7 files changed, 53 insertions, 58 deletions

diff --git a/bastion/CMakeLists.txt b/bastion/CMakeLists.txt
index 298cfe7..9fd4212 100644
--- a/bastion/CMakeLists.txt
+++ b/bastion/CMakeLists.txt
@@ -7,7 +7,7 @@ target_link_libraries(bastion common)
 if (${SESSION_RECORDING})
     target_link_libraries(bastion libtty)
 endif()
-target_link_libraries(bastion bz2 config lzma mysqlclient ssh z)
+target_link_libraries(bastion bz2 config lzma ssh z)
 
 install(TARGETS bastion DESTINATION bin)
 
diff --git a/bastion/bastion.conf.example.in b/bastion/bastion.conf.example.in
new file mode 100644
index 0000000..34ac9b4
--- /dev/null
+++ b/bastion/bastion.conf.example.in
@@ -0,0 +1,25 @@
+port = 2222;
+
+keys:
+{
+    dsa = "@CMAKE_INSTALL_PREFIX@/etc/bastion/ssh_host_dsa_key";
+    rsa = "@CMAKE_INSTALL_PREFIX@/etc/bastion/ssh_host_rsa_key";
+    ecdsa = "@CMAKE_INSTALL_PREFIX@/etc/bastion/ssh_host_ecdsa_key";
+};
+
+session_recording:
+{
+    path = "@CMAKE_INSTALL_PREFIX@/var/log/bastion/$d/$h/$u/$i.gz";     # $d : date in iso format, $h : hostname, $u : username : $i session id
+};
+
+hostkeys = (
+    { name = "default", path = "id_rsa_default" }
+);
+
+users = (
+    { name = "julien", public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMdBAFjENiPMTtq90GT3+NZ68nfGxQiRExaYYnLzm1ecmulCvsuA4AOpeLY6f+FWe+ludiw7nhrXzssDdsKBy0QL+XQyvjjjW4X+k9MYhP1gAWXEOGJnjJ/1ovEsMt++6fLyNKLUTA46kErbEehDs22r+rIiEKatrn0BNrJcRI94H44oEL1/ImzVam0cSBL0tPiaJxe60sBs7M76zfyFtVdMGkeuBpS7ee+FLA58fsS3/sEZmkas8MT0QdvZz1y/66MknXYbIaqDSOUACXGF4yVKpogLRRJ1SgNo1Ujo/U3VOR1O4CiQczsZOcbSdjgl0x3fJb7BaIxrZy9iW2I7G/L/chfTvRws+x1s1y5FNZOOiXMCdZjhgLaRwb6p5gMsMVn9sJbhDjmejcAkBKQDkzbvxxhfVkH225FoVXA9YF0msWLyOEyZQYbA8autLDJsAOT5RDfw/G82DQBufAPEBR/bPby0Hl5kjqW75bpSVxDvzmKwt3EpITg9iuYEhvYZ/Zq5qC1UJ54ZfOvaf0PsTUzFePty6ve/JzfxCV1XgFQ+B8l4NSz11loDfNXSUngf7lL4qu5X4aN6WmLFO1YbyFlfpvt3K1CekJmWVeE5mV9EFTUJ4ParVWRGiA4W+zaCOsHgRkcGkp4eYGyWW8gOR/lVxYU2IFl9mbMrC9bkdRbQ==" }
+);
+
+hosts = (
+    { name = "myth", address = "myth", user = "root", hostkey = "default", public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNmO4zkfz1RvWdKGRX8AEP4FrwDkW4EnBoU/GNm6Ooe" }
+);
diff --git a/bastion/client.c b/bastion/client.c
index fc11bb6..543603f 100644
--- a/bastion/client.c
+++ b/bastion/client.c
@@ -3,7 +3,7 @@
 #include <stdlib.h>
 
 #include "common/config.h"
-#include "common/mysql.h"
+#include "common/data.h"
 #include "client.h"
 #ifdef SESSION_RECORDING
 #include "recording.h"
@@ -88,16 +88,10 @@ struct client_channel_data_struct* client_dial(ssh_event event, struct proxy_cha
     cdata->client_channel_cb = NULL;
 
