5 Author: Tatu Ylonen <ylo@cs.hut.fi>
7 Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 Created: Fri Mar 17 17:09:28 1995 ylo
12 This program is the ssh daemon. It listens for connections from clients, and
13 performs authentication, executes use commands or shell, and forwards
14 information to/from the application to the user client over an encrypted
15 connection. This can also handle forwarding of X11, TCP/IP, and authentication
35 #ifdef HAVE_MAILLOCK_H
36 # include <maillock.h>
42 int allow_severity = LOG_INFO;
43 int deny_severity = LOG_WARNING;
50 /* Local Xauthority file. */
51 static char *xauthfile = NULL;
53 /* Server configuration options. */
54 ServerOptions options;
56 /* Name of the server configuration file. */
57 char *config_file_name = SERVER_CONFIG_FILE;
59 /* Debug mode flag. This can be set on the command line. If debug
60 mode is enabled, extra debugging output will be sent to the system
61 log, the daemon will not go to background, and will exit after processing
62 the first connection. */
65 /* Flag indicating that the daemon is being started from inetd. */
68 /* debug goes to stderr unless inetd_flag is set */
71 /* argv[0] without path. */
74 /* Saved arguments to main(). */
77 /* This is set to the socket that the server is listening; this is used in
78 the SIGHUP signal handler. */
81 /* Flags set in auth-rsa from authorized_keys flags. These are set in
83 int no_port_forwarding_flag = 0;
84 int no_agent_forwarding_flag = 0;
85 int no_x11_forwarding_flag = 0;
87 char *forced_command = NULL; /* RSA authentication "command=" option. */
88 struct envstring *custom_environment = NULL;
89 /* RSA authentication "environment=" options. */
91 /* Session id for the current session. */
92 unsigned char session_id[16];
94 /* Any really sensitive data in the application is contained in this structure.
95 The idea is that this structure could be locked into memory so that the
96 pages do not get written into swap. However, there are some problems.
97 The private key contains BIGNUMs, and we do not (in principle) have
98 access to the internals of them, and locking just the structure is not
99 very useful. Currently, memory locking is not implemented. */
102 /* Private part of server key. */
105 /* Private part of host key. */
109 /* Flag indicating whether the current session key has been used. This flag
110 is set whenever the key is used, and cleared when the key is regenerated. */
113 /* This is set to true when SIGHUP is received. */
114 int received_sighup = 0;
116 /* Public side of the server key. This value is regenerated regularly with
120 /* Prototypes for various functions defined later in this file. */
121 void do_connection();
122 void do_authentication(char *user);
123 void do_authloop(struct passwd *pw);
124 void do_fake_authloop(char *user);
125 void do_authenticated(struct passwd *pw);
126 void do_exec_pty(const char *command, int ptyfd, int ttyfd,
127 const char *ttyname, struct passwd *pw, const char *term,
128 const char *display, const char *auth_proto,
129 const char *auth_data);
130 void do_exec_no_pty(const char *command, struct passwd *pw,
131 const char *display, const char *auth_proto,
132 const char *auth_data);
133 void do_child(const char *command, struct passwd *pw, const char *term,
134 const char *display, const char *auth_proto,
135 const char *auth_data, const char *ttyname);
138 static int pamconv(int num_msg, const struct pam_message **msg,
139 struct pam_response **resp, void *appdata_ptr);
140 void do_pam_account_and_session(char *username, char *remote_user,
141 const char *remote_host);
142 void pam_cleanup_proc(void *context);
144 static struct pam_conv conv = {
148 struct pam_handle_t *pamh = NULL;
149 const char *pampasswd = NULL;
150 char *pamconv_msg = NULL;
152 static int pamconv(int num_msg, const struct pam_message **msg,
153 struct pam_response **resp, void *appdata_ptr)
156 struct pam_response *reply = NULL;
158 /* PAM will free this later */
159 reply = malloc(num_msg * sizeof(*reply));
163 for(count = 0; count < num_msg; count++)
165 switch (msg[count]->msg_style)
167 case PAM_PROMPT_ECHO_OFF:
168 if (pampasswd == NULL)
173 reply[count].resp_retcode = PAM_SUCCESS;
174 reply[count].resp = xstrdup(pampasswd);
178 reply[count].resp_retcode = PAM_SUCCESS;
179 reply[count].resp = xstrdup("");
181 if (msg[count]->msg == NULL) break;
182 debug("Adding PAM message: %s", msg[count]->msg);
183 if (pamconv_msg == NULL)
185 pamconv_msg = malloc(strlen(msg[count]->msg) + 2);
187 if (pamconv_msg == NULL)
190 strncpy(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
191 pamconv_msg[strlen(msg[count]->msg)] = '\n';
192 pamconv_msg[strlen(msg[count]->msg) + 1] = '\0';
195 pamconv_msg = realloc(pamconv_msg, strlen(pamconv_msg) + strlen(msg[count]->msg) + 2);
196 strncat(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
197 pamconv_msg[strlen(pamconv_msg)] = '\n';
198 pamconv_msg[strlen(pamconv_msg) + 1] = '\0';
202 case PAM_PROMPT_ECHO_ON:
215 void pam_cleanup_proc(void *context)
221 pam_retval = pam_close_session((pam_handle_t *)pamh, 0);
222 if (pam_retval != PAM_SUCCESS)
224 log("Cannot close PAM session: %.200s",
225 pam_strerror((pam_handle_t *)pamh, pam_retval));
228 pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
229 if (pam_retval != PAM_SUCCESS)
231 log("Cannot release PAM authentication: %.200s",
232 pam_strerror((pam_handle_t *)pamh, pam_retval));
237 void do_pam_account_and_session(char *username, char *remote_user,
238 const char *remote_host)
242 if (remote_host != NULL)
244 debug("PAM setting rhost to \"%.200s\"", remote_host);
245 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host);
246 if (pam_retval != PAM_SUCCESS)
248 log("PAM set rhost failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
249 do_fake_authloop(username);
253 if (remote_user != NULL)
255 debug("PAM setting ruser to \"%.200s\"", remote_user);
256 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user);
257 if (pam_retval != PAM_SUCCESS)
259 log("PAM set ruser failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
260 do_fake_authloop(username);
264 pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
265 if (pam_retval != PAM_SUCCESS)
267 log("PAM rejected by account configuration: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
268 do_fake_authloop(username);
271 pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
272 if (pam_retval != PAM_SUCCESS)
274 log("PAM session setup failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
275 do_fake_authloop(username);
278 #endif /* HAVE_LIBPAM */
280 /* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP;
281 the effect is to reread the configuration file (and to regenerate
284 void sighup_handler(int sig)
287 signal(SIGHUP, sighup_handler);
290 /* Called from the main program after receiving SIGHUP. Restarts the
293 void sighup_restart()
295 log("Received SIGHUP; restarting.");
297 execv(saved_argv[0], saved_argv);
298 log("RESTART FAILED: av0='%s', error: %s.", av0, strerror(errno));
302 /* Generic signal handler for terminating signals in the master daemon.
