src/vsl_fifo.c

Go to the documentation of this file.

/*
 * Copyright 2006, Internet2
 * Legal conditions are in file LICENSE
 * (MD5 = c434f2e53b8089d8b4d0172c7ce07360).
 */

// Don't document
#ifdef ENABLE_FIFO

/**
 * @file   vsl_fifo.c
 * @author Nikolaus Rath
 * @brief  SSH handshake functions for the security API
 *
 **/

#include "vsl_api.h"
#include "vsl_util.h"
#include "vsl_fifo.h"
#include "vsl.h"

#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <sys/sem.h>
#include <sys/mman.h>
#include <stdio.h>
#include <sys/ipc.h>


//! Queue for received FIFO messages
/**
 * If several VSL sockets operate with the same FIFO, it is
 * possible that a call to recv_key_ssh() reads a key for a
 * different client. In this case, the key is stored in this
 * buffer.
 */
static struct {
    uint32_t clid;
    char key[VSL_KEYLENGTH];
    time_t timestamp;
} *msgqueue;

//! Next unused client id (free to overflow)
static uint32_t *client_id;

//! Semaphore set to synchronize msgqueue, FIFO and client_id access
static int sem = -1;

/**
 * init function for ssh part, to be called by vsl_init().
 *
 * \return
 * - 0 on success
 * - #VSL_ERRNO if a system call failed (errno contains the precise
 *   error)
 **/
int ssh_init(void) {

    /* Acquire semaphore set
     * Semaphore 0 is for FIFO and msgqueue, semaphore 1
     * for client_id */
    if ( (sem = semget(IPC_PRIVATE, 2, 0600 )) == -1 )
        LOGFAIL(VSL_ERRNO, "Cannot create semaphore: %s!", strerror(errno));
    if ( semctl(sem, 0, SETVAL, 1) == -1 ||
         semctl(sem, 1, SETVAL, 1) == -1 )
        LOGFAIL(VSL_ERRNO, "Cannot init semaphore: %s!", strerror(errno));


    /* Acquire shared memory */
    if ( (msgqueue = mmap(0, sizeof(*msgqueue) * MSG_QUEUE_SIZE + sizeof(*client_id),
                          PROT_READ | PROT_WRITE, MAP_ANON | MAP_SHARED,
                          -1, 0)) == MAP_FAILED )
        LOGFAIL(VSL_ERRNO, "Cannot create shm: %s!", strerror(errno));

    /* Initialize */
    memset( (void*) msgqueue, 0, sizeof(*msgqueue) * MSG_QUEUE_SIZE);
    client_id = (void*) msgqueue + sizeof(*msgqueue) * MSG_QUEUE_SIZE;
    *client_id = 0;

    LOG("Initialized ssh IPC.");
    return 0;
}

/**
 * destruct function for ssh part, to be called by vsl_destruct().
 * \return
 * - 0 on succes
 **/
int ssh_destruct(void){
    /* Release semaphore */
    if ( semctl(sem, 0, IPC_RMID) == -1 )
        LOGFAIL(VSL_ERRNO, "Can't release semaphore: %s!", strerror(errno));

    /* Release SHM */
    if ( munmap(msgqueue, sizeof(*msgqueue) * MSG_QUEUE_SIZE + sizeof(*client_id)) != 0)
        LOGFAIL(VSL_ERRNO, "Can't release shm: %s!", strerror(errno));

    LOG("Destructed ssh IPC.");
    return 0;
}


/**
 * Sent ssh authentication request to notify the server that
 * a new handshake will be performed over the FIFO.
 *
 * @param[in] socket VSL socket
 * @return
 *   - 0 on success
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 *   - #VFER_BADSOCK bad socket argument
 *   - #VFER_UNCONN socket is not connected
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int send_ssh_req(vsl_sock* socket) {

    LOG("attempting to send ssh auth request...");

    /* Create request structure */
    phead_t head;
    FILL_MAGIC(head.magic);
    head.type = P_SSH_REQ;
    head.datalen = htonl(0);

