#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/wait.h>
#include <sys/tree.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/queue.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <paths.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include <limits.h>
#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
#include "sshpty.h"
#include "packet.h"
#include "log.h"
#include "sshbuf.h"
#include "misc.h"
#include "match.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "cipher.h"
#include "digest.h"
#include "sshkey.h"
#include "kex.h"
#include "authfile.h"
#include "pathnames.h"
#include "atomicio.h"
#include "canohost.h"
#include "hostfile.h"
#include "auth.h"
#include "authfd.h"
#include "msg.h"
#include "dispatch.h"
#include "channels.h"
#include "session.h"
#include "monitor.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "auth-options.h"
#include "version.h"
#include "ssherr.h"
#include "sk-api.h"
#include "srclimit.h"
#include "dh.h"
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 2)
#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 3)
#define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1)
#define PRIVSEP_LOG_FD (STDERR_FILENO + 2)
#define PRIVSEP_MIN_FREE_FD (STDERR_FILENO + 3)
extern char *__progname;
ServerOptions options;
char *config_file_name = _PATH_SERVER_CONFIG_FILE;
int debug_flag = 0;
static int inetd_flag = 0;
static int log_stderr = 0;
static char **saved_argv;
int auth_sock = -1;
static int have_agent = 0;
struct {
u_int num_hostkeys;
struct sshkey **host_keys;
struct sshkey **host_pubkeys;
struct sshkey **host_certificates;
} sensitive_data;
u_int utmp_len = HOST_NAME_MAX+1;
static int startup_pipe = -1;
struct monitor *pmonitor = NULL;
int privsep_is_preauth = 1;
Authctxt *the_authctxt = NULL;
struct ssh *the_active_state;
struct sshauthopt *auth_opts = NULL;
struct sshbuf *cfg;
struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);
struct sshbuf *loginmsg;
void destroy_sensitive_data(void);
void demote_sensitive_data(void);
int
mm_is_monitor(void)
{
return (pmonitor && pmonitor->m_pid > 0);
}
static void
grace_alarm_handler(int sig)
{
if (getpgid(0) == getpid()) {
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
sigfillset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
(void)sigaction(SIGTERM, &sa, NULL);
kill(0, SIGTERM);
}
_exit(EXIT_LOGIN_GRACE);
}
void
destroy_sensitive_data(void)
{
u_int i;
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
sshkey_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL;
}
if (sensitive_data.host_certificates[i]) {
sshkey_free(sensitive_data.host_certificates[i]);
sensitive_data.host_certificates[i] = NULL;
}
}
}
void
demote_sensitive_data(void)
{
struct sshkey *tmp;
u_int i;
int r;
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
if ((r = sshkey_from_private(
sensitive_data.host_keys[i], &tmp)) != 0)
fatal_r(r, "could not demote host %s key",
sshkey_type(sensitive_data.host_keys[i]));
sshkey_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = tmp;
}
}
}
struct sshbuf *
pack_hostkeys(void)
{
struct sshbuf *keybuf = NULL, *hostkeys = NULL;
int r;
u_int i;
