diff --git a/Makefile.in b/Makefile.in index 38c1d381c..31aa8e583 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.198 2002/03/13 01:47:54 djm Exp $ +# $Id: Makefile.in,v 1.199 2002/03/13 02:19:42 djm Exp $ prefix=@prefix@ exec_prefix=@exec_prefix@ @@ -50,11 +50,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) -LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o monitor_fdpass.c monitor_wrap.c mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o +LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o monitor.c monitor_mm.c sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 diff --git a/auth.h b/auth.h index 9b5b19f6c..c7175405d 100644 --- a/auth.h +++ b/auth.h @@ -121,8 +121,8 @@ void krb5_cleanup_proc(void *authctxt); #include "auth-pam.h" #include "auth2-pam.h" -Authctxt *do_authentication(void); -Authctxt *do_authentication2(void); +void do_authentication(void); +void do_authentication2(void); Authctxt *authctxt_new(void); void auth_log(Authctxt *, int, char *, char *); diff --git a/auth1.c b/auth1.c index c52f63897..c2d99895f 100644 --- a/auth1.c +++ b/auth1.c @@ -26,13 +26,8 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $"); #include "session.h" #include "misc.h" #include "uidswap.h" -#include "monitor.h" -#include "monitor_wrap.h" /* import */ -extern int use_privsep; -extern int mm_recvfd; - extern ServerOptions options; /* @@ -360,13 +355,12 @@ do_authloop(Authctxt *authctxt) * Performs authentication of an incoming connection. Session key has already * been exchanged and encryption is enabled. */ -Authctxt * +void do_authentication(void) { Authctxt *authctxt; - struct passwd *pw = NULL, *pwent; + struct passwd *pw; u_int ulen; - int allowed; char *p, *user, *style = NULL; /* Get the name of the user that we wish to log in as. */ @@ -388,26 +382,17 @@ do_authentication(void) authctxt->style = style; /* Verify that the user is a valid user. */ - if (!use_privsep) { - pwent = getpwnam(user); - allowed = pwent ? allowed_user(pwent) : 0; - } else - pwent = mm_getpwnamallow(mm_recvfd, user, &allowed); - if (pwent && allowed) { + pw = getpwnam(user); + if (pw && allowed_user(pw)) { authctxt->valid = 1; - pw = pwcopy(pwent); + pw = pwcopy(pw); } else { debug("do_authentication: illegal user %s", user); pw = NULL; } - /* Free memory */ - if (use_privsep) - pwfree(pwent); - authctxt->pw = pw; - setproctitle("%s%s", use_privsep ? " [net]" : "", - pw ? user : "unknown"); + setproctitle("%s", pw ? user : "unknown"); #ifdef USE_PAM start_pam(pw == NULL ? "NOUSER" : user); @@ -433,5 +418,6 @@ do_authentication(void) packet_send(); packet_write_wait(); - return (authctxt); + /* Perform session preparation. */ + do_authenticated(authctxt); } diff --git a/auth2.c b/auth2.c index f661f8d7c..f2a801ecc 100644 --- a/auth2.c +++ b/auth2.c @@ -51,13 +51,8 @@ RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $"); #include "hostfile.h" #include "canohost.h" #include "match.h" -#include "monitor.h" -#include "monitor_wrap.h" /* import */ -extern int use_privsep; -extern int mm_recvfd; - extern ServerOptions options; extern u_char *session_id2; extern int session_id2_len; @@ -80,8 +75,8 @@ static void input_userauth_request(int, u_int32_t, void *); /* helper */ static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); -int user_key_allowed(struct passwd *, Key *); -int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); +static int user_key_allowed(struct passwd *, Key *); +static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* auth */ static void userauth_banner(void); @@ -114,7 +109,7 @@ Authmethod authmethods[] = { * loop until authctxt->success == TRUE */ -Authctxt * +void do_authentication2(void) { Authctxt *authctxt = authctxt_new(); @@ -130,8 +125,7 @@ do_authentication2(void) dispatch_init(&dispatch_protocol_error); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); - - return(authctxt); + do_authenticated(authctxt); } static