tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Stupid djm commits experimental code to head instead of branch 

revert
This commit is contained in:
Damien Miller 2002-03-13 13:19:42 +11:00
parent 3225fb454d
commit 3a5b023330
20 changed files with 109 additions and 561 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.198 2002/03/13 01:47:54 djm Exp $
# $Id: Makefile.in,v 1.199 2002/03/13 02:19:42 djm Exp $
prefix=@prefix@
exec_prefix=@exec_prefix@
@ -50,11 +50,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o monitor_fdpass.c monitor_wrap.c mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o monitor.c monitor_mm.c sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1

4
auth.h
View File

@ -121,8 +121,8 @@ void krb5_cleanup_proc(void *authctxt);
#include "auth-pam.h"
#include "auth2-pam.h"
Authctxt *do_authentication(void);
Authctxt *do_authentication2(void);
void do_authentication(void);
void do_authentication2(void);
Authctxt *authctxt_new(void);
void auth_log(Authctxt *, int, char *, char *);

30
auth1.c
View File

@ -26,13 +26,8 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $");
#include "session.h"
#include "misc.h"
#include "uidswap.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* import */
extern int use_privsep;
extern int mm_recvfd;
extern ServerOptions options;
/*
@ -360,13 +355,12 @@ do_authloop(Authctxt *authctxt)
* Performs authentication of an incoming connection. Session key has already
* been exchanged and encryption is enabled.
*/
Authctxt *
void
do_authentication(void)
{
Authctxt *authctxt;
struct passwd *pw = NULL, *pwent;
struct passwd *pw;
u_int ulen;
int allowed;
char *p, *user, *style = NULL;
/* Get the name of the user that we wish to log in as. */
@ -388,26 +382,17 @@ do_authentication(void)
authctxt->style = style;
/* Verify that the user is a valid user. */
if (!use_privsep) {
pwent = getpwnam(user);
allowed = pwent ? allowed_user(pwent) : 0;
} else
pwent = mm_getpwnamallow(mm_recvfd, user, &allowed);
if (pwent && allowed) {
pw = getpwnam(user);
if (pw && allowed_user(pw)) {
authctxt->valid = 1;
pw = pwcopy(pwent);
pw = pwcopy(pw);
} else {
debug("do_authentication: illegal user %s", user);
pw = NULL;
}
/* Free memory */
if (use_privsep)
pwfree(pwent);
authctxt->pw = pw;
setproctitle("%s%s", use_privsep ? " [net]" : "",
pw ? user : "unknown");
setproctitle("%s", pw ? user : "unknown");
#ifdef USE_PAM
start_pam(pw == NULL ? "NOUSER" : user);
@ -433,5 +418,6 @@ do_authentication(void)
packet_send();
packet_write_wait();
return (authctxt);
/* Perform session preparation. */
do_authenticated(authctxt);
}

