5 Author: Tatu Ylonen <ylo@cs.hut.fi>
7 Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 Created: Fri Mar 17 17:09:28 1995 ylo
12 This program is the ssh daemon. It listens for connections from clients, and
13 performs authentication, executes use commands or shell, and forwards
14 information to/from the application to the user client over an encrypted
15 connection. This can also handle forwarding of X11, TCP/IP, and authentication
35 #ifdef HAVE_MAILLOCK_H
36 # include <maillock.h>
42 int allow_severity = LOG_INFO;
43 int deny_severity = LOG_WARNING;
50 /* Local Xauthority file. */
51 static char *xauthfile = NULL;
53 /* Server configuration options. */
54 ServerOptions options;
56 /* Name of the server configuration file. */
57 char *config_file_name = SERVER_CONFIG_FILE;
59 /* Debug mode flag. This can be set on the command line. If debug
60 mode is enabled, extra debugging output will be sent to the system
61 log, the daemon will not go to background, and will exit after processing
62 the first connection. */
65 /* Flag indicating that the daemon is being started from inetd. */
68 /* debug goes to stderr unless inetd_flag is set */
71 /* argv[0] without path. */
74 /* Saved arguments to main(). */
77 /* This is set to the socket that the server is listening; this is used in
78 the SIGHUP signal handler. */
81 /* Flags set in auth-rsa from authorized_keys flags. These are set in
83 int no_port_forwarding_flag = 0;
84 int no_agent_forwarding_flag = 0;
85 int no_x11_forwarding_flag = 0;
87 char *forced_command = NULL; /* RSA authentication "command=" option. */
88 struct envstring *custom_environment = NULL;
89 /* RSA authentication "environment=" options. */
91 /* Session id for the current session. */
92 unsigned char session_id[16];
94 /* Any really sensitive data in the application is contained in this structure.
95 The idea is that this structure could be locked into memory so that the
96 pages do not get written into swap. However, there are some problems.
97 The private key contains BIGNUMs, and we do not (in principle) have
98 access to the internals of them, and locking just the structure is not
99 very useful. Currently, memory locking is not implemented. */
102 /* Private part of server key. */
105 /* Private part of host key. */
109 /* Flag indicating whether the current session key has been used. This flag
110 is set whenever the key is used, and cleared when the key is regenerated. */
113 /* This is set to true when SIGHUP is received. */
114 int received_sighup = 0;
116 /* Public side of the server key. This value is regenerated regularly with
120 /* Prototypes for various functions defined later in this file. */
121 void do_connection();
122 void do_authentication(char *user);
123 void do_authloop(struct passwd *pw);
124 void do_fake_authloop(char *user);
125 void do_authenticated(struct passwd *pw);
126 void do_exec_pty(const char *command, int ptyfd, int ttyfd,
127 const char *ttyname, struct passwd *pw, const char *term,
128 const char *display, const char *auth_proto,
129 const char *auth_data);
130 void do_exec_no_pty(const char *command, struct passwd *pw,
131 const char *display, const char *auth_proto,
132 const char *auth_data);
133 void do_child(const char *command, struct passwd *pw, const char *term,
134 const char *display, const char *auth_proto,
135 const char *auth_data, const char *ttyname);
138 static int pamconv(int num_msg, const struct pam_message **msg,
139 struct pam_response **resp, void *appdata_ptr);
140 void do_pam_account_and_session(char *username, char *remote_user,
141 const char *remote_host);
142 void pam_cleanup_proc(void *context);
144 static struct pam_conv conv = {
148 struct pam_handle_t *pamh = NULL;
149 const char *pampasswd = NULL;
150 char *pamconv_msg = NULL;
152 static int pamconv(int num_msg, const struct pam_message **msg,
153 struct pam_response **resp, void *appdata_ptr)
156 struct pam_response *reply = NULL;
158 /* PAM will free this later */
159 reply = malloc(num_msg * sizeof(*reply));
163 for(count = 0; count < num_msg; count++)
165 switch (msg[count]->msg_style)
167 case PAM_PROMPT_ECHO_OFF:
168 if (pampasswd == NULL)
173 reply[count].resp_retcode = PAM_SUCCESS;
174 reply[count].resp = xstrdup(pampasswd);
178 reply[count].resp_retcode = PAM_SUCCESS;
179 reply[count].resp = xstrdup("");
181 if (msg[count]->msg == NULL) break;
182 debug("Adding PAM message: %s", msg[count]->msg);
183 if (pamconv_msg == NULL)
185 pamconv_msg = malloc(strlen(msg[count]->msg) + 2);
187 if (pamconv_msg == NULL)
190 strncpy(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
191 pamconv_msg[strlen(msg[count]->msg)] = '\n';
192 pamconv_msg[strlen(msg[count]->msg) + 1] = '\0';
195 pamconv_msg = realloc(pamconv_msg, strlen(pamconv_msg) + strlen(msg[count]->msg) + 2);
196 strncat(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
197 pamconv_msg[strlen(pamconv_msg)] = '\n';
198 pamconv_msg[strlen(pamconv_msg) + 1] = '\0';
202 case PAM_PROMPT_ECHO_ON:
215 void pam_cleanup_proc(void *context)
221 pam_retval = pam_close_session((pam_handle_t *)pamh, 0);
222 if (pam_retval != PAM_SUCCESS)
224 log("Cannot close PAM session: %.200s",
225 pam_strerror((pam_handle_t *)pamh, pam_retval));
228 pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
229 if (pam_retval != PAM_SUCCESS)
231 log("Cannot release PAM authentication: %.200s",
232 pam_strerror((pam_handle_t *)pamh, pam_retval));
237 void do_pam_account_and_session(char *username, char *remote_user,
238 const char *remote_host)
242 if (remote_host != NULL)
244 debug("PAM setting rhost to \"%.200s\"", remote_host);
245 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host);
246 if (pam_retval != PAM_SUCCESS)
248 log("PAM set rhost failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
249 do_fake_authloop(username);
253 if (remote_user != NULL)
255 debug("PAM setting ruser to \"%.200s\"", remote_user);
256 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user);
257 if (pam_retval != PAM_SUCCESS)
259 log("PAM set ruser failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
260 do_fake_authloop(username);
264 pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
265 if (pam_retval != PAM_SUCCESS)
267 log("PAM rejected by account configuration: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
268 do_fake_authloop(username);
271 pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
272 if (pam_retval != PAM_SUCCESS)
274 log("PAM session setup failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
275 do_fake_authloop(username);
278 #endif /* HAVE_LIBPAM */
280 /* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP;
281 the effect is to reread the configuration file (and to regenerate
284 void sighup_handler(int sig)
287 signal(SIGHUP, sighup_handler);
290 /* Called from the main program after receiving SIGHUP. Restarts the
293 void sighup_restart()
295 log("Received SIGHUP; restarting.");
297 execv(saved_argv[0], saved_argv);
298 log("RESTART FAILED: av0='%s', error: %s.", av0, strerror(errno));
302 /* Generic signal handler for terminating signals in the master daemon.
