Blame - sshd.c - platform/external/openssh

blob: fddbc9d377120ae60c1c4b79cce5593235a41cb5 [file] [log] [blame]

Damien Miller	a116d13	2012-04-22 11:23:46 +1000	[diff] [blame^]	1	/* $OpenBSD: sshd.c,v 1.389 2012/04/11 13:26:40 djm Exp $ */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	* This program is the ssh daemon. It listens for connections from clients,
				7	* and performs authentication, executes use commands or shell, and forwards
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	8	* information to/from the application to the user client over an encrypted
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	9	* connection. This can also handle forwarding of X11, TCP/IP, and
				10	* authentication agent connections.
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	11	*
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	12	* As far as I am concerned, the code I have written for this software
				13	* can be used freely for any purpose. Any derived versions of this
				14	* software must be clearly marked as such, and if the derived work is
				15	* incompatible with the protocol description in the RFC file, it must be
				16	* called by a name other than "ssh" or "Secure Shell".
				17	*
				18	* SSH2 implementation:
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	19	* Privilege Separation:
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	20	*
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	21	* Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved.
				22	* Copyright (c) 2002 Niels Provos. All rights reserved.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	23	*
				24	* Redistribution and use in source and binary forms, with or without
				25	* modification, are permitted provided that the following conditions
				26	* are met:
				27	* 1. Redistributions of source code must retain the above copyright
				28	* notice, this list of conditions and the following disclaimer.
				29	* 2. Redistributions in binary form must reproduce the above copyright
				30	* notice, this list of conditions and the following disclaimer in the
				31	* documentation and/or other materials provided with the distribution.
				32	*
				33	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				34	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				35	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				36	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				37	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				38	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				39	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				40	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				41	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				42	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	43	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	44
				45	#include "includes.h"
Damien Miller	17e91c0	2006-03-15 11:28:34 +1100	[diff] [blame]	46
Damien Miller	9cf6d07	2006-03-15 11:29:24 +1100	[diff] [blame]	47	#include <sys/types.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	48	#include <sys/ioctl.h>
				49	#include <sys/socket.h>
Damien Miller	f17883e	2006-03-15 11:45:54 +1100	[diff] [blame]	50	#ifdef HAVE_SYS_STAT_H
				51	# include <sys/stat.h>
				52	#endif
Damien Miller	9aec919	2006-08-05 10:57:45 +1000	[diff] [blame]	53	#ifdef HAVE_SYS_TIME_H
				54	# include <sys/time.h>
				55	#endif
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	56	#include "openbsd-compat/sys-tree.h"
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	57	#include "openbsd-compat/sys-queue.h"
Damien Miller	9cf6d07	2006-03-15 11:29:24 +1100	[diff] [blame]	58	#include <sys/wait.h>
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	59
Darren Tucker	3997249	2006-07-12 22:22:46 +1000	[diff] [blame]	60	#include <errno.h>
Damien Miller	57cf638	2006-07-10 21:13:46 +1000	[diff] [blame]	61	#include <fcntl.h>
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	62	#include <netdb.h>
Damien Miller	6645e7a	2006-03-15 14:42:54 +1100	[diff] [blame]	63	#ifdef HAVE_PATHS_H
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	64	#include <paths.h>
Damien Miller	6645e7a	2006-03-15 14:42:54 +1100	[diff] [blame]	65	#endif
Damien Miller	a1738e4	2006-07-10 21:33:04 +1000	[diff] [blame]	66	#include <grp.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	67	#include <pwd.h>
Damien Miller	6ff3cad	2006-03-15 11:52:09 +1100	[diff] [blame]	68	#include <signal.h>
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	69	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	70	#include <stdio.h>
Damien Miller	e7a1e5c	2006-08-05 11:34:19 +1000	[diff] [blame]	71	#include <stdlib.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	72	#include <string.h>
Damien Miller	75bb664	2006-08-05 14:07:20 +1000	[diff] [blame]	73	#include <unistd.h>
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	74
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	75	#include <openssl/dh.h>
				76	#include <openssl/bn.h>
Damien Miller	6a47f30	2002-02-13 13:55:06 +1100	[diff] [blame]	77	#include <openssl/md5.h>
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	78	#include <openssl/rand.h>
Darren Tucker	bfaaf96	2008-02-28 19:13:52 +1100	[diff] [blame]	79	#include "openbsd-compat/openssl-compat.h"
				80
Kevin Steves	0ea1d9d	2002-04-25 18:17:04 +0000	[diff] [blame]	81	#ifdef HAVE_SECUREWARE
				82	#include <sys/security.h>
				83	#include <prot.h>
				84	#endif
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	85
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	86	#include "xmalloc.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	87	#include "ssh.h"
				88	#include "ssh1.h"
				89	#include "ssh2.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	90	#include "rsa.h"
Ben Lindstrom	d95c09c	2001-02-18 19:13:33 +0000	[diff] [blame]	91	#include "sshpty.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	92	#include "packet.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	93	#include "log.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	94	#include "buffer.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	95	#include "servconf.h"
				96	#include "uidswap.h"
				97	#include "compat.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	98	#include "cipher.h"
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	99	#include "key.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	100	#include "kex.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	101	#include "dh.h"
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	102	#include "myproposal.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	103	#include "authfile.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	104	#include "pathnames.h"
				105	#include "atomicio.h"
				106	#include "canohost.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	107	#include "hostfile.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	108	#include "auth.h"
				109	#include "misc.h"
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	110	#include "msg.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	111	#include "dispatch.h"
Ben Lindstrom	1bae404	2001-10-03 17:46:39 +0000	[diff] [blame]	112	#include "channels.h"
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	113	#include "session.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	114	#include "monitor_mm.h"
				115	#include "monitor.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	116	#ifdef GSSAPI
				117	#include "ssh-gss.h"
				118	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	119	#include "monitor_wrap.h"
Darren Tucker	c5564e1	2009-06-21 18:53:53 +1000	[diff] [blame]	120	#include "roaming.h"
Damien Miller	dcbd41e	2011-06-23 19:45:51 +1000	[diff] [blame]	121	#include "ssh-sandbox.h"
Damien Miller	b757677	2006-07-10 20:23:39 +1000	[diff] [blame]	122	#include "version.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	123
				124	#ifdef LIBWRAP
				125	#include <tcpd.h>
				126	#include <syslog.h>
Darren Tucker	1f1e17b	2008-02-28 23:20:48 +1100	[diff] [blame]	127	int allow_severity;
				128	int deny_severity;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	129	#endif /* LIBWRAP */
				130
				131	#ifndef O_NOCTTY
				132	#define O_NOCTTY 0
				133	#endif
				134
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	135	/* Re-exec fds */
				136	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
				137	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
				138	#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
				139	#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
				140
Ben Lindstrom	49a79c0	2000-11-17 03:47:20 +0000	[diff] [blame]	141	extern char *__progname;
Ben Lindstrom	49a79c0	2000-11-17 03:47:20 +0000	[diff] [blame]	142
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	143	/* Server configuration options. */
				144	ServerOptions options;
				145
				146	/* Name of the server configuration file. */
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	147	char *config_file_name = _PATH_SERVER_CONFIG_FILE;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	148
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	149	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	150	* Debug mode flag. This can be set on the command line. If debug
				151	* mode is enabled, extra debugging output will be sent to the system
				152	* log, the daemon will not go to background, and will exit after processing
				153	* the first connection.
				154	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	155	int debug_flag = 0;
				156
Ben Lindstrom	794325a	2001-08-06 21:09:07 +0000	[diff] [blame]	157	/* Flag indicating that the daemon should only test the configuration and keys. */
				158	int test_flag = 0;
				159
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	160	/* Flag indicating that the daemon is being started from inetd. */
				161	int inetd_flag = 0;
				162
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	163	/* Flag indicating that sshd should not detach and become a daemon. */
				164	int no_daemon_flag = 0;
				165
Damien Miller	5ce662a	1999-11-11 17:57:39 +1100	[diff] [blame]	166	/* debug goes to stderr unless inetd_flag is set */
				167	int log_stderr = 0;
				168
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	169	/* Saved arguments to main(). */
				170	char **saved_argv;
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame]	171	int saved_argc;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	172
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	173	/* re-exec */
				174	int rexeced_flag = 0;
				175	int rexec_flag = 1;
				176	int rexec_argc = 0;
				177	char **rexec_argv;
				178
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	179	/*
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	180	* The sockets that the server is listening; this is used in the SIGHUP
				181	* signal handler.
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	182	*/
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	183	#define MAX_LISTEN_SOCKS 16
				184	int listen_socks[MAX_LISTEN_SOCKS];
				185	int num_listen_socks = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	186
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	187	/*
				188	* the client's version string, passed by sshd2 in compat mode. if != NULL,
				189	* sshd will skip the version-number exchange
				190	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	191	char *client_version_string = NULL;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	192	char *server_version_string = NULL;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	193
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	194	/* for rekeying XXX fixme */
				195	Kex *xxx_kex;
				196
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	197	/*
				198	* Any really sensitive data in the application is contained in this
				199	* structure. The idea is that this structure could be locked into memory so
				200	* that the pages do not get written into swap. However, there are some
				201	* problems. The private key contains BIGNUMs, and we do not (in principle)
				202	* have access to the internals of them, and locking just the structure is
				203	* not very useful. Currently, memory locking is not implemented.
				204	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	205	struct {
Ben Lindstrom	ca42d5f	2001-03-09 18:25:32 +0000	[diff] [blame]	206	Key server_key; / ephemeral server key */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	207	Key ssh1_host_key; / ssh1 host key */
				208	Key *host_keys; / all private host keys */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	209	Key *host_certificates; / all public host certificates */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	210	int have_ssh1_key;
				211	int have_ssh2_key;
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	212	u_char ssh1_cookie[SSH_SESSION_KEY_LENGTH];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	213	} sensitive_data;
				214
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	215	/*
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	216	* Flag indicating whether the RSA server key needs to be regenerated.
				217	* Is set in the SIGALRM handler and cleared when the key is regenerated.
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	218	*/
Ben Lindstrom	5e71c54	2001-12-06 16:48:14 +0000	[diff] [blame]	219	static volatile sig_atomic_t key_do_regen = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	220
Ben Lindstrom	ec46e0b	2001-06-09 01:27:31 +0000	[diff] [blame]	221	/* This is set to true when a signal is received. */
Ben Lindstrom	5e71c54	2001-12-06 16:48:14 +0000	[diff] [blame]	222	static volatile sig_atomic_t received_sighup = 0;
				223	static volatile sig_atomic_t received_sigterm = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	224
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	225	/* session identifier, used by RSA-auth */
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	226	u_char session_id[16];
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	227
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	228	/* same for ssh2 */
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	229	u_char *session_id2 = NULL;
Darren Tucker	502d384	2003-06-28 12:38:01 +1000	[diff] [blame]	230	u_int session_id2_len = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	231
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	232	/* record remote hostname or ip */
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	233	u_int utmp_len = MAXHOSTNAMELEN;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	234
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	235	/* options.max_startup sized array of fd ints */
				236	int *startup_pipes = NULL;
				237	int startup_pipe; /* in child */
				238
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	239	/* variables used for privilege separation */
Darren Tucker	4515047	2006-07-12 22:34:17 +1000	[diff] [blame]	240	int use_privsep = -1;
Darren Tucker	a8be9e2	2004-02-06 16:40:27 +1100	[diff] [blame]	241	struct monitor *pmonitor = NULL;
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	242	int privsep_is_preauth = 1;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	243
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	244	/* global authentication context */
				245	Authctxt *the_authctxt = NULL;
				246
Darren Tucker	4515047	2006-07-12 22:34:17 +1000	[diff] [blame]	247	/* sshd_config buffer */
				248	Buffer cfg;
				249
Darren Tucker	0999174	2004-07-17 17:05:14 +1000	[diff] [blame]	250	/* message to be displayed after login */
				251	Buffer loginmsg;
				252
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	253	/* Unprivileged user */
				254	struct passwd *privsep_pw = NULL;
				255
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	256	/* Prototypes for various functions defined later in this file. */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	257	void destroy_sensitive_data(void);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	258	void demote_sensitive_data(void);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	259
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	260	static void do_ssh1_kex(void);
				261	static void do_ssh2_kex(void);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	262
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	263	/*
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	264	* Close all listening sockets
				265	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	266	static void
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	267	close_listen_socks(void)
				268	{
				269	int i;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	270
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	271	for (i = 0; i < num_listen_socks; i++)
				272	close(listen_socks[i]);
				273	num_listen_socks = -1;
				274	}
				275
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	276	static void
				277	close_startup_pipes(void)
				278	{
				279	int i;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	280
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	281	if (startup_pipes)
				282	for (i = 0; i < options.max_startups; i++)
				283	if (startup_pipes[i] != -1)
				284	close(startup_pipes[i]);
				285	}
				286
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	287	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	288	* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP;
				289	* the effect is to reread the configuration file (and to regenerate
				290	* the server key).
				291	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	292
				293	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	294	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	295	sighup_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	296	{
Ben Lindstrom	0795848	2001-12-06 16:19:01 +0000	[diff] [blame]	297	int save_errno = errno;
				298
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	299	received_sighup = 1;
				300	signal(SIGHUP, sighup_handler);
Ben Lindstrom	0795848	2001-12-06 16:19:01 +0000	[diff] [blame]	301	errno = save_errno;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	302	}
				303
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	304	/*
				305	* Called from the main program after receiving SIGHUP.
				306	* Restarts the server.