void @@ -188,15 +182,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) *style++ = 0; if (authctxt->attempt++ == 0) { - /* setup auth context */ - int allowed; + /* setup auth context */ struct passwd *pw = NULL; - if (!use_privsep) { - pw = getpwnam(user); - allowed = pw ? allowed_user(pw) : 0; - } else - pw = mm_getpwnamallow(mm_recvfd, user, &allowed); - if (pw && allowed && strcmp(service, "ssh-connection")==0) { + pw = getpwnam(user); + if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); @@ -209,18 +198,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) start_pam("NOUSER"); #endif } - /* Free memory */ - if (use_privsep) - pwfree(pw); - - setproctitle("%s%s", use_privsep ? " [net]" : "", - pw ? user : "unknown"); + setproctitle("%s", pw ? user : "unknown"); authctxt->user = xstrdup(user); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; - - if (use_privsep) - mm_inform_authserv(mm_recvfd, service, style); } else if (strcmp(user, authctxt->user) != 0 || strcmp(service, authctxt->service) != 0) { packet_disconnect("Change of username or service not allowed: " @@ -332,8 +313,6 @@ done: static int userauth_none(Authctxt *authctxt) { - int res = 0; - /* disable method "none", only allowed one time */ Authmethod *m = authmethod_lookup("none"); if (m != NULL) @@ -343,16 +322,18 @@ userauth_none(Authctxt *authctxt) if (authctxt->valid == 0) return(0); - if (!authctxt->valid) - return (0); - if (use_privsep) -#if defined(USE_PAM) || defined(HAVE_OSF_SIA) -#error NOT IMPLEMENTED FOR PRIVSEP + +#ifdef HAVE_CYGWIN + if (check_nt_auth(1, authctxt->pw) == 0) + return(0); #endif - res = mm_auth_password(mm_recvfd, ""); - else - res = auth_password(authctxt, ""); - return (res); +#ifdef USE_PAM + return auth_pam_password(authctxt->pw, ""); +#elif defined(HAVE_OSF_SIA) + return 0; +#else /* !HAVE_OSF_SIA && !USE_PAM */ + return auth_password(authctxt, ""); +#endif /* USE_PAM */ } static int @@ -367,16 +348,18 @@ userauth_passwd(Authctxt *authctxt) log("password change not supported"); password = packet_get_string(&len); packet_check_eom(); - -#if defined(HAVE_CYGWIN) || defined(USE_PAM) || defined(HAVE_OSF_SIA) -#error NOT IMPLEMENTED FOR PRIVSEP + if (authctxt->valid && +#ifdef HAVE_CYGWIN + check_nt_auth(1, authctxt->pw) && #endif - if (authctxt->valid) { - if (use_privsep) - authenticated = mm_auth_password(mm_recvfd, password); - else - authenticated = auth_password(authctxt, password); - } +#ifdef USE_PAM + auth_pam_password(authctxt->pw, password) == 1) +#elif defined(HAVE_OSF_SIA) + auth_sia_password(authctxt->user, password) == 1) +#else /* !USE_PAM && !HAVE_OSF_SIA */ + auth_password(authctxt, password) == 1) +#endif /* USE_PAM */ + authenticated = 1; memset(password, 0, len); xfree(password); return authenticated; @@ -484,23 +467,12 @@ userauth_pubkey(Authctxt *authctxt) buffer_dump(&b); #endif /* test for correct signature */ - authenticated = 0; - if (use_privsep) { - if (mm_user_key_allowed(mm_recvfd, key) && - mm_key_verify(mm_recvfd, - MM_USERKEY, NULL, NULL, key, sig, slen, - buffer_ptr(&b), buffer_len(&b)) == 1) - authenticated = 1; - } else { - if (user_key_allowed(authctxt->pw, key) && - key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b)) == 1) - authenticated = 1; - } + if (user_key_allowed(authctxt->pw, key) && + key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) + authenticated = 1; buffer_clear(&b); xfree(sig); } else { - int res = 0; debug("test whether pkalg/pkblob are acceptable"); packet_check_eom(); @@ -512,11 +484,7 @@ userauth_pubkey(Authctxt *authctxt) * if a user is not allowed to login. is this an * issue? -markus */ - if (use_privsep) - res = mm_user_key_allowed(mm_recvfd, key); - else - res = user_key_allowed(authctxt->pw, key); - if (res) { + if (user_key_allowed(authctxt->pw, key)) { packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); @@ -604,18 +572,9 @@ userauth_hostbased(Authctxt *authctxt) buffer_dump(&b); #endif /* test for allowed key and correct signature */ - authenticated = 0; - if (use_privsep) { - if (mm_hostbased_key_allowed(mm_recvfd, cuser, chost, key) && - mm_key_verify(mm_recvfd, MM_HOSTKEY, cuser, chost, key, - sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) - authenticated = 1; - } else { - if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) && - key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b)) == 1) - authenticated = 1; - } + if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) && + key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) + authenticated = 1; buffer_clear(&b); done: @@ -771,7 +730,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) } /* check whether given key is in .ssh/authorized_keys* */ -int +static int user_key_allowed(struct passwd *pw, Key *key) { int success; @@ -791,7 +750,7 @@ user_key_allowed(struct passwd *pw, Key *key) } /* return 1 if given hostkey is allowed */ -int +static int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, Key *key) { diff --git a/bufaux.c b/bufaux.c index 64b9a26e9..23bc0c814 100644 --- a/bufaux.c +++ b/bufaux.c @@ -221,8 +221,6 @@ buffer_put_string(Buffer *buffer, const void *buf, u_int len) void buffer_put_cstring(Buffer *buffer, const char *s) { - if (s == NULL) - fatal("buffer_put_cstring: s == NULL"); buffer_put_string(buffer, s, strlen(s)); } diff --git a/cipher.c b/cipher.c index 5ddf819c4..9e8f42f5e 100644 --- a/cipher.c +++ b/cipher.c @@ -541,43 +541,3 @@ evp_rijndael(void) #endif return (&rijndal_cbc); } - -/* - * Exports an IV from the CipherContext required to export the key - * state back from the unprivileged child to the privileged parent - * process. - */ - -void -cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) -{ - Cipher *c = cc->cipher; - u_char *civ = NULL; - int evplen; - - switch (c->number) { - case SSH_CIPHER_SSH2: - evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); - if (evplen == 0) - return; - if (evplen != len) - fatal("%s: wrong iv length %d != %d", __FUNCTION__, - evplen, len); - - if (strncmp(c->name, "aes", 3) == 0) { - struct ssh_rijndael_ctx *aesc; - - aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); - if (aesc == NULL) - fatal("ssh_rijndael_cbc: no context"); - civ = aesc->r_iv; - } else { - civ = cc->evp.iv; - } - break; - default: - fatal("%s: bad cipher %d", __FUNCTION__, c->number); - } - memcpy(iv, civ, len); -} - diff --git a/cipher.h b/cipher.h index c7724469b..b3b0303c7 100644 --- a/cipher.h +++ b/cipher.h @@ -81,6 +81,4 @@ void cipher_cleanup(CipherContext *); void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); u_int cipher_blocksize(Cipher *); u_int cipher_keylen(Cipher *); - -void cipher_get_keyiv(CipherContext *, u_char *, u_int); #endif /* CIPHER_H */ diff --git a/compress.c b/compress.c index dec96ba55..3badbf452 100644 --- a/compress.c +++ b/compress.c @@ -19,8 +19,8 @@ RCSID("$OpenBSD: compress.c,v 1.17 2001/12/29 21:56:01 stevesk Exp $"); #include "zlib.h" #include "compress.h" -z_stream incoming_stream; -z_stream outgoing_stream; +static z_stream incoming_stream; +static z_stream outgoing_stream; static int compress_init_send_called = 0; static int compress_init_recv_called = 0; diff --git a/kex.c b/kex.c index e5c0b0d00..bf8fd95b4 100644 --- a/kex.c +++ b/kex.c @@ -43,10 +43,6 @@ RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $"); #define KEX_COOKIE_LEN 16 -/* Use privilege separation for sshd */ -int use_privsep; -int mm_recvfd; - /* prototype */ static void kex_kexinit_finish(Kex *); static void kex_choose_conf(Kex *); diff --git a/kex.h b/kex.h index c99afaec0..755bf332a 100644 --- a/kex.h +++ b/kex.h @@ -111,7 +111,6 @@ struct Kex { char *server_version_string; int (*verify_host_key)(Key *); Key *(*load_host_key)(int); - int (*host_key_index)(Key *); }; Kex *kex_setup(char *[PROPOSAL_MAX]); diff --git a/kexdh.c b/kexdh.c index 6256722ff..eaf497ca7 100644 --- a/kexdh.c +++ b/kexdh.c @@ -37,12 +37,6 @@ RCSID("$OpenBSD: kexdh.c,v 1.17 2002/02/28 15:46:33 markus Exp $"); #include "packet.h" #include "dh.h" #include "ssh2.h" -#include "monitor.h" -#include "monitor_wrap.h" - -/* Imports */ -extern int use_privsep; -extern int mm_recvfd; static u_char * kex_dh_hash( @@ -281,12 +275,7 @@ kexdh_server(Kex *kex) /* sign H */ /* XXX hashlen depends on KEX */ - if (use_privsep) - mm_key_sign(mm_recvfd, - kex->host_key_index(server_host_key), - &signature, &slen, hash, 20); - else - key_sign(server_host_key, &signature, &slen, hash, 20); + key_sign(server_host_key, &signature, &slen, hash, 20); /* destroy_sensitive_data(); */ diff --git a/kexgex.c b/kexgex.c index 3c811f337..61896e6ed 100644 --- a/kexgex.c +++ b/kexgex.c @@ -38,12 +38,6 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $"); #include "dh.h" #include "ssh2.h" #include "compat.h" -#include "monitor.h" -#include "monitor_wrap.h" - -/* Imports */ -extern int use_privsep; -extern int mm_recvfd; static u_char * kexgex_hash( @@ -302,11 +296,7 @@ kexgex_server(Kex *kex) fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", min, nbits, max); - /* Contact privileged parent */ - if (use_privsep) - dh = mm_choose_dh(mm_recvfd, min, nbits, max); - else - dh = choose_dh(min, nbits, max); + dh = choose_dh(min, nbits, max); if (dh == NULL) packet_disconnect("Protocol error: no matching DH grp found"); @@ -389,11 +379,7 @@ kexgex_server(Kex *kex) /* sign H */ /* XXX hashlen depends on KEX */ - if (use_privsep) - mm_key_sign(mm_recvfd, kex->host_key_index(server_host_key), - &signature, &slen, hash, 20); - else - key_sign(server_host_key, &signature, &slen, hash, 20); + key_sign(server_host_key, &signature, &slen, hash, 20); /* destroy_sensitive_data(); */ @@ -404,7 +390,6 @@ kexgex_server(Kex *kex) packet_put_bignum2(dh->pub_key); /* f */ packet_put_string(signature, slen); packet_send(); - xfree(signature); xfree(server_host_key_blob); /* have keys, free DH */ diff --git a/key.c b/key.c index fb6bff95b..cda91571a 100644 --- a/key.c +++ b/key.c @@ -801,46 +801,3 @@ key_verify( break; } } - -/* Converts a private to a public key */ - -Key * -key_demote(Key *k) -{ - Key *pk; - - pk = xmalloc(sizeof(*pk)); - pk->type = k->type; - pk->flags = k->flags; - pk->dsa = NULL; - pk->rsa = NULL; - - switch (k->type) { - case KEY_RSA1: - case KEY_RSA: - if ((pk->rsa = RSA_new()) == NULL) - fatal("key_demote: RSA_new failed"); - if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) - fatal("key_demote: BN_dup failed"); - break; - case KEY_DSA: - if ((pk->dsa = DSA_new()) == NULL) - fatal("key_demote: DSA_new failed"); - if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL) - fatal("key_demote: BN_dup failed"); - if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) - fatal("key_demote: BN_dup failed"); - break; - default: - fatal("key_free: bad key type %d", k->type); - break; - } - - return (pk); -} diff --git a/key.h b/key.h index bc8b3d06b..a2257731a 100644 --- a/key.h +++ b/key.h @@ -58,7 +58,6 @@ struct Key { Key *key_new(int); Key *key_new_private(int); void key_free(Key *); -Key *key_demote(Key *); int key_equal(Key *, Key *); char *key_fingerprint(Key *, enum fp_type, enum fp_rep); char *key_type(Key *); diff --git a/packet.c b/packet.c index 1c80af128..045d5a105 100644 --- a/packet.c +++ b/packet.c @@ -115,8 +115,6 @@ static int interactive_mode = 0; /* Session key information for Encryption and MAC */ Newkeys *newkeys[MODE_MAX]; -static u_int32_t read_seqnr = 0; -static u_int32_t send_seqnr = 0; /* roundup current message