Blame - sshd.c - platform/external/openssh

blob: b19cc34c7b5ece0c1e1f3936a13bf225b272bc42 [file] [log] [blame]

dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	1	/* $OpenBSD: sshd.c,v 1.459 2015/09/04 08:21:47 dtucker Exp $ */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	* This program is the ssh daemon. It listens for connections from clients,
				7	* and performs authentication, executes use commands or shell, and forwards
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	8	* information to/from the application to the user client over an encrypted
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	9	* connection. This can also handle forwarding of X11, TCP/IP, and
				10	* authentication agent connections.
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	11	*
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	12	* As far as I am concerned, the code I have written for this software
				13	* can be used freely for any purpose. Any derived versions of this
				14	* software must be clearly marked as such, and if the derived work is
				15	* incompatible with the protocol description in the RFC file, it must be
				16	* called by a name other than "ssh" or "Secure Shell".
				17	*
				18	* SSH2 implementation:
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	19	* Privilege Separation:
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	20	*
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	21	* Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved.
				22	* Copyright (c) 2002 Niels Provos. All rights reserved.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	23	*
				24	* Redistribution and use in source and binary forms, with or without
				25	* modification, are permitted provided that the following conditions
				26	* are met:
				27	* 1. Redistributions of source code must retain the above copyright
				28	* notice, this list of conditions and the following disclaimer.
				29	* 2. Redistributions in binary form must reproduce the above copyright
				30	* notice, this list of conditions and the following disclaimer in the
				31	* documentation and/or other materials provided with the distribution.
				32	*
				33	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				34	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				35	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				36	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				37	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				38	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				39	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				40	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				41	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				42	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	43	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	44
				45	#include "includes.h"
Damien Miller	17e91c0	2006-03-15 11:28:34 +1100	[diff] [blame]	46
Damien Miller	9cf6d07	2006-03-15 11:29:24 +1100	[diff] [blame]	47	#include <sys/types.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	48	#include <sys/ioctl.h>
				49	#include <sys/socket.h>
Damien Miller	f17883e	2006-03-15 11:45:54 +1100	[diff] [blame]	50	#ifdef HAVE_SYS_STAT_H
				51	# include <sys/stat.h>
				52	#endif
Damien Miller	9aec919	2006-08-05 10:57:45 +1000	[diff] [blame]	53	#ifdef HAVE_SYS_TIME_H
				54	# include <sys/time.h>
				55	#endif
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	56	#include "openbsd-compat/sys-tree.h"
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	57	#include "openbsd-compat/sys-queue.h"
Damien Miller	9cf6d07	2006-03-15 11:29:24 +1100	[diff] [blame]	58	#include <sys/wait.h>
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	59
Darren Tucker	3997249	2006-07-12 22:22:46 +1000	[diff] [blame]	60	#include <errno.h>
Damien Miller	57cf638	2006-07-10 21:13:46 +1000	[diff] [blame]	61	#include <fcntl.h>
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	62	#include <netdb.h>
Damien Miller	6645e7a	2006-03-15 14:42:54 +1100	[diff] [blame]	63	#ifdef HAVE_PATHS_H
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	64	#include <paths.h>
Damien Miller	6645e7a	2006-03-15 14:42:54 +1100	[diff] [blame]	65	#endif
Damien Miller	a1738e4	2006-07-10 21:33:04 +1000	[diff] [blame]	66	#include <grp.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	67	#include <pwd.h>
Damien Miller	6ff3cad	2006-03-15 11:52:09 +1100	[diff] [blame]	68	#include <signal.h>
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	69	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	70	#include <stdio.h>
Damien Miller	e7a1e5c	2006-08-05 11:34:19 +1000	[diff] [blame]	71	#include <stdlib.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	72	#include <string.h>
Damien Miller	75bb664	2006-08-05 14:07:20 +1000	[diff] [blame]	73	#include <unistd.h>
deraadt@openbsd.org	087266e	2015-01-20 23:14:00 +0000	[diff] [blame]	74	#include <limits.h>
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	75
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	76	#ifdef WITH_OPENSSL
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	77	#include <openssl/dh.h>
				78	#include <openssl/bn.h>
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	79	#include <openssl/rand.h>
Darren Tucker	bfaaf96	2008-02-28 19:13:52 +1100	[diff] [blame]	80	#include "openbsd-compat/openssl-compat.h"
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	81	#endif
Darren Tucker	bfaaf96	2008-02-28 19:13:52 +1100	[diff] [blame]	82
Kevin Steves	0ea1d9d	2002-04-25 18:17:04 +0000	[diff] [blame]	83	#ifdef HAVE_SECUREWARE
				84	#include <sys/security.h>
				85	#include <prot.h>
				86	#endif
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	87
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	88	#include "xmalloc.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	89	#include "ssh.h"
				90	#include "ssh1.h"
				91	#include "ssh2.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	92	#include "rsa.h"
Ben Lindstrom	d95c09c	2001-02-18 19:13:33 +0000	[diff] [blame]	93	#include "sshpty.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	94	#include "packet.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	95	#include "log.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	96	#include "buffer.h"
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	97	#include "misc.h"
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	98	#include "match.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	99	#include "servconf.h"
				100	#include "uidswap.h"
				101	#include "compat.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	102	#include "cipher.h"
Damien Miller	4a1c7aa	2014-02-04 11:03:36 +1100	[diff] [blame]	103	#include "digest.h"
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	104	#include "key.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	105	#include "kex.h"
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	106	#include "myproposal.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	107	#include "authfile.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	108	#include "pathnames.h"
				109	#include "atomicio.h"
				110	#include "canohost.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	111	#include "hostfile.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	112	#include "auth.h"
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	113	#include "authfd.h"
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	114	#include "msg.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	115	#include "dispatch.h"
Ben Lindstrom	1bae404	2001-10-03 17:46:39 +0000	[diff] [blame]	116	#include "channels.h"
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	117	#include "session.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	118	#include "monitor_mm.h"
				119	#include "monitor.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	120	#ifdef GSSAPI
				121	#include "ssh-gss.h"
				122	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	123	#include "monitor_wrap.h"
Darren Tucker	c5564e1	2009-06-21 18:53:53 +1000	[diff] [blame]	124	#include "roaming.h"
Damien Miller	dcbd41e	2011-06-23 19:45:51 +1000	[diff] [blame]	125	#include "ssh-sandbox.h"
Damien Miller	b757677	2006-07-10 20:23:39 +1000	[diff] [blame]	126	#include "version.h"
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	127	#include "ssherr.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	128
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	129	#ifndef O_NOCTTY
				130	#define O_NOCTTY 0
				131	#endif
				132
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	133	/* Re-exec fds */
				134	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
				135	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
				136	#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
				137	#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
				138
Ben Lindstrom	49a79c0	2000-11-17 03:47:20 +0000	[diff] [blame]	139	extern char *__progname;
Ben Lindstrom	49a79c0	2000-11-17 03:47:20 +0000	[diff] [blame]	140
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	141	/* Server configuration options. */
				142	ServerOptions options;
				143
				144	/* Name of the server configuration file. */
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	145	char *config_file_name = _PATH_SERVER_CONFIG_FILE;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	146
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	147	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	148	* Debug mode flag. This can be set on the command line. If debug
				149	* mode is enabled, extra debugging output will be sent to the system
				150	* log, the daemon will not go to background, and will exit after processing
				151	* the first connection.
				152	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	153	int debug_flag = 0;
				154
Ben Lindstrom	794325a	2001-08-06 21:09:07 +0000	[diff] [blame]	155	/* Flag indicating that the daemon should only test the configuration and keys. */
				156	int test_flag = 0;
				157
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	158	/* Flag indicating that the daemon is being started from inetd. */
				159	int inetd_flag = 0;
				160
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	161	/* Flag indicating that sshd should not detach and become a daemon. */
				162	int no_daemon_flag = 0;
				163
Damien Miller	5ce662a	1999-11-11 17:57:39 +1100	[diff] [blame]	164	/* debug goes to stderr unless inetd_flag is set */
				165	int log_stderr = 0;
				166
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	167	/* Saved arguments to main(). */
				168	char **saved_argv;
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame]	169	int saved_argc;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	170
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	171	/* re-exec */
				172	int rexeced_flag = 0;
				173	int rexec_flag = 1;
				174	int rexec_argc = 0;
				175	char **rexec_argv;
				176
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	177	/*
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	178	* The sockets that the server is listening; this is used in the SIGHUP
				179	* signal handler.
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	180	*/
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	181	#define MAX_LISTEN_SOCKS 16
				182	int listen_socks[MAX_LISTEN_SOCKS];
				183	int num_listen_socks = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	184
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	185	/*
				186	* the client's version string, passed by sshd2 in compat mode. if != NULL,
				187	* sshd will skip the version-number exchange
				188	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	189	char *client_version_string = NULL;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	190	char *server_version_string = NULL;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	191
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	192	/* Daemon's agent connection */
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	193	int auth_sock = -1;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	194	int have_agent = 0;
				195
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	196	/*
				197	* Any really sensitive data in the application is contained in this
				198	* structure. The idea is that this structure could be locked into memory so
				199	* that the pages do not get written into swap. However, there are some
				200	* problems. The private key contains BIGNUMs, and we do not (in principle)
				201	* have access to the internals of them, and locking just the structure is
				202	* not very useful. Currently, memory locking is not implemented.
				203	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	204	struct {
Ben Lindstrom	ca42d5f	2001-03-09 18:25:32 +0000	[diff] [blame]	205	Key server_key; / ephemeral server key */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	206	Key ssh1_host_key; / ssh1 host key */
				207	Key *host_keys; / all private host keys */
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	208	Key *host_pubkeys; / all public host keys */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	209	Key *host_certificates; / all public host certificates */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	210	int have_ssh1_key;
				211	int have_ssh2_key;
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	212	u_char ssh1_cookie[SSH_SESSION_KEY_LENGTH];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	213	} sensitive_data;
				214
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	215	/*
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	216	* Flag indicating whether the RSA server key needs to be regenerated.
				217	* Is set in the SIGALRM handler and cleared when the key is regenerated.
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	218	*/
Ben Lindstrom	5e71c54	2001-12-06 16:48:14 +0000	[diff] [blame]	219	static volatile sig_atomic_t key_do_regen = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	220
Ben Lindstrom	ec46e0b	2001-06-09 01:27:31 +0000	[diff] [blame]	221	/* This is set to true when a signal is received. */
Ben Lindstrom	5e71c54	2001-12-06 16:48:14 +0000	[diff] [blame]	222	static volatile sig_atomic_t received_sighup = 0;
				223	static volatile sig_atomic_t received_sigterm = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	224
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	225	/* session identifier, used by RSA-auth */
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	226	u_char session_id[16];
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	227
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	228	/* same for ssh2 */
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	229	u_char *session_id2 = NULL;
Darren Tucker	502d384	2003-06-28 12:38:01 +1000	[diff] [blame]	230	u_int session_id2_len = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	231
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	232	/* record remote hostname or ip */
deraadt@openbsd.org	087266e	2015-01-20 23:14:00 +0000	[diff] [blame]	233	u_int utmp_len = HOST_NAME_MAX+1;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	234
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	235	/* options.max_startup sized array of fd ints */
				236	int *startup_pipes = NULL;
				237	int startup_pipe; /* in child */
				238
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	239	/* variables used for privilege separation */
Darren Tucker	4515047	2006-07-12 22:34:17 +1000	[diff] [blame]	240	int use_privsep = -1;
Darren Tucker	a8be9e2	2004-02-06 16:40:27 +1100	[diff] [blame]	241	struct monitor *pmonitor = NULL;
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	242	int privsep_is_preauth = 1;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	243
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	244	/* global authentication context */
				245	Authctxt *the_authctxt = NULL;
				246
Darren Tucker	4515047	2006-07-12 22:34:17 +1000	[diff] [blame]	247	/* sshd_config buffer */
				248	Buffer cfg;
				249
Darren Tucker	0999174	2004-07-17 17:05:14 +1000	[diff] [blame]	250	/* message to be displayed after login */
				251	Buffer loginmsg;
				252
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	253	/* Unprivileged user */
				254	struct passwd *privsep_pw = NULL;
				255
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	256	/* Prototypes for various functions defined later in this file. */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	257	void destroy_sensitive_data(void);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	258	void demote_sensitive_data(void);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	259
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	260	#ifdef WITH_SSH1
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	261	static void do_ssh1_kex(void);
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	262	#endif
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	263	static void do_ssh2_kex(void);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	264
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	265	/*
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	266	* Close all listening sockets
				267	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	268	static void
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	269	close_listen_socks(void)
				270	{
				271	int i;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	272
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	273	for (i = 0; i < num_listen_socks; i++)
				274	close(listen_socks[i]);
				275	num_listen_socks = -1;
				276	}
				277
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	278	static void
				279	close_startup_pipes(void)
				280	{
				281	int i;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	282
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	283	if (startup_pipes)
				284	for (i = 0; i < options.max_startups; i++)
				285	if (startup_pipes[i] != -1)
				286	close(startup_pipes[i]);
				287	}
				288
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	289	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	290	* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP;
				291	* the effect is to reread the configuration file (and to regenerate
				292	* the server key).
				293	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	294
				295	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	296	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	297	sighup_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	298	{
Ben Lindstrom	0795848	2001-12-06 16:19:01 +0000	[diff] [blame]	299	int save_errno = errno;
				300
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	301	received_sighup = 1;
				302	signal(SIGHUP, sighup_handler);
Ben Lindstrom	0795848	2001-12-06 16:19:01 +0000	[diff] [blame]	303	errno = save_errno;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	304	}
				305
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	306	/*
				307	* Called from the main program after receiving SIGHUP.
				308	* Restarts the server.
				309	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	310	static void
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	311	sighup_restart(void)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	312	{
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	313	logit("Received SIGHUP; restarting.");
Darren Tucker	f2bf36c	2013-09-22 19:02:40 +1000	[diff] [blame]	314	platform_pre_restart();
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	315	close_listen_socks();
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	316	close_startup_pipes();
Darren Tucker	ed62396	2007-02-25 20:37:21 +1100	[diff] [blame]	317	alarm(0); /* alarm timer persists across exec */
Darren Tucker	2c671bf	2010-01-09 22:28:43 +1100	[diff] [blame]	318	signal(SIGHUP, SIG_IGN); /* will be restored after exec */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	319	execv(saved_argv[0], saved_argv);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	320	logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	321	strerror(errno));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	322	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	323	}
				324
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	325	/*
				326	* Generic signal handler for terminating signals in the master daemon.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	327	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	328	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	329	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	330	sigterm_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	331	{
Ben Lindstrom	ec46e0b	2001-06-09 01:27:31 +0000	[diff] [blame]	332	received_sigterm = sig;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	333	}
				334
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	335	/*
				336	* SIGCHLD handler. This is called whenever a child dies. This will then
Ben Lindstrom	ec46e0b	2001-06-09 01:27:31 +0000	[diff] [blame]	337	* reap any zombies left by exited children.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	338	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	339	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	340	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	341	main_sigchld_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	342	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	343	int save_errno = errno;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	344	pid_t pid;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	345	int status;
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	346
Ben Lindstrom	47fd811	2002-04-02 20:48:19 +0000	[diff] [blame]	347	while ((pid = waitpid(-1, &status, WNOHANG)) > 0 \|\|
				348	(pid < 0 && errno == EINTR))
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	349	;
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	350
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	351	signal(SIGCHLD, main_sigchld_handler);
				352	errno = save_errno;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	353	}
				354
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	355	/*
				356	* Signal handler for the alarm after the login grace period has expired.