303 These close the listen socket; not closing it seems to cause "Address
304 already in use" problems on some machines, which is inconvenient. */
306 void sigterm_handler(int sig)
308 log("Received signal %d; terminating.", sig);
313 /* SIGCHLD handler. This is called whenever a child dies. This will then
314 reap any zombies left by exited c. */
316 void main_sigchld_handler(int sig)
318 int save_errno = errno;
321 signal(SIGCHLD, main_sigchld_handler);
325 /* Signal handler for the alarm after the login grace period has expired. */
327 void grace_alarm_handler(int sig)
329 /* Close the connection. */
332 /* Log error and exit. */
333 fatal("Timeout before authentication.");
336 /* Signal handler for the key regeneration alarm. Note that this
337 alarm only occurs in the daemon waiting for connections, and it does not
338 do anything with the private key or random state before forking. Thus there
339 should be no concurrency control/asynchronous execution problems. */
341 void key_regeneration_alarm(int sig)
343 int save_errno = errno;
345 /* Check if we should generate a new key. */
348 /* This should really be done in the background. */
349 log("Generating new %d bit RSA key.", options.server_key_bits);
351 if (sensitive_data.private_key != NULL)
352 RSA_free(sensitive_data.private_key);
353 sensitive_data.private_key = RSA_new();
355 if (public_key != NULL)
356 RSA_free(public_key);
357 public_key = RSA_new();
359 rsa_generate_key(sensitive_data.private_key, public_key,
360 options.server_key_bits);
363 log("RSA key generation complete.");
366 /* Reschedule the alarm. */
367 signal(SIGALRM, key_regeneration_alarm);
368 alarm(options.key_regeneration_time);
372 /* Main program for the daemon. */
375 main(int ac, char **av)
379 int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
380 int remote_major, remote_minor;
382 struct sockaddr_in sin;
383 char buf[100]; /* Must not be larger than remote_version. */
384 char remote_version[100]; /* Must be at least as big as buf. */
388 struct linger linger;
392 if (strchr(av[0], '/'))
393 av0 = strrchr(av[0], '/') + 1;
397 /* Initialize configuration options to their default values. */
398 initialize_server_options(&options);
400 /* Parse command-line arguments. */
401 while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqQ")) != EOF)
406 config_file_name = optarg;
410 options.log_level = SYSLOG_LEVEL_DEBUG;
419 options.log_level = SYSLOG_LEVEL_QUIET;
422 options.server_key_bits = atoi(optarg);
425 options.port = atoi(optarg);
428 options.login_grace_time = atoi(optarg);
431 options.key_regeneration_time = atoi(optarg);
434 options.host_key_file = optarg;
438 fprintf(stderr, "sshd version %s\n", SSH_VERSION);
439 fprintf(stderr, "Usage: %s [options]\n", av0);
440 fprintf(stderr, "Options:\n");
441 fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR);
442 fprintf(stderr, " -d Debugging mode\n");
443 fprintf(stderr, " -i Started from inetd\n");
444 fprintf(stderr, " -q Quiet (no logging)\n");
445 fprintf(stderr, " -p port Listen on the specified port (default: 22)\n");
446 fprintf(stderr, " -k seconds Regenerate server key every this many seconds (default: 3600)\n");
447 fprintf(stderr, " -g seconds Grace period for authentication (default: 300)\n");
448 fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
449 fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
455 /* check if RSA support exists */
456 if (rsa_alive() == 0) {
458 printf("sshd: no RSA support in libssl and libcrypto -- exiting. See ssl(8)\n");
459 log("no RSA support in libssl and libcrypto -- exiting. See ssl(8)");
463 /* Read server configuration options from the configuration file. */
464 read_server_config(&options, config_file_name);
466 /* Fill in default values for those options not explicitly set. */
467 fill_default_server_options(&options);
469 /* Check certain values for sanity. */
470 if (options.server_key_bits < 512 ||
471 options.server_key_bits > 32768)
473 fprintf(stderr, "Bad server key size.\n");
476 if (options.port < 1 || options.port > 65535)
478 fprintf(stderr, "Bad port number.\n");
482 /* Check that there are no remaining arguments. */
485 fprintf(stderr, "Extra argument %s.\n", av[optind]);
489 /* Initialize the log (it is reinitialized below in case we forked). */
491 if (debug_flag && !inetd_flag)
494 log_init(av0, options.log_level, options.log_facility, log_stderr);
496 debug("sshd version %.100s", SSH_VERSION);
498 sensitive_data.host_key = RSA_new();
499 /* Load the host key. It must have empty passphrase. */
500 if (!load_private_key(options.host_key_file, "",
501 sensitive_data.host_key, &comment))
504 fprintf(stderr, "Could not load host key: %s: %s\n",
505 options.host_key_file, strerror(errno));
510 log_init(av0, SYSLOG_LEVEL_DEBUG, options.log_facility, log_stderr);
511 error("Could not load host key: %.200s: %.100s",
512 options.host_key_file, strerror(err));
518 /* If not in debugging mode, and not started from inetd, disconnect from
519 the controlling terminal, and fork. The original process exits. */
520 if (!debug_flag && !inetd_flag)
524 #endif /* TIOCNOTTY */
525 if (daemon(0, 0) < 0)
526 fatal("daemon() failed: %.200s", strerror(errno));
528 /* Disconnect from the controlling tty. */
530 fd = open("/dev/tty", O_RDWR|O_NOCTTY);
533 (void)ioctl(fd, TIOCNOTTY, NULL);
536 #endif /* TIOCNOTTY */
539 /* Reinitialize the log (because of the fork above). */
540 log_init(av0, options.log_level, options.log_facility, log_stderr);
542 /* Check that server and host key lengths differ sufficiently. This is
543 necessary to make double encryption work with rsaref. Oh, I hate
544 software patents. I dont know if this can go? Niels */
545 if (options.server_key_bits >
546 BN_num_bits(sensitive_data.host_key->n) - SSH_KEY_BITS_RESERVED &&
547 options.server_key_bits <
548 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED)
550 options.server_key_bits =
551 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED;
552 debug("Forcing server key to %d bits to make it differ from host key.",
553 options.server_key_bits);
556 /* Do not display messages to stdout in RSA code. */
559 /* Initialize the random number generator. */
562 /* Chdir to the root directory so that the current disk can be unmounted
566 /* Close connection cleanly after attack. */
567 cipher_attack_detected = packet_disconnect;
569 /* Start listening for a socket, unless started from inetd. */
573 s1 = dup(0); /* Make sure descriptors 0, 1, and 2 are in use. */
577 /* We intentionally do not close the descriptors 0, 1, and 2 as our
578 code for setting the descriptors won\'t work if ttyfd happens to
580 debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
582 public_key = RSA_new();
583 sensitive_data.private_key = RSA_new();
584 /* Generate an rsa key. */
585 log("Generating %d bit RSA key.", options.server_key_bits);
586 rsa_generate_key(sensitive_data.private_key, public_key,
587 options.server_key_bits);
589 log("RSA key generation complete.");
593 /* Create socket for listening. */
594 listen_sock = socket(AF_INET, SOCK_STREAM, 0);
596 fatal("socket: %.100s", strerror(errno));
598 /* Set socket options. We try to make the port reusable and have it
599 close as fast as possible without waiting in unnecessary wait states
601 setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
605 setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, (void *)&linger,
608 /* Initialize the socket address. */
609 memset(&sin, 0, sizeof(sin));
610 sin.sin_family = AF_INET;
611 sin.sin_addr = options.listen_addr;
612 sin.sin_port = htons(options.port);
614 /* Bind the socket to the desired port. */
615 if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
617 error("bind: %.100s", strerror(errno));
618 shutdown(listen_sock, SHUT_RDWR);
620 fatal("Bind to port %d failed.", options.port);
625 /* Record our pid in /etc/sshd_pid to make it easier to kill the
626 correct sshd. We don\'t want to do this before the bind above
627 because the bind will fail if there already is a daemon, and this
628 will overwrite any old pid in the file. */
629 f = fopen(SSH_DAEMON_PID_FILE, "w");
632 fprintf(f, "%u\n", (unsigned int)getpid());
637 /* Start listening on the port. */
638 log("Server listening on port %d.", options.port);
639 if (listen(listen_sock, 5) < 0)
640 fatal("listen: %.100s", strerror(errno));
642 public_key = RSA_new();
643 sensitive_data.private_key = RSA_new();
644 /* Generate an rsa key. */
645 log("Generating %d bit RSA key.", options.server_key_bits);
646 rsa_generate_key(sensitive_data.private_key, public_key,
647 options.server_key_bits);
649 log("RSA key generation complete.");
651 /* Schedule server key regeneration alarm. */
652 signal(SIGALRM, key_regeneration_alarm);
653 alarm(options.key_regeneration_time);
655 /* Arrange to restart on SIGHUP. The handler needs listen_sock. */
656 signal(SIGHUP, sighup_handler);
657 signal(SIGTERM, sigterm_handler);
658 signal(SIGQUIT, sigterm_handler);
660 /* Arrange SIGCHLD to be caught. */
661 signal(SIGCHLD, main_sigchld_handler);
663 /* Stay listening for connections until the system crashes or the
664 daemon is killed with a signal. */
669 /* Wait in accept until there is a connection. */
671 newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux);
678 error("accept: %.100s", strerror(errno));
682 /* Got connection. Fork a child to handle it, unless we are in
686 /* In debugging mode. Close the listening socket, and start
687 processing the connection without forking. */
688 debug("Server will not fork when running in debugging mode.");
697 /* Normal production daemon. Fork, and have the child process
698 the connection. The parent continues listening. */
699 if ((pid = fork()) == 0)
701 /* Child. Close the listening socket, and start using
702 the accepted socket. Reinitialize logging (since our
703 pid has changed). We break out of the loop to handle
708 log_init(av0, options.log_level, options.log_facility, log_stderr);
713 /* Parent. Stay in the loop. */
715 error("fork: %.100s", strerror(errno));
717 debug("Forked child %d.", pid);
719 /* Mark that the key has been used (it was "given" to the child). */
724 /* Close the new socket (the child is now taking care of it). */
729 /* This is the child processing a new connection. */
731 /* Disable the key regeneration alarm. We will not regenerate the key
732 since we are no longer in a position to give it to anyone. We will
733 not restart on SIGHUP since it no longer makes sense. */
735 signal(SIGALRM, SIG_DFL);
736 signal(SIGHUP, SIG_DFL);
737 signal(SIGTERM, SIG_DFL);
738 signal(SIGQUIT, SIG_DFL);
739 signal(SIGCHLD, SIG_DFL);
741 /* Set socket options for the connection. We want the socket to close
742 as fast as possible without waiting for anything. If the connection
743 is not a socket, these will do nothing. */
744 /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
747 setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
749 /* Register our connection. This turns encryption off because we do not
751 packet_set_connection(sock_in, sock_out);
753 remote_port = get_remote_port();
755 /* Check whether logins are denied from this host. */
758 struct request_info req;
760 request_init(&req, RQ_DAEMON, av0, RQ_FILE, sock_in, NULL);
763 if (!hosts_access(&req)) {
768 log("Connection from %.500s port %d", eval_client(&req), remote_port);
771 /* Log the connection. */
772 log("Connection from %.100s port %d", get_remote_ipaddr(), remote_port);
775 /* We don\'t want to listen forever unless the other side successfully
776 authenticates itself. So we set up an alarm which is cleared after
777 successful authentication. A limit of zero indicates no limit.