if ((hostkeys = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_pubkeys[i] != NULL) {
if ((r = sshkey_puts(sensitive_data.host_pubkeys[i],
hostkeys)) != 0)
fatal_fr(r, "compose hostkey public");
} else {
if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0)
fatal_fr(r, "compose hostkey empty public");
}
if (sensitive_data.host_certificates[i] != NULL) {
if ((r = sshkey_puts(
sensitive_data.host_certificates[i],
hostkeys)) != 0)
fatal_fr(r, "compose host cert");
} else {
if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0)
fatal_fr(r, "compose host cert empty");
}
}
sshbuf_free(keybuf);
return hostkeys;
}
static int
privsep_preauth(struct ssh *ssh)
{
int r;
pid_t pid;
pmonitor = monitor_init();
pmonitor->m_pkex = &ssh->kex;
if ((pid = fork()) == -1)
fatal("fork of unprivileged child failed");
else if (pid != 0) {
debug2("Network child is on pid %ld", (long)pid);
pmonitor->m_pid = pid;
if (have_agent) {
r = ssh_get_authentication_socket(&auth_sock);
if (r != 0) {
error_r(r, "Could not get agent socket");
have_agent = 0;
}
}
monitor_child_preauth(ssh, pmonitor);
privsep_is_preauth = 0;
return 1;
} else {
close(pmonitor->m_sendfd);
close(pmonitor->m_log_recvfd);
if (ssh_packet_get_connection_in(ssh) != STDIN_FILENO &&
dup2(ssh_packet_get_connection_in(ssh), STDIN_FILENO) == -1)
fatal("dup2 stdin failed: %s", strerror(errno));
if (ssh_packet_get_connection_out(ssh) != STDOUT_FILENO &&
dup2(ssh_packet_get_connection_out(ssh),
STDOUT_FILENO) == -1)
fatal("dup2 stdout failed: %s", strerror(errno));
log_redirect_stderr_to(NULL);
if (pmonitor->m_recvfd != PRIVSEP_MONITOR_FD &&
dup2(pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) == -1)
fatal("dup2 monitor fd: %s", strerror(errno));
if (pmonitor->m_log_sendfd != PRIVSEP_LOG_FD &&
dup2(pmonitor->m_log_sendfd, PRIVSEP_LOG_FD) == -1)
fatal("dup2 log fd: %s", strerror(errno));
closefrom(PRIVSEP_MIN_FREE_FD);
saved_argv[0] = options.sshd_auth_path;
execv(options.sshd_auth_path, saved_argv);
fatal_f("exec of %s failed: %s",
options.sshd_auth_path, strerror(errno));
}
}
static void
privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
{
monitor_reinit(pmonitor);
pmonitor->m_pid = fork();
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
sshbuf_reset(loginmsg);
monitor_clear_keystate(ssh, pmonitor);
monitor_child_postauth(ssh, pmonitor);
exit(0);
}
close(pmonitor->m_sendfd);
pmonitor->m_sendfd = -1;
demote_sensitive_data();
do_setusercontext(authctxt->pw);
monitor_apply_keystate(ssh, pmonitor);
ssh_packet_set_authenticated(ssh);
}
static struct sshkey *
get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
{
u_int i;
struct sshkey *key;
for (i = 0; i < options.num_host_key_files; i++) {
switch (type) {
case KEY_RSA_CERT:
case KEY_ECDSA_CERT:
case KEY_ED25519_CERT:
case KEY_ECDSA_SK_CERT:
case KEY_ED25519_SK_CERT:
key = sensitive_data.host_certificates[i];
break;
default:
key = sensitive_data.host_keys[i];
if (key == NULL && !need_private)
key = sensitive_data.host_pubkeys[i];
break;
}
if (key == NULL || key->type != type)
continue;
switch (type) {
case KEY_ECDSA:
case KEY_ECDSA_SK:
case KEY_ECDSA_CERT:
case KEY_ECDSA_SK_CERT:
if (key->ecdsa_nid != nid)
continue;
default:
return need_private ?