				357	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	358	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	359	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	360	grace_alarm_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	361	{
Darren Tucker	a8be9e2	2004-02-06 16:40:27 +1100	[diff] [blame]	362	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
				363	kill(pmonitor->m_pid, SIGALRM);
				364
Damien Miller	09d3e12	2012-10-31 08:58:58 +1100	[diff] [blame]	365	/*
				366	* Try to kill any processes that we have spawned, E.g. authorized
				367	* keys command helpers.
				368	*/
				369	if (getpgid(0) == getpid()) {
				370	signal(SIGTERM, SIG_IGN);
Damien Miller	ab16ef4	2014-01-28 15:08:12 +1100	[diff] [blame]	371	kill(0, SIGTERM);
Damien Miller	09d3e12	2012-10-31 08:58:58 +1100	[diff] [blame]	372	}
				373
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	374	/* Log error and exit. */
Damien Miller	99a648e	2006-08-19 00:32:20 +1000	[diff] [blame]	375	sigdie("Timeout before authentication for %s", get_remote_ipaddr());
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	376	}
				377
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	378	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	379	* Signal handler for the key regeneration alarm. Note that this
				380	* alarm only occurs in the daemon waiting for connections, and it does not
				381	* do anything with the private key or random state before forking.
				382	* Thus there should be no concurrency control/asynchronous execution
				383	* problems.
				384	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	385	static void
Ben Lindstrom	ca42d5f	2001-03-09 18:25:32 +0000	[diff] [blame]	386	generate_ephemeral_server_key(void)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	387	{
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	388	verbose("Generating %s%d bit RSA key.",
Damien Miller	ff75ac4	2001-03-30 10:50:32 +1000	[diff] [blame]	389	sensitive_data.server_key ? "new " : "", options.server_key_bits);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	390	if (sensitive_data.server_key != NULL)
				391	key_free(sensitive_data.server_key);
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	392	sensitive_data.server_key = key_generate(KEY_RSA1,
Damien Miller	ff75ac4	2001-03-30 10:50:32 +1000	[diff] [blame]	393	options.server_key_bits);
				394	verbose("RSA key generation complete.");
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	395
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	396	arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	397	}
Ben Lindstrom	2f959b4	2001-01-11 06:20:23 +0000	[diff] [blame]	398
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	399	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	400	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	401	key_regeneration_alarm(int sig)
				402	{
				403	int save_errno = errno;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	404
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	405	signal(SIGALRM, SIG_DFL);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	406	errno = save_errno;
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	407	key_do_regen = 1;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	408	}
				409
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	410	static void
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	411	sshd_exchange_identification(int sock_in, int sock_out)
				412	{
Damien Miller	eccb9de	2005-06-17 12:59:34 +1000	[diff] [blame]	413	u_int i;
				414	int mismatch;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	415	int remote_major, remote_minor;
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	416	int major, minor;
Darren Tucker	d7bdc0c	2008-07-02 22:34:30 +1000	[diff] [blame]	417	char s, newline = "\n";
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	418	char buf[256]; /* Must not be larger than remote_version. */
				419	char remote_version[256]; /* Must be at least as big as buf. */
				420
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	421	if ((options.protocol & SSH_PROTO_1) &&
				422	(options.protocol & SSH_PROTO_2)) {
				423	major = PROTOCOL_MAJOR_1;
				424	minor = 99;
				425	} else if (options.protocol & SSH_PROTO_2) {
				426	major = PROTOCOL_MAJOR_2;
				427	minor = PROTOCOL_MINOR_2;
Darren Tucker	d7bdc0c	2008-07-02 22:34:30 +1000	[diff] [blame]	428	newline = "\r\n";
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	429	} else {
				430	major = PROTOCOL_MAJOR_1;
				431	minor = PROTOCOL_MINOR_1;
				432	}
Damien Miller	2352881	2012-04-22 11:24:43 +1000	[diff] [blame]	433
				434	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
				435	major, minor, SSH_VERSION,
				436	*options.version_addendum == '\0' ? "" : " ",
				437	options.version_addendum, newline);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	438
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	439	/* Send our protocol version identification. */
Darren Tucker	c5564e1	2009-06-21 18:53:53 +1000	[diff] [blame]	440	if (roaming_atomicio(vwrite, sock_out, server_version_string,
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	441	strlen(server_version_string))
				442	!= strlen(server_version_string)) {
				443	logit("Could not write ident string to %s", get_remote_ipaddr());
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	444	cleanup_exit(255);
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	445	}
				446
				447	/* Read other sides version identification. */
				448	memset(buf, 0, sizeof(buf));
				449	for (i = 0; i < sizeof(buf) - 1; i++) {
Darren Tucker	c5564e1	2009-06-21 18:53:53 +1000	[diff] [blame]	450	if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	451	logit("Did not receive identification string from %s",
				452	get_remote_ipaddr());
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	453	cleanup_exit(255);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	454	}
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	455	if (buf[i] == '\r') {
				456	buf[i] = 0;
				457	/* Kludge for F-Secure Macintosh < 1.0.2 */
				458	if (i == 12 &&
				459	strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	460	break;
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	461	continue;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	462	}
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	463	if (buf[i] == '\n') {
				464	buf[i] = 0;
				465	break;
				466	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	467	}
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	468	buf[sizeof(buf) - 1] = 0;
				469	client_version_string = xstrdup(buf);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	470
				471	/*
				472	* Check that the versions match. In future this might accept
				473	* several versions and set appropriate flags to handle them.
				474	*/
				475	if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
				476	&remote_major, &remote_minor, remote_version) != 3) {
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	477	s = "Protocol mismatch.\n";
Darren Tucker	9f63f22	2003-07-03 13:46:56 +1000	[diff] [blame]	478	(void) atomicio(vwrite, sock_out, s, strlen(s));
Damien Miller	4502f88	2013-10-18 10:17:36 +1100	[diff] [blame]	479	logit("Bad protocol version identification '%.100s' "
				480	"from %s port %d", client_version_string,
				481	get_remote_ipaddr(), get_remote_port());
Damien Miller	23e00aa	2013-11-21 13:56:28 +1100	[diff] [blame]	482	close(sock_in);
				483	close(sock_out);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	484	cleanup_exit(255);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	485	}
				486	debug("Client protocol version %d.%d; client software version %.100s",
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	487	remote_major, remote_minor, remote_version);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	488
markus@openbsd.org	48b3b2b	2015-01-19 20:20:20 +0000	[diff] [blame]	489	active_state->compat = compat_datafellows(remote_version);
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	490
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	491	if ((datafellows & SSH_BUG_PROBE) != 0) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	492	logit("probed from %s with %s. Don't panic.",
Damien Miller	e926497	2002-09-30 11:59:21 +1000	[diff] [blame]	493	get_remote_ipaddr(), client_version_string);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	494	cleanup_exit(255);
Damien Miller	e926497	2002-09-30 11:59:21 +1000	[diff] [blame]	495	}
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	496	if ((datafellows & SSH_BUG_SCANNER) != 0) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	497	logit("scanned from %s with %s. Don't panic.",
Damien Miller	27dbe6f	2001-03-19 22:36:20 +1100	[diff] [blame]	498	get_remote_ipaddr(), client_version_string);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	499	cleanup_exit(255);
Damien Miller	27dbe6f	2001-03-19 22:36:20 +1100	[diff] [blame]	500	}
Damien Miller	58cd63b	2014-01-10 10:59:24 +1100	[diff] [blame]	501	if ((datafellows & SSH_BUG_RSASIGMD5) != 0) {
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	502	logit("Client version \"%.100s\" uses unsafe RSA signature "
				503	"scheme; disabling use of RSA keys", remote_version);
Damien Miller	58cd63b	2014-01-10 10:59:24 +1100	[diff] [blame]	504	}
				505	if ((datafellows & SSH_BUG_DERIVEKEY) != 0) {
				506	fatal("Client version \"%.100s\" uses unsafe key agreement; "
				507	"refusing connection", remote_version);
				508	}
Damien Miller	27dbe6f	2001-03-19 22:36:20 +1100	[diff] [blame]	509
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	510	mismatch = 0;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	511	switch (remote_major) {
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	512	case 1:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	513	if (remote_minor == 99) {
				514	if (options.protocol & SSH_PROTO_2)
				515	enable_compat20();
				516	else
				517	mismatch = 1;
				518	break;
				519	}
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	520	if (!(options.protocol & SSH_PROTO_1)) {
				521	mismatch = 1;
				522	break;
				523	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	524	if (remote_minor < 3) {
Damien Miller	3702396	2000-07-11 17:31:38 +1000	[diff] [blame]	525	packet_disconnect("Your ssh version is too old and "
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	526	"is no longer supported. Please install a newer version.");
				527	} else if (remote_minor == 3) {
				528	/* note that this disables agent-forwarding */
				529	enable_compat13();
				530	}
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	531	break;
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	532	case 2:
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	533	if (options.protocol & SSH_PROTO_2) {
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	534	enable_compat20();
				535	break;
				536	}
				537	/* FALLTHROUGH */
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	538	default:
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	539	mismatch = 1;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	540	break;
				541	}
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	542	chop(server_version_string);
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	543	debug("Local version string %.200s", server_version_string);
				544
				545	if (mismatch) {
				546	s = "Protocol major versions differ.\n";
Darren Tucker	9f63f22	2003-07-03 13:46:56 +1000	[diff] [blame]	547	(void) atomicio(vwrite, sock_out, s, strlen(s));
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	548	close(sock_in);
				549	close(sock_out);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	550	logit("Protocol major versions differ for %s: %.200s vs. %.200s",
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	551	get_remote_ipaddr(),
				552	server_version_string, client_version_string);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	553	cleanup_exit(255);
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	554	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	555	}
				556
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	557	/* Destroy the host and server keys. They will no longer be needed. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	558	void
				559	destroy_sensitive_data(void)
				560	{
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	561	int i;
				562
				563	if (sensitive_data.server_key) {
				564	key_free(sensitive_data.server_key);
				565	sensitive_data.server_key = NULL;
				566	}
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	567	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	568	if (sensitive_data.host_keys[i]) {
				569	key_free(sensitive_data.host_keys[i]);
				570	sensitive_data.host_keys[i] = NULL;
				571	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	572	if (sensitive_data.host_certificates[i]) {
				573	key_free(sensitive_data.host_certificates[i]);
				574	sensitive_data.host_certificates[i] = NULL;
				575	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	576	}
				577	sensitive_data.ssh1_host_key = NULL;
Damien Miller	a5103f4	2014-02-04 11:20:14 +1100	[diff] [blame]	578	explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	579	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	580
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	581	/* Demote private to public keys for network child */
				582	void
				583	demote_sensitive_data(void)
				584	{
				585	Key *tmp;
				586	int i;
				587
				588	if (sensitive_data.server_key) {
				589	tmp = key_demote(sensitive_data.server_key);
				590	key_free(sensitive_data.server_key);
				591	sensitive_data.server_key = tmp;
				592	}
				593
				594	for (i = 0; i < options.num_host_key_files; i++) {
				595	if (sensitive_data.host_keys[i]) {
				596	tmp = key_demote(sensitive_data.host_keys[i]);
				597	key_free(sensitive_data.host_keys[i]);
				598	sensitive_data.host_keys[i] = tmp;
				599	if (tmp->type == KEY_RSA1)
				600	sensitive_data.ssh1_host_key = tmp;
				601	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	602	/* Certs do not need demotion */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	603	}
				604
				605	/* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */
				606	}
				607
Ben Lindstrom	0810519	2002-03-22 02:50:06 +0000	[diff] [blame]	608	static void
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	609	privsep_preauth_child(void)
				610	{
Darren Tucker	64cee36	2009-06-21 20:26:17 +1000	[diff] [blame]	611	u_int32_t rnd[256];
Ben Lindstrom	810af96	2002-07-04 00:11:40 +0000	[diff] [blame]	612	gid_t gidset[1];
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	613
				614	/* Enable challenge-response authentication for privilege separation */
				615	privsep_challenge_enable();
				616
Damien Miller	fb3423b	2014-02-27 10:20:07 +1100	[diff] [blame]	617	#ifdef GSSAPI
Damien Miller	e6a74ae	2014-02-27 10:17:49 +1100	[diff] [blame]	618	/* Cache supported mechanism OIDs for later use */
				619	if (options.gss_authentication)
				620	ssh_gssapi_prepare_supported_oids();
Damien Miller	fb3423b	2014-02-27 10:20:07 +1100	[diff] [blame]	621	#endif
Damien Miller	e6a74ae	2014-02-27 10:17:49 +1100	[diff] [blame]	622
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	623	arc4random_stir();
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	624	arc4random_buf(rnd, sizeof(rnd));
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	625	#ifdef WITH_OPENSSL
Ben Lindstrom	5a9d0ea	2002-07-04 00:12:53 +0000	[diff] [blame]	626	RAND_seed(rnd, sizeof(rnd));
Damien Miller	07889c7	2015-11-14 18:44:49 +1100	[diff] [blame^]	627	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
				628	fatal("%s: RAND_bytes failed", __func__);
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	629	#endif
Damien Miller	1d2c456	2014-02-04 11:18:20 +1100	[diff] [blame]	630	explicit_bzero(rnd, sizeof(rnd));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	631
				632	/* Demote the private keys to public keys. */
				633	demote_sensitive_data();
				634
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	635	/* Change our root directory */
Ben Lindstrom	7a7edf7	2002-03-22 02:42:37 +0000	[diff] [blame]	636	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
				637	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
				638	strerror(errno));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	639	if (chdir("/") == -1)
Ben Lindstrom	1ee9ec3	2002-03-22 03:14:45 +0000	[diff] [blame]	640	fatal("chdir(\"/\"): %s", strerror(errno));
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	641
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	642	/* Drop our privileges */
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	643	debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
				644	(u_int)privsep_pw->pw_gid);
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	645	#if 0
Darren Tucker	d592048	2004-02-29 20:11:30 +1100	[diff] [blame]	646	/* XXX not ready, too heavy after chroot */
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	647	do_setusercontext(privsep_pw);
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	648	#else
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	649	gidset[0] = privsep_pw->pw_gid;
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	650	if (setgroups(1, gidset) < 0)
				651	fatal("setgroups: %.100s", strerror(errno));
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	652	permanently_set_uid(privsep_pw);
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	653	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	654	}
				655
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	656	static int
				657	privsep_preauth(Authctxt *authctxt)
