diff options
| author | kris <kris@FreeBSD.org> | 2000-05-15 05:24:25 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2000-05-15 05:24:25 +0000 |
| commit | a632b4789caf015f977f45e2d106cc00efa1239f (patch) | |
| tree | eb8a772c0dc7204d341277f265caa0c7c543c32c /crypto | |
| parent | 8cf8ce7bb13515db269566309a8e9cd8b309ee56 (diff) | |
| download | FreeBSD-src-a632b4789caf015f977f45e2d106cc00efa1239f.zip FreeBSD-src-a632b4789caf015f977f45e2d106cc00efa1239f.tar.gz | |
Resolve conflicts and update for FreeBSD.
Diffstat (limited to 'crypto')
39 files changed, 2801 insertions, 4195 deletions
diff --git a/crypto/openssh/README.openssh2 b/crypto/openssh/README.openssh2 index 12c90aa..d312dbd 100644 --- a/crypto/openssh/README.openssh2 +++ b/crypto/openssh/README.openssh2 @@ -1,10 +1,11 @@ +$FreeBSD$ $Id: README.openssh2,v 1.8 2000/05/07 18:30:03 markus Exp $ howto: 1) generate server key: - $ ssh-keygen -d -f /etc/ssh_host_dsa_key -N '' + $ ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' 2) enable ssh2: - server: add 'Protocol 2,1' to /etc/sshd_config + server: add 'Protocol 2,1' to /etc/ssh/sshd_config client: ssh -o 'Protocol 2,1', or add to .ssh/config 3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2) interop w/ ssh.com dsa-keys: diff --git a/crypto/openssh/auth-krb4.c b/crypto/openssh/auth-krb4.c index 0b09eb9..b3fcfafb 100644 --- a/crypto/openssh/auth-krb4.c +++ b/crypto/openssh/auth-krb4.c @@ -21,7 +21,7 @@ extern ServerOptions options; * return 1 on success, 0 on failure, -1 if krb4 is not available */ -int +int auth_krb4_password(struct passwd * pw, const char *password) { AUTH_DAT adata; @@ -137,7 +137,7 @@ krb4_cleanup_proc(void *ignore) } } -int +int krb4_init(uid_t uid) { static int cleanup_registered = 0; @@ -181,7 +181,7 @@ krb4_init(uid_t uid) return 0; } -int +int auth_krb4(const char *server_user, KTEXT auth, char **client) { AUTH_DAT adat = {0}; @@ -254,7 +254,7 @@ auth_krb4(const char *server_user, KTEXT auth, char **client) #endif /* KRB4 */ #ifdef AFS -int +int auth_krb4_tgt(struct passwd *pw, const char *string) { CREDENTIALS creds; @@ -309,7 +309,7 @@ auth_kerberos_tgt_failure: return 0; } -int +int auth_afs_token(struct passwd *pw, const char *token_string) { CREDENTIALS creds; diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index 8622dbc..73f43f9 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $"); +RCSID("$Id: auth-passwd.c,v 1.15 2000/04/14 10:30:29 markus Exp $"); #include "packet.h" #include "ssh.h" diff --git a/crypto/openssh/auth-rh-rsa.c b/crypto/openssh/auth-rh-rsa.c index 19e5cbb..92405bb 100644 --- a/crypto/openssh/auth-rh-rsa.c +++ b/crypto/openssh/auth-rh-rsa.c @@ -1,14 +1,14 @@ /* - * + * * auth-rh-rsa.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sun May 7 03:08:06 1995 ylo - * + * * Rhosts or /etc/hosts.equiv authentication combined with RSA host * authentication. * @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.11 2000/03/23 22:15:33 markus Exp $"); +RCSID("$Id: auth-rh-rsa.c,v 1.13 2000/04/14 10:30:29 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -34,7 +34,7 @@ RCSID("$Id: auth-rh-rsa.c,v 1.11 2000/03/23 22:15:33 markus Exp $"); * its host key. Returns true if authentication succeeds. */ -int +int auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) { extern ServerOptions options; diff --git a/crypto/openssh/auth-rsa.c b/crypto/openssh/auth-rsa.c index 7829cac..b28d629 100644 --- a/crypto/openssh/auth-rsa.c +++ b/crypto/openssh/auth-rsa.c @@ -1,23 +1,23 @@ /* - * + * * auth-rsa.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Mar 27 01:46:52 1995 ylo - * + * * RSA-based authentication. This code determines whether to admit a login * based on RSA authentication. This file also contains functions to check * validity of the host key. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.19 2000/03/23 22:15:33 markus Exp $"); +RCSID("$Id: auth-rsa.c,v 1.23 2000/04/29 18:11:51 markus Exp $"); #include "rsa.h" #include "packet.h" @@ -186,6 +186,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) } } if (fail) { + fclose(f); log(buf); packet_send_debug(buf); restore_uid(); @@ -239,7 +240,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) debug("%.100s, line %lu: bad key syntax", SSH_USER_PERMITTED_KEYS, linenum); packet_send_debug("%.100s, line %lu: bad key syntax", - SSH_USER_PERMITTED_KEYS, linenum); + SSH_USER_PERMITTED_KEYS, linenum); continue; } /* cp now points to the comment part. */ @@ -256,7 +257,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* We have found the desired key. */ - /* Perform the challenge-response dialog for this key. */ if (!auth_rsa_challenge_dialog(pk)) { /* Wrong response. */ diff --git a/crypto/openssh/auth-skey.c b/crypto/openssh/auth-skey.c index 5f3fe9e..59e6ea2 100644 --- a/crypto/openssh/auth-skey.c +++ b/crypto/openssh/auth-skey.c @@ -1,9 +1,12 @@ +/* $FreeBSD$ */ + #include "includes.h" RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $"); +#include <sys/sysctl.h> #include "ssh.h" #include "packet.h" -#include <sha1.h> +#include <sha.h> /* * try skey authentication, @@ -14,7 +17,7 @@ int auth_skey_password(struct passwd * pw, const char *password) { if (strncasecmp(password, "s/key", 5) == 0) { - char *skeyinfo = skey_keyinfo(pw->pw_name); + char *skeyinfo = opie_keyinfo(pw->pw_name); if (skeyinfo == NULL) { debug("generating fake skeyinfo for %.100s.", pw->pw_name); @@ -24,8 +27,8 @@ auth_skey_password(struct passwd * pw, const char *password) packet_send_debug(skeyinfo); /* Try again. */ return 0; - } else if (skey_haskey(pw->pw_name) == 0 && - skey_passcheck(pw->pw_name, (char *) password) != -1) { + } else if (opie_haskey(pw->pw_name) == 0 && + opie_passverify(pw->pw_name, (char *) password) != -1) { /* Authentication succeeded. */ return 1; } @@ -64,16 +67,19 @@ skey_fake_keyinfo(char *username) { int i; u_int ptr; - u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up; - char pbuf[SKEY_MAX_PW_LEN+1]; - static char skeyprompt[SKEY_MAX_CHALLENGE+1]; + u_char hseed[OPIE_SEED_MAX], flg = 1, *up; + char pbuf[OPIE_SECRET_MAX+1]; + static char skeyprompt[OPIE_CHALLENGE_MAX+1]; char *secret = NULL; size_t secretlen = 0; SHA1_CTX ctx; char *p, *u; + int mib[2]; + size_t size; + struct timeval boottime; /* - * Base first 4 chars of seed on hostname. + * Base first 2 chars of seed on hostname. * Add some filler for short hostnames if necessary. */ if (gethostname(pbuf, sizeof(pbuf)) == -1) @@ -82,31 +88,34 @@ skey_fake_keyinfo(char *username) for (p = pbuf; *p && isalnum(*p); p++) if (isalpha(*p) && isupper(*p)) *p = tolower(*p); - if (*p && pbuf - p < 4) - (void)strncpy(p, "asjd", 4 - (pbuf - p)); - pbuf[4] = '\0'; + if (*p && pbuf - p < 2) + (void)strncpy(p, "asjd", 2 - (pbuf - p)); + pbuf[2] = '\0'; /* Hash the username if possible */ - if ((up = SHA1Data(username, strlen(username), NULL)) != NULL) { + if ((up = SHA1_Data(username, strlen(username), NULL)) != NULL) { struct stat sb; time_t t; - int fd; /* Collapse the hash */ ptr = hash_collapse(up); memset(up, 0, strlen(up)); - /* See if the random file's there, else use ctime */ - if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1 - && fstat(fd, &sb) == 0 && - sb.st_size > (off_t)SKEY_MAX_SEED_LEN && - lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN), - SEEK_SET) != -1 && read(fd, hseed, - SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) { - close(fd); - fd = -1; - secret = hseed; - secretlen = SKEY_MAX_SEED_LEN; + /* + * Seed the fake challenge with the system boot time, + * otherwise use ctime. + * + * XXX This should be a random source which is constant + * over short time periods, but changes over timescales on + * the order of a week. + */ + mib[0] = CTL_KERN; + mib[1] = KERN_BOOTTIME; + size = sizeof(boottime); + if (sysctl(mib, 2, &boottime, &size, NULL, 0) != -1 && + boottime.tv_sec != 0) { + secret = (char *)&boottime; + secretlen = size/sizeof(char); flg = 0; } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) { t = sb.st_ctime; @@ -114,51 +123,49 @@ skey_fake_keyinfo(char *username) secretlen = strlen(secret); flg = 0; } - if (fd != -1) - close(fd); } /* Put that in your pipe and smoke it */ if (flg == 0) { /* Hash secret value with username */ - SHA1Init(&ctx); - SHA1Update(&ctx, secret, secretlen); - SHA1Update(&ctx, username, strlen(username)); - SHA1End(&ctx, up); + SHA1_Init(&ctx); + SHA1_Update(&ctx, secret, secretlen); + SHA1_Update(&ctx, username, strlen(username)); + SHA1_End(&ctx, up); /* Zero out */ memset(secret, 0, secretlen); /* Now hash the hash */ - SHA1Init(&ctx); - SHA1Update(&ctx, up, strlen(up)); - SHA1End(&ctx, up); + SHA1_Init(&ctx); + SHA1_Update(&ctx, up, strlen(up)); + SHA1_End(&ctx, up); ptr = hash_collapse(up + 4); - for (i = 4; i < 9; i++) { + for (i = 2; i < 6; i++) { pbuf[i] = (ptr % 10) + '0'; ptr /= 10; } pbuf[i] = '\0'; /* Sequence number */ - ptr = ((up[2] + up[3]) % 99) + 1; + ptr = ((up[2] + up[3]) % 499) + 1; memset(up, 0, 20); /* SHA1 specific */ free(up); (void)snprintf(skeyprompt, sizeof skeyprompt, - "otp-%.*s %d %.*s", - SKEY_MAX_HASHNAME_LEN, - skey_get_algorithm(), - ptr, SKEY_MAX_SEED_LEN, + "opt-%.*s %d %.*s ext", + OPIE_HASHNAME_MAX, + opie_get_algorithm(), + ptr, OPIE_SEED_MAX, pbuf); } else { - /* Base last 8 chars of seed on username */ + /* Base last 4 chars of seed on username */ u = username; - i = 8; - p = &pbuf[4]; + i = 4; + p = &pbuf[2]; do { if (*u == 0) { /* Pad remainder with zeros */ @@ -169,13 +176,11 @@ skey_fake_keyinfo(char *username) *p++ = (*u++ % 10) + '0'; } while (--i != 0); - pbuf[12] = '\0'; + pbuf[6] = '\0'; (void)snprintf(skeyprompt, sizeof skeyprompt, - "otp-%.*s %d %.*s", - SKEY_MAX_HASHNAME_LEN, - skey_get_algorithm(), - 99, SKEY_MAX_SEED_LEN, pbuf); + "opt-md5 %d %.*s ext", + 499, OPIE_SEED_MAX, pbuf); } return skeyprompt; } diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index d3425a2..2497e15 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -2,6 +2,8 @@ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * $FreeBSD$ */ #include "includes.h" @@ -106,6 +108,16 @@ allowed_user(struct passwd * pw) return 0; } } +#ifndef __FreeBSD__ /* FreeBSD handle it later */ + /* Fail if the account's expiration time has passed. */ + if (pw->pw_expire != 0) { + struct timeval tv; + + (void)gettimeofday(&tv, NULL); + if (tv.tv_sec >= pw->pw_expire) + return 0; + } +#endif /* !__FreeBSD__ */ /* We found no reason not to let this user try to log on... */ return 1; } diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index 38114d8..1af5d67 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -1,6 +1,8 @@ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved + * + * $FreeBSD$ */ #include "includes.h" @@ -39,9 +41,13 @@ get_authname(int type) case SSH_CMSG_AUTH_RHOSTS: return "rhosts"; #ifdef KRB4 - case SSH_CMSG_AUTH_KERBEROS: - return "kerberos"; + case SSH_CMSG_AUTH_KRB4: + return "kerberosV4"; #endif +#ifdef KRB5 + case SSH_CMSG_AUTH_KRB5: + return "kerberosV5"; +#endif /* KRB5 */ #ifdef SKEY case SSH_CMSG_AUTH_TIS_RESPONSE: return "s/key"; @@ -135,6 +141,31 @@ do_authloop(struct passwd * pw) unsigned int ulen; int type = 0; void (*authlog) (const char *fmt,...) = verbose; +#ifdef LOGIN_CAP + login_cap_t *lc; +#endif /* LOGIN_CAP */ +#if defined(LOGIN_CAP) || defined(LOGIN_ACCESS) + const char *from_host, *from_ip; + + from_host = get_canonical_hostname(); + from_ip = get_remote_ipaddr(); +#endif /* LOGIN_CAP || LOGIN_ACCESS */ +#ifdef HAVE_LIBPAM + int pam_retval; +#endif /* HAVE_LIBPAM */ +#if 0 +#ifdef KRB5 + { + krb5_error_code ret; + + ret = krb5_init_context(&ssh_context); + if (ret) + verbose("Error while initializing Kerberos V5."); + krb5_init_ets(ssh_context); + + } +#endif /* KRB5 */ +#endif /* Indicate that authentication is needed. */ packet_start(SSH_SMSG_FAILURE); @@ -151,17 +182,17 @@ do_authloop(struct passwd * pw) /* Process the packet. */ switch (type) { #ifdef AFS - case SSH_CMSG_HAVE_KERBEROS_TGT: - if (!options.kerberos_tgt_passing) { + case SSH_CMSG_HAVE_KRB4_TGT: + if (!options.krb4_tgt_passing) { /* packet_get_all(); */ - verbose("Kerberos tgt passing disabled."); + verbose("Kerberos v4 tgt passing disabled."); break; } else { - /* Accept Kerberos tgt. */ + /* Accept Kerberos v4 tgt. */ char *tgt = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); - if (!auth_kerberos_tgt(pw, tgt)) - verbose("Kerberos tgt REFUSED for %s", pw->pw_name); + if (!auth_krb4_tgt(pw, tgt)) + verbose("Kerberos v4 tgt REFUSED for %s", pw->pw_name); xfree(tgt); } continue; @@ -182,11 +213,10 @@ do_authloop(struct passwd * pw) continue; #endif /* AFS */ #ifdef KRB4 - case SSH_CMSG_AUTH_KERBEROS: - if (!options.kerberos_authentication) { + case SSH_CMSG_AUTH_KRB4: + if (!options.krb4_authentication) { /* packet_get_all(); */ - verbose("Kerberos authentication disabled."); - break; + verbose("Kerberos v4 authentication disabled."); } else { /* Try Kerberos v4 authentication. */ KTEXT_ST auth; @@ -207,6 +237,36 @@ do_authloop(struct passwd * pw) } break; #endif /* KRB4 */ +#ifdef KRB5 + case SSH_CMSG_AUTH_KRB5: + if (!options.krb5_authentication) { + verbose("Kerberos v5 authentication disabled."); + break; + } else { + krb5_data k5data; +#if 0 + if (krb5_init_context(&ssh_context)) { + verbose("Error while initializing Kerberos V5."); + break; + } + krb5_init_ets(ssh_context); +#endif + + k5data.data = packet_get_string(&k5data.length); + packet_integrity_check(plen, 4 + k5data.length, type); + if (auth_krb5(pw->pw_name, &k5data, &tkt_client)) { + /* pw->name is passed just for logging purposes + * */ + /* authorize client against .k5login */ + if (krb5_kuserok(ssh_context, + tkt_client, + pw->pw_name)) + authenticated = 1; + } + xfree(k5data.data); + } + break; +#endif /* KRB5 */ case SSH_CMSG_AUTH_RHOSTS: if (!options.rhosts_authentication) { @@ -303,7 +363,7 @@ do_authloop(struct passwd * pw) case SSH_CMSG_AUTH_TIS: debug("rcvd SSH_CMSG_AUTH_TIS"); if (options.skey_authentication == 1) { - char *skeyinfo = skey_keyinfo(pw->pw_name); + char *skeyinfo = opie_keyinfo(pw->pw_name); if (skeyinfo == NULL) { debug("generating fake skeyinfo for %.100s.", pw->pw_name); skeyinfo = skey_fake_keyinfo(pw->pw_name); @@ -325,8 +385,8 @@ do_authloop(struct passwd * pw) char *response = packet_get_string(&dlen); debug("skey response == '%s'", response); packet_integrity_check(plen, 4 + dlen, type); - authenticated = (skey_haskey(pw->pw_name) == 0 && - skey_passcheck(pw->pw_name, response) != -1); + authenticated = (opie_haskey(pw->pw_name) == 0 && + opie_passverify(pw->pw_name, response) != -1); xfree(response); } break; @@ -336,6 +396,32 @@ do_authloop(struct passwd * pw) log("TIS authentication unsupported."); break; #endif +#ifdef KRB5 + case SSH_CMSG_HAVE_KRB5_TGT: + /* Passing krb5 ticket */ + if (!options.krb5_tgt_passing + /*|| !options.krb5_authentication */) { + + } + + if (tkt_client == NULL) { + /* passing tgt without krb5 authentication */ + } + + { + krb5_data tgt; + tgt.data = packet_get_string(&tgt.length); + + if (!auth_krb5_tgt(pw->pw_name, &tgt, tkt_client)) { + verbose ("Kerberos V5 TGT refused for %.100s", pw->pw_name); + xfree(tgt.data); + goto fail; + } + xfree(tgt.data); + + break; + } +#endif /* KRB5 */ default: /* @@ -359,6 +445,34 @@ do_authloop(struct passwd * pw) log("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); } + +#ifdef LOGIN_CAP + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + if (!auth_hostok(lc, from_host, from_ip)) { + log("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } + if (!auth_timeok(lc, time(NULL))) { + log("LOGIN %.200s REFUSED (TIME) FROM %.200s", + pw->pw_name, from_host); + packet_disconnect("Logins not available right now."); + } + login_close(lc); +#endif /* LOGIN_CAP */ +#ifdef LOGIN_ACCESS + if (!login_access(pw->pw_name, from_host)) { + log("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } +#endif /* LOGIN_ACCESS */ + + if (pw->pw_uid == 0) + log("ROOT LOGIN as '%.100s' from %.100s", + pw->pw_name, get_canonical_hostname()); } /* Raise logging level */ @@ -431,6 +545,9 @@ do_authentication() pwcopy.pw_gid = pw->pw_gid; pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); + pwcopy.pw_class = xstrdup(pw->pw_class); + pwcopy.pw_expire = pw->pw_expire; + pwcopy.pw_change = pw->pw_change; pw = &pwcopy; /* @@ -444,8 +561,11 @@ do_authentication() /* If the user has no password, accept authentication immediately. */ if (options.password_authentication && +#ifdef KRB5 + !options.krb5_authentication && +#endif /* KRB5 */ #ifdef KRB4 - (!options.kerberos_authentication || options.kerberos_or_local_passwd) && + (!options.krb4_authentication || options.krb4_or_local_passwd) && #endif /* KRB4 */ auth_password(pw, "")) { /* Authentication with empty password succeeded. */ diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index 3f8c254..f45b8c8 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -25,6 +25,8 @@ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ */ #include "includes.h" RCSID("$OpenBSD: auth2.c,v 1.8 2000/05/08 17:42:24 markus Exp $"); @@ -97,7 +99,7 @@ do_authentication2() options.skey_authentication = 0; #endif #ifdef KRB4 - options.kerberos_authentication = 0; + options.krb4_authentication = 0; #endif dispatch_init(&protocol_error); diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c index 97aacdd..d770bfe 100644 --- a/crypto/openssh/authfd.c +++ b/crypto/openssh/authfd.c @@ -1,21 +1,21 @@ /* - * + * * authfd.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Mar 29 01:30:28 1995 ylo - * + * * Functions for connecting the local authentication agent. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.16 1999/12/15 19:43:10 markus Exp $"); +RCSID("$Id: authfd.c,v 1.19 2000/04/29 18:11:52 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -65,7 +65,7 @@ ssh_get_authentication_socket() * ssh_get_authentication_socket(). */ -void +void ssh_close_authentication_socket(int sock) { if (getenv(SSH_AUTHSOCKET_ENV_NAME)) @@ -109,7 +109,7 @@ ssh_get_authentication_connection() * memory. */ -void +void ssh_close_authentication_connection(AuthenticationConnection *ac) { buffer_free(&ac->packet); @@ -218,8 +218,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, *comment = buffer_get_string(&auth->identities, NULL); if (bits != BN_num_bits(n)) - error("Warning: identity keysize mismatch: actual %d, announced %u", - BN_num_bits(n), bits); + log("Warning: identity keysize mismatch: actual %d, announced %u", + BN_num_bits(n), bits); /* Decrement the number of remaining entries. */ auth->howmany--; @@ -339,7 +339,7 @@ error_cleanup: * be used by normal applications. */ -int +int ssh_add_identity(AuthenticationConnection *auth, RSA * key, const char *comment) { @@ -427,7 +427,7 @@ error_cleanup: * meant to be used by normal applications. */ -int +int ssh_remove_identity(AuthenticationConnection *auth, RSA *key) { Buffer buffer; @@ -510,7 +510,7 @@ error_cleanup: * by normal applications. */ -int +int ssh_remove_all_identities(AuthenticationConnection *auth) { Buffer buffer; diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c index 9ab1377..b8bc9e5 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -1,29 +1,35 @@ /* - * + * * authfile.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Mar 27 03:52:05 1995 ylo - * + * * This file contains functions for reading and writing identity files, and * for reading the passphrase from the user. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: authfile.c,v 1.11 1999/12/06 19:11:15 deraadt Exp $"); +RCSID("$Id: authfile.c,v 1.16 2000/04/26 21:28:32 markus Exp $"); #include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rsa.h> +#include <openssl/pem.h> +#include <openssl/evp.h> + #include "xmalloc.h" #include "buffer.h" #include "bufaux.h" #include "cipher.h" #include "ssh.h" +#include "key.h" /* Version identification string for identity files. */ #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n" @@ -36,8 +42,8 @@ RCSID("$Id: authfile.c,v 1.11 1999/12/06 19:11:15 deraadt Exp $"); */ int -save_private_key(const char *filename, const char *passphrase, - RSA *key, const char *comment) +save_private_key_rsa(const char *filename, const char *passphrase, + RSA *key, const char *comment) { Buffer buffer, encrypted; char buf[100], *cp; @@ -102,7 +108,7 @@ save_private_key(const char *filename, const char *passphrase, /* Allocate space for the private part of the key in the buffer. */ buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); - cipher_set_key_string(&cipher, cipher_type, passphrase, 1); + cipher_set_key_string(&cipher, cipher_type, passphrase); cipher_encrypt(&cipher, (unsigned char *) cp, (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); @@ -129,6 +135,63 @@ save_private_key(const char *filename, const char *passphrase, return 1; } +/* save DSA key in OpenSSL PEM format */ + +int +save_private_key_dsa(const char *filename, const char *passphrase, + DSA *dsa, const char *comment) +{ + FILE *fp; + int fd; + int success = 1; + int len = strlen(passphrase); + + if (len > 0 && len <= 4) { + error("passphrase too short: %d bytes", len); + errno = 0; + return 0; + } + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); + if (fd < 0) { + debug("open %s failed", filename); + return 0; + } + fp = fdopen(fd, "w"); + if (fp == NULL ) { + debug("fdopen %s failed", filename); + close(fd); + return 0; + } + if (len > 0) { + if (!PEM_write_DSAPrivateKey(fp, dsa, EVP_des_ede3_cbc(), + (char *)passphrase, strlen(passphrase), NULL, NULL)) + success = 0; + } else { + if (!PEM_write_DSAPrivateKey(fp, dsa, NULL, + NULL, 0, NULL, NULL)) + success = 0; + } + fclose(fp); + return success; +} + +int +save_private_key(const char *filename, const char *passphrase, Key *key, + const char *comment) +{ + switch (key->type) { + case KEY_RSA: + return save_private_key_rsa(filename, passphrase, key->rsa, comment); + break; + case KEY_DSA: + return save_private_key_dsa(filename, passphrase, key->dsa, comment); + break; + default: + break; + } + return 0; +} + /* * Loads the public part of the key file. Returns 0 if an error was * encountered (the file does not exist or is not readable), and non-zero @@ -136,8 +199,7 @@ save_private_key(const char *filename, const char *passphrase, */ int -load_public_key(const char *filename, RSA * pub, - char **comment_return) +load_public_key_rsa(const char *filename, RSA * pub, char **comment_return) { int fd, i; off_t len; @@ -155,7 +217,7 @@ load_public_key(const char *filename, RSA * pub, if (read(fd, cp, (size_t) len) != (size_t) len) { debug("Read from key file %.200s failed: %.100s", filename, - strerror(errno)); + strerror(errno)); buffer_free(&buffer); close(fd); return 0; @@ -184,9 +246,13 @@ load_public_key(const char *filename, RSA * pub, /* Read the public key from the buffer. */ buffer_get_int(&buffer); - pub->n = BN_new(); + /* XXX alloc */ + if (pub->n == NULL) + pub->n = BN_new(); buffer_get_bignum(&buffer, pub->n); - pub->e = BN_new(); + /* XXX alloc */ + if (pub->e == NULL) + pub->e = BN_new(); buffer_get_bignum(&buffer, pub->e); if (comment_return) *comment_return = buffer_get_string(&buffer, NULL); @@ -197,6 +263,20 @@ load_public_key(const char *filename, RSA * pub, return 1; } +int +load_public_key(const char *filename, Key * key, char **comment_return) +{ + switch (key->type) { + case KEY_RSA: + return load_public_key_rsa(filename, key->rsa, comment_return); + break; + case KEY_DSA: + default: + break; + } + return 0; +} + /* * Loads the private key from the file. Returns 0 if an error is encountered * (file does not exist or is not readable, or passphrase is bad). This @@ -205,35 +285,17 @@ load_public_key(const char *filename, RSA * pub, */ int -load_private_key(const char *filename, const char *passphrase, - RSA * prv, char **comment_return) +load_private_key_rsa(int fd, const char *filename, + const char *passphrase, RSA * prv, char **comment_return) { - int fd, i, check1, check2, cipher_type; + int i, check1, check2, cipher_type; off_t len; Buffer buffer, decrypted; char *cp; CipherContext cipher; BN_CTX *ctx; BIGNUM *aux; - struct stat st; - - fd = open(filename, O_RDONLY); - if (fd < 0) - return 0; - /* check owner and modes */ - if (fstat(fd, &st) < 0 || - (st.st_uid != 0 && st.st_uid != getuid()) || - (st.st_mode & 077) != 0) { - close(fd); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Bad ownership or mode(0%3.3o) for '%s'.", - st.st_mode & 0777, filename); - error("It is recommended that your private key files are NOT accessible by others."); - return 0; - } len = lseek(fd, (off_t) 0, SEEK_END); lseek(fd, (off_t) 0, SEEK_SET); @@ -281,7 +343,7 @@ load_private_key(const char *filename, const char *passphrase, xfree(buffer_get_string(&buffer, NULL)); /* Check that it is a supported cipher. */ - if (((cipher_mask() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) & + if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) & (1 << cipher_type)) == 0) { debug("Unsupported cipher %.100s used in key file %.200s.", cipher_name(cipher_type), filename); @@ -293,7 +355,7 @@ load_private_key(const char *filename, const char *passphrase, buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ - cipher_set_key_string(&cipher, cipher_type, passphrase, 0); + cipher_set_key_string(&cipher, cipher_type, passphrase); cipher_decrypt(&cipher, (unsigned char *) cp, (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); @@ -310,7 +372,9 @@ load_private_key(const char *filename, const char *passphrase, buffer_free(&decrypted); fail: BN_clear_free(prv->n); + prv->n = NULL; BN_clear_free(prv->e); + prv->e = NULL; if (comment_return) xfree(*comment_return); return 0; @@ -344,3 +408,87 @@ fail: return 1; } + +int +load_private_key_dsa(int fd, const char *passphrase, Key *k, char **comment_return) +{ + DSA *dsa; + BIO *in; + FILE *fp; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + error("BIO_new failed"); + return 0; + } + fp = fdopen(fd, "r"); + if (fp == NULL) { + error("fdopen failed"); + return 0; + } + BIO_set_fp(in, fp, BIO_NOCLOSE); + dsa = PEM_read_bio_DSAPrivateKey(in, NULL, NULL, (char *)passphrase); + if (dsa == NULL) { + debug("PEM_read_bio_DSAPrivateKey failed"); + } else { + /* replace k->dsa with loaded key */ + DSA_free(k->dsa); + k->dsa = dsa; + } + BIO_free(in); + fclose(fp); + if (comment_return) + *comment_return = xstrdup("dsa w/o comment"); + debug("read DSA private key done"); +#ifdef DEBUG_DSS + DSA_print_fp(stderr, dsa, 8); +#endif + return dsa != NULL ? 1 : 0; +} + +int +load_private_key(const char *filename, const char *passphrase, Key *key, + char **comment_return) +{ + int fd; + int ret = 0; + struct stat st; + + fd = open(filename, O_RDONLY); + if (fd < 0) + return 0; + + /* check owner and modes */ + if (fstat(fd, &st) < 0 || + (st.st_uid != 0 && st.st_uid != getuid()) || + (st.st_mode & 077) != 0) { + close(fd); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("Bad ownership or mode(0%3.3o) for '%s'.", + st.st_mode & 0777, filename); + error("It is recommended that your private key files are NOT accessible by others."); + return 0; + } + switch (key->type) { + case KEY_RSA: + if (key->rsa->e != NULL) { + BN_clear_free(key->rsa->e); + key->rsa->e = NULL; + } + if (key->rsa->n != NULL) { + BN_clear_free(key->rsa->n); + key->rsa->n = NULL; + } + ret = load_private_key_rsa(fd, filename, passphrase, + key->rsa, comment_return); + break; + case KEY_DSA: + ret = load_private_key_dsa(fd, passphrase, key, comment_return); + default: + break; + } + close(fd); + return ret; +} diff --git a/crypto/openssh/bufaux.c b/crypto/openssh/bufaux.c index 6a0c559..d813594 100644 --- a/crypto/openssh/bufaux.c +++ b/crypto/openssh/bufaux.c @@ -1,22 +1,24 @@ /* - * + * * bufaux.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Mar 29 02:24:47 1995 ylo - * + * * Auxiliary functions for storing and retrieving various data types to/from * Buffers. * + * SSH2 packet format added by Markus Friedl + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: bufaux.c,v 1.8 2000/03/16 20:56:14 markus Exp $"); +RCSID("$Id: bufaux.c,v 1.11 2000/04/14 10:30:30 markus Exp $"); #include "ssh.h" #include <openssl/bn.h> @@ -77,9 +79,53 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) } /* + * Stores an BIGNUM in the buffer in SSH2 format. + */ +void +buffer_put_bignum2(Buffer *buffer, BIGNUM *value) +{ + int bytes = BN_num_bytes(value) + 1; + unsigned char *buf = xmalloc(bytes); + int oi; + int hasnohigh = 0; + buf[0] = '\0'; + /* Get the value of in binary */ + oi = BN_bn2bin(value, buf+1); + if (oi != bytes-1) + fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", + oi, bytes); + hasnohigh = (buf[1] & 0x80) ? 0 : 1; + if (value->neg) { + /**XXX should be two's-complement */ + int i, carry; + unsigned char *uc = buf; + log("negativ!"); + for(i = bytes-1, carry = 1; i>=0; i--) { + uc[i] ^= 0xff; + if(carry) + carry = !