sensitive_data.host_keys[i] : key;
}
}
return NULL;
}
struct sshkey *
get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)
{
return get_hostkey_by_type(type, nid, 0, ssh);
}
struct sshkey *
get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)
{
return get_hostkey_by_type(type, nid, 1, ssh);
}
struct sshkey *
get_hostkey_by_index(int ind)
{
if (ind < 0 || (u_int)ind >= options.num_host_key_files)
return (NULL);
return (sensitive_data.host_keys[ind]);
}
struct sshkey *
get_hostkey_public_by_index(int ind, struct ssh *ssh)
{
if (ind < 0 || (u_int)ind >= options.num_host_key_files)
return (NULL);
return (sensitive_data.host_pubkeys[ind]);
}
int
get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh)
{
u_int i;
for (i = 0; i < options.num_host_key_files; i++) {
if (sshkey_is_cert(key)) {
if (key == sensitive_data.host_certificates[i] ||
(compare && sensitive_data.host_certificates[i] &&
sshkey_equal(key,
sensitive_data.host_certificates[i])))
return (i);
} else {
if (key == sensitive_data.host_keys[i] ||
(compare && sensitive_data.host_keys[i] &&
sshkey_equal(key, sensitive_data.host_keys[i])))
return (i);
if (key == sensitive_data.host_pubkeys[i] ||
(compare && sensitive_data.host_pubkeys[i] &&
sshkey_equal(key, sensitive_data.host_pubkeys[i])))
return (i);
}
}
return (-1);
}
static void
notify_hostkeys(struct ssh *ssh)
{
struct sshbuf *buf;
struct sshkey *key;
u_int i, nkeys;
int r;
char *fp;
if (ssh->compat & SSH_BUG_HOSTKEYS)
return;
if ((buf = sshbuf_new()) == NULL)
fatal_f("sshbuf_new");
for (i = nkeys = 0; i < options.num_host_key_files; i++) {
key = get_hostkey_public_by_index(i, ssh);
if (key == NULL || key->type == KEY_UNSPEC ||
sshkey_is_cert(key))
continue;
fp = sshkey_fingerprint(key, options.fingerprint_hash,
SSH_FP_DEFAULT);
debug3_f("key %d: %s %s", i, sshkey_ssh_name(key), fp);
free(fp);
if (nkeys == 0) {
if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
(r = sshpkt_put_cstring(ssh, "hostkeys-00@openssh.com")) != 0 ||
(r = sshpkt_put_u8(ssh, 0)) != 0)
sshpkt_fatal(ssh, r, "%s: start request", __func__);
}
sshbuf_reset(buf);
if ((r = sshkey_putb(key, buf)) != 0)
fatal_fr(r, "couldn't put hostkey %d", i);
if ((r = sshpkt_put_stringb(ssh, buf)) != 0)
sshpkt_fatal(ssh, r, "%s: append key", __func__);
nkeys++;
}
debug3_f("sent %u hostkeys", nkeys);
if (nkeys == 0)
fatal_f("no hostkeys");
if ((r = sshpkt_send(ssh)) != 0)
sshpkt_fatal(ssh, r, "%s: send", __func__);
sshbuf_free(buf);
}
static void
usage(void)
{
fprintf(stderr, "%s, %s\n", SSH_VERSION, SSH_OPENSSL_VERSION);
fprintf(stderr,
"usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]\n"
" [-E log_file] [-f config_file] [-g login_grace_time]\n"
" [-h host_key_file] [-o option] [-p port] [-u len]\n"
);
exit(1);
}
static void
parse_hostkeys(struct sshbuf *hostkeys)
{
int r;
u_int num_keys = 0;
struct sshkey *k;
struct sshbuf *kbuf;
const u_char *cp;
size_t len;
while (sshbuf_len(hostkeys) != 0) {
if (num_keys > 2048)
fatal_f("too many hostkeys");
sensitive_data.host_keys = xrecallocarray(
sensitive_data.host_keys, num_keys, num_keys + 1,
sizeof(*sensitive_data.host_pubkeys));
sensitive_data.host_pubkeys = xrecallocarray(
sensitive_data.host_pubkeys, num_keys, num_keys + 1,
sizeof(*sensitive_data.host_pubkeys));
sensitive_data.host_certificates = xrecallocarray(
sensitive_data.host_certificates, num_keys, num_keys + 1,
sizeof(*sensitive_data.host_certificates));
k = NULL;