    /* Serialize structure */
    void *msg;
    int msglen;
    if ( (msg = write_objs(&msglen,
                           (void*) &head.magic, sizeof(head.magic),
                           (void*) &head.type, sizeof(head.type),
                           (void*) &head.datalen, sizeof(head.datalen),
                           NULL)) == NULL)
        LOGFAIL(VSL_ERRNO, "malloc failed: %s", strerror(errno));


    /* Sent packet */
    int ret = vfer_send(socket->vfd, msg, msglen);
    free(msg);
    if (ret == VFER_WOULDBLOCK)
        return VFER_INPROGRESS;
    else if (ret == VFER_BADSOCK ||
             ret == VFER_UNCONN)
        return ret;
    else if (ret > 0 &&
             ret != msglen) {
        LOG("cannot send fragmented auth request");
        abort();
    }
    else if (ret < 0) {
        LOG("unknown send error: %s", vfer_errortext(ret));
        abort();
    }
    socket->status = C_SSH_REQ_SENT;

    LOG("ssh auth request sent.");
    return(0);
}


/**
 * Receive ssh authentication response.
 *
 * The response contains the pathname for comparison and the client id
 * that has to be used when the shared secret is written into the
 * FIFO.
 *
 * @param[in] socket VSL socket to use
 * @param[in] path the pathname of the caller that is checked against
 * the received one.
 * @return
 *   - 0 on success
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 *   - #VFER_BADSOCK bad socket argument
 *   - #VFER_UNCONN socket is not connected
 *   - #VSL_BADPROT protocol error
 *   - #VSL_BADPATH pathnames don't match
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int recv_ssh_res(vsl_sock* socket, const char* path) {

    LOG("attempting to read ssh auth response...");

    /* Receive packet */
    int ret;
    char msg[MAX_FRAME_SIZE];
    ret = vfer_recv(socket->vfd, (void*) msg, MAX_FRAME_SIZE);
    if (ret == VFER_WOULDBLOCK) {
        return VFER_INPROGRESS;
    }
    else if (ret == VFER_BADSOCK ||
             ret == VFER_UNCONN) {
        return ret;
    }
    else if (ret < 0) {
        LOG("unknown send error: %s", vfer_errortext(ret));
        abort();
    }

    /* Deserialize structure + extract client id */
    phead_t head;
    void *body = read_objs(msg,
                           (void*) &head.magic, sizeof(head.magic),
                           (void*) &head.type, sizeof(head.type),
                           (void*) &head.datalen, sizeof(head.datalen),
                           (void*) &(socket->client_id), sizeof(socket->client_id),
                           NULL);
    head.datalen = ntohl(head.datalen);
    socket->client_id = ntohl(socket->client_id);

    /* Verify packet */
    if(!CHECK_MAGIC(head.magic) ||
       head.type != P_SSH_RES)
        LOGFAIL(VSL_BADPROT, "invalid packet received");

    /* Extract pathname */
    if (head.datalen - sizeof(socket->client_id) > MAX_PATH)
        LOGFAIL(VSL_BADPROT, "received pathname too long");

    /* Compare paths */
    if ( strncmp(path, (char*)body, MAX_PATH) != 0 )
        LOGFAIL(VSL_BADPATH, "pathnames don't match.");


    LOG("ssh auth response read.");

    return(0);
}


/**
 * Fork ssh process to connect to remote host and write
 * into the specified FIFO.
 *
 * Stores pid and stdin of the ssh process in the socket.
 *
 * @param[in] sock VSL socket
 * @param[in] host hostname to connect to
 * @param[in] user username to use
 * @param[in] fifo pathname of fifo
 * @return
 *   - 0 on success
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int fork_ssh(vsl_sock* sock, const char* user,
             const char* host, const char* fifo) {

    LOG("attempting to fork ssh...");

    /* Create pipe */
    int fd[2];
    if ( pipe(fd) == -1 )
        LOGFAIL(VSL_ERRNO, "pipe failed: %s", strerror(err));

    /* Fork & Exec */
    pid_t pid;
    if ( (pid = fork()) == 0 ) {
        close(fd[1]);
        if ( fd[0] != STDIN_FILENO ) {
            if ( dup2(fd[0], STDIN_FILENO) != STDIN_FILENO )
                LOGFAIL(VSL_ERRNO, "(child) dup2 failed: %s", strerror(err));
            close(fd[0]);
        }

