summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-02-21 11:57:14 +0000
committerColin Watson <cjwatson@debian.org>2020-02-21 14:27:02 +0000
commit886e47e745586c34e81cfd5c5fb9b5dbc8e84d04 (patch)
treedd6c3b4dc64a17c520af7aaf213163f8a0a63e56 /sshd.c
parentac2b4c0697fcac554041ab95f81736887eadf6ec (diff)
parenta2dabf35ce0228c86a288d11cc847a9d9801604f (diff)
New upstream release (8.2p1)
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c228
1 files changed, 126 insertions, 102 deletions
diff --git a/sshd.c b/sshd.c
index 5e7679a33..c069505a0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: sshd.c,v 1.549 2020/01/31 23:13:04 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -126,10 +126,7 @@
126#include "auth-options.h" 126#include "auth-options.h"
127#include "version.h" 127#include "version.h"
128#include "ssherr.h" 128#include "ssherr.h"
129 129#include "sk-api.h"
130#ifdef USE_SECURITY_SESSION_API
131#include <Security/AuthSession.h>
132#endif
133 130
134#ifdef LIBWRAP 131#ifdef LIBWRAP
135#include <tcpd.h> 132#include <tcpd.h>
@@ -265,6 +262,9 @@ struct sshauthopt *auth_opts = NULL;
265/* sshd_config buffer */ 262/* sshd_config buffer */
266struct sshbuf *cfg; 263struct sshbuf *cfg;
267 264
265/* Included files from the configuration file */
266struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);
267
268/* message to be displayed after login */ 268/* message to be displayed after login */
269struct sshbuf *loginmsg; 269struct sshbuf *loginmsg;
270 270
@@ -276,6 +276,8 @@ void destroy_sensitive_data(void);
276void demote_sensitive_data(void); 276void demote_sensitive_data(void);
277static void do_ssh2_kex(struct ssh *); 277static void do_ssh2_kex(struct ssh *);
278 278
279static char *listener_proctitle;
280
279/* 281/*
280 * Close all listening sockets 282 * Close all listening sockets
281 */ 283 */
@@ -310,10 +312,7 @@ close_startup_pipes(void)
310static void 312static void
311sighup_handler(int sig) 313sighup_handler(int sig)
312{ 314{
313 int save_errno = errno;
314
315 received_sighup = 1; 315 received_sighup = 1;
316 errno = save_errno;
317} 316}
318 317
319/* 318/*
@@ -330,7 +329,7 @@ sighup_restart(void)
330 close_listen_socks(); 329 close_listen_socks();
331 close_startup_pipes(); 330 close_startup_pipes();
332 alarm(0); /* alarm timer persists across exec */ 331 alarm(0); /* alarm timer persists across exec */
333 signal(SIGHUP, SIG_IGN); /* will be restored after exec */ 332 ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
334 execv(saved_argv[0], saved_argv); 333 execv(saved_argv[0], saved_argv);
335 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], 334 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
336 strerror(errno)); 335 strerror(errno));
@@ -359,6 +358,8 @@ main_sigchld_handler(int sig)
359 pid_t pid; 358 pid_t pid;
360 int status; 359 int status;
361 360
361 debug("main_sigchld_handler: %s", strsignal(sig));
362
362 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 363 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
363 (pid == -1 && errno == EINTR)) 364 (pid == -1 && errno == EINTR))
364 ; 365 ;
@@ -380,7 +381,7 @@ grace_alarm_handler(int sig)
380 * keys command helpers. 381 * keys command helpers.
