1 files changed, 39 insertions, 37 deletions
diff --git a/sshd.c b/sshd.c
index 43d465085..430569c46 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */
+/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -121,7 +121,6 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
-#include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
 #include "ssherr.h"
@@ -437,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
            options.version_addendum, newline);
        /* Send our protocol version identification. */
-        if (roaming_atomicio(vwrite, sock_out, server_version_string,
+        if (atomicio(vwrite, sock_out, server_version_string,
            strlen(server_version_string))
            != strlen(server_version_string)) {
                logit("Could not write ident string to %s", get_remote_ipaddr());
@@ -447,7 +446,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
        /* Read other sides version identification. */
        memset(buf, 0, sizeof(buf));
        for (i = 0; i < sizeof(buf) - 1; i++) {
-                if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
+                if (atomicio(read, sock_in, &buf[i], 1) != 1) {
                        logit("Did not receive identification string from %s",
                            get_remote_ipaddr());
                        cleanup_exit(255);
@@ -632,25 +631,23 @@ privsep_preauth_child(void)
        /* Demote the private keys to public keys. */
        demote_sensitive_data();
-        /* Change our root directory */
+        /* Demote the child */
-        if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
+        if (getuid() == 0 || geteuid() == 0) {
-                fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
+                /* Change our root directory */
-                    strerror(errno));
+                if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
-        if (chdir("/") == -1)
+                        fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-                fatal("chdir(\"/\"): %s", strerror(errno));
+                            strerror(errno));
+                if (chdir("/") == -1)
-        /* Drop our privileges */
+                        fatal("chdir(\"/\"): %s", strerror(errno));
-        debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
-            (u_int)privsep_pw->pw_gid);
+                /* Drop our privileges */
-#if 0
+                debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
-        /* XXX not ready, too heavy after chroot */
+                    (u_int)privsep_pw->pw_gid);
-        do_setusercontext(privsep_pw);
+                gidset[0] = privsep_pw->pw_gid;
-#else
+                if (setgroups(1, gidset) < 0)
-        gidset[0] = privsep_pw->pw_gid;
+                        fatal("setgroups: %.100s", strerror(errno));
-        if (setgroups(1, gidset) < 0)
+                permanently_set_uid(privsep_pw);
-                fatal("setgroups: %.100s", strerror(errno));
+        }
-        permanently_set_uid(privsep_pw);
-#endif
 }
 static int
@@ -716,9 +713,7 @@ privsep_preauth(Authctxt *authctxt)
                /* Arrange for logging to be sent to the monitor */
                set_log_handler(mm_log_handler, pmonitor);
-                /* Demote the child */
+                privsep_preauth_child();
-                if (getuid() == 0 || geteuid() == 0)
-                        privsep_preauth_child();
                setproctitle("%s", "[net]");
                if (box != NULL)
                        ssh_sandbox_child(box);
@@ -820,6 +815,12 @@ list_hostkey_types(void)
                                buffer_append(&b, ",", 1);
                        p = key_ssh_name(key);
                        buffer_append(&b, p, strlen(p));
+                        /* for RSA we also support SHA2 signatures */
+                        if (key->type == KEY_RSA) {
+                                p = ",rsa-sha2-512,rsa-sha2-256";
+                                buffer_append(&b, p, strlen(p));
+                        }
                        break;
                }
                /* If the private key has a cert peer, then list that too */
@@ -1255,8 +1256,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
        for (;;) {
                if (received_sighup)
                        sighup_restart();
-                if (fdset != NULL)
+                free(fdset);
-                        free(fdset);
                fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
                    sizeof(fd_mask));
@@ -1476,6 +1476,8 @@ main(int ac, char **av)
        Authctxt *authctxt;
        struct connection_info *connection_info = get_connection_info(0, 0);
+        ssh_malloc_init();      /* must be called before any mallocs */
 #ifdef HAVE_SECUREWARE
        (void)set_auth_parameters(ac, av);
 #endif
@@ -1536,7 +1538,7 @@ main(int ac, char **av)
                        no_daemon_flag = 1;
                        break;
                case 'E':
-                        logfile = xstrdup(optarg);
+                        logfile = optarg;
                        /* FALLTHROUGH */
                case 'e':
                        log_stderr = 1;