        LOG("(child) calling 'ssh -T -l %s %s cat > %s'", user, host, fifo);
        execlp("ssh", "-T", "-l", user, host,
               "cat", ">", fifo, (char *) NULL);
        LOG("(child) exec failed: %s", strerror(errno));
        exit(255);
    }
    else if(pid == -1)
        LOGFAIL(VSL_ERRNO, "fork failed: %s", strerror(err));

    close(fd[0]);
    sock->ssh_pid = pid;
    sock->ssh_fd = fd[1];

    /* Set Nonblocking Flags */
    if (!is_blocking(sock)) {
        long fdflags;
        if ( (fdflags = fcntl(fd[1], F_GETFL, 0)) < 0 ||
             fcntl(fd[1], F_SETFL, fdflags | O_NONBLOCK) < 0 )
            LOGFAIL(VSL_ERRNO, "fcntl failed: %s", strerror(err));
    }

    LOG("ssh forked.");
    return(0);
}


/**
 * Sends the given key and client id over the ssh connection
 * to the server.
 *
 * @param[in] sock the socket to use
 * @param[in] key key to transfer
 * @return
 *   - 0 on success
 *   - #VFER_INPROGRESS if the socket is nonblocking and the call would block
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int send_key_ssh(vsl_sock* sock, const char* key) {

    LOG("attempting to send shared secret over ssh...");
    LOG("secret is " KEY_STR, KEY_VEC(key));

    /* Create header */
    phead_t head;
    FILL_MAGIC(head.magic);
    head.type = P_SSH_KEY;
    head.datalen = htonl(sizeof(uint32_t) + VSL_KEYLENGTH);

    /* Serialize packet */
    int msglen;
    void *msg;
    uint32_t clid = htonl(sock->client_id);
    if ( (msg = write_objs(&msglen,
                           (void*) &head.magic, sizeof(head.magic),
                           (void*) &head.type, sizeof(head.type),
                           (void*) &head.datalen, sizeof(head.datalen),
                           (void*) &clid, sizeof(clid),
                           (void*) key, VSL_KEYLENGTH,
                           NULL)) == NULL)
        LOGFAIL(VSL_ERRNO, "malloc failed: %s", strerror(err));

    /* Send key */
    if(write(sock->ssh_fd, msg, msglen) != msglen) {
        if(!is_blocking(sock) &&
           errno == EAGAIN)
            return(VFER_INPROGRESS);
        LOGFAIL(VSL_ERRNO, "write failed: %s", strerror(err));
    }

    /* Close fd */
    if ( close(sock->ssh_fd) != 0 )
        LOGFAIL(VSL_ERRNO, "close failed: %s", strerror(err));

    LOG("shared secret sent over ssh.");

    return(0);
}


/**
 * Close ssh connection and check exit status
 *
 * @param[in] sock VSL socket
 * @return
 *   - 0 on success
 *   - #VSL_SSHF ssh subprocess failed
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 **/
int close_ssh(vsl_sock* sock) {
    int ret, pidstat;

    LOG("attempting to close ssh connection...");

    /* Process still alive? */
    if(!is_blocking(sock)) {
        if( (ret=waitpid(sock->ssh_pid, &pidstat, WNOHANG)) == 0)
            return VFER_INPROGRESS;
    }
    else
        ret = waitpid(sock->ssh_pid, &pidstat, 0);

    if(ret != sock->ssh_pid)
        LOGFAIL(VSL_ERRNO, "waitpid failed: %s", strerror(err));

    /* Exit code? */
    if( !WIFEXITED(pidstat) )
        LOGFAIL(VSL_SSHF, "ssh process aborted.");

    if(WEXITSTATUS(pidstat) != 0)
        LOGFAIL(VSL_SSHF, "nonzero ssh exit status: %d", WEXITSTATUS(pidstat));