778 Note that we don\'t set the alarm in debugging mode; it is just annoying
779 to have the server exit just when you are about to discover the bug. */
780 signal(SIGALRM, grace_alarm_handler);
782 alarm(options.login_grace_time);
784 /* Send our protocol version identification. */
785 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
786 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
787 if (write(sock_out, buf, strlen(buf)) != strlen(buf))
788 fatal("Could not write ident string.");
790 /* Read other side\'s version identification. */
791 for (i = 0; i < sizeof(buf) - 1; i++)
793 if (read(sock_in, &buf[i], 1) != 1)
794 fatal("Did not receive ident string.");
808 buf[sizeof(buf) - 1] = 0;
810 /* Check that the versions match. In future this might accept several
811 versions and set appropriate flags to handle them. */
812 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
813 remote_version) != 3)
815 const char *s = "Protocol mismatch.\n";
816 (void) write(sock_out, s, strlen(s));
819 fatal("Bad protocol version identification: %.100s", buf);
821 debug("Client protocol version %d.%d; client software version %.100s",
822 remote_major, remote_minor, remote_version);
823 if (remote_major != PROTOCOL_MAJOR)
825 const char *s = "Protocol major versions differ.\n";
826 (void) write(sock_out, s, strlen(s));
829 fatal("Protocol major versions differ: %d vs. %d",
830 PROTOCOL_MAJOR, remote_major);
833 /* Check that the client has sufficiently high software version. */
834 if (remote_major == 1 && remote_minor < 3)
835 packet_disconnect("Your ssh version is too old and is no longer supported. Please install a newer version.");
837 if (remote_major == 1 && remote_minor == 3) {
839 if (strcmp(remote_version, "OpenSSH-1.1") != 0) {
840 debug("Agent forwarding disabled, remote version is not compatible.");
841 no_agent_forwarding_flag = 1;
845 /* Check that the connection comes from a privileged port.
846 Rhosts- and Rhosts-RSA-Authentication only make sense
847 from priviledged programs.
848 Of course, if the intruder has root access on his local machine,
849 he can connect from any port. So do not use these authentication
850 methods from machines that you do not trust. */
851 if (remote_port >= IPPORT_RESERVED ||
852 remote_port < IPPORT_RESERVED / 2)
854 options.rhosts_authentication = 0;
855 options.rhosts_rsa_authentication = 0;
858 packet_set_nonblocking();
860 /* Handle the connection. */
864 /* Cleanup user's ticket cache file. */
865 if (options.kerberos_ticket_cleanup)
869 /* Cleanup user's local Xauthority file. */
870 if (xauthfile) unlink(xauthfile);
872 /* The connection has been terminated. */
873 log("Closing connection to %.100s", inet_ntoa(sin.sin_addr));
881 debug("Closing PAM session.");
882 retval = pam_close_session((pam_handle_t *)pamh, 0);
884 debug("Terminating PAM library.");
885 if (pam_end((pam_handle_t *)pamh, retval) != PAM_SUCCESS)
886 log("Cannot release PAM authentication.");
888 fatal_remove_cleanup(&pam_cleanup_proc, NULL);
891 #endif /* HAVE_LIBPAM */
898 /* Process an incoming connection. Protocol version identifiers have already
899 been exchanged. This sends server key and performs the key exchange.
900 Server and host keys will no longer be needed after this functions. */
906 BIGNUM *session_key_int;
907 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
908 unsigned char check_bytes[8];
910 unsigned int cipher_type, auth_mask, protocol_flags;
914 /* Generate check bytes that the client must send back in the user packet
915 in order for it to be accepted; this is used to defy ip spoofing
916 attacks. Note that this only works against somebody doing IP spoofing
917 from a remote machine; any machine on the local network can still see
918 outgoing packets and catch the random cookie. This only affects
919 rhosts authentication, and this is one of the reasons why it is
920 inherently insecure. */
921 for (i = 0; i < 8; i++) {
924 check_bytes[i] = rand & 0xff;
928 /* Send our public key. We include in the packet 64 bits of random
929 data that must be matched in the reply in order to prevent IP spoofing. */
930 packet_start(SSH_SMSG_PUBLIC_KEY);
931 for (i = 0; i < 8; i++)
932 packet_put_char(check_bytes[i]);
934 /* Store our public server RSA key. */
935 packet_put_int(BN_num_bits(public_key->n));
936 packet_put_bignum(public_key->e);
937 packet_put_bignum(public_key->n);
939 /* Store our public host RSA key. */
940 packet_put_int(BN_num_bits(sensitive_data.host_key->n));
941 packet_put_bignum(sensitive_data.host_key->e);
942 packet_put_bignum(sensitive_data.host_key->n);
944 /* Put protocol flags. */
945 packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
947 /* Declare which ciphers we support. */
948 packet_put_int(cipher_mask());
950 /* Declare supported authentication types. */
952 if (options.rhosts_authentication)
953 auth_mask |= 1 << SSH_AUTH_RHOSTS;
954 if (options.rhosts_rsa_authentication)
955 auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
956 if (options.rsa_authentication)
957 auth_mask |= 1 << SSH_AUTH_RSA;
959 if (options.kerberos_authentication)
960 auth_mask |= 1 << SSH_AUTH_KERBEROS;
963 if (options.kerberos_tgt_passing)
964 auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
965 if (options.afs_token_passing)
966 auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
968 if (options.password_authentication)
969 auth_mask |= 1 << SSH_AUTH_PASSWORD;
970 packet_put_int(auth_mask);
972 /* Send the packet and wait for it to be sent. */
976 debug("Sent %d bit public key and %d bit host key.",
977 BN_num_bits(public_key->n), BN_num_bits(sensitive_data.host_key->n));
979 /* Read clients reply (cipher type and session key). */
980 packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
982 /* Get cipher type. */
983 cipher_type = packet_get_char();
985 /* Get check bytes from the packet. These must match those we sent earlier
986 with the public key packet. */
987 for (i = 0; i < 8; i++)
988 if (check_bytes[i] != packet_get_char())
989 packet_disconnect("IP Spoofing check bytes do not match.");
991 debug("Encryption type: %.200s", cipher_name(cipher_type));
993 /* Get the encrypted integer. */
994 session_key_int = BN_new();
995 packet_get_bignum(session_key_int, &slen);
997 /* Get protocol flags. */
998 protocol_flags = packet_get_int();
999 packet_set_protocol_flags(protocol_flags);
1001 packet_integrity_check(plen, 1 + 8 + slen + 4, SSH_CMSG_SESSION_KEY);
1003 /* Decrypt it using our private server key and private host key (key with
1004 larger modulus first). */
1005 if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0)
1007 /* Private key has bigger modulus. */
1008 if (BN_num_bits(sensitive_data.private_key->n) <
1009 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) {
1010 fatal("do_connection: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
1011 BN_num_bits(sensitive_data.private_key->n),
1012 BN_num_bits(sensitive_data.host_key->n),
1013 SSH_KEY_BITS_RESERVED);
1016 rsa_private_decrypt(session_key_int, session_key_int,
1017 sensitive_data.private_key);
1018 rsa_private_decrypt(session_key_int, session_key_int,
1019 sensitive_data.host_key);
1023 /* Host key has bigger modulus (or they are equal). */
1024 if (BN_num_bits(sensitive_data.host_key->n) <
1025 BN_num_bits(sensitive_data.private_key->n) + SSH_KEY_BITS_RESERVED) {
1026 fatal("do_connection: host_key %d < private_key %d + SSH_KEY_BITS_RESERVED %d",
1027 BN_num_bits(sensitive_data.host_key->n),
1028 BN_num_bits(sensitive_data.private_key->n),
1029 SSH_KEY_BITS_RESERVED);
1031 rsa_private_decrypt(session_key_int, session_key_int,
1032 sensitive_data.host_key);
1033 rsa_private_decrypt(session_key_int, session_key_int,
1034 sensitive_data.private_key);
1037 /* Compute session id for this session. */
1038 compute_session_id(session_id, check_bytes,
1039 BN_num_bits(sensitive_data.host_key->n),
1040 sensitive_data.host_key->n,
1041 BN_num_bits(sensitive_data.private_key->n),
1042 sensitive_data.private_key->n);
1044 /* Extract session key from the decrypted integer. The key is in the
1045 least significant 256 bits of the integer; the first byte of the
1046 key is in the highest bits. */