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	658	{
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	659	int status, r;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	660	pid_t pid;
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	661	struct ssh_sandbox *box = NULL;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	662
				663	/* Set up unprivileged child process to deal with network data */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	664	pmonitor = monitor_init();
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	665	/* Store a pointer to the kex for later rekeying */
markus@openbsd.org	091c302	2015-01-19 19:52:16 +0000	[diff] [blame]	666	pmonitor->m_pkex = &active_state->kex;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	667
Damien Miller	5a5c2b9	2012-07-31 12:21:34 +1000	[diff] [blame]	668	if (use_privsep == PRIVSEP_ON)
Damien Miller	868ea1e	2014-01-17 16:47:04 +1100	[diff] [blame]	669	box = ssh_sandbox_init(pmonitor);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	670	pid = fork();
				671	if (pid == -1) {
				672	fatal("fork of unprivileged child failed");
				673	} else if (pid != 0) {
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	674	debug2("Network child is on pid %ld", (long)pid);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	675
Darren Tucker	3b4b2d3	2012-07-02 18:54:31 +1000	[diff] [blame]	676	pmonitor->m_pid = pid;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	677	if (have_agent) {
				678	r = ssh_get_authentication_socket(&auth_sock);
				679	if (r != 0) {
				680	error("Could not get agent socket: %s",
				681	ssh_err(r));
				682	have_agent = 0;
				683	}
				684	}
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	685	if (box != NULL)
				686	ssh_sandbox_parent_preauth(box, pid);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	687	monitor_child_preauth(authctxt, pmonitor);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	688
				689	/* Sync memory */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	690	monitor_sync(pmonitor);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	691
				692	/* Wait for the child's exit status */
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	693	while (waitpid(pid, &status, 0) < 0) {
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	694	if (errno == EINTR)
				695	continue;
				696	pmonitor->m_pid = -1;
				697	fatal("%s: waitpid: %s", __func__, strerror(errno));
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	698	}
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	699	privsep_is_preauth = 0;
				700	pmonitor->m_pid = -1;
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	701	if (WIFEXITED(status)) {
				702	if (WEXITSTATUS(status) != 0)
				703	fatal("%s: preauth child exited with status %d",
				704	__func__, WEXITSTATUS(status));
				705	} else if (WIFSIGNALED(status))
				706	fatal("%s: preauth child terminated by signal %d",
				707	__func__, WTERMSIG(status));
				708	if (box != NULL)
				709	ssh_sandbox_parent_finish(box);
				710	return 1;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	711	} else {
				712	/* child */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	713	close(pmonitor->m_sendfd);
Damien Miller	8f0bf23	2011-06-20 14:42:23 +1000	[diff] [blame]	714	close(pmonitor->m_log_recvfd);
				715
				716	/* Arrange for logging to be sent to the monitor */
				717	set_log_handler(mm_log_handler, pmonitor);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	718
				719	/* Demote the child */
				720	if (getuid() == 0 \|\| geteuid() == 0)
				721	privsep_preauth_child();
Ben Lindstrom	f90f58d	2002-03-26 01:53:03 +0000	[diff] [blame]	722	setproctitle("%s", "[net]");
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	723	if (box != NULL)
				724	ssh_sandbox_child(box);
				725
				726	return 0;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	727	}
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	728	}
				729
Ben Lindstrom	0810519	2002-03-22 02:50:06 +0000	[diff] [blame]	730	static void
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	731	privsep_postauth(Authctxt *authctxt)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	732	{
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	733	u_int32_t rnd[256];
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	734
Tim Rice	9dd3081	2002-07-07 13:43:36 -0700	[diff] [blame]	735	#ifdef DISABLE_FD_PASSING
Tim Rice	8eff319	2002-06-25 15:35:15 -0700	[diff] [blame]	736	if (1) {
				737	#else
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	738	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {
Tim Rice	8eff319	2002-06-25 15:35:15 -0700	[diff] [blame]	739	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	740	/* File descriptor passing is broken or root login */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	741	use_privsep = 0;
Darren Tucker	45b0142	2005-10-03 18:20:00 +1000	[diff] [blame]	742	goto skip;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	743	}
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	744
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	745	/* New socket pair */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	746	monitor_reinit(pmonitor);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	747
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	748	pmonitor->m_pid = fork();
				749	if (pmonitor->m_pid == -1)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	750	fatal("fork of unprivileged child failed");
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	751	else if (pmonitor->m_pid != 0) {
Damien Miller	b61f3fc	2008-07-11 17:36:48 +1000	[diff] [blame]	752	verbose("User child is on pid %ld", (long)pmonitor->m_pid);
Darren Tucker	eb57862	2004-08-12 23:08:14 +1000	[diff] [blame]	753	buffer_clear(&loginmsg);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	754	monitor_child_postauth(pmonitor);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	755
				756	/* NEVERREACHED */
				757	exit(0);
				758	}
				759
Damien Miller	8f0bf23	2011-06-20 14:42:23 +1000	[diff] [blame]	760	/* child */
				761
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	762	close(pmonitor->m_sendfd);
Damien Miller	8f0bf23	2011-06-20 14:42:23 +1000	[diff] [blame]	763	pmonitor->m_sendfd = -1;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	764
				765	/* Demote the private keys to public keys. */
				766	demote_sensitive_data();
				767
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	768	arc4random_stir();
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	769	arc4random_buf(rnd, sizeof(rnd));
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	770	#ifdef WITH_OPENSSL
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	771	RAND_seed(rnd, sizeof(rnd));
Damien Miller	07889c7	2015-11-14 18:44:49 +1100	[diff] [blame^]	772	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
				773	fatal("%s: RAND_bytes failed", __func__);
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	774	#endif
Damien Miller	1d2c456	2014-02-04 11:18:20 +1100	[diff] [blame]	775	explicit_bzero(rnd, sizeof(rnd));
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	776
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	777	/* Drop privileges */
				778	do_setusercontext(authctxt->pw);
				779
Darren Tucker	45b0142	2005-10-03 18:20:00 +1000	[diff] [blame]	780	skip:
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	781	/* It is safe now to apply the key state */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	782	monitor_apply_keystate(pmonitor);
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	783
				784	/*
				785	* Tell the packet layer that authentication was successful, since
				786	* this information is not part of the key state.
				787	*/
				788	packet_set_authenticated();
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	789	}
				790
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	791	static char *
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	792	list_hostkey_types(void)
				793	{
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	794	Buffer b;
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	795	const char *p;
				796	char *ret;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	797	int i;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	798	Key *key;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	799
				800	buffer_init(&b);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	801	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	802	key = sensitive_data.host_keys[i];
djm@openbsd.org	ce63c4b	2015-02-16 22:30:03 +0000	[diff] [blame]	803	if (key == NULL)
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	804	key = sensitive_data.host_pubkeys[i];
djm@openbsd.org	25b1461	2015-07-17 02:47:45 +0000	[diff] [blame]	805	if (key == NULL \|\| key->type == KEY_RSA1)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	806	continue;
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	807	/* Check that the key is accepted in HostkeyAlgorithms */
				808	if (match_pattern_list(sshkey_ssh_name(key),
				809	options.hostkeyalgorithms, 0) != 1) {
				810	debug3("%s: %s key not permitted by HostkeyAlgorithms",
				811	__func__, sshkey_ssh_name(key));
				812	continue;
				813	}
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	814	switch (key->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	815	case KEY_RSA:
				816	case KEY_DSA:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	817	case KEY_ECDSA:
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	818	case KEY_ED25519:
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	819	if (buffer_len(&b) > 0)
				820	buffer_append(&b, ",", 1);
				821	p = key_ssh_name(key);
				822	buffer_append(&b, p, strlen(p));
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	823	break;
				824	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	825	/* If the private key has a cert peer, then list that too */
				826	key = sensitive_data.host_certificates[i];
				827	if (key == NULL)
				828	continue;
				829	switch (key->type) {
				830	case KEY_RSA_CERT:
				831	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	832	case KEY_ECDSA_CERT:
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	833	case KEY_ED25519_CERT:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	834	if (buffer_len(&b) > 0)
				835	buffer_append(&b, ",", 1);
				836	p = key_ssh_name(key);
				837	buffer_append(&b, p, strlen(p));
				838	break;
				839	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	840	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	841	buffer_append(&b, "\0", 1);
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	842	ret = xstrdup(buffer_ptr(&b));
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	843	buffer_free(&b);
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	844	debug("list_hostkey_types: %s", ret);
				845	return ret;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	846	}
				847
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	848	static Key *
djm@openbsd.org	5104db7	2015-01-26 06:10:03 +0000	[diff] [blame]	849	get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	850	{
				851	int i;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	852	Key *key;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	853
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	854	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	855	switch (type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	856	case KEY_RSA_CERT:
				857	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	858	case KEY_ECDSA_CERT:
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	859	case KEY_ED25519_CERT:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	860	key = sensitive_data.host_certificates[i];
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	861	break;
				862	default:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	863	key = sensitive_data.host_keys[i];
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	864	if (key == NULL && !need_private)
				865	key = sensitive_data.host_pubkeys[i];
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	866	break;
				867	}
djm@openbsd.org	5104db7	2015-01-26 06:10:03 +0000	[diff] [blame]	868	if (key != NULL && key->type == type &&
				869	(key->type != KEY_ECDSA \|\| key->ecdsa_nid == nid))
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	870	return need_private ?
				871	sensitive_data.host_keys[i] : key;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	872	}
				873	return NULL;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	874	}
				875
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	876	Key *
djm@openbsd.org	5104db7	2015-01-26 06:10:03 +0000	[diff] [blame]	877	get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	878	{
djm@openbsd.org	5104db7	2015-01-26 06:10:03 +0000	[diff] [blame]	879	return get_hostkey_by_type(type, nid, 0, ssh);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	880	}
				881
				882	Key *
djm@openbsd.org	5104db7	2015-01-26 06:10:03 +0000	[diff] [blame]	883	get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	884	{
djm@openbsd.org	5104db7	2015-01-26 06:10:03 +0000	[diff] [blame]	885	return get_hostkey_by_type(type, nid, 1, ssh);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	886	}
				887
				888	Key *
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	889	get_hostkey_by_index(int ind)
				890	{
				891	if (ind < 0 \|\| ind >= options.num_host_key_files)
				892	return (NULL);
				893	return (sensitive_data.host_keys[ind]);
				894	}
				895
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	896	Key *
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	897	get_hostkey_public_by_index(int ind, struct ssh *ssh)
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	898	{
				899	if (ind < 0 \|\| ind >= options.num_host_key_files)
				900	return (NULL);
				901	return (sensitive_data.host_pubkeys[ind]);
				902	}
				903
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	904	int
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	905	get_hostkey_index(Key key, int compare, struct ssh ssh)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	906	{
				907	int i;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	908
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	909	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	910	if (key_is_cert(key)) {
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	911	if (key == sensitive_data.host_certificates[i] \|\|
				912	(compare && sensitive_data.host_certificates[i] &&
				913	sshkey_equal(key,
				914	sensitive_data.host_certificates[i])))
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	915	return (i);
				916	} else {
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	917	if (key == sensitive_data.host_keys[i] \|\|
				918	(compare && sensitive_data.host_keys[i] &&
				919	sshkey_equal(key, sensitive_data.host_keys[i])))
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	920	return (i);
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	921	if (key == sensitive_data.host_pubkeys[i] \|\|
				922	(compare && sensitive_data.host_pubkeys[i] &&
				923	sshkey_equal(key, sensitive_data.host_pubkeys[i])))
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	924	return (i);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	925	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	926	}
				927	return (-1);
				928	}
				929
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	930	/* Inform the client of all hostkeys */
				931	static void
				932	notify_hostkeys(struct ssh *ssh)
				933	{
				934	struct sshbuf *buf;
				935	struct sshkey *key;
				936	int i, nkeys, r;
				937	char *fp;
				938
dtucker@openbsd.org	d8f391c	2015-04-10 05:16:50 +0000	[diff] [blame]	939	/* Some clients cannot cope with the hostkeys message, skip those. */
				940	if (datafellows & SSH_BUG_HOSTKEYS)
				941	return;
				942
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	943	if ((buf = sshbuf_new()) == NULL)
				944	fatal("%s: sshbuf_new", __func__);
				945	for (i = nkeys = 0; i < options.num_host_key_files; i++) {
				946	key = get_hostkey_public_by_index(i, ssh);
				947	if (key == NULL \|\| key->type == KEY_UNSPEC \|\|
				948	key->type == KEY_RSA1 \|\| sshkey_is_cert(key))
				949	continue;
				950	fp = sshkey_fingerprint(key, options.fingerprint_hash,
				951	SSH_FP_DEFAULT);
				952	debug3("%s: key %d: %s %s", __func__, i,
				953	sshkey_ssh_name(key), fp);
				954	free(fp);
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	955	if (nkeys == 0) {
				956	packet_start(SSH2_MSG_GLOBAL_REQUEST);
djm@openbsd.org	44732de	2015-02-20 22:17:21 +0000	[diff] [blame]	957	packet_put_cstring("hostkeys-00@openssh.com");
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	958	packet_put_char(0); /* want-reply */
				959	}
				960	sshbuf_reset(buf);
				961	if ((r = sshkey_putb(key, buf)) != 0)
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	962	fatal("%s: couldn't put hostkey %d: %s",
				963	__func__, i, ssh_err(r));
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	964	packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf));
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	965	nkeys++;
				966	}
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	967	debug3("%s: sent %d hostkeys", __func__, nkeys);
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	968	if (nkeys == 0)
				969	fatal("%s: no hostkeys", __func__);
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	970	packet_send();
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	971	sshbuf_free(buf);
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	972	}
				973
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	974	/*
				975	* returns 1 if connection should be dropped, 0 otherwise.
