1 files changed, 114 insertions, 67 deletions
diff --git a/sshd.c b/sshd.c
index 92fab6ccd..d49973859 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.276 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -112,7 +112,11 @@ char *config_file_name = _PATH_SERVER_CONFIG_FILE;
 * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
 * Default value is AF_UNSPEC means both IPv4 and IPv6.
 */
+#ifdef IPV4_DEFAULT
+int IPv4or6 = AF_INET;
+#else
 int IPv4or6 = AF_UNSPEC;
+#endif
 /*
 * Debug mode flag.  This can be set on the command line.  If debug
@@ -188,7 +192,7 @@ u_char session_id[16];
 /* same for ssh2 */
 u_char *session_id2 = NULL;
-u_int session_id2_len = 0;
+int session_id2_len = 0;
 /* record remote hostname or ip */
 u_int utmp_len = MAXHOSTNAMELEN;
@@ -201,9 +205,6 @@ int startup_pipe;		/* in child */
 int use_privsep;
 struct monitor *pmonitor;
-/* message to be displayed after login */
-Buffer loginmsg;
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
@@ -257,11 +258,11 @@ sighup_handler(int sig)
 static void
 sighup_restart(void)
 {
-        logit("Received SIGHUP; restarting.");
+        log("Received SIGHUP; restarting.");
        close_listen_socks();
        close_startup_pipes();
        execv(saved_argv[0], saved_argv);
-        logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+        log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
            strerror(errno));
        exit(1);
 }
@@ -370,37 +371,39 @@ sshd_exchange_identification(int sock_in, int sock_out)
        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
        server_version_string = xstrdup(buf);
-        /* Send our protocol version identification. */
+        if (client_version_string == NULL) {
-        if (atomicio(vwrite, sock_out, server_version_string,
+                /* Send our protocol version identification. */
-            strlen(server_version_string))
+                if (atomicio(write, sock_out, server_version_string,
-            != strlen(server_version_string)) {
+                    strlen(server_version_string))
-                logit("Could not write ident string to %s", get_remote_ipaddr());
+                    != strlen(server_version_string)) {
-                fatal_cleanup();
+                        log("Could not write ident string to %s", get_remote_ipaddr());
-        }
-        /* Read other sides version identification. */
-        memset(buf, 0, sizeof(buf));
-        for (i = 0; i < sizeof(buf) - 1; i++) {
-                if (atomicio(read, sock_in, &buf[i], 1) != 1) {
-                        logit("Did not receive identification string from %s",
-                            get_remote_ipaddr());
                        fatal_cleanup();
                }
-                if (buf[i] == '\r') {
-                        buf[i] = 0;
+                /* Read other sides version identification. */
-                        /* Kludge for F-Secure Macintosh < 1.0.2 */
+                memset(buf, 0, sizeof(buf));
-                        if (i == 12 &&
+                for (i = 0; i < sizeof(buf) - 1; i++) {
-                            strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
+                        if (atomicio(read, sock_in, &buf[i], 1) != 1) {
+                                log("Did not receive identification string from %s",
+                                    get_remote_ipaddr());
+                                fatal_cleanup();
+                        }
+                        if (buf[i] == '\r') {
+                                buf[i] = 0;
+                                /* Kludge for F-Secure Macintosh < 1.0.2 */
+                                if (i == 12 &&
+                                    strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
+                                        break;
+                                continue;
+                        }
+                        if (buf[i] == '\n') {
+                                buf[i] = 0;
                                break;
-                        continue;
+                        }
-                }
-                if (buf[i] == '\n') {
-                        buf[i] = 0;
-                        break;
                }
+                buf[sizeof(buf) - 1] = 0;
+                client_version_string = xstrdup(buf);
        }
-        buf[sizeof(buf) - 1] = 0;
-        client_version_string = xstrdup(buf);
        /*
         * Check that the versions match.  In future this might accept
@@ -409,10 +412,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
        if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
            &remote_major, &remote_minor, remote_version) != 3) {
                s = "Protocol mismatch.\n";
-                (void) atomicio(vwrite, sock_out, s, strlen(s));
+                (void) atomicio(write, sock_out, s, strlen(s));
                close(sock_in);
                close(sock_out);
-                logit("Bad protocol version identification '%.100s' from %s",
+                log("Bad protocol version identification '%.100s' from %s",
                    client_version_string, get_remote_ipaddr());
                fatal_cleanup();
        }
@@ -422,13 +425,13 @@ sshd_exchange_identification(int sock_in, int sock_out)
        compat_datafellows(remote_version);
        if (datafellows & SSH_BUG_PROBE) {
-                logit("probed from %s with %s.  Don't panic.",
+                log("probed from %s with %s.  Don't panic.",
                    get_remote_ipaddr(), client_version_string);
                fatal_cleanup();
        }
        if (datafellows & SSH_BUG_SCANNER) {
-                logit("scanned from %s with %s.  Don't panic.",