1047 BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1048 len = BN_num_bytes(session_key_int);
1049 if (len < 0 || len > sizeof(session_key))
1050 fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",
1051 len, sizeof(session_key));
1052 memset(session_key, 0, sizeof(session_key));
1053 BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
1055 /* Xor the first 16 bytes of the session key with the session id. */
1056 for (i = 0; i < 16; i++)
1057 session_key[i] ^= session_id[i];
1059 /* Destroy the decrypted integer. It is no longer needed. */
1060 BN_clear_free(session_key_int);
1062 /* Set the session key. From this on all communications will be
1064 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
1067 /* Destroy our copy of the session key. It is no longer needed. */
1068 memset(session_key, 0, sizeof(session_key));
1070 debug("Received session key; encryption turned on.");
1072 /* Send an acknowledgement packet. Note that this packet is sent
1074 packet_start(SSH_SMSG_SUCCESS);
1076 packet_write_wait();
1078 /* Get the name of the user that we wish to log in as. */
1079 packet_read_expect(&plen, SSH_CMSG_USER);
1081 /* Get the user name. */
1084 user = packet_get_string(&ulen);
1085 packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
1088 /* Destroy the private and public keys. They will no longer be needed. */
1089 RSA_free(public_key);
1090 RSA_free(sensitive_data.private_key);
1091 RSA_free(sensitive_data.host_key);
1093 setproctitle("%s", user);
1094 /* Do the authentication. */
1095 do_authentication(user);
1098 /* Check if the user is allowed to log in via ssh. If user is listed in
1099 DenyUsers or user's primary group is listed in DenyGroups, false will
1100 be returned. If AllowUsers isn't empty and user isn't listed there, or
1101 if AllowGroups isn't empty and user isn't listed there, false will be
1102 returned. Otherwise true is returned.
1103 XXX This function should also check if user has a valid shell */
1106 allowed_user(struct passwd *pw)
1111 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
1115 /* XXX Should check for valid login shell */
1117 /* Return false if user is listed in DenyUsers */
1118 if (options.num_deny_users > 0)
1122 for (i = 0; i < options.num_deny_users; i++)
1123 if (match_pattern(pw->pw_name, options.deny_users[i]))
1127 /* Return false if AllowUsers isn't empty and user isn't listed there */
1128 if (options.num_allow_users > 0)
1132 for (i = 0; i < options.num_allow_users; i++)
1133 if (match_pattern(pw->pw_name, options.allow_users[i]))
1135 /* i < options.num_allow_users iff we break for loop */
1136 if (i >= options.num_allow_users)
1140 /* Get the primary group name if we need it. Return false if it fails */
1141 if (options.num_deny_groups > 0 || options.num_allow_groups > 0 )
1143 grp = getgrgid(pw->pw_gid);
1147 /* Return false if user's group is listed in DenyGroups */
1148 if (options.num_deny_groups > 0)
1152 for (i = 0; i < options.num_deny_groups; i++)
1153 if (match_pattern(grp->gr_name, options.deny_groups[i]))
1157 /* Return false if AllowGroups isn't empty and user's group isn't
1159 if (options.num_allow_groups > 0)
1163 for (i = 0; i < options.num_allow_groups; i++)
1164 if (match_pattern(grp->gr_name, options.allow_groups[i]))
1166 /* i < options.num_allow_groups iff we break for loop */
1167 if (i >= options.num_allow_groups)
1172 /* We found no reason not to let this user try to log on... */
1176 /* Performs authentication of an incoming connection. Session key has already
1177 been exchanged and encryption is enabled. User is the user name to log
1178 in as (received from the client). */
1181 do_authentication(char *user)
1183 struct passwd *pw, pwcopy;
1186 /* If machine has AFS, set process authentication group. */
1193 /* Verify that the user is a valid user. */
1194 pw = getpwnam(user);
1195 if (!pw || !allowed_user(pw))
1196 do_fake_authloop(user);
1198 /* Take a copy of the returned structure. */
1199 memset(&pwcopy, 0, sizeof(pwcopy));
1200 pwcopy.pw_name = xstrdup(pw->pw_name);
1201 pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
1202 pwcopy.pw_uid = pw->pw_uid;
1203 pwcopy.pw_gid = pw->pw_gid;
1204 pwcopy.pw_dir = xstrdup(pw->pw_dir);
1205 pwcopy.pw_shell = xstrdup(pw->pw_shell);
1212 debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
1214 pam_retval = pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh);
1215 if (pam_retval != PAM_SUCCESS)
1216 fatal("PAM initialisation failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
1218 fatal_add_cleanup(&pam_cleanup_proc, NULL);
1222 /* If we are not running as root, the user must have the same uid as the
1224 if (getuid() != 0 && pw->pw_uid != getuid())
1225 packet_disconnect("Cannot change user when server not running as root.");
1227 debug("Attempting authentication for %.100s.", user);
1229 /* If the user has no password, accept authentication immediately. */
1230 if (options.password_authentication &&
1232 (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
1234 auth_password(pw, ""))
1236 /* Authentication with empty password succeeded. */
1237 debug("Login for user %.100s accepted without authentication.", user);
1239 /* Loop until the user has been authenticated or the connection is closed,
1240 do_authloop() returns only if authentication is successfull */
1244 /* XXX log unified auth message */
1246 /* Check if the user is logging in as root and root logins are disallowed. */
1247 if (pw->pw_uid == 0 && !options.permit_root_login)
1250 log("Root login accepted for forced command.");
1252 packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
1253 get_canonical_hostname());
1256 /* The user has been authenticated and accepted. */
1257 packet_start(SSH_SMSG_SUCCESS);
1259 packet_write_wait();
1261 /* Perform session preparation. */
1262 do_authenticated(pw);
1265 #define MAX_AUTH_FAILURES 5
1267 /* read packets and try to authenticate local user *pw.
1268 return if authentication is successfull */
1270 do_authloop(struct passwd *pw)
1272 int authentication_failures = 0;
1273 unsigned int client_host_key_bits;
1274 BIGNUM *client_host_key_e, *client_host_key_n;
1276 char *client_user = NULL, *password = NULL;
1277 int plen, dlen, nlen, ulen, elen;
1280 #endif /* HAVE_LIBPAM */
1282 /* Indicate that authentication is needed. */
1283 packet_start(SSH_SMSG_FAILURE);
1285 packet_write_wait();
1288 int authenticated = 0;
1290 /* Get a packet from the client. */
1291 int type = packet_read(&plen);
1293 /* Process the packet. */
1297 case SSH_CMSG_HAVE_KERBEROS_TGT:
1298 if (!options.kerberos_tgt_passing)
1300 /* packet_get_all(); */
1301 log("Kerberos tgt passing disabled.");
1305 /* Accept Kerberos tgt. */
1306 char *tgt = packet_get_string(&dlen);
1307 packet_integrity_check(plen, 4 + dlen, type);
1308 if (!auth_kerberos_tgt(pw, tgt))
1309 debug("Kerberos tgt REFUSED for %s", pw->pw_name);
1314 case SSH_CMSG_HAVE_AFS_TOKEN:
1315 if (!options.afs_token_passing || !k_hasafs()) {
1316 /* packet_get_all(); */
1317 log("AFS token passing disabled.");
1321 /* Accept AFS token. */
1322 char *token_string = packet_get_string(&dlen);
1323 packet_integrity_check(plen, 4 + dlen, type);
1324 if (!auth_afs_token(pw, token_string))
1325 debug("AFS token REFUSED for %s", pw->pw_name);
1326 xfree(token_string);
1332 case SSH_CMSG_AUTH_KERBEROS:
1333 if (!options.kerberos_authentication)
1335 /* packet_get_all(); */
1336 log("Kerberos authentication disabled.");
1340 /* Try Kerberos v4 authentication. */
1342 char *tkt_user = NULL;
1343 char *kdata = packet_get_string((unsigned int *)&auth.length);
1344 packet_integrity_check(plen, 4 + auth.length, type);
1346 if (auth.length < MAX_KTXT_LEN)
1347 memcpy(auth.dat, kdata, auth.length);
1350 authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user);
1352 log("Kerberos authentication %s%s for account %s from %s",
1353 authenticated ? "accepted " : "failed",
1354 tkt_user != NULL ? tkt_user : "",
1355 pw->pw_name, get_canonical_hostname());
1362 case SSH_CMSG_AUTH_RHOSTS:
1363 if (!options.rhosts_authentication)
1365 log("Rhosts authentication disabled.");
1369 /* Get client user name. Note that we just have to trust the client;
1370 this is one reason why rhosts authentication is insecure.