				976	* dropping starts at connection #max_startups_begin with a probability
				977	* of (max_startups_rate/100). the probability increases linearly until
				978	* all connections are dropped for startups > max_startups
				979	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	980	static int
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	981	drop_connection(int startups)
				982	{
Darren Tucker	178fa66	2004-11-05 20:09:09 +1100	[diff] [blame]	983	int p, r;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	984
				985	if (startups < options.max_startups_begin)
				986	return 0;
				987	if (startups >= options.max_startups)
				988	return 1;
				989	if (options.max_startups_rate == 100)
				990	return 1;
				991
				992	p = 100 - options.max_startups_rate;
				993	p *= startups - options.max_startups_begin;
Darren Tucker	178fa66	2004-11-05 20:09:09 +1100	[diff] [blame]	994	p /= options.max_startups - options.max_startups_begin;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	995	p += options.max_startups_rate;
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	996	r = arc4random_uniform(100);
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	997
Darren Tucker	3269b13	2004-11-05 20:20:59 +1100	[diff] [blame]	998	debug("drop_connection: p %d, r %d", p, r);
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	999	return (r < p) ? 1 : 0;
				1000	}
				1001
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1002	static void
				1003	usage(void)
				1004	{
Damien Miller	0c889cd	2004-03-22 09:36:00 +1100	[diff] [blame]	1005	fprintf(stderr, "%s, %s\n",
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1006	SSH_RELEASE,
				1007	#ifdef WITH_OPENSSL
				1008	SSLeay_version(SSLEAY_VERSION)
				1009	#else
				1010	"without OpenSSL"
				1011	#endif
				1012	);
Damien Miller	b408786	2004-03-22 09:35:21 +1100	[diff] [blame]	1013	fprintf(stderr,
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1014	"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n"
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1015	" [-E log_file] [-f config_file] [-g login_grace_time]\n"
				1016	" [-h host_key_file] [-k key_gen_time] [-o option] [-p port]\n"
				1017	" [-u len]\n"
Damien Miller	b408786	2004-03-22 09:35:21 +1100	[diff] [blame]	1018	);
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1019	exit(1);
				1020	}
				1021
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1022	static void
				1023	send_rexec_state(int fd, Buffer *conf)
				1024	{
				1025	Buffer m;
				1026
				1027	debug3("%s: entering fd = %d config len %d", __func__, fd,
				1028	buffer_len(conf));
				1029
				1030	/*
				1031	* Protocol from reexec master to child:
				1032	* string configuration
				1033	* u_int ephemeral_key_follows
				1034	* bignum e (only if ephemeral_key_follows == 1)
				1035	* bignum n "
				1036	* bignum d "
				1037	* bignum iqmp "
				1038	* bignum p "
				1039	* bignum q "
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	1040	* string rngseed (only if OpenSSL is not self-seeded)
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1041	*/
				1042	buffer_init(&m);
				1043	buffer_put_cstring(&m, buffer_ptr(conf));
				1044
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1045	#ifdef WITH_SSH1
Darren Tucker	fc95970	2004-07-17 16:12:08 +1000	[diff] [blame]	1046	if (sensitive_data.server_key != NULL &&
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1047	sensitive_data.server_key->type == KEY_RSA1) {
				1048	buffer_put_int(&m, 1);
				1049	buffer_put_bignum(&m, sensitive_data.server_key->rsa->e);
				1050	buffer_put_bignum(&m, sensitive_data.server_key->rsa->n);
				1051	buffer_put_bignum(&m, sensitive_data.server_key->rsa->d);
				1052	buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp);
				1053	buffer_put_bignum(&m, sensitive_data.server_key->rsa->p);
				1054	buffer_put_bignum(&m, sensitive_data.server_key->rsa->q);
				1055	} else
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1056	#endif
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1057	buffer_put_int(&m, 0);
				1058
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	1059	#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	1060	rexec_send_rng_seed(&m);
				1061	#endif
				1062
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1063	if (ssh_msg_send(fd, 0, &m) == -1)
				1064	fatal("%s: ssh_msg_send failed", __func__);
				1065
				1066	buffer_free(&m);
				1067
				1068	debug3("%s: done", __func__);
				1069	}
				1070
				1071	static void
				1072	recv_rexec_state(int fd, Buffer *conf)
				1073	{
				1074	Buffer m;
				1075	char *cp;
				1076	u_int len;
				1077
				1078	debug3("%s: entering fd = %d", __func__, fd);
				1079
				1080	buffer_init(&m);
				1081
				1082	if (ssh_msg_recv(fd, &m) == -1)
				1083	fatal("%s: ssh_msg_recv failed", __func__);
				1084	if (buffer_get_char(&m) != 0)
				1085	fatal("%s: rexec version mismatch", __func__);
				1086
				1087	cp = buffer_get_string(&m, &len);
				1088	if (conf != NULL)
				1089	buffer_append(conf, cp, len + 1);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1090	free(cp);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1091
				1092	if (buffer_get_int(&m)) {
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1093	#ifdef WITH_SSH1
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1094	if (sensitive_data.server_key != NULL)
				1095	key_free(sensitive_data.server_key);
				1096	sensitive_data.server_key = key_new_private(KEY_RSA1);
				1097	buffer_get_bignum(&m, sensitive_data.server_key->rsa->e);
				1098	buffer_get_bignum(&m, sensitive_data.server_key->rsa->n);
				1099	buffer_get_bignum(&m, sensitive_data.server_key->rsa->d);
				1100	buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp);
				1101	buffer_get_bignum(&m, sensitive_data.server_key->rsa->p);
				1102	buffer_get_bignum(&m, sensitive_data.server_key->rsa->q);
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	1103	if (rsa_generate_additional_parameters(
				1104	sensitive_data.server_key->rsa) != 0)
				1105	fatal("%s: rsa_generate_additional_parameters "
				1106	"error", __func__);
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1107	#endif
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1108	}
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	1109
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	1110	#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	1111	rexec_recv_rng_seed(&m);
				1112	#endif
				1113
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1114	buffer_free(&m);
				1115
				1116	debug3("%s: done", __func__);
				1117	}
				1118
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1119	/* Accept a connection from inetd */
				1120	static void
				1121	server_accept_inetd(int sock_in, int sock_out)
				1122	{
				1123	int fd;
				1124
				1125	startup_pipe = -1;
				1126	if (rexeced_flag) {
				1127	close(REEXEC_CONFIG_PASS_FD);
				1128	sock_in = sock_out = dup(STDIN_FILENO);
				1129	if (!debug_flag) {
				1130	startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
				1131	close(REEXEC_STARTUP_PIPE_FD);
				1132	}
				1133	} else {
				1134	*sock_in = dup(STDIN_FILENO);
				1135	*sock_out = dup(STDOUT_FILENO);
				1136	}
				1137	/*
				1138	* We intentionally do not close the descriptors 0, 1, and 2
				1139	* as our code for setting the descriptors won't work if
				1140	* ttyfd happens to be one of those.
				1141	*/
				1142	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
				1143	dup2(fd, STDIN_FILENO);
				1144	dup2(fd, STDOUT_FILENO);
Darren Tucker	0cca17f	2013-06-06 08:21:14 +1000	[diff] [blame]	1145	if (!log_stderr)
				1146	dup2(fd, STDERR_FILENO);
				1147	if (fd > (log_stderr ? STDERR_FILENO : STDOUT_FILENO))
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1148	close(fd);
				1149	}
				1150	debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
				1151	}
				1152
				1153	/*
				1154	* Listen for TCP connections
				1155	*/
				1156	static void
				1157	server_listen(void)
				1158	{
				1159	int ret, listen_sock, on = 1;
				1160	struct addrinfo *ai;
				1161	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
				1162
				1163	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
				1164	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
				1165	continue;
				1166	if (num_listen_socks >= MAX_LISTEN_SOCKS)
				1167	fatal("Too many listen sockets. "
				1168	"Enlarge MAX_LISTEN_SOCKS");
				1169	if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
				1170	ntop, sizeof(ntop), strport, sizeof(strport),
				1171	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {
				1172	error("getnameinfo failed: %.100s",
Darren Tucker	4abde77	2007-12-29 02:43:51 +1100	[diff] [blame]	1173	ssh_gai_strerror(ret));
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1174	continue;
				1175	}
				1176	/* Create socket for listening. */
Darren Tucker	7bd98e7	2010-01-10 10:31:12 +1100	[diff] [blame]	1177	listen_sock = socket(ai->ai_family, ai->ai_socktype,
				1178	ai->ai_protocol);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1179	if (listen_sock < 0) {
				1180	/* kernel may not support ipv6 */
				1181	verbose("socket: %.100s", strerror(errno));
				1182	continue;
				1183	}
				1184	if (set_nonblock(listen_sock) == -1) {
				1185	close(listen_sock);
				1186	continue;
				1187	}
				1188	/*
				1189	* Set socket options.
				1190	* Allow local port reuse in TIME_WAIT.
				1191	*/
				1192	if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
				1193	&on, sizeof(on)) == -1)
				1194	error("setsockopt SO_REUSEADDR: %s", strerror(errno));
				1195
Damien Miller	49d2a28	2008-01-20 08:56:00 +1100	[diff] [blame]	1196	/* Only communicate in IPv6 over AF_INET6 sockets. */
Damien Miller	04ee0f8	2009-11-18 17:48:30 +1100	[diff] [blame]	1197	if (ai->ai_family == AF_INET6)
				1198	sock_set_v6only(listen_sock);
Damien Miller	49d2a28	2008-01-20 08:56:00 +1100	[diff] [blame]	1199
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1200	debug("Bind to port %s on %s.", strport, ntop);
				1201
				1202	/* Bind the socket to the desired port. */
				1203	if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
				1204	error("Bind to port %s on %s failed: %.200s.",
				1205	strport, ntop, strerror(errno));
				1206	close(listen_sock);
				1207	continue;
				1208	}
				1209	listen_socks[num_listen_socks] = listen_sock;
				1210	num_listen_socks++;
				1211
				1212	/* Start listening on the port. */
				1213	if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
				1214	fatal("listen on [%s]:%s: %.100s",
				1215	ntop, strport, strerror(errno));
				1216	logit("Server listening on %s port %s.", ntop, strport);
				1217	}
				1218	freeaddrinfo(options.listen_addrs);
				1219
				1220	if (!num_listen_socks)
				1221	fatal("Cannot bind any address.");
				1222	}
				1223
				1224	/*
				1225	* The main TCP accept loop. Note that, for the non-debug case, returns
				1226	* from this function are in a forked subprocess.
				1227	*/
				1228	static void
				1229	server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
				1230	{
				1231	fd_set *fdset;
				1232	int i, j, ret, maxfd;
				1233	int key_used = 0, startups = 0;
				1234	int startup_p[2] = { -1 , -1 };
				1235	struct sockaddr_storage from;
				1236	socklen_t fromlen;
				1237	pid_t pid;
Damien Miller	045bda5	2013-09-14 09:44:37 +1000	[diff] [blame]	1238	u_char rnd[256];
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1239
				1240	/* setup fd set for accept */
				1241	fdset = NULL;
				1242	maxfd = 0;
				1243	for (i = 0; i < num_listen_socks; i++)
				1244	if (listen_socks[i] > maxfd)
				1245	maxfd = listen_socks[i];
				1246	/* pipes connected to unauthenticated childs */
				1247	startup_pipes = xcalloc(options.max_startups, sizeof(int));
				1248	for (i = 0; i < options.max_startups; i++)
				1249	startup_pipes[i] = -1;
				1250
				1251	/*
				1252	* Stay listening for connections until the system crashes or
				1253	* the daemon is killed with a signal.
				1254	*/
				1255	for (;;) {
				1256	if (received_sighup)
				1257	sighup_restart();
				1258	if (fdset != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1259	free(fdset);
deraadt@openbsd.org	ce445b0	2015-08-20 22:32:42 +0000	[diff] [blame]	1260	fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1261	sizeof(fd_mask));
				1262
				1263	for (i = 0; i < num_listen_socks; i++)
				1264	FD_SET(listen_socks[i], fdset);
				1265	for (i = 0; i < options.max_startups; i++)
				1266	if (startup_pipes[i] != -1)
				1267	FD_SET(startup_pipes[i], fdset);
				1268
				1269	/* Wait in select until there is a connection. */
				1270	ret = select(maxfd+1, fdset, NULL, NULL, NULL);
				1271	if (ret < 0 && errno != EINTR)
				1272	error("select: %.100s", strerror(errno));
				1273	if (received_sigterm) {
				1274	logit("Received signal %d; terminating.",
				1275	(int) received_sigterm);
				1276	close_listen_socks();
djm@openbsd.org	161cf41	2014-12-22 07:55:51 +0000	[diff] [blame]	1277	if (options.pid_file != NULL)
				1278	unlink(options.pid_file);
Damien Miller	26b57ce	2011-05-05 14:15:09 +1000	[diff] [blame]	1279	exit(received_sigterm == SIGTERM ? 0 : 255);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1280	}
				1281	if (key_used && key_do_regen) {
				1282	generate_ephemeral_server_key();
				1283	key_used = 0;
				1284	key_do_regen = 0;
				1285	}
				1286	if (ret < 0)
				1287	continue;
				1288
				1289	for (i = 0; i < options.max_startups; i++)
				1290	if (startup_pipes[i] != -1 &&
				1291	FD_ISSET(startup_pipes[i], fdset)) {
				1292	/*
				1293	* the read end of the pipe is ready
				1294	* if the child has closed the pipe
				1295	* after successful authentication
				1296	* or if the child has died
				1297	*/
				1298	close(startup_pipes[i]);
				1299	startup_pipes[i] = -1;
				1300	startups--;
				1301	}
				1302	for (i = 0; i < num_listen_socks; i++) {
				1303	if (!FD_ISSET(listen_socks[i], fdset))
				1304	continue;
				1305	fromlen = sizeof(from);
				1306	*newsock = accept(listen_socks[i],
				1307	(struct sockaddr *)&from, &fromlen);
				1308	if (*newsock < 0) {
Damien Miller	37f1c08	2013-04-23 15:20:43 +1000	[diff] [blame]	1309	if (errno != EINTR && errno != EWOULDBLOCK &&
				1310	errno != ECONNABORTED && errno != EAGAIN)
Damien Miller	a116d13	2012-04-22 11:23:46 +1000	[diff] [blame]	1311	error("accept: %.100s",
				1312	strerror(errno));
				1313	if (errno == EMFILE \|\| errno == ENFILE)
				1314	usleep(100 * 1000);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1315	continue;
				1316	}
				1317	if (unset_nonblock(*newsock) == -1) {
				1318	close(*newsock);
				1319	continue;
				1320	}
				1321	if (drop_connection(startups) == 1) {
				1322	debug("drop connection #%d", startups);
				1323	close(*newsock);
				1324	continue;
				1325	}
				1326	if (pipe(startup_p) == -1) {
				1327	close(*newsock);
				1328	continue;
				1329	}
				1330
				1331	if (rexec_flag && socketpair(AF_UNIX,
				1332	SOCK_STREAM, 0, config_s) == -1) {
				1333	error("reexec socketpair: %s",
				1334	strerror(errno));
				1335	close(*newsock);
				1336	close(startup_p[0]);
				1337	close(startup_p[1]);
				1338	continue;
				1339	}
				1340
				1341	for (j = 0; j < options.max_startups; j++)
				1342	if (startup_pipes[j] == -1) {
				1343	startup_pipes[j] = startup_p[0];
				1344	if (maxfd < startup_p[0])
				1345	maxfd = startup_p[0];
				1346	startups++;
				1347	break;
				1348	}
				1349
				1350	/*
				1351	* Got connection. Fork a child to handle it, unless
				1352	* we are in debugging mode.
				1353	*/
				1354	if (debug_flag) {
				1355	/*
				1356	* In debugging mode. Close the listening
				1357	* socket, and start processing the
				1358	* connection without forking.
				1359	*/
				1360	debug("Server will not fork when running in debugging mode.");
				1361	close_listen_socks();
				1362	sock_in = newsock;
				1363	sock_out = newsock;
				1364	close(startup_p[0]);
				1365	close(startup_p[1]);
				1366	startup_pipe = -1;
				1367	pid = getpid();
				1368	if (rexec_flag) {
				1369	send_rexec_state(config_s[0],
				1370	&cfg);
				1371	close(config_s[0]);
				1372	}
				1373	break;
				1374	}
				1375
				1376	/*
				1377	* Normal production daemon. Fork, and have
				1378	* the child process the connection. The
				1379	* parent continues listening.
				1380	*/
Damien Miller	1b06dc3	2006-08-31 03:24:41 +1000	[diff] [blame]	1381	platform_pre_fork();
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1382	if ((pid = fork()) == 0) {
				1383	/*
				1384	* Child. Close the listening and
				1385	* max_startup sockets. Start using
				1386	* the accepted socket. Reinitialize
				1387	* logging (since our pid has changed).
				1388	* We break out of the loop to handle
				1389	* the connection.