303 These close the listen socket; not closing it seems to cause "Address
304 already in use" problems on some machines, which is inconvenient. */
306 void sigterm_handler(int sig)
308 log("Received signal %d; terminating.", sig);
313 /* SIGCHLD handler. This is called whenever a child dies. This will then
314 reap any zombies left by exited c. */
316 void main_sigchld_handler(int sig)
318 int save_errno = errno;
321 signal(SIGCHLD, main_sigchld_handler);
325 /* Signal handler for the alarm after the login grace period has expired. */
327 void grace_alarm_handler(int sig)
329 /* Close the connection. */
332 /* Log error and exit. */
333 fatal("Timeout before authentication.");
336 /* Signal handler for the key regeneration alarm. Note that this
337 alarm only occurs in the daemon waiting for connections, and it does not
338 do anything with the private key or random state before forking. Thus there
339 should be no concurrency control/asynchronous execution problems. */
341 void key_regeneration_alarm(int sig)
343 int save_errno = errno;
345 /* Check if we should generate a new key. */
348 /* This should really be done in the background. */
349 log("Generating new %d bit RSA key.", options.server_key_bits);
351 if (sensitive_data.private_key != NULL)
352 RSA_free(sensitive_data.private_key);
353 sensitive_data.private_key = RSA_new();
355 if (public_key != NULL)
356 RSA_free(public_key);
357 public_key = RSA_new();
359 rsa_generate_key(sensitive_data.private_key, public_key,
360 options.server_key_bits);
363 log("RSA key generation complete.");
366 /* Reschedule the alarm. */
367 signal(SIGALRM, key_regeneration_alarm);
368 alarm(options.key_regeneration_time);
372 /* Main program for the daemon. */
375 main(int ac, char **av)
379 int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
380 int remote_major, remote_minor;
382 struct sockaddr_in sin;
383 char buf[100]; /* Must not be larger than remote_version. */
384 char remote_version[100]; /* Must be at least as big as buf. */
388 struct linger linger;
392 if (strchr(av[0], '/'))
393 av0 = strrchr(av[0], '/') + 1;
397 /* Initialize configuration options to their default values. */
398 initialize_server_options(&options);
400 /* Parse command-line arguments. */
401 while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqQ")) != EOF)
406 config_file_name = optarg;
410 options.log_level = SYSLOG_LEVEL_DEBUG;
419 options.log_level = SYSLOG_LEVEL_QUIET;
422 options.server_key_bits = atoi(optarg);
425 options.port = atoi(optarg);
428 options.login_grace_time = atoi(optarg);
431 options.key_regeneration_time = atoi(optarg);
434 options.host_key_file = optarg;
438 fprintf(stderr, "sshd version %s\n", SSH_VERSION);
439 fprintf(stderr, "Usage: %s [options]\n", av0);
440 fprintf(stderr, "Options:\n");
441 fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR);
442 fprintf(stderr, " -d Debugging mode\n");
443 fprintf(stderr, " -i Started from inetd\n");
444 fprintf(stderr, " -q Quiet (no logging)\n");
445 fprintf(stderr, " -p port Listen on the specified port (default: 22)\n");
446 fprintf(stderr, " -k seconds Regenerate server key every this many seconds (default: 3600)\n");
447 fprintf(stderr, " -g seconds Grace period for authentication (default: 300)\n");
448 fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
449 fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
455 /* check if RSA support exists */
456 if (rsa_alive() == 0) {
458 printf("sshd: no RSA support in libssl and libcrypto -- exiting. See ssl(8)\n");
459 log("no RSA support in libssl and libcrypto -- exiting. See ssl(8)");
463 /* Read server configuration options from the configuration file. */
464 read_server_config(&options, config_file_name);
466 /* Fill in default values for those options not explicitly set. */
467 fill_default_server_options(&options);
469 /* Check certain values for sanity. */
470 if (options.server_key_bits < 512 ||
471 options.server_key_bits > 32768)
473 fprintf(stderr, "Bad server key size.\n");
476 if (options.port < 1 || options.port > 65535)
478 fprintf(stderr, "Bad port number.\n");
482 /* Check that there are no remaining arguments. */
485 fprintf(stderr, "Extra argument %s.\n", av[optind]);
489 /* Force logging to stderr while loading the private host key
490 unless started from inetd */
491 log_init(av0, options.log_level, options.log_facility, !inetd_flag);
493 debug("sshd version %.100s", SSH_VERSION);
495 sensitive_data.host_key = RSA_new();
497 /* Load the host key. It must have empty passphrase. */
498 if (!load_private_key(options.host_key_file, "",
499 sensitive_data.host_key, &comment))
501 error("Could not load host key: %.200s: %.100s",
502 options.host_key_file, strerror(errno));
507 /* Initialize the log (it is reinitialized below in case we forked). */
508 if (debug_flag && !inetd_flag)
510 log_init(av0, options.log_level, options.log_facility, log_stderr);
512 /* If not in debugging mode, and not started from inetd, disconnect from
513 the controlling terminal, and fork. The original process exits. */
514 if (!debug_flag && !inetd_flag)
518 #endif /* TIOCNOTTY */
519 if (daemon(0, 0) < 0)
520 fatal("daemon() failed: %.200s", strerror(errno));
522 /* Disconnect from the controlling tty. */
524 fd = open("/dev/tty", O_RDWR|O_NOCTTY);
527 (void)ioctl(fd, TIOCNOTTY, NULL);
530 #endif /* TIOCNOTTY */
533 /* Reinitialize the log (because of the fork above). */
534 log_init(av0, options.log_level, options.log_facility, log_stderr);
536 /* Check that server and host key lengths differ sufficiently. This is
537 necessary to make double encryption work with rsaref. Oh, I hate
538 software patents. I dont know if this can go? Niels */
539 if (options.server_key_bits >
540 BN_num_bits(sensitive_data.host_key->n) - SSH_KEY_BITS_RESERVED &&
541 options.server_key_bits <
542 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED)
544 options.server_key_bits =
545 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED;
546 debug("Forcing server key to %d bits to make it differ from host key.",
547 options.server_key_bits);
550 /* Do not display messages to stdout in RSA code. */
553 /* Initialize the random number generator. */
556 /* Chdir to the root directory so that the current disk can be unmounted
560 /* Close connection cleanly after attack. */
561 cipher_attack_detected = packet_disconnect;
563 /* Start listening for a socket, unless started from inetd. */
567 s1 = dup(0); /* Make sure descriptors 0, 1, and 2 are in use. */
571 /* We intentionally do not close the descriptors 0, 1, and 2 as our
572 code for setting the descriptors won\'t work if ttyfd happens to
574 debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
576 public_key = RSA_new();
577 sensitive_data.private_key = RSA_new();
578 /* Generate an rsa key. */
579 log("Generating %d bit RSA key.", options.server_key_bits);
580 rsa_generate_key(sensitive_data.private_key, public_key,
581 options.server_key_bits);
583 log("RSA key generation complete.");
587 /* Create socket for listening. */
588 listen_sock = socket(AF_INET, SOCK_STREAM, 0);
590 fatal("socket: %.100s", strerror(errno));
592 /* Set socket options. We try to make the port reusable and have it
593 close as fast as possible without waiting in unnecessary wait states
595 setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
599 setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, (void *)&linger,
602 /* Initialize the socket address. */
603 memset(&sin, 0, sizeof(sin));
604 sin.sin_family = AF_INET;
605 sin.sin_addr = options.listen_addr;
606 sin.sin_port = htons(options.port);
608 /* Bind the socket to the desired port. */
609 if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
611 error("bind: %.100s", strerror(errno));
612 shutdown(listen_sock, SHUT_RDWR);
614 fatal("Bind to port %d failed.", options.port);
619 /* Record our pid in /etc/sshd_pid to make it easier to kill the
620 correct sshd. We don\'t want to do this before the bind above
621 because the bind will fail if there already is a daemon, and this
622 will overwrite any old pid in the file. */
623 f = fopen(SSH_DAEMON_PID_FILE, "w");
626 fprintf(f, "%u\n", (unsigned int)getpid());
631 /* Start listening on the port. */
632 log("Server listening on port %d.", options.port);
633 if (listen(listen_sock, 5) < 0)
634 fatal("listen: %.100s", strerror(errno));
636 public_key = RSA_new();
637 sensitive_data.private_key = RSA_new();
638 /* Generate an rsa key. */
639 log("Generating %d bit RSA key.", options.server_key_bits);
640 rsa_generate_key(sensitive_data.private_key, public_key,
641 options.server_key_bits);
643 log("RSA key generation complete.");
645 /* Schedule server key regeneration alarm. */
646 signal(SIGALRM, key_regeneration_alarm);
647 alarm(options.key_regeneration_time);
649 /* Arrange to restart on SIGHUP. The handler needs listen_sock. */
650 signal(SIGHUP, sighup_handler);
651 signal(SIGTERM, sigterm_handler);
652 signal(SIGQUIT, sigterm_handler);
654 /* Arrange SIGCHLD to be caught. */
655 signal(SIGCHLD, main_sigchld_handler);
657 /* Stay listening for connections until the system crashes or the
658 daemon is killed with a signal. */
663 /* Wait in accept until there is a connection. */
665 newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux);
672 error("accept: %.100s", strerror(errno));
676 /* Got connection. Fork a child to handle it, unless we are in
680 /* In debugging mode. Close the listening socket, and start
681 processing the connection without forking. */
682 debug("Server will not fork when running in debugging mode.");
691 /* Normal production daemon. Fork, and have the child process
692 the connection. The parent continues listening. */
693 if ((pid = fork()) == 0)
695 /* Child. Close the listening socket, and start using
696 the accepted socket. Reinitialize logging (since our
697 pid has changed). We break out of the loop to handle
702 log_init(av0, options.log_level, options.log_facility, log_stderr);
707 /* Parent. Stay in the loop. */
709 error("fork: %.100s", strerror(errno));
711 debug("Forked child %d.", pid);
713 /* Mark that the key has been used (it was "given" to the child). */
718 /* Close the new socket (the child is now taking care of it). */
723 /* This is the child processing a new connection. */
725 /* Disable the key regeneration alarm. We will not regenerate the key
726 since we are no longer in a position to give it to anyone. We will
727 not restart on SIGHUP since it no longer makes sense. */
729 signal(SIGALRM, SIG_DFL);
730 signal(SIGHUP, SIG_DFL);
731 signal(SIGTERM, SIG_DFL);
732 signal(SIGQUIT, SIG_DFL);
733 signal(SIGCHLD, SIG_DFL);
735 /* Set socket options for the connection. We want the socket to close
736 as fast as possible without waiting for anything. If the connection
737 is not a socket, these will do nothing. */
738 /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
741 setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
743 /* Register our connection. This turns encryption off because we do not
745 packet_set_connection(sock_in, sock_out);
747 remote_port = get_remote_port();
749 /* Check whether logins are denied from this host. */
752 struct request_info req;
754 request_init(&req, RQ_DAEMON, av0, RQ_FILE, sock_in, NULL);
757 if (!hosts_access(&req)) {
762 log("Connection from %.500s port %d", eval_client(&req), remote_port);
765 /* Log the connection. */
766 log("Connection from %.100s port %d", get_remote_ipaddr(), remote_port);
769 /* We don\'t want to listen forever unless the other side successfully
770 authenticates itself. So we set up an alarm which is cleared after
771 successful authentication. A limit of zero indicates no limit.
