Stupid djm commits experimental code to head instead of branch

revert
author: Damien Miller <djm@mindrot.org> 2002-03-13 13:19:42 +1100
committer: Damien Miller <djm@mindrot.org> 2002-03-13 13:19:42 +1100
commit: 3a5b0233306a3db3a5db5b9ddc187c55e9b251f4 (patch)
tree: 86478addb63771a9a1be0e13cfbdea9f964f963a
parent: 3225fb454d0e79cf6f824dd00ff478749620277b (diff)
20 files changed, 109 insertions, 561 deletions
diff --git a/Makefile.in b/Makefile.in
index 38c1d381c..31aa8e583 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.198 2002/03/13 01:47:54 djm Exp $
+# $Id: Makefile.in,v 1.199 2002/03/13 02:19:42 djm Exp $
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@@ -50,11 +50,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o monitor_fdpass.c monitor_wrap.c mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o monitor.c monitor_mm.c sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
 MANPAGES        = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out
 MANPAGES_IN     = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1
diff --git a/auth.h b/auth.h
index 9b5b19f6c..c7175405d 100644
--- a/auth.h
+++ b/auth.h
@@ -121,8 +121,8 @@ void	krb5_cleanup_proc(void *authctxt);
 #include "auth-pam.h"
 #include "auth2-pam.h"
-Authctxt *do_authentication(void);
+void    do_authentication(void);
-Authctxt *do_authentication2(void);
+void    do_authentication2(void);
 Authctxt *authctxt_new(void);
 void    auth_log(Authctxt *, int, char *, char *);
diff --git a/auth1.c b/auth1.c
index c52f63897..c2d99895f 100644
--- a/auth1.c
+++ b/auth1.c
@@ -26,13 +26,8 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $");
 #include "session.h"
 #include "misc.h"
 #include "uidswap.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
 /* import */
-extern int use_privsep;
-extern int mm_recvfd;
 extern ServerOptions options;
 /*
@@ -360,13 +355,12 @@ do_authloop(Authctxt *authctxt)
 * Performs authentication of an incoming connection.  Session key has already
 * been exchanged and encryption is enabled.
 */
-Authctxt *
+void
 do_authentication(void)
 {
        Authctxt *authctxt;
-        struct passwd *pw = NULL, *pwent;
+        struct passwd *pw;
        u_int ulen;
-        int allowed;
        char *p, *user, *style = NULL;
        /* Get the name of the user that we wish to log in as. */
@@ -388,26 +382,17 @@ do_authentication(void)
        authctxt->style = style;
        /* Verify that the user is a valid user. */
-        if (!use_privsep) {
+        pw = getpwnam(user);
-                pwent = getpwnam(user);
+        if (pw && allowed_user(pw)) {
-                allowed = pwent ? allowed_user(pwent) : 0;
-        } else
-                pwent = mm_getpwnamallow(mm_recvfd, user, &allowed);
-        if (pwent && allowed) {
                authctxt->valid = 1;
-                pw = pwcopy(pwent);
+                pw = pwcopy(pw);
        } else {
                debug("do_authentication: illegal user %s", user);
                pw = NULL;
        }
-        /* Free memory */
-        if (use_privsep)
-                pwfree(pwent);
        authctxt->pw = pw;
-        setproctitle("%s%s", use_privsep ? " [net]" : "",
+        setproctitle("%s", pw ? user : "unknown");
-            pw ? user : "unknown");
 #ifdef USE_PAM
        start_pam(pw == NULL ? "NOUSER" : user);
@@ -433,5 +418,6 @@ do_authentication(void)
        packet_send();
        packet_write_wait();
-        return (authctxt);
+        /* Perform session preparation. */
+        do_authenticated(authctxt);
 }
diff --git a/auth2.c b/auth2.c
index f661f8d7c..f2a801ecc 100644
--- a/auth2.c
+++ b/auth2.c
@@ -51,13 +51,8 @@ RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
 #include "hostfile.h"
 #include "canohost.h"
 #include "match.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
 /* import */
-extern int use_privsep;
-extern int mm_recvfd;
 extern ServerOptions options;
 extern u_char *session_id2;
 extern int session_id2_len;
@@ -80,8 +75,8 @@ static void input_userauth_request(int, u_int32_t, void *);
 /* helper */
 static Authmethod *authmethod_lookup(const char *);
 static char *authmethods_get(void);
-int user_key_allowed(struct passwd *, Key *);
+static int user_key_allowed(struct passwd *, Key *);
-int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
+static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
 /* auth */
 static void userauth_banner(void);
@@ -114,7 +109,7 @@ Authmethod authmethods[] = {
 * loop until authctxt->success == TRUE
 */
-Authctxt *
+void
 do_authentication2(void)
 {
        Authctxt *authctxt = authctxt_new();
@@ -130,8 +125,7 @@ do_authentication2(void)
        dispatch_init(&dispatch_protocol_error);
        dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
        dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
+        do_authenticated(authctxt);
-        return(authctxt);
 }
 static void
@@ -188,15 +182,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                *style++ = 0;
        if (authctxt->attempt++ == 0) {
-                /* setup auth context */
+                /* setup auth context */