    LOG("ssh connection closed.");
    return(0);
}



/**
 * Receive an ssh authentication request
 *
 * @param[in] socket VSL socket
 *
 * @return:
 *   - 0 on success
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 *   - #VFER_BADSOCK bad socket argument
 *   - #VFER_UNCONN socket is not connected
 *   - #VSL_BADPROT protocol error
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int recv_ssh_req(vsl_sock* socket) {

    LOG("attempting to receive ssh auth request...");

    /* Receive packet */
    char msg[MAX_FRAME_SIZE];
    int ret = vfer_recv(socket->vfd, msg, MAX_FRAME_SIZE);
    if (ret == VFER_WOULDBLOCK)
        return VFER_INPROGRESS;
    else if (ret == VFER_BADSOCK ||
             ret == VFER_UNCONN)
        return ret;
    else if (ret < 0) {
        LOG("unknown receive error: %s", vfer_errortext(ret));
        abort();
    }

    /* Deserialize structure */
    phead_t head;
    read_objs(msg,
              (void*) &head.magic, sizeof(head.magic),
              (void*) &head.type, sizeof(head.type),
              (void*) &head.datalen, sizeof(head.datalen),
              NULL);

    /* Verify packet */
    if(!CHECK_MAGIC(head.magic) ||
       head.type != P_SSH_REQ)
        LOGFAIL(VSL_BADPROT, "invalid packet received");


    // Assign client id
    if (semop(sem, (struct sembuf[]) { { 1, 1, SEM_UNDO }}, 1) == -1)
        LOGFAIL(VSL_ERRNO, "Cannot get lock: %s!", strerror(errno));
    socket->client_id = (*client_id)++;

    if ( semop(sem, (struct sembuf[]) {{1, -1, SEM_UNDO}}, 1) == -1)
        LOGFAIL(VSL_ERRNO, "Cannot release lock: %s!", strerror(errno));

    LOG("ssh auth request received.");
    return(0);
}


/**
 * Sent ssh authentication response to the client.
 *
 * @param[in] socket VSL socket
 * @param[in] path path of the fifo to use
 * @return
 *   - 0 on success
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 *   - #VFER_BADSOCK bad socket argument
 *   - #VFER_UNCONN socket is not connected
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int send_ssh_res(vsl_sock* socket, const char* path) {

    LOG("attempting to send ssh auth response...");

    /* Create header */
    phead_t head;
    FILL_MAGIC(head.magic);
    head.type = P_SSH_RES;
    head.datalen =
        htonl(sizeof(uint32_t) + strlen(path) + 1); // pathlen + terminating \0

    /* Serialize packet */
    void *msg;
    int msglen;
    uint32_t clid = htonl(socket->client_id);
    if ( (msg = write_objs(&msglen,
                           (void*) &head.magic, sizeof(head.magic),
                           (void*) &head.type, sizeof(head.type),
                           (void*) &head.datalen, sizeof(head.datalen),
                           (void*) &clid, sizeof(socket->client_id),
                           (void*) path, strlen(path)+1,
                           NULL)) == NULL)
        LOGFAIL(VSL_ERRNO, "malloc failed: %s", strerror(err));

    /* Sent packet */
    int ret = vfer_send(socket->vfd, msg, msglen);
    free(msg);
    if (ret == VFER_WOULDBLOCK)
        return VFER_INPROGRESS;
    else if (ret == VFER_BADSOCK ||
             ret == VFER_UNCONN)
        return ret;
    else if (ret > 0 &&
             ret != msglen) {
        LOG("don't know how to handle fragmented sending!");
        abort();
    }
    else if (ret < 0) {
        LOG("unknown send error: %s!", vfer_errortext(ret));
        abort();
    }
    socket->status = C_SSH_REQ_SENT;

    LOG("ssh auth response sent.");
    return(0);
}


/**
 * Opens the FIFO for reading the shared secret.
 *
 * @param[in] sock VFD socket
 * @param[in] path path to the FIFO
 * @return
 *   - 0 on success
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int open_fifo(vsl_sock* sock, const char *path) {
    LOG("attempting to open FIFO %s...", path);

    int flags = O_RDONLY;
    if (!is_blocking(sock))
        flags |= O_NONBLOCK ;