381 */ 382 */
382 if (getpgid(0) == getpid()) { 383 if (getpgid(0) == getpid()) {
383 signal(SIGTERM, SIG_IGN); 384 ssh_signal(SIGTERM, SIG_IGN);
384 kill(0, SIGTERM); 385 kill(0, SIGTERM);
385 } 386 }
386 387
@@ -650,6 +651,8 @@ list_hostkey_types(void)
650 case KEY_DSA: 651 case KEY_DSA:
651 case KEY_ECDSA: 652 case KEY_ECDSA:
652 case KEY_ED25519: 653 case KEY_ED25519:
654 case KEY_ECDSA_SK:
655 case KEY_ED25519_SK:
653 case KEY_XMSS: 656 case KEY_XMSS:
654 append_hostkey_type(b, sshkey_ssh_name(key)); 657 append_hostkey_type(b, sshkey_ssh_name(key));
655 break; 658 break;
@@ -669,6 +672,8 @@ list_hostkey_types(void)
669 case KEY_DSA_CERT: 672 case KEY_DSA_CERT:
670 case KEY_ECDSA_CERT: 673 case KEY_ECDSA_CERT:
671 case KEY_ED25519_CERT: 674 case KEY_ED25519_CERT:
675 case KEY_ECDSA_SK_CERT:
676 case KEY_ED25519_SK_CERT:
672 case KEY_XMSS_CERT: 677 case KEY_XMSS_CERT:
673 append_hostkey_type(b, sshkey_ssh_name(key)); 678 append_hostkey_type(b, sshkey_ssh_name(key));
674 break; 679 break;
@@ -693,6 +698,8 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
693 case KEY_DSA_CERT: 698 case KEY_DSA_CERT:
694 case KEY_ECDSA_CERT: 699 case KEY_ECDSA_CERT:
695 case KEY_ED25519_CERT: 700 case KEY_ED25519_CERT:
701 case KEY_ECDSA_SK_CERT:
702 case KEY_ED25519_SK_CERT:
696 case KEY_XMSS_CERT: 703 case KEY_XMSS_CERT:
697 key = sensitive_data.host_certificates[i]; 704 key = sensitive_data.host_certificates[i];
698 break; 705 break;
@@ -702,10 +709,20 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
702 key = sensitive_data.host_pubkeys[i]; 709 key = sensitive_data.host_pubkeys[i];
703 break; 710 break;
704 } 711 }
705 if (key != NULL && key->type == type && 712 if (key == NULL || key->type != type)
706 (key->type != KEY_ECDSA || key->ecdsa_nid == nid)) 713 continue;
714 switch (type) {
715 case KEY_ECDSA:
716 case KEY_ECDSA_SK:
717 case KEY_ECDSA_CERT:
718 case KEY_ECDSA_SK_CERT:
719 if (key->ecdsa_nid != nid)
720 continue;
721 /* FALLTHROUGH */
722 default:
707 return need_private ? 723 return need_private ?
708 sensitive_data.host_keys[i] : key; 724 sensitive_data.host_keys[i] : key;
725 }
709 } 726 }
710 return NULL; 727 return NULL;
711} 728}
@@ -867,30 +884,45 @@ usage(void)
867static void 884static void
868send_rexec_state(int fd, struct sshbuf *conf) 885send_rexec_state(int fd, struct sshbuf *conf)
869{ 886{
870 struct sshbuf *m; 887 struct sshbuf *m = NULL, *inc = NULL;
888 struct include_item *item = NULL;
871 int r; 889 int r;
872 890
873 debug3("%s: entering fd = %d config len %zu", __func__, fd, 891 debug3("%s: entering fd = %d config len %zu", __func__, fd,
874 sshbuf_len(conf)); 892 sshbuf_len(conf));
875 893
894 if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
895 fatal("%s: sshbuf_new failed", __func__);
896
897 /* pack includes into a string */
898 TAILQ_FOREACH(item, &includes, entry) {
899 if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
900 (r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
901 (r = sshbuf_put_stringb(inc, item->contents)) != 0)
902 fatal("%s: buffer error: %s", __func__, ssh_err(r));
903 }
904
876 /* 905 /*
877 * Protocol from reexec master to child: 906 * Protocol from reexec master to child:
878 * string configuration 907 * string configuration
879 * string rngseed (only if OpenSSL is not self-seeded) 908 * string included_files[] {
909 * string selector
910 * string filename
911 * string contents
912 * }
913 * string rng_seed (if required)
880 */ 914 */
881 if ((m = sshbuf_new()) == NULL) 915 if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
882 fatal("%s: sshbuf_new failed", __func__); 916 (r = sshbuf_put_stringb(m, inc)) != 0)
883 if ((r = sshbuf_put_stringb(m, conf)) != 0)