				307	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	308	static void
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	309	sighup_restart(void)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	310	{
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	311	logit("Received SIGHUP; restarting.");
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	312	close_listen_socks();
Ben Lindstrom	d84df98	2001-12-06 16:35:40 +0000	[diff] [blame]	313	close_startup_pipes();
Darren Tucker	ed62396	2007-02-25 20:37:21 +1100	[diff] [blame]	314	alarm(0); /* alarm timer persists across exec */
Darren Tucker	2c671bf	2010-01-09 22:28:43 +1100	[diff] [blame]	315	signal(SIGHUP, SIG_IGN); /* will be restored after exec */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	316	execv(saved_argv[0], saved_argv);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	317	logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	318	strerror(errno));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	319	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	320	}
				321
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	322	/*
				323	* Generic signal handler for terminating signals in the master daemon.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	324	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	325	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	326	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	327	sigterm_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	328	{
Ben Lindstrom	ec46e0b	2001-06-09 01:27:31 +0000	[diff] [blame]	329	received_sigterm = sig;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	330	}
				331
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	332	/*
				333	* SIGCHLD handler. This is called whenever a child dies. This will then
Ben Lindstrom	ec46e0b	2001-06-09 01:27:31 +0000	[diff] [blame]	334	* reap any zombies left by exited children.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	335	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	336	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	337	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	338	main_sigchld_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	339	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	340	int save_errno = errno;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	341	pid_t pid;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	342	int status;
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	343
Ben Lindstrom	47fd811	2002-04-02 20:48:19 +0000	[diff] [blame]	344	while ((pid = waitpid(-1, &status, WNOHANG)) > 0 \|\|
				345	(pid < 0 && errno == EINTR))
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	346	;
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame]	347
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	348	signal(SIGCHLD, main_sigchld_handler);
				349	errno = save_errno;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	350	}
				351
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	352	/*
				353	* Signal handler for the alarm after the login grace period has expired.
				354	*/
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	355	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	356	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	357	grace_alarm_handler(int sig)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	358	{
Darren Tucker	a8be9e2	2004-02-06 16:40:27 +1100	[diff] [blame]	359	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
				360	kill(pmonitor->m_pid, SIGALRM);
				361
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	362	/* Log error and exit. */
Damien Miller	99a648e	2006-08-19 00:32:20 +1000	[diff] [blame]	363	sigdie("Timeout before authentication for %s", get_remote_ipaddr());
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	364	}
				365
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	366	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	367	* Signal handler for the key regeneration alarm. Note that this
				368	* alarm only occurs in the daemon waiting for connections, and it does not
				369	* do anything with the private key or random state before forking.
				370	* Thus there should be no concurrency control/asynchronous execution
				371	* problems.
				372	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	373	static void
Ben Lindstrom	ca42d5f	2001-03-09 18:25:32 +0000	[diff] [blame]	374	generate_ephemeral_server_key(void)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	375	{
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	376	verbose("Generating %s%d bit RSA key.",
Damien Miller	ff75ac4	2001-03-30 10:50:32 +1000	[diff] [blame]	377	sensitive_data.server_key ? "new " : "", options.server_key_bits);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	378	if (sensitive_data.server_key != NULL)
				379	key_free(sensitive_data.server_key);
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	380	sensitive_data.server_key = key_generate(KEY_RSA1,
Damien Miller	ff75ac4	2001-03-30 10:50:32 +1000	[diff] [blame]	381	options.server_key_bits);
				382	verbose("RSA key generation complete.");
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	383
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	384	arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	385	arc4random_stir();
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	386	}
Ben Lindstrom	2f959b4	2001-01-11 06:20:23 +0000	[diff] [blame]	387
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	388	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	389	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	390	key_regeneration_alarm(int sig)
				391	{
				392	int save_errno = errno;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	393
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	394	signal(SIGALRM, SIG_DFL);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	395	errno = save_errno;
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	396	key_do_regen = 1;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	397	}
				398
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	399	static void
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	400	sshd_exchange_identification(int sock_in, int sock_out)
				401	{
Damien Miller	eccb9de	2005-06-17 12:59:34 +1000	[diff] [blame]	402	u_int i;
				403	int mismatch;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	404	int remote_major, remote_minor;
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	405	int major, minor;
Darren Tucker	d7bdc0c	2008-07-02 22:34:30 +1000	[diff] [blame]	406	char s, newline = "\n";
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	407	char buf[256]; /* Must not be larger than remote_version. */
				408	char remote_version[256]; /* Must be at least as big as buf. */
				409
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	410	if ((options.protocol & SSH_PROTO_1) &&
				411	(options.protocol & SSH_PROTO_2)) {
				412	major = PROTOCOL_MAJOR_1;
				413	minor = 99;
				414	} else if (options.protocol & SSH_PROTO_2) {
				415	major = PROTOCOL_MAJOR_2;
				416	minor = PROTOCOL_MINOR_2;
Darren Tucker	d7bdc0c	2008-07-02 22:34:30 +1000	[diff] [blame]	417	newline = "\r\n";
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	418	} else {
				419	major = PROTOCOL_MAJOR_1;
				420	minor = PROTOCOL_MINOR_1;
				421	}
Darren Tucker	d7bdc0c	2008-07-02 22:34:30 +1000	[diff] [blame]	422	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
				423	SSH_VERSION, newline);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	424	server_version_string = xstrdup(buf);
				425
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	426	/* Send our protocol version identification. */
Darren Tucker	c5564e1	2009-06-21 18:53:53 +1000	[diff] [blame]	427	if (roaming_atomicio(vwrite, sock_out, server_version_string,
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	428	strlen(server_version_string))
				429	!= strlen(server_version_string)) {
				430	logit("Could not write ident string to %s", get_remote_ipaddr());
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	431	cleanup_exit(255);
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	432	}
				433
				434	/* Read other sides version identification. */
				435	memset(buf, 0, sizeof(buf));
				436	for (i = 0; i < sizeof(buf) - 1; i++) {
Darren Tucker	c5564e1	2009-06-21 18:53:53 +1000	[diff] [blame]	437	if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	438	logit("Did not receive identification string from %s",
				439	get_remote_ipaddr());
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	440	cleanup_exit(255);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	441	}
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	442	if (buf[i] == '\r') {
				443	buf[i] = 0;
				444	/* Kludge for F-Secure Macintosh < 1.0.2 */
				445	if (i == 12 &&
				446	strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	447	break;
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	448	continue;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	449	}
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	450	if (buf[i] == '\n') {
				451	buf[i] = 0;
				452	break;
				453	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	454	}
Darren Tucker	fe0078a	2003-07-19 19:52:28 +1000	[diff] [blame]	455	buf[sizeof(buf) - 1] = 0;
				456	client_version_string = xstrdup(buf);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	457
				458	/*
				459	* Check that the versions match. In future this might accept
				460	* several versions and set appropriate flags to handle them.
				461	*/
				462	if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
				463	&remote_major, &remote_minor, remote_version) != 3) {
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	464	s = "Protocol mismatch.\n";
Darren Tucker	9f63f22	2003-07-03 13:46:56 +1000	[diff] [blame]	465	(void) atomicio(vwrite, sock_out, s, strlen(s));
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	466	close(sock_in);
				467	close(sock_out);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	468	logit("Bad protocol version identification '%.100s' from %s",
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	469	client_version_string, get_remote_ipaddr());
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	470	cleanup_exit(255);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	471	}
				472	debug("Client protocol version %d.%d; client software version %.100s",
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	473	remote_major, remote_minor, remote_version);
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	474
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	475	compat_datafellows(remote_version);
				476
Damien Miller	e926497	2002-09-30 11:59:21 +1000	[diff] [blame]	477	if (datafellows & SSH_BUG_PROBE) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	478	logit("probed from %s with %s. Don't panic.",
Damien Miller	e926497	2002-09-30 11:59:21 +1000	[diff] [blame]	479	get_remote_ipaddr(), client_version_string);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	480	cleanup_exit(255);
Damien Miller	e926497	2002-09-30 11:59:21 +1000	[diff] [blame]	481	}
				482
Damien Miller	27dbe6f	2001-03-19 22:36:20 +1100	[diff] [blame]	483	if (datafellows & SSH_BUG_SCANNER) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	484	logit("scanned from %s with %s. Don't panic.",
Damien Miller	27dbe6f	2001-03-19 22:36:20 +1100	[diff] [blame]	485	get_remote_ipaddr(), client_version_string);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	486	cleanup_exit(255);
Damien Miller	27dbe6f	2001-03-19 22:36:20 +1100	[diff] [blame]	487	}
				488
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	489	mismatch = 0;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	490	switch (remote_major) {
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	491	case 1:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	492	if (remote_minor == 99) {
				493	if (options.protocol & SSH_PROTO_2)
				494	enable_compat20();
				495	else
				496	mismatch = 1;
				497	break;
				498	}
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	499	if (!(options.protocol & SSH_PROTO_1)) {
				500	mismatch = 1;
				501	break;
				502	}
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	503	if (remote_minor < 3) {
Damien Miller	3702396	2000-07-11 17:31:38 +1000	[diff] [blame]	504	packet_disconnect("Your ssh version is too old and "
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	505	"is no longer supported. Please install a newer version.");
				506	} else if (remote_minor == 3) {
				507	/* note that this disables agent-forwarding */
				508	enable_compat13();
				509	}
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	510	break;
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	511	case 2:
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	512	if (options.protocol & SSH_PROTO_2) {
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	513	enable_compat20();
				514	break;
				515	}
				516	/* FALLTHROUGH */
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	517	default:
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	518	mismatch = 1;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	519	break;
				520	}
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	521	chop(server_version_string);
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	522	debug("Local version string %.200s", server_version_string);
				523
				524	if (mismatch) {
				525	s = "Protocol major versions differ.\n";
Darren Tucker	9f63f22	2003-07-03 13:46:56 +1000	[diff] [blame]	526	(void) atomicio(vwrite, sock_out, s, strlen(s));
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	527	close(sock_in);
				528	close(sock_out);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	529	logit("Protocol major versions differ for %s: %.200s vs. %.200s",
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	530	get_remote_ipaddr(),
				531	server_version_string, client_version_string);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	532	cleanup_exit(255);
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	533	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	534	}
				535
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	536	/* Destroy the host and server keys. They will no longer be needed. */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	537	void
				538	destroy_sensitive_data(void)
				539	{
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	540	int i;
				541
				542	if (sensitive_data.server_key) {
				543	key_free(sensitive_data.server_key);
				544	sensitive_data.server_key = NULL;
				545	}
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	546	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	547	if (sensitive_data.host_keys[i]) {
				548	key_free(sensitive_data.host_keys[i]);
				549	sensitive_data.host_keys[i] = NULL;
				550	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	551	if (sensitive_data.host_certificates[i]) {
				552	key_free(sensitive_data.host_certificates[i]);
				553	sensitive_data.host_certificates[i] = NULL;
				554	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	555	}
				556	sensitive_data.ssh1_host_key = NULL;
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	557	memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	558	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	559
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	560	/* Demote private to public keys for network child */
				561	void
				562	demote_sensitive_data(void)
				563	{
				564	Key *tmp;
				565	int i;
				566
				567	if (sensitive_data.server_key) {
				568	tmp = key_demote(sensitive_data.server_key);
				569	key_free(sensitive_data.server_key);
				570	sensitive_data.server_key = tmp;
				571	}
				572
				573	for (i = 0; i < options.num_host_key_files; i++) {
				574	if (sensitive_data.host_keys[i]) {
				575	tmp = key_demote(sensitive_data.host_keys[i]);
				576	key_free(sensitive_data.host_keys[i]);
				577	sensitive_data.host_keys[i] = tmp;
				578	if (tmp->type == KEY_RSA1)
				579	sensitive_data.ssh1_host_key = tmp;
				580	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	581	/* Certs do not need demotion */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	582	}
				583
				584	/* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */
				585	}
				586
Ben Lindstrom	0810519	2002-03-22 02:50:06 +0000	[diff] [blame]	587	static void
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	588	privsep_preauth_child(void)
				589	{
Darren Tucker	64cee36	2009-06-21 20:26:17 +1000	[diff] [blame]	590	u_int32_t rnd[256];
Ben Lindstrom	810af96	2002-07-04 00:11:40 +0000	[diff] [blame]	591	gid_t gidset[1];
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	592
				593	/* Enable challenge-response authentication for privilege separation */
				594	privsep_challenge_enable();
				595
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	596	arc4random_stir();
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	597	arc4random_buf(rnd, sizeof(rnd));
Ben Lindstrom	5a9d0ea	2002-07-04 00:12:53 +0000	[diff] [blame]	598	RAND_seed(rnd, sizeof(rnd));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	599
				600	/* Demote the private keys to public keys. */
				601	demote_sensitive_data();
				602
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	603	/* Change our root directory */
Ben Lindstrom	7a7edf7	2002-03-22 02:42:37 +0000	[diff] [blame]	604	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
				605	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
				606	strerror(errno));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	607	if (chdir("/") == -1)
Ben Lindstrom	1ee9ec3	2002-03-22 03:14:45 +0000	[diff] [blame]	608	fatal("chdir(\"/\"): %s", strerror(errno));
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	609
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	610	/* Drop our privileges */
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	611	debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
				612	(u_int)privsep_pw->pw_gid);
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	613	#if 0
Darren Tucker	d592048	2004-02-29 20:11:30 +1100	[diff] [blame]	614	/* XXX not ready, too heavy after chroot */
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	615	do_setusercontext(privsep_pw);
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	616	#else
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	617	gidset[0] = privsep_pw->pw_gid;
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	618	if (setgroups(1, gidset) < 0)
				619	fatal("setgroups: %.100s", strerror(errno));
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	620	permanently_set_uid(privsep_pw);