+                log("scanned from %s with %s.  Don't panic.",
                    get_remote_ipaddr(), client_version_string);
                fatal_cleanup();
        }
@@ -470,10 +473,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
        if (mismatch) {
                s = "Protocol major versions differ.\n";
-                (void) atomicio(vwrite, sock_out, s, strlen(s));
+                (void) atomicio(write, sock_out, s, strlen(s));
                close(sock_in);
                close(sock_out);
-                logit("Protocol major versions differ for %s: %.200s vs. %.200s",
+                log("Protocol major versions differ for %s: %.200s vs. %.200s",
                    get_remote_ipaddr(),
                    server_version_string, client_version_string);
                fatal_cleanup();
@@ -565,6 +568,8 @@ privsep_preauth_child(void)
        do_setusercontext(pw);
 #else
        gidset[0] = pw->pw_gid;
+        if (setgid(pw->pw_gid) < 0)
+                fatal("setgid failed for %u", pw->pw_gid );
        if (setgroups(1, gidset) < 0)
                fatal("setgroups: %.100s", strerror(errno));
        permanently_set_uid(pw);
@@ -819,27 +824,26 @@ main(int ac, char **av)
 #ifdef HAVE_SECUREWARE
        (void)set_auth_parameters(ac, av);
 #endif
-        __progname = ssh_get_progname(av[0]);
+        __progname = get_progname(av[0]);
        init_rng();
        /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
        saved_argc = ac;
-        saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
+        saved_argv = av;
+        saved_argv = xmalloc(sizeof(*saved_argv) * ac);
        for (i = 0; i < ac; i++)
                saved_argv[i] = xstrdup(av[i]);
-        saved_argv[i] = NULL;
 #ifndef HAVE_SETPROCTITLE
        /* Prepare for later setproctitle emulation */
        compat_init_setproctitle(ac, av);
-        av = saved_argv;
 #endif
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);
        /* Parse command-line arguments. */
-        while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {
+        while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:o:dDeiqtQ46")) != -1) {
                switch (opt) {
                case '4':
                        IPv4or6 = AF_INET;
@@ -851,11 +855,15 @@ main(int ac, char **av)
                        config_file_name = optarg;
                        break;
                case 'd':
-                        if (debug_flag == 0) {
+                        if (0 == debug_flag) {
                                debug_flag = 1;
                                options.log_level = SYSLOG_LEVEL_DEBUG1;
-                        } else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
+                        } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
                                options.log_level++;
+                        } else {
+                                fprintf(stderr, "Too high debugging level.\n");
+                                exit(1);
+                        }
                        break;
                case 'D':
                        no_daemon_flag = 1;
@@ -911,6 +919,11 @@ main(int ac, char **av)
                        }
                        options.host_key_files[options.num_host_key_files++] = optarg;
                        break;
+                case 'V':
+                        client_version_string = optarg;
+                        /* only makes sense with inetd_flag, i.e. no listen() */
+                        inetd_flag = 1;
+                        break;
                case 't':
                        test_flag = 1;
                        break;
@@ -1002,15 +1015,15 @@ main(int ac, char **av)
                    key_type(key));
        }
        if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
-                logit("Disabling protocol version 1. Could not load host key");
+                log("Disabling protocol version 1. Could not load host key");
                options.protocol &= ~SSH_PROTO_1;
        }
        if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
-                logit("Disabling protocol version 2. Could not load host key");
+                log("Disabling protocol version 2. Could not load host key");
                options.protocol &= ~SSH_PROTO_2;
        }
        if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
-                logit("sshd: no hostkeys available -- exiting.");
+                log("sshd: no hostkeys available -- exiting.");
                exit(1);
        }
@@ -1145,8 +1158,7 @@ main(int ac, char **av)
                                continue;
                        }
                        /* Create socket for listening. */
-                        listen_sock = socket(ai->ai_family, ai->ai_socktype,
+                        listen_sock = socket(ai->ai_family, SOCK_STREAM, 0);
-                            ai->ai_protocol);
                        if (listen_sock < 0) {
                                /* kernel may not support ipv6 */
                                verbose("socket: %.100s", strerror(errno));
@@ -1179,7 +1191,7 @@ main(int ac, char **av)
                        num_listen_socks++;
                        /* Start listening on the port. */
-                        logit("Server listening on %s port %s.", ntop, strport);
+                        log("Server listening on %s port %s.", ntop, strport);
                        if (listen(listen_sock, 5) < 0)
                                fatal("listen: %.100s", strerror(errno));
@@ -1214,10 +1226,7 @@ main(int ac, char **av)
                         * overwrite any old pid in the file.
