1 files changed, 39 insertions, 37 deletions
diff --git a/sshd.c b/sshd.c
index 366ae92a2..8802d18b2 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */
+/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -125,7 +125,6 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
-#include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
 #include "ssherr.h"
@@ -453,7 +452,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
            options.version_addendum, newline);
        /* Send our protocol version identification. */
-        if (roaming_atomicio(vwrite, sock_out, server_version_string,
+        if (atomicio(vwrite, sock_out, server_version_string,
            strlen(server_version_string))
            != strlen(server_version_string)) {
                logit("Could not write ident string to %s", get_remote_ipaddr());
@@ -463,7 +462,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
        /* Read other sides version identification. */
        memset(buf, 0, sizeof(buf));
        for (i = 0; i < sizeof(buf) - 1; i++) {
-                if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
+                if (atomicio(read, sock_in, &buf[i], 1) != 1) {
                        logit("Did not receive identification string from %s",
                            get_remote_ipaddr());
                        cleanup_exit(255);
@@ -648,25 +647,23 @@ privsep_preauth_child(void)
        /* Demote the private keys to public keys. */
        demote_sensitive_data();
-        /* Change our root directory */
+        /* Demote the child */
-        if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
+        if (getuid() == 0 || geteuid() == 0) {
-                fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
+                /* Change our root directory */
-                    strerror(errno));
+                if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
-        if (chdir("/") == -1)
+                        fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-                fatal("chdir(\"/\"): %s", strerror(errno));
+                            strerror(errno));
+                if (chdir("/") == -1)
-        /* Drop our privileges */
+                        fatal("chdir(\"/\"): %s", strerror(errno));
-        debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
-            (u_int)privsep_pw->pw_gid);
+                /* Drop our privileges */
-#if 0
+                debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
-        /* XXX not ready, too heavy after chroot */
+                    (u_int)privsep_pw->pw_gid);
-        do_setusercontext(privsep_pw);
+                gidset[0] = privsep_pw->pw_gid;
-#else
+                if (setgroups(1, gidset) < 0)
-        gidset[0] = privsep_pw->pw_gid;
+                        fatal("setgroups: %.100s", strerror(errno));
-        if (setgroups(1, gidset) < 0)
+                permanently_set_uid(privsep_pw);
-                fatal("setgroups: %.100s", strerror(errno));
+        }
-        permanently_set_uid(privsep_pw);
-#endif
 }
 static int
@@ -732,9 +729,7 @@ privsep_preauth(Authctxt *authctxt)
                /* Arrange for logging to be sent to the monitor */
                set_log_handler(mm_log_handler, pmonitor);
-                /* Demote the child */
+                privsep_preauth_child();
-                if (getuid() == 0 || geteuid() == 0)
-                        privsep_preauth_child();
                setproctitle("%s", "[net]");
                if (box != NULL)
                        ssh_sandbox_child(box);
@@ -836,6 +831,12 @@ list_hostkey_types(void)
                                buffer_append(&b, ",", 1);
                        p = key_ssh_name(key);
                        buffer_append(&b, p, strlen(p));
+                        /* for RSA we also support SHA2 signatures */
+                        if (key->type == KEY_RSA) {
+                                p = ",rsa-sha2-512,rsa-sha2-256";
+                                buffer_append(&b, p, strlen(p));
+                        }
                        break;
                }
                /* If the private key has a cert peer, then list that too */
@@ -1271,8 +1272,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
        for (;;) {
                if (received_sighup)
                        sighup_restart();
-                if (fdset != NULL)
+                free(fdset);
-                        free(fdset);
                fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
                    sizeof(fd_mask));
@@ -1492,6 +1492,8 @@ main(int ac, char **av)
        Authctxt *authctxt;
        struct connection_info *connection_info = get_connection_info(0, 0);
+        ssh_malloc_init();      /* must be called before any mallocs */
 #ifdef HAVE_SECUREWARE
        (void)set_auth_parameters(ac, av);
 #endif
@@ -1552,7 +1554,7 @@ main(int ac, char **av)
                        no_daemon_flag = 1;
                        break;
                case 'E':
-                        logfile = xstrdup(optarg);
+                        logfile = optarg;
                        /* FALLTHROUGH */
                case 'e':
                        log_stderr = 1;