884 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 917 fatal("%s: buffer error: %s", __func__, ssh_err(r));
885
886#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) 918#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
887 rexec_send_rng_seed(m); 919 rexec_send_rng_seed(m);
888#endif 920#endif
889
890 if (ssh_msg_send(fd, 0, m) == -1) 921 if (ssh_msg_send(fd, 0, m) == -1)
891 fatal("%s: ssh_msg_send failed", __func__); 922 fatal("%s: ssh_msg_send failed", __func__);
892 923
893 sshbuf_free(m); 924 sshbuf_free(m);
925 sshbuf_free(inc);
894 926
895 debug3("%s: done", __func__); 927 debug3("%s: done", __func__);
896} 928}
@@ -898,14 +930,15 @@ send_rexec_state(int fd, struct sshbuf *conf)
898static void 930static void
899recv_rexec_state(int fd, struct sshbuf *conf) 931recv_rexec_state(int fd, struct sshbuf *conf)
900{ 932{
901 struct sshbuf *m; 933 struct sshbuf *m, *inc;
902 u_char *cp, ver; 934 u_char *cp, ver;
903 size_t len; 935 size_t len;
904 int r; 936 int r;
937 struct include_item *item;
905 938
906 debug3("%s: entering fd = %d", __func__, fd); 939 debug3("%s: entering fd = %d", __func__, fd);
907 940
908 if ((m = sshbuf_new()) == NULL) 941 if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
909 fatal("%s: sshbuf_new failed", __func__); 942 fatal("%s: sshbuf_new failed", __func__);
910 if (ssh_msg_recv(fd, m) == -1) 943 if (ssh_msg_recv(fd, m) == -1)
911 fatal("%s: ssh_msg_recv failed", __func__); 944 fatal("%s: ssh_msg_recv failed", __func__);
@@ -913,14 +946,28 @@ recv_rexec_state(int fd, struct sshbuf *conf)
913 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 946 fatal("%s: buffer error: %s", __func__, ssh_err(r));
914 if (ver != 0) 947 if (ver != 0)
915 fatal("%s: rexec version mismatch", __func__); 948 fatal("%s: rexec version mismatch", __func__);
916 if ((r = sshbuf_get_string(m, &cp, &len)) != 0) 949 if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
917 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 950 (r = sshbuf_get_stringb(m, inc)) != 0)
918 if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
919 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 951 fatal("%s: buffer error: %s", __func__, ssh_err(r));
952
920#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) 953#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
921 rexec_recv_rng_seed(m); 954 rexec_recv_rng_seed(m);
922#endif 955#endif
923 956
957 if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
958 fatal("%s: buffer error: %s", __func__, ssh_err(r));
959
960 while (sshbuf_len(inc) != 0) {
961 item = xcalloc(1, sizeof(*item));
962 if ((item->contents = sshbuf_new()) == NULL)
963 fatal("%s: sshbuf_new failed", __func__);
964 if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
965 (r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
966 (r = sshbuf_get_stringb(inc, item->contents)) != 0)
967 fatal("%s: buffer error: %s", __func__, ssh_err(r));
968 TAILQ_INSERT_TAIL(&includes, item, entry);
969 }
970
924 free(cp); 971 free(cp);
925 sshbuf_free(m); 972 sshbuf_free(m);
926 973
@@ -1060,7 +1107,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1060{ 1107{
1061 fd_set *fdset; 1108 fd_set *fdset;
1062 int i, j, ret, maxfd; 1109 int i, j, ret, maxfd;
1063 int startups = 0, listening = 0, lameduck = 0; 1110 int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
1064 int startup_p[2] = { -1 , -1 }; 1111 int startup_p[2] = { -1 , -1 };
1065 char c = 0; 1112 char c = 0;
1066 struct sockaddr_storage from; 1113 struct sockaddr_storage from;
@@ -1085,6 +1132,12 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1085 * the daemon is killed with a signal. 1132 * the daemon is killed with a signal.