				1390	*/
Damien Miller	1b06dc3	2006-08-31 03:24:41 +1000	[diff] [blame]	1391	platform_post_fork_child();
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1392	startup_pipe = startup_p[1];
				1393	close_startup_pipes();
				1394	close_listen_socks();
				1395	sock_in = newsock;
				1396	sock_out = newsock;
				1397	log_init(__progname,
				1398	options.log_level,
				1399	options.log_facility,
				1400	log_stderr);
				1401	if (rexec_flag)
				1402	close(config_s[0]);
				1403	break;
				1404	}
				1405
				1406	/* Parent. Stay in the loop. */
Damien Miller	1b06dc3	2006-08-31 03:24:41 +1000	[diff] [blame]	1407	platform_post_fork_parent(pid);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1408	if (pid < 0)
				1409	error("fork: %.100s", strerror(errno));
				1410	else
				1411	debug("Forked child %ld.", (long)pid);
				1412
				1413	close(startup_p[1]);
				1414
				1415	if (rexec_flag) {
				1416	send_rexec_state(config_s[0], &cfg);
				1417	close(config_s[0]);
				1418	close(config_s[1]);
				1419	}
				1420
				1421	/*
				1422	* Mark that the key has been used (it
				1423	* was "given" to the child).
				1424	*/
				1425	if ((options.protocol & SSH_PROTO_1) &&
				1426	key_used == 0) {
				1427	/* Schedule server key regeneration alarm. */
				1428	signal(SIGALRM, key_regeneration_alarm);
				1429	alarm(options.key_regeneration_time);
				1430	key_used = 1;
				1431	}
				1432
				1433	close(*newsock);
				1434
				1435	/*
				1436	* Ensure that our random state differs
				1437	* from that of the child
				1438	*/
				1439	arc4random_stir();
Damien Miller	045bda5	2013-09-14 09:44:37 +1000	[diff] [blame]	1440	arc4random_buf(rnd, sizeof(rnd));
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	1441	#ifdef WITH_OPENSSL
Damien Miller	045bda5	2013-09-14 09:44:37 +1000	[diff] [blame]	1442	RAND_seed(rnd, sizeof(rnd));
Damien Miller	07889c7	2015-11-14 18:44:49 +1100	[diff] [blame^]	1443	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
				1444	fatal("%s: RAND_bytes failed", __func__);
Damien Miller	72ef7c1	2015-01-15 02:21:31 +1100	[diff] [blame]	1445	#endif
Damien Miller	1d2c456	2014-02-04 11:18:20 +1100	[diff] [blame]	1446	explicit_bzero(rnd, sizeof(rnd));
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1447	}
				1448
				1449	/* child process check (or debug mode) */
				1450	if (num_listen_socks < 0)
				1451	break;
				1452	}
				1453	}
				1454
				1455
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1456	/*
				1457	* Main program for the daemon.
				1458	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1459	int
				1460	main(int ac, char **av)
				1461	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1462	extern char *optarg;
				1463	extern int optind;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1464	int r, opt, i, j, on = 1;
Damien Miller	386c6a2	2004-06-30 22:40:20 +1000	[diff] [blame]	1465	int sock_in = -1, sock_out = -1, newsock = -1;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1466	const char *remote_ip;
				1467	int remote_port;
dtucker@openbsd.org	15fdfc9	2015-04-15 23:23:25 +0000	[diff] [blame]	1468	char fp, line, laddr, logfile = NULL;
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1469	int config_s[2] = { -1 , -1 };
Damien Miller	a6e3f01	2012-11-04 23:21:40 +1100	[diff] [blame]	1470	u_int n;
Damien Miller	b61f3fc	2008-07-11 17:36:48 +1000	[diff] [blame]	1471	u_int64_t ibytes, obytes;
Damien Miller	6ca16c6	2008-06-16 07:50:58 +1000	[diff] [blame]	1472	mode_t new_umask;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1473	Key *key;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1474	Key *pubkey;
				1475	int keytype;
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1476	Authctxt *authctxt;
Darren Tucker	fbcf827	2012-05-19 19:37:01 +1000	[diff] [blame]	1477	struct connection_info *connection_info = get_connection_info(0, 0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1478
Kevin Steves	0ea1d9d	2002-04-25 18:17:04 +0000	[diff] [blame]	1479	#ifdef HAVE_SECUREWARE
				1480	(void)set_auth_parameters(ac, av);
				1481	#endif
Damien Miller	59d3d5b	2003-08-22 09:34:41 +1000	[diff] [blame]	1482	__progname = ssh_get_progname(av[0]);
Damien Miller	f9b625c	2000-07-09 22:42:32 +1000	[diff] [blame]	1483
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1484	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame]	1485	saved_argc = ac;
Darren Tucker	17c5d03	2004-06-25 14:22:23 +1000	[diff] [blame]	1486	rexec_argc = ac;
Darren Tucker	d8093e4	2006-05-04 16:24:34 +1000	[diff] [blame]	1487	saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1488	for (i = 0; i < ac; i++)
				1489	saved_argv[i] = xstrdup(av[i]);
Damien Miller	04cb536	2003-05-15 21:29:10 +1000	[diff] [blame]	1490	saved_argv[i] = NULL;
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1491
				1492	#ifndef HAVE_SETPROCTITLE
				1493	/* Prepare for later setproctitle emulation */
				1494	compat_init_setproctitle(ac, av);
Damien Miller	f2e3e9d	2003-06-02 12:15:54 +1000	[diff] [blame]	1495	av = saved_argv;
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1496	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1497
Damien Miller	bfba354	2004-03-22 09:29:57 +1100	[diff] [blame]	1498	if (geteuid() == 0 && setgroups(0, NULL) == -1)
				1499	debug("setgroups(): %.200s", strerror(errno));
				1500
Darren Tucker	ce321d8	2005-10-03 18:11:24 +1000	[diff] [blame]	1501	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
				1502	sanitise_stdfd();
				1503
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1504	/* Initialize configuration options to their default values. */
				1505	initialize_server_options(&options);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1506
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1507	/* Parse command-line arguments. */
djm@openbsd.org	3e91b4e	2015-05-24 23:39:16 +0000	[diff] [blame]	1508	while ((opt = getopt(ac, av,
				1509	"C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrt")) != -1) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1510	switch (opt) {
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1511	case '4':
Darren Tucker	0f38323	2005-01-20 10:57:56 +1100	[diff] [blame]	1512	options.address_family = AF_INET;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1513	break;
				1514	case '6':
Darren Tucker	0f38323	2005-01-20 10:57:56 +1100	[diff] [blame]	1515	options.address_family = AF_INET6;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1516	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1517	case 'f':
				1518	config_file_name = optarg;
				1519	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1520	case 'c':
				1521	if (options.num_host_cert_files >= MAX_HOSTCERTS) {
				1522	fprintf(stderr, "too many host certificates.\n");
				1523	exit(1);
				1524	}
				1525	options.host_cert_files[options.num_host_cert_files++] =
				1526	derelativise_path(optarg);
				1527	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1528	case 'd':
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	1529	if (debug_flag == 0) {
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1530	debug_flag = 1;
				1531	options.log_level = SYSLOG_LEVEL_DEBUG1;
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	1532	} else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1533	options.log_level++;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1534	break;
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	1535	case 'D':
				1536	no_daemon_flag = 1;
				1537	break;
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1538	case 'E':
dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	1539	logfile = optarg;
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1540	/* FALLTHROUGH */
Ben Lindstrom	9fce9f0	2001-04-11 23:10:09 +0000	[diff] [blame]	1541	case 'e':
				1542	log_stderr = 1;
				1543	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1544	case 'i':
				1545	inetd_flag = 1;
				1546	break;
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1547	case 'r':
				1548	rexec_flag = 0;
				1549	break;
				1550	case 'R':
				1551	rexeced_flag = 1;
				1552	inetd_flag = 1;
				1553	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1554	case 'Q':
Ben Lindstrom	d539020	2001-01-29 08:07:43 +0000	[diff] [blame]	1555	/* ignored */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1556	break;
				1557	case 'q':
				1558	options.log_level = SYSLOG_LEVEL_QUIET;
				1559	break;
				1560	case 'b':
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	1561	options.server_key_bits = (int)strtonum(optarg, 256,
				1562	32768, NULL);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1563	break;
				1564	case 'p':
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1565	options.ports_from_cmdline = 1;
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1566	if (options.num_ports >= MAX_PORTS) {
				1567	fprintf(stderr, "too many ports.\n");
				1568	exit(1);
				1569	}
Ben Lindstrom	19066a1	2001-04-12 23:39:26 +0000	[diff] [blame]	1570	options.ports[options.num_ports++] = a2port(optarg);
Damien Miller	3dc71ad	2009-01-28 16:31:22 +1100	[diff] [blame]	1571	if (options.ports[options.num_ports-1] <= 0) {
Ben Lindstrom	19066a1	2001-04-12 23:39:26 +0000	[diff] [blame]	1572	fprintf(stderr, "Bad port number.\n");
				1573	exit(1);
				1574	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1575	break;
				1576	case 'g':
Ben Lindstrom	1bda4c8	2001-06-05 19:59:08 +0000	[diff] [blame]	1577	if ((options.login_grace_time = convtime(optarg)) == -1) {
				1578	fprintf(stderr, "Invalid login grace time.\n");
				1579	exit(1);
				1580	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1581	break;
				1582	case 'k':
Ben Lindstrom	1bda4c8	2001-06-05 19:59:08 +0000	[diff] [blame]	1583	if ((options.key_regeneration_time = convtime(optarg)) == -1) {
				1584	fprintf(stderr, "Invalid key regeneration interval.\n");
				1585	exit(1);
				1586	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1587	break;
				1588	case 'h':
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1589	if (options.num_host_key_files >= MAX_HOSTKEYS) {
				1590	fprintf(stderr, "too many host keys.\n");
				1591	exit(1);
				1592	}
Darren Tucker	88b6fb2	2010-01-13 22:44:29 +1100	[diff] [blame]	1593	options.host_key_files[options.num_host_key_files++] =
				1594	derelativise_path(optarg);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1595	break;
Ben Lindstrom	794325a	2001-08-06 21:09:07 +0000	[diff] [blame]	1596	case 't':
				1597	test_flag = 1;
				1598	break;
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1599	case 'T':
				1600	test_flag = 2;
				1601	break;
				1602	case 'C':
Darren Tucker	fbcf827	2012-05-19 19:37:01 +1000	[diff] [blame]	1603	if (parse_server_match_testspec(connection_info,
				1604	optarg) == -1)
				1605	exit(1);
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1606	break;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	1607	case 'u':
deraadt@openbsd.org	087266e	2015-01-20 23:14:00 +0000	[diff] [blame]	1608	utmp_len = (u_int)strtonum(optarg, 0, HOST_NAME_MAX+1+1, NULL);
				1609	if (utmp_len > HOST_NAME_MAX+1) {
Ben Lindstrom	41daec7	2002-07-23 21:15:13 +0000	[diff] [blame]	1610	fprintf(stderr, "Invalid utmp length.\n");
				1611	exit(1);
				1612	}
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	1613	break;
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1614	case 'o':
Damien Miller	b999719	2003-12-17 16:29:22 +1100	[diff] [blame]	1615	line = xstrdup(optarg);
				1616	if (process_server_config_line(&options, line,
Darren Tucker	fbcf827	2012-05-19 19:37:01 +1000	[diff] [blame]	1617	"command-line", 0, NULL, NULL) != 0)
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1618	exit(1);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1619	free(line);
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1620	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1621	case '?':
				1622	default:
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1623	usage();
				1624	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1625	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1626	}
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1627	if (rexeced_flag \|\| inetd_flag)
				1628	rexec_flag = 0;
Damien Miller	2ee0c43	2008-03-07 18:31:47 +1100	[diff] [blame]	1629	if (!test_flag && (rexec_flag && (av[0] == NULL \|\| *av[0] != '/')))
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1630	fatal("sshd re-exec requires execution with an absolute path");
				1631	if (rexeced_flag)
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1632	closefrom(REEXEC_MIN_FREE_FD);
				1633	else
				1634	closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1635
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1636	#ifdef WITH_OPENSSL
Damien Miller	4314c2b	2010-09-10 11:12:09 +1000	[diff] [blame]	1637	OpenSSL_add_all_algorithms();
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1638	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1639
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1640	/* If requested, redirect the logs to the specified logfile. */
dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	1641	if (logfile != NULL)
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1642	log_redirect_stderr_to(logfile);
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1643	/*
				1644	* Force logging to stderr until we have loaded the private host
				1645	* key (unless started from inetd)
				1646	*/
Kevin Steves	ec84dc1	2000-12-13 17:45:15 +0000	[diff] [blame]	1647	log_init(__progname,
Damien Miller	5aa5d78	2002-02-08 22:01:54 +1100	[diff] [blame]	1648	options.log_level == SYSLOG_LEVEL_NOT_SET ?
				1649	SYSLOG_LEVEL_INFO : options.log_level,
				1650	options.log_facility == SYSLOG_FACILITY_NOT_SET ?
				1651	SYSLOG_FACILITY_AUTH : options.log_facility,
Ben Lindstrom	c2faa4a	2002-11-09 15:50:03 +0000	[diff] [blame]	1652	log_stderr \|\| !inetd_flag);
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1653
Darren Tucker	86c093d	2004-03-08 22:59:03 +1100	[diff] [blame]	1654	/*
				1655	* Unset KRB5CCNAME, otherwise the user's session may inherit it from
				1656	* root's environment
Damien Miller	94cf4c8	2005-07-17 17:04:47 +1000	[diff] [blame]	1657	*/
Darren Tucker	9dc6c7d	2005-02-02 18:30:33 +1100	[diff] [blame]	1658	if (getenv("KRB5CCNAME") != NULL)
Tim Rice	e3609c9	2012-02-14 10:03:30 -0800	[diff] [blame]	1659	(void) unsetenv("KRB5CCNAME");
Darren Tucker	9dc6c7d	2005-02-02 18:30:33 +1100	[diff] [blame]	1660
Tim Rice	81ed518	2002-09-25 17:38:46 -0700	[diff] [blame]	1661	#ifdef _UNICOS
Darren Tucker	1298496	2004-05-24 13:37:13 +1000	[diff] [blame]	1662	/* Cray can define user privs drop all privs now!
Ben Lindstrom	6db66ff	2001-08-06 23:29:16 +0000	[diff] [blame]	1663	* Not needed on PRIV_SU systems!
				1664	*/
				1665	drop_cray_privs();
				1666	#endif
				1667
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1668	sensitive_data.server_key = NULL;
				1669	sensitive_data.ssh1_host_key = NULL;
				1670	sensitive_data.have_ssh1_key = 0;
				1671	sensitive_data.have_ssh2_key = 0;
				1672
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1673	/*
				1674	* If we're doing an extended config test, make sure we have all of
				1675	* the parameters we need. If we're not doing an extended test,
				1676	* do not silently ignore connection test params.