to extra_pad bytes */ static u_char extra_pad = 0; @@ -173,87 +171,6 @@ packet_connection_is_on_socket(void) return 1; } -/* - * Exports an IV from the CipherContext required to export the key - * state back from the unprivileged child to the privileged parent - * process. - */ - -void -packet_get_keyiv(int mode, u_char *iv, u_int len) -{ - CipherContext *cc; - - if (mode == MODE_OUT) - cc = &send_context; - else - cc = &receive_context; - - cipher_get_keyiv(cc, iv, len); -} - -int -packet_get_keycontext(int mode, u_char *dat) -{ - int plen; - CipherContext *cc; - - if (mode == MODE_OUT) - cc = &send_context; - else - cc = &receive_context; - -#if OPENSSL_VERSION_NUMBER < 0x00907000L - plen = sizeof(cc->evp.c); -#else - plen = cc->evp.cipher->ctx_size; -#endif - - if (dat == NULL) - return (plen); - -#if OPENSSL_VERSION_NUMBER < 0x00907000L - memcpy(dat, &cc->evp.c, sizeof(cc->evp.c)); -#else - memcpy(dat, &cc->evp.cipher_data, plen); -#endif - return (plen); -} - -void -packet_set_keycontext(int mode, u_char *dat) -{ - CipherContext *cc; - - if (mode == MODE_OUT) - cc = &send_context; - else - cc = &receive_context; - -#if OPENSSL_VERSION_NUMBER < 0x00907000L - memcpy(&cc->evp.c, dat, sizeof(cc->evp.c)); -#else - memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size); -#endif -} - -u_int32_t -packet_get_seqnr(int mode) -{ - return (mode == MODE_IN ? read_seqnr : send_seqnr); -} - -void -packet_set_seqnr(int mode, u_int32_t seqnr) -{ - if (mode == MODE_IN) - read_seqnr = seqnr; - else if (mode == MODE_OUT) - send_seqnr = seqnr; - else - fatal("%s: bad mode %d", __FUNCTION__, mode); -} - /* returns 1 if connection is via ipv4 */ int @@ -516,7 +433,7 @@ packet_send1(void) */ } -void +static void set_newkeys(int mode) { Enc *enc; @@ -560,9 +477,8 @@ set_newkeys(int mode) DBG(debug("cipher_init_context: %d", mode)); cipher_init(cc, enc->cipher, enc->key, enc->key_len, enc->iv, enc->block_size, encrypt); - /* Deleting the keys does not gain extra security */ - /* memset(enc->iv, 0, enc->block_size); - memset(enc->key, 0, enc->key_len); */ + memset(enc->iv, 0, enc->block_size); + memset(enc->key, 0, enc->key_len); if (comp->type != 0 && comp->enabled == 0) { packet_init_compression(); if (mode == MODE_OUT) @@ -579,6 +495,7 @@ set_newkeys(int mode) static void packet_send2(void) { + static u_int32_t seqnr = 0; u_char type, *cp, *macbuf = NULL; u_char padlen, pad; u_int packet_length = 0; @@ -659,10 +576,10 @@ packet_send2(void) /* compute MAC over seqnr and packet(length fields, payload, padding) */ if (mac && mac->enabled) { - macbuf = mac_compute(mac, send_seqnr, + macbuf = mac_compute(mac, seqnr, buffer_ptr(&outgoing_packet), buffer_len(&outgoing_packet)); - DBG(debug("done calc MAC out #%d", send_seqnr)); + DBG(debug("done calc MAC out #%d", seqnr)); } /* encrypt packet and append to output buffer. */ cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); @@ -676,7 +593,7 @@ packet_send2(void) buffer_dump(&output); #endif /* increment sequence number for outgoing packets */ - if (++send_seqnr == 0) + if (++seqnr == 0) log("outgoing seqnr wraps around"); buffer_clear(&outgoing_packet); @@ -866,6 +783,7 @@ packet_read_poll1(void) static int packet_read_poll2(u_int32_t *seqnr_p) { + static u_int32_t seqnr = 0; static u_int packet_length = 0; u_int padlen, need; u_char *macbuf, *cp, type; @@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p) * increment sequence number for incoming packet */ if (mac && mac->enabled) { - macbuf = mac_compute(mac, read_seqnr, + macbuf = mac_compute(mac, seqnr, buffer_ptr(&incoming_packet), buffer_len(&incoming_packet)); if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) packet_disconnect("Corrupted MAC on input."); - DBG(debug("MAC #%d ok", read_seqnr)); + DBG(debug("MAC #%d ok", seqnr)); buffer_consume(&input, mac->mac_len); } if (seqnr_p != NULL) - *seqnr_p = read_seqnr; - if (++read_seqnr == 0) + *seqnr_p = seqnr; + if (++seqnr == 0) log("incoming seqnr wraps around"); /* get padlen */ diff --git a/packet.h b/packet.h index b87a03cf8..d6bf2aab4 100644 --- a/packet.h +++ b/packet.h @@ -56,13 +56,6 @@ void *packet_get_string(u_int *length_ptr); void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void set_newkeys(int mode); -void packet_get_keyiv(int, u_char *, u_int); -int packet_get_keycontext(int, u_char *); -void packet_set_keycontext(int, u_char *); -u_int32_t packet_get_seqnr(int); -void packet_set_seqnr(int, u_int32_t); - void packet_write_poll(void); void packet_write_wait(void); int packet_have_data_to_write(void); diff --git a/servconf.c b/servconf.c index c3f1253e8..9bbd994ca 100644 --- a/servconf.c +++ b/servconf.c @@ -36,8 +36,6 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short); /* AF_UNSPEC or AF_INET or AF_INET6 */ extern int IPv4or6; -/* Use of privilege separation or not */ -extern int use_privsep; /* Initializes the server options to their default values. */ @@ -112,9 +110,6 @@ initialize_server_options(ServerOptions *options) options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; - - /* Needs to be accessable in many places */ - use_privsep = -1; } void @@ -240,10 +235,6 @@ fill_default_server_options(ServerOptions *options) } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = 1; } /* Keyword tokens. */ @@ -276,7 +267,6 @@ typedef enum { sBanner, sVerifyReverseMapping, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sUsePrivilegeSeparation, sDeprecated } ServerOpCodes; @@ -352,7 +342,6 @@ static struct { { "clientalivecountmax", sClientAliveCountMax }, { "authorizedkeysfile", sAuthorizedKeysFile }, { "authorizedkeysfile2", sAuthorizedKeysFile2 }, - { "useprivilegeseparation", sUsePrivilegeSeparation}, { NULL, sBadOption } }; @@ -729,10 +718,6 @@ parse_flag: intptr = &options->allow_tcp_forwarding; goto parse_flag; - case sUsePrivilegeSeparation: - intptr = &use_privsep; - goto parse_flag; - case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) diff --git a/session.c b/session.c index 17227c9ff..a31ff85d8 100644 --- a/session.c +++ b/session.c @@ -56,8 +56,6 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $"); #include "serverloop.h" #include "canohost.h" #include "session.h" -#include "monitor.h" -#include "monitor_wrap.h" #ifdef HAVE_CYGWIN #include @@ -65,15 +63,39 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $"); #define is_winnt (GetVersion() < 0x80000000) #endif -/* Imports */ -extern int use_privsep; -extern int mm_recvfd; +/* types */ + +#define TTYSZ 64 +typedef struct Session Session; +struct Session { + int used; + int self; + struct passwd *pw; + Authctxt *authctxt; + pid_t pid; + /* tty */ + char *term; + int ptyfd, ttyfd, ptymaster; + int row, col, xpixel, ypixel; + char tty[TTYSZ]; + /* X11 */ + int display_number; + char *display; + int screen; + char *auth_display; + char *auth_proto; + char *auth_data; + int single_connection; + /* proto 2 */ + int chanid; + int is_subsystem; +}; /* func */ Session *session_new(void); void session_set_fds(Session *, int, int, int); -void session_pty_cleanup(void *); +static void session_pty_cleanup(void *); void session_proctitle(Session *); int session_setup_x11fwd(Session *); void do_exec_pty(Session *, const char *); @@ -90,6 +112,7 @@ int check_quietlogin(Session *, const char *); static void do_authenticated1(Authctxt *); static void do_authenticated2(Authctxt *); +static void session_close(Session *); static int session_pty_req(Session *); /* import */ @@ -1425,8 +1448,7 @@ session_pty_req(Session *s) { u_int len; int n_bytes; - int res; - + if (no_pty_flag) { debug("Allocating a pty not permitted for this authentication."); return 0; @@ -1455,15 +1477,7 @@ session_pty_req(Session *s) /* Allocate a pty and open it. */ debug("Allocating pty."); - if (!use_privsep) { - res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, - sizeof(s->tty)); - if (res) - pty_setowner(s->pw, s->tty); - } else - res = mm_pty_allocown(mm_recvfd, - &s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); - if (!res) { + if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) { if (s->term) xfree(s->term); s->term = NULL; @@ -1484,6 +1498,7 @@ session_pty_req(Session *s) * time in case we call fatal() (e.g., the connection gets closed). */ fatal_add_cleanup(session_pty_cleanup, (void *)s); + pty_setowner(s->pw, s->tty); /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); @@ -1646,7 +1661,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr) * Function to perform pty cleanup. Also called if we get aborted abnormally * (e.g., due to a dropped connection). */ -void +static void session_pty_cleanup(void *session) { Session *s = session; @@ -1724,7 +1739,7 @@ session_exit_message(Session *s, int status) s->chanid = -1; } -void +static void session_close(Session *s) { debug("session_close: session %d pid %d", s->self, s->pid); diff --git a/session.h b/session.h index e3123beed..ec8284a5f 100644 --- a/session.h +++ b/session.h @@ -26,32 +26,6 @@ #ifndef SESSION_H #define SESSION_H -#define TTYSZ 64 -typedef struct Session Session; -struct Session { - int used; - int self; - struct passwd *pw; - Authctxt *authctxt; - pid_t pid; - /* tty */ - char *term; - int ptyfd, ttyfd, ptymaster; - int row, col, xpixel, ypixel; - char tty[TTYSZ]; - /* X11 */ - int display_number; - char *display; - int screen; - char *auth_display; - char *auth_proto; - char *auth_data; - int single_connection; - /* proto 2 */ - int chanid; - int is_subsystem; -}; - void do_authenticated(Authctxt *); int session_open(Authctxt*, int); @@ -60,6 +34,4 @@ void session_close_by_pid(pid_t, int); void session_close_by_channel(int, void *); void session_destroy_all(void); -Session *session_new(void); -void session_close(Session *); #endif diff --git a/sshd.c b/sshd.c index cbe316087..ea9293251 100644 --- a/sshd.c +++ b/sshd.c @@ -72,11 +72,6 @@ RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $"); #include "misc.h" #include "dispatch.h" #include "channels.h" -#include "session.h" -#include "monitor_mm.h" -#include "monitor.h" -#include "monitor_wrap.h" -#include "monitor_fdpass.h" #ifdef LIBWRAP #include @@ -194,20 +189,8 @@ u_int utmp_len = MAXHOSTNAMELEN; int *startup_pipes = NULL; int startup_pipe; /* in child */ -/* variables used for privilege separation */ -#define MM_MEMSIZE 65536 -struct mm_master *mm_zback; -struct mm_master *mm_zlib; - -extern int use_privsep; -/* Socket for the child to receive a fd */ -extern int mm_recvfd; -/* Socket for the parent to send a fd */ -int mm_sendfd; - /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); -void demote_sensitive_data(void); static void do_ssh1_kex(void); static void do_ssh2_kex(void); @@ -494,69 +477,6 @@ destroy_sensitive_data(void) memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); } -/* Demote private to public keys for network child */ -void -demote_sensitive_data(void) -{ - Key *tmp; - int i; - - if (sensitive_data.server_key) { - tmp = key_demote(sensitive_data.server_key); - key_free(sensitive_data.server_key); - sensitive_data.server_key = tmp; - } - for (i = 0; i < options.num_host_key_files; i++) { - if (sensitive_data.host_keys[i]) { - tmp = key_demote(sensitive_data.host_keys[i]); - key_free(sensitive_data.host_keys[i]); - sensitive_data.host_keys[i] = tmp; - } - } - - /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ -} - -void -privsep_postauth(Authctxt *authctxt) -{ - pid_t pid; - - if (0) { - /* File descriptor passing is broken */ - mm_apply_keystate(mm_zlib); - use_privsep = 0; - return; - } - - pid = fork(); - if (pid == -1) - fatal("fork of unprivileged child failed"); - else if (pid != 0) { - debug2("User child is on pid %d", pid); - close(mm_recvfd); - monitor_child_postauth(mm_sendfd); - - /* Teardown? */ - exit(0); - } - - close(mm_sendfd); - - /* Demote the private keys to public keys. */ - demote_sensitive_data(); - - /* Drop privileges */ - if (seteuid(authctxt->pw->pw_uid) == -1) - fatal("%s: seteuid", __FUNCTION__); - if (setuid(authctxt->pw->pw_uid) == -1) - fatal("%s: setuid", __FUNCTION__); - - /* It is safe now to apply the key state */ - mm_apply_keystate(mm_zlib); -} - - static char * list_hostkey_types(void) { @@ -598,25 +518,6 @@ get_hostkey_by_type(int type) return NULL; } -Key * -get_hostkey_by_index(int ind) -{ - if (ind < 0 || ind >= options.num_host_key_files) - return (NULL); - return (sensitive_data.host_keys[ind]); -} - -int -get_hostkey_index(Key *key) -{ - int i; - for (i = 0; i < options.num_host_key_files; i++) { - if (key == sensitive_data.host_keys[i]) - return (i); - } - return (-1); -} - /* * returns 1 if connection should be dropped, 0 otherwise. * dropping starts at connection #max_startups_begin with a probability @@ -693,8 +594,6 @@ main(int ac, char **av) int listen_sock, maxfd; int startup_p[2]; int startups = 0; - Authctxt *authctxt; - int sp[2]; Key *key; int ret, key_used = 0; @@ -1332,84 +1231,23 @@ main(int ac, char **av) packet_set_nonblocking(); - if (!use_privsep) - goto skip_privilegeseparation; - - /* Set up unprivileged child process to deal with network data */ - monitor_socketpair(sp); - mm_recvfd = sp[0]; - mm_sendfd = sp[1]; - - /* Used to share zlib space across processes */ - mm_zback = mm_create(NULL, MM_MEMSIZE); - mm_zlib = mm_create(mm_zback, 20 * MM_MEMSIZE); - - /* Compression needs to share state across borders */ - mm_init_compression(mm_zlib); - - pid = fork(); - if (pid == -1) - fatal("fork of unprivileged child failed"); - else if (pid != 0) { - debug2("Network child is on pid %d", pid); - authctxt = monitor_child_preauth(mm_sendfd); - - /* The member allocation is not visible, so sync it */ - mm_share_sync(&mm_zlib, &mm_zback); - goto authenticated; - } else { - /* Demote the private keys to public keys. */ - demote_sensitive_data(); - - /* Change our root directory - /var/empty is standard*/ - if (chroot("/var/empty") == -1) - fatal("chroot(/var/empty)"); - if (chdir("/") == -1) - fatal("chdir(/)"); - - /* Drop our privileges */ - seteuid(32767); /* XXX - Niels */ - setuid(32767); - } - - skip_privilegeseparation: - /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { do_ssh2_kex(); - authctxt = do_authentication2(); - if (use_privsep) - mm_send_keystate(mm_recvfd); + do_authentication2(); } else { do_ssh1_kex(); - authctxt = do_authentication(); + do_authentication(); } - - /* If we use privilege separation, the unprivileged child exits */ - if (use_privsep) - exit(0); - - authenticated: - /* - * In privilege separation, we fork another child and prepare - * file descriptor passing. - */ - if (use_privsep) - privsep_postauth(authctxt); - - /* Perform session preparation. */ - do_authenticated(authctxt); + /* The connection has been terminated. */ + verbose("Closing connection to %.100s", remote_ip); #ifdef USE_PAM finish_pam(); #endif /* USE_PAM */ packet_close(); - - if (use_privsep) - mm_terminate(mm_recvfd); - exit(0); } @@ -1615,6 +1453,8 @@ do_ssh1_kex(void) for (i = 0; i < 16; i++) session_id[i] = session_key[i] ^ session_key[i + 16]; } + /* Destroy the private and public keys. They will no longer be needed. */ + destroy_sensitive_data(); /* Destroy the decrypted integer. It is no longer needed. */ BN_clear_free(session_key_int); @@ -1662,7 +1502,6 @@ do_ssh2_kex(void) kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->load_host_key=&get_hostkey_by_type; - kex->host_key_index=&get_hostkey_index; xxx_kex = kex;