if ((r = sshbuf_froms(hostkeys, &kbuf)) != 0)
fatal_fr(r, "extract privkey");
if (sshbuf_len(kbuf) != 0 &&
(r = sshkey_private_deserialize(kbuf, &k)) != 0)
fatal_fr(r, "parse pubkey");
sensitive_data.host_keys[num_keys] = k;
sshbuf_free(kbuf);
if (k)
debug2_f("privkey %u: %s", num_keys, sshkey_ssh_name(k));
k = NULL;
if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0)
fatal_fr(r, "extract pubkey");
if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0)
fatal_fr(r, "parse pubkey");
sensitive_data.host_pubkeys[num_keys] = k;
if (k)
debug2_f("pubkey %u: %s", num_keys, sshkey_ssh_name(k));
k = NULL;
if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0)
fatal_fr(r, "extract pubkey");
if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0)
fatal_fr(r, "parse pubkey");
sensitive_data.host_certificates[num_keys] = k;
if (k)
debug2_f("cert %u: %s", num_keys, sshkey_ssh_name(k));
num_keys++;
}
sensitive_data.num_hostkeys = num_keys;
}
static void
recv_rexec_state(int fd, struct sshbuf *conf, uint64_t *timing_secretp)
{
struct sshbuf *m, *inc, *hostkeys;
u_char *cp, ver;
size_t len;
int r;
struct include_item *item;
debug3_f("entering fd = %d", fd);
if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
if (ssh_msg_recv(fd, m) == -1)
fatal_f("ssh_msg_recv failed");
if ((r = sshbuf_get_u8(m, &ver)) != 0)
fatal_fr(r, "parse version");
if (ver != 0)
fatal_f("rexec version mismatch");
if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
(r = sshbuf_get_u64(m, timing_secretp)) != 0 ||
(r = sshbuf_get_stringb(m, inc)) != 0)
fatal_fr(r, "parse config");
if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
fatal_fr(r, "sshbuf_put");
while (sshbuf_len(inc) != 0) {
item = xcalloc(1, sizeof(*item));
if ((item->contents = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
(r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
(r = sshbuf_get_stringb(inc, item->contents)) != 0)
fatal_fr(r, "parse includes");
TAILQ_INSERT_TAIL(&includes, item, entry);
}
sshbuf_reset(m);
if (ssh_msg_recv(fd, m) == -1)
fatal_f("ssh_msg_recv failed");
if ((r = sshbuf_get_u8(m, NULL)) != 0 ||
(r = sshbuf_froms(m, &hostkeys)) != 0)
fatal_fr(r, "parse config");
parse_hostkeys(hostkeys);
free(cp);
sshbuf_free(m);
sshbuf_free(hostkeys);
sshbuf_free(inc);
debug3_f("done");
}
static void
check_ip_options(struct ssh *ssh)
{
int sock_in = ssh_packet_get_connection_in(ssh);
struct sockaddr_storage from;
u_char opts[200];
socklen_t i, option_size = sizeof(opts), fromlen = sizeof(from);
char text[sizeof(opts) * 3 + 1];
memset(&from, 0, sizeof(from));
if (getpeername(sock_in, (struct sockaddr *)&from,
&fromlen) == -1)
return;
if (from.ss_family != AF_INET)
return;
if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
&option_size) >= 0 && option_size != 0) {
text[0] = '\0';
for (i = 0; i < option_size; i++)
snprintf(text + i*3, sizeof(text) - i*3,
" %2.2x", opts[i]);
fatal("Connection from %.100s port %d with IP opts: %.800s",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
}
}
static void
set_process_rdomain(struct ssh *ssh, const char *name)
{
int rtable, ortable = getrtable();
const char *errstr;
if (name == NULL)
return;
if (strcmp(name, "%D") == 0) {
if ((name = ssh_packet_rdomain_in(ssh)) == NULL)
return;
}
rtable = (int)strtonum(name, 0, 255, &errstr);
if (errstr != NULL)
fatal("Invalid routing domain \"%s\": %s", name, errstr);
if (rtable != ortable && setrtable(rtable) != 0)