@@ -1638,10 +1640,8 @@ main(int ac, char **av)
 #endif
        /* If requested, redirect the logs to the specified logfile. */
-        if (logfile != NULL) {
+        if (logfile != NULL)
                log_redirect_stderr_to(logfile);
-                free(logfile);
-        }
        /*
         * Force logging to stderr until we have loaded the private host
         * key (unless started from inetd)
@@ -2513,24 +2513,26 @@ do_ssh1_kex(void)
 int
 sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen,
-    const u_char *data, size_t dlen, u_int flag)
+    const u_char *data, size_t dlen, const char *alg, u_int flag)
 {
        int r;
        u_int xxx_slen, xxx_dlen = dlen;
        if (privkey) {
-                if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0))
+                if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen,
+                    alg) < 0))
                        fatal("%s: key_sign failed", __func__);
                if (slen)
                        *slen = xxx_slen;
        } else if (use_privsep) {
-                if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0)
+                if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen,
+                    alg) < 0)
                        fatal("%s: pubkey_sign failed", __func__);
                if (slen)
                        *slen = xxx_slen;
        } else {
                if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,
-                    data, dlen, datafellows)) != 0)
+                    data, dlen, alg, datafellows)) != 0)
                        fatal("%s: ssh_agent_sign failed: %s",
                            __func__, ssh_err(r));
        }
@@ -2563,7 +2565,7 @@ do_ssh2_kex(void)
        }
        if (options.rekey_limit || options.rekey_interval)
-                packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+                packet_set_rekey_limits(options.rekey_limit,
                    (time_t)options.rekey_interval);
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(

diff --git a/sshd.c b/sshd.c index 43d465085..430569c46 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */	1	/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -121,7 +121,6 @@
121	#include "ssh-gss.h"	121	#include "ssh-gss.h"
122	#endif	122	#endif
123	#include "monitor_wrap.h"	123	#include "monitor_wrap.h"
124	#include "roaming.h"
125	#include "ssh-sandbox.h"	124	#include "ssh-sandbox.h"
126	#include "version.h"	125	#include "version.h"
127	#include "ssherr.h"	126	#include "ssherr.h"
@@ -437,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
437	options.version_addendum, newline);	436	options.version_addendum, newline);
438		437
439	/* Send our protocol version identification. */	438	/* Send our protocol version identification. */
440	if (roaming_atomicio(vwrite, sock_out, server_version_string,	439	if (atomicio(vwrite, sock_out, server_version_string,
441	strlen(server_version_string))	440	strlen(server_version_string))
442	!= strlen(server_version_string)) {	441	!= strlen(server_version_string)) {
443	logit("Could not write ident string to %s", get_remote_ipaddr());	442	logit("Could not write ident string to %s", get_remote_ipaddr());
@@ -447,7 +446,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
447	/* Read other sides version identification. */	446	/* Read other sides version identification. */
448	memset(buf, 0, sizeof(buf));	447	memset(buf, 0, sizeof(buf));
449	for (i = 0; i < sizeof(buf) - 1; i++) {	448	for (i = 0; i < sizeof(buf) - 1; i++) {
450	if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {	449	if (atomicio(read, sock_in, &buf[i], 1) != 1) {
451	logit("Did not receive identification string from %s",	450	logit("Did not receive identification string from %s",
452	get_remote_ipaddr());	451	get_remote_ipaddr());
453	cleanup_exit(255);	452	cleanup_exit(255);
@@ -632,25 +631,23 @@ privsep_preauth_child(void)
632	/* Demote the private keys to public keys. */	631	/* Demote the private keys to public keys. */
633	demote_sensitive_data();	632	demote_sensitive_data();
634		633
635	/* Change our root directory */	634	/* Demote the child */
636	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)	635	if (getuid() == 0 \|\| geteuid() == 0) {
637	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,	636	/* Change our root directory */
638	strerror(errno));	637	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
639	if (chdir("/") == -1)	638	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
640	fatal("chdir(\"/\"): %s", strerror(errno));	639	strerror(errno));
641		640	if (chdir("/") == -1)
642	/* Drop our privileges */	641	fatal("chdir(\"/\"): %s", strerror(errno));
643	debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,	642
644	(u_int)privsep_pw->pw_gid);	643	/* Drop our privileges */
645	#if 0	644	debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
646	/* XXX not ready, too heavy after chroot */	645	(u_int)privsep_pw->pw_gid);
647	do_setusercontext(privsep_pw);	646	gidset[0] = privsep_pw->pw_gid;
648	#else	647	if (setgroups(1, gidset) < 0)
649	gidset[0] = privsep_pw->pw_gid;	648	fatal("setgroups: %.100s", strerror(errno));
650	if (setgroups(1, gidset) < 0)	649	permanently_set_uid(privsep_pw);
