summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2003-09-23 18:08:35 +0000
committerColin Watson <cjwatson@debian.org>2003-09-23 18:08:35 +0000
commitd59fd3e421aa81b8e5e118f3f806081df2aca879 (patch)
tree356a4e607edc979c625bb33db63c656d771478bd /sshd.c
parent7505658c58e96b8d270f1928a0e1fa7f3e0c266b (diff)
parent45431c9b4677608680cd071768cbf156b316a7e8 (diff)
Merge 3.7.1p2 to the trunk. I have absolutely no idea yet whether this will
work.
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c181
1 files changed, 67 insertions, 114 deletions
diff --git a/sshd.c b/sshd.c
index d49973859..92fab6ccd 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.276 2003/08/28 12:54:34 markus Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -112,11 +112,7 @@ char *config_file_name = _PATH_SERVER_CONFIG_FILE;
112 * Flag indicating whether IPv4 or IPv6. This can be set on the command line. 112 * Flag indicating whether IPv4 or IPv6. This can be set on the command line.
113 * Default value is AF_UNSPEC means both IPv4 and IPv6. 113 * Default value is AF_UNSPEC means both IPv4 and IPv6.
114 */ 114 */
115#ifdef IPV4_DEFAULT
116int IPv4or6 = AF_INET;
117#else
118int IPv4or6 = AF_UNSPEC; 115int IPv4or6 = AF_UNSPEC;
119#endif
120 116
121/* 117/*
122 * Debug mode flag. This can be set on the command line. If debug 118 * Debug mode flag. This can be set on the command line. If debug
@@ -192,7 +188,7 @@ u_char session_id[16];
192 188
193/* same for ssh2 */ 189/* same for ssh2 */
194u_char *session_id2 = NULL; 190u_char *session_id2 = NULL;
195int session_id2_len = 0; 191u_int session_id2_len = 0;
196 192
197/* record remote hostname or ip */ 193/* record remote hostname or ip */
198u_int utmp_len = MAXHOSTNAMELEN; 194u_int utmp_len = MAXHOSTNAMELEN;
@@ -205,6 +201,9 @@ int startup_pipe; /* in child */
205int use_privsep; 201int use_privsep;
206struct monitor *pmonitor; 202struct monitor *pmonitor;
207 203
204/* message to be displayed after login */
205Buffer loginmsg;
206
208/* Prototypes for various functions defined later in this file. */ 207/* Prototypes for various functions defined later in this file. */
209void destroy_sensitive_data(void); 208void destroy_sensitive_data(void);
210void demote_sensitive_data(void); 209void demote_sensitive_data(void);
@@ -258,11 +257,11 @@ sighup_handler(int sig)
258static void 257static void
259sighup_restart(void) 258sighup_restart(void)
260{ 259{
261 log("Received SIGHUP; restarting."); 260 logit("Received SIGHUP; restarting.");
262 close_listen_socks(); 261 close_listen_socks();
263 close_startup_pipes(); 262 close_startup_pipes();
264 execv(saved_argv[0], saved_argv); 263 execv(saved_argv[0], saved_argv);
265 log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], 264 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
266 strerror(errno)); 265 strerror(errno));
267 exit(1); 266 exit(1);
268} 267}
@@ -371,39 +370,37 @@ sshd_exchange_identification(int sock_in, int sock_out)
371 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION); 370 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
372 server_version_string = xstrdup(buf); 371 server_version_string = xstrdup(buf);
373 372
374 if (client_version_string == NULL) { 373 /* Send our protocol version identification. */
375 /* Send our protocol version identification. */ 374 if (atomicio(vwrite, sock_out, server_version_string,
376 if (atomicio(write, sock_out, server_version_string, 375 strlen(server_version_string))
377 strlen(server_version_string)) 376 != strlen(server_version_string)) {
378 != strlen(server_version_string)) { 377 logit("Could not write ident string to %s", get_remote_ipaddr());
379 log("Could not write ident string to %s", get_remote_ipaddr()); 378 fatal_cleanup();
379 }
380
381 /* Read other sides version identification. */