-                int allowed;
                struct passwd *pw = NULL;
-                if (!use_privsep) {
+                pw = getpwnam(user);
-                        pw = getpwnam(user);
+                if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
-                        allowed = pw ? allowed_user(pw) : 0;
-                } else
-                        pw = mm_getpwnamallow(mm_recvfd, user, &allowed);
-                if (pw && allowed && strcmp(service, "ssh-connection")==0) {
                        authctxt->pw = pwcopy(pw);
                        authctxt->valid = 1;
                        debug2("input_userauth_request: setting up authctxt for %s", user);
@@ -209,18 +198,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                        start_pam("NOUSER");
 #endif
                }
-                /* Free memory */
+                setproctitle("%s", pw ? user : "unknown");
-                if (use_privsep)
-                        pwfree(pw);
-                setproctitle("%s%s", use_privsep ? " [net]" : "",
-                    pw ? user : "unknown");
                authctxt->user = xstrdup(user);
                authctxt->service = xstrdup(service);
                authctxt->style = style ? xstrdup(style) : NULL;
-                if (use_privsep)
-                        mm_inform_authserv(mm_recvfd, service, style);
        } else if (strcmp(user, authctxt->user) != 0 ||
            strcmp(service, authctxt->service) != 0) {
                packet_disconnect("Change of username or service not allowed: "
@@ -332,8 +313,6 @@ done:
 static int
 userauth_none(Authctxt *authctxt)
 {
-        int res = 0;
        /* disable method "none", only allowed one time */
        Authmethod *m = authmethod_lookup("none");
        if (m != NULL)
@@ -343,16 +322,18 @@ userauth_none(Authctxt *authctxt)
        if (authctxt->valid == 0)
                return(0);
-        if (!authctxt->valid)
-                return (0);
+#ifdef HAVE_CYGWIN
-        if (use_privsep)
+        if (check_nt_auth(1, authctxt->pw) == 0)
-#if defined(USE_PAM) || defined(HAVE_OSF_SIA)
+                return(0);
-#error NOT IMPLEMENTED FOR PRIVSEP
 #endif
-                res = mm_auth_password(mm_recvfd, "");
+#ifdef USE_PAM
-        else
+        return auth_pam_password(authctxt->pw, "");
-                res = auth_password(authctxt, "");
+#elif defined(HAVE_OSF_SIA)
-        return (res);
+        return 0;
+#else /* !HAVE_OSF_SIA && !USE_PAM */
+        return auth_password(authctxt, "");
+#endif /* USE_PAM */
 }
 static int
@@ -367,16 +348,18 @@ userauth_passwd(Authctxt *authctxt)
                log("password change not supported");
        password = packet_get_string(&len);
        packet_check_eom();
+        if (authctxt->valid &&
-#if defined(HAVE_CYGWIN) || defined(USE_PAM) || defined(HAVE_OSF_SIA)
+#ifdef HAVE_CYGWIN
-#error NOT IMPLEMENTED FOR PRIVSEP
+            check_nt_auth(1, authctxt->pw) &&
 #endif
-        if (authctxt->valid) {
+#ifdef USE_PAM
-                if (use_privsep)
+            auth_pam_password(authctxt->pw, password) == 1)
-                        authenticated = mm_auth_password(mm_recvfd, password);
+#elif defined(HAVE_OSF_SIA)
-                else
+            auth_sia_password(authctxt->user, password) == 1)
-                        authenticated = auth_password(authctxt, password);
+#else /* !USE_PAM && !HAVE_OSF_SIA */
-        }
+            auth_password(authctxt, password) == 1)
+#endif /* USE_PAM */
+                authenticated = 1;
        memset(password, 0, len);
        xfree(password);
        return authenticated;
@@ -484,23 +467,12 @@ userauth_pubkey(Authctxt *authctxt)
                buffer_dump(&b);
 #endif
                /* test for correct signature */
-                authenticated = 0;
+                if (user_key_allowed(authctxt->pw, key) &&
-                if (use_privsep) {
+                    key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
-                        if (mm_user_key_allowed(mm_recvfd, key) &&
+                        authenticated = 1;
-                            mm_key_verify(mm_recvfd,
-                                MM_USERKEY, NULL, NULL, key, sig, slen,
-                                buffer_ptr(&b), buffer_len(&b)) == 1)
-                                authenticated = 1;
-                } else {
-                        if (user_key_allowed(authctxt->pw, key) &&
-                            key_verify(key, sig, slen, buffer_ptr(&b),
-                                buffer_len(&b)) == 1)
-                                authenticated = 1;
-                }
                buffer_clear(&b);
                xfree(sig);
        } else {
-                int res = 0;
                debug("test whether pkalg/pkblob are acceptable");
                packet_check_eom();
@@ -512,11 +484,7 @@ userauth_pubkey(Authctxt *authctxt)
                 * if a user is not allowed to login. is this an
                 * issue? -markus
                 */
-                if (use_privsep)
+                if (user_key_allowed(authctxt->pw, key)) {