Ben Lindstrom	fbcc3f7	2002-06-25 23:24:18 +0000	[diff] [blame]	621	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	622	}
				623
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	624	static int
				625	privsep_preauth(Authctxt *authctxt)
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	626	{
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	627	int status;
				628	pid_t pid;
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	629	struct ssh_sandbox *box = NULL;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	630
				631	/* Set up unprivileged child process to deal with network data */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	632	pmonitor = monitor_init();
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	633	/* Store a pointer to the kex for later rekeying */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	634	pmonitor->m_pkex = &xxx_kex;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	635
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	636	if (use_privsep == PRIVSEP_SANDBOX)
				637	box = ssh_sandbox_init();
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	638	pid = fork();
				639	if (pid == -1) {
				640	fatal("fork of unprivileged child failed");
				641	} else if (pid != 0) {
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	642	debug2("Network child is on pid %ld", (long)pid);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	643
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	644	if (box != NULL)
				645	ssh_sandbox_parent_preauth(box, pid);
Darren Tucker	a8be9e2	2004-02-06 16:40:27 +1100	[diff] [blame]	646	pmonitor->m_pid = pid;
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	647	monitor_child_preauth(authctxt, pmonitor);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	648
				649	/* Sync memory */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	650	monitor_sync(pmonitor);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	651
				652	/* Wait for the child's exit status */
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	653	while (waitpid(pid, &status, 0) < 0) {
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	654	if (errno == EINTR)
				655	continue;
				656	pmonitor->m_pid = -1;
				657	fatal("%s: waitpid: %s", __func__, strerror(errno));
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	658	}
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	659	privsep_is_preauth = 0;
				660	pmonitor->m_pid = -1;
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	661	if (WIFEXITED(status)) {
				662	if (WEXITSTATUS(status) != 0)
				663	fatal("%s: preauth child exited with status %d",
				664	__func__, WEXITSTATUS(status));
				665	} else if (WIFSIGNALED(status))
				666	fatal("%s: preauth child terminated by signal %d",
				667	__func__, WTERMSIG(status));
				668	if (box != NULL)
				669	ssh_sandbox_parent_finish(box);
				670	return 1;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	671	} else {
				672	/* child */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	673	close(pmonitor->m_sendfd);
Damien Miller	8f0bf23	2011-06-20 14:42:23 +1000	[diff] [blame]	674	close(pmonitor->m_log_recvfd);
				675
				676	/* Arrange for logging to be sent to the monitor */
				677	set_log_handler(mm_log_handler, pmonitor);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	678
				679	/* Demote the child */
				680	if (getuid() == 0 \|\| geteuid() == 0)
				681	privsep_preauth_child();
Ben Lindstrom	f90f58d	2002-03-26 01:53:03 +0000	[diff] [blame]	682	setproctitle("%s", "[net]");
Damien Miller	69ff1df	2011-06-23 08:30:03 +1000	[diff] [blame]	683	if (box != NULL)
				684	ssh_sandbox_child(box);
				685
				686	return 0;
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	687	}
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	688	}
				689
Ben Lindstrom	0810519	2002-03-22 02:50:06 +0000	[diff] [blame]	690	static void
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	691	privsep_postauth(Authctxt *authctxt)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	692	{
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	693	u_int32_t rnd[256];
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	694
Tim Rice	9dd3081	2002-07-07 13:43:36 -0700	[diff] [blame]	695	#ifdef DISABLE_FD_PASSING
Tim Rice	8eff319	2002-06-25 15:35:15 -0700	[diff] [blame]	696	if (1) {
				697	#else
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	698	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {
Tim Rice	8eff319	2002-06-25 15:35:15 -0700	[diff] [blame]	699	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	700	/* File descriptor passing is broken or root login */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	701	use_privsep = 0;
Darren Tucker	45b0142	2005-10-03 18:20:00 +1000	[diff] [blame]	702	goto skip;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	703	}
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	704
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	705	/* New socket pair */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	706	monitor_reinit(pmonitor);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	707
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	708	pmonitor->m_pid = fork();
				709	if (pmonitor->m_pid == -1)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	710	fatal("fork of unprivileged child failed");
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	711	else if (pmonitor->m_pid != 0) {
Damien Miller	b61f3fc	2008-07-11 17:36:48 +1000	[diff] [blame]	712	verbose("User child is on pid %ld", (long)pmonitor->m_pid);
Darren Tucker	eb57862	2004-08-12 23:08:14 +1000	[diff] [blame]	713	buffer_clear(&loginmsg);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	714	monitor_child_postauth(pmonitor);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	715
				716	/* NEVERREACHED */
				717	exit(0);
				718	}
				719
Damien Miller	8f0bf23	2011-06-20 14:42:23 +1000	[diff] [blame]	720	/* child */
				721
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	722	close(pmonitor->m_sendfd);
Damien Miller	8f0bf23	2011-06-20 14:42:23 +1000	[diff] [blame]	723	pmonitor->m_sendfd = -1;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	724
				725	/* Demote the private keys to public keys. */
				726	demote_sensitive_data();
				727
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	728	arc4random_stir();
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	729	arc4random_buf(rnd, sizeof(rnd));
Damien Miller	76e95da	2008-03-07 18:31:24 +1100	[diff] [blame]	730	RAND_seed(rnd, sizeof(rnd));
				731
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	732	/* Drop privileges */
				733	do_setusercontext(authctxt->pw);
				734
Darren Tucker	45b0142	2005-10-03 18:20:00 +1000	[diff] [blame]	735	skip:
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	736	/* It is safe now to apply the key state */
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	737	monitor_apply_keystate(pmonitor);
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	738
				739	/*
				740	* Tell the packet layer that authentication was successful, since
				741	* this information is not part of the key state.
				742	*/
				743	packet_set_authenticated();
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	744	}
				745
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	746	static char *
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	747	list_hostkey_types(void)
				748	{
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	749	Buffer b;
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	750	const char *p;
				751	char *ret;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	752	int i;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	753	Key *key;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	754
				755	buffer_init(&b);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	756	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	757	key = sensitive_data.host_keys[i];
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	758	if (key == NULL)
				759	continue;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	760	switch (key->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	761	case KEY_RSA:
				762	case KEY_DSA:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	763	case KEY_ECDSA:
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	764	if (buffer_len(&b) > 0)
				765	buffer_append(&b, ",", 1);
				766	p = key_ssh_name(key);
				767	buffer_append(&b, p, strlen(p));
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	768	break;
				769	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	770	/* If the private key has a cert peer, then list that too */
				771	key = sensitive_data.host_certificates[i];
				772	if (key == NULL)
				773	continue;
				774	switch (key->type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	775	case KEY_RSA_CERT_V00:
				776	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	777	case KEY_RSA_CERT:
				778	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	779	case KEY_ECDSA_CERT:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	780	if (buffer_len(&b) > 0)
				781	buffer_append(&b, ",", 1);
				782	p = key_ssh_name(key);
				783	buffer_append(&b, p, strlen(p));
				784	break;
				785	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	786	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	787	buffer_append(&b, "\0", 1);
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	788	ret = xstrdup(buffer_ptr(&b));
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	789	buffer_free(&b);
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	790	debug("list_hostkey_types: %s", ret);
				791	return ret;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	792	}
				793
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	794	static Key *
				795	get_hostkey_by_type(int type, int need_private)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	796	{
				797	int i;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	798	Key *key;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	799
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	800	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	801	switch (type) {
				802	case KEY_RSA_CERT_V00:
				803	case KEY_DSA_CERT_V00:
				804	case KEY_RSA_CERT:
				805	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	806	case KEY_ECDSA_CERT:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	807	key = sensitive_data.host_certificates[i];
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	808	break;
				809	default:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	810	key = sensitive_data.host_keys[i];
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	811	break;
				812	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	813	if (key != NULL && key->type == type)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	814	return need_private ?
				815	sensitive_data.host_keys[i] : key;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	816	}
				817	return NULL;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	818	}
				819
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	820	Key *
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	821	get_hostkey_public_by_type(int type)
				822	{
				823	return get_hostkey_by_type(type, 0);
				824	}
				825
				826	Key *
				827	get_hostkey_private_by_type(int type)
				828	{
				829	return get_hostkey_by_type(type, 1);
				830	}
				831
				832	Key *
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	833	get_hostkey_by_index(int ind)
				834	{
				835	if (ind < 0 \|\| ind >= options.num_host_key_files)
				836	return (NULL);
				837	return (sensitive_data.host_keys[ind]);
				838	}
				839
				840	int
				841	get_hostkey_index(Key *key)
				842	{
				843	int i;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	844
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	845	for (i = 0; i < options.num_host_key_files; i++) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	846	if (key_is_cert(key)) {
				847	if (key == sensitive_data.host_certificates[i])
				848	return (i);
				849	} else {
				850	if (key == sensitive_data.host_keys[i])
				851	return (i);
				852	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	853	}
				854	return (-1);
				855	}
				856
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	857	/*
				858	* returns 1 if connection should be dropped, 0 otherwise.
				859	* dropping starts at connection #max_startups_begin with a probability
				860	* of (max_startups_rate/100). the probability increases linearly until
				861	* all connections are dropped for startups > max_startups
				862	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	863	static int
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	864	drop_connection(int startups)
				865	{
Darren Tucker	178fa66	2004-11-05 20:09:09 +1100	[diff] [blame]	866	int p, r;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	867
				868	if (startups < options.max_startups_begin)
				869	return 0;
				870	if (startups >= options.max_startups)
				871	return 1;
				872	if (options.max_startups_rate == 100)
				873	return 1;
				874
				875	p = 100 - options.max_startups_rate;
				876	p *= startups - options.max_startups_begin;
Darren Tucker	178fa66	2004-11-05 20:09:09 +1100	[diff] [blame]	877	p /= options.max_startups - options.max_startups_begin;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	878	p += options.max_startups_rate;
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	879	r = arc4random_uniform(100);
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	880
Darren Tucker	3269b13	2004-11-05 20:20:59 +1100	[diff] [blame]	881	debug("drop_connection: p %d, r %d", p, r);
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	882	return (r < p) ? 1 : 0;
				883	}
				884
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	885	static void
				886	usage(void)
				887	{
Damien Miller	0c889cd	2004-03-22 09:36:00 +1100	[diff] [blame]	888	fprintf(stderr, "%s, %s\n",
Damien Miller	2aa6d3c	2004-09-12 16:53:04 +1000	[diff] [blame]	889	SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
Damien Miller	b408786	2004-03-22 09:35:21 +1100	[diff] [blame]	890	fprintf(stderr,
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	891	"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n"
				892	" [-f config_file] [-g login_grace_time] [-h host_key_file]\n"
				893	" [-k key_gen_time] [-o option] [-p port] [-u len]\n"
Damien Miller	b408786	2004-03-22 09:35:21 +1100	[diff] [blame]	894	);
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	895	exit(1);
				896	}
				897
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	898	static void
				899	send_rexec_state(int fd, Buffer *conf)
				900	{
				901	Buffer m;
				902
				903	debug3("%s: entering fd = %d config len %d", __func__, fd,
				904	buffer_len(conf));
				905
				906	/*
				907	* Protocol from reexec master to child:
				908	* string configuration
				909	* u_int ephemeral_key_follows
				910	* bignum e (only if ephemeral_key_follows == 1)
				911	* bignum n "
				912	* bignum d "
				913	* bignum iqmp "
				914	* bignum p "
				915	* bignum q "
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	916	* string rngseed (only if OpenSSL is not self-seeded)
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	917	*/
				918	buffer_init(&m);
				919	buffer_put_cstring(&m, buffer_ptr(conf));
				920
Darren Tucker	fc95970	2004-07-17 16:12:08 +1000	[diff] [blame]	921	if (sensitive_data.server_key != NULL &&
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	922	sensitive_data.server_key->type == KEY_RSA1) {
				923	buffer_put_int(&m, 1);
				924	buffer_put_bignum(&m, sensitive_data.server_key->rsa->e);
				925	buffer_put_bignum(&m, sensitive_data.server_key->rsa->n);
				926	buffer_put_bignum(&m, sensitive_data.server_key->rsa->d);
				927	buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp);
				928	buffer_put_bignum(&m, sensitive_data.server_key->rsa->p);
				929	buffer_put_bignum(&m, sensitive_data.server_key->rsa->q);
				930	} else
				931	buffer_put_int(&m, 0);
				932
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	933	#ifndef OPENSSL_PRNG_ONLY
				934	rexec_send_rng_seed(&m);
				935	#endif
				936
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	937	if (ssh_msg_send(fd, 0, &m) == -1)
				938	fatal("%s: ssh_msg_send failed", __func__);
				939
				940	buffer_free(&m);
				941
				942	debug3("%s: done", __func__);
				943	}
				944
				945	static void
				946	recv_rexec_state(int fd, Buffer *conf)
				947	{
				948	Buffer m;
				949	char *cp;
				950	u_int len;
				951
				952	debug3("%s: entering fd = %d", __func__, fd);
				953
				954	buffer_init(&m);
				955
				956	if (ssh_msg_recv(fd, &m) == -1)
				957	fatal("%s: ssh_msg_recv failed", __func__);
				958	if (buffer_get_char(&m) != 0)
				959	fatal("%s: rexec version mismatch", __func__);
				960
				961	cp = buffer_get_string(&m, &len);
				962	if (conf != NULL)
				963	buffer_append(conf, cp, len + 1);
				964	xfree(cp);
				965
				966	if (buffer_get_int(&m)) {
				967	if (sensitive_data.server_key != NULL)
				968	key_free(sensitive_data.server_key);
				969	sensitive_data.server_key = key_new_private(KEY_RSA1);
				970	buffer_get_bignum(&m, sensitive_data.server_key->rsa->e);
				971	buffer_get_bignum(&m, sensitive_data.server_key->rsa->n);
				972	buffer_get_bignum(&m, sensitive_data.server_key->rsa->d);
				973	buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp);
				974	buffer_get_bignum(&m, sensitive_data.server_key->rsa->p);
				975	buffer_get_bignum(&m, sensitive_data.server_key->rsa->q);
				976	rsa_generate_additional_parameters(
				977	sensitive_data.server_key->rsa);
				978	}
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	979
				980	#ifndef OPENSSL_PRNG_ONLY
				981	rexec_recv_rng_seed(&m);
				982	#endif
				983
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	984	buffer_free(&m);
				985
				986	debug3("%s: done", __func__);
				987	}
				988
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	989	/* Accept a connection from inetd */
				990	static void
				991	server_accept_inetd(int sock_in, int sock_out)
				992	{
				993	int fd;
				994
				995	startup_pipe = -1;
				996	if (rexeced_flag) {
				997	close(REEXEC_CONFIG_PASS_FD);
				998	sock_in = sock_out = dup(STDIN_FILENO);
				999	if (!debug_flag) {
				1000	startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
				1001	close(REEXEC_STARTUP_PIPE_FD);
				1002	}
				1003	} else {
				1004	*sock_in = dup(STDIN_FILENO);
				1005	*sock_out = dup(STDOUT_FILENO);
				1006	}
				1007	/*
				1008	* We intentionally do not close the descriptors 0, 1, and 2
				1009	* as our code for setting the descriptors won't work if
				1010	* ttyfd happens to be one of those.