772 Note that we don\'t set the alarm in debugging mode; it is just annoying
773 to have the server exit just when you are about to discover the bug. */
774 signal(SIGALRM, grace_alarm_handler);
776 alarm(options.login_grace_time);
778 /* Send our protocol version identification. */
779 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
780 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
781 if (write(sock_out, buf, strlen(buf)) != strlen(buf))
782 fatal("Could not write ident string.");
784 /* Read other side\'s version identification. */
785 for (i = 0; i < sizeof(buf) - 1; i++)
787 if (read(sock_in, &buf[i], 1) != 1)
788 fatal("Did not receive ident string.");
802 buf[sizeof(buf) - 1] = 0;
804 /* Check that the versions match. In future this might accept several
805 versions and set appropriate flags to handle them. */
806 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
807 remote_version) != 3)
809 const char *s = "Protocol mismatch.\n";
810 (void) write(sock_out, s, strlen(s));
813 fatal("Bad protocol version identification: %.100s", buf);
815 debug("Client protocol version %d.%d; client software version %.100s",
816 remote_major, remote_minor, remote_version);
817 if (remote_major != PROTOCOL_MAJOR)
819 const char *s = "Protocol major versions differ.\n";
820 (void) write(sock_out, s, strlen(s));
823 fatal("Protocol major versions differ: %d vs. %d",
824 PROTOCOL_MAJOR, remote_major);
827 /* Check that the client has sufficiently high software version. */
828 if (remote_major == 1 && remote_minor < 3)
829 packet_disconnect("Your ssh version is too old and is no longer supported. Please install a newer version.");
831 if (remote_major == 1 && remote_minor == 3) {
833 if (strcmp(remote_version, "OpenSSH-1.1") != 0) {
834 debug("Agent forwarding disabled, remote version is not compatible.");
835 no_agent_forwarding_flag = 1;
839 /* Check that the connection comes from a privileged port.
840 Rhosts- and Rhosts-RSA-Authentication only make sense
841 from priviledged programs.
842 Of course, if the intruder has root access on his local machine,
843 he can connect from any port. So do not use these authentication
844 methods from machines that you do not trust. */
845 if (remote_port >= IPPORT_RESERVED ||
846 remote_port < IPPORT_RESERVED / 2)
848 options.rhosts_authentication = 0;
849 options.rhosts_rsa_authentication = 0;
852 packet_set_nonblocking();
854 /* Handle the connection. */
858 /* Cleanup user's ticket cache file. */
859 if (options.kerberos_ticket_cleanup)
863 /* Cleanup user's local Xauthority file. */
864 if (xauthfile) unlink(xauthfile);
866 /* The connection has been terminated. */
867 log("Closing connection to %.100s", inet_ntoa(sin.sin_addr));
875 debug("Closing PAM session.");
876 retval = pam_close_session((pam_handle_t *)pamh, 0);
878 debug("Terminating PAM library.");
879 if (pam_end((pam_handle_t *)pamh, retval) != PAM_SUCCESS)
880 log("Cannot release PAM authentication.");
882 fatal_remove_cleanup(&pam_cleanup_proc, NULL);
885 #endif /* HAVE_LIBPAM */
892 /* Process an incoming connection. Protocol version identifiers have already
893 been exchanged. This sends server key and performs the key exchange.
894 Server and host keys will no longer be needed after this functions. */
900 BIGNUM *session_key_int;
901 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
902 unsigned char check_bytes[8];
904 unsigned int cipher_type, auth_mask, protocol_flags;
908 /* Generate check bytes that the client must send back in the user packet
909 in order for it to be accepted; this is used to defy ip spoofing
910 attacks. Note that this only works against somebody doing IP spoofing
911 from a remote machine; any machine on the local network can still see
912 outgoing packets and catch the random cookie. This only affects
913 rhosts authentication, and this is one of the reasons why it is
914 inherently insecure. */
915 for (i = 0; i < 8; i++) {
918 check_bytes[i] = rand & 0xff;
922 /* Send our public key. We include in the packet 64 bits of random
923 data that must be matched in the reply in order to prevent IP spoofing. */
924 packet_start(SSH_SMSG_PUBLIC_KEY);
925 for (i = 0; i < 8; i++)
926 packet_put_char(check_bytes[i]);
928 /* Store our public server RSA key. */
929 packet_put_int(BN_num_bits(public_key->n));
930 packet_put_bignum(public_key->e);
931 packet_put_bignum(public_key->n);
933 /* Store our public host RSA key. */
934 packet_put_int(BN_num_bits(sensitive_data.host_key->n));
935 packet_put_bignum(sensitive_data.host_key->e);
936 packet_put_bignum(sensitive_data.host_key->n);
938 /* Put protocol flags. */
939 packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
941 /* Declare which ciphers we support. */
942 packet_put_int(cipher_mask());
944 /* Declare supported authentication types. */
946 if (options.rhosts_authentication)
947 auth_mask |= 1 << SSH_AUTH_RHOSTS;
948 if (options.rhosts_rsa_authentication)
949 auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
950 if (options.rsa_authentication)
951 auth_mask |= 1 << SSH_AUTH_RSA;
953 if (options.kerberos_authentication)
954 auth_mask |= 1 << SSH_AUTH_KERBEROS;
957 if (options.kerberos_tgt_passing)
958 auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
959 if (options.afs_token_passing)
960 auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
962 if (options.password_authentication)
963 auth_mask |= 1 << SSH_AUTH_PASSWORD;
964 packet_put_int(auth_mask);
966 /* Send the packet and wait for it to be sent. */
970 debug("Sent %d bit public key and %d bit host key.",
971 BN_num_bits(public_key->n), BN_num_bits(sensitive_data.host_key->n));
973 /* Read clients reply (cipher type and session key). */
974 packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
976 /* Get cipher type. */
977 cipher_type = packet_get_char();
979 /* Get check bytes from the packet. These must match those we sent earlier
980 with the public key packet. */
981 for (i = 0; i < 8; i++)
982 if (check_bytes[i] != packet_get_char())
983 packet_disconnect("IP Spoofing check bytes do not match.");
985 debug("Encryption type: %.200s", cipher_name(cipher_type));
987 /* Get the encrypted integer. */
988 session_key_int = BN_new();
989 packet_get_bignum(session_key_int, &slen);
991 /* Get protocol flags. */
992 protocol_flags = packet_get_int();
993 packet_set_protocol_flags(protocol_flags);
995 packet_integrity_check(plen, 1 + 8 + slen + 4, SSH_CMSG_SESSION_KEY);
997 /* Decrypt it using our private server key and private host key (key with
998 larger modulus first). */
999 if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0)
1001 /* Private key has bigger modulus. */
1002 if (BN_num_bits(sensitive_data.private_key->n) <
1003 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) {
1004 fatal("do_connection: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
1005 BN_num_bits(sensitive_data.private_key->n),
1006 BN_num_bits(sensitive_data.host_key->n),
1007 SSH_KEY_BITS_RESERVED);
1010 rsa_private_decrypt(session_key_int, session_key_int,
1011 sensitive_data.private_key);
1012 rsa_private_decrypt(session_key_int, session_key_int,
1013 sensitive_data.host_key);
1017 /* Host key has bigger modulus (or they are equal). */
1018 if (BN_num_bits(sensitive_data.host_key->n) <
1019 BN_num_bits(sensitive_data.private_key->n) + SSH_KEY_BITS_RESERVED) {
1020 fatal("do_connection: host_key %d < private_key %d + SSH_KEY_BITS_RESERVED %d",
1021 BN_num_bits(sensitive_data.host_key->n),
1022 BN_num_bits(sensitive_data.private_key->n),
1023 SSH_KEY_BITS_RESERVED);
1025 rsa_private_decrypt(session_key_int, session_key_int,
1026 sensitive_data.host_key);
1027 rsa_private_decrypt(session_key_int, session_key_int,
1028 sensitive_data.private_key);
1031 /* Compute session id for this session. */
1032 compute_session_id(session_id, check_bytes,
1033 sensitive_data.host_key->n,
1034 sensitive_data.private_key->n);
1036 /* Extract session key from the decrypted integer. The key is in the
1037 least significant 256 bits of the integer; the first byte of the
1038 key is in the highest bits. */
1039 BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1040 len = BN_num_bytes(session_key_int);