382 memset(buf, 0, sizeof(buf));
383 for (i = 0; i < sizeof(buf) - 1; i++) {
384 if (atomicio(read, sock_in, &buf[i], 1) != 1) {
385 logit("Did not receive identification string from %s",
386 get_remote_ipaddr());
380 fatal_cleanup(); 387 fatal_cleanup();
381 } 388 }
382 389 if (buf[i] == '\r') {
383 /* Read other sides version identification. */ 390 buf[i] = 0;
384 memset(buf, 0, sizeof(buf)); 391 /* Kludge for F-Secure Macintosh < 1.0.2 */
385 for (i = 0; i < sizeof(buf) - 1; i++) { 392 if (i == 12 &&
386 if (atomicio(read, sock_in, &buf[i], 1) != 1) { 393 strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
387 log("Did not receive identification string from %s",
388 get_remote_ipaddr());
389 fatal_cleanup();
390 }
391 if (buf[i] == '\r') {
392 buf[i] = 0;
393 /* Kludge for F-Secure Macintosh < 1.0.2 */
394 if (i == 12 &&
395 strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
396 break;
397 continue;
398 }
399 if (buf[i] == '\n') {
400 buf[i] = 0;
401 break; 394 break;
402 } 395 continue;
396 }
397 if (buf[i] == '\n') {
398 buf[i] = 0;
399 break;
403 } 400 }
404 buf[sizeof(buf) - 1] = 0;
405 client_version_string = xstrdup(buf);
406 } 401 }
402 buf[sizeof(buf) - 1] = 0;
403 client_version_string = xstrdup(buf);
407 404
408 /* 405 /*
409 * Check that the versions match. In future this might accept 406 * Check that the versions match. In future this might accept
@@ -412,10 +409,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
412 if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", 409 if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
413 &remote_major, &remote_minor, remote_version) != 3) { 410 &remote_major, &remote_minor, remote_version) != 3) {
414 s = "Protocol mismatch.\n"; 411 s = "Protocol mismatch.\n";
415 (void) atomicio(write, sock_out, s, strlen(s)); 412 (void) atomicio(vwrite, sock_out, s, strlen(s));
416 close(sock_in); 413 close(sock_in);
417 close(sock_out); 414 close(sock_out);
418 log("Bad protocol version identification '%.100s' from %s", 415 logit("Bad protocol version identification '%.100s' from %s",
419 client_version_string, get_remote_ipaddr()); 416 client_version_string, get_remote_ipaddr());
420 fatal_cleanup(); 417 fatal_cleanup();
421 } 418 }
@@ -425,13 +422,13 @@ sshd_exchange_identification(int sock_in, int sock_out)
425 compat_datafellows(remote_version); 422 compat_datafellows(remote_version);
426 423
427 if (datafellows & SSH_BUG_PROBE) { 424 if (datafellows & SSH_BUG_PROBE) {
428 log("probed from %s with %s. Don't panic.", 425 logit("probed from %s with %s. Don't panic.",
429 get_remote_ipaddr(), client_version_string); 426 get_remote_ipaddr(), client_version_string);
430 fatal_cleanup(); 427 fatal_cleanup();
431 } 428 }
432 429
433 if (datafellows & SSH_BUG_SCANNER) { 430 if (datafellows & SSH_BUG_SCANNER) {
434 log("scanned from %s with %s. Don't panic.", 431 logit("scanned from %s with %s. Don't panic.",
435 get_remote_ipaddr(), client_version_string); 432 get_remote_ipaddr(), client_version_string);
436 fatal_cleanup(); 433 fatal_cleanup();
437 } 434 }
@@ -473,10 +470,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
473 470
474 if (mismatch) { 471 if (mismatch) {
475 s = "Protocol major versions differ.\n"; 472 s = "Protocol major versions differ.\n";
476 (void) atomicio(write, sock_out, s, strlen(s)); 473 (void) atomicio(vwrite, sock_out, s, strlen(s));
477 close(sock_in); 474 close(sock_in);
478 close(sock_out); 475 close(sock_out);
479 log("Protocol major versions differ for %s: %.200s vs. %.200s", 476 logit("Protocol major versions differ for %s: %.200s vs. %.200s",
480 get_remote_ipaddr(), 477 get_remote_ipaddr(),
481 server_version_string, client_version_string); 478 server_version_string, client_version_string);
482 fatal_cleanup(); 479 fatal_cleanup();
@@ -568,8 +565,6 @@ privsep_preauth_child(void)