1371 (Another is IP-spoofing on a local network.) */
1372 client_user = packet_get_string(&dlen);
1373 packet_integrity_check(plen, 4 + dlen, type);
1375 /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
1376 authenticated = auth_rhosts(pw, client_user);
1378 log("Rhosts authentication %s for %.100s, remote %.100s on %.700s.",
1379 authenticated ? "accepted" : "failed",
1380 pw->pw_name, client_user, get_canonical_hostname());
1383 #endif /* HAVE_LIBPAM */
1386 case SSH_CMSG_AUTH_RHOSTS_RSA:
1387 if (!options.rhosts_rsa_authentication)
1389 log("Rhosts with RSA authentication disabled.");
1393 /* Get client user name. Note that we just have to trust
1394 the client; root on the client machine can claim to be
1396 client_user = packet_get_string(&ulen);
1398 /* Get the client host key. */
1399 client_host_key_e = BN_new();
1400 client_host_key_n = BN_new();
1401 client_host_key_bits = packet_get_int();
1402 packet_get_bignum(client_host_key_e, &elen);
1403 packet_get_bignum(client_host_key_n, &nlen);
1405 packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
1407 authenticated = auth_rhosts_rsa(pw, client_user, client_host_key_bits,
1408 client_host_key_e, client_host_key_n);
1409 log("Rhosts authentication %s for %.100s, remote %.100s.",
1410 authenticated ? "accepted" : "failed",
1411 pw->pw_name, client_user);
1414 #endif /* HAVE_LIBPAM */
1415 BN_clear_free(client_host_key_e);
1416 BN_clear_free(client_host_key_n);
1419 case SSH_CMSG_AUTH_RSA:
1420 if (!options.rsa_authentication)
1422 log("RSA authentication disabled.");
1426 /* RSA authentication requested. */
1428 packet_get_bignum(n, &nlen);
1429 packet_integrity_check(plen, nlen, type);
1430 authenticated = auth_rsa(pw, n);
1432 log("RSA authentication %s for %.100s.",
1433 authenticated ? "accepted" : "failed",
1437 case SSH_CMSG_AUTH_PASSWORD:
1438 if (!options.password_authentication)
1440 log("Password authentication disabled.");
1444 /* Read user password. It is in plain text, but was transmitted
1445 over the encrypted channel so it is not visible to an outside
1447 password = packet_get_string(&dlen);
1448 packet_integrity_check(plen, 4 + dlen, type);
1451 /* Do PAM auth with password */
1452 pampasswd = password;
1453 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
1454 if (pam_retval == PAM_SUCCESS)
1456 log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
1461 log("PAM Password authentication for \"%.100s\" failed: %s",
1462 pw->pw_name, pam_strerror((pam_handle_t *)pamh, pam_retval));
1464 #else /* HAVE_LIBPAM */
1465 /* Try authentication with the password. */
1466 authenticated = auth_password(pw, password);
1468 memset(password, 0, strlen(password));
1471 #endif /* HAVE_LIBPAM */
1473 case SSH_CMSG_AUTH_TIS:
1474 /* TIS Authentication is unsupported */
1475 log("TIS authentication disabled.");
1479 /* Any unknown messages will be ignored (and failure returned)
1480 during authentication. */
1481 log("Unknown message during authentication: type %d", type);
1482 break; /* Respond with a failure message. */
1487 if (++authentication_failures >= MAX_AUTH_FAILURES)
1488 packet_disconnect("Too many authentication failures for %.100s from %.200s",
1489 pw->pw_name, get_canonical_hostname());
1490 /* Send a message indicating that the authentication attempt failed. */
1491 packet_start(SSH_SMSG_FAILURE);
1493 packet_write_wait();
1497 do_pam_account_and_session(pw->pw_name, client_user, get_canonical_hostname());
1500 if (client_user != NULL)
1503 if (password != NULL)
1505 memset(password, 0, strlen(password));
1508 #endif /* HAVE_LIBPAM */
1511 /* The user does not exist or access is denied,
1512 but fake indication that authentication is needed. */
1514 do_fake_authloop(char *user)
1516 int authentication_failures = 0;
1518 /* Indicate that authentication is needed. */
1519 packet_start(SSH_SMSG_FAILURE);
1521 packet_write_wait();
1523 /* Keep reading packets, and always respond with a failure. This is to
1524 avoid disclosing whether such a user really exists. */
1527 /* Read a packet. This will not return if the client disconnects. */
1529 int type = packet_read(&plen);
1532 char *password, *skeyinfo;
1533 if (options.password_authentication &&
1534 options.skey_authentication == 1 &&
1535 type == SSH_CMSG_AUTH_PASSWORD &&
1536 (password = packet_get_string(&passw_len)) != NULL &&
1538 strncasecmp(password, "s/key", 5) == 0 &&
1539 (skeyinfo = skey_fake_keyinfo(user)) != NULL ){
1540 /* Send a fake s/key challenge. */
1541 packet_send_debug(skeyinfo);
1544 if (++authentication_failures >= MAX_AUTH_FAILURES)
1545 packet_disconnect("Too many authentication failures for %.100s from %.200s",
1546 user, get_canonical_hostname());
1547 /* Send failure. This should be indistinguishable from a failed
1549 packet_start(SSH_SMSG_FAILURE);
1551 packet_write_wait();
1558 /* Remove local Xauthority file. */
1560 xauthfile_cleanup_proc(void *ignore)
1562 debug("xauthfile_cleanup_proc called");
1564 if (xauthfile != NULL) {
1571 /* Prepares for an interactive session. This is called after the user has
1572 been successfully authenticated. During this message exchange, pseudo
1573 terminals are allocated, X11, TCP/IP, and authentication agent forwardings
1574 are requested, etc. */
1576 void do_authenticated(struct passwd *pw)
1579 int compression_level = 0, enable_compression_after_reply = 0;
1580 int have_pty = 0, ptyfd = -1, ttyfd = -1, xauthfd = -1;
1581 int row, col, xpixel, ypixel, screen;
1583 char *command, *term = NULL, *display = NULL, *proto = NULL, *data = NULL;
1589 /* Cancel the alarm we set to limit the time taken for authentication. */
1592 /* Inform the channel mechanism that we are the server side and that
1593 the client may request to connect to any port at all. (The user could
1594 do it anyway, and we wouldn\'t know what is permitted except by the
1595 client telling us, so we can equally well trust the client not to request
1597 channel_permit_all_opens();
1599 /* We stay in this loop until the client requests to execute a shell or a
1605 /* Get a packet from the client. */
1606 type = packet_read(&plen);
1608 /* Process the packet. */
1611 case SSH_CMSG_REQUEST_COMPRESSION:
1612 packet_integrity_check(plen, 4, type);
1613 compression_level = packet_get_int();
1614 if (compression_level < 1 || compression_level > 9)
1616 packet_send_debug("Received illegal compression level %d.",
1620 /* Enable compression after we have responded with SUCCESS. */
1621 enable_compression_after_reply = 1;
1624 case SSH_CMSG_REQUEST_PTY:
1627 debug("Allocating a pty not permitted for this authentication.");
1631 packet_disconnect("Protocol error: you already have a pty.");
1633 debug("Allocating pty.");
1635 /* Allocate a pty and open it. */
1636 if (!pty_allocate(&ptyfd, &ttyfd, ttyname))
1638 error("Failed to allocate pty.");
1642 /* Determine the group to make the owner of the tty. */
1643 grp = getgrnam("tty");
1646 tty_gid = grp->gr_gid;
1647 tty_mode = S_IRUSR|S_IWUSR|S_IWGRP;
1651 tty_gid = pw->pw_gid;
1652 tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
1655 /* Change ownership of the tty. */
1656 if (chown(ttyname, pw->pw_uid, tty_gid) < 0)
1657 fatal("chown(%.100s, %d, %d) failed: %.100s",