1041 if (len < 0 || len > sizeof(session_key))
1042 fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",
1043 len, sizeof(session_key));
1044 memset(session_key, 0, sizeof(session_key));
1045 BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
1047 /* Xor the first 16 bytes of the session key with the session id. */
1048 for (i = 0; i < 16; i++)
1049 session_key[i] ^= session_id[i];
1051 /* Destroy the decrypted integer. It is no longer needed. */
1052 BN_clear_free(session_key_int);
1054 /* Set the session key. From this on all communications will be
1056 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
1058 /* Destroy our copy of the session key. It is no longer needed. */
1059 memset(session_key, 0, sizeof(session_key));
1061 debug("Received session key; encryption turned on.");
1063 /* Send an acknowledgement packet. Note that this packet is sent
1065 packet_start(SSH_SMSG_SUCCESS);
1067 packet_write_wait();
1069 /* Get the name of the user that we wish to log in as. */
1070 packet_read_expect(&plen, SSH_CMSG_USER);
1072 /* Get the user name. */
1075 user = packet_get_string(&ulen);
1076 packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
1079 /* Destroy the private and public keys. They will no longer be needed. */
1080 RSA_free(public_key);
1081 RSA_free(sensitive_data.private_key);
1082 RSA_free(sensitive_data.host_key);
1084 setproctitle("%s", user);
1085 /* Do the authentication. */
1086 do_authentication(user);
1089 /* Check if the user is allowed to log in via ssh. If user is listed in
1090 DenyUsers or user's primary group is listed in DenyGroups, false will
1091 be returned. If AllowUsers isn't empty and user isn't listed there, or
1092 if AllowGroups isn't empty and user isn't listed there, false will be
1093 returned. Otherwise true is returned.
1094 XXX This function should also check if user has a valid shell */
1097 allowed_user(struct passwd *pw)
1102 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
1106 /* XXX Should check for valid login shell */
1108 /* Return false if user is listed in DenyUsers */
1109 if (options.num_deny_users > 0)
1113 for (i = 0; i < options.num_deny_users; i++)
1114 if (match_pattern(pw->pw_name, options.deny_users[i]))
1118 /* Return false if AllowUsers isn't empty and user isn't listed there */
1119 if (options.num_allow_users > 0)
1123 for (i = 0; i < options.num_allow_users; i++)
1124 if (match_pattern(pw->pw_name, options.allow_users[i]))
1126 /* i < options.num_allow_users iff we break for loop */
1127 if (i >= options.num_allow_users)
1131 /* Get the primary group name if we need it. Return false if it fails */
1132 if (options.num_deny_groups > 0 || options.num_allow_groups > 0 )
1134 grp = getgrgid(pw->pw_gid);
1138 /* Return false if user's group is listed in DenyGroups */
1139 if (options.num_deny_groups > 0)
1143 for (i = 0; i < options.num_deny_groups; i++)
1144 if (match_pattern(grp->gr_name, options.deny_groups[i]))
1148 /* Return false if AllowGroups isn't empty and user's group isn't
1150 if (options.num_allow_groups > 0)
1154 for (i = 0; i < options.num_allow_groups; i++)
1155 if (match_pattern(grp->gr_name, options.allow_groups[i]))
1157 /* i < options.num_allow_groups iff we break for loop */
1158 if (i >= options.num_allow_groups)
1163 /* We found no reason not to let this user try to log on... */
1167 /* Performs authentication of an incoming connection. Session key has already
1168 been exchanged and encryption is enabled. User is the user name to log
1169 in as (received from the client). */
1172 do_authentication(char *user)
1174 struct passwd *pw, pwcopy;
1177 /* If machine has AFS, set process authentication group. */
1184 /* Verify that the user is a valid user. */
1185 pw = getpwnam(user);
1186 if (!pw || !allowed_user(pw))
1187 do_fake_authloop(user);
1189 /* Take a copy of the returned structure. */
1190 memset(&pwcopy, 0, sizeof(pwcopy));
1191 pwcopy.pw_name = xstrdup(pw->pw_name);
1192 pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
1193 pwcopy.pw_uid = pw->pw_uid;
1194 pwcopy.pw_gid = pw->pw_gid;
1195 pwcopy.pw_dir = xstrdup(pw->pw_dir);
1196 pwcopy.pw_shell = xstrdup(pw->pw_shell);
1203 debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
1205 pam_retval = pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh);
1206 if (pam_retval != PAM_SUCCESS)
1207 fatal("PAM initialisation failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
1209 fatal_add_cleanup(&pam_cleanup_proc, NULL);
1213 /* If we are not running as root, the user must have the same uid as the
1215 if (getuid() != 0 && pw->pw_uid != getuid())
1216 packet_disconnect("Cannot change user when server not running as root.");
1218 debug("Attempting authentication for %.100s.", user);
1220 /* If the user has no password, accept authentication immediately. */
1221 if (options.password_authentication &&
1223 (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
1225 auth_password(pw, ""))
1227 /* Authentication with empty password succeeded. */
1228 debug("Login for user %.100s accepted without authentication.", user);
1230 /* Loop until the user has been authenticated or the connection is closed,
1231 do_authloop() returns only if authentication is successfull */
1235 /* XXX log unified auth message */
1237 /* Check if the user is logging in as root and root logins are disallowed. */
1238 if (pw->pw_uid == 0 && !options.permit_root_login)
1241 log("Root login accepted for forced command.");
1243 packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
1244 get_canonical_hostname());
1247 /* The user has been authenticated and accepted. */
1248 packet_start(SSH_SMSG_SUCCESS);
1250 packet_write_wait();
1252 /* Perform session preparation. */
1253 do_authenticated(pw);
1256 #define MAX_AUTH_FAILURES 5
1258 /* read packets and try to authenticate local user *pw.
1259 return if authentication is successfull */
1261 do_authloop(struct passwd *pw)
1263 int authentication_failures = 0;
1265 BIGNUM *client_host_key_e, *client_host_key_n;
1267 char *client_user = NULL, *password = NULL;
1268 int plen, dlen, nlen, ulen, elen;
1271 #endif /* HAVE_LIBPAM */
1273 /* Indicate that authentication is needed. */
1274 packet_start(SSH_SMSG_FAILURE);
1276 packet_write_wait();
1279 int authenticated = 0;
1281 /* Get a packet from the client. */
1282 int type = packet_read(&plen);
1284 /* Process the packet. */
1288 case SSH_CMSG_HAVE_KERBEROS_TGT:
1289 if (!options.kerberos_tgt_passing)
1291 /* packet_get_all(); */
1292 log("Kerberos tgt passing disabled.");
1296 /* Accept Kerberos tgt. */
1297 char *tgt = packet_get_string(&dlen);
1298 packet_integrity_check(plen, 4 + dlen, type);
1299 if (!auth_kerberos_tgt(pw, tgt))
1300 debug("Kerberos tgt REFUSED for %s", pw->pw_name);
1305 case SSH_CMSG_HAVE_AFS_TOKEN:
1306 if (!options.afs_token_passing || !k_hasafs()) {
1307 /* packet_get_all(); */
1308 log("AFS token passing disabled.");
1312 /* Accept AFS token. */
1313 char *token_string = packet_get_string(&dlen);
1314 packet_integrity_check(plen, 4 + dlen, type);
1315 if (!auth_afs_token(pw, token_string))
1316 debug("AFS token REFUSED for %s", pw->pw_name);
1317 xfree(token_string);
1323 case SSH_CMSG_AUTH_KERBEROS:
1324 if (!options.kerberos_authentication)
1326 /* packet_get_all(); */
1327 log("Kerberos authentication disabled.");
1331 /* Try Kerberos v4 authentication. */
1333 char *tkt_user = NULL;
1334 char *kdata = packet_get_string((unsigned int *)&auth.length);
1335 packet_integrity_check(plen, 4 + auth.length, type);
1337 if (auth.length < MAX_KTXT_LEN)
1338 memcpy(auth.dat, kdata, auth.length);
1341 authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user);
1343 log("Kerberos authentication %s%s for account %s from %s",
1344 authenticated ? "accepted " : "failed",
1345 tkt_user != NULL ? tkt_user : "",
1346 pw->pw_name, get_canonical_hostname());
1353 case SSH_CMSG_AUTH_RHOSTS:
1354 if (!options.rhosts_authentication)
1356 log("Rhosts authentication disabled.");
1360 /* Get client user name. Note that we just have to trust the client;
1361 this is one reason why rhosts authentication is insecure.