-                        res = mm_user_key_allowed(mm_recvfd, key);
-                else
-                        res = user_key_allowed(authctxt->pw, key);
-                if (res) {
                        packet_start(SSH2_MSG_USERAUTH_PK_OK);
                        packet_put_string(pkalg, alen);
                        packet_put_string(pkblob, blen);
@@ -604,18 +572,9 @@ userauth_hostbased(Authctxt *authctxt)
        buffer_dump(&b);
 #endif
        /* test for allowed key and correct signature */
-        authenticated = 0;
+        if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
-        if (use_privsep) {
+            key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
-                if (mm_hostbased_key_allowed(mm_recvfd, cuser, chost, key) &&
+                authenticated = 1;
-                    mm_key_verify(mm_recvfd, MM_HOSTKEY, cuser, chost, key,
-                        sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
-                        authenticated = 1;
-        } else {
-                if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
-                    key_verify(key, sig, slen, buffer_ptr(&b),
-                        buffer_len(&b)) == 1)
-                        authenticated = 1;
-        }
        buffer_clear(&b);
 done:
@@ -771,7 +730,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 }
 /* check whether given key is in .ssh/authorized_keys* */
-int
+static int
 user_key_allowed(struct passwd *pw, Key *key)
 {
        int success;
@@ -791,7 +750,7 @@ user_key_allowed(struct passwd *pw, Key *key)
 }
 /* return 1 if given hostkey is allowed */
-int
+static int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
    Key *key)
 {
diff --git a/bufaux.c b/bufaux.c
index 64b9a26e9..23bc0c814 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -221,8 +221,6 @@ buffer_put_string(Buffer *buffer, const void *buf, u_int len)
 void
 buffer_put_cstring(Buffer *buffer, const char *s)
 {
-        if (s == NULL)
-                fatal("buffer_put_cstring: s == NULL");
        buffer_put_string(buffer, s, strlen(s));
 }
diff --git a/cipher.c b/cipher.c
index 5ddf819c4..9e8f42f5e 100644
--- a/cipher.c
+++ b/cipher.c
@@ -541,43 +541,3 @@ evp_rijndael(void)
 #endif
        return (&rijndal_cbc);
 }
-/* 
- * Exports an IV from the CipherContext required to export the key
- * state back from the unprivileged child to the privileged parent
- * process.
- */
-void
-cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
-{
-        Cipher *c = cc->cipher;
-        u_char *civ = NULL;
-        int evplen;
-        switch (c->number) {
-        case SSH_CIPHER_SSH2:
-                evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
-                if (evplen == 0)
-                        return;
-                if (evplen != len)
-                        fatal("%s: wrong iv length %d != %d", __FUNCTION__,
-                            evplen, len);
-                if (strncmp(c->name, "aes", 3) == 0) {
-                        struct ssh_rijndael_ctx *aesc;
-                        aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
-                        if (aesc == NULL)
-                                fatal("ssh_rijndael_cbc: no context");
-                        civ = aesc->r_iv;
-                } else {
-                        civ = cc->evp.iv;
-                }
-                break;
-        default:
-                fatal("%s: bad cipher %d", __FUNCTION__, c->number);
-        }
-        memcpy(iv, civ, len);
-}
diff --git a/cipher.h b/cipher.h
index c7724469b..b3b0303c7 100644
--- a/cipher.h
+++ b/cipher.h
@@ -81,6 +81,4 @@ void	 cipher_cleanup(CipherContext *);
 void     cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
 u_int    cipher_blocksize(Cipher *);
 u_int    cipher_keylen(Cipher *);
-void     cipher_get_keyiv(CipherContext *, u_char *, u_int);
 #endif                          /* CIPHER_H */
diff --git a/compress.c b/compress.c
index dec96ba55..3badbf452 100644
--- a/compress.c
+++ b/compress.c
@@ -19,8 +19,8 @@ RCSID("$OpenBSD: compress.c,v 1.17 2001/12/29 21:56:01 stevesk Exp $");
 #include "zlib.h"
 #include "compress.h"
-z_stream incoming_stream;
+static z_stream incoming_stream;
-z_stream outgoing_stream;
+static z_stream outgoing_stream;
 static int compress_init_send_called = 0;
 static int compress_init_recv_called = 0;
diff --git a/kex.c b/kex.c
index e5c0b0d00..bf8fd95b4 100644
--- a/kex.c
+++ b/kex.c
@@ -43,10 +43,6 @@ RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $");
 #define KEX_COOKIE_LEN  16
-/* Use privilege separation for sshd */
-int use_privsep;
-int mm_recvfd;
 /* prototype */
 static void kex_kexinit_finish(Kex *);
 static void kex_choose_conf(Kex *);
diff --git a/kex.h b/kex.h
index c99afaec0..755bf332a 100644
--- a/kex.h
+++ b/kex.h
@@ -111,7 +111,6 @@ struct Kex {
        char    *server_version_string;
        int     (*verify_host_key)(Key *);
        Key     *(*load_host_key)(int);
-        int     (*host_key_index)(Key *);
 };
 Kex     *kex_setup(char *[PROPOSAL_MAX]);
diff --git a/kexdh.c b/kexdh.c