++uc[i]; + } + } + buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); + memset(buf, 0, bytes); + xfree(buf); +} + +int +buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +{ + /**XXX should be two's-complement */ + int len; + unsigned char *bin = (unsigned char *)buffer_get_string(buffer, (unsigned int *)&len); + BN_bin2bn(bin, len, value); + xfree(bin); + return len; +} + +/* * Returns an integer from the buffer (4 bytes, msb first). */ -unsigned int +unsigned int buffer_get_int(Buffer *buffer) { unsigned char buf[4]; @@ -90,7 +136,7 @@ buffer_get_int(Buffer *buffer) /* * Stores an integer in the buffer in 4 bytes, msb first. */ -void +void buffer_put_int(Buffer *buffer, unsigned int value) { char buf[4]; @@ -130,17 +176,22 @@ buffer_get_string(Buffer *buffer, unsigned int *length_ptr) /* * Stores and arbitrary binary string in the buffer. */ -void +void buffer_put_string(Buffer *buffer, const void *buf, unsigned int len) { buffer_put_int(buffer, len); buffer_append(buffer, buf, len); } +void +buffer_put_cstring(Buffer *buffer, const char *s) +{ + buffer_put_string(buffer, s, strlen(s)); +} /* * Returns a character from the buffer (0 - 255). */ -int +int buffer_get_char(Buffer *buffer) { char ch; @@ -151,7 +202,7 @@ buffer_get_char(Buffer *buffer) /* * Stores a character in the buffer. */ -void +void buffer_put_char(Buffer *buffer, int value) { char ch = value; diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index 3ad4c73..fcc3d5b 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -1,27 +1,30 @@ /* - * + * * cipher.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Apr 19 17:41:39 1995 ylo - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.20 2000/03/22 09:55:10 markus Exp $"); +RCSID("$Id: cipher.c,v 1.26 2000/04/14 10:30:30 markus Exp $"); #include "ssh.h" #include "cipher.h" +#include "xmalloc.h" #include <openssl/md5.h> /* - * What kind of tripple DES are these 2 routines? + * This is used by SSH1: + * + * What kind of triple DES are these 2 routines? * * Why is there a redundant initialization vector? * @@ -76,7 +79,7 @@ SSH_3CBC_DECRYPT(des_key_schedule ks1, } /* - * SSH uses a variation on Blowfish, all bytes must be swapped before + * SSH1 uses a variation on Blowfish, all bytes must be swapped before * and after encryption/decryption. Thus the swap_bytes stuff (yuk). */ static void @@ -117,7 +120,12 @@ static char *cipher_names[] = "3des", "tss", "rc4", - "blowfish" + "blowfish", + "reserved", + "blowfish-cbc", + "3des-cbc", + "arcfour", + "cast128-cbc" }; /* @@ -126,14 +134,29 @@ static char *cipher_names[] = * supported cipher. */ -unsigned int -cipher_mask() +unsigned int +cipher_mask1() { unsigned int mask = 0; mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ mask |= 1 << SSH_CIPHER_BLOWFISH; return mask; } +unsigned int +cipher_mask2() +{ + unsigned int mask = 0; + mask |= 1 << SSH_CIPHER_BLOWFISH_CBC; + mask |= 1 << SSH_CIPHER_3DES_CBC; + mask |= 1 << SSH_CIPHER_ARCFOUR; + mask |= 1 << SSH_CIPHER_CAST128_CBC; + return mask; +} +unsigned int +cipher_mask() +{ + return cipher_mask1() | cipher_mask2(); +} /* Returns the name of the cipher. */ @@ -142,10 +165,34 @@ cipher_name(int cipher) { if (cipher < 0 || cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) || cipher_names[cipher] == NULL) - fatal("cipher_name: bad cipher number: %d", cipher); + fatal("cipher_name: bad cipher name: %d", cipher); return cipher_names[cipher]; } +/* Returns 1 if the name of the ciphers are valid. */ + +#define CIPHER_SEP "," +int +ciphers_valid(const char *names) +{ + char *ciphers; + char *p; + int i; + + if (strcmp(names, "") == 0) + return 0; + ciphers = xstrdup(names); + for ((p = strtok(ciphers, CIPHER_SEP)); p; (p = strtok(NULL, CIPHER_SEP))) { + i = cipher_number(p); + if (i == -1 || !(cipher_mask2() & (1 << i))) { + xfree(ciphers); + return 0; + } + } + xfree(ciphers); + return 1; +} + /* * Parses the name of the cipher. Returns the number of the corresponding * cipher, or -1 on error. @@ -167,9 +214,8 @@ cipher_number(const char *name) * passphrase and using the resulting 16 bytes as the key. */ -void -cipher_set_key_string(CipherContext *context, int cipher, - const char *passphrase, int for_encryption) +void +cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase) { MD5_CTX md; unsigned char digest[16]; @@ -178,7 +224,7 @@ cipher_set_key_string(CipherContext *context, int cipher, MD5_Update(&md, (const unsigned char *) passphrase, strlen(passphrase)); MD5_Final(digest, &md); - cipher_set_key(context, cipher, digest, 16, for_encryption); + cipher_set_key(context, cipher, digest, 16); memset(digest, 0, sizeof(digest)); memset(&md, 0, sizeof(md)); @@ -186,9 +232,9 @@ cipher_set_key_string(CipherContext *context, int cipher, /* Selects the cipher to use and sets the key. */ -void -cipher_set_key(CipherContext *context, int cipher, - const unsigned char *key, int keylen, int for_encryption) +void +cipher_set_key(CipherContext *context, int cipher, const unsigned char *key, + int keylen) { unsigned char padded[32]; @@ -228,19 +274,86 @@ cipher_set_key(CipherContext *context, int cipher, break; case SSH_CIPHER_BLOWFISH: + if (keylen < 16) + error("Key length %d is insufficient for blowfish.", keylen); BF_set_key(&context->u.bf.key, keylen, padded); memset(context->u.bf.iv, 0, 8); break; + case SSH_CIPHER_3DES_CBC: + case SSH_CIPHER_BLOWFISH_CBC: + case SSH_CIPHER_ARCFOUR: + case SSH_CIPHER_CAST128_CBC: + fatal("cipher_set_key: illegal cipher: %s", cipher_name(cipher)); + break; + default: fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher)); } memset(padded, 0, sizeof(padded)); } +void +cipher_set_key_iv(CipherContext * context, int cipher, + const unsigned char *key, int keylen, + const unsigned char *iv, int ivlen) +{ + /* Set cipher type. */ + context->type = cipher; + + /* Initialize the initialization vector. */ + switch (cipher) { + case SSH_CIPHER_NONE: + break; + + case SSH_CIPHER_3DES: + case SSH_CIPHER_BLOWFISH: + fatal("cipher_set_key_iv: illegal cipher: %s", cipher_name(cipher)); + break; + + case SSH_CIPHER_3DES_CBC: + if (keylen < 24) + error("Key length %d is insufficient for 3des-cbc.", keylen); + des_set_key((void *) key, context->u.des3.key1); + des_set_key((void *) (key+8), context->u.des3.key2); + des_set_key((void *) (key+16), context->u.des3.key3); + if (ivlen < 8) + error("IV length %d is insufficient for 3des-cbc.", ivlen); + memcpy(context->u.des3.iv3, (char *)iv, 8); + break; + + case SSH_CIPHER_BLOWFISH_CBC: + if (keylen < 16) + error("Key length %d is insufficient for blowfish.", keylen); + if (ivlen < 8) + error("IV length %d is insufficient for blowfish.", ivlen); + BF_set_key(&context->u.bf.key, keylen, (unsigned char *)key); + memcpy(context->u.bf.iv, (char *)iv, 8); + break; + + case SSH_CIPHER_ARCFOUR: + if (keylen < 16) + error("Key length %d is insufficient for arcfour.", keylen); + RC4_set_key(&context->u.rc4, keylen, (unsigned char *)key); + break; + + case SSH_CIPHER_CAST128_CBC: + if (keylen < 16) + error("Key length %d is insufficient for cast128.", keylen); + if (ivlen < 8) + error("IV length %d is insufficient for cast128.", ivlen); + CAST_set_key(&context->u.cast.key, keylen, (unsigned char *) key); + memcpy(context->u.cast.iv, (char *)iv, 8); + break; + + default: + fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher)); + } +} + /* Encrypts data using the cipher. */ -void +void cipher_encrypt(CipherContext *context, unsigned char *dest, const unsigned char *src, unsigned int len) { @@ -262,11 +375,32 @@ cipher_encrypt(CipherContext *context, unsigned char *dest, case SSH_CIPHER_BLOWFISH: swap_bytes(src, dest, len); BF_cbc_encrypt(dest, dest, len, - &context->u.bf.key, context->u.bf.iv, + &context->u.bf.key, context->u.bf.iv, BF_ENCRYPT); swap_bytes(dest, dest, len); break; + case SSH_CIPHER_BLOWFISH_CBC: + BF_cbc_encrypt((void *)src, dest, len, + &context->u.bf.key, context->u.bf.iv, + BF_ENCRYPT); + break; + + case SSH_CIPHER_3DES_CBC: + des_ede3_cbc_encrypt(src, dest, len, + context->u.des3.key1, context->u.des3.key2, + context->u.des3.key3, &context->u.des3.iv3, DES_ENCRYPT); + break; + + case SSH_CIPHER_ARCFOUR: + RC4(&context->u.rc4, len, (unsigned char *)src, dest); + break; + + case SSH_CIPHER_CAST128_CBC: + CAST_cbc_encrypt(src, dest, len, + &context->u.cast.key, context->u.cast.iv, CAST_ENCRYPT); + break; + default: fatal("cipher_encrypt: unknown cipher: %s", cipher_name(context->type)); } @@ -274,7 +408,7 @@ cipher_encrypt(CipherContext *context, unsigned char *dest, /* Decrypts data using the cipher. */ -void +void cipher_decrypt(CipherContext *context, unsigned char *dest, const unsigned char *src, unsigned int len) { @@ -301,6 +435,27 @@ cipher_decrypt(CipherContext *context, unsigned char *dest, swap_bytes(dest, dest, len); break; + case SSH_CIPHER_BLOWFISH_CBC: + BF_cbc_encrypt((void *) src, dest, len, + &context->u.bf.key, context->u.bf.iv, + BF_DECRYPT); + break; + + case SSH_CIPHER_3DES_CBC: + des_ede3_cbc_encrypt(src, dest, len, + context->u.des3.key1, context->u.des3.key2, + context->u.des3.key3, &context->u.des3.iv3, DES_DECRYPT); + break; + + case SSH_CIPHER_ARCFOUR: + RC4(&context->u.rc4, len, (unsigned char *)src, dest); + break; + + case SSH_CIPHER_CAST128_CBC: + CAST_cbc_encrypt(src, dest, len, + &context->u.cast.key, context->u.cast.iv, CAST_DECRYPT); + break; + default: fatal("cipher_decrypt: unknown cipher: %s", cipher_name(context->type)); } diff --git a/crypto/openssh/cipher.h b/crypto/openssh/cipher.h index 492dda3..c973564 100644 --- a/crypto/openssh/cipher.h +++ b/crypto/openssh/cipher.h @@ -1,27 +1,30 @@ /* - * + * * cipher.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Apr 19 16:50:42 1995 ylo - * + * * $FreeBSD$ */ -/* RCSID("$Id: cipher.h,v 1.11 2000/03/22 09:55:10 markus Exp $"); */ +/* RCSID("$Id: cipher.h,v 1.17 2000/05/08 17:12:15 markus Exp $"); */ #ifndef CIPHER_H #define CIPHER_H #include <openssl/des.h> #include <openssl/blowfish.h> +#include <openssl/rc4.h> +#include <openssl/cast.h> /* Cipher types. New types can be added, but old types should not be removed for compatibility. The maximum allowed value is 31. */ +#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */ #define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ #define SSH_CIPHER_NONE 0 /* no encryption */ #define SSH_CIPHER_IDEA 1 /* IDEA CFB */ @@ -30,6 +33,13 @@ #define SSH_CIPHER_BROKEN_TSS 4 /* TRI's Simple Stream encryption CBC */ #define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */ #define SSH_CIPHER_BLOWFISH 6 +#define SSH_CIPHER_RESERVED 7 + +/* these ciphers are used in SSH2: */ +#define SSH_CIPHER_BLOWFISH_CBC 8 +#define SSH_CIPHER_3DES_CBC 9 +#define SSH_CIPHER_ARCFOUR 10 /* Alleged RC4 */ +#define SSH_CIPHER_CAST128_CBC 11 typedef struct { unsigned int type; @@ -45,6 +55,11 @@ typedef struct { struct bf_key_st key; unsigned char iv[8]; } bf; + struct { + CAST_KEY key; + unsigned char iv[8]; + } cast; + RC4_KEY rc4; } u; } CipherContext; /* @@ -53,6 +68,8 @@ typedef struct { * supported cipher. */ unsigned int cipher_mask(); +unsigned int cipher_mask1(); +unsigned int cipher_mask2(); /* Returns the name of the cipher. */ const char *cipher_name(int cipher); @@ -63,29 +80,36 @@ const char *cipher_name(int cipher); */ int cipher_number(const char *name); +/* returns 1 if all ciphers are supported (ssh2 only) */ +int ciphers_valid(const char *names); + /* * Selects the cipher to use and sets the key. If for_encryption is true, * the key is setup for encryption; otherwise it is setup for decryption. */ -void +void cipher_set_key(CipherContext * context, int cipher, - const unsigned char *key, int keylen, int for_encryption); + const unsigned char *key, int keylen); +void +cipher_set_key_iv(CipherContext * context, int cipher, + const unsigned char *key, int keylen, + const unsigned char *iv, int ivlen); /* * Sets key for the cipher by computing the MD5 checksum of the passphrase, * and using the resulting 16 bytes as the key. */ -void +void cipher_set_key_string(CipherContext * context, int cipher, - const char *passphrase, int for_encryption); + const char *passphrase); /* Encrypts data using the cipher. */ -void +void cipher_encrypt(CipherContext * context, unsigned char *dest, const unsigned char *src, unsigned int len); /* Decrypts data using the cipher. */ -void +void cipher_decrypt(CipherContext * context, unsigned char *dest, const unsigned char *src, unsigned int len); diff --git a/crypto/openssh/fingerprint.c b/crypto/openssh/fingerprint.c index c219abb..38a2e64 100644 --- a/crypto/openssh/fingerprint.c +++ b/crypto/openssh/fingerprint.c @@ -30,7 +30,7 @@ */ #include "includes.h" -RCSID("$Id: fingerprint.c,v 1.5 2000/03/16 20:56:14 markus Exp $"); +RCSID("$Id: fingerprint.c,v 1.6 2000/04/12 09:39:10 markus Exp $"); #include "ssh.h" #include "xmalloc.h" diff --git a/crypto/openssh/hostfile.c b/crypto/openssh/hostfile.c index 03be7e0..e80643c 100644 --- a/crypto/openssh/hostfile.c +++ b/crypto/openssh/hostfile.c @@ -1,21 +1,21 @@ /* - * + * * hostfile.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Thu Jun 29 07:10:56 1995 ylo - * + * * Functions for manipulating the known hosts files. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.14 2000/03/23 22:15:33 markus Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.18 2000/04/29 18:11:52 markus Exp $"); #include "packet.h" #include "match.h" @@ -40,13 +40,8 @@ hostfile_read_key(char **cpp, unsigned int *bitsp, Key *ret) for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++) ; - /* Get number of bits. */ - if (*cp < '0' || *cp > '9') - return 0; /* Bad bit count... */ - for (bits = 0; *cp >= '0' && *cp <= '9'; cp++) - bits = 10 * bits + *cp - '0'; - - if (!key_read(ret, bits, &cp)) + bits = key_read(ret, &cp); + if (bits == 0) return 0; /* Skip trailing whitespace. */ @@ -76,10 +71,10 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) return 1; if (bits != BN_num_bits(key->rsa->n)) { - error("Warning: %s, line %d: keysize mismatch for host %s: " + log("Warning: %s, line %d: keysize mismatch for host %s: " "actual %d vs. announced %d.", filename, linenum, host, BN_num_bits(key->rsa->n), bits); - error("Warning: replace %d with %d in %s, line %d.", + log("Warning: replace %d with %d in %s, line %d.", bits, BN_num_bits(key->rsa->n), filename, linenum); } return 1; @@ -183,24 +178,18 @@ add_host_to_hostfile(const char *filename, const char *host, Key *key) { FILE *f; int success = 0; - if (key == NULL) - return 1; - - /* Open the file for appending. */ + return 1; /* XXX ? */ f = fopen(filename, "a"); if (!f) return 0; - fprintf(f, "%s ", host); if (key_write(key, f)) { - fprintf(f, "\n"); success = 1; } else { - error("add_host_to_hostfile: saving key failed"); + error("add_host_to_hostfile: saving key in %s failed", filename); } - - /* Close the file. */ + fprintf(f, "\n"); fclose(f); return success; } diff --git a/crypto/openssh/includes.h b/crypto/openssh/includes.h index 7ec6e5c..c6f9363 100644 --- a/crypto/openssh/includes.h +++ b/crypto/openssh/includes.h @@ -1,16 +1,16 @@ /* - * + * * includes.