@@ -1654,10 +1656,8 @@ main(int ac, char **av)
 #endif
        /* If requested, redirect the logs to the specified logfile. */
-        if (logfile != NULL) {
+        if (logfile != NULL)
                log_redirect_stderr_to(logfile);
-                free(logfile);
-        }
        /*
         * Force logging to stderr until we have loaded the private host
         * key (unless started from inetd)
@@ -2619,24 +2619,26 @@ do_ssh1_kex(void)
 int
 sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen,
-    const u_char *data, size_t dlen, u_int flag)
+    const u_char *data, size_t dlen, const char *alg, u_int flag)
 {
        int r;
        u_int xxx_slen, xxx_dlen = dlen;
        if (privkey) {
-                if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0))
+                if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen,
+                    alg) < 0))
                        fatal("%s: key_sign failed", __func__);
                if (slen)
                        *slen = xxx_slen;
        } else if (use_privsep) {
-                if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0)
+                if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen,
+                    alg) < 0)
                        fatal("%s: pubkey_sign failed", __func__);
                if (slen)
                        *slen = xxx_slen;
        } else {
                if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,
-                    data, dlen, datafellows)) != 0)
+                    data, dlen, alg, datafellows)) != 0)
                        fatal("%s: ssh_agent_sign failed: %s",
                            __func__, ssh_err(r));
        }
@@ -2669,7 +2671,7 @@ do_ssh2_kex(void)
        }
        if (options.rekey_limit || options.rekey_interval)
-                packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+                packet_set_rekey_limits(options.rekey_limit,
                    (time_t)options.rekey_interval);
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(

diff --git a/sshd.c b/sshd.c index 366ae92a2..8802d18b2 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */	1	/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -125,7 +125,6 @@
125	#include "ssh-gss.h"	125	#include "ssh-gss.h"
126	#endif	126	#endif
127	#include "monitor_wrap.h"	127	#include "monitor_wrap.h"
128	#include "roaming.h"
129	#include "ssh-sandbox.h"	128	#include "ssh-sandbox.h"
130	#include "version.h"	129	#include "version.h"
131	#include "ssherr.h"	130	#include "ssherr.h"
@@ -453,7 +452,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
453	options.version_addendum, newline);	452	options.version_addendum, newline);
454		453
455	/* Send our protocol version identification. */	454	/* Send our protocol version identification. */
456	if (roaming_atomicio(vwrite, sock_out, server_version_string,	455	if (atomicio(vwrite, sock_out, server_version_string,
457	strlen(server_version_string))	456	strlen(server_version_string))
458	!= strlen(server_version_string)) {	457	!= strlen(server_version_string)) {
459	logit("Could not write ident string to %s", get_remote_ipaddr());	458	logit("Could not write ident string to %s", get_remote_ipaddr());
@@ -463,7 +462,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
463	/* Read other sides version identification. */	462	/* Read other sides version identification. */
464	memset(buf, 0, sizeof(buf));	463	memset(buf, 0, sizeof(buf));
465	for (i = 0; i < sizeof(buf) - 1; i++) {	464	for (i = 0; i < sizeof(buf) - 1; i++) {
466	if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {	465	if (atomicio(read, sock_in, &buf[i], 1) != 1) {
467	logit("Did not receive identification string from %s",	466	logit("Did not receive identification string from %s",
468	get_remote_ipaddr());	467	get_remote_ipaddr());
469	cleanup_exit(255);	468	cleanup_exit(255);
@@ -648,25 +647,23 @@ privsep_preauth_child(void)
648	/* Demote the private keys to public keys. */	647	/* Demote the private keys to public keys. */
649	demote_sensitive_data();	648	demote_sensitive_data();
650		649
651	/* Change our root directory */	650	/* Demote the child */
652	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)	651	if (getuid() == 0 \|\| geteuid() == 0) {
653	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,	652	/* Change our root directory */
654	strerror(errno));	653	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
655	if (chdir("/") == -1)	654	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
656	fatal("chdir(\"/\"): %s", strerror(errno));	655	strerror(errno));
657		656	if (chdir("/") == -1)
658	/* Drop our privileges */	657	fatal("chdir(\"/\"): %s", strerror(errno));
659	debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,	658
660	(u_int)privsep_pw->pw_gid);	659	/* Drop our privileges */
661	#if 0	660	debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
662	/* XXX not ready, too heavy after chroot */	661	(u_int)privsep_pw->pw_gid);
663	do_setusercontext(privsep_pw);	662	gidset[0] = privsep_pw->pw_gid;
664	#else	663	if (setgroups(1, gidset) < 0)
665	gidset[0] = privsep_pw->pw_gid;	664	fatal("setgroups: %.100s", strerror(errno));
666	if (setgroups(1, gidset) < 0)	665	permanently_set_uid(privsep_pw);