				1677	*/
Darren Tucker	fbcf827	2012-05-19 19:37:01 +1000	[diff] [blame]	1678	if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0)
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1679	fatal("user, host and addr are all required when testing "
				1680	"Match configs");
Darren Tucker	fbcf827	2012-05-19 19:37:01 +1000	[diff] [blame]	1681	if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0)
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1682	fatal("Config test connection parameter (-C) provided without "
				1683	"test mode (-T)");
				1684
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1685	/* Fetch our configuration */
				1686	buffer_init(&cfg);
				1687	if (rexeced_flag)
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1688	recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg);
djm@openbsd.org	dbcc652	2015-04-27 00:21:21 +0000	[diff] [blame]	1689	else if (strcasecmp(config_file_name, "none") != 0)
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1690	load_server_config(config_file_name, &cfg);
				1691
Darren Tucker	4515047	2006-07-12 22:34:17 +1000	[diff] [blame]	1692	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
Darren Tucker	fbcf827	2012-05-19 19:37:01 +1000	[diff] [blame]	1693	&cfg, NULL);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1694
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	1695	seed_rng();
				1696
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1697	/* Fill in default values for those options not explicitly set. */
				1698	fill_default_server_options(&options);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1699
Darren Tucker	97b1bb5	2007-03-21 20:38:53 +1100	[diff] [blame]	1700	/* challenge-response is implemented via keyboard interactive */
				1701	if (options.challenge_response_authentication)
				1702	options.kbd_interactive_authentication = 1;
				1703
Damien Miller	d0d1099	2012-11-04 22:23:14 +1100	[diff] [blame]	1704	/* Check that options are sensible */
				1705	if (options.authorized_keys_command_user == NULL &&
				1706	(options.authorized_keys_command != NULL &&
				1707	strcasecmp(options.authorized_keys_command, "none") != 0))
				1708	fatal("AuthorizedKeysCommand set without "
				1709	"AuthorizedKeysCommandUser");
djm@openbsd.org	bcc50d8	2015-05-21 06:43:30 +0000	[diff] [blame]	1710	if (options.authorized_principals_command_user == NULL &&
				1711	(options.authorized_principals_command != NULL &&
				1712	strcasecmp(options.authorized_principals_command, "none") != 0))
				1713	fatal("AuthorizedPrincipalsCommand set without "
				1714	"AuthorizedPrincipalsCommandUser");
Damien Miller	d0d1099	2012-11-04 22:23:14 +1100	[diff] [blame]	1715
Damien Miller	a6e3f01	2012-11-04 23:21:40 +1100	[diff] [blame]	1716	/*
				1717	* Check whether there is any path through configured auth methods.
				1718	* Unfortunately it is not possible to verify this generally before
				1719	* daemonisation in the presence of Match block, but this catches
				1720	* and warns for trivial misconfigurations that could break login.
				1721	*/
				1722	if (options.num_auth_methods != 0) {
				1723	if ((options.protocol & SSH_PROTO_1))
				1724	fatal("AuthenticationMethods is not supported with "
				1725	"SSH protocol 1");
				1726	for (n = 0; n < options.num_auth_methods; n++) {
				1727	if (auth2_methods_valid(options.auth_methods[n],
				1728	1) == 0)
				1729	break;
				1730	}
				1731	if (n >= options.num_auth_methods)
				1732	fatal("AuthenticationMethods cannot be satisfied by "
				1733	"enabled authentication methods");
				1734	}
				1735
Darren Tucker	7bd98e7	2010-01-10 10:31:12 +1100	[diff] [blame]	1736	/* set default channel AF */
Darren Tucker	0f38323	2005-01-20 10:57:56 +1100	[diff] [blame]	1737	channel_set_af(options.address_family);
				1738
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1739	/* Check that there are no remaining arguments. */
				1740	if (optind < ac) {
				1741	fprintf(stderr, "Extra argument %s.\n", av[optind]);
				1742	exit(1);
				1743	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1744
Damien Miller	22e8a1e	2013-02-12 11:04:48 +1100	[diff] [blame]	1745	debug("sshd version %s, %s", SSH_VERSION,
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1746	#ifdef WITH_OPENSSL
				1747	SSLeay_version(SSLEAY_VERSION)
				1748	#else
				1749	"without OpenSSL"
				1750	#endif
				1751	);
Damien Miller	2ccf661	1999-11-15 15:25:10 +1100	[diff] [blame]	1752
Darren Tucker	df0e438	2006-11-07 11:28:40 +1100	[diff] [blame]	1753	/* Store privilege separation user for later use if required. */
				1754	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
				1755	if (use_privsep \|\| options.kerberos_authentication)
				1756	fatal("Privilege separation user %s does not exist",
				1757	SSH_PRIVSEP_USER);
				1758	} else {
Damien Miller	a5103f4	2014-02-04 11:20:14 +1100	[diff] [blame]	1759	explicit_bzero(privsep_pw->pw_passwd,
				1760	strlen(privsep_pw->pw_passwd));
Darren Tucker	df0e438	2006-11-07 11:28:40 +1100	[diff] [blame]	1761	privsep_pw = pwcopy(privsep_pw);
Darren Tucker	f60845f	2013-06-02 08:07:31 +1000	[diff] [blame]	1762	free(privsep_pw->pw_passwd);
Darren Tucker	df0e438	2006-11-07 11:28:40 +1100	[diff] [blame]	1763	privsep_pw->pw_passwd = xstrdup("*");
				1764	}
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	1765	endpwent();
				1766
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1767	/* load host keys */
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1768	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	1769	sizeof(Key *));
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1770	sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,
				1771	sizeof(Key *));
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1772
				1773	if (options.host_key_agent) {
				1774	if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
				1775	setenv(SSH_AUTHSOCKET_ENV_NAME,
				1776	options.host_key_agent, 1);
djm@openbsd.org	83f8ffa	2015-01-17 18:53:34 +0000	[diff] [blame]	1777	if ((r = ssh_get_authentication_socket(NULL)) == 0)
				1778	have_agent = 1;
				1779	else
				1780	error("Could not connect to agent \"%s\": %s",
				1781	options.host_key_agent, ssh_err(r));
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1782	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1783
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1784	for (i = 0; i < options.num_host_key_files; i++) {
djm@openbsd.org	161cf41	2014-12-22 07:55:51 +0000	[diff] [blame]	1785	if (options.host_key_files[i] == NULL)
				1786	continue;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1787	key = key_load_private(options.host_key_files[i], "", NULL);
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1788	pubkey = key_load_public(options.host_key_files[i], NULL);
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	1789	if (pubkey == NULL && key != NULL)
				1790	pubkey = key_demote(key);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1791	sensitive_data.host_keys[i] = key;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1792	sensitive_data.host_pubkeys[i] = pubkey;
				1793
djm@openbsd.org	ce63c4b	2015-02-16 22:30:03 +0000	[diff] [blame]	1794	if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 &&
				1795	have_agent) {
				1796	debug("will rely on agent for hostkey %s",
				1797	options.host_key_files[i]);
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1798	keytype = pubkey->type;
				1799	} else if (key != NULL) {
				1800	keytype = key->type;
				1801	} else {
Ben Lindstrom	15f3386	2001-04-16 02:00:02 +0000	[diff] [blame]	1802	error("Could not load host key: %s",
				1803	options.host_key_files[i]);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1804	sensitive_data.host_keys[i] = NULL;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1805	sensitive_data.host_pubkeys[i] = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1806	continue;
				1807	}
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	1808
				1809	switch (keytype) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1810	case KEY_RSA1:
				1811	sensitive_data.ssh1_host_key = key;
				1812	sensitive_data.have_ssh1_key = 1;
				1813	break;
				1814	case KEY_RSA:
				1815	case KEY_DSA:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1816	case KEY_ECDSA:
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	1817	case KEY_ED25519:
djm@openbsd.org	6049a54	2015-01-31 20:30:05 +0000	[diff] [blame]	1818	if (have_agent \|\| key != NULL)
				1819	sensitive_data.have_ssh2_key = 1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1820	break;
				1821	}
djm@openbsd.org	6049a54	2015-01-31 20:30:05 +0000	[diff] [blame]	1822	if ((fp = sshkey_fingerprint(pubkey, options.fingerprint_hash,
				1823	SSH_FP_DEFAULT)) == NULL)
				1824	fatal("sshkey_fingerprint failed");
				1825	debug("%s host key #%d: %s %s",
djm@openbsd.org	ce63c4b	2015-02-16 22:30:03 +0000	[diff] [blame]	1826	key ? "private" : "agent", i, keytype == KEY_RSA1 ?
djm@openbsd.org	6049a54	2015-01-31 20:30:05 +0000	[diff] [blame]	1827	sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp);
				1828	free(fp);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1829	}
				1830	if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1831	logit("Disabling protocol version 1. Could not load host key");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1832	options.protocol &= ~SSH_PROTO_1;
				1833	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1834	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1835	logit("Disabling protocol version 2. Could not load host key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1836	options.protocol &= ~SSH_PROTO_2;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1837	}
Kevin Steves	adf74cd	2001-02-05 14:22:50 +0000	[diff] [blame]	1838	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1839	logit("sshd: no hostkeys available -- exiting.");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1840	exit(1);
				1841	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1842
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1843	/*
				1844	* Load certificates. They are stored in an array at identical
				1845	* indices to the public keys that they relate to.
				1846	*/
				1847	sensitive_data.host_certificates = xcalloc(options.num_host_key_files,
				1848	sizeof(Key *));
				1849	for (i = 0; i < options.num_host_key_files; i++)
				1850	sensitive_data.host_certificates[i] = NULL;
				1851
				1852	for (i = 0; i < options.num_host_cert_files; i++) {
djm@openbsd.org	161cf41	2014-12-22 07:55:51 +0000	[diff] [blame]	1853	if (options.host_cert_files[i] == NULL)
				1854	continue;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1855	key = key_load_public(options.host_cert_files[i], NULL);
				1856	if (key == NULL) {
				1857	error("Could not load host certificate: %s",
				1858	options.host_cert_files[i]);
				1859	continue;
				1860	}
				1861	if (!key_is_cert(key)) {
				1862	error("Certificate file is not a certificate: %s",
				1863	options.host_cert_files[i]);
				1864	key_free(key);
				1865	continue;
				1866	}
				1867	/* Find matching private key */
				1868	for (j = 0; j < options.num_host_key_files; j++) {
				1869	if (key_equal_public(key,
				1870	sensitive_data.host_keys[j])) {
				1871	sensitive_data.host_certificates[j] = key;
				1872	break;
				1873	}
				1874	}
				1875	if (j >= options.num_host_key_files) {
				1876	error("No matching private key for certificate: %s",
				1877	options.host_cert_files[i]);
				1878	key_free(key);
				1879	continue;
				1880	}
				1881	sensitive_data.host_certificates[j] = key;
				1882	debug("host certificate: #%d type %d %s", j, key->type,
				1883	key_type(key));
				1884	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1885
				1886	#ifdef WITH_SSH1
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1887	/* Check certain values for sanity. */
				1888	if (options.protocol & SSH_PROTO_1) {
djm@openbsd.org	933935c	2015-07-03 03:49:45 +0000	[diff] [blame]	1889	if (options.server_key_bits < SSH_RSA_MINIMUM_MODULUS_SIZE \|\|
				1890	options.server_key_bits > OPENSSL_RSA_MAX_MODULUS_BITS) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1891	fprintf(stderr, "Bad server key size.\n");
				1892	exit(1);
				1893	}
				1894	/*
				1895	* Check that server and host key lengths differ sufficiently. This
				1896	* is necessary to make double encryption work with rsaref. Oh, I
				1897	* hate software patents. I dont know if this can go? Niels
				1898	*/
				1899	if (options.server_key_bits >
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	1900	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
				1901	SSH_KEY_BITS_RESERVED && options.server_key_bits <
				1902	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
				1903	SSH_KEY_BITS_RESERVED) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1904	options.server_key_bits =
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	1905	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
				1906	SSH_KEY_BITS_RESERVED;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1907	debug("Forcing server key to %d bits to make it differ from host key.",
				1908	options.server_key_bits);
				1909	}
				1910	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1911	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1912
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1913	if (use_privsep) {
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1914	struct stat st;
				1915
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1916	if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) \|\|
				1917	(S_ISDIR(st.st_mode) == 0))
				1918	fatal("Missing privilege separation directory: %s",
				1919	_PATH_PRIVSEP_CHROOT_DIR);
Ben Lindstrom	5962735	2002-06-27 18:02:21 +0000	[diff] [blame]	1920
				1921	#ifdef HAVE_CYGWIN
				1922	if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
				1923	(st.st_uid != getuid () \|\|
				1924	(st.st_mode & (S_IWGRP\|S_IWOTH)) != 0))
				1925	#else
Ben Lindstrom	2dfacb3	2002-06-23 00:33:47 +0000	[diff] [blame]	1926	if (st.st_uid != 0 \|\| (st.st_mode & (S_IWGRP\|S_IWOTH)) != 0)
Ben Lindstrom	5962735	2002-06-27 18:02:21 +0000	[diff] [blame]	1927	#endif
Damien Miller	180fc5b	2003-02-24 11:50:18 +1100	[diff] [blame]	1928	fatal("%s must be owned by root and not group or "
				1929	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1930	}
				1931
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1932	if (test_flag > 1) {
Darren Tucker	fbcf827	2012-05-19 19:37:01 +1000	[diff] [blame]	1933	if (server_match_spec_complete(connection_info) == 1)
				1934	parse_server_match_config(&options, connection_info);
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1935	dump_config(&options);
				1936	}
				1937
Ben Lindstrom	794325a	2001-08-06 21:09:07 +0000	[diff] [blame]	1938	/* Configuration looks good, so exit if in test mode. */
				1939	if (test_flag)
				1940	exit(0);
				1941
Damien Miller	87aea25	2002-05-10 12:20:24 +1000	[diff] [blame]	1942	/*
				1943	* Clear out any supplemental groups we may have inherited. This
				1944	* prevents inadvertent creation of files with bad modes (in the
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	1945	* portable version at least, it's certainly possible for PAM
				1946	* to create a file, and we can't control the code in every
Damien Miller	87aea25	2002-05-10 12:20:24 +1000	[diff] [blame]	1947	* module which might be used).
				1948	*/
				1949	if (setgroups(0, NULL) < 0)
				1950	debug("setgroups() failed: %.200s", strerror(errno));
				1951
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1952	if (rexec_flag) {
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1953	rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1954	for (i = 0; i < rexec_argc; i++) {
				1955	debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
				1956	rexec_argv[i] = saved_argv[i];
				1957	}
				1958	rexec_argv[rexec_argc] = "-R";
				1959	rexec_argv[rexec_argc + 1] = NULL;
				1960	}
				1961
Damien Miller	6ca16c6	2008-06-16 07:50:58 +1000	[diff] [blame]	1962	/* Ensure that umask disallows at least group and world write */
				1963	new_umask = umask(0077) \| 0022;
				1964	(void) umask(new_umask);
				1965
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1966	/* Initialize the log (it is reinitialized below in case we forked). */
Darren Tucker	ea7c812	2005-01-20 11:03:08 +1100	[diff] [blame]	1967	if (debug_flag && (!inetd_flag \|\| rexeced_flag))
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1968	log_stderr = 1;
Kevin Steves	ec84dc1	2000-12-13 17:45:15 +0000	[diff] [blame]	1969	log_init(__progname, options.log_level, options.log_facility, log_stderr);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1970
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1971	/*
				1972	* If not in debugging mode, and not started from inetd, disconnect
				1973	* from the controlling terminal, and fork. The original process
				1974	* exits.
