Vendor import of OpenSSH 3.7.1p2.

1 files changed, 67 insertions, 114 deletions

diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index 0f2b2a3..47df9ca 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.276 2003/08/28 12:54:34 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -112,11 +112,7 @@ char *config_file_name = _PATH_SERVER_CONFIG_FILE;
  * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
  * Default value is AF_UNSPEC means both IPv4 and IPv6.
  */
-#ifdef IPV4_DEFAULT
-int IPv4or6 = AF_INET;
-#else
 int IPv4or6 = AF_UNSPEC;
-#endif
 
 /*
  * Debug mode flag.  This can be set on the command line.  If debug
@@ -192,7 +188,7 @@ u_char session_id[16];
 
 /* same for ssh2 */
 u_char *session_id2 = NULL;
-int session_id2_len = 0;
+u_int session_id2_len = 0;
 
 /* record remote hostname or ip */
 u_int utmp_len = MAXHOSTNAMELEN;
@@ -205,6 +201,9 @@ int startup_pipe;		/* in child */
 int use_privsep;
 struct monitor *pmonitor;
 
+/* message to be displayed after login */
+Buffer loginmsg;
+
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
@@ -258,11 +257,11 @@ sighup_handler(int sig)
 static void
 sighup_restart(void)
 {
-	log("Received SIGHUP; restarting.");
+	logit("Received SIGHUP; restarting.");
 	close_listen_socks();
 	close_startup_pipes();
 	execv(saved_argv[0], saved_argv);
-	log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+	logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
 	    strerror(errno));
 	exit(1);
 }
@@ -371,39 +370,37 @@ sshd_exchange_identification(int sock_in, int sock_out)
 	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
 	server_version_string = xstrdup(buf);
 
-	if (client_version_string == NULL) {
-		/* Send our protocol version identification. */
-		if (atomicio(write, sock_out, server_version_string,
-		    strlen(server_version_string))
-		    != strlen(server_version_string)) {
-			log("Could not write ident string to %s", get_remote_ipaddr());
+	/* Send our protocol version identification. */
+	if (atomicio(vwrite, sock_out, server_version_string,
+	    strlen(server_version_string))
+	    != strlen(server_version_string)) {
+		logit("Could not write ident string to %s", get_remote_ipaddr());
+		fatal_cleanup();
+	}
+
+	/* Read other sides version identification. */
+	memset(buf, 0, sizeof(buf));
+	for (i = 0; i < sizeof(buf) - 1; i++) {
+		if (atomicio(read, sock_in, &buf[i], 1) != 1) {
+			logit("Did not receive identification string from %s",
+			    get_remote_ipaddr());
 			fatal_cleanup();
 		}
-
-		/* Read other sides version identification. */
-		memset(buf, 0, sizeof(buf));
-		for (i = 0; i < sizeof(buf) - 1; i++) {
-			if (atomicio(read, sock_in, &buf[i], 1) != 1) {
-				log("Did not receive identification string from %s",
-				    get_remote_ipaddr());
-				fatal_cleanup();
-			}
-			if (buf[i] == '\r') {
-				buf[i] = 0;
-				/* Kludge for F-Secure Macintosh < 1.0.2 */
-				if (i == 12 &&
-				    strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
-					break;
-				continue;
-			}
-			if (buf[i] == '\n') {
-				buf[i] = 0;
+		if (buf[i] == '\r') {
+			buf[i] = 0;
+			/* Kludge for F-Secure Macintosh < 1.0.2 */
+			if (i == 12 &&
+			    strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
 				break;
-			}
+			continue;
+		}
+		if (buf[i] == '\n') {
+			buf[i] = 0;
+			break;
 		}
-		buf[sizeof(buf) - 1] = 0;
-		client_version_string = xstrdup(buf);
 	}
+	buf[sizeof(buf) - 1] = 0;
+	client_version_string = xstrdup(buf);
 
 	/*
 	 * Check that the versions match.  In future this might accept
@@ -412,10 +409,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
 	if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
 	    &remote_major, &remote_minor, remote_version) != 3) {
 		s = "Protocol mismatch.\n";
-		(void) atomicio(write, sock_out, s, strlen(s));
+		(void) atomicio(vwrite, sock_out, s, strlen(s));
 		close(sock_in);
 		close(sock_out);
-		log("Bad protocol version identification '%.100s' from %s",
+		logit("Bad protocol version identification '%.100s' from %s",
 		    client_version_string, get_remote_ipaddr());
 		fatal_cleanup();
 	}
@@ -425,13 +422,13 @@ sshd_exchange_identification(int sock_in, int sock_out)
 	compat_datafellows(remote_version);
 
 	if (datafellows & SSH_BUG_PROBE) {
-		log("probed from %s with %s.  Don't panic.",
+		logit("probed from %s with %s.  Don't panic.",
 		    get_remote_ipaddr(), client_version_string);
 		fatal_cleanup();
 	}
 