667	fatal("setgroups: %.100s", strerror(errno));	666	}
668	permanently_set_uid(privsep_pw);
669	#endif
670	}	667	}
671		668
672	static int	669	static int
@@ -732,9 +729,7 @@ privsep_preauth(Authctxt *authctxt)
732	/* Arrange for logging to be sent to the monitor */	729	/* Arrange for logging to be sent to the monitor */
733	set_log_handler(mm_log_handler, pmonitor);	730	set_log_handler(mm_log_handler, pmonitor);
734		731
735	/* Demote the child */	732	privsep_preauth_child();
736	if (getuid() == 0 \|\| geteuid() == 0)
737	privsep_preauth_child();
738	setproctitle("%s", "[net]");	733	setproctitle("%s", "[net]");
739	if (box != NULL)	734	if (box != NULL)
740	ssh_sandbox_child(box);	735	ssh_sandbox_child(box);
@@ -836,6 +831,12 @@ list_hostkey_types(void)
836	buffer_append(&b, ",", 1);	831	buffer_append(&b, ",", 1);
837	p = key_ssh_name(key);	832	p = key_ssh_name(key);
838	buffer_append(&b, p, strlen(p));	833	buffer_append(&b, p, strlen(p));
		834
		835	/* for RSA we also support SHA2 signatures */
		836	if (key->type == KEY_RSA) {
		837	p = ",rsa-sha2-512,rsa-sha2-256";
		838	buffer_append(&b, p, strlen(p));
		839	}
839	break;	840	break;
840	}	841	}
841	/* If the private key has a cert peer, then list that too */	842	/* If the private key has a cert peer, then list that too */
@@ -1271,8 +1272,7 @@ server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
1271	for (;;) {	1272	for (;;) {
1272	if (received_sighup)	1273	if (received_sighup)
1273	sighup_restart();	1274	sighup_restart();
1274	if (fdset != NULL)	1275	free(fdset);
1275	free(fdset);
1276	fdset = xcalloc(howmany(maxfd + 1, NFDBITS),	1276	fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
1277	sizeof(fd_mask));	1277	sizeof(fd_mask));
1278		1278
@@ -1492,6 +1492,8 @@ main(int ac, char **av)
1492	Authctxt *authctxt;	1492	Authctxt *authctxt;
1493	struct connection_info *connection_info = get_connection_info(0, 0);	1493	struct connection_info *connection_info = get_connection_info(0, 0);
1494		1494
		1495	ssh_malloc_init(); /* must be called before any mallocs */
		1496
1495	#ifdef HAVE_SECUREWARE	1497	#ifdef HAVE_SECUREWARE
1496	(void)set_auth_parameters(ac, av);	1498	(void)set_auth_parameters(ac, av);
1497	#endif	1499	#endif
@@ -1552,7 +1554,7 @@ main(int ac, char **av)
1552	no_daemon_flag = 1;	1554	no_daemon_flag = 1;
1553	break;	1555	break;
1554	case 'E':	1556	case 'E':
1555	logfile = xstrdup(optarg);	1557	logfile = optarg;
1556	/* FALLTHROUGH */	1558	/* FALLTHROUGH */
1557	case 'e':	1559	case 'e':
1558	log_stderr = 1;	1560	log_stderr = 1;
@@ -1654,10 +1656,8 @@ main(int ac, char **av)
1654	#endif	1656	#endif
1655		1657
1656	/* If requested, redirect the logs to the specified logfile. */	1658	/* If requested, redirect the logs to the specified logfile. */
1657	if (logfile != NULL) {	1659	if (logfile != NULL)
1658	log_redirect_stderr_to(logfile);	1660	log_redirect_stderr_to(logfile);
1659	free(logfile);
1660	}
1661	/*	1661	/*
1662	* Force logging to stderr until we have loaded the private host	1662	* Force logging to stderr until we have loaded the private host
1663	* key (unless started from inetd)	1663	* key (unless started from inetd)
@@ -2619,24 +2619,26 @@ do_ssh1_kex(void)
2619		2619
2620	int	2620	int
2621	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, size_t slen,	2621	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, size_t slen,
2622	const u_char *data, size_t dlen, u_int flag)	2622	const u_char data, size_t dlen, const char alg, u_int flag)
2623	{	2623	{
2624	int r;	2624	int r;
2625	u_int xxx_slen, xxx_dlen = dlen;	2625	u_int xxx_slen, xxx_dlen = dlen;
2626		2626
2627	if (privkey) {	2627	if (privkey) {
2628	if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0))	2628	if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen,
		2629	alg) < 0))
2629	fatal("%s: key_sign failed", __func__);	2630	fatal("%s: key_sign failed", __func__);
2630	if (slen)	2631	if (slen)
2631	*slen = xxx_slen;	2632	*slen = xxx_slen;
2632	} else if (use_privsep) {	2633	} else if (use_privsep) {
2633	if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0)	2634	if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen,
		2635	alg) < 0)
2634	fatal("%s: pubkey_sign failed", __func__);	2636	fatal("%s: pubkey_sign failed", __func__);
2635	if (slen)	2637	if (slen)
2636	*slen = xxx_slen;	2638	*slen = xxx_slen;
2637	} else {	2639	} else {
2638	if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,	2640	if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,
2639	data, dlen, datafellows)) != 0)	2641	data, dlen, alg, datafellows)) != 0)
2640	fatal("%s: ssh_agent_sign failed: %s",	2642	fatal("%s: ssh_agent_sign failed: %s",
2641	__func__, ssh_err(r));	2643	__func__, ssh_err(r));
2642	}	2644	}
@@ -2669,7 +2671,7 @@ do_ssh2_kex(void)
2669	}	2671	}
2670		2672
2671	if (options.rekey_limit \|\| options.rekey_interval)	2673	if (options.rekey_limit \|\| options.rekey_interval)
2672	packet_set_rekey_limits((u_int32_t)options.rekey_limit,	2674	packet_set_rekey_limits(options.rekey_limit,
2673	(time_t)options.rekey_interval);	2675	(time_t)options.rekey_interval);
2674		2676
2675	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2677	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(