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Thu Mar 23 16:29:37 1995 ylo - * + * * This file includes most of the needed system headers. - * + * * $FreeBSD$ */ @@ -63,34 +63,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } /* * Define this to use pipes instead of socketpairs for communicating with the * client program. Socketpairs do not seem to work on all systems. - * Although pipes are bi-directional in FreeBSD, using pipes here will - * make <stdin> uni-directional ! */ -/* #define USE_PIPES 1 */ - -#if defined(__FreeBSD__) && __FreeBSD__ <= 3 -/* - * Data types. - */ -typedef u_char sa_family_t; -typedef u_int32_t socklen_t; - -/* - * bsd-api-new-02a: protocol-independent placeholder for socket addresses - */ -#define _SS_MAXSIZE 128 -#define _SS_ALIGNSIZE (sizeof(int64_t)) -#define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_char) * 2) -#define _SS_PAD2SIZE (_SS_MAXSIZE - sizeof(u_char) * 2 - \ - _SS_PAD1SIZE - _SS_ALIGNSIZE) - -struct sockaddr_storage { - u_char ss_len; /* address length */ - sa_family_t ss_family; /* address family */ - char __ss_pad1[_SS_PAD1SIZE]; - int64_t __ss_align; /* force desired structure storage alignment */ - char __ss_pad2[_SS_PAD2SIZE]; -}; -#endif +#define USE_PIPES 1 #endif /* INCLUDES_H */ diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index 1834420..47720b2 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -40,6 +40,10 @@ #include <openssl/evp.h> #include "xmalloc.h" #include "key.h" +#include "dsa.h" +#include "uuencode.h" + +#define SSH_DSS "ssh-dss" Key * key_new(int type) @@ -49,6 +53,8 @@ key_new(int type) DSA *dsa; k = xmalloc(sizeof(*k)); k->type = type; + k->dsa = NULL; + k->rsa = NULL; switch (k->type) { case KEY_RSA: rsa = RSA_new(); @@ -65,8 +71,6 @@ key_new(int type) k->dsa = dsa; break; case KEY_EMPTY: - k->dsa = NULL; - k->rsa = NULL; break; default: fatal("key_new: bad key type %d", k->type); @@ -113,7 +117,7 @@ key_equal(Key *a, Key *b) BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; break; default: - fatal("key_free: bad key type %d", a->type); + fatal("key_equal: bad key type %d", a->type); break; } return 0; @@ -129,46 +133,37 @@ char * key_fingerprint(Key *k) { static char retval[80]; - unsigned char *buf = NULL; + unsigned char *blob = NULL; int len = 0; - int nlen, elen, plen, qlen, glen, publen; + int nlen, elen; switch (k->type) { case KEY_RSA: nlen = BN_num_bytes(k->rsa->n); elen = BN_num_bytes(k->rsa->e); len = nlen + elen; - buf = xmalloc(len); - BN_bn2bin(k->rsa->n, buf); - BN_bn2bin(k->rsa->e, buf + nlen); + blob = xmalloc(len); + BN_bn2bin(k->rsa->n, blob); + BN_bn2bin(k->rsa->e, blob + nlen); break; case KEY_DSA: - plen = BN_num_bytes(k->dsa->p); - qlen = BN_num_bytes(k->dsa->q); - glen = BN_num_bytes(k->dsa->g); - publen = BN_num_bytes(k->dsa->pub_key); - len = qlen + qlen + glen + publen; - buf = xmalloc(len); - BN_bn2bin(k->dsa->p, buf); - BN_bn2bin(k->dsa->q, buf + plen); - BN_bn2bin(k->dsa->g, buf + plen + qlen); - BN_bn2bin(k->dsa->pub_key , buf + plen + qlen + glen); + dsa_make_key_blob(k, &blob, &len); break; default: fatal("key_fingerprint: bad key type %d", k->type); break; } - if (buf != NULL) { + if (blob != NULL) { unsigned char d[16]; EVP_MD_CTX md; EVP_DigestInit(&md, EVP_md5()); - EVP_DigestUpdate(&md, buf, len); + EVP_DigestUpdate(&md, blob, len); EVP_DigestFinal(&md, d, NULL); snprintf(retval, sizeof(retval), FPRINT, d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); - memset(buf, 0, len); - xfree(buf); + memset(blob, 0, len); + xfree(blob); } return retval; } @@ -228,13 +223,27 @@ write_bignum(FILE *f, BIGNUM *num) free(buf); return 1; } -int -key_read(Key *ret, unsigned int bits, char **cpp) +unsigned int +key_read(Key *ret, char **cpp) { + Key *k; + unsigned int bits = 0; + char *cp; + int len, n; + unsigned char *blob; + + cp = *cpp; + switch(ret->type) { case KEY_RSA: + /* Get number of bits. */ + if (*cp < '0' || *cp > '9') + return 0; /* Bad bit count... */ + for (bits = 0; *cp >= '0' && *cp <= '9'; cp++) + bits = 10 * bits + *cp - '0'; if (bits == 0) return 0; + *cpp = cp; /* Get public exponent, public modulus. */ if (!read_bignum(cpp, ret->rsa->e)) return 0; @@ -242,22 +251,36 @@ key_read(Key *ret, unsigned int bits, char **cpp) return 0; break; case KEY_DSA: - if (bits != 0) - return 0; - if (!read_bignum(cpp, ret->dsa->p)) + if (strncmp(cp, SSH_DSS " ", 7) != 0) return 0; - if (!read_bignum(cpp, ret->dsa->q)) + cp += 7; + len = 2*strlen(cp); + blob = xmalloc(len); + n = uudecode(cp, blob, len); + if (n < 0) { + error("uudecode %s failed", cp); return 0; - if (!read_bignum(cpp, ret->dsa->g)) - return 0; - if (!read_bignum(cpp, ret->dsa->pub_key)) + } + k = dsa_key_from_blob(blob, n); + if (k == NULL) + return 0; + xfree(blob); + if (ret->dsa != NULL) + DSA_free(ret->dsa); + ret->dsa = k->dsa; + k->dsa = NULL; + key_free(k); + bits = BN_num_bits(ret->dsa->p); + cp = strchr(cp, '='); + if (cp == NULL) return 0; + *cpp = cp + 1; break; default: - fatal("bad key type: %d", ret->type); + fatal("key_read: bad key type: %d", ret->type); break; } - return 1; + return bits; } int key_write(Key *key, FILE *f) @@ -276,17 +299,30 @@ key_write(Key *key, FILE *f) error("key_write: failed for RSA key"); } } else if (key->type == KEY_DSA && key->dsa != NULL) { - /* bits == 0 means DSA key */ - bits = 0; - fprintf(f, "%u", bits); - if (write_bignum(f, key->dsa->p) && - write_bignum(f, key->dsa->q) && - write_bignum(f, key->dsa->g) && - write_bignum(f, key->dsa->pub_key)) { + int len, n; + unsigned char *blob, *uu; + dsa_make_key_blob(key, &blob, &len); + uu = xmalloc(2*len); + n = uuencode(blob, len, uu, 2*len); + if (n > 0) { + fprintf(f, "%s %s", SSH_DSS, uu); success = 1; - } else { - error("key_write: failed for DSA key"); } + xfree(blob); + xfree(uu); } return success; } +char * +key_type(Key *k) +{ + switch (k->type) { + case KEY_RSA: + return "RSA"; + break; + case KEY_DSA: + return "DSA"; + break; + } + return "unknown"; +} diff --git a/crypto/openssh/login.c b/crypto/openssh/login.c index 6bfba25..42a7af5 100644 --- a/crypto/openssh/login.c +++ b/crypto/openssh/login.c @@ -1,25 +1,25 @@ /* - * + * * login.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 24 14:51:08 1995 ylo - * + * * This file performs some of the things login(1) normally does. We cannot * easily use something like login -p -h host -f user, because there are * several different logins around, and it is hard to determined what kind of * login the current system has. Also, we want to be able to execute commands * on a tty. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: login.c,v 1.11 2000/01/04 00:07:59 markus Exp $"); +RCSID("$Id: login.c,v 1.13 2000/04/19 07:05:49 deraadt Exp $"); #ifdef __FreeBSD__ #include <libutil.h> @@ -40,7 +40,7 @@ RCSID("$Id: login.c,v 1.11 2000/01/04 00:07:59 markus Exp $"); * is found). The name of the host used last time is returned in buf. */ -unsigned long +unsigned long get_last_login_time(uid_t uid, const char *logname, char *buf, unsigned int bufsize) { @@ -72,8 +72,8 @@ get_last_login_time(uid_t uid, const char *logname, * were more standardized. */ -void -record_login(int pid, const char *ttyname, const char *user, uid_t uid, +void +record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, const char *host, struct sockaddr * addr) { int fd; @@ -120,8 +120,8 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid, /* Records that the user has logged out. */ -void -record_logout(int pid, const char *ttyname) +void +record_logout(pid_t pid, const char *ttyname) { const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */ if (logout(line)) diff --git a/crypto/openssh/mpaux.c b/crypto/openssh/mpaux.c index ce3e367..dc51419 100644 --- a/crypto/openssh/mpaux.c +++ b/crypto/openssh/mpaux.c @@ -1,22 +1,22 @@ /* - * + * * mpaux.