fatal("Unable to set routing domain %d: %s",
rtable, strerror(errno));
debug_f("set routing domain %d (was %d)", rtable, ortable);
}
int
main(int ac, char **av)
{
struct ssh *ssh = NULL;
extern char *optarg;
extern int optind;
int devnull, r, opt, on = 1, remote_port;
int sock_in = -1, sock_out = -1, rexeced_flag = 0, have_key = 0;
const char *remote_ip, *rdomain;
char *line, *laddr, *logfile = NULL;
u_int i;
uint64_t ibytes, obytes;
mode_t new_umask;
Authctxt *authctxt;
struct connection_info *connection_info = NULL;
sigset_t sigmask;
uint64_t timing_secret = 0;
struct itimerval itv;
sigemptyset(&sigmask);
sigprocmask(SIG_SETMASK, &sigmask, NULL);
saved_argv = av;
sanitise_stdfd();
initialize_server_options(&options);
while ((opt = getopt(ac, av,
"C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
switch (opt) {
case '4':
options.address_family = AF_INET;
break;
case '6':
options.address_family = AF_INET6;
break;
case 'f':
config_file_name = optarg;
break;
case 'c':
servconf_add_hostcert("[command-line]", 0,
&options, optarg);
break;
case 'd':
if (debug_flag == 0) {
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG1;
} else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
options.log_level++;
break;
case 'D':
break;
case 'E':
logfile = optarg;
case 'e':
log_stderr = 1;
break;
case 'i':
inetd_flag = 1;
break;
case 'r':
break;
case 'R':
rexeced_flag = 1;
break;
case 'Q':
break;
case 'q':
options.log_level = SYSLOG_LEVEL_QUIET;
break;
case 'b':
break;
case 'p':
options.ports_from_cmdline = 1;
if (options.num_ports >= MAX_PORTS) {
fprintf(stderr, "too many ports.\n");
exit(1);
}
options.ports[options.num_ports++] = a2port(optarg);
if (options.ports[options.num_ports-1] <= 0) {
fprintf(stderr, "Bad port number.\n");
exit(1);
}
break;
case 'g':
if ((options.login_grace_time = convtime(optarg)) == -1) {
fprintf(stderr, "Invalid login grace time.\n");
exit(1);
}
break;
case 'k':
break;
case 'h':
servconf_add_hostkey("[command-line]", 0,
&options, optarg, 1);
break;
case 't':
case 'T':
case 'G':
fatal("test/dump modes not supported");
break;
case 'C':
connection_info = server_get_connection_info(ssh, 0, 0);
if (parse_server_match_testspec(connection_info,
optarg) == -1)
exit(1);
break;
case 'u':
utmp_len = (u_int)strtonum(optarg, 0, HOST_NAME_MAX+1+1, NULL);
if (utmp_len > HOST_NAME_MAX+1) {
fprintf(stderr, "Invalid utmp length.\n");
exit(1);
}
break;
case 'o':
line = xstrdup(optarg);
if (process_server_config_line(&options, line,
"command-line", 0, NULL, NULL, &includes) != 0)
exit(1);
free(line);
break;
case 'V':
fprintf(stderr, "%s, %s\n",
SSH_VERSION, SSH_OPENSSL_VERSION);
exit(0);
default:
usage();
break;
}
}
if (optind < ac) {
fprintf(stderr, "Extra argument %s.\n", av[optind]);
exit(1);
}
if (!rexeced_flag)
fatal("sshd-session should not be executed directly");
closefrom(REEXEC_MIN_FREE_FD);
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
while (devnull < PRIVSEP_MIN_FREE_FD) {
if ((devnull = dup(devnull)) == -1)
fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
}
if (logfile != NULL) {
char *cp, pid_s[32];
snprintf(pid_s, sizeof(pid_s), "%ld", (unsigned long)getpid());
cp = percent_expand(logfile,
"p", pid_s,
"P", "sshd-session",
(char *)NULL);
log_redirect_stderr_to(cp);
free(cp);
}
log_init(__progname,
options.log_level == SYSLOG_LEVEL_NOT_SET ?
SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == SYSLOG_FACILITY_NOT_SET ?