index 6256722ff..eaf497ca7 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -37,12 +37,6 @@ RCSID("$OpenBSD: kexdh.c,v 1.17 2002/02/28 15:46:33 markus Exp $");
 #include "packet.h"
 #include "dh.h"
 #include "ssh2.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
-/* Imports */
-extern int use_privsep;
-extern int mm_recvfd;
 static u_char *
 kex_dh_hash(
@@ -281,12 +275,7 @@ kexdh_server(Kex *kex)
        /* sign H */
        /* XXX hashlen depends on KEX */
-        if (use_privsep)
+        key_sign(server_host_key, &signature, &slen, hash, 20);
-                mm_key_sign(mm_recvfd,
-                    kex->host_key_index(server_host_key),
-                    &signature, &slen, hash, 20);
-        else
-                key_sign(server_host_key, &signature, &slen, hash, 20);
        /* destroy_sensitive_data(); */
diff --git a/kexgex.c b/kexgex.c
index 3c811f337..61896e6ed 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -38,12 +38,6 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $");
 #include "dh.h"
 #include "ssh2.h"
 #include "compat.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
-/* Imports */
-extern int use_privsep;
-extern int mm_recvfd;
 static u_char *
 kexgex_hash(
@@ -302,11 +296,7 @@ kexgex_server(Kex *kex)
                fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
                    min, nbits, max);
-        /* Contact privileged parent */
+        dh = choose_dh(min, nbits, max);
-        if (use_privsep)
-                dh = mm_choose_dh(mm_recvfd, min, nbits, max);
-        else
-                dh = choose_dh(min, nbits, max);
        if (dh == NULL)
                packet_disconnect("Protocol error: no matching DH grp found");
@@ -389,11 +379,7 @@ kexgex_server(Kex *kex)
        /* sign H */
        /* XXX hashlen depends on KEX */
-        if (use_privsep)
+        key_sign(server_host_key, &signature, &slen, hash, 20);
-                mm_key_sign(mm_recvfd, kex->host_key_index(server_host_key),
-                    &signature, &slen, hash, 20);
-        else
-                key_sign(server_host_key, &signature, &slen, hash, 20);
        /* destroy_sensitive_data(); */
@@ -404,7 +390,6 @@ kexgex_server(Kex *kex)
        packet_put_bignum2(dh->pub_key);        /* f */
        packet_put_string(signature, slen);
        packet_send();
        xfree(signature);
        xfree(server_host_key_blob);
        /* have keys, free DH */
diff --git a/key.c b/key.c
index fb6bff95b..cda91571a 100644
--- a/key.c
+++ b/key.c
@@ -801,46 +801,3 @@ key_verify(
                break;
        }
 }
-/* Converts a private to a public key */
-Key *
-key_demote(Key *k)
-{
-        Key *pk;
-        
-        pk = xmalloc(sizeof(*pk));
-        pk->type = k->type;
-        pk->flags = k->flags;
-        pk->dsa = NULL;
-        pk->rsa = NULL;
-        switch (k->type) {
-        case KEY_RSA1:
-        case KEY_RSA:
-                if ((pk->rsa = RSA_new()) == NULL)
-                        fatal("key_demote: RSA_new failed");
-                if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
-                        fatal("key_demote: BN_dup failed");
-                if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
-                        fatal("key_demote: BN_dup failed");
-                break;
-        case KEY_DSA:
-                if ((pk->dsa = DSA_new()) == NULL)
-                        fatal("key_demote: DSA_new failed");
-                if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
-                        fatal("key_demote: BN_dup failed");
-                if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
-                        fatal("key_demote: BN_dup failed");
-                if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
-                        fatal("key_demote: BN_dup failed");
-                if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
-                        fatal("key_demote: BN_dup failed");
-                break;
-        default:
-                fatal("key_free: bad key type %d", k->type);
-                break;
-        }
-        return (pk);
-}
diff --git a/key.h b/key.h
index bc8b3d06b..a2257731a 100644
--- a/key.h
+++ b/key.h
@@ -58,7 +58,6 @@ struct Key {
 Key     *key_new(int);
 Key     *key_new_private(int);
 void     key_free(Key *);
-Key     *key_demote(Key *);
 int      key_equal(Key *, Key *);
 char    *key_fingerprint(Key *, enum fp_type, enum fp_rep);
 char    *key_type(Key *);
diff --git a/packet.c b/packet.c
index 1c80af128..045d5a105 100644
--- a/packet.c
+++ b/packet.c
@@ -115,8 +115,6 @@ static int interactive_mode = 0;
 /* Session key information for Encryption and MAC */
 Newkeys *newkeys[MODE_MAX];
-static u_int32_t read_seqnr = 0;
-static u_int32_t send_seqnr = 0;
 /* roundup current message to extra_pad bytes */
 static u_char extra_pad = 0;
@@ -173,87 +171,6 @@ packet_connection_is_on_socket(void)
        return 1;
 }
-/* 
- * Exports an IV from the CipherContext required to export the key
- * state back from the unprivileged child to the privileged parent
- * process.