568 do_setusercontext(pw); 565 do_setusercontext(pw);
569#else 566#else
570 gidset[0] = pw->pw_gid; 567 gidset[0] = pw->pw_gid;
571 if (setgid(pw->pw_gid) < 0)
572 fatal("setgid failed for %u", pw->pw_gid );
573 if (setgroups(1, gidset) < 0) 568 if (setgroups(1, gidset) < 0)
574 fatal("setgroups: %.100s", strerror(errno)); 569 fatal("setgroups: %.100s", strerror(errno));
575 permanently_set_uid(pw); 570 permanently_set_uid(pw);
@@ -824,26 +819,27 @@ main(int ac, char **av)
824#ifdef HAVE_SECUREWARE 819#ifdef HAVE_SECUREWARE
825 (void)set_auth_parameters(ac, av); 820 (void)set_auth_parameters(ac, av);
826#endif 821#endif
827 __progname = get_progname(av[0]); 822 __progname = ssh_get_progname(av[0]);
828 init_rng(); 823 init_rng();
829 824
830 /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ 825 /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
831 saved_argc = ac; 826 saved_argc = ac;
832 saved_argv = av; 827 saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
833 saved_argv = xmalloc(sizeof(*saved_argv) * ac);
834 for (i = 0; i < ac; i++) 828 for (i = 0; i < ac; i++)
835 saved_argv[i] = xstrdup(av[i]); 829 saved_argv[i] = xstrdup(av[i]);
830 saved_argv[i] = NULL;
836 831
837#ifndef HAVE_SETPROCTITLE 832#ifndef HAVE_SETPROCTITLE
838 /* Prepare for later setproctitle emulation */ 833 /* Prepare for later setproctitle emulation */
839 compat_init_setproctitle(ac, av); 834 compat_init_setproctitle(ac, av);
835 av = saved_argv;
840#endif 836#endif
841 837
842 /* Initialize configuration options to their default values. */ 838 /* Initialize configuration options to their default values. */
843 initialize_server_options(&options); 839 initialize_server_options(&options);
844 840
845 /* Parse command-line arguments. */ 841 /* Parse command-line arguments. */
846 while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:o:dDeiqtQ46")) != -1) { 842 while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {
847 switch (opt) { 843 switch (opt) {
848 case '4': 844 case '4':
849 IPv4or6 = AF_INET; 845 IPv4or6 = AF_INET;
@@ -855,15 +851,11 @@ main(int ac, char **av)
855 config_file_name = optarg; 851 config_file_name = optarg;
856 break; 852 break;
857 case 'd': 853 case 'd':
858 if (0 == debug_flag) { 854 if (debug_flag == 0) {
859 debug_flag = 1; 855 debug_flag = 1;
860 options.log_level = SYSLOG_LEVEL_DEBUG1; 856 options.log_level = SYSLOG_LEVEL_DEBUG1;
861 } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) { 857 } else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
862 options.log_level++; 858 options.log_level++;
863 } else {
864 fprintf(stderr, "Too high debugging level.\n");
865 exit(1);
866 }
867 break; 859 break;
868 case 'D': 860 case 'D':
869 no_daemon_flag = 1; 861 no_daemon_flag = 1;
@@ -919,11 +911,6 @@ main(int ac, char **av)
919 } 911 }
920 options.host_key_files[options.num_host_key_files++] = optarg; 912 options.host_key_files[options.num_host_key_files++] = optarg;
921 break; 913 break;
922 case 'V':
923 client_version_string = optarg;
924 /* only makes sense with inetd_flag, i.e. no listen() */
925 inetd_flag = 1;
926 break;
927 case 't': 914 case 't':
928 test_flag = 1; 915 test_flag = 1;
929 break; 916 break;
@@ -1015,15 +1002,15 @@ main(int ac, char **av)
1015 key_type(key)); 1002 key_type(key));
1016 } 1003 }
1017 if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { 1004 if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
1018 log("Disabling protocol version 1. Could not load host key"); 1005 logit("Disabling protocol version 1. Could not load host key");
1019 options.protocol &= ~SSH_PROTO_1; 1006 options.protocol &= ~SSH_PROTO_1;
1020 } 1007 }
1021 if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { 1008 if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1022 log("Disabling protocol version 2. Could not load host key"); 1009 logit("Disabling protocol version 2. Could not load host key");