651	fatal("setgroups: %.100s", strerror(errno));	650	}
652	permanently_set_uid(privsep_pw);
653	#endif
654	}	651	}
655		652
656	static int	653	static int
@@ -716,9 +713,7 @@ privsep_preauth(Authctxt *authctxt)
716	/* Arrange for logging to be sent to the monitor */	713	/* Arrange for logging to be sent to the monitor */
717	set_log_handler(mm_log_handler, pmonitor);	714	set_log_handler(mm_log_handler, pmonitor);
718		715
719	/* Demote the child */	716	privsep_preauth_child();
720	if (getuid() == 0 \|\| geteuid() == 0)
721	privsep_preauth_child();
722	setproctitle("%s", "[net]");	717	setproctitle("%s", "[net]");
723	if (box != NULL)	718	if (box != NULL)
724	ssh_sandbox_child(box);	719	ssh_sandbox_child(box);
@@ -820,6 +815,12 @@ list_hostkey_types(void)
820	buffer_append(&b, ",", 1);	815	buffer_append(&b, ",", 1);
821	p = key_ssh_name(key);	816	p = key_ssh_name(key);
822	buffer_append(&b, p, strlen(p));	817	buffer_append(&b, p, strlen(p));
		818
		819	/* for RSA we also support SHA2 signatures */
		820	if (key->type == KEY_RSA) {
		821	p = ",rsa-sha2-512,rsa-sha2-256";
		822	buffer_append(&b, p, strlen(p));
		823	}
823	break;	824	break;
824	}	825	}
825	/* If the private key has a cert peer, then list that too */	826	/* If the private key has a cert peer, then list that too */
@@ -1255,8 +1256,7 @@ server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
1255	for (;;) {	1256	for (;;) {
1256	if (received_sighup)	1257	if (received_sighup)
1257	sighup_restart();	1258	sighup_restart();
1258	if (fdset != NULL)	1259	free(fdset);
1259	free(fdset);
1260	fdset = xcalloc(howmany(maxfd + 1, NFDBITS),	1260	fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
1261	sizeof(fd_mask));	1261	sizeof(fd_mask));
1262		1262
@@ -1476,6 +1476,8 @@ main(int ac, char **av)
1476	Authctxt *authctxt;	1476	Authctxt *authctxt;
1477	struct connection_info *connection_info = get_connection_info(0, 0);	1477	struct connection_info *connection_info = get_connection_info(0, 0);
1478		1478
		1479	ssh_malloc_init(); /* must be called before any mallocs */
		1480
1479	#ifdef HAVE_SECUREWARE	1481	#ifdef HAVE_SECUREWARE
1480	(void)set_auth_parameters(ac, av);	1482	(void)set_auth_parameters(ac, av);
1481	#endif	1483	#endif
@@ -1536,7 +1538,7 @@ main(int ac, char **av)
1536	no_daemon_flag = 1;	1538	no_daemon_flag = 1;
1537	break;	1539	break;
1538	case 'E':	1540	case 'E':
1539	logfile = xstrdup(optarg);	1541	logfile = optarg;
1540	/* FALLTHROUGH */	1542	/* FALLTHROUGH */
1541	case 'e':	1543	case 'e':
1542	log_stderr = 1;	1544	log_stderr = 1;
@@ -1638,10 +1640,8 @@ main(int ac, char **av)
1638	#endif	1640	#endif
1639		1641
1640	/* If requested, redirect the logs to the specified logfile. */	1642	/* If requested, redirect the logs to the specified logfile. */
1641	if (logfile != NULL) {	1643	if (logfile != NULL)
1642	log_redirect_stderr_to(logfile);	1644	log_redirect_stderr_to(logfile);
1643	free(logfile);
1644	}
1645	/*	1645	/*
1646	* Force logging to stderr until we have loaded the private host	1646	* Force logging to stderr until we have loaded the private host
1647	* key (unless started from inetd)	1647	* key (unless started from inetd)
@@ -2513,24 +2513,26 @@ do_ssh1_kex(void)
2513		2513
2514	int	2514	int
2515	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, size_t slen,	2515	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, size_t slen,
2516	const u_char *data, size_t dlen, u_int flag)	2516	const u_char data, size_t dlen, const char alg, u_int flag)
2517	{	2517	{
2518	int r;	2518	int r;
2519	u_int xxx_slen, xxx_dlen = dlen;	2519	u_int xxx_slen, xxx_dlen = dlen;
2520		2520
2521	if (privkey) {	2521	if (privkey) {
2522	if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0))	2522	if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen,
		2523	alg) < 0))
2523	fatal("%s: key_sign failed", __func__);	2524	fatal("%s: key_sign failed", __func__);
2524	if (slen)	2525	if (slen)
2525	*slen = xxx_slen;	2526	*slen = xxx_slen;
2526	} else if (use_privsep) {	2527	} else if (use_privsep) {
2527	if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0)	2528	if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen,
		2529	alg) < 0)
2528	fatal("%s: pubkey_sign failed", __func__);	2530	fatal("%s: pubkey_sign failed", __func__);
2529	if (slen)	2531	if (slen)
2530	*slen = xxx_slen;	2532	*slen = xxx_slen;
2531	} else {	2533	} else {
2532	if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,	2534	if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,
2533	data, dlen, datafellows)) != 0)	2535	data, dlen, alg, datafellows)) != 0)
2534	fatal("%s: ssh_agent_sign failed: %s",	2536	fatal("%s: ssh_agent_sign failed: %s",
2535	__func__, ssh_err(r));	2537	__func__, ssh_err(r));
2536	}	2538	}
@@ -2563,7 +2565,7 @@ do_ssh2_kex(void)
2563	}	2565	}
2564		2566
2565	if (options.rekey_limit \|\| options.rekey_interval)	2567	if (options.rekey_limit \|\| options.rekey_interval)
2566	packet_set_rekey_limits((u_int32_t)options.rekey_limit,	2568	packet_set_rekey_limits(options.rekey_limit,
2567	(time_t)options.rekey_interval);	2569	(time_t)options.rekey_interval);
2568		2570
2569	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2571	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(