1362 (Another is IP-spoofing on a local network.) */
1363 client_user = packet_get_string(&dlen);
1364 packet_integrity_check(plen, 4 + dlen, type);
1366 /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
1367 authenticated = auth_rhosts(pw, client_user);
1369 log("Rhosts authentication %s for %.100s, remote %.100s on %.700s.",
1370 authenticated ? "accepted" : "failed",
1371 pw->pw_name, client_user, get_canonical_hostname());
1374 #endif /* HAVE_LIBPAM */
1377 case SSH_CMSG_AUTH_RHOSTS_RSA:
1378 if (!options.rhosts_rsa_authentication)
1380 log("Rhosts with RSA authentication disabled.");
1384 /* Get client user name. Note that we just have to trust
1385 the client; root on the client machine can claim to be
1387 client_user = packet_get_string(&ulen);
1389 /* Get the client host key. */
1390 client_host_key_e = BN_new();
1391 client_host_key_n = BN_new();
1392 bits = packet_get_int();
1393 packet_get_bignum(client_host_key_e, &elen);
1394 packet_get_bignum(client_host_key_n, &nlen);
1396 if (bits != BN_num_bits(client_host_key_n))
1397 error("Warning: keysize mismatch for client_host_key: "
1398 "actual %d, announced %s", BN_num_bits(client_host_key_n), bits);
1400 packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
1402 authenticated = auth_rhosts_rsa(pw, client_user,
1403 client_host_key_e, client_host_key_n);
1404 log("Rhosts authentication %s for %.100s, remote %.100s.",
1405 authenticated ? "accepted" : "failed",
1406 pw->pw_name, client_user);
1409 #endif /* HAVE_LIBPAM */
1410 BN_clear_free(client_host_key_e);
1411 BN_clear_free(client_host_key_n);
1414 case SSH_CMSG_AUTH_RSA:
1415 if (!options.rsa_authentication)
1417 log("RSA authentication disabled.");
1421 /* RSA authentication requested. */
1423 packet_get_bignum(n, &nlen);
1424 packet_integrity_check(plen, nlen, type);
1426 authenticated = auth_rsa(pw, n);
1427 log("RSA authentication %s for %.100s.",
1428 authenticated ? "accepted" : "failed",
1433 case SSH_CMSG_AUTH_PASSWORD:
1434 if (!options.password_authentication)
1436 log("Password authentication disabled.");
1440 /* Read user password. It is in plain text, but was transmitted
1441 over the encrypted channel so it is not visible to an outside
1443 password = packet_get_string(&dlen);
1444 packet_integrity_check(plen, 4 + dlen, type);
1447 /* Do PAM auth with password */
1448 pampasswd = password;
1449 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
1450 if (pam_retval == PAM_SUCCESS)
1452 log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
1457 log("PAM Password authentication for \"%.100s\" failed: %s",
1458 pw->pw_name, pam_strerror((pam_handle_t *)pamh, pam_retval));
1460 #else /* HAVE_LIBPAM */
1461 /* Try authentication with the password. */
1462 authenticated = auth_password(pw, password);
1463 log("Password authentication %s for %.100s.",
1464 authenticated ? "accepted" : "failed",
1467 memset(password, 0, strlen(password));
1470 #endif /* HAVE_LIBPAM */
1472 case SSH_CMSG_AUTH_TIS:
1473 /* TIS Authentication is unsupported */
1474 log("TIS authentication disabled.");
1478 /* Any unknown messages will be ignored (and failure returned)
1479 during authentication. */
1480 log("Unknown message during authentication: type %d", type);
1481 break; /* Respond with a failure message. */
1486 if (++authentication_failures >= MAX_AUTH_FAILURES)
1487 packet_disconnect("Too many authentication failures for %.100s from %.200s",
1488 pw->pw_name, get_canonical_hostname());
1489 /* Send a message indicating that the authentication attempt failed. */
1490 packet_start(SSH_SMSG_FAILURE);
1492 packet_write_wait();
1496 do_pam_account_and_session(pw->pw_name, client_user, get_canonical_hostname());
1499 if (client_user != NULL)
1502 if (password != NULL)
1504 memset(password, 0, strlen(password));
1507 #endif /* HAVE_LIBPAM */
1510 /* The user does not exist or access is denied,
1511 but fake indication that authentication is needed. */
1513 do_fake_authloop(char *user)
1515 int authentication_failures = 0;
1517 /* Indicate that authentication is needed. */
1518 packet_start(SSH_SMSG_FAILURE);
1520 packet_write_wait();
1522 /* Keep reading packets, and always respond with a failure. This is to
1523 avoid disclosing whether such a user really exists. */
1526 /* Read a packet. This will not return if the client disconnects. */
1528 int type = packet_read(&plen);
1531 char *password, *skeyinfo;
1532 if (options.password_authentication &&
1533 options.skey_authentication == 1 &&
1534 type == SSH_CMSG_AUTH_PASSWORD &&
1535 (password = packet_get_string(&passw_len)) != NULL &&
1537 strncasecmp(password, "s/key", 5) == 0 &&
1538 (skeyinfo = skey_fake_keyinfo(user)) != NULL ){
1539 /* Send a fake s/key challenge. */
1540 packet_send_debug(skeyinfo);
1543 if (++authentication_failures >= MAX_AUTH_FAILURES)
1544 packet_disconnect("Too many authentication failures for %.100s from %.200s",
1545 user, get_canonical_hostname());
1546 /* Send failure. This should be indistinguishable from a failed
1548 packet_start(SSH_SMSG_FAILURE);
1550 packet_write_wait();
1557 /* Remove local Xauthority file. */
1559 xauthfile_cleanup_proc(void *ignore)
1561 debug("xauthfile_cleanup_proc called");
1563 if (xauthfile != NULL) {
1570 /* Prepares for an interactive session. This is called after the user has
1571 been successfully authenticated. During this message exchange, pseudo
1572 terminals are allocated, X11, TCP/IP, and authentication agent forwardings
1573 are requested, etc. */
1575 void do_authenticated(struct passwd *pw)
1578 int compression_level = 0, enable_compression_after_reply = 0;
1579 int have_pty = 0, ptyfd = -1, ttyfd = -1, xauthfd = -1;
1580 int row, col, xpixel, ypixel, screen;
1582 char *command, *term = NULL, *display = NULL, *proto = NULL, *data = NULL;
1588 /* Cancel the alarm we set to limit the time taken for authentication. */
1591 /* Inform the channel mechanism that we are the server side and that
1592 the client may request to connect to any port at all. (The user could
1593 do it anyway, and we wouldn\'t know what is permitted except by the
1594 client telling us, so we can equally well trust the client not to request
1596 channel_permit_all_opens();
1598 /* We stay in this loop until the client requests to execute a shell or a
1604 /* Get a packet from the client. */
1605 type = packet_read(&plen);
1607 /* Process the packet. */
1610 case SSH_CMSG_REQUEST_COMPRESSION:
1611 packet_integrity_check(plen, 4, type);
1612 compression_level = packet_get_int();
1613 if (compression_level < 1 || compression_level > 9)
1615 packet_send_debug("Received illegal compression level %d.",
1619 /* Enable compression after we have responded with SUCCESS. */
1620 enable_compression_after_reply = 1;
1623 case SSH_CMSG_REQUEST_PTY:
1626 debug("Allocating a pty not permitted for this authentication.");
1630 packet_disconnect("Protocol error: you already have a pty.");
1632 debug("Allocating pty.");
1634 /* Allocate a pty and open it. */
1635 if (!pty_allocate(&ptyfd, &ttyfd, ttyname))
1637 error("Failed to allocate pty.");
1641 /* Determine the group to make the owner of the tty. */
1642 grp = getgrnam("tty");
1645 tty_gid = grp->gr_gid;
1646 tty_mode = S_IRUSR|S_IWUSR|S_IWGRP;
1650 tty_gid = pw->pw_gid;
1651 tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