1023 options.protocol &= ~SSH_PROTO_2; 1010 options.protocol &= ~SSH_PROTO_2;
1024 } 1011 }
1025 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { 1012 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
1026 log("sshd: no hostkeys available -- exiting."); 1013 logit("sshd: no hostkeys available -- exiting.");
1027 exit(1); 1014 exit(1);
1028 } 1015 }
1029 1016
@@ -1158,7 +1145,8 @@ main(int ac, char **av)
1158 continue; 1145 continue;
1159 } 1146 }
1160 /* Create socket for listening. */ 1147 /* Create socket for listening. */
1161 listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); 1148 listen_sock = socket(ai->ai_family, ai->ai_socktype,
1149 ai->ai_protocol);
1162 if (listen_sock < 0) { 1150 if (listen_sock < 0) {
1163 /* kernel may not support ipv6 */ 1151 /* kernel may not support ipv6 */
1164 verbose("socket: %.100s", strerror(errno)); 1152 verbose("socket: %.100s", strerror(errno));
@@ -1191,7 +1179,7 @@ main(int ac, char **av)
1191 num_listen_socks++; 1179 num_listen_socks++;
1192 1180
1193 /* Start listening on the port. */ 1181 /* Start listening on the port. */
1194 log("Server listening on %s port %s.", ntop, strport); 1182 logit("Server listening on %s port %s.", ntop, strport);
1195 if (listen(listen_sock, 5) < 0) 1183 if (listen(listen_sock, 5) < 0)
1196 fatal("listen: %.100s", strerror(errno)); 1184 fatal("listen: %.100s", strerror(errno));
1197 1185
@@ -1226,7 +1214,10 @@ main(int ac, char **av)
1226 * overwrite any old pid in the file. 1214 * overwrite any old pid in the file.
1227 */ 1215 */
1228 f = fopen(options.pid_file, "wb"); 1216 f = fopen(options.pid_file, "wb");
1229 if (f) { 1217 if (f == NULL) {
1218 error("Couldn't create pid file \"%s\": %s",
1219 options.pid_file, strerror(errno));
1220 } else {
1230 fprintf(f, "%ld\n", (long) getpid()); 1221 fprintf(f, "%ld\n", (long) getpid());
1231 fclose(f); 1222 fclose(f);
1232 } 1223 }
@@ -1267,7 +1258,7 @@ main(int ac, char **av)
1267 if (ret < 0 && errno != EINTR) 1258 if (ret < 0 && errno != EINTR)
1268 error("select: %.100s", strerror(errno)); 1259 error("select: %.100s", strerror(errno));
1269 if (received_sigterm) { 1260 if (received_sigterm) {
1270 log("Received signal %d; terminating.", 1261 logit("Received signal %d; terminating.",
1271 (int) received_sigterm); 1262 (int) received_sigterm);
1272 close_listen_socks(); 1263 close_listen_socks();
1273 unlink(options.pid_file); 1264 unlink(options.pid_file);
@@ -1405,11 +1396,11 @@ main(int ac, char **av)
1405 * setlogin() affects the entire process group. We don't 1396 * setlogin() affects the entire process group. We don't
1406 * want the child to be able to affect the parent. 1397 * want the child to be able to affect the parent.
1407 */ 1398 */
1408#if !defined(STREAMS_PUSH_ACQUIRES_CTTY) 1399#if !defined(SSHD_ACQUIRES_CTTY)
1409 /* 1400 /*
1410 * If setsid is called on Solaris, sshd will acquire the controlling 1401 * If setsid is called, on some platforms sshd will later acquire a
1411 * terminal while pushing STREAMS modules. This will prevent the 1402 * controlling terminal which will result in "could not set
1412 * shell from acquiring it later. 1403 * controlling tty" errors.
1413 */ 1404 */
1414 if (!debug_flag && !inetd_flag && setsid() < 0) 1405 if (!debug_flag && !inetd_flag && setsid() < 0)
1415 error("setsid: %.100s", strerror(errno)); 1406 error("setsid: %.100s", strerror(errno));
@@ -1476,37 +1467,12 @@ main(int ac, char **av)
1476 alarm(options.login_grace_time); 1467 alarm(options.login_grace_time);
1477 1468
1478 sshd_exchange_identification(sock_in, sock_out); 1469 sshd_exchange_identification(sock_in, sock_out);
1479 /*
1480 * Check that the connection comes from a privileged port.