				1011	*/
				1012	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
				1013	dup2(fd, STDIN_FILENO);
				1014	dup2(fd, STDOUT_FILENO);
				1015	if (fd > STDOUT_FILENO)
				1016	close(fd);
				1017	}
				1018	debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
				1019	}
				1020
				1021	/*
				1022	* Listen for TCP connections
				1023	*/
				1024	static void
				1025	server_listen(void)
				1026	{
				1027	int ret, listen_sock, on = 1;
				1028	struct addrinfo *ai;
				1029	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
				1030
				1031	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
				1032	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
				1033	continue;
				1034	if (num_listen_socks >= MAX_LISTEN_SOCKS)
				1035	fatal("Too many listen sockets. "
				1036	"Enlarge MAX_LISTEN_SOCKS");
				1037	if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
				1038	ntop, sizeof(ntop), strport, sizeof(strport),
				1039	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {
				1040	error("getnameinfo failed: %.100s",
Darren Tucker	4abde77	2007-12-29 02:43:51 +1100	[diff] [blame]	1041	ssh_gai_strerror(ret));
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1042	continue;
				1043	}
				1044	/* Create socket for listening. */
Darren Tucker	7bd98e7	2010-01-10 10:31:12 +1100	[diff] [blame]	1045	listen_sock = socket(ai->ai_family, ai->ai_socktype,
				1046	ai->ai_protocol);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1047	if (listen_sock < 0) {
				1048	/* kernel may not support ipv6 */
				1049	verbose("socket: %.100s", strerror(errno));
				1050	continue;
				1051	}
				1052	if (set_nonblock(listen_sock) == -1) {
				1053	close(listen_sock);
				1054	continue;
				1055	}
				1056	/*
				1057	* Set socket options.
				1058	* Allow local port reuse in TIME_WAIT.
				1059	*/
				1060	if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
				1061	&on, sizeof(on)) == -1)
				1062	error("setsockopt SO_REUSEADDR: %s", strerror(errno));
				1063
Damien Miller	49d2a28	2008-01-20 08:56:00 +1100	[diff] [blame]	1064	/* Only communicate in IPv6 over AF_INET6 sockets. */
Damien Miller	04ee0f8	2009-11-18 17:48:30 +1100	[diff] [blame]	1065	if (ai->ai_family == AF_INET6)
				1066	sock_set_v6only(listen_sock);
Damien Miller	49d2a28	2008-01-20 08:56:00 +1100	[diff] [blame]	1067
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1068	debug("Bind to port %s on %s.", strport, ntop);
				1069
				1070	/* Bind the socket to the desired port. */
				1071	if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
				1072	error("Bind to port %s on %s failed: %.200s.",
				1073	strport, ntop, strerror(errno));
				1074	close(listen_sock);
				1075	continue;
				1076	}
				1077	listen_socks[num_listen_socks] = listen_sock;
				1078	num_listen_socks++;
				1079
				1080	/* Start listening on the port. */
				1081	if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
				1082	fatal("listen on [%s]:%s: %.100s",
				1083	ntop, strport, strerror(errno));
				1084	logit("Server listening on %s port %s.", ntop, strport);
				1085	}
				1086	freeaddrinfo(options.listen_addrs);
				1087
				1088	if (!num_listen_socks)
				1089	fatal("Cannot bind any address.");
				1090	}
				1091
				1092	/*
				1093	* The main TCP accept loop. Note that, for the non-debug case, returns
				1094	* from this function are in a forked subprocess.
				1095	*/
				1096	static void
				1097	server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
				1098	{
				1099	fd_set *fdset;
				1100	int i, j, ret, maxfd;
				1101	int key_used = 0, startups = 0;
				1102	int startup_p[2] = { -1 , -1 };
				1103	struct sockaddr_storage from;
				1104	socklen_t fromlen;
				1105	pid_t pid;
				1106
				1107	/* setup fd set for accept */
				1108	fdset = NULL;
				1109	maxfd = 0;
				1110	for (i = 0; i < num_listen_socks; i++)
				1111	if (listen_socks[i] > maxfd)
				1112	maxfd = listen_socks[i];
				1113	/* pipes connected to unauthenticated childs */
				1114	startup_pipes = xcalloc(options.max_startups, sizeof(int));
				1115	for (i = 0; i < options.max_startups; i++)
				1116	startup_pipes[i] = -1;
				1117
				1118	/*
				1119	* Stay listening for connections until the system crashes or
				1120	* the daemon is killed with a signal.
				1121	*/
				1122	for (;;) {
				1123	if (received_sighup)
				1124	sighup_restart();
				1125	if (fdset != NULL)
				1126	xfree(fdset);
				1127	fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
				1128	sizeof(fd_mask));
				1129
				1130	for (i = 0; i < num_listen_socks; i++)
				1131	FD_SET(listen_socks[i], fdset);
				1132	for (i = 0; i < options.max_startups; i++)
				1133	if (startup_pipes[i] != -1)
				1134	FD_SET(startup_pipes[i], fdset);
				1135
				1136	/* Wait in select until there is a connection. */
				1137	ret = select(maxfd+1, fdset, NULL, NULL, NULL);
				1138	if (ret < 0 && errno != EINTR)
				1139	error("select: %.100s", strerror(errno));
				1140	if (received_sigterm) {
				1141	logit("Received signal %d; terminating.",
				1142	(int) received_sigterm);
				1143	close_listen_socks();
				1144	unlink(options.pid_file);
Damien Miller	26b57ce	2011-05-05 14:15:09 +1000	[diff] [blame]	1145	exit(received_sigterm == SIGTERM ? 0 : 255);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1146	}
				1147	if (key_used && key_do_regen) {
				1148	generate_ephemeral_server_key();
				1149	key_used = 0;
				1150	key_do_regen = 0;
				1151	}
				1152	if (ret < 0)
				1153	continue;
				1154
				1155	for (i = 0; i < options.max_startups; i++)
				1156	if (startup_pipes[i] != -1 &&
				1157	FD_ISSET(startup_pipes[i], fdset)) {
				1158	/*
				1159	* the read end of the pipe is ready
				1160	* if the child has closed the pipe
				1161	* after successful authentication
				1162	* or if the child has died
				1163	*/
				1164	close(startup_pipes[i]);
				1165	startup_pipes[i] = -1;
				1166	startups--;
				1167	}
				1168	for (i = 0; i < num_listen_socks; i++) {
				1169	if (!FD_ISSET(listen_socks[i], fdset))
				1170	continue;
				1171	fromlen = sizeof(from);
				1172	*newsock = accept(listen_socks[i],
				1173	(struct sockaddr *)&from, &fromlen);
				1174	if (*newsock < 0) {
Damien Miller	d8968ad	2008-07-04 23:10:49 +1000	[diff] [blame]	1175	if (errno != EINTR && errno != EAGAIN &&
				1176	errno != EWOULDBLOCK)
Damien Miller	a116d13	2012-04-22 11:23:46 +1000	[diff] [blame^]	1177	error("accept: %.100s",
				1178	strerror(errno));
				1179	if (errno == EMFILE \|\| errno == ENFILE)
				1180	usleep(100 * 1000);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1181	continue;
				1182	}
				1183	if (unset_nonblock(*newsock) == -1) {
				1184	close(*newsock);
				1185	continue;
				1186	}
				1187	if (drop_connection(startups) == 1) {
				1188	debug("drop connection #%d", startups);
				1189	close(*newsock);
				1190	continue;
				1191	}
				1192	if (pipe(startup_p) == -1) {
				1193	close(*newsock);
				1194	continue;
				1195	}
				1196
				1197	if (rexec_flag && socketpair(AF_UNIX,
				1198	SOCK_STREAM, 0, config_s) == -1) {
				1199	error("reexec socketpair: %s",
				1200	strerror(errno));
				1201	close(*newsock);
				1202	close(startup_p[0]);
				1203	close(startup_p[1]);
				1204	continue;
				1205	}
				1206
				1207	for (j = 0; j < options.max_startups; j++)
				1208	if (startup_pipes[j] == -1) {
				1209	startup_pipes[j] = startup_p[0];
				1210	if (maxfd < startup_p[0])
				1211	maxfd = startup_p[0];
				1212	startups++;
				1213	break;
				1214	}
				1215
				1216	/*
				1217	* Got connection. Fork a child to handle it, unless
				1218	* we are in debugging mode.
				1219	*/
				1220	if (debug_flag) {
				1221	/*
				1222	* In debugging mode. Close the listening
				1223	* socket, and start processing the
				1224	* connection without forking.
				1225	*/
				1226	debug("Server will not fork when running in debugging mode.");
				1227	close_listen_socks();
				1228	sock_in = newsock;
				1229	sock_out = newsock;
				1230	close(startup_p[0]);
				1231	close(startup_p[1]);
				1232	startup_pipe = -1;
				1233	pid = getpid();
				1234	if (rexec_flag) {
				1235	send_rexec_state(config_s[0],
				1236	&cfg);
				1237	close(config_s[0]);
				1238	}
				1239	break;
				1240	}
				1241
				1242	/*
				1243	* Normal production daemon. Fork, and have
				1244	* the child process the connection. The
				1245	* parent continues listening.
				1246	*/
Damien Miller	1b06dc3	2006-08-31 03:24:41 +1000	[diff] [blame]	1247	platform_pre_fork();
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1248	if ((pid = fork()) == 0) {
				1249	/*
				1250	* Child. Close the listening and
				1251	* max_startup sockets. Start using
				1252	* the accepted socket. Reinitialize
				1253	* logging (since our pid has changed).
				1254	* We break out of the loop to handle
				1255	* the connection.
				1256	*/
Damien Miller	1b06dc3	2006-08-31 03:24:41 +1000	[diff] [blame]	1257	platform_post_fork_child();
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1258	startup_pipe = startup_p[1];
				1259	close_startup_pipes();
				1260	close_listen_socks();
				1261	sock_in = newsock;
				1262	sock_out = newsock;
				1263	log_init(__progname,
				1264	options.log_level,
				1265	options.log_facility,
				1266	log_stderr);
				1267	if (rexec_flag)
				1268	close(config_s[0]);
				1269	break;
				1270	}
				1271
				1272	/* Parent. Stay in the loop. */
Damien Miller	1b06dc3	2006-08-31 03:24:41 +1000	[diff] [blame]	1273	platform_post_fork_parent(pid);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1274	if (pid < 0)
				1275	error("fork: %.100s", strerror(errno));
				1276	else
				1277	debug("Forked child %ld.", (long)pid);
				1278
				1279	close(startup_p[1]);
				1280
				1281	if (rexec_flag) {
				1282	send_rexec_state(config_s[0], &cfg);
				1283	close(config_s[0]);
				1284	close(config_s[1]);
				1285	}
				1286
				1287	/*
				1288	* Mark that the key has been used (it
				1289	* was "given" to the child).
				1290	*/
				1291	if ((options.protocol & SSH_PROTO_1) &&
				1292	key_used == 0) {
				1293	/* Schedule server key regeneration alarm. */
				1294	signal(SIGALRM, key_regeneration_alarm);
				1295	alarm(options.key_regeneration_time);
				1296	key_used = 1;
				1297	}
				1298
				1299	close(*newsock);
				1300
				1301	/*
				1302	* Ensure that our random state differs
				1303	* from that of the child
				1304	*/
				1305	arc4random_stir();
				1306	}
				1307
				1308	/* child process check (or debug mode) */
				1309	if (num_listen_socks < 0)
				1310	break;
				1311	}
				1312	}
				1313
				1314
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1315	/*
				1316	* Main program for the daemon.