1086 */ 1133 */
1087 for (;;) { 1134 for (;;) {
1135 if (ostartups != startups) {
1136 setproctitle("%s [listener] %d of %d-%d startups",
1137 listener_proctitle, startups,
1138 options.max_startups_begin, options.max_startups);
1139 ostartups = startups;
1140 }
1088 if (received_sighup) { 1141 if (received_sighup) {
1089 if (!lameduck) { 1142 if (!lameduck) {
1090 debug("Received SIGHUP; waiting for children"); 1143 debug("Received SIGHUP; waiting for children");
@@ -1172,6 +1225,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1172 if (drop_connection(startups) == 1) { 1225 if (drop_connection(startups) == 1) {
1173 char *laddr = get_local_ipaddr(*newsock); 1226 char *laddr = get_local_ipaddr(*newsock);
1174 char *raddr = get_peer_ipaddr(*newsock); 1227 char *raddr = get_peer_ipaddr(*newsock);
1228 char msg[] = "Exceeded MaxStartups\r\n";
1175 1229
1176 verbose("drop connection #%d from [%s]:%d " 1230 verbose("drop connection #%d from [%s]:%d "
1177 "on [%s]:%d past MaxStartups", startups, 1231 "on [%s]:%d past MaxStartups", startups,
@@ -1179,6 +1233,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1179 laddr, get_local_port(*newsock)); 1233 laddr, get_local_port(*newsock));
1180 free(laddr); 1234 free(laddr);
1181 free(raddr); 1235 free(raddr);
1236 /* best-effort notification to client */
1237 (void)write(*newsock, msg, strlen(msg));
1182 close(*newsock); 1238 close(*newsock);
1183 continue; 1239 continue;
1184 } 1240 }
@@ -1425,6 +1481,17 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg,
1425 sshbuf_free(buf); 1481 sshbuf_free(buf);
1426} 1482}
1427 1483
1484static char *
1485prepare_proctitle(int ac, char **av)
1486{
1487 char *ret = NULL;
1488 int i;
1489
1490 for (i = 0; i < ac; i++)
1491 xextendf(&ret, " ", "%s", av[i]);
1492 return ret;
1493}
1494
1428/* 1495/*
1429 * Main program for the daemon. 1496 * Main program for the daemon.
1430 */ 1497 */
@@ -1577,7 +1644,7 @@ main(int ac, char **av)
1577 case 'o': 1644 case 'o':
1578 line = xstrdup(optarg); 1645 line = xstrdup(optarg);
1579 if (process_server_config_line(&options, line, 1646 if (process_server_config_line(&options, line,
1580 "command-line", 0, NULL, NULL) != 0) 1647 "command-line", 0, NULL, NULL, &includes) != 0)
1581 exit(1); 1648 exit(1);
1582 free(line); 1649 free(line);
1583 break; 1650 break;
@@ -1608,7 +1675,7 @@ main(int ac, char **av)
1608 SYSLOG_LEVEL_INFO : options.log_level, 1675 SYSLOG_LEVEL_INFO : options.log_level,
1609 options.log_facility == SYSLOG_FACILITY_NOT_SET ? 1676 options.log_facility == SYSLOG_FACILITY_NOT_SET ?