     /* First we try to add the private key that the server will accept */
-    struct db_host_info * info = db_get_host_info(hostname);
+    struct data_host_info * info = data_get_host_info(hostname);
     if (info == NULL)
         goto host_info_clean;
 
-    ssh_key privkey = NULL;
-    if (ssh_pki_import_privkey_base64(info->privkeytxt, NULL, NULL, NULL, &privkey) != SSH_OK) {
-        printf("Error importing private key");
-        goto privkey_clean;
-    }
-
     /* We try to connect to the remote server */
     printf("Connecting to %s\n", hostname);
     cdata->my_session = ssh_new();
@@ -116,34 +110,26 @@ struct client_channel_data_struct* client_dial(ssh_event event, struct proxy_cha
 
     /* We now validate the remote server's public key */
     ssh_key server_pub_key = NULL;
-    unsigned char * hash = NULL;
-    size_t hlen;
-    char * hexa = NULL;
     if (ssh_get_server_publickey(cdata->my_session, &server_pub_key) != SSH_OK) {
         fprintf(stderr, "Error getting server publickey: %s\n", ssh_get_error(cdata->my_session));
         goto pubkey_clean;
     }
-    if (ssh_get_publickey_hash(server_pub_key, SSH_PUBLICKEY_HASH_SHA1, &hash, &hlen) != SSH_OK) {
-        fprintf(stderr, "Error getting publickey hash: %s\n", ssh_get_error(cdata->my_session));
-        goto pubkey_hash_clean;
+    char *pubkeystr = NULL;
+    if (ssh_pki_export_pubkey_base64(server_pub_key, &pubkeystr) != SSH_OK) {
+        fprintf(stderr, "Got invalid public key from server attempt, this shouldn't happen.\n");
+        goto pubkey_clean;
     }
-    hexa = ssh_get_hexa(hash, hlen);
-    if (strlen(info->hostkeyhash) > 0) {
-        if (strcmp(hexa, info->hostkeyhash) != 0) {
-            fprintf(stderr, "Error invalid host key for %s\n", hostname);
-            goto pubkey_hexa_clean;
-        }
-    } else {
-        // TODO we got a broken sshportal record, we need to fix it but only
-        // after we completed the migration from sshportal
-        //db_set_host_publickey_hash(hostname, hexa);
+    if (strcmp(info->pubkey, pubkeystr) != 0) {
+        fprintf(stderr, "Error : public key of server %s doesn't match.\n", hostname);
+        fprintf(stderr, "got : %s\n", pubkeystr);
+        fprintf(stderr, "exp : %s\n", info->pubkey);
+        goto pubkey_clean;
     }
-    ssh_string_free_char(hexa);
-    ssh_clean_pubkey_hash(&hash);
+    free(pubkeystr);
     ssh_key_free(server_pub_key);
 
     /* With the server checked, we can authenticate */
-    if(ssh_userauth_publickey(cdata->my_session, NULL, privkey) == SSH_AUTH_SUCCESS){
+    if(ssh_userauth_publickey(cdata->my_session, NULL, info->key) == SSH_AUTH_SUCCESS){
         printf("Authentication success\n");
     } else {
         printf("Error private key was rejected\n");
@@ -186,25 +172,19 @@ struct client_channel_data_struct* client_dial(ssh_event event, struct proxy_cha
     }
 #endif
 
-    ssh_key_free(privkey);
-    db_free_host_info(info);
+    free(info);
     return cdata;
 
 channel_clean:
     ssh_channel_free(cdata->my_channel);
     goto session_clean;
-pubkey_hexa_clean:
-    ssh_string_free_char(hexa);
-pubkey_hash_clean:
-    ssh_clean_pubkey_hash(&hash);
 pubkey_clean:
+    free(pubkeystr);
     ssh_key_free(server_pub_key);
 session_clean:
     ssh_disconnect(cdata->my_session);
     ssh_free(cdata->my_session);
-    db_free_host_info(info);
-privkey_clean:
-    ssh_key_free(privkey);
+    free(info);
 host_info_clean:
     free(cdata);
     return NULL;
diff --git a/bastion/main.c b/bastion/main.c
index 4f93652..d4fb321 100644
--- a/bastion/main.c
+++ b/bastion/main.c
@@ -5,7 +5,6 @@
 #include <sys/wait.h>
 