				1317	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1318	int
				1319	main(int ac, char **av)
				1320	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1321	extern char *optarg;
				1322	extern int optind;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1323	int opt, i, j, on = 1;
Damien Miller	386c6a2	2004-06-30 22:40:20 +1000	[diff] [blame]	1324	int sock_in = -1, sock_out = -1, newsock = -1;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1325	const char *remote_ip;
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1326	char test_user = NULL, test_host = NULL, *test_addr = NULL;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1327	int remote_port;
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1328	char line, p, *cp;
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1329	int config_s[2] = { -1 , -1 };
Damien Miller	b61f3fc	2008-07-11 17:36:48 +1000	[diff] [blame]	1330	u_int64_t ibytes, obytes;
Damien Miller	6ca16c6	2008-06-16 07:50:58 +1000	[diff] [blame]	1331	mode_t new_umask;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1332	Key *key;
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1333	Authctxt *authctxt;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1334
Kevin Steves	0ea1d9d	2002-04-25 18:17:04 +0000	[diff] [blame]	1335	#ifdef HAVE_SECUREWARE
				1336	(void)set_auth_parameters(ac, av);
				1337	#endif
Damien Miller	59d3d5b	2003-08-22 09:34:41 +1000	[diff] [blame]	1338	__progname = ssh_get_progname(av[0]);
Damien Miller	f9b625c	2000-07-09 22:42:32 +1000	[diff] [blame]	1339
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1340	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame]	1341	saved_argc = ac;
Darren Tucker	17c5d03	2004-06-25 14:22:23 +1000	[diff] [blame]	1342	rexec_argc = ac;
Darren Tucker	d8093e4	2006-05-04 16:24:34 +1000	[diff] [blame]	1343	saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1344	for (i = 0; i < ac; i++)
				1345	saved_argv[i] = xstrdup(av[i]);
Damien Miller	04cb536	2003-05-15 21:29:10 +1000	[diff] [blame]	1346	saved_argv[i] = NULL;
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1347
				1348	#ifndef HAVE_SETPROCTITLE
				1349	/* Prepare for later setproctitle emulation */
				1350	compat_init_setproctitle(ac, av);
Damien Miller	f2e3e9d	2003-06-02 12:15:54 +1000	[diff] [blame]	1351	av = saved_argv;
Damien Miller	a8ed44b	2003-01-10 09:53:12 +1100	[diff] [blame]	1352	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1353
Damien Miller	bfba354	2004-03-22 09:29:57 +1100	[diff] [blame]	1354	if (geteuid() == 0 && setgroups(0, NULL) == -1)
				1355	debug("setgroups(): %.200s", strerror(errno));
				1356
Darren Tucker	ce321d8	2005-10-03 18:11:24 +1000	[diff] [blame]	1357	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
				1358	sanitise_stdfd();
				1359
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1360	/* Initialize configuration options to their default values. */
				1361	initialize_server_options(&options);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1362
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1363	/* Parse command-line arguments. */
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1364	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1365	switch (opt) {
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1366	case '4':
Darren Tucker	0f38323	2005-01-20 10:57:56 +1100	[diff] [blame]	1367	options.address_family = AF_INET;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1368	break;
				1369	case '6':
Darren Tucker	0f38323	2005-01-20 10:57:56 +1100	[diff] [blame]	1370	options.address_family = AF_INET6;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1371	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1372	case 'f':
				1373	config_file_name = optarg;
				1374	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1375	case 'c':
				1376	if (options.num_host_cert_files >= MAX_HOSTCERTS) {
				1377	fprintf(stderr, "too many host certificates.\n");
				1378	exit(1);
				1379	}
				1380	options.host_cert_files[options.num_host_cert_files++] =
				1381	derelativise_path(optarg);
				1382	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1383	case 'd':
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	1384	if (debug_flag == 0) {
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1385	debug_flag = 1;
				1386	options.log_level = SYSLOG_LEVEL_DEBUG1;
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	1387	} else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1388	options.log_level++;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1389	break;
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	1390	case 'D':
				1391	no_daemon_flag = 1;
				1392	break;
Ben Lindstrom	9fce9f0	2001-04-11 23:10:09 +0000	[diff] [blame]	1393	case 'e':
				1394	log_stderr = 1;
				1395	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1396	case 'i':
				1397	inetd_flag = 1;
				1398	break;
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1399	case 'r':
				1400	rexec_flag = 0;
				1401	break;
				1402	case 'R':
				1403	rexeced_flag = 1;
				1404	inetd_flag = 1;
				1405	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1406	case 'Q':
Ben Lindstrom	d539020	2001-01-29 08:07:43 +0000	[diff] [blame]	1407	/* ignored */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1408	break;
				1409	case 'q':
				1410	options.log_level = SYSLOG_LEVEL_QUIET;
				1411	break;
				1412	case 'b':
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	1413	options.server_key_bits = (int)strtonum(optarg, 256,
				1414	32768, NULL);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1415	break;
				1416	case 'p':
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1417	options.ports_from_cmdline = 1;
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1418	if (options.num_ports >= MAX_PORTS) {
				1419	fprintf(stderr, "too many ports.\n");
				1420	exit(1);
				1421	}
Ben Lindstrom	19066a1	2001-04-12 23:39:26 +0000	[diff] [blame]	1422	options.ports[options.num_ports++] = a2port(optarg);
Damien Miller	3dc71ad	2009-01-28 16:31:22 +1100	[diff] [blame]	1423	if (options.ports[options.num_ports-1] <= 0) {
Ben Lindstrom	19066a1	2001-04-12 23:39:26 +0000	[diff] [blame]	1424	fprintf(stderr, "Bad port number.\n");
				1425	exit(1);
				1426	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1427	break;
				1428	case 'g':
Ben Lindstrom	1bda4c8	2001-06-05 19:59:08 +0000	[diff] [blame]	1429	if ((options.login_grace_time = convtime(optarg)) == -1) {
				1430	fprintf(stderr, "Invalid login grace time.\n");
				1431	exit(1);
				1432	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1433	break;
				1434	case 'k':
Ben Lindstrom	1bda4c8	2001-06-05 19:59:08 +0000	[diff] [blame]	1435	if ((options.key_regeneration_time = convtime(optarg)) == -1) {
				1436	fprintf(stderr, "Invalid key regeneration interval.\n");
				1437	exit(1);
				1438	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1439	break;
				1440	case 'h':
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1441	if (options.num_host_key_files >= MAX_HOSTKEYS) {
				1442	fprintf(stderr, "too many host keys.\n");
				1443	exit(1);
				1444	}
Darren Tucker	88b6fb2	2010-01-13 22:44:29 +1100	[diff] [blame]	1445	options.host_key_files[options.num_host_key_files++] =
				1446	derelativise_path(optarg);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1447	break;
Ben Lindstrom	794325a	2001-08-06 21:09:07 +0000	[diff] [blame]	1448	case 't':
				1449	test_flag = 1;
				1450	break;
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1451	case 'T':
				1452	test_flag = 2;
				1453	break;
				1454	case 'C':
				1455	cp = optarg;
				1456	while ((p = strsep(&cp, ",")) && *p != '\0') {
				1457	if (strncmp(p, "addr=", 5) == 0)
				1458	test_addr = xstrdup(p + 5);
				1459	else if (strncmp(p, "host=", 5) == 0)
				1460	test_host = xstrdup(p + 5);
				1461	else if (strncmp(p, "user=", 5) == 0)
				1462	test_user = xstrdup(p + 5);
				1463	else {
				1464	fprintf(stderr, "Invalid test "
				1465	"mode specification %s\n", p);
				1466	exit(1);
				1467	}
				1468	}
				1469	break;
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	1470	case 'u':
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	1471	utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
Ben Lindstrom	41daec7	2002-07-23 21:15:13 +0000	[diff] [blame]	1472	if (utmp_len > MAXHOSTNAMELEN) {
				1473	fprintf(stderr, "Invalid utmp length.\n");
				1474	exit(1);
				1475	}
Damien Miller	942da03	2000-08-18 13:59:06 +1000	[diff] [blame]	1476	break;
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1477	case 'o':
Damien Miller	b999719	2003-12-17 16:29:22 +1100	[diff] [blame]	1478	line = xstrdup(optarg);
				1479	if (process_server_config_line(&options, line,
Darren Tucker	4515047	2006-07-12 22:34:17 +1000	[diff] [blame]	1480	"command-line", 0, NULL, NULL, NULL, NULL) != 0)
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1481	exit(1);
Damien Miller	b999719	2003-12-17 16:29:22 +1100	[diff] [blame]	1482	xfree(line);
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1483	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1484	case '?':
				1485	default:
Ben Lindstrom	ade03f6	2001-12-06 18:22:17 +0000	[diff] [blame]	1486	usage();
				1487	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1488	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1489	}
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1490	if (rexeced_flag \|\| inetd_flag)
				1491	rexec_flag = 0;
Damien Miller	2ee0c43	2008-03-07 18:31:47 +1100	[diff] [blame]	1492	if (!test_flag && (rexec_flag && (av[0] == NULL \|\| *av[0] != '/')))
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1493	fatal("sshd re-exec requires execution with an absolute path");
				1494	if (rexeced_flag)
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1495	closefrom(REEXEC_MIN_FREE_FD);
				1496	else
				1497	closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1498
Damien Miller	4314c2b	2010-09-10 11:12:09 +1000	[diff] [blame]	1499	OpenSSL_add_all_algorithms();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1500
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1501	/*
				1502	* Force logging to stderr until we have loaded the private host
				1503	* key (unless started from inetd)
				1504	*/
Kevin Steves	ec84dc1	2000-12-13 17:45:15 +0000	[diff] [blame]	1505	log_init(__progname,
Damien Miller	5aa5d78	2002-02-08 22:01:54 +1100	[diff] [blame]	1506	options.log_level == SYSLOG_LEVEL_NOT_SET ?
				1507	SYSLOG_LEVEL_INFO : options.log_level,
				1508	options.log_facility == SYSLOG_FACILITY_NOT_SET ?
				1509	SYSLOG_FACILITY_AUTH : options.log_facility,
Ben Lindstrom	c2faa4a	2002-11-09 15:50:03 +0000	[diff] [blame]	1510	log_stderr \|\| !inetd_flag);
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1511
Darren Tucker	86c093d	2004-03-08 22:59:03 +1100	[diff] [blame]	1512	/*
				1513	* Unset KRB5CCNAME, otherwise the user's session may inherit it from
				1514	* root's environment
Damien Miller	94cf4c8	2005-07-17 17:04:47 +1000	[diff] [blame]	1515	*/
Darren Tucker	9dc6c7d	2005-02-02 18:30:33 +1100	[diff] [blame]	1516	if (getenv("KRB5CCNAME") != NULL)
Tim Rice	e3609c9	2012-02-14 10:03:30 -0800	[diff] [blame]	1517	(void) unsetenv("KRB5CCNAME");
Darren Tucker	9dc6c7d	2005-02-02 18:30:33 +1100	[diff] [blame]	1518
Tim Rice	81ed518	2002-09-25 17:38:46 -0700	[diff] [blame]	1519	#ifdef _UNICOS
Darren Tucker	1298496	2004-05-24 13:37:13 +1000	[diff] [blame]	1520	/* Cray can define user privs drop all privs now!
Ben Lindstrom	6db66ff	2001-08-06 23:29:16 +0000	[diff] [blame]	1521	* Not needed on PRIV_SU systems!
				1522	*/
				1523	drop_cray_privs();
				1524	#endif
				1525
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1526	sensitive_data.server_key = NULL;
				1527	sensitive_data.ssh1_host_key = NULL;
				1528	sensitive_data.have_ssh1_key = 0;
				1529	sensitive_data.have_ssh2_key = 0;
				1530
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1531	/*
				1532	* If we're doing an extended config test, make sure we have all of
				1533	* the parameters we need. If we're not doing an extended test,
				1534	* do not silently ignore connection test params.