1610 SYSLOG_FACILITY_AUTH : options.log_facility, 1677 SYSLOG_FACILITY_AUTH : options.log_facility,
1611 log_stderr || !inetd_flag); 1678 log_stderr || !inetd_flag || debug_flag);
1612 1679
1613 /* 1680 /*
1614 * Unset KRB5CCNAME, otherwise the user's session may inherit it from 1681 * Unset KRB5CCNAME, otherwise the user's session may inherit it from
@@ -1641,12 +1708,11 @@ main(int ac, char **av)
1641 */ 1708 */
1642 (void)atomicio(vwrite, startup_pipe, "\0", 1); 1709 (void)atomicio(vwrite, startup_pipe, "\0", 1);
1643 } 1710 }
1644 } 1711 } else if (strcasecmp(config_file_name, "none") != 0)
1645 else if (strcasecmp(config_file_name, "none") != 0)
1646 load_server_config(config_file_name, cfg); 1712 load_server_config(config_file_name, cfg);
1647 1713
1648 parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, 1714 parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
1649 cfg, NULL); 1715 cfg, &includes, NULL);
1650 1716
1651 /* Fill in default values for those options not explicitly set. */ 1717 /* Fill in default values for those options not explicitly set. */
1652 fill_default_server_options(&options); 1718 fill_default_server_options(&options);
@@ -1738,7 +1804,14 @@ main(int ac, char **av)
1738 &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) 1804 &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
1739 do_log2(ll, "Unable to load host key \"%s\": %s", 1805 do_log2(ll, "Unable to load host key \"%s\": %s",
1740 options.host_key_files[i], ssh_err(r)); 1806 options.host_key_files[i], ssh_err(r));
1741 if (r == 0 && (r = sshkey_shield_private(key)) != 0) { 1807 if (sshkey_is_sk(key) &&
1808 key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
1809 debug("host key %s requires user presence, ignoring",
1810 options.host_key_files[i]);
1811 key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
1812 }
1813 if (r == 0 && key != NULL &&
1814 (r = sshkey_shield_private(key)) != 0) {
1742 do_log2(ll, "Unable to shield host key \"%s\": %s", 1815 do_log2(ll, "Unable to shield host key \"%s\": %s",
1743 options.host_key_files[i], ssh_err(r)); 1816 options.host_key_files[i], ssh_err(r));
1744 sshkey_free(key); 1817 sshkey_free(key);
@@ -1775,6 +1848,8 @@ main(int ac, char **av)
1775 case KEY_DSA: 1848 case KEY_DSA:
1776 case KEY_ECDSA: 1849 case KEY_ECDSA:
1777 case KEY_ED25519: 1850 case KEY_ED25519:
1851 case KEY_ECDSA_SK:
1852 case KEY_ED25519_SK:
1778 case KEY_XMSS: 1853 case KEY_XMSS:
1779 if (have_agent || key != NULL) 1854 if (have_agent || key != NULL)
1780 sensitive_data.have_ssh2_key = 1; 1855 sensitive_data.have_ssh2_key = 1;
@@ -1864,7 +1939,7 @@ main(int ac, char **av)
1864 if (connection_info == NULL) 1939 if (connection_info == NULL)
1865 connection_info = get_connection_info(ssh, 0, 0); 1940 connection_info = get_connection_info(ssh, 0, 0);
1866 connection_info->test = 1; 1941 connection_info->test = 1;
1867 parse_server_match_config(&options, connection_info); 1942 parse_server_match_config(&options, &includes, connection_info);
1868 dump_config(&options); 1943 dump_config(&options);
1869 } 1944 }
1870 1945
@@ -1893,6 +1968,7 @@ main(int ac, char **av)
1893 rexec_argv[rexec_argc] = "-R"; 1968 rexec_argv[rexec_argc] = "-R";