				1975	*/
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	1976	if (!(debug_flag \|\| inetd_flag \|\| no_daemon_flag)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1977	#ifdef TIOCNOTTY
				1978	int fd;
				1979	#endif /* TIOCNOTTY */
				1980	if (daemon(0, 0) < 0)
				1981	fatal("daemon() failed: %.200s", strerror(errno));
				1982
				1983	/* Disconnect from the controlling tty. */
				1984	#ifdef TIOCNOTTY
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	1985	fd = open(_PATH_TTY, O_RDWR \| O_NOCTTY);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1986	if (fd >= 0) {
				1987	(void) ioctl(fd, TIOCNOTTY, NULL);
				1988	close(fd);
				1989	}
				1990	#endif /* TIOCNOTTY */
				1991	}
				1992	/* Reinitialize the log (because of the fork above). */
Kevin Steves	ec84dc1	2000-12-13 17:45:15 +0000	[diff] [blame]	1993	log_init(__progname, options.log_level, options.log_facility, log_stderr);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1994
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1995	/* Chdir to the root directory so that the current disk can be
				1996	unmounted if desired. */
Darren Tucker	dbee308	2013-05-16 20:32:29 +1000	[diff] [blame]	1997	if (chdir("/") == -1)
				1998	error("chdir(\"/\"): %s", strerror(errno));
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1999
Ben Lindstrom	de71cda	2001-03-24 00:43:26 +0000	[diff] [blame]	2000	/* ignore SIGPIPE */
				2001	signal(SIGPIPE, SIG_IGN);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2002
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	2003	/* Get a connection, either from inetd or a listening TCP socket */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2004	if (inetd_flag) {
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	2005	server_accept_inetd(&sock_in, &sock_out);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2006	} else {
Darren Tucker	c8802aa	2009-12-08 13:39:48 +1100	[diff] [blame]	2007	platform_pre_listen();
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	2008	server_listen();
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	2009
Ben Lindstrom	9809786	2001-06-25 05:10:20 +0000	[diff] [blame]	2010	if (options.protocol & SSH_PROTO_1)
				2011	generate_ephemeral_server_key();
				2012
Ben Lindstrom	9809786	2001-06-25 05:10:20 +0000	[diff] [blame]	2013	signal(SIGHUP, sighup_handler);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	2014	signal(SIGCHLD, main_sigchld_handler);
Ben Lindstrom	9809786	2001-06-25 05:10:20 +0000	[diff] [blame]	2015	signal(SIGTERM, sigterm_handler);
				2016	signal(SIGQUIT, sigterm_handler);
				2017
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	2018	/*
				2019	* Write out the pid file after the sigterm handler
				2020	* is setup and the listen sockets are bound
				2021	*/
djm@openbsd.org	161cf41	2014-12-22 07:55:51 +0000	[diff] [blame]	2022	if (options.pid_file != NULL && !debug_flag) {
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	2023	FILE *f = fopen(options.pid_file, "w");
				2024
Darren Tucker	e532704	2003-07-03 13:40:44 +1000	[diff] [blame]	2025	if (f == NULL) {
				2026	error("Couldn't create pid file \"%s\": %s",
				2027	options.pid_file, strerror(errno));
				2028	} else {
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	2029	fprintf(f, "%ld\n", (long) getpid());
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2030	fclose(f);
				2031	}
				2032	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2033
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	2034	/* Accept a connection and return in a forked child */
				2035	server_accept_loop(&sock_in, &sock_out,
				2036	&newsock, config_s);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2037	}
				2038
				2039	/* This is the child processing a new connection. */
Damien Miller	57aae98	2004-03-08 23:11:25 +1100	[diff] [blame]	2040	setproctitle("%s", "[accepted]");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2041
Darren Tucker	6832b83	2004-08-12 22:36:51 +1000	[diff] [blame]	2042	/*
				2043	* Create a new session and process group since the 4.4BSD
				2044	* setlogin() affects the entire process group. We don't
				2045	* want the child to be able to affect the parent.
				2046	*/
				2047	#if !defined(SSHD_ACQUIRES_CTTY)
				2048	/*
				2049	* If setsid is called, on some platforms sshd will later acquire a
				2050	* controlling terminal which will result in "could not set
				2051	* controlling tty" errors.
				2052	*/
				2053	if (!debug_flag && !inetd_flag && setsid() < 0)
				2054	error("setsid: %.100s", strerror(errno));
				2055	#endif
				2056
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2057	if (rexec_flag) {
				2058	int fd;
				2059
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2060	debug("rexec start in %d out %d newsock %d pipe %d sock %d",
				2061	sock_in, sock_out, newsock, startup_pipe, config_s[0]);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2062	dup2(newsock, STDIN_FILENO);
				2063	dup2(STDIN_FILENO, STDOUT_FILENO);
				2064	if (startup_pipe == -1)
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2065	close(REEXEC_STARTUP_PIPE_FD);
Damien Miller	61ee4d6	2013-10-15 11:56:47 +1100	[diff] [blame]	2066	else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2067	dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD);
Damien Miller	61ee4d6	2013-10-15 11:56:47 +1100	[diff] [blame]	2068	close(startup_pipe);
				2069	startup_pipe = REEXEC_STARTUP_PIPE_FD;
				2070	}
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2071
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2072	dup2(config_s[1], REEXEC_CONFIG_PASS_FD);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2073	close(config_s[1]);
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2074
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2075	execv(rexec_argv[0], rexec_argv);
				2076
				2077	/* Reexec has failed, fall back and continue */
				2078	error("rexec of %s failed: %s", rexec_argv[0], strerror(errno));
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2079	recv_rexec_state(REEXEC_CONFIG_PASS_FD, NULL);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2080	log_init(__progname, options.log_level,
				2081	options.log_facility, log_stderr);
				2082
				2083	/* Clean up fds */
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2084	close(REEXEC_CONFIG_PASS_FD);
				2085	newsock = sock_out = sock_in = dup(STDIN_FILENO);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2086	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
				2087	dup2(fd, STDIN_FILENO);
				2088	dup2(fd, STDOUT_FILENO);
				2089	if (fd > STDERR_FILENO)
				2090	close(fd);
				2091	}
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	2092	debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d",
				2093	sock_in, sock_out, newsock, startup_pipe, config_s[0]);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	2094	}
				2095
Damien Miller	133d9d3	2010-01-30 17:30:04 +1100	[diff] [blame]	2096	/* Executed child processes don't need these. */
				2097	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
				2098	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
				2099
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2100	/*
				2101	* Disable the key regeneration alarm. We will not regenerate the
				2102	* key since we are no longer in a position to give it to anyone. We
				2103	* will not restart on SIGHUP since it no longer makes sense.
				2104	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2105	alarm(0);
				2106	signal(SIGALRM, SIG_DFL);
				2107	signal(SIGHUP, SIG_DFL);
				2108	signal(SIGTERM, SIG_DFL);
				2109	signal(SIGQUIT, SIG_DFL);
				2110	signal(SIGCHLD, SIG_DFL);
Damien Miller	4e0f5e1	2000-08-29 11:05:50 +1100	[diff] [blame]	2111	signal(SIGINT, SIG_DFL);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2112
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2113	/*
				2114	* Register our connection. This turns encryption off because we do
				2115	* not have a key.
				2116	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2117	packet_set_connection(sock_in, sock_out);
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	2118	packet_set_server();
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2119
Damien Miller	4f1d6b2	2005-05-26 11:59:32 +1000	[diff] [blame]	2120	/* Set SO_KEEPALIVE if requested. */
				2121	if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
				2122	setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
				2123	error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
				2124
Damien Miller	677257f	2005-06-17 12:55:03 +1000	[diff] [blame]	2125	if ((remote_port = get_remote_port()) < 0) {
				2126	debug("get_remote_port failed");
				2127	cleanup_exit(255);
				2128	}
Damien Miller	4d3fd54	2005-11-05 15:13:24 +1100	[diff] [blame]	2129
				2130	/*
				2131	* We use get_canonical_hostname with usedns = 0 instead of
				2132	* get_remote_ipaddr here so IP options will be checked.
				2133	*/
Damien Miller	eb13e55	2006-06-13 13:03:53 +1000	[diff] [blame]	2134	(void) get_canonical_hostname(0);
				2135	/*
				2136	* The rest of the code depends on the fact that
				2137	* get_remote_ipaddr() caches the remote ip, even if
				2138	* the socket goes away.
				2139	*/
				2140	remote_ip = get_remote_ipaddr();
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2141
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	2142	#ifdef SSH_AUDIT_EVENTS
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	2143	audit_connection_from(remote_ip, remote_port);
				2144	#endif
Damien Miller	6a4a4b9	2001-11-12 11:07:11 +1100	[diff] [blame]	2145
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2146	/* Log the connection. */
dtucker@openbsd.org	15fdfc9	2015-04-15 23:23:25 +0000	[diff] [blame]	2147	laddr = get_local_ipaddr(sock_in);
Damien Miller	5ecb416	2013-10-24 21:02:02 +1100	[diff] [blame]	2148	verbose("Connection from %s port %d on %s port %d",
dtucker@openbsd.org	15fdfc9	2015-04-15 23:23:25 +0000	[diff] [blame]	2149	remote_ip, remote_port, laddr, get_local_port());
				2150	free(laddr);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2151
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2152	/*
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	2153	* We don't want to listen forever unless the other side
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2154	* successfully authenticates itself. So we set up an alarm which is
				2155	* cleared after successful authentication. A limit of zero
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	2156	* indicates no limit. Note that we don't set the alarm in debugging
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2157	* mode; it is just annoying to have the server exit just when you
				2158	* are about to discover the bug.
				2159	*/
Ben Lindstrom	5ade9ab	2003-08-25 01:16:21 +0000	[diff] [blame]	2160	signal(SIGALRM, grace_alarm_handler);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2161	if (!debug_flag)
				2162	alarm(options.login_grace_time);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2163
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	2164	sshd_exchange_identification(sock_in, sock_out);
Darren Tucker	ec960f2	2003-08-13 20:37:05 +1000	[diff] [blame]	2165
Darren Tucker	5891116	2008-01-01 20:33:09 +1100	[diff] [blame]	2166	/* In inetd mode, generate ephemeral key only for proto 1 connections */
				2167	if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
				2168	generate_ephemeral_server_key();
				2169
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2170	packet_set_nonblocking();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2171
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2172	/* allocate authentication context */
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	2173	authctxt = xcalloc(1, sizeof(*authctxt));
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2174
Darren Tucker	f3bb434	2005-03-31 21:39:25 +1000	[diff] [blame]	2175	authctxt->loginmsg = &loginmsg;
				2176
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2177	/* XXX global for cleanup, access from other modules */
				2178	the_authctxt = authctxt;
				2179
Darren Tucker	5c14c73	2005-01-24 21:55:49 +1100	[diff] [blame]	2180	/* prepare buffer to collect messages to display to user after login */
				2181	buffer_init(&loginmsg);
Darren Tucker	cd70e1b	2010-03-07 23:05:17 +1100	[diff] [blame]	2182	auth_debug_reset();
Darren Tucker	5c14c73	2005-01-24 21:55:49 +1100	[diff] [blame]	2183
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2184	if (use_privsep) {
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2185	if (privsep_preauth(authctxt) == 1)
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	2186	goto authenticated;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	2187	} else if (compat20 && have_agent) {
				2188	if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
				2189	error("Unable to get agent socket: %s", ssh_err(r));
djm@openbsd.org	83f8ffa	2015-01-17 18:53:34 +0000	[diff] [blame]	2190	have_agent = 0;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	2191	}
				2192	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2193
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2194	/* perform the key exchange */
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2195	/* authenticate user and start session */
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2196	if (compat20) {
				2197	do_ssh2_kex();
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2198	do_authentication2(authctxt);
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2199	} else {
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	2200	#ifdef WITH_SSH1
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2201	do_ssh1_kex();
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2202	do_authentication(authctxt);
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	2203	#else
				2204	fatal("ssh1 not supported");
				2205	#endif
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2206	}
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	2207	/*
				2208	* If we use privilege separation, the unprivileged child transfers
				2209	* the current keystate and exits
				2210	*/
				2211	if (use_privsep) {
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	2212	mm_send_keystate(pmonitor);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2213	exit(0);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	2214	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2215
				2216	authenticated:
Damien Miller	7bff1a9	2005-12-24 14:59:12 +1100	[diff] [blame]	2217	/*
				2218	* Cancel the alarm we set to limit the time taken for
				2219	* authentication.
				2220	*/
				2221	alarm(0);
				2222	signal(SIGALRM, SIG_DFL);
Damien Miller	3f8123c	2006-08-19 00:32:46 +1000	[diff] [blame]	2223	authctxt->authenticated = 1;
Damien Miller	7bff1a9	2005-12-24 14:59:12 +1100	[diff] [blame]	2224	if (startup_pipe != -1) {
				2225	close(startup_pipe);
				2226	startup_pipe = -1;
				2227	}
				2228
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	2229	#ifdef SSH_AUDIT_EVENTS
				2230	audit_event(SSH_AUTH_SUCCESS);
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	2231	#endif
				2232
Darren Tucker	52358d6	2008-03-11 22:58:25 +1100	[diff] [blame]	2233	#ifdef GSSAPI
				2234	if (options.gss_authentication) {
				2235	temporarily_use_uid(authctxt->pw);
				2236	ssh_gssapi_storecreds();
				2237	restore_uid();
				2238	}
				2239	#endif
				2240	#ifdef USE_PAM
				2241	if (options.use_pam) {
				2242	do_pam_setcred(1);
				2243	do_pam_session();
				2244	}
				2245	#endif
				2246
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	2247	/*
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2248	* In privilege separation, we fork another child and prepare
				2249	* file descriptor passing.
				2250	*/
				2251	if (use_privsep) {
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	2252	privsep_postauth(authctxt);
				2253	/* the monitor process [priv] will not return */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2254	if (!compat20)
				2255	destroy_sensitive_data();
				2256	}
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	2257
Darren Tucker	3fc464e	2008-06-13 06:42:45 +1000	[diff] [blame]	2258	packet_set_timeout(options.client_alive_interval,
				2259	options.client_alive_count_max);
				2260
djm@openbsd.org	8d4f872	2015-01-26 03:04:45 +0000	[diff] [blame]	2261	/* Try to send all our hostkeys to the client */
				2262	if (compat20)
				2263	notify_hostkeys(active_state);
				2264
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2265	/* Start session. */
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	2266	do_authenticated(authctxt);
				2267
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	2268	/* The connection has been terminated. */
markus@openbsd.org	091c302	2015-01-19 19:52:16 +0000	[diff] [blame]	2269	packet_get_bytes(&ibytes, &obytes);
Damien Miller	821de0a	2011-01-11 17:20:29 +1100	[diff] [blame]	2270	verbose("Transferred: sent %llu, received %llu bytes",
				2271	(unsigned long long)obytes, (unsigned long long)ibytes);
Damien Miller	b61f3fc	2008-07-11 17:36:48 +1000	[diff] [blame]	2272
				2273	verbose("Closing connection to %.500s port %d", remote_ip, remote_port);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2274
Damien Miller	beb4ba5	1999-12-28 15:09:35 +1100	[diff] [blame]	2275	#ifdef USE_PAM
Damien Miller	4e448a3	2003-05-14 15:11:48 +1000	[diff] [blame]	2276	if (options.use_pam)
				2277	finish_pam();
Damien Miller	beb4ba5	1999-12-28 15:09:35 +1100	[diff] [blame]	2278	#endif /* USE_PAM */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2279
Darren Tucker	2b59a6d	2005-03-06 22:38:51 +1100	[diff] [blame]	2280	#ifdef SSH_AUDIT_EVENTS
				2281	PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
				2282	#endif
				2283
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2284	packet_close();
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2285
				2286	if (use_privsep)
				2287	mm_terminate();
				2288
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2289	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2290	}
				2291
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	2292	#ifdef WITH_SSH1
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2293	/*
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2294	* Decrypt session_key_int using our private server key and private host key
				2295	* (key with larger modulus first).
