proto/rpki/ssh_transport.c

/*
 *	BIRD -- An implementation of the SSH protocol for the RPKI transport
 *
 *	(c) 2015 CZ.NIC
 *	(c) 2015 Pavel Tvrdik <pawel.tvrdik@gmail.com>
 *
 *	This file was a part of RTRlib: http://rpki.realmv6.org/
 *	This transport implementation uses libssh (http://www.libssh.org/)
 *
 *	Can be freely distributed and used under the terms of the GNU GPL.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>

#include "rpki.h"

#if HAVE_LIBSSH

static int
rpki_tr_ssh_open(struct rpki_tr_sock *tr)
{
  struct rpki_cache *cache = tr->cache;
  struct rpki_config *cf = (void *) cache->p->p.cf;
  struct rpki_tr_ssh_config *ssh_cf = (void *) cf->tr_config.spec;
  sock *sk = tr->sk;

  sk->type = SK_SSH_ACTIVE;
  sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock));
  sk->ssh->username = ssh_cf->user;
  sk->ssh->client_privkey_path = ssh_cf->bird_private_key;
  sk->ssh->server_hostkey_path = ssh_cf->cache_public_key;
  sk->ssh->subsystem = "rpki-rtr";
  sk->ssh->state = SK_SSH_CONNECT;

  if (sk_open(sk) != 0)
    return RPKI_TR_ERROR;

  return RPKI_TR_SUCCESS;
}

static const char *
rpki_tr_ssh_ident(struct rpki_tr_sock *tr)
{
  struct rpki_cache *cache = tr->cache;
  struct rpki_config *cf = (void *) cache->p->p.cf;
  struct rpki_tr_ssh_config *ssh_cf = (void *) cf->tr_config.spec;
  const char *username = ssh_cf->user;

  if (tr->ident != NULL)
    return tr->ident;

  /* Length: <user> + '@' + <host> + ' port ' + <port> + '\0' */
  size_t len = strlen(username) + 1 + strlen(cf->hostname) + 1 + 5 + 1;
  char *ident = mb_alloc(cache->pool, len);
  bsnprintf(ident, len, "%s@%s:%u", username, cf->hostname, cf->port);
  tr->ident = ident;

  return tr->ident;
}

/**
 * rpki_tr_ssh_init - initializes the RPKI transport structure for a SSH connection
 * @tr: allocated RPKI transport structure
 */
void
rpki_tr_ssh_init(struct rpki_tr_sock *tr)
{
  tr->open_fp = &rpki_tr_ssh_open;
  tr->ident_fp = &rpki_tr_ssh_ident;
}

#endif
RPKI protocol with one cache server per protocol The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ... 2015-09-17 17:15:30 +02:00			`/*`
			`* BIRD -- An implementation of the SSH protocol for the RPKI transport`
			`*`
			`* (c) 2015 CZ.NIC`
			`* (c) 2015 Pavel Tvrdik <pawel.tvrdik@gmail.com>`
			`*`
			`* This file was a part of RTRlib: http://rpki.realmv6.org/`
			`* This transport implementation uses libssh (http://www.libssh.org/)`
			`*`
			`* Can be freely distributed and used under the terms of the GNU GPL.`
			`*/`

			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#include <sys/time.h>`

			`#include "rpki.h"`

RPKI: Allow build without libSSH 2020-02-04 10:15:35 +01:00			`#if HAVE_LIBSSH`

RPKI protocol with one cache server per protocol The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ... 2015-09-17 17:15:30 +02:00			`static int`
			`rpki_tr_ssh_open(struct rpki_tr_sock *tr)`
			`{`
			`struct rpki_cache *cache = tr->cache;`
			`struct rpki_config cf = (void ) cache->p->p.cf;`
			`struct rpki_tr_ssh_config ssh_cf = (void ) cf->tr_config.spec;`
			`sock *sk = tr->sk;`

			`sk->type = SK_SSH_ACTIVE;`
			`sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock));`
			`sk->ssh->username = ssh_cf->user;`
			`sk->ssh->client_privkey_path = ssh_cf->bird_private_key;`
			`sk->ssh->server_hostkey_path = ssh_cf->cache_public_key;`
			`sk->ssh->subsystem = "rpki-rtr";`
			`sk->ssh->state = SK_SSH_CONNECT;`

			`if (sk_open(sk) != 0)`
			`return RPKI_TR_ERROR;`

			`return RPKI_TR_SUCCESS;`
			`}`

			`static const char *`
			`rpki_tr_ssh_ident(struct rpki_tr_sock *tr)`
			`{`
			`struct rpki_cache *cache = tr->cache;`
			`struct rpki_config cf = (void ) cache->p->p.cf;`
			`struct rpki_tr_ssh_config ssh_cf = (void ) cf->tr_config.spec;`
RPKI: Remove port (and SSH username) from 'Cache server' output line It was mixed-up if hostname is IPv6 address, and reporting separate values (like port) on separate lines fits better into key-value style of 'show protocols all' output. Also, the patch simplifies transport identification formatting (although it is unused now). Thanks to Alarig Le Lay for the suggestion. 2021-01-07 05:56:34 +01:00			`const char *username = ssh_cf->user;`
RPKI protocol with one cache server per protocol The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ... 2015-09-17 17:15:30 +02:00
			`if (tr->ident != NULL)`
			`return tr->ident;`

RPKI: Remove port (and SSH username) from 'Cache server' output line It was mixed-up if hostname is IPv6 address, and reporting separate values (like port) on separate lines fits better into key-value style of 'show protocols all' output. Also, the patch simplifies transport identification formatting (although it is unused now). Thanks to Alarig Le Lay for the suggestion. 2021-01-07 05:56:34 +01:00			`/* Length: <user> + '@' + <host> + ' port ' + <port> + '\0' */`
			`size_t len = strlen(username) + 1 + strlen(cf->hostname) + 1 + 5 + 1;`
RPKI protocol with one cache server per protocol The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ... 2015-09-17 17:15:30 +02:00			`char *ident = mb_alloc(cache->pool, len);`
RPKI: Remove port (and SSH username) from 'Cache server' output line It was mixed-up if hostname is IPv6 address, and reporting separate values (like port) on separate lines fits better into key-value style of 'show protocols all' output. Also, the patch simplifies transport identification formatting (although it is unused now). Thanks to Alarig Le Lay for the suggestion. 2021-01-07 05:56:34 +01:00			`bsnprintf(ident, len, "%s@%s:%u", username, cf->hostname, cf->port);`
RPKI protocol with one cache server per protocol The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ... 2015-09-17 17:15:30 +02:00			`tr->ident = ident;`

			`return tr->ident;`
			`}`

			`/**`
			`* rpki_tr_ssh_init - initializes the RPKI transport structure for a SSH connection`
			`* @tr: allocated RPKI transport structure`
			`*/`
			`void`
			`rpki_tr_ssh_init(struct rpki_tr_sock *tr)`
			`{`
			`tr->open_fp = &rpki_tr_ssh_open;`
			`tr->ident_fp = &rpki_tr_ssh_ident;`
			`}`
RPKI: Allow build without libSSH 2020-02-04 10:15:35 +01:00
			`#endif`