1894 rexec_argv[rexec_argc + 1] = NULL; 1969 rexec_argv[rexec_argc + 1] = NULL;
1895 } 1970 }
1971 listener_proctitle = prepare_proctitle(ac, av);
1896 1972
1897 /* Ensure that umask disallows at least group and world write */ 1973 /* Ensure that umask disallows at least group and world write */
1898 new_umask = umask(0077) | 0022; 1974 new_umask = umask(0077) | 0022;
@@ -1925,7 +2001,7 @@ main(int ac, char **av)
1925 error("chdir(\"/\"): %s", strerror(errno)); 2001 error("chdir(\"/\"): %s", strerror(errno));
1926 2002
1927 /* ignore SIGPIPE */ 2003 /* ignore SIGPIPE */
1928 signal(SIGPIPE, SIG_IGN); 2004 ssh_signal(SIGPIPE, SIG_IGN);
1929 2005
1930 /* Get a connection, either from inetd or a listening TCP socket */ 2006 /* Get a connection, either from inetd or a listening TCP socket */
1931 if (inetd_flag) { 2007 if (inetd_flag) {
@@ -1934,10 +2010,10 @@ main(int ac, char **av)
1934 platform_pre_listen(); 2010 platform_pre_listen();
1935 server_listen(); 2011 server_listen();
1936 2012
1937 signal(SIGHUP, sighup_handler); 2013 ssh_signal(SIGHUP, sighup_handler);
1938 signal(SIGCHLD, main_sigchld_handler); 2014 ssh_signal(SIGCHLD, main_sigchld_handler);
1939 signal(SIGTERM, sigterm_handler); 2015 ssh_signal(SIGTERM, sigterm_handler);
1940 signal(SIGQUIT, sigterm_handler); 2016 ssh_signal(SIGQUIT, sigterm_handler);
1941 2017
1942 /* 2018 /*
1943 * Write out the pid file after the sigterm handler 2019 * Write out the pid file after the sigterm handler
@@ -2032,12 +2108,12 @@ main(int ac, char **av)
2032 * will not restart on SIGHUP since it no longer makes sense. 2108 * will not restart on SIGHUP since it no longer makes sense.
2033 */ 2109 */
2034 alarm(0); 2110 alarm(0);
2035 signal(SIGALRM, SIG_DFL); 2111 ssh_signal(SIGALRM, SIG_DFL);
2036 signal(SIGHUP, SIG_DFL); 2112 ssh_signal(SIGHUP, SIG_DFL);
2037 signal(SIGTERM, SIG_DFL); 2113 ssh_signal(SIGTERM, SIG_DFL);
2038 signal(SIGQUIT, SIG_DFL); 2114 ssh_signal(SIGQUIT, SIG_DFL);
2039 signal(SIGCHLD, SIG_DFL); 2115 ssh_signal(SIGCHLD, SIG_DFL);
2040 signal(SIGINT, SIG_DFL); 2116 ssh_signal(SIGINT, SIG_DFL);
2041 2117
2042 /* 2118 /*
2043 * Register our connection. This turns encryption off because we do 2119 * Register our connection. This turns encryption off because we do
@@ -2108,60 +2184,6 @@ main(int ac, char **av)
2108 rdomain == NULL ? "" : "\""); 2184 rdomain == NULL ? "" : "\"");
2109 free(laddr); 2185 free(laddr);
2110 2186
2111#ifdef USE_SECURITY_SESSION_API
2112 /*
2113 * Create a new security session for use by the new user login if
2114 * the current session is the root session or we are not launched
2115 * by inetd (eg: debugging mode or server mode). We do not
2116 * necessarily need to create a session if we are launched from
2117 * inetd because Panther xinetd will create a session for us.
2118 *
2119 * The only case where this logic will fail is if there is an
2120 * inetd running in a non-root session which is not creating
2121 * new sessions for us. Then all the users will end up in the
2122 * same session (bad).
2123 *
2124 * When the client exits, the session will be destroyed for us
2125 * automatically.
2126 *
2127 * We must create the session before any credentials are stored
2128 * (including AFS pags, which happens a few lines below).