- */
-void
-packet_get_keyiv(int mode, u_char *iv, u_int len)
-{
-        CipherContext *cc;
-        if (mode == MODE_OUT)
-                cc = &send_context;
-        else
-                cc = &receive_context;
-        cipher_get_keyiv(cc, iv, len);
-}
-int
-packet_get_keycontext(int mode, u_char *dat)
-{
-        int plen;
-        CipherContext *cc;
-        
-        if (mode == MODE_OUT)
-                cc = &send_context;
-        else
-                cc = &receive_context;
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-        plen = sizeof(cc->evp.c);
-#else
-        plen = cc->evp.cipher->ctx_size;
-#endif
-        if (dat == NULL)
-                return (plen);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-        memcpy(dat, &cc->evp.c, sizeof(cc->evp.c));
-#else
-        memcpy(dat, &cc->evp.cipher_data, plen);
-#endif
-        return (plen);
-}
-void
-packet_set_keycontext(int mode, u_char *dat)
-{
-        CipherContext *cc;
-        
-        if (mode == MODE_OUT)
-                cc = &send_context;
-        else
-                cc = &receive_context;
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-        memcpy(&cc->evp.c, dat, sizeof(cc->evp.c));
-#else
-        memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size);
-#endif
-}
-u_int32_t
-packet_get_seqnr(int mode)
-{
-        return (mode == MODE_IN ? read_seqnr : send_seqnr);
-}
-void
-packet_set_seqnr(int mode, u_int32_t seqnr)
-{
-        if (mode == MODE_IN)
-                read_seqnr = seqnr;
-        else if (mode == MODE_OUT)
-                send_seqnr = seqnr;
-        else
-                fatal("%s: bad mode %d", __FUNCTION__, mode);
-}
 /* returns 1 if connection is via ipv4 */
 int
@@ -516,7 +433,7 @@ packet_send1(void)
         */
 }
-void
+static void
 set_newkeys(int mode)
 {
        Enc *enc;
@@ -560,9 +477,8 @@ set_newkeys(int mode)
        DBG(debug("cipher_init_context: %d", mode));
        cipher_init(cc, enc->cipher, enc->key, enc->key_len,
            enc->iv, enc->block_size, encrypt);
-        /* Deleting the keys does not gain extra security */
+        memset(enc->iv,  0, enc->block_size);
-        /* memset(enc->iv,  0, enc->block_size);
+        memset(enc->key, 0, enc->key_len);
-           memset(enc->key, 0, enc->key_len); */
        if (comp->type != 0 && comp->enabled == 0) {
                packet_init_compression();
                if (mode == MODE_OUT)
@@ -579,6 +495,7 @@ set_newkeys(int mode)
 static void
 packet_send2(void)
 {
+        static u_int32_t seqnr = 0;
        u_char type, *cp, *macbuf = NULL;
        u_char padlen, pad;
        u_int packet_length = 0;
@@ -659,10 +576,10 @@ packet_send2(void)
        /* compute MAC over seqnr and packet(length fields, payload, padding) */
        if (mac && mac->enabled) {
-                macbuf = mac_compute(mac, send_seqnr,
+                macbuf = mac_compute(mac, seqnr,
                    buffer_ptr(&outgoing_packet),
                    buffer_len(&outgoing_packet));
-                DBG(debug("done calc MAC out #%d", send_seqnr));
+                DBG(debug("done calc MAC out #%d", seqnr));
        }
        /* encrypt packet and append to output buffer. */
        cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
@@ -676,7 +593,7 @@ packet_send2(void)
        buffer_dump(&output);
 #endif
        /* increment sequence number for outgoing packets */
-        if (++send_seqnr == 0)
+        if (++seqnr == 0)
                log("outgoing seqnr wraps around");
        buffer_clear(&outgoing_packet);
@@ -866,6 +783,7 @@ packet_read_poll1(void)
 static int
 packet_read_poll2(u_int32_t *seqnr_p)
 {
+        static u_int32_t seqnr = 0;
        static u_int packet_length = 0;
        u_int padlen, need;
        u_char *macbuf, *cp, type;
@@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p)
         * increment sequence number for incoming packet
         */
        if (mac && mac->enabled) {
-                macbuf = mac_compute(mac, read_seqnr,
+                macbuf = mac_compute(mac, seqnr,
                    buffer_ptr(&incoming_packet),
                    buffer_len(&incoming_packet));
                if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
                        packet_disconnect("Corrupted MAC on input.");
-                DBG(debug("MAC #%d ok", read_seqnr));
+                DBG(debug("MAC #%d ok", seqnr));
                buffer_consume(&input, mac->mac_len);
        }
        if (seqnr_p != NULL)
-                *seqnr_p = read_seqnr;
+                *seqnr_p = seqnr;
-        if (++read_seqnr == 0)
+        if (++seqnr == 0)
                log("incoming seqnr wraps around");
        /* get padlen */
diff --git a/packet.h b/packet.h
index b87a03cf8..d6bf2aab4 100644
--- a/packet.h
+++ b/packet.h
@@ -56,13 +56,6 @@ void	*packet_get_string(u_int *length_ptr);
 void     packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
 void     packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void     set_newkeys(int mode);