1654 /* Change ownership of the tty. */
1655 if (chown(ttyname, pw->pw_uid, tty_gid) < 0)
1656 fatal("chown(%.100s, %d, %d) failed: %.100s",
1657 ttyname, pw->pw_uid, tty_gid, strerror(errno));
1658 if (chmod(ttyname, tty_mode) < 0)
1659 fatal("chmod(%.100s, 0%o) failed: %.100s",
1660 ttyname, tty_mode, strerror(errno));
1662 /* Get TERM from the packet. Note that the value may be of arbitrary
1665 term = packet_get_string(&dlen);
1666 packet_integrity_check(dlen, strlen(term), type);
1667 /* packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type); */
1668 /* Remaining bytes */
1669 n_bytes = plen - (4 + dlen + 4*4);
1671 if (strcmp(term, "") == 0)
1674 /* Get window size from the packet. */
1675 row = packet_get_int();
1676 col = packet_get_int();
1677 xpixel = packet_get_int();
1678 ypixel = packet_get_int();
1679 pty_change_window_size(ptyfd, row, col, xpixel, ypixel);
1681 /* Get tty modes from the packet. */
1682 tty_parse_modes(ttyfd, &n_bytes);
1683 packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type);
1685 /* Indicate that we now have a pty. */
1689 case SSH_CMSG_X11_REQUEST_FORWARDING:
1690 if (!options.x11_forwarding)
1692 packet_send_debug("X11 forwarding disabled in server configuration file.");
1696 if (no_x11_forwarding_flag)
1698 packet_send_debug("X11 forwarding not permitted for this authentication.");
1701 debug("Received request for X11 forwarding with auth spoofing.");
1703 packet_disconnect("Protocol error: X11 display already set.");
1705 int proto_len, data_len;
1706 proto = packet_get_string(&proto_len);
1707 data = packet_get_string(&data_len);
1708 packet_integrity_check(plen, 4+proto_len + 4+data_len + 4, type);
1710 if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER)
1711 screen = packet_get_int();
1714 display = x11_create_display_inet(screen);
1718 /* Setup to always have a local .Xauthority. */
1719 xauthfile = xmalloc(MAXPATHLEN);
1720 snprintf(xauthfile, MAXPATHLEN, "/tmp/XauthXXXXXX");
1722 if ((xauthfd = mkstemp(xauthfile)) != -1) {
1723 fchown(xauthfd, pw->pw_uid, pw->pw_gid);
1725 fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
1732 #else /* XAUTH_PATH */
1733 /* No xauth program; we won't accept forwarding with spoofing. */
1734 packet_send_debug("No xauth program; cannot forward with spoofing.");
1736 #endif /* XAUTH_PATH */
1738 case SSH_CMSG_AGENT_REQUEST_FORWARDING:
1739 if (no_agent_forwarding_flag)
1741 debug("Authentication agent forwarding not permitted for this authentication.");
1744 debug("Received authentication agent forwarding request.");
1745 auth_input_request_forwarding(pw);
1748 case SSH_CMSG_PORT_FORWARD_REQUEST:
1749 if (no_port_forwarding_flag)
1751 debug("Port forwarding not permitted for this authentication.");
1754 debug("Received TCP/IP port forwarding request.");
1755 channel_input_port_forward_request(pw->pw_uid == 0);
1758 case SSH_CMSG_EXEC_SHELL:
1759 /* Set interactive/non-interactive mode. */
1760 packet_set_interactive(have_pty || display != NULL,
1761 options.keepalives);
1763 if (forced_command != NULL)
1764 goto do_forced_command;
1765 debug("Forking shell.");
1766 packet_integrity_check(plen, 0, type);
1768 do_exec_pty(NULL, ptyfd, ttyfd, ttyname, pw, term, display, proto,
1771 do_exec_no_pty(NULL, pw, display, proto, data);
1774 case SSH_CMSG_EXEC_CMD:
1775 /* Set interactive/non-interactive mode. */
1776 packet_set_interactive(have_pty || display != NULL,
1777 options.keepalives);
1779 if (forced_command != NULL)
1780 goto do_forced_command;
1781 /* Get command from the packet. */
1784 command = packet_get_string(&dlen);
1785 debug("Executing command '%.500s'", command);
1786 packet_integrity_check(plen, 4 + dlen, type);
1789 do_exec_pty(command, ptyfd, ttyfd, ttyname, pw, term, display,
1792 do_exec_no_pty(command, pw, display, proto, data);
1796 case SSH_CMSG_MAX_PACKET_SIZE:
1797 debug("The server does not support limiting packet size.");
1801 /* Any unknown messages in this phase are ignored, and a failure
1802 message is returned. */
1803 log("Unknown packet type received after authentication: %d", type);
1807 /* The request was successfully processed. */
1808 packet_start(SSH_SMSG_SUCCESS);
1810 packet_write_wait();
1812 /* Enable compression now that we have replied if appropriate. */
1813 if (enable_compression_after_reply)
1815 enable_compression_after_reply = 0;
1816 packet_start_compression(compression_level);
1822 /* The request failed. */
1823 packet_start(SSH_SMSG_FAILURE);
1825 packet_write_wait();
1829 /* There is a forced command specified for this login. Execute it. */
1830 debug("Executing forced command: %.900s", forced_command);
1832 do_exec_pty(forced_command, ptyfd, ttyfd, ttyname, pw, term, display,
1835 do_exec_no_pty(forced_command, pw, display, proto, data);
1840 /* This is called to fork and execute a command when we have no tty. This
1841 will call do_child from the child, and server_loop from the parent after
1842 setting up file descriptors and such. */
1844 void do_exec_no_pty(const char *command, struct passwd *pw,
1845 const char *display, const char *auth_proto,
1846 const char *auth_data)
1851 int pin[2], pout[2], perr[2];
1852 /* Allocate pipes for communicating with the program. */
1853 if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
1854 packet_disconnect("Could not create pipes: %.100s",
1856 #else /* USE_PIPES */
1857 int inout[2], err[2];
1858 /* Uses socket pairs to communicate with the program. */
1859 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
1860 socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
1861 packet_disconnect("Could not create socket pairs: %.100s",
1863 #endif /* USE_PIPES */
1865 setproctitle("%s@notty", pw->pw_name);
1867 /* Fork the child. */
1868 if ((pid = fork()) == 0)
1870 /* Child. Reinitialize the log since the pid has changed. */
1871 log_init(av0, options.log_level, options.log_facility, log_stderr);
1873 /* Create a new session and process group since the 4.4BSD setlogin()
1874 affects the entire process group. */
1876 error("setsid failed: %.100s", strerror(errno));
1879 /* Redirect stdin. We close the parent side of the socket pair,
1880 and make the child side the standard input. */
1882 if (dup2(pin[0], 0) < 0)
1883 perror("dup2 stdin");
1886 /* Redirect stdout. */
1888 if (dup2(pout[1], 1) < 0)
1889 perror("dup2 stdout");
1892 /* Redirect stderr. */
1894 if (dup2(perr[1], 2) < 0)
1895 perror("dup2 stderr");
1897 #else /* USE_PIPES */
1898 /* Redirect stdin, stdout, and stderr. Stdin and stdout will use the
1899 same socket, as some programs (particularly rdist) seem to depend
1903 if (dup2(inout[0], 0) < 0) /* stdin */
1904 perror("dup2 stdin");
1905 if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */
1906 perror("dup2 stdout");
1907 if (dup2(err[0], 2) < 0) /* stderr */
1908 perror("dup2 stderr");
1909 #endif /* USE_PIPES */
1911 /* Do processing for the child (exec command etc). */
1912 do_child(command, pw, NULL, display, auth_proto, auth_data, NULL);
1916 packet_disconnect("fork failed: %.100s", strerror(errno));
1918 /* We are the parent. Close the child sides of the pipes. */
1923 /* Enter the interactive session. */
1924 server_loop(pid, pin[1], pout[0], perr[0]);
1925 /* server_loop has closed pin[1], pout[1], and perr[1]. */
1926 #else /* USE_PIPES */