    /** \todo Here we actually want to have the same semantics as in
     *  vfer_connect() / vfer_accept(): Is there a timeout if the
     *  socket is blocking?  */
    if ( (sock->ssh_fd = open(path, flags)) == -1 )
        LOGFAIL(VSL_ERRNO, "open failed: %s", strerror(err));

    LOG("opened new fd for FIFO %s.", path);
    return 0;
}

/**
 * Release the FIFO for the given socket and close it
 * if no other sockets need it.
 *
 * @param[in] sock the VSL socket
 * @return
 *   - 0 on success
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 **/
int close_fifo(vsl_sock* sock) {
    LOG("attempting to close FIFO...");

    if ( close(sock->ssh_fd) != 0 )
        LOGFAIL(VSL_ERRNO,"close failed: %s", strerror(err));

    LOG("FIFO closed.");
    return 0;
}


/**
 * Receive a key from the given FIFO
 *
 * @param[in] sock VSL socket
 * @return
 *   - 0 on success
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 *   - #VSL_ERRNO for all other errors (errno is set accordingly)
 *   - #VSL_MAXCONN maximum number of open simulatienous fifo connections reached
 **/
int recv_key_ssh(vsl_sock* sock) {
    LOG("attempting to get shared secret for client %d...", sock->client_id);

    /* Lookup whether we already read the secret
     * We don't need to lock because we only write if
     * the key belongs to us */
    for (int i=0; i < MSG_QUEUE_SIZE; i++)
        if (msgqueue[i].clid == sock->client_id &&
            msgqueue[i].timestamp != 0) {
            init_keys_s(sock, msgqueue[i].key);
            msgqueue[i].timestamp = 0;
            LOG("got key for client %d from cache.", sock->client_id);
            return 0;
        }

    /* Read until we find our secret */
    while(1) {

        LOG("attempting to read secret from FIFO...");

        /* Lock */
        if (semop(sem, (struct sembuf[]) {
            { 0, 1, SEM_UNDO | (is_blocking(sock) ? 0 : IPC_NOWAIT) }}, 1) == -1) {
            if (!is_blocking(sock) &&
                errno == EAGAIN)
                return VFER_INPROGRESS;
            LOGFAIL(VSL_ERRNO, "Cannot get lock: %s!", strerror(errno));
        }


        /* Look up in table again, maybe it's there now */
        for (int i=0; i < MSG_QUEUE_SIZE; i++)
            if (msgqueue[i].clid == sock->client_id &&
                msgqueue[i].timestamp != 0) {
                init_keys_s(sock, msgqueue[i].key);
                msgqueue[i].timestamp = 0;
                LOG("got key for client %d from cache.", sock->client_id);
                if ( semop(sem, (struct sembuf[]) {{0, -1, SEM_UNDO}}, 1) == -1)
                    LOGFAIL(VSL_ERRNO, "Cannot release lock: %s!", strerror(errno));
                return 0;
            }

        /* Try to read a message */
        phead_t head; // for deserialization
        int ret;
        const int msglen =  sizeof(head.magic) + sizeof(head.type)
            + sizeof(head.datalen) + sizeof(sock->client_id) + VSL_KEYLENGTH;
        char msg[msglen];
        if ( (ret = read(sock->ssh_fd, (void*) &msg, msglen)) != msglen) {
            if (errno == EAGAIN) {
                LOG("call would block, returning.");
                if ( semop(sem, (struct sembuf[]) {{0, -1, SEM_UNDO}}, 1) == -1)
                    LOGFAIL(VSL_ERRNO, "Cannot release lock: %s!", strerror(errno));
                return VFER_INPROGRESS;
            }
            if ( semop(sem, (struct sembuf[]) {{0, -1, SEM_UNDO}}, 1) == -1)
                LOGFAIL(VSL_ERRNO, "Cannot release lock: %s!", strerror(errno));
            LOGFAIL(VSL_ERRNO, "read failed: %s", strerror(err));
        }