-void     packet_get_keyiv(int, u_char *, u_int);
-int      packet_get_keycontext(int, u_char *);
-void     packet_set_keycontext(int, u_char *);
-u_int32_t packet_get_seqnr(int);
-void     packet_set_seqnr(int, u_int32_t);
 void     packet_write_poll(void);
 void     packet_write_wait(void);
 int      packet_have_data_to_write(void);
diff --git a/servconf.c b/servconf.c
index c3f1253e8..9bbd994ca 100644
--- a/servconf.c
+++ b/servconf.c
@@ -36,8 +36,6 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short);
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
-/* Use of privilege separation or not */
-extern int use_privsep;
 /* Initializes the server options to their default values. */
@@ -112,9 +110,6 @@ initialize_server_options(ServerOptions *options)
        options->client_alive_count_max = -1;
        options->authorized_keys_file = NULL;
        options->authorized_keys_file2 = NULL;
-        /* Needs to be accessable in many places */
-        use_privsep = -1;
 }
 void
@@ -240,10 +235,6 @@ fill_default_server_options(ServerOptions *options)
        }
        if (options->authorized_keys_file == NULL)
                options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
-        /* Turn privilege separation on by default */
-        if (use_privsep == -1)
-                use_privsep = 1;
 }
 /* Keyword tokens. */
@@ -276,7 +267,6 @@ typedef enum {
        sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
-        sUsePrivilegeSeparation,
        sDeprecated
 } ServerOpCodes;
@@ -352,7 +342,6 @@ static struct {
        { "clientalivecountmax", sClientAliveCountMax },
        { "authorizedkeysfile", sAuthorizedKeysFile },
        { "authorizedkeysfile2", sAuthorizedKeysFile2 },
-        { "useprivilegeseparation", sUsePrivilegeSeparation},
        { NULL, sBadOption }
 };
@@ -729,10 +718,6 @@ parse_flag:
                intptr = &options->allow_tcp_forwarding;
                goto parse_flag;
-        case sUsePrivilegeSeparation:
-                intptr = &use_privsep;
-                goto parse_flag;
        case sAllowUsers:
                while ((arg = strdelim(&cp)) && *arg != '\0') {
                        if (options->num_allow_users >= MAX_ALLOW_USERS)
diff --git a/session.c b/session.c
index 17227c9ff..a31ff85d8 100644
--- a/session.c
+++ b/session.c
@@ -56,8 +56,6 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
 #include "serverloop.h"
 #include "canohost.h"
 #include "session.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
 #ifdef HAVE_CYGWIN
 #include <windows.h>
@@ -65,15 +63,39 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
 #define is_winnt       (GetVersion() < 0x80000000)
 #endif
-/* Imports */
+/* types */
-extern int use_privsep;
-extern int mm_recvfd;
+#define TTYSZ 64
+typedef struct Session Session;
+struct Session {
+        int     used;
+        int     self;
+        struct passwd *pw;
+        Authctxt *authctxt;
+        pid_t   pid;
+        /* tty */
+        char    *term;
+        int     ptyfd, ttyfd, ptymaster;
+        int     row, col, xpixel, ypixel;
+        char    tty[TTYSZ];
+        /* X11 */
+        int     display_number;
+        char    *display;
+        int     screen;
+        char    *auth_display;
+        char    *auth_proto;
+        char    *auth_data;
+        int     single_connection;
+        /* proto 2 */
+        int     chanid;
+        int     is_subsystem;
+};
 /* func */
 Session *session_new(void);
 void    session_set_fds(Session *, int, int, int);
-void    session_pty_cleanup(void *);
+static void     session_pty_cleanup(void *);
 void    session_proctitle(Session *);
 int     session_setup_x11fwd(Session *);
 void    do_exec_pty(Session *, const char *);
@@ -90,6 +112,7 @@ int	check_quietlogin(Session *, const char *);
 static void do_authenticated1(Authctxt *);
 static void do_authenticated2(Authctxt *);
+static void session_close(Session *);
 static int session_pty_req(Session *);
 /* import */
@@ -1425,8 +1448,7 @@ session_pty_req(Session *s)
 {
        u_int len;
        int n_bytes;
-        int res;
-        
        if (no_pty_flag) {
                debug("Allocating a pty not permitted for this authentication.");
                return 0;
@@ -1455,15 +1477,7 @@ session_pty_req(Session *s)
        /* Allocate a pty and open it. */
        debug("Allocating pty.");
-        if (!use_privsep) {
+        if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) {
-                res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
-                        sizeof(s->tty));
-                if (res)
-                        pty_setowner(s->pw, s->tty);
-        } else 
-                res = mm_pty_allocown(mm_recvfd,
-                    &s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
-        if (!res) {
                if (s->term)
                        xfree(s->term);
                s->term = NULL;
@@ -1484,6 +1498,7 @@ session_pty_req(Session *s)
         * time in case we call fatal() (e.g., the connection gets closed).