1927 /* We are the parent. Close the child sides of the socket pairs. */
1931 /* Enter the interactive session. Note: server_loop must be able to handle
1932 the case that fdin and fdout are the same. */
1933 server_loop(pid, inout[1], inout[1], err[1]);
1934 /* server_loop has closed inout[1] and err[1]. */
1935 #endif /* USE_PIPES */
1938 struct pty_cleanup_context
1940 const char *ttyname;
1944 /* Function to perform cleanup if we get aborted abnormally (e.g., due to a
1945 dropped connection). */
1947 void pty_cleanup_proc(void *context)
1949 struct pty_cleanup_context *cu = context;
1951 debug("pty_cleanup_proc called");
1953 /* Record that the user has logged out. */
1954 record_logout(cu->pid, cu->ttyname);
1956 /* Release the pseudo-tty. */
1957 pty_release(cu->ttyname);
1960 /* This is called to fork and execute a command when we have a tty. This
1961 will call do_child from the child, and server_loop from the parent after
1962 setting up file descriptors, controlling tty, updating wtmp, utmp,
1963 lastlog, and other such operations. */
1965 void do_exec_pty(const char *command, int ptyfd, int ttyfd,
1966 const char *ttyname, struct passwd *pw, const char *term,
1967 const char *display, const char *auth_proto,
1968 const char *auth_data)
1971 const char *hostname;
1972 time_t last_login_time;
1973 char buf[100], *time_string;
1978 struct sockaddr_in from;
1980 struct pty_cleanup_context cleanup_context;
1982 /* Get remote host name. */
1983 hostname = get_canonical_hostname();
1985 /* Get the time when the user last logged in. Buf will be set to contain
1986 the hostname the last login was from. */
1987 if(!options.use_login) {
1988 last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
1992 setproctitle("%s@%s", pw->pw_name, strrchr(ttyname, '/') + 1);
1994 /* Fork the child. */
1995 if ((pid = fork()) == 0)
1999 /* Child. Reinitialize the log because the pid has changed. */
2000 log_init(av0, options.log_level, options.log_facility, log_stderr);
2002 /* Close the master side of the pseudo tty. */
2005 /* Make the pseudo tty our controlling tty. */
2006 pty_make_controlling_tty(&ttyfd, ttyname);
2008 /* Redirect stdin from the pseudo tty. */
2009 if (dup2(ttyfd, fileno(stdin)) < 0)
2010 error("dup2 stdin failed: %.100s", strerror(errno));
2012 /* Redirect stdout to the pseudo tty. */
2013 if (dup2(ttyfd, fileno(stdout)) < 0)
2014 error("dup2 stdin failed: %.100s", strerror(errno));
2016 /* Redirect stderr to the pseudo tty. */
2017 if (dup2(ttyfd, fileno(stderr)) < 0)
2018 error("dup2 stdin failed: %.100s", strerror(errno));
2020 /* Close the extra descriptor for the pseudo tty. */
2023 /* Get IP address of client. This is needed because we want to record
2024 where the user logged in from. If the connection is not a socket,
2025 let the ip address be 0.0.0.0. */
2026 memset(&from, 0, sizeof(from));
2027 if (packet_get_connection_in() == packet_get_connection_out())
2029 fromlen = sizeof(from);
2030 if (getpeername(packet_get_connection_in(),
2031 (struct sockaddr *)&from, &fromlen) < 0) {
2032 debug("getpeername: %.100s", strerror(errno));
2037 /* Record that there was a login on that terminal. */
2038 record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
2041 /* Check if .hushlogin exists. */
2042 snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
2043 quiet_login = stat(line, &st) >= 0;
2046 /* output the results of the pamconv() */
2047 if (!quiet_login && pamconv_msg != NULL)
2048 fprintf(stderr, pamconv_msg);
2051 /* If the user has logged in before, display the time of last login.
2052 However, don't display anything extra if a command has been
2053 specified (so that ssh can be used to execute commands on a remote
2054 machine without users knowing they are going to another machine).
2055 Login(1) will do this for us as well, so check if login(1) is used */
2056 if (command == NULL && last_login_time != 0 && !quiet_login &&
2059 /* Convert the date to a string. */
2060 time_string = ctime(&last_login_time);
2061 /* Remove the trailing newline. */
2062 if (strchr(time_string, '\n'))
2063 *strchr(time_string, '\n') = 0;
2064 /* Display the last login time. Host if displayed if known. */
2065 if (strcmp(buf, "") == 0)
2066 printf("Last login: %s\r\n", time_string);
2068 printf("Last login: %s from %s\r\n", time_string, buf);
2071 /* Print /etc/motd unless a command was specified or printing it was
2072 disabled in server options or login(1) will be used. Note that
2073 some machines appear to print it in /etc/profile or similar. */
2074 if (command == NULL && options.print_motd && !quiet_login &&
2077 /* Print /etc/motd if it exists. */
2078 f = fopen("/etc/motd", "r");
2081 while (fgets(line, sizeof(line), f))
2082 fputs(line, stdout);
2087 /* Do common processing for the child, such as execing the command. */
2088 do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
2092 packet_disconnect("fork failed: %.100s", strerror(errno));
2093 /* Parent. Close the slave side of the pseudo tty. */
2096 /* Create another descriptor of the pty master side for use as the standard
2097 input. We could use the original descriptor, but this simplifies code
2098 in server_loop. The descriptor is bidirectional. */
2101 packet_disconnect("dup failed: %.100s", strerror(errno));
2103 /* Add a cleanup function to clear the utmp entry and record logout time
2104 in case we call fatal() (e.g., the connection gets closed). */
2105 cleanup_context.pid = pid;
2106 cleanup_context.ttyname = ttyname;
2107 fatal_add_cleanup(pty_cleanup_proc, (void *)&cleanup_context);
2109 /* Enter interactive session. */
2110 server_loop(pid, ptyfd, fdout, -1);
2111 /* server_loop has not closed ptyfd and fdout. */
2113 /* Cancel the cleanup function. */
2114 fatal_remove_cleanup(pty_cleanup_proc, (void *)&cleanup_context);
2116 /* Record that the user has logged out. */
2117 record_logout(pid, ttyname);
2119 /* Release the pseudo-tty. */
2120 pty_release(ttyname);
2122 /* Close the server side of the socket pairs. We must do this after the
2123 pty cleanup, so that another process doesn't get this pty while we're
2124 still cleaning up. */
2129 /* Sets the value of the given variable in the environment. If the variable
2130 already exists, its value is overriden. */
2132 void child_set_env(char ***envp, unsigned int *envsizep, const char *name,
2135 unsigned int i, namelen;
2138 /* Find the slot where the value should be stored. If the variable already
2139 exists, we reuse the slot; otherwise we append a new slot at the end
2140 of the array, expanding if necessary. */
2142 namelen = strlen(name);
2143 for (i = 0; env[i]; i++)
2144 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=')
2148 /* Name already exists. Reuse the slot. */
2153 /* New variable. Expand the array if necessary. */
2154 if (i >= (*envsizep) - 1)
2157 env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
2160 /* Need to set the NULL pointer at end of array beyond the new
2165 /* Allocate space and format the variable in the appropriate slot. */
2166 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
2167 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
2170 /* Reads environment variables from the given file and adds/overrides them
2171 into the environment. If the file does not exist, this does nothing.