SYSLOG_FACILITY_AUTH : options.log_facility,
log_stderr || !inetd_flag || debug_flag);
if ((cfg = sshbuf_new()) == NULL)
fatal("sshbuf_new config buf failed");
setproctitle("%s", "[rexeced]");
recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);
parse_server_config(&options, "rexec", cfg, &includes, NULL, 1);
fill_default_server_options(&options);
options.timing_secret = timing_secret;
log_init(__progname, options.log_level, options.log_facility,
log_stderr || !inetd_flag || debug_flag);
debug("sshd-session version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
if (!debug_flag && !inetd_flag) {
if ((startup_pipe = dup(REEXEC_CONFIG_PASS_FD)) == -1)
fatal("internal error: no startup pipe");
(void)atomicio(vwrite, startup_pipe, "\0", 1);
}
if (dup2(devnull, REEXEC_CONFIG_PASS_FD) == -1)
fatal("dup2 devnull->config fd: %s", strerror(errno));
if (options.authorized_keys_command_user == NULL &&
(options.authorized_keys_command != NULL &&
strcasecmp(options.authorized_keys_command, "none") != 0))
fatal("AuthorizedKeysCommand set without "
"AuthorizedKeysCommandUser");
if (options.authorized_principals_command_user == NULL &&
(options.authorized_principals_command != NULL &&
strcasecmp(options.authorized_principals_command, "none") != 0))
fatal("AuthorizedPrincipalsCommand set without "
"AuthorizedPrincipalsCommandUser");
if (options.num_auth_methods != 0) {
for (i = 0; i < options.num_auth_methods; i++) {
if (auth2_methods_valid(options.auth_methods[i],
1) == 0)
break;
}
if (i >= options.num_auth_methods)
fatal("AuthenticationMethods cannot be satisfied by "
"enabled authentication methods");
}
#ifdef WITH_OPENSSL
if (options.moduli_file != NULL)
dh_set_moduli_file(options.moduli_file);
#endif
if (options.host_key_agent) {
if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
setenv(SSH_AUTHSOCKET_ENV_NAME,
options.host_key_agent, 1);
if ((r = ssh_get_authentication_socket(NULL)) == 0)
have_agent = 1;
else
error_r(r, "Could not connect to agent \"%s\"",
options.host_key_agent);
}
if (options.num_host_key_files != sensitive_data.num_hostkeys) {
fatal("internal error: hostkeys confused (config %u recvd %u)",
options.num_host_key_files, sensitive_data.num_hostkeys);
}
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i] != NULL ||
(have_agent && sensitive_data.host_pubkeys[i] != NULL)) {
have_key = 1;
break;
}
}
if (!have_key)
fatal("internal error: monitor received no hostkeys");
new_umask = umask(0077) | 0022;
(void) umask(new_umask);
if (debug_flag)
log_stderr = 1;
log_init(__progname, options.log_level,
options.log_facility, log_stderr);
for (i = 0; i < options.num_log_verbose; i++)
log_verbose_add(options.log_verbose[i]);
log_init(__progname, options.log_level, options.log_facility, log_stderr);
if (chdir("/") == -1)
error("chdir(\"/\"): %s", strerror(errno));
ssh_signal(SIGPIPE, SIG_IGN);
if (inetd_flag) {
sock_in = dup(STDIN_FILENO);
sock_out = dup(STDOUT_FILENO);
} else {
sock_in = sock_out = dup(STDIN_FILENO);
}
if (stdfd_devnull(1, 1, !log_stderr) == -1)
error("stdfd_devnull failed");
debug("network sockets: %d, %d", sock_in, sock_out);
setproctitle("%s", "[accepted]");
FD_CLOSEONEXEC(sock_out);
FD_CLOSEONEXEC(sock_in);
ssh_signal(SIGALRM, SIG_DFL);
ssh_signal(SIGHUP, SIG_DFL);
ssh_signal(SIGTERM, SIG_DFL);
ssh_signal(SIGQUIT, SIG_DFL);
ssh_signal(SIGCHLD, SIG_DFL);
if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)
fatal("Unable to create connection");
the_active_state = ssh;
ssh_packet_set_server(ssh);