119
auth2.c
View File

@ -51,13 +51,8 @@ RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
#include "hostfile.h"
#include "canohost.h"
#include "match.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* import */
extern int use_privsep;
extern int mm_recvfd;
extern ServerOptions options;
extern u_char *session_id2;
extern int session_id2_len;
@ -80,8 +75,8 @@ static void input_userauth_request(int, u_int32_t, void *);
/* helper */
static Authmethod *authmethod_lookup(const char *);
static char *authmethods_get(void);
int user_key_allowed(struct passwd *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
static int user_key_allowed(struct passwd *, Key *);
static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
/* auth */
static void userauth_banner(void);
@ -114,7 +109,7 @@ Authmethod authmethods[] = {
* loop until authctxt->success == TRUE
*/
Authctxt *
void
do_authentication2(void)
{
Authctxt *authctxt = authctxt_new();
@ -130,8 +125,7 @@ do_authentication2(void)
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
return(authctxt);
do_authenticated(authctxt);
}
static void
@ -188,15 +182,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
*style++ = 0;
if (authctxt->attempt++ == 0) {
/* setup auth context */
int allowed;
/* setup auth context */
struct passwd *pw = NULL;
if (!use_privsep) {
pw = getpwnam(user);
allowed = pw ? allowed_user(pw) : 0;
} else
pw = mm_getpwnamallow(mm_recvfd, user, &allowed);
if (pw && allowed && strcmp(service, "ssh-connection")==0) {
pw = getpwnam(user);
if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
authctxt->pw = pwcopy(pw);
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
@ -209,18 +198,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
start_pam("NOUSER");
#endif
}
/* Free memory */
if (use_privsep)
pwfree(pw);
setproctitle("%s%s", use_privsep ? " [net]" : "",
pw ? user : "unknown");
setproctitle("%s", pw ? user : "unknown");
authctxt->user = xstrdup(user);
authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL;
if (use_privsep)
mm_inform_authserv(mm_recvfd, service, style);
} else if (strcmp(user, authctxt->user) != 0 ||
strcmp(service, authctxt->service) != 0) {
packet_disconnect("Change of username or service not allowed: "
@ -332,8 +313,6 @@ done:
static int
userauth_none(Authctxt *authctxt)
{
int res = 0;
/* disable method "none", only allowed one time */
Authmethod *m = authmethod_lookup("none");
if (m != NULL)
@ -343,16 +322,18 @@ userauth_none(Authctxt *authctxt)
if (authctxt->valid == 0)
return(0);
if (!authctxt->valid)
return (0);
if (use_privsep)
#if defined(USE_PAM) || defined(HAVE_OSF_SIA)
#error NOT IMPLEMENTED FOR PRIVSEP
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
res = mm_auth_password(mm_recvfd, "");
else
res = auth_password(authctxt, "");
return (res);
#ifdef USE_PAM
return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
return 0;
#else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(authctxt, "");
#endif /* USE_PAM */
}
static int
@ -367,16 +348,18 @@ userauth_passwd(Authctxt *authctxt)
log("password change not supported");
password = packet_get_string(&len);
packet_check_eom();
#if defined(HAVE_CYGWIN) || defined(USE_PAM) || defined(HAVE_OSF_SIA)
#error NOT IMPLEMENTED FOR PRIVSEP
if (authctxt->valid &&
#ifdef HAVE_CYGWIN
check_nt_auth(1, authctxt->pw) &&
#endif
if (authctxt->valid) {
if (use_privsep)
authenticated = mm_auth_password(mm_recvfd, password);
else
authenticated = auth_password(authctxt, password);
}
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
#elif defined(HAVE_OSF_SIA)
auth_sia_password(authctxt->user, password) == 1)
#else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(authctxt, password) == 1)
#endif /* USE_PAM */
authenticated = 1;
memset(password, 0, len);
xfree(password);
return authenticated;
@ -484,23 +467,12 @@ userauth_pubkey(Authctxt *authctxt)
buffer_dump(&b);
#endif
/* test for correct signature */
authenticated = 0;
if (use_privsep) {
if (mm_user_key_allowed(mm_recvfd, key) &&
mm_key_verify(mm_recvfd,
MM_USERKEY, NULL, NULL, key, sig, slen,
buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
} else {
if (user_key_allowed(authctxt->pw, key) &&
key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b)) == 1)
authenticated = 1;
}
if (user_key_allowed(authctxt->pw, key) &&
key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
xfree(sig);
} else {
int res = 0;
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
@ -512,11 +484,7 @@ userauth_pubkey(Authctxt *authctxt)
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (use_privsep)
res = mm_user_key_allowed(mm_recvfd, key);
else
res = user_key_allowed(authctxt->pw, key);
if (res) {
if (user_key_allowed(authctxt->pw, key)) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
@ -604,18 +572,9 @@ userauth_hostbased(Authctxt *authctxt)
buffer_dump(&b);
#endif
/* test for allowed key and correct signature */
authenticated = 0;
if (use_privsep) {
if (mm_hostbased_key_allowed(mm_recvfd, cuser, chost, key) &&
mm_key_verify(mm_recvfd, MM_HOSTKEY, cuser, chost, key,
sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
} else {
if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b)) == 1)
authenticated = 1;
}
if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
done:
@ -771,7 +730,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
}
/* check whether given key is in .ssh/authorized_keys* */
int
static int
user_key_allowed(struct passwd *pw, Key *key)
{
int success;
@ -791,7 +750,7 @@ user_key_allowed(struct passwd *pw, Key *key)
}
/* return 1 if given hostkey is allowed */
int
static int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
Key *key)
{

