
@@ -1,7 +1,8 @@
#ifndef COMMON_CONFIG_H_
#define COMMON_CONFIG_H_
-#define CONFIG_PATH "@CMAKE_INSTALL_PREFIX@/etc/bastion/bastion.conf"
+#define CONFIG_DIR "@CMAKE_INSTALL_PREFIX@/etc/bastion/"
+#define CONFIG_PATH CONFIG_DIR "bastion.conf"
#define MAX_HOSTNAME_LENGTH 64
#define MAX_USERNAME_LENGTH 64