                         */
                        f = fopen(options.pid_file, "wb");
-                        if (f == NULL) {
+                        if (f) {
-                                error("Couldn't create pid file \"%s\": %s",
-                                    options.pid_file, strerror(errno));
-                        } else {
                                fprintf(f, "%ld\n", (long) getpid());
                                fclose(f);
                        }
@@ -1258,7 +1267,7 @@ main(int ac, char **av)
                        if (ret < 0 && errno != EINTR)
                                error("select: %.100s", strerror(errno));
                        if (received_sigterm) {
-                                logit("Received signal %d; terminating.",
+                                log("Received signal %d; terminating.",
                                    (int) received_sigterm);
                                close_listen_socks();
                                unlink(options.pid_file);
@@ -1396,11 +1405,11 @@ main(int ac, char **av)
         * setlogin() affects the entire process group.  We don't
         * want the child to be able to affect the parent.
         */
-#if !defined(SSHD_ACQUIRES_CTTY)
+#if !defined(STREAMS_PUSH_ACQUIRES_CTTY)
        /*
-         * If setsid is called, on some platforms sshd will later acquire a
+         * If setsid is called on Solaris, sshd will acquire the controlling
-         * controlling terminal which will result in "could not set
+         * terminal while pushing STREAMS modules. This will prevent the
-         * controlling tty" errors.
+         * shell from acquiring it later.
         */
        if (!debug_flag && !inetd_flag && setsid() < 0)
                error("setsid: %.100s", strerror(errno));
@@ -1467,12 +1476,37 @@ main(int ac, char **av)
                alarm(options.login_grace_time);
        sshd_exchange_identification(sock_in, sock_out);
+        /*
+         * Check that the connection comes from a privileged port.
+         * Rhosts-Authentication only makes sense from privileged
+         * programs.  Of course, if the intruder has root access on his local
+         * machine, he can connect from any port.  So do not use these
+         * authentication methods from machines that you do not trust.
+         */
+        if (options.rhosts_authentication &&
+            (remote_port >= IPPORT_RESERVED ||
+            remote_port < IPPORT_RESERVED / 2)) {
+                debug("Rhosts Authentication disabled, "
+                    "originating port %d not trusted.", remote_port);
+                options.rhosts_authentication = 0;
+        }
+#if defined(KRB4) && !defined(KRB5)
+        if (!packet_connection_is_ipv4() &&
+            options.kerberos_authentication) {
+                debug("Kerberos Authentication disabled, only available for IPv4.");
+                options.kerberos_authentication = 0;
+        }
+#endif /* KRB4 && !KRB5 */
+#ifdef AFS
+        /* If machine has AFS, set process authentication group. */
+        if (k_hasafs()) {
+                k_setpag();
+                k_unlog();
+        }
+#endif /* AFS */
        packet_set_nonblocking();
-        /* prepare buffers to collect authentication messages */
-        buffer_init(&loginmsg);
        if (use_privsep)
                if ((authctxt = privsep_preauth()) != NULL)
                        goto authenticated;
@@ -1514,8 +1548,7 @@ main(int ac, char **av)
        verbose("Closing connection to %.100s", remote_ip);
 #ifdef USE_PAM
-        if (options.use_pam)
+        finish_pam();
-                finish_pam();
 #endif /* USE_PAM */
        packet_close();
@@ -1627,10 +1660,24 @@ do_ssh1_kex(void)
        /* Declare supported authentication types. */
        auth_mask = 0;
+        if (options.rhosts_authentication)
+                auth_mask |= 1 << SSH_AUTH_RHOSTS;
        if (options.rhosts_rsa_authentication)
                auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
        if (options.rsa_authentication)