2
bufaux.c
View File

@ -221,8 +221,6 @@ buffer_put_string(Buffer *buffer, const void *buf, u_int len)
void
buffer_put_cstring(Buffer *buffer, const char *s)
{
if (s == NULL)
fatal("buffer_put_cstring: s == NULL");
buffer_put_string(buffer, s, strlen(s));
}

40
cipher.c
View File

@ -541,43 +541,3 @@ evp_rijndael(void)
#endif
return (&rijndal_cbc);
}
/*
* Exports an IV from the CipherContext required to export the key
* state back from the unprivileged child to the privileged parent
* process.
*/
void
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
{
Cipher *c = cc->cipher;
u_char *civ = NULL;
int evplen;
switch (c->number) {
case SSH_CIPHER_SSH2:
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
if (evplen == 0)
return;
if (evplen != len)
fatal("%s: wrong iv length %d != %d", __FUNCTION__,
evplen, len);
if (strncmp(c->name, "aes", 3) == 0) {
struct ssh_rijndael_ctx *aesc;
aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
if (aesc == NULL)
fatal("ssh_rijndael_cbc: no context");
civ = aesc->r_iv;
} else {
civ = cc->evp.iv;
}
break;
default:
fatal("%s: bad cipher %d", __FUNCTION__, c->number);
}
memcpy(iv, civ, len);
}

2
cipher.h
View File

@ -81,6 +81,4 @@ void cipher_cleanup(CipherContext *);
void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
u_int cipher_blocksize(Cipher *);
u_int cipher_keylen(Cipher *);
void cipher_get_keyiv(CipherContext *, u_char *, u_int);
#endif /* CIPHER_H */

4
compress.c
View File

@ -19,8 +19,8 @@ RCSID("$OpenBSD: compress.c,v 1.17 2001/12/29 21:56:01 stevesk Exp $");
#include "zlib.h"
#include "compress.h"
z_stream incoming_stream;
z_stream outgoing_stream;
static z_stream incoming_stream;
static z_stream outgoing_stream;
static int compress_init_send_called = 0;
static int compress_init_recv_called = 0;

4
kex.c
View File

@ -43,10 +43,6 @@ RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $");
#define KEX_COOKIE_LEN 16
/* Use privilege separation for sshd */
int use_privsep;
int mm_recvfd;
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);

1
kex.h
View File

@ -111,7 +111,6 @@ struct Kex {
char *server_version_string;
int (*verify_host_key)(Key *);
Key *(*load_host_key)(int);
int (*host_key_index)(Key *);
};
Kex *kex_setup(char *[PROPOSAL_MAX]);

13
kexdh.c
View File

@ -37,12 +37,6 @@ RCSID("$OpenBSD: kexdh.c,v 1.17 2002/02/28 15:46:33 markus Exp $");
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* Imports */
extern int use_privsep;
extern int mm_recvfd;
static u_char *
kex_dh_hash(
@ -281,12 +275,7 @@ kexdh_server(Kex *kex)
/* sign H */
/* XXX hashlen depends on KEX */
if (use_privsep)
mm_key_sign(mm_recvfd,
kex->host_key_index(server_host_key),
&signature, &slen, hash, 20);
else
key_sign(server_host_key, &signature, &slen, hash, 20);
key_sign(server_host_key, &signature, &slen, hash, 20);
/* destroy_sensitive_data(); */

19
kexgex.c
View File

@ -38,12 +38,6 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $");
#include "dh.h"
#include "ssh2.h"
#include "compat.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* Imports */
extern int use_privsep;
extern int mm_recvfd;
static u_char *
kexgex_hash(
@ -302,11 +296,7 @@ kexgex_server(Kex *kex)
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
min, nbits, max);
/* Contact privileged parent */
if (use_privsep)
dh = mm_choose_dh(mm_recvfd, min, nbits, max);
else
dh = choose_dh(min, nbits, max);
dh = choose_dh(min, nbits, max);
if (dh == NULL)
packet_disconnect("Protocol error: no matching DH grp found");
@ -389,11 +379,7 @@ kexgex_server(Kex *kex)
/* sign H */
/* XXX hashlen depends on KEX */
if (use_privsep)
mm_key_sign(mm_recvfd, kex->host_key_index(server_host_key),
&signature, &slen, hash, 20);
else
key_sign(server_host_key, &signature, &slen, hash, 20);
key_sign(server_host_key, &signature, &slen, hash, 20);
/* destroy_sensitive_data(); */
@ -404,7 +390,6 @@ kexgex_server(Kex *kex)
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
/* have keys, free DH */