1481 * Rhosts-Authentication only makes sense from privileged
1482 * programs. Of course, if the intruder has root access on his local
1483 * machine, he can connect from any port. So do not use these
1484 * authentication methods from machines that you do not trust.
1485 */
1486 if (options.rhosts_authentication &&
1487 (remote_port >= IPPORT_RESERVED ||
1488 remote_port < IPPORT_RESERVED / 2)) {
1489 debug("Rhosts Authentication disabled, "
1490 "originating port %d not trusted.", remote_port);
1491 options.rhosts_authentication = 0;
1492 }
1493#if defined(KRB4) && !defined(KRB5)
1494 if (!packet_connection_is_ipv4() &&
1495 options.kerberos_authentication) {
1496 debug("Kerberos Authentication disabled, only available for IPv4.");
1497 options.kerberos_authentication = 0;
1498 }
1499#endif /* KRB4 && !KRB5 */
1500#ifdef AFS
1501 /* If machine has AFS, set process authentication group. */
1502 if (k_hasafs()) {
1503 k_setpag();
1504 k_unlog();
1505 }
1506#endif /* AFS */
1507 1470
1508 packet_set_nonblocking(); 1471 packet_set_nonblocking();
1509 1472
1473 /* prepare buffers to collect authentication messages */
1474 buffer_init(&loginmsg);
1475
1510 if (use_privsep) 1476 if (use_privsep)
1511 if ((authctxt = privsep_preauth()) != NULL) 1477 if ((authctxt = privsep_preauth()) != NULL)
1512 goto authenticated; 1478 goto authenticated;
@@ -1548,7 +1514,8 @@ main(int ac, char **av)
1548 verbose("Closing connection to %.100s", remote_ip); 1514 verbose("Closing connection to %.100s", remote_ip);
1549 1515
1550#ifdef USE_PAM 1516#ifdef USE_PAM
1551 finish_pam(); 1517 if (options.use_pam)
1518 finish_pam();
1552#endif /* USE_PAM */ 1519#endif /* USE_PAM */
1553 1520
1554 packet_close(); 1521 packet_close();
@@ -1660,24 +1627,10 @@ do_ssh1_kex(void)
1660 1627
1661 /* Declare supported authentication types. */ 1628 /* Declare supported authentication types. */
1662 auth_mask = 0; 1629 auth_mask = 0;
1663 if (options.rhosts_authentication)
1664 auth_mask |= 1 << SSH_AUTH_RHOSTS;
1665 if (options.rhosts_rsa_authentication) 1630 if (options.rhosts_rsa_authentication)
1666 auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; 1631 auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
1667 if (options.rsa_authentication) 1632 if (options.rsa_authentication)
1668 auth_mask |= 1 << SSH_AUTH_RSA; 1633 auth_mask |= 1 << SSH_AUTH_RSA;
1669#if defined(KRB4) || defined(KRB5)
1670 if (options.kerberos_authentication)
1671 auth_mask |= 1 << SSH_AUTH_KERBEROS;
1672#endif
1673#if defined(AFS) || defined(KRB5)
1674 if (options.kerberos_tgt_passing)
1675 auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
1676#endif
1677#ifdef AFS
1678 if (options.afs_token_passing)
1679 auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
1680#endif
1681 if (options.challenge_response_authentication == 1) 1634 if (options.challenge_response_authentication == 1)
1682 auth_mask |= 1 << SSH_AUTH_TIS; 1635 auth_mask |= 1 << SSH_AUTH_TIS;
1683 if (options.password_authentication) 1636 if (options.password_authentication)
@@ -1755,7 +1708,7 @@ do_ssh1_kex(void)
1755 u_char *buf = xmalloc(bytes); 1708 u_char *buf = xmalloc(bytes);
1756 MD5_CTX md; 1709 MD5_CTX md;
1757 1710
1758 log("do_connection: generating a fake encryption key"); 1711 logit("do_connection: generating a fake encryption key");
1759 BN_bn2bin(session_key_int, buf); 1712 BN_bn2bin(session_key_int, buf);
1760 MD5_Init(&md); 1713 MD5_Init(&md);
1761 MD5_Update(&md, buf, bytes); 1714 MD5_Update(&md, buf, bytes);