                auth_mask |= 1 << SSH_AUTH_RSA;
+#if defined(KRB4) || defined(KRB5)
+        if (options.kerberos_authentication)
+                auth_mask |= 1 << SSH_AUTH_KERBEROS;
+#endif
+#if defined(AFS) || defined(KRB5)
+        if (options.kerberos_tgt_passing)
+                auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
+#endif
+#ifdef AFS
+        if (options.afs_token_passing)
+                auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
+#endif
        if (options.challenge_response_authentication == 1)
                auth_mask |= 1 << SSH_AUTH_TIS;
        if (options.password_authentication)
@@ -1708,7 +1755,7 @@ do_ssh1_kex(void)
                u_char *buf = xmalloc(bytes);
                MD5_CTX md;
-                logit("do_connection: generating a fake encryption key");
+                log("do_connection: generating a fake encryption key");
                BN_bn2bin(session_key_int, buf);
                MD5_Init(&md);
                MD5_Update(&md, buf, bytes);

diff --git a/sshd.c b/sshd.c index 92fab6ccd..d49973859 100644 --- a/sshd.c +++ b/sshd.c
@@ -42,7 +42,7 @@
42	*/	42	*/
43		43
44	#include "includes.h"	44	#include "includes.h"
45	RCSID("$OpenBSD: sshd.c,v 1.276 2003/08/28 12:54:34 markus Exp $");	45	RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $");
46		46
47	#include <openssl/dh.h>	47	#include <openssl/dh.h>
48	#include <openssl/bn.h>	48	#include <openssl/bn.h>
@@ -112,7 +112,11 @@ char *config_file_name = _PATH_SERVER_CONFIG_FILE;
112	* Flag indicating whether IPv4 or IPv6. This can be set on the command line.	112	* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
113	* Default value is AF_UNSPEC means both IPv4 and IPv6.	113	* Default value is AF_UNSPEC means both IPv4 and IPv6.
114	*/	114	*/
		115	#ifdef IPV4_DEFAULT
		116	int IPv4or6 = AF_INET;
		117	#else
115	int IPv4or6 = AF_UNSPEC;	118	int IPv4or6 = AF_UNSPEC;
		119	#endif
116		120
117	/*	121	/*
118	* Debug mode flag. This can be set on the command line. If debug	122	* Debug mode flag. This can be set on the command line. If debug
@@ -188,7 +192,7 @@ u_char session_id[16];
188		192
189	/* same for ssh2 */	193	/* same for ssh2 */
190	u_char *session_id2 = NULL;	194	u_char *session_id2 = NULL;
191	u_int session_id2_len = 0;	195	int session_id2_len = 0;
192		196
193	/* record remote hostname or ip */	197	/* record remote hostname or ip */
194	u_int utmp_len = MAXHOSTNAMELEN;	198	u_int utmp_len = MAXHOSTNAMELEN;
@@ -201,9 +205,6 @@ int startup_pipe; /* in child */
201	int use_privsep;	205	int use_privsep;
202	struct monitor *pmonitor;	206	struct monitor *pmonitor;
203		207
204	/* message to be displayed after login */
205	Buffer loginmsg;
206
207	/* Prototypes for various functions defined later in this file. */	208	/* Prototypes for various functions defined later in this file. */
208	void destroy_sensitive_data(void);	209	void destroy_sensitive_data(void);
209	void demote_sensitive_data(void);	210	void demote_sensitive_data(void);
@@ -257,11 +258,11 @@ sighup_handler(int sig)
257	static void	258	static void
258	sighup_restart(void)	259	sighup_restart(void)
259	{	260	{
260	logit("Received SIGHUP; restarting.");	261	log("Received SIGHUP; restarting.");
261	close_listen_socks();	262	close_listen_socks();
262	close_startup_pipes();	263	close_startup_pipes();
263	execv(saved_argv[0], saved_argv);	264	execv(saved_argv[0], saved_argv);
264	logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],	265	log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
265	strerror(errno));	266	strerror(errno));
266	exit(1);	267	exit(1);
267	}	268	}
@@ -370,37 +371,39 @@ sshd_exchange_identification(int sock_in, int sock_out)
370	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);	371	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
371	server_version_string = xstrdup(buf);	372	server_version_string = xstrdup(buf);
372		373
373	/* Send our protocol version identification. */	374	if (client_version_string == NULL) {
374	if (atomicio(vwrite, sock_out, server_version_string,	375	/* Send our protocol version identification. */