				1535	*/
Damien Miller	2a62847	2008-06-16 07:50:24 +1000	[diff] [blame]	1536	if (test_flag >= 2 &&
				1537	(test_user != NULL \|\| test_host != NULL \|\| test_addr != NULL)
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1538	&& (test_user == NULL \|\| test_host == NULL \|\| test_addr == NULL))
				1539	fatal("user, host and addr are all required when testing "
				1540	"Match configs");
				1541	if (test_flag < 2 && (test_user != NULL \|\| test_host != NULL \|\|
				1542	test_addr != NULL))
				1543	fatal("Config test connection parameter (-C) provided without "
				1544	"test mode (-T)");
				1545
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1546	/* Fetch our configuration */
				1547	buffer_init(&cfg);
				1548	if (rexeced_flag)
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1549	recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1550	else
				1551	load_server_config(config_file_name, &cfg);
				1552
Darren Tucker	4515047	2006-07-12 22:34:17 +1000	[diff] [blame]	1553	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
				1554	&cfg, NULL, NULL, NULL);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1555
Darren Tucker	c6f8219	2005-09-27 22:46:32 +1000	[diff] [blame]	1556	seed_rng();
				1557
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1558	/* Fill in default values for those options not explicitly set. */
				1559	fill_default_server_options(&options);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1560
Darren Tucker	97b1bb5	2007-03-21 20:38:53 +1100	[diff] [blame]	1561	/* challenge-response is implemented via keyboard interactive */
				1562	if (options.challenge_response_authentication)
				1563	options.kbd_interactive_authentication = 1;
				1564
Darren Tucker	7bd98e7	2010-01-10 10:31:12 +1100	[diff] [blame]	1565	/* set default channel AF */
Darren Tucker	0f38323	2005-01-20 10:57:56 +1100	[diff] [blame]	1566	channel_set_af(options.address_family);
				1567
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1568	/* Check that there are no remaining arguments. */
				1569	if (optind < ac) {
				1570	fprintf(stderr, "Extra argument %s.\n", av[optind]);
				1571	exit(1);
				1572	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1573
Damien Miller	2aa6d3c	2004-09-12 16:53:04 +1000	[diff] [blame]	1574	debug("sshd version %.100s", SSH_RELEASE);
Damien Miller	2ccf661	1999-11-15 15:25:10 +1100	[diff] [blame]	1575
Darren Tucker	df0e438	2006-11-07 11:28:40 +1100	[diff] [blame]	1576	/* Store privilege separation user for later use if required. */
				1577	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
				1578	if (use_privsep \|\| options.kerberos_authentication)
				1579	fatal("Privilege separation user %s does not exist",
				1580	SSH_PRIVSEP_USER);
				1581	} else {
				1582	memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
				1583	privsep_pw = pwcopy(privsep_pw);
				1584	xfree(privsep_pw->pw_passwd);
				1585	privsep_pw->pw_passwd = xstrdup("*");
				1586	}
Damien Miller	6433df0	2006-09-07 10:36:43 +1000	[diff] [blame]	1587	endpwent();
				1588
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1589	/* load private host keys */
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1590	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	1591	sizeof(Key *));
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1592	for (i = 0; i < options.num_host_key_files; i++)
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	1593	sensitive_data.host_keys[i] = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1594
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1595	for (i = 0; i < options.num_host_key_files; i++) {
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1596	key = key_load_private(options.host_key_files[i], "", NULL);
				1597	sensitive_data.host_keys[i] = key;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1598	if (key == NULL) {
Ben Lindstrom	15f3386	2001-04-16 02:00:02 +0000	[diff] [blame]	1599	error("Could not load host key: %s",
				1600	options.host_key_files[i]);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1601	sensitive_data.host_keys[i] = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1602	continue;
				1603	}
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1604	switch (key->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1605	case KEY_RSA1:
				1606	sensitive_data.ssh1_host_key = key;
				1607	sensitive_data.have_ssh1_key = 1;
				1608	break;
				1609	case KEY_RSA:
				1610	case KEY_DSA:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1611	case KEY_ECDSA:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1612	sensitive_data.have_ssh2_key = 1;
				1613	break;
				1614	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	1615	debug("private host key: #%d type %d %s", i, key->type,
				1616	key_type(key));
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1617	}
				1618	if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1619	logit("Disabling protocol version 1. Could not load host key");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1620	options.protocol &= ~SSH_PROTO_1;
				1621	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1622	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1623	logit("Disabling protocol version 2. Could not load host key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1624	options.protocol &= ~SSH_PROTO_2;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1625	}
Kevin Steves	adf74cd	2001-02-05 14:22:50 +0000	[diff] [blame]	1626	if (!(options.protocol & (SSH_PROTO_1\|SSH_PROTO_2))) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1627	logit("sshd: no hostkeys available -- exiting.");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1628	exit(1);
				1629	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1630
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1631	/*
				1632	* Load certificates. They are stored in an array at identical
				1633	* indices to the public keys that they relate to.
				1634	*/
				1635	sensitive_data.host_certificates = xcalloc(options.num_host_key_files,
				1636	sizeof(Key *));
				1637	for (i = 0; i < options.num_host_key_files; i++)
				1638	sensitive_data.host_certificates[i] = NULL;
				1639
				1640	for (i = 0; i < options.num_host_cert_files; i++) {
				1641	key = key_load_public(options.host_cert_files[i], NULL);
				1642	if (key == NULL) {
				1643	error("Could not load host certificate: %s",
				1644	options.host_cert_files[i]);
				1645	continue;
				1646	}
				1647	if (!key_is_cert(key)) {
				1648	error("Certificate file is not a certificate: %s",
				1649	options.host_cert_files[i]);
				1650	key_free(key);
				1651	continue;
				1652	}
				1653	/* Find matching private key */
				1654	for (j = 0; j < options.num_host_key_files; j++) {
				1655	if (key_equal_public(key,
				1656	sensitive_data.host_keys[j])) {
				1657	sensitive_data.host_certificates[j] = key;
				1658	break;
				1659	}
				1660	}
				1661	if (j >= options.num_host_key_files) {
				1662	error("No matching private key for certificate: %s",
				1663	options.host_cert_files[i]);
				1664	key_free(key);
				1665	continue;
				1666	}
				1667	sensitive_data.host_certificates[j] = key;
				1668	debug("host certificate: #%d type %d %s", j, key->type,
				1669	key_type(key));
				1670	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1671	/* Check certain values for sanity. */
				1672	if (options.protocol & SSH_PROTO_1) {
				1673	if (options.server_key_bits < 512 \|\|
				1674	options.server_key_bits > 32768) {
				1675	fprintf(stderr, "Bad server key size.\n");
				1676	exit(1);
				1677	}
				1678	/*
				1679	* Check that server and host key lengths differ sufficiently. This
				1680	* is necessary to make double encryption work with rsaref. Oh, I
				1681	* hate software patents. I dont know if this can go? Niels
				1682	*/
				1683	if (options.server_key_bits >
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	1684	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
				1685	SSH_KEY_BITS_RESERVED && options.server_key_bits <
				1686	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
				1687	SSH_KEY_BITS_RESERVED) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1688	options.server_key_bits =
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	1689	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
				1690	SSH_KEY_BITS_RESERVED;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1691	debug("Forcing server key to %d bits to make it differ from host key.",
				1692	options.server_key_bits);
				1693	}
				1694	}
				1695
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1696	if (use_privsep) {
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1697	struct stat st;
				1698
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1699	if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) \|\|
				1700	(S_ISDIR(st.st_mode) == 0))
				1701	fatal("Missing privilege separation directory: %s",
				1702	_PATH_PRIVSEP_CHROOT_DIR);
Ben Lindstrom	5962735	2002-06-27 18:02:21 +0000	[diff] [blame]	1703
				1704	#ifdef HAVE_CYGWIN
				1705	if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
				1706	(st.st_uid != getuid () \|\|
				1707	(st.st_mode & (S_IWGRP\|S_IWOTH)) != 0))
				1708	#else
Ben Lindstrom	2dfacb3	2002-06-23 00:33:47 +0000	[diff] [blame]	1709	if (st.st_uid != 0 \|\| (st.st_mode & (S_IWGRP\|S_IWOTH)) != 0)
Ben Lindstrom	5962735	2002-06-27 18:02:21 +0000	[diff] [blame]	1710	#endif
Damien Miller	180fc5b	2003-02-24 11:50:18 +1100	[diff] [blame]	1711	fatal("%s must be owned by root and not group or "
				1712	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
Ben Lindstrom	a26ea63	2002-06-06 20:46:25 +0000	[diff] [blame]	1713	}
				1714
Darren Tucker	e7140f2	2008-06-10 23:01:51 +1000	[diff] [blame]	1715	if (test_flag > 1) {
				1716	if (test_user != NULL && test_addr != NULL && test_host != NULL)
				1717	parse_server_match_config(&options, test_user,
				1718	test_host, test_addr);
				1719	dump_config(&options);
				1720	}
				1721
Ben Lindstrom	794325a	2001-08-06 21:09:07 +0000	[diff] [blame]	1722	/* Configuration looks good, so exit if in test mode. */
				1723	if (test_flag)
				1724	exit(0);
				1725
Damien Miller	87aea25	2002-05-10 12:20:24 +1000	[diff] [blame]	1726	/*
				1727	* Clear out any supplemental groups we may have inherited. This
				1728	* prevents inadvertent creation of files with bad modes (in the
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	1729	* portable version at least, it's certainly possible for PAM
				1730	* to create a file, and we can't control the code in every
Damien Miller	87aea25	2002-05-10 12:20:24 +1000	[diff] [blame]	1731	* module which might be used).
				1732	*/
				1733	if (setgroups(0, NULL) < 0)
				1734	debug("setgroups() failed: %.200s", strerror(errno));
				1735
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1736	if (rexec_flag) {
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1737	rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1738	for (i = 0; i < rexec_argc; i++) {
				1739	debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
				1740	rexec_argv[i] = saved_argv[i];
				1741	}
				1742	rexec_argv[rexec_argc] = "-R";
				1743	rexec_argv[rexec_argc + 1] = NULL;
				1744	}
				1745
Damien Miller	6ca16c6	2008-06-16 07:50:58 +1000	[diff] [blame]	1746	/* Ensure that umask disallows at least group and world write */
				1747	new_umask = umask(0077) \| 0022;
				1748	(void) umask(new_umask);
				1749
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1750	/* Initialize the log (it is reinitialized below in case we forked). */
Darren Tucker	ea7c812	2005-01-20 11:03:08 +1100	[diff] [blame]	1751	if (debug_flag && (!inetd_flag \|\| rexeced_flag))
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1752	log_stderr = 1;
Kevin Steves	ec84dc1	2000-12-13 17:45:15 +0000	[diff] [blame]	1753	log_init(__progname, options.log_level, options.log_facility, log_stderr);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1754
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1755	/*
				1756	* If not in debugging mode, and not started from inetd, disconnect
				1757	* from the controlling terminal, and fork. The original process
				1758	* exits.
				1759	*/
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	1760	if (!(debug_flag \|\| inetd_flag \|\| no_daemon_flag)) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1761	#ifdef TIOCNOTTY
				1762	int fd;
				1763	#endif /* TIOCNOTTY */
				1764	if (daemon(0, 0) < 0)
				1765	fatal("daemon() failed: %.200s", strerror(errno));
				1766
				1767	/* Disconnect from the controlling tty. */
				1768	#ifdef TIOCNOTTY
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	1769	fd = open(_PATH_TTY, O_RDWR \| O_NOCTTY);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1770	if (fd >= 0) {
				1771	(void) ioctl(fd, TIOCNOTTY, NULL);
				1772	close(fd);
				1773	}
				1774	#endif /* TIOCNOTTY */
				1775	}
				1776	/* Reinitialize the log (because of the fork above). */
Kevin Steves	ec84dc1	2000-12-13 17:45:15 +0000	[diff] [blame]	1777	log_init(__progname, options.log_level, options.log_facility, log_stderr);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1778
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1779	/* Initialize the random number generator. */
				1780	arc4random_stir();
				1781
				1782	/* Chdir to the root directory so that the current disk can be
				1783	unmounted if desired. */
				1784	chdir("/");
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1785
Ben Lindstrom	de71cda	2001-03-24 00:43:26 +0000	[diff] [blame]	1786	/* ignore SIGPIPE */
				1787	signal(SIGPIPE, SIG_IGN);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1788
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1789	/* Get a connection, either from inetd or a listening TCP socket */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1790	if (inetd_flag) {
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1791	server_accept_inetd(&sock_in, &sock_out);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1792	} else {
Darren Tucker	c8802aa	2009-12-08 13:39:48 +1100	[diff] [blame]	1793	platform_pre_listen();
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1794	server_listen();
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1795
Ben Lindstrom	9809786	2001-06-25 05:10:20 +0000	[diff] [blame]	1796	if (options.protocol & SSH_PROTO_1)
				1797	generate_ephemeral_server_key();
				1798
Ben Lindstrom	9809786	2001-06-25 05:10:20 +0000	[diff] [blame]	1799	signal(SIGHUP, sighup_handler);
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1800	signal(SIGCHLD, main_sigchld_handler);
Ben Lindstrom	9809786	2001-06-25 05:10:20 +0000	[diff] [blame]	1801	signal(SIGTERM, sigterm_handler);
				1802	signal(SIGQUIT, sigterm_handler);
				1803
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1804	/*
				1805	* Write out the pid file after the sigterm handler
				1806	* is setup and the listen sockets are bound
				1807	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1808	if (!debug_flag) {
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1809	FILE *f = fopen(options.pid_file, "w");
				1810
Darren Tucker	e532704	2003-07-03 13:40:44 +1000	[diff] [blame]	1811	if (f == NULL) {
				1812	error("Couldn't create pid file \"%s\": %s",
				1813	options.pid_file, strerror(errno));
				1814	} else {
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	1815	fprintf(f, "%ld\n", (long) getpid());
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1816	fclose(f);
				1817	}
				1818	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1819
Damien Miller	a1f6840	2006-08-19 00:31:39 +1000	[diff] [blame]	1820	/* Accept a connection and return in a forked child */
				1821	server_accept_loop(&sock_in, &sock_out,
				1822	&newsock, config_s);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1823	}
				1824
				1825	/* This is the child processing a new connection. */
Damien Miller	57aae98	2004-03-08 23:11:25 +1100	[diff] [blame]	1826	setproctitle("%s", "[accepted]");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1827
Darren Tucker	6832b83	2004-08-12 22:36:51 +1000	[diff] [blame]	1828	/*
				1829	* Create a new session and process group since the 4.4BSD
				1830	* setlogin() affects the entire process group. We don't
				1831	* want the child to be able to affect the parent.
				1832	*/
				1833	#if !defined(SSHD_ACQUIRES_CTTY)
				1834	/*
				1835	* If setsid is called, on some platforms sshd will later acquire a
				1836	* controlling terminal which will result in "could not set
				1837	* controlling tty" errors.