ssh_packet_set_qos(ssh, options.ip_qos_interactive,
options.ip_qos_bulk);
check_ip_options(ssh);
channel_init_channels(ssh);
channel_set_af(ssh, options.address_family);
server_process_channel_timeouts(ssh);
server_process_permitopen(ssh);
if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) &&
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) == -1)
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
if ((remote_port = ssh_remote_port(ssh)) < 0) {
debug("ssh_remote_port failed");
cleanup_exit(255);
}
remote_ip = ssh_remote_ipaddr(ssh);
rdomain = ssh_packet_rdomain_in(ssh);
laddr = get_local_ipaddr(sock_in);
verbose("Connection from %s port %d on %s port %d%s%s%s",
remote_ip, remote_port, laddr, ssh_local_port(ssh),
rdomain == NULL ? "" : " rdomain \"",
rdomain == NULL ? "" : rdomain,
rdomain == NULL ? "" : "\"");
free(laddr);
ssh_signal(SIGALRM, grace_alarm_handler);
if (!debug_flag && options.login_grace_time > 0) {
int ujitter = arc4random_uniform(4 * 1000000);
timerclear(&itv.it_interval);
itv.it_value.tv_sec = options.login_grace_time;
itv.it_value.tv_sec += ujitter / 1000000;
itv.it_value.tv_usec = ujitter % 1000000;
if (setitimer(ITIMER_REAL, &itv, NULL) == -1)
fatal("login grace time setitimer failed");
}
ssh_packet_set_nonblocking(ssh);
authctxt = xcalloc(1, sizeof(*authctxt));
ssh->authctxt = authctxt;
the_authctxt = authctxt;
if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL)
fatal("allocation failed");
if ((loginmsg = sshbuf_new()) == NULL)
fatal("sshbuf_new loginmsg failed");
auth_debug_reset();
if (privsep_preauth(ssh) != 1)
fatal("privsep_preauth failed");
timerclear(&itv.it_interval);
timerclear(&itv.it_value);
if (setitimer(ITIMER_REAL, &itv, NULL) == -1)
fatal("login grace time clear failed");
ssh_signal(SIGALRM, SIG_DFL);
authctxt->authenticated = 1;
if (startup_pipe != -1) {
(void)atomicio(vwrite, startup_pipe, "\001", 1);
close(startup_pipe);
startup_pipe = -1;
}
if (options.routing_domain != NULL)
set_process_rdomain(ssh, options.routing_domain);
privsep_postauth(ssh, authctxt);
ssh_packet_set_timeout(ssh, options.client_alive_interval,
options.client_alive_count_max);
notify_hostkeys(ssh);
do_authenticated(ssh, authctxt);
ssh_packet_get_bytes(ssh, &ibytes, &obytes);
verbose("Transferred: sent %llu, received %llu bytes",
(unsigned long long)obytes, (unsigned long long)ibytes);
verbose("Closing connection to %.500s port %d", remote_ip, remote_port);
ssh_packet_close(ssh);
mm_terminate();
exit(0);
}
int
sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
struct sshkey *pubkey, u_char **signature, size_t *slenp,
const u_char *data, size_t dlen, const char *alg)
{
if (privkey) {
if (mm_sshkey_sign(ssh, privkey, signature, slenp,
data, dlen, alg, options.sk_provider, NULL,
ssh->compat) < 0)
fatal_f("privkey sign failed");
} else {
if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
data, dlen, alg, options.sk_provider, NULL,
ssh->compat) < 0)
fatal_f("pubkey sign failed");
}
return 0;
}
void
cleanup_exit(int i)
{
if (the_active_state != NULL && the_authctxt != NULL) {
do_cleanup(the_active_state, the_authctxt);
if (privsep_is_preauth &&
pmonitor != NULL && pmonitor->m_pid > 1) {
debug("Killing privsep child %d", pmonitor->m_pid);
if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
errno != ESRCH) {
error_f("kill(%d): %s", pmonitor->m_pid,
strerror(errno));
}
}
}
if (i == 255 && monitor_auth_attempted())
_exit(EXIT_AUTH_ATTEMPTED);
if (i == 255 && monitor_invalid_user())
_exit(EXIT_INVALID_USER);
_exit(i);
}