375	strlen(server_version_string))	376	if (atomicio(write, sock_out, server_version_string,
376	!= strlen(server_version_string)) {	377	strlen(server_version_string))
377	logit("Could not write ident string to %s", get_remote_ipaddr());	378	!= strlen(server_version_string)) {
378	fatal_cleanup();	379	log("Could not write ident string to %s", get_remote_ipaddr());
379	}
380
381	/* Read other sides version identification. */
382	memset(buf, 0, sizeof(buf));
383	for (i = 0; i < sizeof(buf) - 1; i++) {
384	if (atomicio(read, sock_in, &buf[i], 1) != 1) {
385	logit("Did not receive identification string from %s",
386	get_remote_ipaddr());
387	fatal_cleanup();	380	fatal_cleanup();
388	}	381	}
389	if (buf[i] == '\r') {	382
390	buf[i] = 0;	383	/* Read other sides version identification. */
391	/* Kludge for F-Secure Macintosh < 1.0.2 */	384	memset(buf, 0, sizeof(buf));
392	if (i == 12 &&	385	for (i = 0; i < sizeof(buf) - 1; i++) {
393	strncmp(buf, "SSH-1.5-W1.0", 12) == 0)	386	if (atomicio(read, sock_in, &buf[i], 1) != 1) {
		387	log("Did not receive identification string from %s",
		388	get_remote_ipaddr());
		389	fatal_cleanup();
		390	}
		391	if (buf[i] == '\r') {
		392	buf[i] = 0;
		393	/* Kludge for F-Secure Macintosh < 1.0.2 */
		394	if (i == 12 &&
		395	strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
		396	break;
		397	continue;
		398	}
		399	if (buf[i] == '\n') {
		400	buf[i] = 0;
394	break;	401	break;
395	continue;	402	}
396	}
397	if (buf[i] == '\n') {
398	buf[i] = 0;
399	break;
400	}	403	}
		404	buf[sizeof(buf) - 1] = 0;
		405	client_version_string = xstrdup(buf);
401	}	406	}
402	buf[sizeof(buf) - 1] = 0;
403	client_version_string = xstrdup(buf);
404		407
405	/*	408	/*
406	* Check that the versions match. In future this might accept	409	* Check that the versions match. In future this might accept
@@ -409,10 +412,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
409	if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",	412	if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
410	&remote_major, &remote_minor, remote_version) != 3) {	413	&remote_major, &remote_minor, remote_version) != 3) {
411	s = "Protocol mismatch.\n";	414	s = "Protocol mismatch.\n";
412	(void) atomicio(vwrite, sock_out, s, strlen(s));	415	(void) atomicio(write, sock_out, s, strlen(s));
413	close(sock_in);	416	close(sock_in);
414	close(sock_out);	417	close(sock_out);
415	logit("Bad protocol version identification '%.100s' from %s",	418	log("Bad protocol version identification '%.100s' from %s",
416	client_version_string, get_remote_ipaddr());	419	client_version_string, get_remote_ipaddr());
417	fatal_cleanup();	420	fatal_cleanup();
418	}	421	}
@@ -422,13 +425,13 @@ sshd_exchange_identification(int sock_in, int sock_out)
422	compat_datafellows(remote_version);	425	compat_datafellows(remote_version);
423		426
424	if (datafellows & SSH_BUG_PROBE) {	427	if (datafellows & SSH_BUG_PROBE) {
425	logit("probed from %s with %s. Don't panic.",	428	log("probed from %s with %s. Don't panic.",
426	get_remote_ipaddr(), client_version_string);	429	get_remote_ipaddr(), client_version_string);
427	fatal_cleanup();	430	fatal_cleanup();
428	}	431	}
429		432
430	if (datafellows & SSH_BUG_SCANNER) {	433	if (datafellows & SSH_BUG_SCANNER) {
431	logit("scanned from %s with %s. Don't panic.",	434	log("scanned from %s with %s. Don't panic.",
432	get_remote_ipaddr(), client_version_string);	435	get_remote_ipaddr(), client_version_string);
433	fatal_cleanup();	436	fatal_cleanup();
434	}	437	}
@@ -470,10 +473,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
470		473
471	if (mismatch) {	474	if (mismatch) {
472	s = "Protocol major versions differ.\n";	475	s = "Protocol major versions differ.\n";
473	(void) atomicio(vwrite, sock_out, s, strlen(s));	476	(void) atomicio(write, sock_out, s, strlen(s));
474	close(sock_in);	477	close(sock_in);
475	close(sock_out);	478	close(sock_out);
476	logit("Protocol major versions differ for %s: %.200s vs. %.200s",	479	log("Protocol major versions differ for %s: %.200s vs. %.200s",