 #include "common/config.h"
-#include "common/mysql.h"
 #include "session.h"
 #include "state.h"
 
@@ -28,7 +27,6 @@ __attribute__((noreturn)) static void sigint_handler(int signo)
     state_clean();
     config_clean();
     ssh_finalize();
-    db_clean();
     exit(0);
 }
 
@@ -145,6 +143,5 @@ int main()
     ssh_bind_free(sshbind);
     config_clean();
     ssh_finalize();
-    db_clean();
     return 0;
 }
diff --git a/bastion/proxy.c b/bastion/proxy.c
index f608d31..0cf3675 100644
--- a/bastion/proxy.c
+++ b/bastion/proxy.c
@@ -2,7 +2,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "common/mysql.h"
 #include "client.h"
 #include "proxy.h"
 #include "state.h"
@@ -202,8 +201,8 @@ void handle_proxy_session(ssh_event event, ssh_session session, ssh_channel my_c
     ssh_callbacks_init(&channel_cb);
     ssh_set_channel_callbacks(my_channel, &channel_cb);
 
-    db_clean(); // we close the mysql connection before the main loop, as to not waste ressources
-
+    // TODO gather what is required from data and config so that we can free
+    // those and not waste resources
     do {
         /* Poll the main event which takes care of the sessions and channels */
         if (ssh_event_dopoll(event, -1) == SSH_ERROR) {
diff --git a/bastion/session.c b/bastion/session.c
index f86fe44..4c38389 100644
--- a/bastion/session.c
+++ b/bastion/session.c
@@ -9,7 +9,7 @@
 #include <sys/wait.h>
 
 #include "common/config.h"
-#include "common/mysql.h"
+#include "common/data.h"
 #include "proxy.h"
 #include "session.h"
 #include "state.h"
@@ -31,19 +31,19 @@ static int auth_pubkey(ssh_session session, const char *user, ssh_key pubkey, ch
 
     // TODO check for an invite
 
-    char * bastion_username = db_get_username_from_pubkey(pubkey);
+    const char * bastion_username = data_get_username_from_pubkey(pubkey);
     if (bastion_username != NULL) {
         sdata->authenticated = 1;
         if (state_set_ssh_destination(user) != 0)
             return SSH_ERROR;
         // TODO check access rights and host configs
         state_set_bastion_username(bastion_username);
-        unsigned long long session_id = db_init_session_and_get_id(user, bastion_username);
-        state_set_session_id(session_id);
-        free(bastion_username);
+        //TODO Find out how to keep session id in a spool or something - probably with the state.c and state.h stuff
+        //unsigned long long session_id = data_init_session_and_get_id(user, bastion_username);
+        //state_set_session_id(session_id);
+        state_set_session_id(0);
         return SSH_AUTH_SUCCESS;
     } else {
-        free(bastion_username);
         sdata->auth_attempts++;
         return SSH_AUTH_DENIED;
     }
diff --git a/bastion/state.c b/bastion/state.c
index 6784c0a..347e7ba 100644
--- a/bastion/state.c
+++ b/bastion/state.c
@@ -8,7 +8,7 @@
 struct state {
     unsigned long long session_id;
     char * destination;
-    char * bastion_username;
+    const char * bastion_username;
 };
 
 static struct state state = {0};
@@ -26,7 +26,7 @@ state_set_ssh_destination(const char * name)
         return 2;
     }
     state.destination = malloc(len+1);
-    strncpy(state.destination, name, len+1);
+    strcpy(state.destination, name);
     return 0;
 }
 
@@ -42,13 +42,7 @@ state_set_bastion_username(const char * name)
         fprintf(stderr, "BUG found, attempting to overwrite state.bastion_username that has already been set\n");
         return 1;
     }
-    size_t len = strnlen(name, MAX_USERNAME_LENGTH + 1);
-    if (len >= MAX_USERNAME_LENGTH + 1) {
-        fprintf(stderr, "Username too long, max length is %d.\n", MAX_USERNAME_LENGTH);
-        return 1;
-    }
-    state.bastion_username = malloc(len+1);
-    strncpy(state.bastion_username, name, len+1);
+    state.bastion_username = name;
     return 0;
 }