1658 ttyname, pw->pw_uid, tty_gid, strerror(errno));
1659 if (chmod(ttyname, tty_mode) < 0)
1660 fatal("chmod(%.100s, 0%o) failed: %.100s",
1661 ttyname, tty_mode, strerror(errno));
1663 /* Get TERM from the packet. Note that the value may be of arbitrary
1666 term = packet_get_string(&dlen);
1667 packet_integrity_check(dlen, strlen(term), type);
1668 /* packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type); */
1669 /* Remaining bytes */
1670 n_bytes = plen - (4 + dlen + 4*4);
1672 if (strcmp(term, "") == 0)
1675 /* Get window size from the packet. */
1676 row = packet_get_int();
1677 col = packet_get_int();
1678 xpixel = packet_get_int();
1679 ypixel = packet_get_int();
1680 pty_change_window_size(ptyfd, row, col, xpixel, ypixel);
1682 /* Get tty modes from the packet. */
1683 tty_parse_modes(ttyfd, &n_bytes);
1684 packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type);
1686 /* Indicate that we now have a pty. */
1690 case SSH_CMSG_X11_REQUEST_FORWARDING:
1691 if (!options.x11_forwarding)
1693 packet_send_debug("X11 forwarding disabled in server configuration file.");
1697 if (no_x11_forwarding_flag)
1699 packet_send_debug("X11 forwarding not permitted for this authentication.");
1702 debug("Received request for X11 forwarding with auth spoofing.");
1704 packet_disconnect("Protocol error: X11 display already set.");
1706 int proto_len, data_len;
1707 proto = packet_get_string(&proto_len);
1708 data = packet_get_string(&data_len);
1709 packet_integrity_check(plen, 4+proto_len + 4+data_len + 4, type);
1711 if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER)
1712 screen = packet_get_int();
1715 display = x11_create_display_inet(screen);
1719 /* Setup to always have a local .Xauthority. */
1720 xauthfile = xmalloc(MAXPATHLEN);
1721 snprintf(xauthfile, MAXPATHLEN, "/tmp/XauthXXXXXX");
1723 if ((xauthfd = mkstemp(xauthfile)) != -1) {
1724 fchown(xauthfd, pw->pw_uid, pw->pw_gid);
1726 fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
1733 #else /* XAUTH_PATH */
1734 /* No xauth program; we won't accept forwarding with spoofing. */
1735 packet_send_debug("No xauth program; cannot forward with spoofing.");
1737 #endif /* XAUTH_PATH */
1739 case SSH_CMSG_AGENT_REQUEST_FORWARDING:
1740 if (no_agent_forwarding_flag)
1742 debug("Authentication agent forwarding not permitted for this authentication.");
1745 debug("Received authentication agent forwarding request.");
1746 auth_input_request_forwarding(pw);
1749 case SSH_CMSG_PORT_FORWARD_REQUEST:
1750 if (no_port_forwarding_flag)
1752 debug("Port forwarding not permitted for this authentication.");
1755 debug("Received TCP/IP port forwarding request.");
1756 channel_input_port_forward_request(pw->pw_uid == 0);
1759 case SSH_CMSG_EXEC_SHELL:
1760 /* Set interactive/non-interactive mode. */
1761 packet_set_interactive(have_pty || display != NULL,
1762 options.keepalives);
1764 if (forced_command != NULL)
1765 goto do_forced_command;
1766 debug("Forking shell.");
1767 packet_integrity_check(plen, 0, type);
1769 do_exec_pty(NULL, ptyfd, ttyfd, ttyname, pw, term, display, proto,
1772 do_exec_no_pty(NULL, pw, display, proto, data);
1775 case SSH_CMSG_EXEC_CMD:
1776 /* Set interactive/non-interactive mode. */
1777 packet_set_interactive(have_pty || display != NULL,
1778 options.keepalives);
1780 if (forced_command != NULL)
1781 goto do_forced_command;
1782 /* Get command from the packet. */
1785 command = packet_get_string(&dlen);
1786 debug("Executing command '%.500s'", command);
1787 packet_integrity_check(plen, 4 + dlen, type);
1790 do_exec_pty(command, ptyfd, ttyfd, ttyname, pw, term, display,
1793 do_exec_no_pty(command, pw, display, proto, data);
1797 case SSH_CMSG_MAX_PACKET_SIZE:
1798 debug("The server does not support limiting packet size.");
1802 /* Any unknown messages in this phase are ignored, and a failure
1803 message is returned. */
1804 log("Unknown packet type received after authentication: %d", type);
1808 /* The request was successfully processed. */
1809 packet_start(SSH_SMSG_SUCCESS);
1811 packet_write_wait();
1813 /* Enable compression now that we have replied if appropriate. */
1814 if (enable_compression_after_reply)
1816 enable_compression_after_reply = 0;
1817 packet_start_compression(compression_level);
1823 /* The request failed. */
1824 packet_start(SSH_SMSG_FAILURE);
1826 packet_write_wait();
1830 /* There is a forced command specified for this login. Execute it. */
1831 debug("Executing forced command: %.900s", forced_command);
1833 do_exec_pty(forced_command, ptyfd, ttyfd, ttyname, pw, term, display,
1836 do_exec_no_pty(forced_command, pw, display, proto, data);
1841 /* This is called to fork and execute a command when we have no tty. This
1842 will call do_child from the child, and server_loop from the parent after
1843 setting up file descriptors and such. */
1845 void do_exec_no_pty(const char *command, struct passwd *pw,
1846 const char *display, const char *auth_proto,
1847 const char *auth_data)
1852 int pin[2], pout[2], perr[2];
1853 /* Allocate pipes for communicating with the program. */
1854 if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
1855 packet_disconnect("Could not create pipes: %.100s",
1857 #else /* USE_PIPES */
1858 int inout[2], err[2];
1859 /* Uses socket pairs to communicate with the program. */
1860 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
1861 socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
1862 packet_disconnect("Could not create socket pairs: %.100s",
1864 #endif /* USE_PIPES */
1866 setproctitle("%s@notty", pw->pw_name);
1868 /* Fork the child. */
1869 if ((pid = fork()) == 0)
1871 /* Child. Reinitialize the log since the pid has changed. */
1872 log_init(av0, options.log_level, options.log_facility, log_stderr);
1874 /* Create a new session and process group since the 4.4BSD setlogin()
1875 affects the entire process group. */
1877 error("setsid failed: %.100s", strerror(errno));
1880 /* Redirect stdin. We close the parent side of the socket pair,
1881 and make the child side the standard input. */
1883 if (dup2(pin[0], 0) < 0)
1884 perror("dup2 stdin");
1887 /* Redirect stdout. */
1889 if (dup2(pout[1], 1) < 0)
1890 perror("dup2 stdout");
1893 /* Redirect stderr. */
1895 if (dup2(perr[1], 2) < 0)
1896 perror("dup2 stderr");
1898 #else /* USE_PIPES */
1899 /* Redirect stdin, stdout, and stderr. Stdin and stdout will use the
1900 same socket, as some programs (particularly rdist) seem to depend
1904 if (dup2(inout[0], 0) < 0) /* stdin */
1905 perror("dup2 stdin");
1906 if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */
1907 perror("dup2 stdout");
1908 if (dup2(err[0], 2) < 0) /* stderr */
1909 perror("dup2 stderr");
1910 #endif /* USE_PIPES */
1912 /* Do processing for the child (exec command etc). */
1913 do_child(command, pw, NULL, display, auth_proto, auth_data, NULL);
1917 packet_disconnect("fork failed: %.100s", strerror(errno));
1919 /* We are the parent. Close the child sides of the pipes. */
1924 /* Enter the interactive session. */
1925 server_loop(pid, pin[1], pout[0], perr[0]);
1926 /* server_loop has closed pin[1], pout[1], and perr[1]. */
1927 #else /* USE_PIPES */
1928 /* We are the parent. Close the child sides of the socket pairs. */