477	get_remote_ipaddr(),	480	get_remote_ipaddr(),
478	server_version_string, client_version_string);	481	server_version_string, client_version_string);
479	fatal_cleanup();	482	fatal_cleanup();
@@ -565,6 +568,8 @@ privsep_preauth_child(void)
565	do_setusercontext(pw);	568	do_setusercontext(pw);
566	#else	569	#else
567	gidset[0] = pw->pw_gid;	570	gidset[0] = pw->pw_gid;
		571	if (setgid(pw->pw_gid) < 0)
		572	fatal("setgid failed for %u", pw->pw_gid );
568	if (setgroups(1, gidset) < 0)	573	if (setgroups(1, gidset) < 0)
569	fatal("setgroups: %.100s", strerror(errno));	574	fatal("setgroups: %.100s", strerror(errno));
570	permanently_set_uid(pw);	575	permanently_set_uid(pw);
@@ -819,27 +824,26 @@ main(int ac, char **av)
819	#ifdef HAVE_SECUREWARE	824	#ifdef HAVE_SECUREWARE
820	(void)set_auth_parameters(ac, av);	825	(void)set_auth_parameters(ac, av);
821	#endif	826	#endif
822	__progname = ssh_get_progname(av[0]);	827	__progname = get_progname(av[0]);
823	init_rng();	828	init_rng();
824		829
825	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */	830	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
826	saved_argc = ac;	831	saved_argc = ac;
827	saved_argv = xmalloc(sizeof(saved_argv) (ac + 1));	832	saved_argv = av;
		833	saved_argv = xmalloc(sizeof(saved_argv) ac);
828	for (i = 0; i < ac; i++)	834	for (i = 0; i < ac; i++)
829	saved_argv[i] = xstrdup(av[i]);	835	saved_argv[i] = xstrdup(av[i]);
830	saved_argv[i] = NULL;
831		836
832	#ifndef HAVE_SETPROCTITLE	837	#ifndef HAVE_SETPROCTITLE
833	/* Prepare for later setproctitle emulation */	838	/* Prepare for later setproctitle emulation */
834	compat_init_setproctitle(ac, av);	839	compat_init_setproctitle(ac, av);
835	av = saved_argv;
836	#endif	840	#endif
837		841
838	/* Initialize configuration options to their default values. */	842	/* Initialize configuration options to their default values. */
839	initialize_server_options(&options);	843	initialize_server_options(&options);
840		844
841	/* Parse command-line arguments. */	845	/* Parse command-line arguments. */
842	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {	846	while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:o:dDeiqtQ46")) != -1) {
843	switch (opt) {	847	switch (opt) {
844	case '4':	848	case '4':
845	IPv4or6 = AF_INET;	849	IPv4or6 = AF_INET;
@@ -851,11 +855,15 @@ main(int ac, char **av)
851	config_file_name = optarg;	855	config_file_name = optarg;
852	break;	856	break;
853	case 'd':	857	case 'd':
854	if (debug_flag == 0) {	858	if (0 == debug_flag) {
855	debug_flag = 1;	859	debug_flag = 1;
856	options.log_level = SYSLOG_LEVEL_DEBUG1;	860	options.log_level = SYSLOG_LEVEL_DEBUG1;
857	} else if (options.log_level < SYSLOG_LEVEL_DEBUG3)	861	} else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
858	options.log_level++;	862	options.log_level++;
		863	} else {
		864	fprintf(stderr, "Too high debugging level.\n");
		865	exit(1);
		866	}
859	break;	867	break;
860	case 'D':	868	case 'D':
861	no_daemon_flag = 1;	869	no_daemon_flag = 1;
@@ -911,6 +919,11 @@ main(int ac, char **av)
911	}	919	}
912	options.host_key_files[options.num_host_key_files++] = optarg;	920	options.host_key_files[options.num_host_key_files++] = optarg;
913	break;	921	break;
		922	case 'V':
		923	client_version_string = optarg;
		924	/* only makes sense with inetd_flag, i.e. no listen() */
		925	inetd_flag = 1;
		926	break;
914	case 't':	927	case 't':
915	test_flag = 1;	928	test_flag = 1;
916	break;	929	break;
@@ -1002,15 +1015,15 @@ main(int ac, char **av)
1002	key_type(key));	1015	key_type(key));
1003	}	1016	}
1004	if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {	1017	if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
1005	logit("Disabling protocol version 1. Could not load host key");	1018	log("Disabling protocol version 1. Could not load host key");
1006	options.protocol &= ~SSH_PROTO_1;	1019	options.protocol &= ~SSH_PROTO_1;
1007	}	1020	}
1008	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {	1021	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1009	logit("Disabling protocol version 2. Could not load host key");	1022	log("Disabling protocol version 2. Could not load host key");