				1838	*/
				1839	if (!debug_flag && !inetd_flag && setsid() < 0)
				1840	error("setsid: %.100s", strerror(errno));
				1841	#endif
				1842
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1843	if (rexec_flag) {
				1844	int fd;
				1845
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1846	debug("rexec start in %d out %d newsock %d pipe %d sock %d",
				1847	sock_in, sock_out, newsock, startup_pipe, config_s[0]);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1848	dup2(newsock, STDIN_FILENO);
				1849	dup2(STDIN_FILENO, STDOUT_FILENO);
				1850	if (startup_pipe == -1)
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1851	close(REEXEC_STARTUP_PIPE_FD);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1852	else
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1853	dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1854
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1855	dup2(config_s[1], REEXEC_CONFIG_PASS_FD);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1856	close(config_s[1]);
Darren Tucker	d883593	2004-08-12 22:42:29 +1000	[diff] [blame]	1857	if (startup_pipe != -1)
				1858	close(startup_pipe);
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1859
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1860	execv(rexec_argv[0], rexec_argv);
				1861
				1862	/* Reexec has failed, fall back and continue */
				1863	error("rexec of %s failed: %s", rexec_argv[0], strerror(errno));
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1864	recv_rexec_state(REEXEC_CONFIG_PASS_FD, NULL);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1865	log_init(__progname, options.log_level,
				1866	options.log_facility, log_stderr);
				1867
				1868	/* Clean up fds */
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1869	startup_pipe = REEXEC_STARTUP_PIPE_FD;
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1870	close(config_s[1]);
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1871	close(REEXEC_CONFIG_PASS_FD);
				1872	newsock = sock_out = sock_in = dup(STDIN_FILENO);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1873	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
				1874	dup2(fd, STDIN_FILENO);
				1875	dup2(fd, STDOUT_FILENO);
				1876	if (fd > STDERR_FILENO)
				1877	close(fd);
				1878	}
Damien Miller	035a5b4	2004-06-26 08:16:31 +1000	[diff] [blame]	1879	debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d",
				1880	sock_in, sock_out, newsock, startup_pipe, config_s[0]);
Darren Tucker	645ab75	2004-06-25 13:33:20 +1000	[diff] [blame]	1881	}
				1882
Damien Miller	133d9d3	2010-01-30 17:30:04 +1100	[diff] [blame]	1883	/* Executed child processes don't need these. */
				1884	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
				1885	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
				1886
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1887	/*
				1888	* Disable the key regeneration alarm. We will not regenerate the
				1889	* key since we are no longer in a position to give it to anyone. We
				1890	* will not restart on SIGHUP since it no longer makes sense.
				1891	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1892	alarm(0);
				1893	signal(SIGALRM, SIG_DFL);
				1894	signal(SIGHUP, SIG_DFL);
				1895	signal(SIGTERM, SIG_DFL);
				1896	signal(SIGQUIT, SIG_DFL);
				1897	signal(SIGCHLD, SIG_DFL);
Damien Miller	4e0f5e1	2000-08-29 11:05:50 +1100	[diff] [blame]	1898	signal(SIGINT, SIG_DFL);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1899
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1900	/*
				1901	* Register our connection. This turns encryption off because we do
				1902	* not have a key.
				1903	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1904	packet_set_connection(sock_in, sock_out);
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	1905	packet_set_server();
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1906
Damien Miller	4f1d6b2	2005-05-26 11:59:32 +1000	[diff] [blame]	1907	/* Set SO_KEEPALIVE if requested. */
				1908	if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
				1909	setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
				1910	error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
				1911
Damien Miller	677257f	2005-06-17 12:55:03 +1000	[diff] [blame]	1912	if ((remote_port = get_remote_port()) < 0) {
				1913	debug("get_remote_port failed");
				1914	cleanup_exit(255);
				1915	}
Damien Miller	4d3fd54	2005-11-05 15:13:24 +1100	[diff] [blame]	1916
				1917	/*
				1918	* We use get_canonical_hostname with usedns = 0 instead of
				1919	* get_remote_ipaddr here so IP options will be checked.
				1920	*/
Damien Miller	eb13e55	2006-06-13 13:03:53 +1000	[diff] [blame]	1921	(void) get_canonical_hostname(0);
				1922	/*
				1923	* The rest of the code depends on the fact that
				1924	* get_remote_ipaddr() caches the remote ip, even if
				1925	* the socket goes away.
				1926	*/
				1927	remote_ip = get_remote_ipaddr();
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1928
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	1929	#ifdef SSH_AUDIT_EVENTS
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	1930	audit_connection_from(remote_ip, remote_port);
				1931	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1932	#ifdef LIBWRAP
Darren Tucker	1f1e17b	2008-02-28 23:20:48 +1100	[diff] [blame]	1933	allow_severity = options.log_facility\|LOG_INFO;
				1934	deny_severity = options.log_facility\|LOG_WARNING;
Damien Miller	6a4a4b9	2001-11-12 11:07:11 +1100	[diff] [blame]	1935	/* Check whether logins are denied from this host. */
Darren Tucker	586b0b9	2004-06-25 13:34:31 +1000	[diff] [blame]	1936	if (packet_connection_is_on_socket()) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1937	struct request_info req;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1938
Ben Lindstrom	ce89dac	2001-09-12 16:58:04 +0000	[diff] [blame]	1939	request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1940	fromhost(&req);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1941
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1942	if (!hosts_access(&req)) {
Damien Miller	6a4a4b9	2001-11-12 11:07:11 +1100	[diff] [blame]	1943	debug("Connection refused by tcp wrapper");
Ben Lindstrom	7de696e	2001-03-29 00:45:12 +0000	[diff] [blame]	1944	refuse(&req);
Damien Miller	6a4a4b9	2001-11-12 11:07:11 +1100	[diff] [blame]	1945	/* NOTREACHED */
				1946	fatal("libwrap refuse returns");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1947	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1948	}
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	1949	#endif /* LIBWRAP */
Damien Miller	6a4a4b9	2001-11-12 11:07:11 +1100	[diff] [blame]	1950
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1951	/* Log the connection. */
				1952	verbose("Connection from %.500s port %d", remote_ip, remote_port);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1953
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1954	/*
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	1955	* We don't want to listen forever unless the other side
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1956	* successfully authenticates itself. So we set up an alarm which is
				1957	* cleared after successful authentication. A limit of zero
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	1958	* indicates no limit. Note that we don't set the alarm in debugging
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1959	* mode; it is just annoying to have the server exit just when you
				1960	* are about to discover the bug.
				1961	*/
Ben Lindstrom	5ade9ab	2003-08-25 01:16:21 +0000	[diff] [blame]	1962	signal(SIGALRM, grace_alarm_handler);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1963	if (!debug_flag)
				1964	alarm(options.login_grace_time);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1965
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	1966	sshd_exchange_identification(sock_in, sock_out);
Darren Tucker	ec960f2	2003-08-13 20:37:05 +1000	[diff] [blame]	1967
Darren Tucker	5891116	2008-01-01 20:33:09 +1100	[diff] [blame]	1968	/* In inetd mode, generate ephemeral key only for proto 1 connections */
				1969	if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
				1970	generate_ephemeral_server_key();
				1971
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1972	packet_set_nonblocking();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1973
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1974	/* allocate authentication context */
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1975	authctxt = xcalloc(1, sizeof(*authctxt));
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1976
Darren Tucker	f3bb434	2005-03-31 21:39:25 +1000	[diff] [blame]	1977	authctxt->loginmsg = &loginmsg;
				1978
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1979	/* XXX global for cleanup, access from other modules */
				1980	the_authctxt = authctxt;
				1981
Darren Tucker	5c14c73	2005-01-24 21:55:49 +1100	[diff] [blame]	1982	/* prepare buffer to collect messages to display to user after login */
				1983	buffer_init(&loginmsg);
Darren Tucker	cd70e1b	2010-03-07 23:05:17 +1100	[diff] [blame]	1984	auth_debug_reset();
Darren Tucker	5c14c73	2005-01-24 21:55:49 +1100	[diff] [blame]	1985
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	1986	if (use_privsep)
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1987	if (privsep_preauth(authctxt) == 1)
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	1988	goto authenticated;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	1989
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	1990	/* perform the key exchange */
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	1991	/* authenticate user and start session */
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	1992	if (compat20) {
				1993	do_ssh2_kex();
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1994	do_authentication2(authctxt);
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	1995	} else {
				1996	do_ssh1_kex();
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1997	do_authentication(authctxt);
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	1998	}
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	1999	/*
				2000	* If we use privilege separation, the unprivileged child transfers
				2001	* the current keystate and exits
				2002	*/
				2003	if (use_privsep) {
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	2004	mm_send_keystate(pmonitor);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2005	exit(0);
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	2006	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2007
				2008	authenticated:
Damien Miller	7bff1a9	2005-12-24 14:59:12 +1100	[diff] [blame]	2009	/*
				2010	* Cancel the alarm we set to limit the time taken for
				2011	* authentication.
				2012	*/
				2013	alarm(0);
				2014	signal(SIGALRM, SIG_DFL);
Damien Miller	3f8123c	2006-08-19 00:32:46 +1000	[diff] [blame]	2015	authctxt->authenticated = 1;
Damien Miller	7bff1a9	2005-12-24 14:59:12 +1100	[diff] [blame]	2016	if (startup_pipe != -1) {
				2017	close(startup_pipe);
				2018	startup_pipe = -1;
				2019	}
				2020
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	2021	#ifdef SSH_AUDIT_EVENTS
				2022	audit_event(SSH_AUTH_SUCCESS);
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	2023	#endif
				2024
Darren Tucker	52358d6	2008-03-11 22:58:25 +1100	[diff] [blame]	2025	#ifdef GSSAPI
				2026	if (options.gss_authentication) {
				2027	temporarily_use_uid(authctxt->pw);
				2028	ssh_gssapi_storecreds();
				2029	restore_uid();
				2030	}
				2031	#endif
				2032	#ifdef USE_PAM
				2033	if (options.use_pam) {
				2034	do_pam_setcred(1);
				2035	do_pam_session();
				2036	}
				2037	#endif
				2038
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	2039	/*
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2040	* In privilege separation, we fork another child and prepare
				2041	* file descriptor passing.
				2042	*/
				2043	if (use_privsep) {
Ben Lindstrom	943481c	2002-03-22 03:43:46 +0000	[diff] [blame]	2044	privsep_postauth(authctxt);
				2045	/* the monitor process [priv] will not return */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2046	if (!compat20)
				2047	destroy_sensitive_data();
				2048	}
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	2049
Darren Tucker	3fc464e	2008-06-13 06:42:45 +1000	[diff] [blame]	2050	packet_set_timeout(options.client_alive_interval,
				2051	options.client_alive_count_max);
				2052
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2053	/* Start session. */
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	2054	do_authenticated(authctxt);
				2055
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	2056	/* The connection has been terminated. */
Damien Miller	b61f3fc	2008-07-11 17:36:48 +1000	[diff] [blame]	2057	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
				2058	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
Damien Miller	821de0a	2011-01-11 17:20:29 +1100	[diff] [blame]	2059	verbose("Transferred: sent %llu, received %llu bytes",
				2060	(unsigned long long)obytes, (unsigned long long)ibytes);
Damien Miller	b61f3fc	2008-07-11 17:36:48 +1000	[diff] [blame]	2061
				2062	verbose("Closing connection to %.500s port %d", remote_ip, remote_port);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2063
Damien Miller	beb4ba5	1999-12-28 15:09:35 +1100	[diff] [blame]	2064	#ifdef USE_PAM
Damien Miller	4e448a3	2003-05-14 15:11:48 +1000	[diff] [blame]	2065	if (options.use_pam)
				2066	finish_pam();
Damien Miller	beb4ba5	1999-12-28 15:09:35 +1100	[diff] [blame]	2067	#endif /* USE_PAM */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2068
Darren Tucker	2b59a6d	2005-03-06 22:38:51 +1100	[diff] [blame]	2069	#ifdef SSH_AUDIT_EVENTS
				2070	PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
				2071	#endif
				2072
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2073	packet_close();
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2074
				2075	if (use_privsep)
				2076	mm_terminate();
				2077
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2078	exit(0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2079	}
				2080
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2081	/*
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2082	* Decrypt session_key_int using our private server key and private host key
				2083	* (key with larger modulus first).