         */
        fatal_add_cleanup(session_pty_cleanup, (void *)s);
+        pty_setowner(s->pw, s->tty);
        /* Set window size from the packet. */
        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
@@ -1646,7 +1661,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
 * Function to perform pty cleanup. Also called if we get aborted abnormally
 * (e.g., due to a dropped connection).
 */
-void
+static void
 session_pty_cleanup(void *session)
 {
        Session *s = session;
@@ -1724,7 +1739,7 @@ session_exit_message(Session *s, int status)
        s->chanid = -1;
 }
-void
+static void
 session_close(Session *s)
 {
        debug("session_close: session %d pid %d", s->self, s->pid);
diff --git a/session.h b/session.h
index e3123beed..ec8284a5f 100644
--- a/session.h
+++ b/session.h
@@ -26,32 +26,6 @@
 #ifndef SESSION_H
 #define SESSION_H
-#define TTYSZ 64
-typedef struct Session Session;
-struct Session {
-        int     used;
-        int     self;
-        struct passwd *pw;
-        Authctxt *authctxt;
-        pid_t   pid;
-        /* tty */
-        char    *term;
-        int     ptyfd, ttyfd, ptymaster;
-        int     row, col, xpixel, ypixel;
-        char    tty[TTYSZ];
-        /* X11 */
-        int     display_number;
-        char    *display;
-        int     screen;
-        char    *auth_display;
-        char    *auth_proto;
-        char    *auth_data;
-        int     single_connection;
-        /* proto 2 */
-        int     chanid;
-        int     is_subsystem;
-};
 void     do_authenticated(Authctxt *);
 int      session_open(Authctxt*, int);
@@ -60,6 +34,4 @@ void	 session_close_by_pid(pid_t, int);
 void     session_close_by_channel(int, void *);
 void     session_destroy_all(void);
-Session *session_new(void);
-void     session_close(Session *);
 #endif
diff --git a/sshd.c b/sshd.c
index cbe316087..ea9293251 100644
--- a/sshd.c
+++ b/sshd.c
@@ -72,11 +72,6 @@ RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $");
 #include "misc.h"
 #include "dispatch.h"
 #include "channels.h"
-#include "session.h"
-#include "monitor_mm.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
-#include "monitor_fdpass.h"
 #ifdef LIBWRAP
 #include <tcpd.h>
@@ -194,20 +189,8 @@ u_int utmp_len = MAXHOSTNAMELEN;
 int *startup_pipes = NULL;
 int startup_pipe;               /* in child */
-/* variables used for privilege separation */
-#define MM_MEMSIZE      65536
-struct mm_master *mm_zback;
-struct mm_master *mm_zlib;
-extern int use_privsep;
-/* Socket for the child to receive a fd */
-extern int mm_recvfd;
-/* Socket for the parent to send a fd */
-int mm_sendfd;
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
-void demote_sensitive_data(void);
 static void do_ssh1_kex(void);
 static void do_ssh2_kex(void);
@@ -494,69 +477,6 @@ destroy_sensitive_data(void)
        memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
 }
-/* Demote private to public keys for network child */
-void
-demote_sensitive_data(void)
-{
-        Key *tmp;
-        int i;
-        if (sensitive_data.server_key) {
-                tmp = key_demote(sensitive_data.server_key);
-                key_free(sensitive_data.server_key);
-                sensitive_data.server_key = tmp;
-        }
-        for (i = 0; i < options.num_host_key_files; i++) {
-                if (sensitive_data.host_keys[i]) {
-                        tmp = key_demote(sensitive_data.host_keys[i]);
-                        key_free(sensitive_data.host_keys[i]);
-                        sensitive_data.host_keys[i] = tmp;
-                }
-        }
-        /* We do not clear ssh1_host key and cookie.  XXX - Okay Niels? */
-}
-void
-privsep_postauth(Authctxt *authctxt)
-{
-        pid_t pid;
-        if (0) {
-                /* File descriptor passing is broken */
-                mm_apply_keystate(mm_zlib);
-                use_privsep = 0;
-                return;
-        }
-        pid = fork();
-        if (pid == -1)
-                fatal("fork of unprivileged child failed");
-        else if (pid != 0) {
-                debug2("User child is on pid %d", pid);
-                close(mm_recvfd);
-                monitor_child_postauth(mm_sendfd);
-                /* Teardown? */
-                exit(0);
-        }
-        close(mm_sendfd);
-        /* Demote the private keys to public keys. */
-        demote_sensitive_data();
-        /* Drop privileges */
-        if (seteuid(authctxt->pw->pw_uid) == -1)
-                fatal("%s: seteuid", __FUNCTION__);
-        if (setuid(authctxt->pw->pw_uid) == -1)
-                fatal("%s: setuid", __FUNCTION__);
-        /* It is safe now to apply the key state */
-        mm_apply_keystate(mm_zlib);
-}
 static char *
 list_hostkey_types(void)
 {
@@ -598,25 +518,6 @@ get_hostkey_by_type(int type)
        return NULL;
 }
-Key *
-get_hostkey_by_index(int ind)
-{
-        if (ind < 0 || ind >= options.num_host_key_files)
-                return (NULL);
-        return (sensitive_data.host_keys[ind]);
-}
-int
-get_hostkey_index(Key *key)
-{
-        int i;
-        for (i = 0; i < options.num_host_key_files; i++) {
-                if (key == sensitive_data.host_keys[i])
-                        return (i);
-        }
-        return (-1);
-}
 /*
 * returns 1 if connection should be dropped, 0 otherwise.
