Merge pull request #247 from sjinks/remove-deprecations

refactor: remove deprecated code

Makefile

@@ -14,7 +14,7 @@ ssh-honeypotd: $(OBJS)
 	$(CC) $^ $(LIBFLAGS) $(LDFLAGS) -o $@
 
 %.o: %.c
-	$(CC) $(CPPFLAGS) -fvisibility=hidden -Wall -Werror -Wno-error=attributes -Wno-unknown-pragmas -Wno-error=deprecated-declarations $(CFLAGS) -c "$<" -MMD -MP -MF"$(@:%.o=%.dep)" -MT"$(@:%.o=%.dep)" -o "$@"
+	$(CC) $(CPPFLAGS) -fvisibility=hidden -Wall -Werror -Wno-error=attributes -Wno-unknown-pragmas $(CFLAGS) -c "$<" -MMD -MP -MF"$(@:%.o=%.dep)" -MT"$(@:%.o=%.dep)" -o "$@"
 
 clean: objclean depclean
 	-rm -f $(TARGET)

README.md

@@ -3,7 +3,7 @@
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/3318/badge.svg)](https://scan.coverity.com/projects/3318)
 ![Build](https://github.com/sjinks/ssh-honeypotd/workflows/Build/badge.svg)
 
-A low-interaction SSH honeypot written in C
+A low-interaction SSH honeypot written in C.
 
 ## Command Line Options
 
@@ -24,9 +24,7 @@ Mandatory arguments to long options are mandatory for short options too.
 
 `-k` option must be specified at least once if ssh-honeypots is compiled against libssh prior to 0.8.0 (note that in Ubuntu (and possibly Debian), libssh 0.8.0 is detected as 0.7.0 because of a bug in `libssh.h`). For newer libssh versions, the host key is generated automatically (RSA 2048 bits).
 
-Please note:
-  * ECDSA keys are supported if ssh-honeypotd is compiled against and run with libssh 0.6.4+
-  * ED25519 keys are supported if ssh-honeypotd is compiled against and run with libssh 0.7.0+
+The minimum supported `libssh` version is 0.7.0.
 
 ## Usage with Docker
 

cmdline.c

@@ -14,9 +14,7 @@
 static struct option long_options[] = {
 	{ "rsa-key",    required_argument, 0, 'r' },
 	{ "dsa-key",    required_argument, 0, 'd' },
-#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0, 6, 4)
 	{ "ecdsa-key",  required_argument, 0, 'e' },
-#endif
 	{ "host-key",   required_argument, 0, 'k' },
 	{ "address",    required_argument, 0, 'b' },
 	{ "port",       required_argument, 0, 'p' },
@@ -212,7 +210,6 @@ void parse_options(int argc, char** argv, struct globals_t* g)
 						loc = &g->rsa_key;
 						break;
 
-#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0, 6, 4)
 					case SSH_KEYTYPE_ECDSA:
 #if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0, 9, 0)
 					case SSH_KEYTYPE_ECDSA_P256:
@@ -221,13 +218,10 @@ void parse_options(int argc, char** argv, struct globals_t* g)
 #endif
 						loc = &g->ecdsa_key;
 						break;
-#endif
 
-#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0, 7, 0)
 					case SSH_KEYTYPE_ED25519:
 						loc = &g->ed25519_key;
 						break;
-#endif
 
 					default:
 						fprintf(stderr, "WARNING: unsupported key type in %s (%d)\n", optarg, (int)key_type);

globals.h

@@ -11,7 +11,12 @@ struct connection_info_t {
 	struct connection_info_t* prev;
 	struct connection_info_t* next;
 	ssh_session session;
+	ssh_event event;
 	pthread_t thread;
+	int port;
+	int my_port;
+	char ipstr[INET6_ADDRSTRLEN];
+	char my_ipstr[INET6_ADDRSTRLEN];
 };
 
 #pragma clang diagnostic push

main.c

@@ -4,6 +4,7 @@
 #include <pthread.h>
 #include <errno.h>
 #include <libssh/server.h>
+#include <unistd.h>
 #include "globals.h"
 #include "log.h"
 #include "daemon.h"
@@ -68,21 +69,6 @@ static void set_options(struct globals_t* g)
 	ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_BINDADDR, g->bind_address);
 	ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, g->bind_port);
 