        /* Deserialize structure */
        uint32_t clid;
        char *key = read_objs(msg,
                        (void*) &head.magic, sizeof(head.magic),
                        (void*) &head.type, sizeof(head.type),
                        (void*) &head.datalen, sizeof(head.datalen),
                        (void*) &clid, sizeof(clid),
                        NULL);
        head.datalen = ntohl(head.datalen);
        clid = ntohl(clid);

        /* Verify packet */
        if(!CHECK_MAGIC(head.magic) ||
           head.type != P_SSH_KEY ||
           head.datalen != sizeof(clid) + VSL_KEYLENGTH) {
            if ( semop(sem, (struct sembuf[]) {{0, -1, SEM_UNDO}}, 1) == -1)
                LOGFAIL(VSL_ERRNO, "Cannot release lock: %s!", strerror(errno));
            LOGFAIL(VSL_BADPROT, "invalid packet received");
        }

        /* Return if it's the right client */
        if (clid == sock->client_id) {
            init_keys_s(sock, key);
            LOG("Correct secret read from FIFO.");
            if ( semop(sem, (struct sembuf[]) {{0, -1, SEM_UNDO}}, 1) == -1)
                LOGFAIL(VSL_ERRNO, "Cannot release lock: %s!", strerror(errno));
            return(0);
        }

        /* Otherwise store it */
        time_t timestamp = time(NULL);
        for (int i=0; i < MSG_QUEUE_SIZE; i++)
            if (msgqueue[i].timestamp == 0 ||
                timestamp - msgqueue[i].timestamp > MSG_TIMEOUT) {
                memcpy((void*) msgqueue[i].key, (void*) key, VSL_KEYLENGTH);
                msgqueue[i].clid = clid;
                msgqueue[i].timestamp = 0;
                LOG("Cached foreign secret.");
                if ( semop(sem, (struct sembuf[]) {{0, -1, SEM_UNDO}}, 1) == -1)
                    LOGFAIL(VSL_ERRNO, "Cannot release lock: %s!", strerror(errno));
                continue;
            }
        LOGFAIL(VSL_MAXCONN, "Secret cache full!");
    }

    LOG("something extremely strange happened.");
    abort();
}


/******************************************************************
 * The following functions belong to the API and were removed from
 * vsl_api.c
 ******************************************************************/


/**
 * Authenticates the connection using ssh. This function acts a
 * client, the remote side has to call \c vfer_auth_ssh_s() to act as
 * the server.
 *
 * The connection is authenticated by performing the handshake over a
 * separate ssh connection. A working ssh binary in the path and ssh
 * access to the remote host is required.
 *
 * After the ssh connection is established, communication with the
 * server is done using a FIFO on the server. The pathname of this
 * FIFO has to be known beforehand.
 *
 * For convenience, the function checks whether the given pathname
 * agrees with the pathname that the server announces and fails if the
 * pathnames don't match. It is not possible to use the announced
 * pathname directly because the identity of the server cannot be
 * verified at this point and therefore the transmitted pathname is
 * untrusted.
 *
 * For a nonblocking socket, the function returns #VFER_INPROGRESS if
 * the call would block. In this case the function has to be called
 * again until it returns 0 or an error. vsl_select() can be used to
 * test when the socket is ready for the next authentication step.
 *
 * @param[in] socket VSL socket
 * @param[in] host   hostname for the ssh connection
 * @param[in] user   username for the ssh connection
 * @param[in] path   pathname of the FIFO
 * @return
 *   - 0 on success
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 *   - #VFER_BADSOCK bad socket argument
 *   - #VFER_UNCONN socket is not connected
 *   - #VSL_ERRNO if a system call failed (errno is set accordingly)
 *   - #VSL_BADPROT protocol error
 *   - #VSL_BADPATH pathnames don't match
 *   - #VSL_SSHF ssh subprocess failed
 **/
int vsl_auth_ssh_c(vsl_sock* socket, const char* user,
                   const char* host, const char *path) {
    char key[VSL_KEYLENGTH];

    LOG("trying ssh authentication as client");

    switch(socket->status) {
    case(C_INITIALIZED):
        /* Sent ssh auth request */
        TRY(send_ssh_req(socket));
        socket->status = C_SSH_REQ_SENT;

    case(C_SSH_REQ_SENT):
        /* Receive ssh auth response */
        TRY(recv_ssh_res(socket, path));