 * dropping starts at connection #max_startups_begin with a probability
@@ -693,8 +594,6 @@ main(int ac, char **av)
        int listen_sock, maxfd;
        int startup_p[2];
        int startups = 0;
-        Authctxt *authctxt;
-        int sp[2];
        Key *key;
        int ret, key_used = 0;
@@ -1332,84 +1231,23 @@ main(int ac, char **av)
        packet_set_nonblocking();
-        if (!use_privsep)
-                goto skip_privilegeseparation;
-                
-        /* Set up unprivileged child process to deal with network data */
-        monitor_socketpair(sp);
-        mm_recvfd = sp[0];
-        mm_sendfd = sp[1];
-        /* Used to share zlib space across processes */
-        mm_zback = mm_create(NULL, MM_MEMSIZE);
-        mm_zlib = mm_create(mm_zback, 20 * MM_MEMSIZE);
-        /* Compression needs to share state across borders */
-        mm_init_compression(mm_zlib);
-        pid = fork();
-        if (pid == -1)
-                fatal("fork of unprivileged child failed");
-        else if (pid != 0) {
-                debug2("Network child is on pid %d", pid);
-                authctxt = monitor_child_preauth(mm_sendfd);
-                /* The member allocation is not visible, so sync it */
-                mm_share_sync(&mm_zlib, &mm_zback);
-                goto authenticated;
-        } else {
-                /* Demote the private keys to public keys. */
-                demote_sensitive_data();
-                /* Change our root directory - /var/empty is standard*/
-                if (chroot("/var/empty") == -1)
-                        fatal("chroot(/var/empty)");
-                if (chdir("/") == -1)
-                        fatal("chdir(/)");
-                
-                /* Drop our privileges */
-                seteuid(32767); /* XXX - Niels */
-                setuid(32767);
-        }               
- skip_privilegeseparation:
        /* perform the key exchange */
        /* authenticate user and start session */
        if (compat20) {
                do_ssh2_kex();
-                authctxt = do_authentication2();
+                do_authentication2();
-                if (use_privsep)
-                        mm_send_keystate(mm_recvfd);
        } else {
                do_ssh1_kex();
-                authctxt = do_authentication();
+                do_authentication();
        }
+        /* The connection has been terminated. */
-        /* If we use privilege separation, the unprivileged child exits */
+        verbose("Closing connection to %.100s", remote_ip);
-        if (use_privsep)
-                exit(0);
- authenticated:
-        /* 
-         * In privilege separation, we fork another child and prepare
-         * file descriptor passing.
-         */
-        if (use_privsep)
-                privsep_postauth(authctxt);
-        /* Perform session preparation. */
-        do_authenticated(authctxt);
 #ifdef USE_PAM
        finish_pam();
 #endif /* USE_PAM */
        packet_close();
-        if (use_privsep)
-                mm_terminate(mm_recvfd);
        exit(0);
 }
@@ -1615,6 +1453,8 @@ do_ssh1_kex(void)
                for (i = 0; i < 16; i++)
                        session_id[i] = session_key[i] ^ session_key[i + 16];
        }
+        /* Destroy the private and public keys.  They will no longer be needed. */
+        destroy_sensitive_data();
        /* Destroy the decrypted integer.  It is no longer needed. */
        BN_clear_free(session_key_int);
@@ -1662,7 +1502,6 @@ do_ssh2_kex(void)
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;
        kex->load_host_key=&get_hostkey_by_type;
-        kex->host_key_index=&get_hostkey_index;
        xxx_kex = kex;
author	Damien Miller <djm@mindrot.org>	2002-03-13 13:19:42 +1100
committer	Damien Miller <djm@mindrot.org>	2002-03-13 13:19:42 +1100
commit	3a5b0233306a3db3a5db5b9ddc187c55e9b251f4 (patch)
tree	86478addb63771a9a1be0e13cfbdea9f964f963a
parent	3225fb454d0e79cf6f824dd00ff478749620277b (diff)