-#if LIBSSH_VERSION_INT < SSH_VERSION_INT(0, 7, 0)
-	if (g->dsa_key) {
-		ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_DSAKEY, g->dsa_key);
-	}
-
-	if (g->rsa_key) {
-		ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_RSAKEY, g->rsa_key);
-	}
-
-#if defined(SSH_BIND_OPTIONS_ECDSAKEY)
-	if (g->ecdsa_key) {
-		ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_ECDSAKEY, g->ecdsa_key);
-	}
-#endif
-#else
 	if (g->dsa_key) {
 		ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_HOSTKEY, g->dsa_key);
 	}
@@ -98,7 +84,6 @@ static void set_options(struct globals_t* g)
 	if (g->ed25519_key) {
 		ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_HOSTKEY, g->ed25519_key);
 	}
-#endif
 
 	ssh_bind_options_set(g->sshbind, SSH_BIND_OPTIONS_BANNER, "OpenSSH");
 
@@ -120,21 +105,35 @@ static void set_options(struct globals_t* g)
 static void spawn_thread(struct globals_t* g, pthread_attr_t* attr, ssh_session session)
 {
 	size_t num_threads;
-	struct connection_info_t* conn = malloc(sizeof(struct connection_info_t));
+	struct connection_info_t* conn = calloc(1, sizeof(struct connection_info_t));
 	if (!conn) {
 		my_log(LOG_ALERT, "malloc() failed, out of memory");
 		ssh_disconnect(session);
 		ssh_free(session);
 		return;
 	}
 
-	conn->next    = NULL;
-	conn->session = session;
+	conn->next        = NULL;
+	conn->event       = NULL;
+	conn->session     = session;
+
+	conn->port        = -1;
+	conn->ipstr[0]    = '?';
+	conn->ipstr[1]    = 0;
+
+	conn->my_port     = -1;
+	conn->my_ipstr[0] = '?';
+	conn->my_ipstr[1] = 0;
 
 	pthread_mutex_lock(&g->mutex);
 	{
-		if (!g->head) g->head       = conn;
-		if (g->tail)  g->tail->next = conn;
+		if (!g->head) {
+			g->head = conn;
+		}
+
+		if (g->tail) {
+			g->tail->next = conn;
+		}
 
 		conn->prev  = g->tail;
 		g->tail     = conn;
@@ -158,10 +157,16 @@ static void main_loop(struct globals_t* g)
 	pthread_attr_t attr;
 	pthread_attr_init(&attr);
 	pthread_attr_setstacksize(&attr, 65536);
+	pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
 
 	while (!g->terminate) {
 		const long int timeout = SESSION_TIMEOUT;
 		ssh_session session    = ssh_new();
+		if (!session) {
+			my_log(LOG_ALERT, "Failed to allocate an SSH session");
+			break;
+		}
+
 		ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &timeout);
 		int r = ssh_bind_accept(g->sshbind, session);
 		if (r == SSH_ERROR) {
@@ -170,7 +175,7 @@ static void main_loop(struct globals_t* g)
 				break;
 			}
 
-			my_log(LOG_WARNING, "Error accepting a connection: %s\n", ssh_get_error(g->sshbind));
+			my_log(LOG_WARNING, "Error accepting the connection: %s\n", ssh_get_error(g->sshbind));
 			continue;
 		}
 

worker.c

@@ -1,9 +1,11 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <assert.h>
+#include <string.h>
 #include <sys/socket.h>
 #include <arpa/inet.h>
 #include <libssh/libssh.h>
+#include <libssh/callbacks.h>
 #include <libssh/server.h>
 #include "worker.h"
 #include "globals.h"
@@ -31,80 +33,80 @@ static void get_ip_port(const struct sockaddr_storage* addr, char* ipstr, int* p
 	}
 }
 