				2084	*/
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2085	int
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2086	ssh1_session_key(BIGNUM *session_key_int)
				2087	{
				2088	int rsafail = 0;
				2089
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	2090	if (BN_cmp(sensitive_data.server_key->rsa->n,
				2091	sensitive_data.ssh1_host_key->rsa->n) > 0) {
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2092	/* Server key has bigger modulus. */
				2093	if (BN_num_bits(sensitive_data.server_key->rsa->n) <
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	2094	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
				2095	SSH_KEY_BITS_RESERVED) {
				2096	fatal("do_connection: %s: "
				2097	"server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2098	get_remote_ipaddr(),
				2099	BN_num_bits(sensitive_data.server_key->rsa->n),
				2100	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
				2101	SSH_KEY_BITS_RESERVED);
				2102	}
				2103	if (rsa_private_decrypt(session_key_int, session_key_int,
				2104	sensitive_data.server_key->rsa) <= 0)
				2105	rsafail++;
				2106	if (rsa_private_decrypt(session_key_int, session_key_int,
				2107	sensitive_data.ssh1_host_key->rsa) <= 0)
				2108	rsafail++;
				2109	} else {
				2110	/* Host key has bigger modulus (or they are equal). */
				2111	if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	2112	BN_num_bits(sensitive_data.server_key->rsa->n) +
				2113	SSH_KEY_BITS_RESERVED) {
				2114	fatal("do_connection: %s: "
				2115	"host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2116	get_remote_ipaddr(),
				2117	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
				2118	BN_num_bits(sensitive_data.server_key->rsa->n),
				2119	SSH_KEY_BITS_RESERVED);
				2120	}
				2121	if (rsa_private_decrypt(session_key_int, session_key_int,
				2122	sensitive_data.ssh1_host_key->rsa) < 0)
				2123	rsafail++;
				2124	if (rsa_private_decrypt(session_key_int, session_key_int,
				2125	sensitive_data.server_key->rsa) < 0)
				2126	rsafail++;
				2127	}
				2128	return (rsafail);
				2129	}
				2130	/*
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2131	* SSH1 key exchange
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2132	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2133	static void
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	2134	do_ssh1_kex(void)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2135	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2136	int i, len;
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2137	int rsafail = 0;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2138	BIGNUM *session_key_int;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	2139	u_char session_key[SSH_SESSION_KEY_LENGTH];
				2140	u_char cookie[8];
				2141	u_int cipher_type, auth_mask, protocol_flags;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2142
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2143	/*
				2144	* Generate check bytes that the client must send back in the user
				2145	* packet in order for it to be accepted; this is used to defy ip
				2146	* spoofing attacks. Note that this only works against somebody
				2147	* doing IP spoofing from a remote machine; any machine on the local
				2148	* network can still see outgoing packets and catch the random
				2149	* cookie. This only affects rhosts authentication, and this is one
				2150	* of the reasons why it is inherently insecure.
				2151	*/
Damien Miller	354c48c	2008-05-19 14:50:00 +1000	[diff] [blame]	2152	arc4random_buf(cookie, sizeof(cookie));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2153
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2154	/*
				2155	* Send our public key. We include in the packet 64 bits of random
				2156	* data that must be matched in the reply in order to prevent IP
				2157	* spoofing.
				2158	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2159	packet_start(SSH_SMSG_PUBLIC_KEY);
				2160	for (i = 0; i < 8; i++)
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2161	packet_put_char(cookie[i]);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2162
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2163	/* Store our public server RSA key. */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2164	packet_put_int(BN_num_bits(sensitive_data.server_key->rsa->n));
				2165	packet_put_bignum(sensitive_data.server_key->rsa->e);
				2166	packet_put_bignum(sensitive_data.server_key->rsa->n);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2167
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2168	/* Store our public host RSA key. */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2169	packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
				2170	packet_put_bignum(sensitive_data.ssh1_host_key->rsa->e);
				2171	packet_put_bignum(sensitive_data.ssh1_host_key->rsa->n);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2172
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2173	/* Put protocol flags. */
				2174	packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2175
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2176	/* Declare which ciphers we support. */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2177	packet_put_int(cipher_mask_ssh1(0));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2178
				2179	/* Declare supported authentication types. */
				2180	auth_mask = 0;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2181	if (options.rhosts_rsa_authentication)
				2182	auth_mask \|= 1 << SSH_AUTH_RHOSTS_RSA;
				2183	if (options.rsa_authentication)
				2184	auth_mask \|= 1 << SSH_AUTH_RSA;
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	2185	if (options.challenge_response_authentication == 1)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2186	auth_mask \|= 1 << SSH_AUTH_TIS;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2187	if (options.password_authentication)
				2188	auth_mask \|= 1 << SSH_AUTH_PASSWORD;
				2189	packet_put_int(auth_mask);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2190
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2191	/* Send the packet and wait for it to be sent. */
				2192	packet_send();
				2193	packet_write_wait();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2194
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2195	debug("Sent %d bit server key and %d bit host key.",
				2196	BN_num_bits(sensitive_data.server_key->rsa->n),
				2197	BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2198
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2199	/* Read clients reply (cipher type and session key). */
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	2200	packet_read_expect(SSH_CMSG_SESSION_KEY);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2201
Damien Miller	50945fa	1999-12-09 10:31:37 +1100	[diff] [blame]	2202	/* Get cipher type and check whether we accept this. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2203	cipher_type = packet_get_char();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2204
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2205	if (!(cipher_mask_ssh1(0) & (1 << cipher_type)))
Damien Miller	50945fa	1999-12-09 10:31:37 +1100	[diff] [blame]	2206	packet_disconnect("Warning: client selects unsupported cipher.");
				2207
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2208	/* Get check bytes from the packet. These must match those we
				2209	sent earlier with the public key packet. */
				2210	for (i = 0; i < 8; i++)
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2211	if (cookie[i] != packet_get_char())
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2212	packet_disconnect("IP Spoofing check bytes do not match.");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2213
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2214	debug("Encryption type: %.200s", cipher_name(cipher_type));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2215
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2216	/* Get the encrypted integer. */
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	2217	if ((session_key_int = BN_new()) == NULL)
				2218	fatal("do_ssh1_kex: BN_new failed");
Damien Miller	d432ccf	2002-01-22 23:14:44 +1100	[diff] [blame]	2219	packet_get_bignum(session_key_int);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2220
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2221	protocol_flags = packet_get_int();
				2222	packet_set_protocol_flags(protocol_flags);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	2223	packet_check_eom();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2224
Ben Lindstrom	abcb145	2002-03-22 01:10:21 +0000	[diff] [blame]	2225	/* Decrypt session_key_int using host/server keys */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2226	rsafail = PRIVSEP(ssh1_session_key(session_key_int));
				2227
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	2228	/*
				2229	* Extract session key from the decrypted integer. The key is in the
				2230	* least significant 256 bits of the integer; the first byte of the
				2231	* key is in the highest bits.
				2232	*/
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2233	if (!rsafail) {
Darren Tucker	0bc8557	2006-11-07 23:14:41 +1100	[diff] [blame]	2234	(void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2235	len = BN_num_bytes(session_key_int);
Damien Miller	eccb9de	2005-06-17 12:59:34 +1000	[diff] [blame]	2236	if (len < 0 \|\| (u_int)len > sizeof(session_key)) {
Darren Tucker	0bc8557	2006-11-07 23:14:41 +1100	[diff] [blame]	2237	error("do_ssh1_kex: bad session key len from %s: "
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	2238	"session_key_int %d > sizeof(session_key) %lu",
				2239	get_remote_ipaddr(), len, (u_long)sizeof(session_key));
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2240	rsafail++;
				2241	} else {
				2242	memset(session_key, 0, sizeof(session_key));
				2243	BN_bn2bin(session_key_int,
				2244	session_key + sizeof(session_key) - len);
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2245
Darren Tucker	e14e005	2004-05-13 16:30:44 +1000	[diff] [blame]	2246	derive_ssh1_session_id(
Darren Tucker	fc95970	2004-07-17 16:12:08 +1000	[diff] [blame]	2247	sensitive_data.ssh1_host_key->rsa->n,
Darren Tucker	e14e005	2004-05-13 16:30:44 +1000	[diff] [blame]	2248	sensitive_data.server_key->rsa->n,
				2249	cookie, session_id);
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2250	/*
				2251	* Xor the first 16 bytes of the session key with the
				2252	* session id.
				2253	*/
				2254	for (i = 0; i < 16; i++)
				2255	session_key[i] ^= session_id[i];
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2256	}
				2257	}
				2258	if (rsafail) {
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2259	int bytes = BN_num_bytes(session_key_int);
Ben Lindstrom	13c5d3b	2002-02-26 18:00:48 +0000	[diff] [blame]	2260	u_char *buf = xmalloc(bytes);
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2261	MD5_CTX md;
				2262
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	2263	logit("do_connection: generating a fake encryption key");
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2264	BN_bn2bin(session_key_int, buf);
				2265	MD5_Init(&md);
				2266	MD5_Update(&md, buf, bytes);
				2267	MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
				2268	MD5_Final(session_key, &md);
				2269	MD5_Init(&md);
				2270	MD5_Update(&md, session_key, 16);
				2271	MD5_Update(&md, buf, bytes);
				2272	MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
				2273	MD5_Final(session_key + 16, &md);
				2274	memset(buf, 0, bytes);
				2275	xfree(buf);
Ben Lindstrom	941ac82	2001-03-05 06:25:23 +0000	[diff] [blame]	2276	for (i = 0; i < 16; i++)
				2277	session_id[i] = session_key[i] ^ session_key[i + 16];
Damien Miller	7650bc6	2001-01-30 09:27:26 +1100	[diff] [blame]	2278	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2279	/* Destroy the private and public keys. No longer. */
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	2280	destroy_sensitive_data();
Ben Lindstrom	eb648a7	2001-03-05 06:00:29 +0000	[diff] [blame]	2281
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2282	if (use_privsep)
				2283	mm_ssh1_session_id(session_id);
				2284
Damien Miller	396691a	2000-01-20 22:44:08 +1100	[diff] [blame]	2285	/* Destroy the decrypted integer. It is no longer needed. */
				2286	BN_clear_free(session_key_int);
				2287
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2288	/* Set the session key. From this on all communications will be encrypted. */
				2289	packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2290
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2291	/* Destroy our copy of the session key. It is no longer needed. */
				2292	memset(session_key, 0, sizeof(session_key));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2293
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2294	debug("Received session key; encryption turned on.");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2295
Ben Lindstrom	f666fec	2002-06-06 19:51:58 +0000	[diff] [blame]	2296	/* Send an acknowledgment packet. Note that this packet is sent encrypted. */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2297	packet_start(SSH_SMSG_SUCCESS);
				2298	packet_send();
				2299	packet_write_wait();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2300	}
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2301
				2302	/*
				2303	* SSH2 key exchange: diffie-hellman-group1-sha1
				2304	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2305	static void
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	2306	do_ssh2_kex(void)
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2307	{
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2308	Kex *kex;
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2309
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	2310	if (options.ciphers != NULL) {
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	2311	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
Damien Miller	7892879	2000-04-12 20:17:38 +1000	[diff] [blame]	2312	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				2313	}
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	2314	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				2315	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
				2316	myproposal[PROPOSAL_ENC_ALGS_STOC] =
				2317	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
				2318
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	2319	if (options.macs != NULL) {
				2320	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				2321	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				2322	}
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	2323	if (options.compression == COMP_NONE) {
Ben Lindstrom	23e0f66	2002-06-21 01:09:47 +0000	[diff] [blame]	2324	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
				2325	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
Damien Miller	9786e6e	2005-07-26 21:54:56 +1000	[diff] [blame]	2326	} else if (options.compression == COMP_DELAYED) {
				2327	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
				2328	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
Ben Lindstrom	23e0f66	2002-06-21 01:09:47 +0000	[diff] [blame]	2329	}
Damien Miller	d5f62bf	2010-09-24 22:11:14 +1000	[diff] [blame]	2330	if (options.kex_algorithms != NULL)
				2331	myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
Damien Miller	f0b15df	2006-03-26 13:59:20 +1100	[diff] [blame]	2332
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2333	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
				2334
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	2335	/* start key exchange */
Ben Lindstrom	238abf6	2001-04-04 17:52:53 +0000	[diff] [blame]	2336	kex = kex_setup(myproposal);
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	2337	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
Damien Miller	f675fc4	2004-06-15 10:30:09 +1000	[diff] [blame]	2338	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	2339	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
Damien Miller	a63128d	2006-03-15 12:08:28 +1100	[diff] [blame]	2340	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2341	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	2342	kex->server = 1;
				2343	kex->client_version_string=client_version_string;
				2344	kex->server_version_string=server_version_string;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2345	kex->load_host_public_key=&get_hostkey_public_by_type;
				2346	kex->load_host_private_key=&get_hostkey_private_by_type;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2347	kex->host_key_index=&get_hostkey_index;
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2348
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	2349	xxx_kex = kex;
				2350
Ben Lindstrom	be2cc43	2001-04-04 23:46:07 +0000	[diff] [blame]	2351	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2352
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	2353	session_id2 = kex->session_id;
				2354	session_id2_len = kex->session_id_len;
				2355
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2356	#ifdef DEBUG_KEXDH
				2357	/* send 1st encrypted/maced/compressed message */
				2358	packet_start(SSH2_MSG_IGNORE);
				2359	packet_put_cstring("markus");
				2360	packet_send();
				2361	packet_write_wait();
				2362	#endif
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	2363	debug("KEX done");
Damien Miller	efb4afe	2000-04-12 18:45:05 +1000	[diff] [blame]	2364	}
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2365
				2366	/* server specific fatal cleanup */
				2367	void
				2368	cleanup_exit(int i)
				2369	{
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	2370	if (the_authctxt) {
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2371	do_cleanup(the_authctxt);
Darren Tucker	af1a60e	2011-10-02 18:59:59 +1100	[diff] [blame]	2372	if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	2373	debug("Killing privsep child %d", pmonitor->m_pid);
				2374	if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
Darren Tucker	2e13560	2011-10-02 19:10:13 +1100	[diff] [blame]	2375	errno != ESRCH)
Damien Miller	9ee2c60	2011-09-22 21:38:30 +1000	[diff] [blame]	2376	error("%s: kill(%d): %s", __func__,
				2377	pmonitor->m_pid, strerror(errno));
				2378	}
				2379	}
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	2380	#ifdef SSH_AUDIT_EVENTS
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	2381	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
				2382	if (!use_privsep \|\| mm_is_monitor())
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	2383	audit_event(SSH_CONNECTION_ABANDON);
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	2384	#endif
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	2385	_exit(i);
				2386	}