        /* Fork ssh process */
        TRY(fork_ssh(socket, user, host, path));

        /* Generate key */
        TRY(gen_key(key));

        socket->status = C_SSH_FORKED;

    case(C_SSH_FORKED):
        /* Send secret */
        TRY(send_key_ssh(socket, key));
        socket->status = C_SSH_SEC_SENT;

        /* Generate session keys */
        init_keys_c(socket, key);

    case(C_SSH_SEC_SENT):
        /* Close SSH connection */
        TRY(close_ssh(socket));
        socket->status = C_ESTABLISHED;
        socket->auth = VSL_AUTH_SSH;
        break;

    default:
        /* Invalid state */
        LOGFAIL(VFER_BADSOCK, "invalid socket state");
    }

    LOG("ssh authentication successfull.");
    return(0);
}


/**
 * Authenticate the connection using ssh. This function acts a server,
 * the remote side has to call \c vsl_auth_ssh_c() to act as the client.
 * See this function for a more detailed explanation of the handshake.
 *
 * The FIFO has to be writable for all users who are allowed to
 * connect.
 *
 * Multiple use of the same FIFO by several processes and threads is
 * handled as long as vsl_init() is called before the threads are
 * started and processes forked.
 *
 * At most \c sizeof(uint32_t) clients can try to connect at a time.
 *
 * For a nonblocking socket, the function returns #VFER_INPROGRESS if
 * the call would block. In this case the function has to be called
 * again until it returns 0 or an error. vsl_select() can be used to
 * test when the socket is ready for the next authentication step.
 *
 * @param[in] socket VSL socket
 * @param[in] fifo pathname of the fifo to use.
 * @return
 *   - 0 on success
 *   - #VSL_BADPATH pathname too long
 *   - #VFER_INPROGRESS socket is nonblocking and the call would block
 *   - #VFER_BADSOCK bad socket argument
 *   - #VSL_ERRNO if a system call failed (errno is set accordingly)
 *   - #VSL_BADPROT protocol error
 *   - #VFER_UNCONN socket is not connected
 *   - #VSL_MAXCONN maximum number of open simulatienous FIFO
 *     connection attempts reached
 **/
int vsl_auth_ssh_s(vsl_sock* socket, const char* fifo) {

    /* Check path length */
    if(strlen(fifo) >= MAX_PATH) {
        LOGFAIL(VSL_BADPATH, "fifo pathname too long");
    }

    /* Check for FIFO existence */
    struct stat sbuf;
    if(stat(fifo, &sbuf) != 0) {
        LOGFAIL(VSL_ERRNO, "can't stat() fifo: %s", strerror(err));
    }
    if(! S_ISFIFO(sbuf.st_mode)) {
        LOGFAIL(VSL_BADPATH, "fifo pathname is not a fifo");
    }

    switch(socket->status) {
    case(C_INITIALIZED):
        /* Receive Packet */
        TRY(recv_ssh_req(socket));
        socket->status = C_SSH_REQ_RECV;

    case(C_SSH_REQ_RECV):
        /* Send Answer */
        TRY(send_ssh_res(socket, fifo));
        socket->status = C_SSH_RES_SENT;

        /* Open FIFO */
        TRY(open_fifo(socket, fifo));

    case(C_SSH_RES_SENT):
        /* Receive Key & Close FIFO */
        {
        int ret;
        if ( (ret=recv_key_ssh(socket)) != 0) {
            close_fifo(socket);
            return ret;
        }
        if ( (ret=close_fifo(socket)) != 0)
            return ret;
        }

        socket->status = C_ESTABLISHED;
        socket->auth = VSL_AUTH_SSH;
        break;

    default:
        /* Invalid state */
        LOGFAIL(VFER_BADSOCK, "invalid socket state");
    }
    return(0);
}



/*
 * Local Variables:
 * compile-command: "gcc -o ../bin/test_vsl -Wall --std=gnu99 vsl_api.c vsl_util.c vsl_fifo.c"
 * End:
 */

#endif

---