+static int auth_password(ssh_session session, const char* user, const char* pass, void* userdata)
+{
+	struct connection_info_t* conn = (struct connection_info_t*)userdata;
+
+	my_log(
+		LOG_WARNING,
+		"Failed password for %s from %s port %d ssh%d (target: %s:%d, password: %s)",
+		user,
+		conn->ipstr,
+		conn->port,
+		ssh_get_version(conn->session),
+		conn->my_ipstr,
+		conn->my_port,
+		pass
+	);
+
+	return SSH_AUTH_DENIED;
+}
+
+static void handle_session(struct connection_info_t* conn)
+{
+	conn->event = ssh_event_new();
+	if (!conn->event) {
+		my_log(LOG_ALERT, "Could not create polling context");
+		return;
+	}
+
+	struct ssh_server_callbacks_struct server_cb;
+	memset(&server_cb, 0, sizeof(server_cb));
+	ssh_callbacks_init(&server_cb);
+	server_cb.userdata               = conn;
+	server_cb.auth_password_function = auth_password;
+
+	ssh_set_auth_methods(conn->session, SSH_AUTH_METHOD_PASSWORD);
+	ssh_set_server_callbacks(conn->session, &server_cb);
+
+	if (SSH_OK != ssh_handle_key_exchange(conn->session)) {
+		my_log(
+			LOG_WARNING,
+			"Did not receive identification string from %s:%d (target: %s:%d): %s",
+			conn->ipstr,
+			conn->port,
+			conn->my_ipstr,
+			conn->my_port,
+			ssh_get_error(conn->session)
+		);
+
+		return;
+	}
+
+	ssh_event_add_session(conn->event, conn->session);
+	while (!globals.terminate && ssh_event_dopoll(conn->event, 100) != SSH_ERROR) {
+		;
+	}
+}
+
 void* worker(void* arg)
 {
 	struct sockaddr_storage addr;
-	char ipstr[INET6_ADDRSTRLEN];
-	char my_ipstr[INET6_ADDRSTRLEN];
-	int port, my_port;
-
 	struct connection_info_t* conn = (struct connection_info_t*)arg;
 
-	ssh_session session = conn->session;
-	socket_t sock       = ssh_get_fd(session);
-	int version         = ssh_get_version(session);
-	socklen_t len       = sizeof(addr);
+	socket_t sock = ssh_get_fd(conn->session);
+	socklen_t len = sizeof(addr);
 
 	if (!getpeername(sock, (struct sockaddr*)&addr, &len)) {
-		get_ip_port(&addr, ipstr, &port);
-	}
-	else {
-		ipstr[0] = '?';
-		ipstr[1] = 0;
-		port     = -1;
+		get_ip_port(&addr, conn->ipstr, &conn->port);
 	}
 
 	if (!getsockname(sock, (struct sockaddr*)&addr, &len)) {
-		get_ip_port(&addr, my_ipstr, &my_port);
-	}
-	else {
-		my_ipstr[0] = '?';
-		my_ipstr[1] = 0;
-		my_port     = -1;
-	}
-
-	if (SSH_OK == ssh_handle_key_exchange(session)) {
-#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0, 6, 4)
-		ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD);
-#endif
-
-		do {
-			ssh_message message = ssh_message_get(session);
-			if (!message || globals.terminate) {
-				break;
-			}
-
-			int message_type = ssh_message_type(message);
-			if (message_type == SSH_REQUEST_AUTH) {
-				int message_subtype = ssh_message_subtype(message);
-				if (message_subtype == SSH_AUTH_METHOD_PASSWORD) {
-					my_log(
-						LOG_WARNING,
-						"Failed password for %s from %s port %d ssh%d (target: %s:%d, password: %s)",
-						ssh_message_auth_user(message), ipstr, port, version,
-						my_ipstr, my_port, ssh_message_auth_password(message)
-					);
-				}
-
-				ssh_message_auth_set_methods(message, SSH_AUTH_METHOD_PASSWORD);
-				ssh_message_reply_default(message);
-			}
-			else {
-				ssh_message_reply_default(message);
-			}
-
-			ssh_message_free(message);
-		} while (!globals.terminate);
-	}
-	else {
-		my_log(LOG_WARNING, "Did not receive identification string from %s:%d (target: %s:%d)", ipstr, port, my_ipstr, my_port);
+		get_ip_port(&addr, conn->my_ipstr, &conn->my_port);
 	}
 
+	handle_session(conn);
 	finalize_connection(conn);
-	if (!globals.terminate) {
-		pthread_detach(pthread_self());
-	}
-
 	return 0;
 }
 
@@ -134,6 +136,10 @@ void finalize_connection(struct connection_info_t* conn)
 	}
 	pthread_mutex_unlock(&globals.mutex);
 
+	if (conn->event) {
+		ssh_event_free(conn->event);
+	}
+
 	ssh_disconnect(session);
 	ssh_free(session);
 	free(conn);