*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
close_listen_socks(void)
{
int i;
+
for (i = 0; i < num_listen_socks; i++)
close(listen_socks[i]);
num_listen_socks = -1;
close_startup_pipes(void)
{
int i;
+
if (startup_pipes)
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
close_listen_socks();
close_startup_pipes();
execv(saved_argv[0], saved_argv);
- log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
+ log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+ strerror(errno));
exit(1);
}
static void
main_sigchld_handler(int sig)
{
- pid_t pid;
int save_errno = errno;
+ pid_t pid;
int status;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
{
/* XXX no idea how fix this signal handler */
- /* Close the connection. */
- packet_close();
-
/* Log error and exit. */
- fatal("Timeout before authentication for %s.", get_remote_ipaddr());
+ fatal("Timeout before authentication for %s", get_remote_ipaddr());
}
/*
static void
generate_ephemeral_server_key(void)
{
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
int i;
verbose("Generating %s%d bit RSA key.",
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
if (i % 4 == 0)
- rand = arc4random();
- sensitive_data.ssh1_cookie[i] = rand & 0xff;
- rand >>= 8;
+ rnd = arc4random();
+ sensitive_data.ssh1_cookie[i] = rnd & 0xff;
+ rnd >>= 8;
}
arc4random_stir();
}
key_regeneration_alarm(int sig)
{
int save_errno = errno;
+
signal(SIGALRM, SIG_DFL);
errno = save_errno;
key_do_regen = 1;
if (client_version_string == NULL) {
/* Send our protocol version identification. */
- if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
+ if (atomicio(write, sock_out, server_version_string,
+ strlen(server_version_string))
!= strlen(server_version_string)) {
log("Could not write ident string to %s", get_remote_ipaddr());
fatal_cleanup();
compat_datafellows(remote_version);
+ if (datafellows & SSH_BUG_PROBE) {
+ log("probed from %s with %s. Don't panic.",
+ get_remote_ipaddr(), client_version_string);
+ fatal_cleanup();
+ }
+
if (datafellows & SSH_BUG_SCANNER) {
log("scanned from %s with %s. Don't panic.",
get_remote_ipaddr(), client_version_string);
}
}
-
/* Destroy the host and server keys. They will no longer be needed. */
void
destroy_sensitive_data(void)
static void
privsep_preauth_child(void)
{
- u_int32_t rand[256];
- int i;
+ u_int32_t rnd[256];
+ gid_t gidset[1];
struct passwd *pw;
+ int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
for (i = 0; i < 256; i++)
- rand[i] = arc4random();
- RAND_seed(rand, sizeof(rand));
+ rnd[i] = arc4random();
+ RAND_seed(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */
demote_sensitive_data();
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
endpwent();
- /* Change our root directory*/
+ /* Change our root directory */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+#if 0
+ /* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
+#else
+ gidset[0] = pw->pw_gid;
+ if (setgid(pw->pw_gid) < 0)
+ fatal("setgid failed for %u", pw->pw_gid );
+ if (setgroups(1, gidset) < 0)
+ fatal("setgroups: %.100s", strerror(errno));
+ permanently_set_uid(pw);
+#endif
}
-static Authctxt*
+static Authctxt *
privsep_preauth(void)
{
Authctxt *authctxt = NULL;
if (pid == -1) {
fatal("fork of unprivileged child failed");
} else if (pid != 0) {
+ fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
debug2("Network child is on pid %ld", (long)pid);
close(pmonitor->m_recvfd);
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR)
break;
+
+ /* Reinstall, since the child has finished */
+ fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
+
return (authctxt);
} else {
/* child */
/* XXX - Remote port forwarding */
x_authctxt = authctxt;
+#ifdef DISABLE_FD_PASSING
+ if (1) {
+#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
+#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
+ fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
debug2("User child is on pid %ld", (long)pmonitor->m_pid);
close(pmonitor->m_recvfd);
monitor_child_postauth(pmonitor);
get_hostkey_by_type(int type)
{
int i;
+
for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key != NULL && key->type == type)
get_hostkey_index(Key *key)
{
int i;
+
for (i = 0; i < options.num_host_key_files; i++) {
if (key == sensitive_data.host_keys[i])
return (i);
const char *remote_ip;
int remote_port;
FILE *f;
- struct linger linger;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
int listen_sock, maxfd;
break;
case 'u':
utmp_len = atoi(optarg);
+ if (utmp_len > MAXHOSTNAMELEN) {
+ fprintf(stderr, "Invalid utmp length.\n");
+ exit(1);
+ }
break;
case 'o':
if (process_server_config_line(&options, optarg,
SYSLOG_FACILITY_AUTH : options.log_facility,
!inetd_flag);
-#ifdef _CRAY
+#ifdef _UNICOS
/* Cray can define user privs drop all prives now!