				2296	*/
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2297	int
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2298	ssh1_session_key(BIGNUM *session_key_int)
				2299	{
				2300	int rsafail = 0;
				2301
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	2302	if (BN_cmp(sensitive_data.server_key->rsa->n,
				2303	sensitive_data.ssh1_host_key->rsa->n) > 0) {
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2304	/* Server key has bigger modulus. */
				2305	if (BN_num_bits(sensitive_data.server_key->rsa->n) <
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	2306	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
				2307	SSH_KEY_BITS_RESERVED) {
				2308	fatal("do_connection: %s: "
				2309	"server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2310	get_remote_ipaddr(),
				2311	BN_num_bits(sensitive_data.server_key->rsa->n),
				2312	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
				2313	SSH_KEY_BITS_RESERVED);
				2314	}
				2315	if (rsa_private_decrypt(session_key_int, session_key_int,
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	2316	sensitive_data.server_key->rsa) != 0)
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2317	rsafail++;
				2318	if (rsa_private_decrypt(session_key_int, session_key_int,
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	2319	sensitive_data.ssh1_host_key->rsa) != 0)
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2320	rsafail++;
				2321	} else {
				2322	/* Host key has bigger modulus (or they are equal). */
				2323	if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	2324	BN_num_bits(sensitive_data.server_key->rsa->n) +
				2325	SSH_KEY_BITS_RESERVED) {
				2326	fatal("do_connection: %s: "
				2327	"host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2328	get_remote_ipaddr(),
				2329	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
				2330	BN_num_bits(sensitive_data.server_key->rsa->n),
				2331	SSH_KEY_BITS_RESERVED);
				2332	}
				2333	if (rsa_private_decrypt(session_key_int, session_key_int,
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	2334	sensitive_data.ssh1_host_key->rsa) != 0)
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2335	rsafail++;
				2336	if (rsa_private_decrypt(session_key_int, session_key_int,
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	2337	sensitive_data.server_key->rsa) != 0)
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2338	rsafail++;
				2339	}
				2340	return (rsafail);
				2341	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	2342
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2343	/*
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2344	* SSH1 key exchange
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2345	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2346	static void
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	2347	do_ssh1_kex(void)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2348	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2349	int i, len;
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2350	int rsafail = 0;
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2351	BIGNUM session_key_int, fake_key_int, *real_key_int;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	2352	u_char session_key[SSH_SESSION_KEY_LENGTH];
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2353	u_char fake_key_bytes[4096 / 8];
				2354	size_t fake_key_len;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	2355	u_char cookie[8];
				2356	u_int cipher_type, auth_mask, protocol_flags;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2357
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2358	/*
				2359	* Generate check bytes that the client must send back in the user
				2360	* packet in order for it to be accepted; this is used to defy ip
				2361	* spoofing attacks. Note that this only works against somebody
				2362	* doing IP spoofing from a remote machine; any machine on the local
				2363	* network can still see outgoing packets and catch the random
				2364	* cookie. This only affects rhosts authentication, and this is one
				2365	* of the reasons why it is inherently insecure.
				2366	*/
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	2367	arc4random_buf(cookie, sizeof(cookie));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2368
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2369	/*
				2370	* Send our public key. We include in the packet 64 bits of random
				2371	* data that must be matched in the reply in order to prevent IP
				2372	* spoofing.
				2373	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2374	packet_start(SSH_SMSG_PUBLIC_KEY);
				2375	for (i = 0; i < 8; i++)
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2376	packet_put_char(cookie[i]);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2377
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2378	/* Store our public server RSA key. */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2379	packet_put_int(BN_num_bits(sensitive_data.server_key->rsa->n));
				2380	packet_put_bignum(sensitive_data.server_key->rsa->e);
				2381	packet_put_bignum(sensitive_data.server_key->rsa->n);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2382
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2383	/* Store our public host RSA key. */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2384	packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
				2385	packet_put_bignum(sensitive_data.ssh1_host_key->rsa->e);
				2386	packet_put_bignum(sensitive_data.ssh1_host_key->rsa->n);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2387
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2388	/* Put protocol flags. */
				2389	packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2390
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2391	/* Declare which ciphers we support. */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2392	packet_put_int(cipher_mask_ssh1(0));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2393
				2394	/* Declare supported authentication types. */
				2395	auth_mask = 0;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2396	if (options.rhosts_rsa_authentication)
				2397	auth_mask \|= 1 << SSH_AUTH_RHOSTS_RSA;
				2398	if (options.rsa_authentication)
				2399	auth_mask \|= 1 << SSH_AUTH_RSA;
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	2400	if (options.challenge_response_authentication == 1)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2401	auth_mask \|= 1 << SSH_AUTH_TIS;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2402	if (options.password_authentication)
				2403	auth_mask \|= 1 << SSH_AUTH_PASSWORD;
				2404	packet_put_int(auth_mask);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2405
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2406	/* Send the packet and wait for it to be sent. */
				2407	packet_send();
				2408	packet_write_wait();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2409
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2410	debug("Sent %d bit server key and %d bit host key.",
				2411	BN_num_bits(sensitive_data.server_key->rsa->n),
				2412	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2413
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2414	/* Read clients reply (cipher type and session key). */
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	2415	packet_read_expect(SSH_CMSG_SESSION_KEY);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2416
Damien Miller	50945fa	1999-12-09 10:31:37 +1100	[diff] [blame]	2417	/* Get cipher type and check whether we accept this. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2418	cipher_type = packet_get_char();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2419
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2420	if (!(cipher_mask_ssh1(0) & (1 << cipher_type)))
Damien Miller	50945fa	1999-12-09 10:31:37 +1100	[diff] [blame]	2421	packet_disconnect("Warning: client selects unsupported cipher.");
				2422
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2423	/* Get check bytes from the packet. These must match those we
				2424	sent earlier with the public key packet. */
				2425	for (i = 0; i < 8; i++)
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2426	if (cookie[i] != packet_get_char())
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2427	packet_disconnect("IP Spoofing check bytes do not match.");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2428
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2429	debug("Encryption type: %.200s", cipher_name(cipher_type));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2430
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2431	/* Get the encrypted integer. */
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2432	if ((real_key_int = BN_new()) == NULL)
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	2433	fatal("do_ssh1_kex: BN_new failed");
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2434	packet_get_bignum(real_key_int);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2435
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2436	protocol_flags = packet_get_int();
				2437	packet_set_protocol_flags(protocol_flags);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	2438	packet_check_eom();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2439
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2440	/* Setup a fake key in case RSA decryption fails */
				2441	if ((fake_key_int = BN_new()) == NULL)
				2442	fatal("do_ssh1_kex: BN_new failed");
				2443	fake_key_len = BN_num_bytes(real_key_int);
				2444	if (fake_key_len > sizeof(fake_key_bytes))
				2445	fake_key_len = sizeof(fake_key_bytes);
				2446	arc4random_buf(fake_key_bytes, fake_key_len);
				2447	if (BN_bin2bn(fake_key_bytes, fake_key_len, fake_key_int) == NULL)
				2448	fatal("do_ssh1_kex: BN_bin2bn failed");
				2449
				2450	/* Decrypt real_key_int using host/server keys */
				2451	rsafail = PRIVSEP(ssh1_session_key(real_key_int));
				2452	/* If decryption failed, use the fake key. Else, the real key. */
				2453	if (rsafail)
				2454	session_key_int = fake_key_int;
				2455	else
				2456	session_key_int = real_key_int;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2457
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2458	/*
				2459	* Extract session key from the decrypted integer. The key is in the
				2460	* least significant 256 bits of the integer; the first byte of the
				2461	* key is in the highest bits.
				2462	*/
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2463	(void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
				2464	len = BN_num_bytes(session_key_int);
				2465	if (len < 0 \|\| (u_int)len > sizeof(session_key)) {
				2466	error("do_ssh1_kex: bad session key len from %s: "
				2467	"session_key_int %d > sizeof(session_key) %lu",
				2468	get_remote_ipaddr(), len, (u_long)sizeof(session_key));
				2469	rsafail++;
				2470	} else {
				2471	explicit_bzero(session_key, sizeof(session_key));
				2472	BN_bn2bin(session_key_int,
				2473	session_key + sizeof(session_key) - len);
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2474
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2475	derive_ssh1_session_id(
				2476	sensitive_data.ssh1_host_key->rsa->n,
				2477	sensitive_data.server_key->rsa->n,
				2478	cookie, session_id);
				2479	/*
				2480	* Xor the first 16 bytes of the session key with the
				2481	* session id.
				2482	*/
Ben Lindstrom	941ac82	2001-03-05 06:25:23 +0000	[diff] [blame]	2483	for (i = 0; i < 16; i++)
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2484	session_key[i] ^= session_id[i];
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2485	}
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2486
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2487	/* Destroy the private and public keys. No longer. */
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	2488	destroy_sensitive_data();
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2489
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2490	if (use_privsep)
				2491	mm_ssh1_session_id(session_id);
				2492
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2493	/* Destroy the decrypted integer. It is no longer needed. */
tedu@openbsd.org	febbe09	2015-01-07 18:15:07 +0000	[diff] [blame]	2494	BN_clear_free(real_key_int);
				2495	BN_clear_free(fake_key_int);
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2496
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2497	/* Set the session key. From this on all communications will be encrypted. */
				2498	packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2499
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2500	/* Destroy our copy of the session key. It is no longer needed. */
Damien Miller	a5103f4	2014-02-04 11:20:14 +1100	[diff] [blame]	2501	explicit_bzero(session_key, sizeof(session_key));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2502
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2503	debug("Received session key; encryption turned on.");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2504
Ben Lindstrom	f666fec	2002-06-06 19:51:58 +0000	[diff] [blame]	2505	/* Send an acknowledgment packet. Note that this packet is sent encrypted. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2506	packet_start(SSH_SMSG_SUCCESS);
				2507	packet_send();
				2508	packet_write_wait();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2509	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	2510	#endif
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2511
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2512	int
				2513	sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, size_t slen,
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	2514	const u_char *data, size_t dlen, u_int flag)
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2515	{
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	2516	int r;
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2517	u_int xxx_slen, xxx_dlen = dlen;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	2518
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2519	if (privkey) {
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2520	if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0))
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2521	fatal("%s: key_sign failed", __func__);
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2522	if (slen)
				2523	*slen = xxx_slen;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2524	} else if (use_privsep) {
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2525	if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0)
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2526	fatal("%s: pubkey_sign failed", __func__);
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2527	if (slen)
				2528	*slen = xxx_slen;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2529	} else {
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2530	if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	2531	data, dlen, datafellows)) != 0)
				2532	fatal("%s: ssh_agent_sign failed: %s",
				2533	__func__, ssh_err(r));
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2534	}
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2535	return 0;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2536	}
				2537
djm@openbsd.org	bdfd29f	2015-07-03 03:47:00 +0000	[diff] [blame]	2538	/* SSH2 key exchange */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2539	static void
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	2540	do_ssh2_kex(void)
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2541	{
Damien Miller	9235a03	2014-04-20 13:17:20 +1000	[diff] [blame]	2542	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2543	struct kex *kex;
markus@openbsd.org	57e783c	2015-01-20 20:16:21 +0000	[diff] [blame]	2544	int r;
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2545
djm@openbsd.org	f9eca24	2015-07-30 00:01:34 +0000	[diff] [blame]	2546	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
				2547	options.kex_algorithms);
				2548	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
				2549	options.ciphers);
				2550	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
				2551	options.ciphers);
				2552	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				2553	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	2554
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	2555	if (options.compression == COMP_NONE) {
Ben Lindstrom	23e0f66	2002-06-21 01:09:47 +0000	[diff] [blame]	2556	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
				2557	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	2558	} else if (options.compression == COMP_DELAYED) {
				2559	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
				2560	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
Ben Lindstrom	23e0f66	2002-06-21 01:09:47 +0000	[diff] [blame]	2561	}
Damien Miller	9395b28	2014-04-20 13:25:30 +1000	[diff] [blame]	2562
Darren Tucker	5f96f3b	2013-05-16 20:29:28 +1000	[diff] [blame]	2563	if (options.rekey_limit \|\| options.rekey_interval)
				2564	packet_set_rekey_limits((u_int32_t)options.rekey_limit,
				2565	(time_t)options.rekey_interval);
				2566
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	2567	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
				2568	list_hostkey_types());
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2569
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	2570	/* start key exchange */
markus@openbsd.org	57e783c	2015-01-20 20:16:21 +0000	[diff] [blame]	2571	if ((r = kex_setup(active_state, myproposal)) != 0)
				2572	fatal("kex_setup: %s", ssh_err(r));
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2573	kex = active_state->kex;
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	2574	#ifdef WITH_OPENSSL
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	2575	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
Damien Miller	f675fc4	2004-06-15 10:30:09 +1000	[diff] [blame]	2576	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	2577	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
Damien Miller	a63128d	2006-03-15 12:08:28 +1100	[diff] [blame]	2578	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
Darren Tucker	f2004cd	2015-02-23 05:04:21 +1100	[diff] [blame]	2579	# ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2580	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
Darren Tucker	f2004cd	2015-02-23 05:04:21 +1100	[diff] [blame]	2581	# endif
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	2582	#endif
Damien Miller	1e12426	2013-11-04 08:26:52 +1100	[diff] [blame]	2583	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	2584	kex->server = 1;
				2585	kex->client_version_string=client_version_string;
				2586	kex->server_version_string=server_version_string;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2587	kex->load_host_public_key=&get_hostkey_public_by_type;
				2588	kex->load_host_private_key=&get_hostkey_private_by_type;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2589	kex->host_key_index=&get_hostkey_index;
Damien Miller	85b45e0	2013-07-20 13:21:52 +1000	[diff] [blame]	2590	kex->sign = sshd_hostkey_sign;
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2591
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	2592	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2593
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	2594	session_id2 = kex->session_id;
				2595	session_id2_len = kex->session_id_len;
				2596
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2597	#ifdef DEBUG_KEXDH
				2598	/* send 1st encrypted/maced/compressed message */
				2599	packet_start(SSH2_MSG_IGNORE);
				2600	packet_put_cstring("markus");
				2601	packet_send();
				2602	packet_write_wait();
				2603	#endif
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	2604	debug("KEX done");
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2605	}
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2606
				2607	/* server specific fatal cleanup */
				2608	void
				2609	cleanup_exit(int i)
				2610	{
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	2611	if (the_authctxt) {
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2612	do_cleanup(the_authctxt);
Damien Miller	75c6272	2014-04-20 13:24:31 +1000	[diff] [blame]	2613	if (use_privsep && privsep_is_preauth &&
				2614	pmonitor != NULL && pmonitor->m_pid > 1) {
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	2615	debug("Killing privsep child %d", pmonitor->m_pid);
				2616	if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
Darren Tucker	2e13560	2011-10-02 19:10:13 +1100	[diff] [blame]	2617	errno != ESRCH)
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	2618	error("%s: kill(%d): %s", __func__,
				2619	pmonitor->m_pid, strerror(errno));
				2620	}
				2621	}
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	2622	#ifdef SSH_AUDIT_EVENTS
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	2623	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
				2624	if (!use_privsep \|\| mm_is_monitor())
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	2625	audit_event(SSH_CONNECTION_ABANDON);
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	2626	#endif
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2627	_exit(i);
				2628	}