43
key.c
View File

@ -801,46 +801,3 @@ key_verify(
break;
}
}
/* Converts a private to a public key */
Key *
key_demote(Key *k)
{
Key *pk;
pk = xmalloc(sizeof(*pk));
pk->type = k->type;
pk->flags = k->flags;
pk->dsa = NULL;
pk->rsa = NULL;
switch (k->type) {
case KEY_RSA1:
case KEY_RSA:
if ((pk->rsa = RSA_new()) == NULL)
fatal("key_demote: RSA_new failed");
if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
fatal("key_demote: BN_dup failed");
break;
case KEY_DSA:
if ((pk->dsa = DSA_new()) == NULL)
fatal("key_demote: DSA_new failed");
if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
fatal("key_demote: BN_dup failed");
break;
default:
fatal("key_free: bad key type %d", k->type);
break;
}
return (pk);
}

1
key.h
View File

@ -58,7 +58,6 @@ struct Key {
Key *key_new(int);
Key *key_new_private(int);
void key_free(Key *);
Key *key_demote(Key *);
int key_equal(Key *, Key *);
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
char *key_type(Key *);

106
packet.c
View File

@ -115,8 +115,6 @@ static int interactive_mode = 0;
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
static u_int32_t read_seqnr = 0;
static u_int32_t send_seqnr = 0;
/* roundup current message to extra_pad bytes */
static u_char extra_pad = 0;
@ -173,87 +171,6 @@ packet_connection_is_on_socket(void)
return 1;
}
/*
* Exports an IV from the CipherContext required to export the key
* state back from the unprivileged child to the privileged parent
* process.
*/
void
packet_get_keyiv(int mode, u_char *iv, u_int len)
{
CipherContext *cc;
if (mode == MODE_OUT)
cc = &send_context;
else
cc = &receive_context;
cipher_get_keyiv(cc, iv, len);
}
int
packet_get_keycontext(int mode, u_char *dat)
{
int plen;
CipherContext *cc;
if (mode == MODE_OUT)
cc = &send_context;
else
cc = &receive_context;
#if OPENSSL_VERSION_NUMBER < 0x00907000L
plen = sizeof(cc->evp.c);
#else
plen = cc->evp.cipher->ctx_size;
#endif
if (dat == NULL)
return (plen);
#if OPENSSL_VERSION_NUMBER < 0x00907000L
memcpy(dat, &cc->evp.c, sizeof(cc->evp.c));
#else
memcpy(dat, &cc->evp.cipher_data, plen);
#endif
return (plen);
}
void
packet_set_keycontext(int mode, u_char *dat)
{
CipherContext *cc;
if (mode == MODE_OUT)
cc = &send_context;
else
cc = &receive_context;
#if OPENSSL_VERSION_NUMBER < 0x00907000L
memcpy(&cc->evp.c, dat, sizeof(cc->evp.c));
#else
memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size);
#endif
}
u_int32_t
packet_get_seqnr(int mode)
{
return (mode == MODE_IN ? read_seqnr : send_seqnr);
}
void
packet_set_seqnr(int mode, u_int32_t seqnr)
{
if (mode == MODE_IN)
read_seqnr = seqnr;
else if (mode == MODE_OUT)
send_seqnr = seqnr;
else
fatal("%s: bad mode %d", __FUNCTION__, mode);
}
/* returns 1 if connection is via ipv4 */
int
@ -516,7 +433,7 @@ packet_send1(void)
*/
}
void
static void
set_newkeys(int mode)
{
Enc *enc;
@ -560,9 +477,8 @@ set_newkeys(int mode)
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
enc->iv, enc->block_size, encrypt);
/* Deleting the keys does not gain extra security */
/* memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len); */
memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len);
if (comp->type != 0 && comp->enabled == 0) {
packet_init_compression();
if (mode == MODE_OUT)
@ -579,6 +495,7 @@ set_newkeys(int mode)
static void
packet_send2(void)
{
static u_int32_t seqnr = 0;
u_char type, *cp, *macbuf = NULL;
u_char padlen, pad;
u_int packet_length = 0;
@ -659,10 +576,10 @@ packet_send2(void)
/* compute MAC over seqnr and packet(length fields, payload, padding) */
if (mac && mac->enabled) {
macbuf = mac_compute(mac, send_seqnr,
macbuf = mac_compute(mac, seqnr,
buffer_ptr(&outgoing_packet),
buffer_len(&outgoing_packet));
DBG(debug("done calc MAC out #%d", send_seqnr));
DBG(debug("done calc MAC out #%d", seqnr));
}
/* encrypt packet and append to output buffer. */
cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
@ -676,7 +593,7 @@ packet_send2(void)
buffer_dump(&output);
#endif
/* increment sequence number for outgoing packets */
if (++send_seqnr == 0)
if (++seqnr == 0)
log("outgoing seqnr wraps around");
buffer_clear(&outgoing_packet);
@ -866,6 +783,7 @@ packet_read_poll1(void)
static int
packet_read_poll2(u_int32_t *seqnr_p)
{
static u_int32_t seqnr = 0;
static u_int packet_length = 0;
u_int padlen, need;
u_char *macbuf, *cp, type;
@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p)
* increment sequence number for incoming packet
*/
if (mac && mac->enabled) {
macbuf = mac_compute(mac, read_seqnr,
macbuf = mac_compute(mac, seqnr,
buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet));
if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
packet_disconnect("Corrupted MAC on input.");
DBG(debug("MAC #%d ok", read_seqnr));
DBG(debug("MAC #%d ok", seqnr));
buffer_consume(&input, mac->mac_len);
}
if (seqnr_p != NULL)
*seqnr_p = read_seqnr;
if (++read_seqnr == 0)
*seqnr_p = seqnr;
if (++seqnr == 0)
log("incoming seqnr wraps around");
/* get padlen */