1932 /* Enter the interactive session. Note: server_loop must be able to handle
1933 the case that fdin and fdout are the same. */
1934 server_loop(pid, inout[1], inout[1], err[1]);
1935 /* server_loop has closed inout[1] and err[1]. */
1936 #endif /* USE_PIPES */
1939 struct pty_cleanup_context
1941 const char *ttyname;
1945 /* Function to perform cleanup if we get aborted abnormally (e.g., due to a
1946 dropped connection). */
1948 void pty_cleanup_proc(void *context)
1950 struct pty_cleanup_context *cu = context;
1952 debug("pty_cleanup_proc called");
1954 /* Record that the user has logged out. */
1955 record_logout(cu->pid, cu->ttyname);
1957 /* Release the pseudo-tty. */
1958 pty_release(cu->ttyname);
1961 /* This is called to fork and execute a command when we have a tty. This
1962 will call do_child from the child, and server_loop from the parent after
1963 setting up file descriptors, controlling tty, updating wtmp, utmp,
1964 lastlog, and other such operations. */
1966 void do_exec_pty(const char *command, int ptyfd, int ttyfd,
1967 const char *ttyname, struct passwd *pw, const char *term,
1968 const char *display, const char *auth_proto,
1969 const char *auth_data)
1972 const char *hostname;
1973 time_t last_login_time;
1974 char buf[100], *time_string;
1979 struct sockaddr_in from;
1981 struct pty_cleanup_context cleanup_context;
1983 /* Get remote host name. */
1984 hostname = get_canonical_hostname();
1986 /* Get the time when the user last logged in. Buf will be set to contain
1987 the hostname the last login was from. */
1988 if(!options.use_login) {
1989 last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
1993 setproctitle("%s@%s", pw->pw_name, strrchr(ttyname, '/') + 1);
1995 /* Fork the child. */
1996 if ((pid = fork()) == 0)
2000 /* Child. Reinitialize the log because the pid has changed. */
2001 log_init(av0, options.log_level, options.log_facility, log_stderr);
2003 /* Close the master side of the pseudo tty. */
2006 /* Make the pseudo tty our controlling tty. */
2007 pty_make_controlling_tty(&ttyfd, ttyname);
2009 /* Redirect stdin from the pseudo tty. */
2010 if (dup2(ttyfd, fileno(stdin)) < 0)
2011 error("dup2 stdin failed: %.100s", strerror(errno));
2013 /* Redirect stdout to the pseudo tty. */
2014 if (dup2(ttyfd, fileno(stdout)) < 0)
2015 error("dup2 stdin failed: %.100s", strerror(errno));
2017 /* Redirect stderr to the pseudo tty. */
2018 if (dup2(ttyfd, fileno(stderr)) < 0)
2019 error("dup2 stdin failed: %.100s", strerror(errno));
2021 /* Close the extra descriptor for the pseudo tty. */
2024 /* Get IP address of client. This is needed because we want to record
2025 where the user logged in from. If the connection is not a socket,
2026 let the ip address be 0.0.0.0. */
2027 memset(&from, 0, sizeof(from));
2028 if (packet_get_connection_in() == packet_get_connection_out())
2030 fromlen = sizeof(from);
2031 if (getpeername(packet_get_connection_in(),
2032 (struct sockaddr *)&from, &fromlen) < 0) {
2033 debug("getpeername: %.100s", strerror(errno));
2038 /* Record that there was a login on that terminal. */
2039 record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
2042 /* Check if .hushlogin exists. */
2043 snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
2044 quiet_login = stat(line, &st) >= 0;
2047 /* output the results of the pamconv() */
2048 if (!quiet_login && pamconv_msg != NULL)
2049 fprintf(stderr, pamconv_msg);
2052 /* If the user has logged in before, display the time of last login.
2053 However, don't display anything extra if a command has been
2054 specified (so that ssh can be used to execute commands on a remote
2055 machine without users knowing they are going to another machine).
2056 Login(1) will do this for us as well, so check if login(1) is used */
2057 if (command == NULL && last_login_time != 0 && !quiet_login &&
2060 /* Convert the date to a string. */
2061 time_string = ctime(&last_login_time);
2062 /* Remove the trailing newline. */
2063 if (strchr(time_string, '\n'))
2064 *strchr(time_string, '\n') = 0;
2065 /* Display the last login time. Host if displayed if known. */
2066 if (strcmp(buf, "") == 0)
2067 printf("Last login: %s\r\n", time_string);
2069 printf("Last login: %s from %s\r\n", time_string, buf);
2072 /* Print /etc/motd unless a command was specified or printing it was
2073 disabled in server options or login(1) will be used. Note that
2074 some machines appear to print it in /etc/profile or similar. */
2075 if (command == NULL && options.print_motd && !quiet_login &&
2078 /* Print /etc/motd if it exists. */
2079 f = fopen("/etc/motd", "r");
2082 while (fgets(line, sizeof(line), f))
2083 fputs(line, stdout);
2088 /* Do common processing for the child, such as execing the command. */
2089 do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
2093 packet_disconnect("fork failed: %.100s", strerror(errno));
2094 /* Parent. Close the slave side of the pseudo tty. */
2097 /* Create another descriptor of the pty master side for use as the standard
2098 input. We could use the original descriptor, but this simplifies code
2099 in server_loop. The descriptor is bidirectional. */
2102 packet_disconnect("dup failed: %.100s", strerror(errno));
2104 /* Add a cleanup function to clear the utmp entry and record logout time
2105 in case we call fatal() (e.g., the connection gets closed). */
2106 cleanup_context.pid = pid;
2107 cleanup_context.ttyname = ttyname;
2108 fatal_add_cleanup(pty_cleanup_proc, (void *)&cleanup_context);
2110 /* Enter interactive session. */
2111 server_loop(pid, ptyfd, fdout, -1);
2112 /* server_loop has not closed ptyfd and fdout. */
2114 /* Cancel the cleanup function. */
2115 fatal_remove_cleanup(pty_cleanup_proc, (void *)&cleanup_context);
2117 /* Record that the user has logged out. */
2118 record_logout(pid, ttyname);
2120 /* Release the pseudo-tty. */
2121 pty_release(ttyname);
2123 /* Close the server side of the socket pairs. We must do this after the
2124 pty cleanup, so that another process doesn't get this pty while we're
2125 still cleaning up. */
2130 /* Sets the value of the given variable in the environment. If the variable
2131 already exists, its value is overriden. */
2133 void child_set_env(char ***envp, unsigned int *envsizep, const char *name,
2136 unsigned int i, namelen;
2139 /* Find the slot where the value should be stored. If the variable already
2140 exists, we reuse the slot; otherwise we append a new slot at the end
2141 of the array, expanding if necessary. */
2143 namelen = strlen(name);
2144 for (i = 0; env[i]; i++)
2145 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=')
2149 /* Name already exists. Reuse the slot. */
2154 /* New variable. Expand the array if necessary. */
2155 if (i >= (*envsizep) - 1)
2158 env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
2161 /* Need to set the NULL pointer at end of array beyond the new
2166 /* Allocate space and format the variable in the appropriate slot. */
2167 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
2168 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
2171 /* Reads environment variables from the given file and adds/overrides them
2172 into the environment. If the file does not exist, this does nothing.
