*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.248 2002/06/22 20:05:27 stevesk Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.257 2002/07/23 16:03:10 stevesk Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
close_listen_socks(void)
{
int i;
+
for (i = 0; i < num_listen_socks; i++)
close(listen_socks[i]);
num_listen_socks = -1;
close_startup_pipes(void)
{
int i;
+
if (startup_pipes)
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
close_listen_socks();
close_startup_pipes();
execv(saved_argv[0], saved_argv);
- log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
+ log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+ strerror(errno));
exit(1);
}
static void
main_sigchld_handler(int sig)
{
- pid_t pid;
int save_errno = errno;
+ pid_t pid;
int status;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
{
/* XXX no idea how fix this signal handler */
- /* Close the connection. */
- packet_close();
-
/* Log error and exit. */
fatal("Timeout before authentication for %s.", get_remote_ipaddr());
}
static void
generate_ephemeral_server_key(void)
{
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
int i;
verbose("Generating %s%d bit RSA key.",
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
if (i % 4 == 0)
- rand = arc4random();
- sensitive_data.ssh1_cookie[i] = rand & 0xff;
- rand >>= 8;
+ rnd = arc4random();
+ sensitive_data.ssh1_cookie[i] = rnd & 0xff;
+ rnd >>= 8;
}
arc4random_stir();
}
key_regeneration_alarm(int sig)
{
int save_errno = errno;
+
signal(SIGALRM, SIG_DFL);
errno = save_errno;
key_do_regen = 1;
if (client_version_string == NULL) {
/* Send our protocol version identification. */
- if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
+ if (atomicio(write, sock_out, server_version_string,
+ strlen(server_version_string))
!= strlen(server_version_string)) {
log("Could not write ident string to %s", get_remote_ipaddr());
fatal_cleanup();
}
}
-
/* Destroy the host and server keys. They will no longer be needed. */
void
destroy_sensitive_data(void)
static void
privsep_preauth_child(void)
{
- u_int32_t rand[256];
- int i;
+ u_int32_t rnd[256];
+ gid_t gidset[1];
struct passwd *pw;
+ int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
for (i = 0; i < 256; i++)
- rand[i] = arc4random();
- RAND_seed(rand, sizeof(rand));
+ rnd[i] = arc4random();
+ RAND_seed(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */
demote_sensitive_data();
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
endpwent();
- /* Change our root directory*/
+ /* Change our root directory */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+#if 0
+ /* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
+#else
+ gidset[0] = pw->pw_gid;
+ if (setgid(pw->pw_gid) < 0)
+ fatal("setgid failed for %u", pw->pw_gid );
+ if (setgroups(1, gidset) < 0)
+ fatal("setgroups: %.100s", strerror(errno));
+ permanently_set_uid(pw);
+#endif
}
-static Authctxt*
+static Authctxt *
privsep_preauth(void)
{
Authctxt *authctxt = NULL;
if (pid == -1) {
fatal("fork of unprivileged child failed");
} else if (pid != 0) {
+ fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
debug2("Network child is on pid %ld", (long)pid);
close(pmonitor->m_recvfd);
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR)
break;
+
+ /* Reinstall, since the child has finished */
+ fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
+
return (authctxt);
} else {
/* child */
/* XXX - Remote port forwarding */
x_authctxt = authctxt;
+#ifdef DISABLE_FD_PASSING
+ if (1) {
+#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
+#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
+ fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
debug2("User child is on pid %ld", (long)pmonitor->m_pid);
close(pmonitor->m_recvfd);
monitor_child_postauth(pmonitor);
get_hostkey_by_type(int type)
{
int i;
+
for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key != NULL && key->type == type)
get_hostkey_index(Key *key)
{
int i;
+
for (i = 0; i < options.num_host_key_files; i++) {
if (key == sensitive_data.host_keys[i])
return (i);
break;
case 'u':
utmp_len = atoi(optarg);
+ if (utmp_len > MAXHOSTNAMELEN) {
+ fprintf(stderr, "Invalid utmp length.\n");
+ exit(1);
+ }
break;
case 'o':
if (process_server_config_line(&options, optarg,
SYSLOG_FACILITY_AUTH : options.log_facility,
!inetd_flag);
-#ifdef _CRAY
+#if defined(_CRAY) && !defined(_CRAYSV2)
/* Cray can define user privs drop all prives now!
* Not needed on PRIV_SU systems!
*/
debug("sshd version %.100s", SSH_VERSION);
/* load private host keys */
- sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
+ sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+ sizeof(Key *));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
sensitive_data.server_key = NULL;
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
- options.server_key_bits <
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
+ SSH_KEY_BITS_RESERVED && options.server_key_bits <
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+ SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+ SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
+
+#ifdef HAVE_CYGWIN
+ if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
+ (st.st_uid != getuid () ||
+ (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
+#else
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+#endif
fatal("Bad owner or mode for %s",
_PATH_PRIVSEP_CHROOT_DIR);
}
u_char session_key[SSH_SESSION_KEY_LENGTH];
u_char cookie[8];
u_int cipher_type, auth_mask, protocol_flags;
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
/*
* Generate check bytes that the client must send back in the user
*/
for (i = 0; i < 8; i++) {
if (i % 4 == 0)
- rand = arc4random();
- cookie[i] = rand & 0xff;
- rand >>= 8;
+ rnd = arc4random();
+ cookie[i] = rnd & 0xff;
+ rnd >>= 8;
}
/*