7
packet.h
View File

@ -56,13 +56,6 @@ void *packet_get_string(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void set_newkeys(int mode);
void packet_get_keyiv(int, u_char *, u_int);
int packet_get_keycontext(int, u_char *);
void packet_set_keycontext(int, u_char *);
u_int32_t packet_get_seqnr(int);
void packet_set_seqnr(int, u_int32_t);
void packet_write_poll(void);
void packet_write_wait(void);
int packet_have_data_to_write(void);

15
servconf.c
View File

@ -36,8 +36,6 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short);
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
/* Use of privilege separation or not */
extern int use_privsep;
/* Initializes the server options to their default values. */
@ -112,9 +110,6 @@ initialize_server_options(ServerOptions *options)
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
/* Needs to be accessable in many places */
use_privsep = -1;
}
void
@ -240,10 +235,6 @@ fill_default_server_options(ServerOptions *options)
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;
}
/* Keyword tokens. */
@ -276,7 +267,6 @@ typedef enum {
sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sUsePrivilegeSeparation,
sDeprecated
} ServerOpCodes;
@ -352,7 +342,6 @@ static struct {
{ "clientalivecountmax", sClientAliveCountMax },
{ "authorizedkeysfile", sAuthorizedKeysFile },
{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
{ "useprivilegeseparation", sUsePrivilegeSeparation},
{ NULL, sBadOption }
};
@ -729,10 +718,6 @@ parse_flag:
intptr = &options->allow_tcp_forwarding;
goto parse_flag;
case sUsePrivilegeSeparation:
intptr = &use_privsep;
goto parse_flag;
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)