2129 */
2130 {
2131 OSStatus err = 0;
2132 SecuritySessionId sid = 0;
2133 SessionAttributeBits sattrs = 0;
2134
2135 err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
2136 if (err)
2137 error("SessionGetInfo() failed with error %.8X",
2138 (unsigned) err);
2139 else
2140 debug("Current Session ID is %.8X / Session Attributes are %.8X",
2141 (unsigned) sid, (unsigned) sattrs);
2142
2143 if (inetd_flag && !(sattrs & sessionIsRoot))
2144 debug("Running in inetd mode in a non-root session... "
2145 "assuming inetd created the session for us.");
2146 else {
2147 debug("Creating new security session...");
2148 err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
2149 if (err)
2150 error("SessionCreate() failed with error %.8X",
2151 (unsigned) err);
2152
2153 err = SessionGetInfo(callerSecuritySession, &sid,
2154 &sattrs);
2155 if (err)
2156 error("SessionGetInfo() failed with error %.8X",
2157 (unsigned) err);
2158 else
2159 debug("New Session ID is %.8X / Session Attributes are %.8X",
2160 (unsigned) sid, (unsigned) sattrs);
2161 }
2162 }
2163#endif
2164
2165 /* 2187 /*
2166 * We don't want to listen forever unless the other side 2188 * We don't want to listen forever unless the other side
2167 * successfully authenticates itself. So we set up an alarm which is 2189 * successfully authenticates itself. So we set up an alarm which is
@@ -2170,7 +2192,7 @@ main(int ac, char **av)
2170 * mode; it is just annoying to have the server exit just when you 2192 * mode; it is just annoying to have the server exit just when you
2171 * are about to discover the bug. 2193 * are about to discover the bug.
2172 */ 2194 */
2173 signal(SIGALRM, grace_alarm_handler); 2195 ssh_signal(SIGALRM, grace_alarm_handler);
2174 if (!debug_flag) 2196 if (!debug_flag)
2175 alarm(options.login_grace_time); 2197 alarm(options.login_grace_time);
2176 2198
@@ -2229,7 +2251,7 @@ main(int ac, char **av)
2229 * authentication. 2251 * authentication.
2230 */ 2252 */
2231 alarm(0); 2253 alarm(0);
2232 signal(SIGALRM, SIG_DFL); 2254 ssh_signal(SIGALRM, SIG_DFL);
2233 authctxt->authenticated = 1; 2255 authctxt->authenticated = 1;
2234 if (startup_pipe != -1) { 2256 if (startup_pipe != -1) {
2235 close(startup_pipe); 2257 close(startup_pipe);
@@ -2306,17 +2328,19 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
2306 if (use_privsep) { 2328 if (use_privsep) {
2307 if (privkey) { 2329 if (privkey) {
2308 if (mm_sshkey_sign(ssh, privkey, signature, slenp, 2330 if (mm_sshkey_sign(ssh, privkey, signature, slenp,
2309 data, dlen, alg, ssh->compat) < 0) 2331 data, dlen, alg, options.sk_provider,
2332 ssh->compat) < 0)
2310 fatal("%s: privkey sign failed", __func__); 2333 fatal("%s: privkey sign failed", __func__);
2311 } else { 2334 } else {
2312 if (mm_sshkey_sign(ssh, pubkey, signature, slenp, 2335 if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
2313 data, dlen, alg, ssh->compat) < 0) 2336 data, dlen, alg, options.sk_provider,
2337 ssh->compat) < 0)
2314 fatal("%s: pubkey sign failed", __func__); 2338 fatal("%s: pubkey sign failed", __func__);
2315 } 2339 }
2316 } else { 2340 } else {
2317 if (privkey) { 2341 if (privkey) {
2318 if (sshkey_sign(privkey, signature, slenp, data, dlen, 2342 if (sshkey_sign(privkey, signature, slenp, data, dlen,
2319 alg, ssh->compat) < 0) 2343 alg, options.sk_provider, ssh->compat) < 0)
2320 fatal("%s: privkey sign failed", __func__); 2344 fatal("%s: privkey sign failed", __func__);
2321 } else { 2345 } else {
2322 if ((r = ssh_agent_sign(auth_sock, pubkey, 2346 if ((r = ssh_agent_sign(auth_sock, pubkey,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 10:49:47 +0000