* Not needed on PRIV_SU systems!
*/
debug("sshd version %.100s", SSH_VERSION);
/* load private host keys */
- sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
+ sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+ sizeof(Key *));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
sensitive_data.server_key = NULL;
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
- options.server_key_bits <
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
+ SSH_KEY_BITS_RESERVED && options.server_key_bits <
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+ SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+ SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
+
+#ifdef HAVE_CYGWIN
+ if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
+ (st.st_uid != getuid () ||
+ (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
+#else
+ if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+#endif
+ fatal("Bad owner or mode for %s",
+ _PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
continue;
}
/*
- * Set socket options. We try to make the port
- * reusable and have it close as fast as possible
- * without waiting in unnecessary wait states on
- * close.
+ * Set socket options.
+ * Allow local port reuse in TIME_WAIT.
*/
- setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
- &on, sizeof(on));
- linger.l_onoff = 1;
- linger.l_linger = 5;
- setsockopt(listen_sock, SOL_SOCKET, SO_LINGER,
- &linger, sizeof(linger));
+ if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
+ &on, sizeof(on)) == -1)
+ error("setsockopt SO_REUSEADDR: %s", strerror(errno));
debug("Bind to port %s on %s.", strport, ntop);
*/
#if 0
/* XXX: this breaks Solaris */
- if (setsid() < 0)
+ if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif
signal(SIGCHLD, SIG_DFL);
signal(SIGINT, SIG_DFL);
- /*
- * Set socket options for the connection. We want the socket to
- * close as fast as possible without waiting for anything. If the
- * connection is not a socket, these will do nothing.
- */
- /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
- linger.l_onoff = 1;
- linger.l_linger = 5;
- setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
-
/* Set keepalives if requested. */
if (options.keepalives &&
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
u_char session_key[SSH_SESSION_KEY_LENGTH];
u_char cookie[8];
u_int cipher_type, auth_mask, protocol_flags;
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
/*
* Generate check bytes that the client must send back in the user
*/
for (i = 0; i < 8; i++) {
if (i % 4 == 0)
- rand = arc4random();
- cookie[i] = rand & 0xff;
- rand >>= 8;
+ rnd = arc4random();
+ cookie[i] = rnd & 0xff;
+ rnd >>= 8;
}
/*
if (options.afs_token_passing)
auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
#endif
- if (options.challenge_response_authentication == 1)
- auth_mask |= 1 << SSH_AUTH_TIS;
-
#ifdef GSSAPI
- if (options.gss_authentication)
- auth_mask |= 1 << SSH_AUTH_GSSAPI;
+ if (options.gss_authentication)
+ auth_mask |= 1 << SSH_AUTH_GSSAPI;
#endif
-
+ if (options.challenge_response_authentication == 1)
+ auth_mask |= 1 << SSH_AUTH_TIS;
if (options.password_authentication)
auth_mask |= 1 << SSH_AUTH_PASSWORD;
packet_put_int(auth_mask);
Buffer buf;
unsigned char *data;
unsigned int data_len;
- extern unsigned char ssh1_key_digest[]; /* in gss-serv.c */
+ extern unsigned char ssh1_key_digest[16]; /* in gss-genr.c */
debug("Calculating MD5 hash of server and host keys...");