 	if (datafellows & SSH_BUG_SCANNER) {
-		log("scanned from %s with %s.  Don't panic.",
+		logit("scanned from %s with %s.  Don't panic.",
 		    get_remote_ipaddr(), client_version_string);
 		fatal_cleanup();
 	}
@@ -473,10 +470,10 @@ sshd_exchange_identification(int sock_in, int sock_out)
 
 	if (mismatch) {
 		s = "Protocol major versions differ.\n";
-		(void) atomicio(write, sock_out, s, strlen(s));
+		(void) atomicio(vwrite, sock_out, s, strlen(s));
 		close(sock_in);
 		close(sock_out);
-		log("Protocol major versions differ for %s: %.200s vs. %.200s",
+		logit("Protocol major versions differ for %s: %.200s vs. %.200s",
 		    get_remote_ipaddr(),
 		    server_version_string, client_version_string);
 		fatal_cleanup();
@@ -568,8 +565,6 @@ privsep_preauth_child(void)
 	do_setusercontext(pw);
 #else
 	gidset[0] = pw->pw_gid;
-	if (setgid(pw->pw_gid) < 0)
-		fatal("setgid failed for %u", pw->pw_gid );
 	if (setgroups(1, gidset) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
 	permanently_set_uid(pw);
@@ -824,26 +819,27 @@ main(int ac, char **av)
 #ifdef HAVE_SECUREWARE
 	(void)set_auth_parameters(ac, av);
 #endif
-	__progname = get_progname(av[0]);
+	__progname = ssh_get_progname(av[0]);
 	init_rng();
 
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
-	saved_argv = av;
-	saved_argv = xmalloc(sizeof(*saved_argv) * ac);
+	saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
 	for (i = 0; i < ac; i++)
 		saved_argv[i] = xstrdup(av[i]);
+	saved_argv[i] = NULL;
 
 #ifndef HAVE_SETPROCTITLE
 	/* Prepare for later setproctitle emulation */
 	compat_init_setproctitle(ac, av);
+	av = saved_argv;
 #endif
 
 	/* Initialize configuration options to their default values. */
 	initialize_server_options(&options);
 
 	/* Parse command-line arguments. */
-	while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:o:dDeiqtQ46")) != -1) {
+	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {
 		switch (opt) {
 		case '4':
 			IPv4or6 = AF_INET;
@@ -855,15 +851,11 @@ main(int ac, char **av)
 			config_file_name = optarg;
 			break;
 		case 'd':
-			if (0 == debug_flag) {
+			if (debug_flag == 0) {
 				debug_flag = 1;
 				options.log_level = SYSLOG_LEVEL_DEBUG1;
-			} else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
+			} else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
 				options.log_level++;
-			} else {
-				fprintf(stderr, "Too high debugging level.\n");
-				exit(1);
-			}
 			break;
 		case 'D':
 			no_daemon_flag = 1;
@@ -914,11 +906,6 @@ main(int ac, char **av)
 			}
 			options.host_key_files[options.num_host_key_files++] = optarg;
 			break;
-		case 'V':
-			client_version_string = optarg;
-			/* only makes sense with inetd_flag, i.e. no listen() */
-			inetd_flag = 1;
-			break;
 		case 't':
 			test_flag = 1;
 			break;
@@ -1010,15 +997,15 @@ main(int ac, char **av)
 		    key_type(key));
 	}
 	if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
-		log("Disabling protocol version 1. Could not load host key");
+		logit("Disabling protocol version 1. Could not load host key");
 		options.protocol &= ~SSH_PROTO_1;
 	}
 	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
-		log("Disabling protocol version 2. Could not load host key");
+		logit("Disabling protocol version 2. Could not load host key");
 		options.protocol &= ~SSH_PROTO_2;
 	}
 	if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
-		log("sshd: no hostkeys available -- exiting.");
+		logit("sshd: no hostkeys available -- exiting.");
 		exit(1);
 	}
 
@@ -1153,7 +1140,8 @@ main(int ac, char **av)
 				continue;
 			}
 			/* Create socket for listening. */
-			listen_sock = socket(ai->ai_family, SOCK_STREAM, 0);
+			listen_sock = socket(ai->ai_family, ai->ai_socktype,
+			    ai->ai_protocol);
 			if (listen_sock < 0) {
 				/* kernel may not support ipv6 */
 				verbose("socket: %.100s", strerror(errno));
@@ -1186,7 +1174,7 @@ main(int ac, char **av)
 			num_listen_socks++;
 
 			/* Start listening on the port. */
-			log("Server listening on %s port %s.", ntop, strport);
+			logit("Server listening on %s port %s.", ntop, strport);
 			if (listen(listen_sock, 5) < 0)
 				fatal("listen: %.100s", strerror(errno));
 