2172 Otherwise, it must consist of empty lines, comments (line starts with '#')
2173 and assignments of the form name=value. No other forms are allowed. */
2175 void read_environment_file(char ***env, unsigned int *envsize,
2176 const char *filename)
2182 /* Open the environment file. */
2183 f = fopen(filename, "r");
2185 return; /* Not found. */
2187 /* Process each line. */
2188 while (fgets(buf, sizeof(buf), f))
2190 /* Skip leading whitespace. */
2191 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
2194 /* Ignore empty and comment lines. */
2195 if (!*cp || *cp == '#' || *cp == '\n')
2198 /* Remove newline. */
2199 if (strchr(cp, '\n'))
2200 *strchr(cp, '\n') = '\0';
2202 /* Find the equals sign. Its lack indicates badly formatted line. */
2203 value = strchr(cp, '=');
2206 fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
2210 /* Replace the equals sign by nul, and advance value to the value
2215 /* Set the value in environment. */
2216 child_set_env(env, envsize, cp, value);
2222 /* Performs common processing for the child, such as setting up the
2223 environment, closing extra file descriptors, setting the user and group
2224 ids, and executing the command or shell. */
2226 void do_child(const char *command, struct passwd *pw, const char *term,
2227 const char *display, const char *auth_proto,
2228 const char *auth_data, const char *ttyname)
2230 const char *shell, *cp = NULL;
2233 unsigned int envsize, i;
2235 extern char **environ;
2239 #ifndef HAVE_LIBPAM /* pam_nologin handles this */
2240 /* Check /etc/nologin. */
2241 f = fopen("/etc/nologin", "r");
2243 { /* /etc/nologin exists. Print its contents and exit. */
2244 while (fgets(buf, sizeof(buf), f))
2247 if (pw->pw_uid != 0)
2250 #endif /* HAVE_LIBPAM */
2252 #ifdef HAVE_SETLOGIN
2253 /* Set login name in the kernel. */
2254 if (setlogin(pw->pw_name) < 0)
2255 error("setlogin failed: %s", strerror(errno));
2256 #endif /* HAVE_SETLOGIN */
2258 /* Set uid, gid, and groups. */
2259 /* Login(1) does this as well, and it needs uid 0 for the "-h" switch,
2260 so we let login(1) to this for us. */
2261 if(!options.use_login) {
2262 if (getuid() == 0 || geteuid() == 0)
2264 if (setgid(pw->pw_gid) < 0)
2269 /* Initialize the group list. */
2270 if (initgroups(pw->pw_name, pw->pw_gid) < 0)
2272 perror("initgroups");
2277 /* Permanently switch to the desired uid. */
2278 permanently_set_uid(pw->pw_uid);
2281 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
2282 fatal("Failed to set uids to %d.", (int)pw->pw_uid);
2285 /* Get the shell from the password data. An empty shell field is legal,
2286 and means /bin/sh. */
2287 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
2290 /* Try to get AFS tokens for the local cell. */
2294 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
2295 krb_afslog(cell, 0);
2301 /* Initialize the environment. In the first part we allocate space for
2302 all environment variables. */
2304 env = xmalloc(envsize * sizeof(char *));
2307 if(!options.use_login) {
2308 /* Set basic environment. */
2309 child_set_env(&env, &envsize, "USER", pw->pw_name);
2310 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
2311 child_set_env(&env, &envsize, "HOME", pw->pw_dir);
2312 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
2314 snprintf(buf, sizeof buf, "%.200s/%.50s",
2315 _PATH_MAILDIR, pw->pw_name);
2316 child_set_env(&env, &envsize, "MAIL", buf);
2318 /* Normal systems set SHELL by default. */
2319 child_set_env(&env, &envsize, "SHELL", shell);
2322 /* Let it inherit timezone if we have one. */
2324 child_set_env(&env, &envsize, "TZ", getenv("TZ"));
2326 /* Set custom environment options from RSA authentication. */
2327 while (custom_environment)
2329 struct envstring *ce = custom_environment;
2332 for (i = 0; s[i] != '=' && s[i]; i++)
2337 child_set_env(&env, &envsize, s, s + i + 1);
2339 custom_environment = ce->next;
2344 /* Set SSH_CLIENT. */
2345 snprintf(buf, sizeof buf, "%.50s %d %d",
2346 get_remote_ipaddr(), get_remote_port(), options.port);
2347 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
2349 /* Set SSH_TTY if we have a pty. */
2351 child_set_env(&env, &envsize, "SSH_TTY", ttyname);
2353 /* Set TERM if we have a pty. */
2355 child_set_env(&env, &envsize, "TERM", term);
2357 /* Set DISPLAY if we have one. */
2359 child_set_env(&env, &envsize, "DISPLAY", display);
2363 extern char *ticket;
2366 child_set_env(&env, &envsize, "KRBTKFILE", ticket);
2371 /* Pull in any environment variables that may have been set by PAM. */
2373 char *equal_sign, var_name[256], var_val[256];
2375 char **pam_env = pam_getenvlist((pam_handle_t *)pamh);
2376 for(this_var = 0; pam_env && pam_env[this_var]; this_var++)
2378 if(strlen(pam_env[this_var]) < (sizeof(var_name) - 1))
2379 if((equal_sign = strstr(pam_env[this_var], "=")) != NULL)
2381 memset(var_name, 0, sizeof(var_name));
2382 memset(var_val, 0, sizeof(var_val));
2383 strncpy(var_name, pam_env[this_var],
2384 equal_sign - pam_env[this_var]);
2385 strcpy(var_val, equal_sign + 1);
2386 child_set_env(&env, &envsize, var_name, var_val);
2390 #endif /* HAVE_LIBPAM */
2392 /* Set XAUTHORITY to always be a local file. */
2394 child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
2396 /* Set variable for forwarded authentication connection, if we have one. */
2397 if (auth_get_socket_name() != NULL)
2398 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
2399 auth_get_socket_name());
2401 /* Read $HOME/.ssh/environment. */
2402 if(!options.use_login) {
2403 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
2404 read_environment_file(&env, &envsize, buf);
2407 /* If debugging, dump the environment to stderr. */
2410 fprintf(stderr, "Environment:\n");
2411 for (i = 0; env[i]; i++)
2412 fprintf(stderr, " %.200s\n", env[i]);
2415 /* Close the connection descriptors; note that this is the child, and the
2416 server will still have the socket open, and it is important that we
2417 do not shutdown it. Note that the descriptors cannot be closed before
2418 building the environment, as we call get_remote_ipaddr there. */
2419 if (packet_get_connection_in() == packet_get_connection_out())
2420 close(packet_get_connection_in());
2423 close(packet_get_connection_in());
2424 close(packet_get_connection_out());
2426 /* Close all descriptors related to channels. They will still remain
2427 open in the parent. */
2428 channel_close_all();
2430 /* Close any extra file descriptors. Note that there may still be
2431 descriptors left by system functions. They will be closed later. */
2435 /* Close any extra open file descriptors so that we don\'t have them
2436 hanging around in clients. Note that we want to do this after
2437 initgroups, because at least on Solaris 2.3 it leaves file descriptors
2439 for (i = 3; i < 64; i++)
2442 /* Change current directory to the user\'s home directory. */
2443 if (chdir(pw->pw_dir) < 0)
2444 fprintf(stderr, "Could not chdir to home directory %s: %s\n",
2445 pw->pw_dir, strerror(errno));
2447 /* Must take new environment into use so that .ssh/rc, /etc/sshrc and
2448 xauth are run in the proper environment. */
2451 /* Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found first
2453 if(!options.use_login) {
2454 if (stat(SSH_USER_RC, &st) >= 0)
2457 fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC);
2459 f = popen("/bin/sh " SSH_USER_RC, "w");
2462 if (auth_proto != NULL && auth_data != NULL)
2463 fprintf(f, "%s %s\n", auth_proto, auth_data);
2467 fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
2470 if (stat(SSH_SYSTEM_RC, &st) >= 0)
2473 fprintf(stderr, "Running /bin/sh %s\n", SSH_SYSTEM_RC);
2475 f = popen("/bin/sh " SSH_SYSTEM_RC, "w");
2478 if (auth_proto != NULL && auth_data != NULL)
2479 fprintf(f, "%s %s\n", auth_proto, auth_data);
2483 fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
2488 /* Add authority data to .Xauthority if appropriate. */
2489 if (auth_proto != NULL && auth_data != NULL)
2492 fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
2493 XAUTH_PATH, display, auth_proto, auth_data);
2495 f = popen(XAUTH_PATH " -q -", "w");
2498 fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
2502 fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
2505 #endif /* XAUTH_PATH */
2507 /* Get the last component of the shell name. */
2508 cp = strrchr(shell, '/');
2515 /* If we have no command, execute the shell. In this case, the shell name
2516 to be passed in argv[0] is preceded by '-' to indicate that this is
2520 if(!options.use_login) {
2523 /* Check for mail if we have a tty and it was enabled in server options. */
2524 if (ttyname && options.check_mail) {
2526 struct stat mailstat;
2527 mailbox = getenv("MAIL");
2528 if(mailbox != NULL) {
2529 if(stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0) {
2530 printf("No mail.\n");
2531 } else if(mailstat.st_mtime < mailstat.st_atime) {
2532 printf("You have mail.\n");
2534 printf("You have new mail.\n");
2538 /* Start the shell. Set initial character to '-'. */
2540 strncpy(buf + 1, cp, sizeof(buf) - 1);
2541 buf[sizeof(buf) - 1] = 0;
2542 /* Execute the shell. */
2545 execve(shell, argv, env);
2546 /* Executing the shell failed. */
2551 /* Launch login(1). */
2553 execl(LOGIN_PROGRAM, "login", "-h", get_remote_ipaddr(), "-p", "-f", "--", pw->pw_name, NULL);
2555 /* Login couldn't be executed, die. */
2562 /* Execute the command using the user's shell. This uses the -c option
2563 to execute the command. */
2564 argv[0] = (char *)cp;
2566 argv[2] = (char *)command;
2568 execve(shell, argv, env);