53
session.c
View File

@ -56,8 +56,6 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
#include "serverloop.h"
#include "canohost.h"
#include "session.h"
#include "monitor.h"
#include "monitor_wrap.h"
#ifdef HAVE_CYGWIN
#include <windows.h>
@ -65,15 +63,39 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
#define is_winnt (GetVersion() < 0x80000000)
#endif
/* Imports */
extern int use_privsep;
extern int mm_recvfd;
/* types */
#define TTYSZ 64
typedef struct Session Session;
struct Session {
int used;
int self;
struct passwd *pw;
Authctxt *authctxt;
pid_t pid;
/* tty */
char *term;
int ptyfd, ttyfd, ptymaster;
int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* X11 */
int display_number;
char *display;
int screen;
char *auth_display;
char *auth_proto;
char *auth_data;
int single_connection;
/* proto 2 */
int chanid;
int is_subsystem;
};
/* func */
Session *session_new(void);
void session_set_fds(Session *, int, int, int);
void session_pty_cleanup(void *);
static void session_pty_cleanup(void *);
void session_proctitle(Session *);
int session_setup_x11fwd(Session *);
void do_exec_pty(Session *, const char *);
@ -90,6 +112,7 @@ int check_quietlogin(Session *, const char *);
static void do_authenticated1(Authctxt *);
static void do_authenticated2(Authctxt *);
static void session_close(Session *);
static int session_pty_req(Session *);
/* import */
@ -1425,8 +1448,7 @@ session_pty_req(Session *s)
{
u_int len;
int n_bytes;
int res;
if (no_pty_flag) {
debug("Allocating a pty not permitted for this authentication.");
return 0;
@ -1455,15 +1477,7 @@ session_pty_req(Session *s)
/* Allocate a pty and open it. */
debug("Allocating pty.");
if (!use_privsep) {
res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
sizeof(s->tty));
if (res)
pty_setowner(s->pw, s->tty);
} else
res = mm_pty_allocown(mm_recvfd,
&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
if (!res) {
if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) {
if (s->term)
xfree(s->term);
s->term = NULL;
@ -1484,6 +1498,7 @@ session_pty_req(Session *s)
* time in case we call fatal() (e.g., the connection gets closed).
*/
fatal_add_cleanup(session_pty_cleanup, (void *)s);
pty_setowner(s->pw, s->tty);
/* Set window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
@ -1646,7 +1661,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
* Function to perform pty cleanup. Also called if we get aborted abnormally
* (e.g., due to a dropped connection).
*/
void
static void
session_pty_cleanup(void *session)
{
Session *s = session;
@ -1724,7 +1739,7 @@ session_exit_message(Session *s, int status)
s->chanid = -1;
}
void
static void
session_close(Session *s)
{
debug("session_close: session %d pid %d", s->self, s->pid);

28
session.h
View File

@ -26,32 +26,6 @@
#ifndef SESSION_H
#define SESSION_H
#define TTYSZ 64
typedef struct Session Session;
struct Session {
int used;
int self;
struct passwd *pw;
Authctxt *authctxt;
pid_t pid;
/* tty */
char *term;
int ptyfd, ttyfd, ptymaster;
int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* X11 */
int display_number;
char *display;
int screen;
char *auth_display;
char *auth_proto;
char *auth_data;
int single_connection;
/* proto 2 */
int chanid;
int is_subsystem;
};
void do_authenticated(Authctxt *);
int session_open(Authctxt*, int);
@ -60,6 +34,4 @@ void session_close_by_pid(pid_t, int);
void session_close_by_channel(int, void *);
void session_destroy_all(void);
Session *session_new(void);
void session_close(Session *);
#endif