1010	options.protocol &= ~SSH_PROTO_2;	1023	options.protocol &= ~SSH_PROTO_2;
1011	}	1024	}
1012	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {	1025	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {
1013	logit("sshd: no hostkeys available -- exiting.");	1026	log("sshd: no hostkeys available -- exiting.");
1014	exit(1);	1027	exit(1);
1015	}	1028	}
1016		1029
@@ -1145,8 +1158,7 @@ main(int ac, char **av)
1145	continue;	1158	continue;
1146	}	1159	}
1147	/* Create socket for listening. */	1160	/* Create socket for listening. */
1148	listen_sock = socket(ai->ai_family, ai->ai_socktype,	1161	listen_sock = socket(ai->ai_family, SOCK_STREAM, 0);
1149	ai->ai_protocol);
1150	if (listen_sock < 0) {	1162	if (listen_sock < 0) {
1151	/* kernel may not support ipv6 */	1163	/* kernel may not support ipv6 */
1152	verbose("socket: %.100s", strerror(errno));	1164	verbose("socket: %.100s", strerror(errno));
@@ -1179,7 +1191,7 @@ main(int ac, char **av)
1179	num_listen_socks++;	1191	num_listen_socks++;
1180		1192
1181	/* Start listening on the port. */	1193	/* Start listening on the port. */
1182	logit("Server listening on %s port %s.", ntop, strport);	1194	log("Server listening on %s port %s.", ntop, strport);
1183	if (listen(listen_sock, 5) < 0)	1195	if (listen(listen_sock, 5) < 0)
1184	fatal("listen: %.100s", strerror(errno));	1196	fatal("listen: %.100s", strerror(errno));
1185		1197
@@ -1214,10 +1226,7 @@ main(int ac, char **av)
1214	* overwrite any old pid in the file.	1226	* overwrite any old pid in the file.
1215	*/	1227	*/
1216	f = fopen(options.pid_file, "wb");	1228	f = fopen(options.pid_file, "wb");
1217	if (f == NULL) {	1229	if (f) {
1218	error("Couldn't create pid file \"%s\": %s",
1219	options.pid_file, strerror(errno));
1220	} else {
1221	fprintf(f, "%ld\n", (long) getpid());	1230	fprintf(f, "%ld\n", (long) getpid());
1222	fclose(f);	1231	fclose(f);
1223	}	1232	}
@@ -1258,7 +1267,7 @@ main(int ac, char **av)
1258	if (ret < 0 && errno != EINTR)	1267	if (ret < 0 && errno != EINTR)
1259	error("select: %.100s", strerror(errno));	1268	error("select: %.100s", strerror(errno));
1260	if (received_sigterm) {	1269	if (received_sigterm) {
1261	logit("Received signal %d; terminating.",	1270	log("Received signal %d; terminating.",
1262	(int) received_sigterm);	1271	(int) received_sigterm);
1263	close_listen_socks();	1272	close_listen_socks();
1264	unlink(options.pid_file);	1273	unlink(options.pid_file);
@@ -1396,11 +1405,11 @@ main(int ac, char **av)
1396	* setlogin() affects the entire process group. We don't	1405	* setlogin() affects the entire process group. We don't
1397	* want the child to be able to affect the parent.	1406	* want the child to be able to affect the parent.
1398	*/	1407	*/
1399	#if !defined(SSHD_ACQUIRES_CTTY)	1408	#if !defined(STREAMS_PUSH_ACQUIRES_CTTY)
1400	/*	1409	/*
1401	* If setsid is called, on some platforms sshd will later acquire a	1410	* If setsid is called on Solaris, sshd will acquire the controlling
1402	* controlling terminal which will result in "could not set	1411	* terminal while pushing STREAMS modules. This will prevent the
1403	* controlling tty" errors.	1412	* shell from acquiring it later.
1404	*/	1413	*/
1405	if (!debug_flag && !inetd_flag && setsid() < 0)	1414	if (!debug_flag && !inetd_flag && setsid() < 0)
1406	error("setsid: %.100s", strerror(errno));	1415	error("setsid: %.100s", strerror(errno));
@@ -1467,12 +1476,37 @@ main(int ac, char **av)
1467	alarm(options.login_grace_time);	1476	alarm(options.login_grace_time);
1468		1477
1469	sshd_exchange_identification(sock_in, sock_out);	1478	sshd_exchange_identification(sock_in, sock_out);
		1479	/*
		1480	* Check that the connection comes from a privileged port.
		1481	* Rhosts-Authentication only makes sense from privileged
		1482	* programs. Of course, if the intruder has root access on his local
		1483	* machine, he can connect from any port. So do not use these
		1484	* authentication methods from machines that you do not trust.