2173 Otherwise, it must consist of empty lines, comments (line starts with '#')
2174 and assignments of the form name=value. No other forms are allowed. */
2176 void read_environment_file(char ***env, unsigned int *envsize,
2177 const char *filename)
2183 /* Open the environment file. */
2184 f = fopen(filename, "r");
2186 return; /* Not found. */
2188 /* Process each line. */
2189 while (fgets(buf, sizeof(buf), f))
2191 /* Skip leading whitespace. */
2192 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
2195 /* Ignore empty and comment lines. */
2196 if (!*cp || *cp == '#' || *cp == '\n')
2199 /* Remove newline. */
2200 if (strchr(cp, '\n'))
2201 *strchr(cp, '\n') = '\0';
2203 /* Find the equals sign. Its lack indicates badly formatted line. */
2204 value = strchr(cp, '=');
2207 fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
2211 /* Replace the equals sign by nul, and advance value to the value
2216 /* Set the value in environment. */
2217 child_set_env(env, envsize, cp, value);
2223 /* Performs common processing for the child, such as setting up the
2224 environment, closing extra file descriptors, setting the user and group
2225 ids, and executing the command or shell. */
2227 void do_child(const char *command, struct passwd *pw, const char *term,
2228 const char *display, const char *auth_proto,
2229 const char *auth_data, const char *ttyname)
2231 const char *shell, *cp = NULL;
2234 unsigned int envsize, i;
2236 extern char **environ;
2240 #ifndef HAVE_LIBPAM /* pam_nologin handles this */
2241 /* Check /etc/nologin. */
2242 f = fopen("/etc/nologin", "r");
2244 { /* /etc/nologin exists. Print its contents and exit. */
2245 while (fgets(buf, sizeof(buf), f))
2248 if (pw->pw_uid != 0)
2251 #endif /* HAVE_LIBPAM */
2253 #ifdef HAVE_SETLOGIN
2254 /* Set login name in the kernel. */
2255 if (setlogin(pw->pw_name) < 0)
2256 error("setlogin failed: %s", strerror(errno));
2257 #endif /* HAVE_SETLOGIN */
2259 /* Set uid, gid, and groups. */
2260 /* Login(1) does this as well, and it needs uid 0 for the "-h" switch,
2261 so we let login(1) to this for us. */
2262 if(!options.use_login) {
2263 if (getuid() == 0 || geteuid() == 0)
2265 if (setgid(pw->pw_gid) < 0)
2270 /* Initialize the group list. */
2271 if (initgroups(pw->pw_name, pw->pw_gid) < 0)
2273 perror("initgroups");
2278 /* Permanently switch to the desired uid. */
2279 permanently_set_uid(pw->pw_uid);
2282 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
2283 fatal("Failed to set uids to %d.", (int)pw->pw_uid);
2286 /* Get the shell from the password data. An empty shell field is legal,
2287 and means /bin/sh. */
2288 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
2291 /* Try to get AFS tokens for the local cell. */
2295 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
2296 krb_afslog(cell, 0);
2302 /* Initialize the environment. In the first part we allocate space for
2303 all environment variables. */
2305 env = xmalloc(envsize * sizeof(char *));
2308 if(!options.use_login) {
2309 /* Set basic environment. */
2310 child_set_env(&env, &envsize, "USER", pw->pw_name);
2311 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
2312 child_set_env(&env, &envsize, "HOME", pw->pw_dir);
2313 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
2315 snprintf(buf, sizeof buf, "%.200s/%.50s",
2316 _PATH_MAILDIR, pw->pw_name);
2317 child_set_env(&env, &envsize, "MAIL", buf);
2319 /* Normal systems set SHELL by default. */
2320 child_set_env(&env, &envsize, "SHELL", shell);
2323 /* Let it inherit timezone if we have one. */
2325 child_set_env(&env, &envsize, "TZ", getenv("TZ"));
2327 /* Set custom environment options from RSA authentication. */
2328 while (custom_environment)
2330 struct envstring *ce = custom_environment;
2333 for (i = 0; s[i] != '=' && s[i]; i++)
2338 child_set_env(&env, &envsize, s, s + i + 1);
2340 custom_environment = ce->next;
2345 /* Set SSH_CLIENT. */
2346 snprintf(buf, sizeof buf, "%.50s %d %d",
2347 get_remote_ipaddr(), get_remote_port(), options.port);
2348 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
2350 /* Set SSH_TTY if we have a pty. */
2352 child_set_env(&env, &envsize, "SSH_TTY", ttyname);
2354 /* Set TERM if we have a pty. */
2356 child_set_env(&env, &envsize, "TERM", term);
2358 /* Set DISPLAY if we have one. */
2360 child_set_env(&env, &envsize, "DISPLAY", display);
2364 extern char *ticket;
2367 child_set_env(&env, &envsize, "KRBTKFILE", ticket);
2372 /* Pull in any environment variables that may have been set by PAM. */
2374 char *equal_sign, var_name[256], var_val[256];
2376 char **pam_env = pam_getenvlist((pam_handle_t *)pamh);
2377 for(this_var = 0; pam_env && pam_env[this_var]; this_var++)
2379 if(strlen(pam_env[this_var]) < (sizeof(var_name) - 1))
2380 if((equal_sign = strstr(pam_env[this_var], "=")) != NULL)
2382 memset(var_name, 0, sizeof(var_name));
2383 memset(var_val, 0, sizeof(var_val));
2384 strncpy(var_name, pam_env[this_var],
2385 equal_sign - pam_env[this_var]);
2386 strcpy(var_val, equal_sign + 1);
2387 child_set_env(&env, &envsize, var_name, var_val);
2391 #endif /* HAVE_LIBPAM */
2393 /* Set XAUTHORITY to always be a local file. */
2395 child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
2397 /* Set variable for forwarded authentication connection, if we have one. */
2398 if (auth_get_socket_name() != NULL)
2399 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
2400 auth_get_socket_name());
2402 /* Read $HOME/.ssh/environment. */
2403 if(!options.use_login) {
2404 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
2405 read_environment_file(&env, &envsize, buf);
2408 /* If debugging, dump the environment to stderr. */
2411 fprintf(stderr, "Environment:\n");
2412 for (i = 0; env[i]; i++)
2413 fprintf(stderr, " %.200s\n", env[i]);
2416 /* Close the connection descriptors; note that this is the child, and the
2417 server will still have the socket open, and it is important that we
2418 do not shutdown it. Note that the descriptors cannot be closed before
2419 building the environment, as we call get_remote_ipaddr there. */
2420 if (packet_get_connection_in() == packet_get_connection_out())
2421 close(packet_get_connection_in());
2424 close(packet_get_connection_in());
2425 close(packet_get_connection_out());
2427 /* Close all descriptors related to channels. They will still remain
2428 open in the parent. */
2429 channel_close_all();
2431 /* Close any extra file descriptors. Note that there may still be
2432 descriptors left by system functions. They will be closed later. */
2436 /* Close any extra open file descriptors so that we don\'t have them
2437 hanging around in clients. Note that we want to do this after
2438 initgroups, because at least on Solaris 2.3 it leaves file descriptors
2440 for (i = 3; i < 64; i++)
2443 /* Change current directory to the user\'s home directory. */
2444 if (chdir(pw->pw_dir) < 0)
2445 fprintf(stderr, "Could not chdir to home directory %s: %s\n",
2446 pw->pw_dir, strerror(errno));
2448 /* Must take new environment into use so that .ssh/rc, /etc/sshrc and
2449 xauth are run in the proper environment. */
2452 /* Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found first
2454 if(!options.use_login) {
2455 if (stat(SSH_USER_RC, &st) >= 0)
2458 fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC);
2460 f = popen("/bin/sh " SSH_USER_RC, "w");
2463 if (auth_proto != NULL && auth_data != NULL)
2464 fprintf(f, "%s %s\n", auth_proto, auth_data);
2468 fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
2471 if (stat(SSH_SYSTEM_RC, &st) >= 0)
2474 fprintf(stderr, "Running /bin/sh %s\n", SSH_SYSTEM_RC);
2476 f = popen("/bin/sh " SSH_SYSTEM_RC, "w");
2479 if (auth_proto != NULL && auth_data != NULL)
2480 fprintf(f, "%s %s\n", auth_proto, auth_data);
2484 fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
2489 /* Add authority data to .Xauthority if appropriate. */
2490 if (auth_proto != NULL && auth_data != NULL)
2493 fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
2494 XAUTH_PATH, display, auth_proto, auth_data);
2496 f = popen(XAUTH_PATH " -q -", "w");
2499 fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
2503 fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
2506 #endif /* XAUTH_PATH */
2508 /* Get the last component of the shell name. */
2509 cp = strrchr(shell, '/');
2516 /* If we have no command, execute the shell. In this case, the shell name
2517 to be passed in argv[0] is preceded by '-' to indicate that this is
2521 if(!options.use_login) {
2524 /* Check for mail if we have a tty and it was enabled in server options. */
2525 if (ttyname && options.check_mail) {
2527 struct stat mailstat;
2528 mailbox = getenv("MAIL");
2529 if(mailbox != NULL) {
2530 if(stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0) {
2531 printf("No mail.\n");
2532 } else if(mailstat.st_mtime < mailstat.st_atime) {
2533 printf("You have mail.\n");
2535 printf("You have new mail.\n");
2539 /* Start the shell. Set initial character to '-'. */
2541 strncpy(buf + 1, cp, sizeof(buf) - 1);
2542 buf[sizeof(buf) - 1] = 0;
2543 /* Execute the shell. */
2546 execve(shell, argv, env);
2547 /* Executing the shell failed. */
2552 /* Launch login(1). */
2554 execl(LOGIN_PROGRAM, "login", "-h", get_remote_ipaddr(), "-p", "-f", "--", pw->pw_name, NULL);
2556 /* Login couldn't be executed, die. */
2563 /* Execute the command using the user's shell. This uses the -c option
2564 to execute the command. */
2565 argv[0] = (char *)cp;
2567 argv[2] = (char *)command;
2569 execve(shell, argv, env);