@@ -1221,7 +1209,10 @@ main(int ac, char **av)
 			 * overwrite any old pid in the file.
 			 */
 			f = fopen(options.pid_file, "wb");
-			if (f) {
+			if (f == NULL) {
+				error("Couldn't create pid file \"%s\": %s",
+				    options.pid_file, strerror(errno));
+			} else {
 				fprintf(f, "%ld\n", (long) getpid());
 				fclose(f);
 			}
@@ -1262,7 +1253,7 @@ main(int ac, char **av)
 			if (ret < 0 && errno != EINTR)
 				error("select: %.100s", strerror(errno));
 			if (received_sigterm) {
-				log("Received signal %d; terminating.",
+				logit("Received signal %d; terminating.",
 				    (int) received_sigterm);
 				close_listen_socks();
 				unlink(options.pid_file);
@@ -1400,11 +1391,11 @@ main(int ac, char **av)
 	 * setlogin() affects the entire process group.  We don't
 	 * want the child to be able to affect the parent.
 	 */
-#if !defined(STREAMS_PUSH_ACQUIRES_CTTY)
+#if !defined(SSHD_ACQUIRES_CTTY)
 	/*
-	 * If setsid is called on Solaris, sshd will acquire the controlling
-	 * terminal while pushing STREAMS modules. This will prevent the
-	 * shell from acquiring it later.
+	 * If setsid is called, on some platforms sshd will later acquire a
+	 * controlling terminal which will result in "could not set
+	 * controlling tty" errors.
 	 */
 	if (!debug_flag && !inetd_flag && setsid() < 0)
 		error("setsid: %.100s", strerror(errno));
@@ -1471,37 +1462,12 @@ main(int ac, char **av)
 		alarm(options.login_grace_time);
 
 	sshd_exchange_identification(sock_in, sock_out);
-	/*
-	 * Check that the connection comes from a privileged port.
-	 * Rhosts-Authentication only makes sense from privileged
-	 * programs.  Of course, if the intruder has root access on his local
-	 * machine, he can connect from any port.  So do not use these
-	 * authentication methods from machines that you do not trust.
-	 */
-	if (options.rhosts_authentication &&
-	    (remote_port >= IPPORT_RESERVED ||
-	    remote_port < IPPORT_RESERVED / 2)) {
-		debug("Rhosts Authentication disabled, "
-		    "originating port %d not trusted.", remote_port);
-		options.rhosts_authentication = 0;
-	}
-#if defined(KRB4) && !defined(KRB5)
-	if (!packet_connection_is_ipv4() &&
-	    options.kerberos_authentication) {
-		debug("Kerberos Authentication disabled, only available for IPv4.");
-		options.kerberos_authentication = 0;
-	}
-#endif /* KRB4 && !KRB5 */
-#ifdef AFS
-	/* If machine has AFS, set process authentication group. */
-	if (k_hasafs()) {
-		k_setpag();
-		k_unlog();
-	}
-#endif /* AFS */
 
 	packet_set_nonblocking();
 
+        /* prepare buffers to collect authentication messages */
+	buffer_init(&loginmsg);
+
 	if (use_privsep)
 		if ((authctxt = privsep_preauth()) != NULL)
 			goto authenticated;
@@ -1543,7 +1509,8 @@ main(int ac, char **av)
 	verbose("Closing connection to %.100s", remote_ip);
 
 #ifdef USE_PAM
-	finish_pam();
+	if (options.use_pam)
+		finish_pam();
 #endif /* USE_PAM */
 
 	packet_close();
@@ -1655,24 +1622,10 @@ do_ssh1_kex(void)
 
 	/* Declare supported authentication types. */
 	auth_mask = 0;
-	if (options.rhosts_authentication)
-		auth_mask |= 1 << SSH_AUTH_RHOSTS;
 	if (options.rhosts_rsa_authentication)
 		auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
 	if (options.rsa_authentication)
 		auth_mask |= 1 << SSH_AUTH_RSA;
-#if defined(KRB4) || defined(KRB5)
-	if (options.kerberos_authentication)
-		auth_mask |= 1 << SSH_AUTH_KERBEROS;
-#endif
-#if defined(AFS) || defined(KRB5)
-	if (options.kerberos_tgt_passing)
-		auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
-#endif
-#ifdef AFS
-	if (options.afs_token_passing)
-		auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
-#endif
 	if (options.challenge_response_authentication == 1)
 		auth_mask |= 1 << SSH_AUTH_TIS;
 	if (options.password_authentication)
@@ -1750,7 +1703,7 @@ do_ssh1_kex(void)
 		u_char *buf = xmalloc(bytes);
 		MD5_CTX md;
 
-		log("do_connection: generating a fake encryption key");
+		logit("do_connection: generating a fake encryption key");
 		BN_bn2bin(session_key_int, buf);
 		MD5_Init(&md);
 		MD5_Update(&md, buf, bytes);