173
sshd.c
View File

@ -72,11 +72,6 @@ RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $");
#include "misc.h"
#include "dispatch.h"
#include "channels.h"
#include "session.h"
#include "monitor_mm.h"
#include "monitor.h"
#include "monitor_wrap.h"
#include "monitor_fdpass.h"
#ifdef LIBWRAP
#include <tcpd.h>
@ -194,20 +189,8 @@ u_int utmp_len = MAXHOSTNAMELEN;
int *startup_pipes = NULL;
int startup_pipe; /* in child */
/* variables used for privilege separation */
#define MM_MEMSIZE 65536
struct mm_master *mm_zback;
struct mm_master *mm_zlib;
extern int use_privsep;
/* Socket for the child to receive a fd */
extern int mm_recvfd;
/* Socket for the parent to send a fd */
int mm_sendfd;
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
void demote_sensitive_data(void);
static void do_ssh1_kex(void);
static void do_ssh2_kex(void);
@ -494,69 +477,6 @@ destroy_sensitive_data(void)
memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
}
/* Demote private to public keys for network child */
void
demote_sensitive_data(void)
{
Key *tmp;
int i;
if (sensitive_data.server_key) {
tmp = key_demote(sensitive_data.server_key);
key_free(sensitive_data.server_key);
sensitive_data.server_key = tmp;
}
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
tmp = key_demote(sensitive_data.host_keys[i]);
key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = tmp;
}
}
/* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */
}
void
privsep_postauth(Authctxt *authctxt)
{
pid_t pid;
if (0) {
/* File descriptor passing is broken */
mm_apply_keystate(mm_zlib);
use_privsep = 0;
return;
}
pid = fork();
if (pid == -1)
fatal("fork of unprivileged child failed");
else if (pid != 0) {
debug2("User child is on pid %d", pid);
close(mm_recvfd);
monitor_child_postauth(mm_sendfd);
/* Teardown? */
exit(0);
}
close(mm_sendfd);
/* Demote the private keys to public keys. */
demote_sensitive_data();
/* Drop privileges */
if (seteuid(authctxt->pw->pw_uid) == -1)
fatal("%s: seteuid", __FUNCTION__);
if (setuid(authctxt->pw->pw_uid) == -1)
fatal("%s: setuid", __FUNCTION__);
/* It is safe now to apply the key state */
mm_apply_keystate(mm_zlib);
}
static char *
list_hostkey_types(void)
{
@ -598,25 +518,6 @@ get_hostkey_by_type(int type)
return NULL;
}
Key *
get_hostkey_by_index(int ind)
{
if (ind < 0 || ind >= options.num_host_key_files)
return (NULL);
return (sensitive_data.host_keys[ind]);
}
int
get_hostkey_index(Key *key)
{
int i;
for (i = 0; i < options.num_host_key_files; i++) {
if (key == sensitive_data.host_keys[i])
return (i);
}
return (-1);
}
/*
* returns 1 if connection should be dropped, 0 otherwise.
* dropping starts at connection #max_startups_begin with a probability
@ -693,8 +594,6 @@ main(int ac, char **av)
int listen_sock, maxfd;
int startup_p[2];
int startups = 0;
Authctxt *authctxt;
int sp[2];
Key *key;
int ret, key_used = 0;
@ -1332,84 +1231,23 @@ main(int ac, char **av)
packet_set_nonblocking();
if (!use_privsep)
goto skip_privilegeseparation;
/* Set up unprivileged child process to deal with network data */
monitor_socketpair(sp);
mm_recvfd = sp[0];
mm_sendfd = sp[1];
/* Used to share zlib space across processes */
mm_zback = mm_create(NULL, MM_MEMSIZE);
mm_zlib = mm_create(mm_zback, 20 * MM_MEMSIZE);
/* Compression needs to share state across borders */
mm_init_compression(mm_zlib);
pid = fork();
if (pid == -1)
fatal("fork of unprivileged child failed");
else if (pid != 0) {
debug2("Network child is on pid %d", pid);
authctxt = monitor_child_preauth(mm_sendfd);
/* The member allocation is not visible, so sync it */
mm_share_sync(&mm_zlib, &mm_zback);
goto authenticated;
} else {
/* Demote the private keys to public keys. */
demote_sensitive_data();
/* Change our root directory - /var/empty is standard*/
if (chroot("/var/empty") == -1)
fatal("chroot(/var/empty)");
if (chdir("/") == -1)
fatal("chdir(/)");
/* Drop our privileges */
seteuid(32767); /* XXX - Niels */
setuid(32767);
}
skip_privilegeseparation:
/* perform the key exchange */
/* authenticate user and start session */
if (compat20) {
do_ssh2_kex();
authctxt = do_authentication2();
if (use_privsep)
mm_send_keystate(mm_recvfd);
do_authentication2();
} else {
do_ssh1_kex();
authctxt = do_authentication();
do_authentication();
}
/* If we use privilege separation, the unprivileged child exits */
if (use_privsep)
exit(0);
authenticated:
/*
* In privilege separation, we fork another child and prepare
* file descriptor passing.
*/
if (use_privsep)
privsep_postauth(authctxt);
/* Perform session preparation. */
do_authenticated(authctxt);
/* The connection has been terminated. */
verbose("Closing connection to %.100s", remote_ip);
#ifdef USE_PAM
finish_pam();
#endif /* USE_PAM */
packet_close();
if (use_privsep)
mm_terminate(mm_recvfd);
exit(0);
}
@ -1615,6 +1453,8 @@ do_ssh1_kex(void)
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
}
/* Destroy the private and public keys. They will no longer be needed. */
destroy_sensitive_data();
/* Destroy the decrypted integer. It is no longer needed. */
BN_clear_free(session_key_int);
@ -1662,7 +1502,6 @@ do_ssh2_kex(void)
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->load_host_key=&get_hostkey_by_type;
kex->host_key_index=&get_hostkey_index;
xxx_kex = kex;