		1485	*/
		1486	if (options.rhosts_authentication &&
		1487	(remote_port >= IPPORT_RESERVED \|\|
		1488	remote_port < IPPORT_RESERVED / 2)) {
		1489	debug("Rhosts Authentication disabled, "
		1490	"originating port %d not trusted.", remote_port);
		1491	options.rhosts_authentication = 0;
		1492	}
		1493	#if defined(KRB4) && !defined(KRB5)
		1494	if (!packet_connection_is_ipv4() &&
		1495	options.kerberos_authentication) {
		1496	debug("Kerberos Authentication disabled, only available for IPv4.");
		1497	options.kerberos_authentication = 0;
		1498	}
		1499	#endif /* KRB4 && !KRB5 */
		1500	#ifdef AFS
		1501	/* If machine has AFS, set process authentication group. */
		1502	if (k_hasafs()) {
		1503	k_setpag();
		1504	k_unlog();
		1505	}
		1506	#endif /* AFS */
1470		1507
1471	packet_set_nonblocking();	1508	packet_set_nonblocking();
1472		1509
1473	/* prepare buffers to collect authentication messages */
1474	buffer_init(&loginmsg);
1475
1476	if (use_privsep)	1510	if (use_privsep)
1477	if ((authctxt = privsep_preauth()) != NULL)	1511	if ((authctxt = privsep_preauth()) != NULL)
1478	goto authenticated;	1512	goto authenticated;
@@ -1514,8 +1548,7 @@ main(int ac, char **av)
1514	verbose("Closing connection to %.100s", remote_ip);	1548	verbose("Closing connection to %.100s", remote_ip);
1515		1549
1516	#ifdef USE_PAM	1550	#ifdef USE_PAM
1517	if (options.use_pam)	1551	finish_pam();
1518	finish_pam();
1519	#endif /* USE_PAM */	1552	#endif /* USE_PAM */
1520		1553
1521	packet_close();	1554	packet_close();
@@ -1627,10 +1660,24 @@ do_ssh1_kex(void)
1627		1660
1628	/* Declare supported authentication types. */	1661	/* Declare supported authentication types. */
1629	auth_mask = 0;	1662	auth_mask = 0;
		1663	if (options.rhosts_authentication)
		1664	auth_mask \|= 1 << SSH_AUTH_RHOSTS;
1630	if (options.rhosts_rsa_authentication)	1665	if (options.rhosts_rsa_authentication)
1631	auth_mask \|= 1 << SSH_AUTH_RHOSTS_RSA;	1666	auth_mask \|= 1 << SSH_AUTH_RHOSTS_RSA;
1632	if (options.rsa_authentication)	1667	if (options.rsa_authentication)
1633	auth_mask \|= 1 << SSH_AUTH_RSA;	1668	auth_mask \|= 1 << SSH_AUTH_RSA;
		1669	#if defined(KRB4) \|\| defined(KRB5)
		1670	if (options.kerberos_authentication)
		1671	auth_mask \|= 1 << SSH_AUTH_KERBEROS;
		1672	#endif
		1673	#if defined(AFS) \|\| defined(KRB5)
		1674	if (options.kerberos_tgt_passing)
		1675	auth_mask \|= 1 << SSH_PASS_KERBEROS_TGT;
		1676	#endif
		1677	#ifdef AFS
		1678	if (options.afs_token_passing)
		1679	auth_mask \|= 1 << SSH_PASS_AFS_TOKEN;
		1680	#endif
1634	if (options.challenge_response_authentication == 1)	1681	if (options.challenge_response_authentication == 1)
1635	auth_mask \|= 1 << SSH_AUTH_TIS;	1682	auth_mask \|= 1 << SSH_AUTH_TIS;
1636	if (options.password_authentication)	1683	if (options.password_authentication)
@@ -1708,7 +1755,7 @@ do_ssh1_kex(void)
1708	u_char *buf = xmalloc(bytes);	1755	u_char *buf = xmalloc(bytes);
1709	MD5_CTX md;	1756	MD5_CTX md;
1710		1757
1711	logit("do_connection: generating a fake encryption key");	1758	log("do_connection: generating a fake encryption key");
1712	BN_bn2bin(session_key_int, buf);	1759	BN_bn2bin(session_key_int, buf);
1713	MD5_Init(&md);	1760	MD5_Init(&md);
1714	MD5_Update(&md, buf, bytes);	1761	MD5_Update(&md, buf, bytes);