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sun Jul 16 04:29:30 1995 ylo - * + * * This file contains various auxiliary functions related to multiple * precision integers. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: mpaux.c,v 1.9 1999/12/08 22:37:42 markus Exp $"); +RCSID("$Id: mpaux.c,v 1.12 2000/04/14 10:30:32 markus Exp $"); #include <openssl/bn.h> #include "getput.h" @@ -26,9 +26,9 @@ RCSID("$Id: mpaux.c,v 1.9 1999/12/08 22:37:42 markus Exp $"); void compute_session_id(unsigned char session_id[16], - unsigned char cookie[8], - BIGNUM* host_key_n, - BIGNUM* session_key_n) + unsigned char cookie[8], + BIGNUM* host_key_n, + BIGNUM* session_key_n) { unsigned int host_key_bytes = BN_num_bytes(host_key_n); unsigned int session_key_bytes = BN_num_bytes(session_key_n); diff --git a/crypto/openssh/packet.h b/crypto/openssh/packet.h index 791b354..876f8cb 100644 --- a/crypto/openssh/packet.h +++ b/crypto/openssh/packet.h @@ -1,20 +1,20 @@ /* - * + * * packet.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Mar 18 02:02:14 1995 ylo - * + * * Interface for the packet protocol functions. - * + * * $FreeBSD$ */ -/* RCSID("$Id: packet.h,v 1.10 2000/03/16 20:56:14 markus Exp $"); */ +/* RCSID("$Id: packet.h,v 1.15 2000/04/14 10:30:32 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -48,7 +48,7 @@ void packet_close(void); * key is used for both sending and reception. However, both directions are * encrypted independently of each other. Cipher types are defined in ssh.h. */ -void +void packet_set_encryption_key(const unsigned char *key, unsigned int keylen, int cipher_type); @@ -84,9 +84,12 @@ void packet_put_int(unsigned int value); /* Appends an arbitrary precision integer to packet data. */ void packet_put_bignum(BIGNUM * value); +void packet_put_bignum2(BIGNUM * value); /* Appends a string to packet data. */ void packet_put_string(const char *buf, unsigned int len); +void packet_put_cstring(const char *str); +void packet_put_raw(const char *buf, unsigned int len); /* * Finalizes and sends the packet. If the encryption key has been set, @@ -130,6 +133,8 @@ unsigned int packet_get_int(void); * must have been initialized before this call. */ void packet_get_bignum(BIGNUM * value, int *length_ptr); +void packet_get_bignum2(BIGNUM * value, int *length_ptr); +char *packet_get_raw(int *length_ptr); /* * Returns a string from the packet data. The string is allocated using @@ -192,8 +197,24 @@ do { \ } \ } while (0) +#define packet_done() \ +do { \ + int _len = packet_remaining(); \ + if (_len > 0) { \ + log("Packet integrity error (%d bytes remaining) at %s:%d", \ + _len ,__FILE__, __LINE__); \ + packet_disconnect("Packet integrity error."); \ + } \ +} while (0) + /* remote host is connected via a socket/ipv4 */ int packet_connection_is_on_socket(void); int packet_connection_is_ipv4(void); +/* enable SSH2 packet format */ +void packet_set_ssh2_format(void); + +/* returns remaining payload bytes */ +int packet_remaining(void); + #endif /* PACKET_H */ diff --git a/crypto/openssh/pty.c b/crypto/openssh/pty.c index c354529..d14a03f 100644 --- a/crypto/openssh/pty.c +++ b/crypto/openssh/pty.c @@ -1,27 +1,27 @@ /* - * + * * pty.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 17 04:37:25 1995 ylo - * + * * Allocating a pseudo-terminal, and making it the controlling tty. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: pty.c,v 1.12 2000/02/15 16:52:58 markus Exp $"); +RCSID("$Id: pty.c,v 1.13 2000/04/14 10:30:32 markus Exp $"); #ifdef __FreeBSD__ #include <libutil.h> #else #include <util.h> -#endif +#endif /* __FreeBSD__ */ #include "pty.h" #include "ssh.h" @@ -41,7 +41,7 @@ RCSID("$Id: pty.c,v 1.12 2000/02/15 16:52:58 markus Exp $"); * returned (the buffer must be able to hold at least 64 characters). */ -int +int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) { #if defined(HAVE_OPENPTY) || defined(BSD4_4) @@ -179,7 +179,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) /* Releases the tty. Its ownership is returned to root, and permissions to 0666. */ -void +void pty_release(const char *ttyname) { if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0) @@ -190,7 +190,7 @@ pty_release(const char *ttyname) /* Makes the tty the processes controlling tty and sets it to sane modes. */ -void +void pty_make_controlling_tty(int *ttyfd, const char *ttyname) { int fd; @@ -243,7 +243,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) /* Changes the window size associated with the pty. */ -void +void pty_change_window_size(int ptyfd, int row, int col, int xpixel, int ypixel) { diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 8dd81cf..cf7cd14 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -1,26 +1,28 @@ /* - * + * * readconf.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Apr 22 00:03:10 1995 ylo - * + * * Functions for reading the configuration files. - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.23 2000/02/28 19:51:58 markus Exp $"); +RCSID("$Id: readconf.c,v 1.31 2000/05/08 17:12:15 markus Exp $"); #include "ssh.h" #include "cipher.h" #include "readconf.h" +#include "match.h" #include "xmalloc.h" +#include "compat.h" /* Format of the configuration file: @@ -106,7 +108,8 @@ typedef enum { oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, - oUsePrivilegedPort, oLogLevel + oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oIdentityFile2, + oGlobalKnownHostsFile2, oUserKnownHostsFile2, oDSAAuthentication } OpCodes; /* Textual representations of the tokens. */ @@ -122,6 +125,7 @@ static struct { { "rhostsauthentication", oRhostsAuthentication }, { "passwordauthentication", oPasswordAuthentication }, { "rsaauthentication", oRSAAuthentication }, + { "dsaauthentication", oDSAAuthentication }, { "skeyauthentication", oSkeyAuthentication }, #ifdef KRB4 { "kerberos4authentication", oKrb4Authentication }, @@ -137,10 +141,13 @@ static struct { { "fallbacktorsh", oFallBackToRsh }, { "usersh", oUseRsh }, { "identityfile", oIdentityFile }, + { "identityfile2", oIdentityFile2 }, { "hostname", oHostName }, { "proxycommand", oProxyCommand }, { "port", oPort }, { "cipher", oCipher }, + { "ciphers", oCiphers }, + { "protocol", oProtocol }, { "remoteforward", oRemoteForward }, { "localforward", oLocalForward }, { "user", oUser }, @@ -149,6 +156,8 @@ static struct { { "rhostsrsaauthentication", oRhostsRSAAuthentication }, { "globalknownhostsfile", oGlobalKnownHostsFile }, { "userknownhostsfile", oUserKnownHostsFile }, + { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, + { "userknownhostsfile2", oUserKnownHostsFile2 }, { "connectionattempts", oConnectionAttempts }, { "batchmode", oBatchMode }, { "checkhostip", oCheckHostIP }, @@ -171,7 +180,7 @@ static struct { * error. */ -void +void add_local_forward(Options *options, u_short port, const char *host, u_short host_port) { @@ -192,7 +201,7 @@ add_local_forward(Options *options, u_short port, const char *host, * an error. */ -void +void add_remote_forward(Options *options, u_short port, const char *host, u_short host_port) { @@ -211,7 +220,7 @@ add_remote_forward(Options *options, u_short port, const char *host, * returns if the token is not known. */ -static OpCodes +static OpCodes parse_token(const char *cp, const char *filename, int linenum) { unsigned int i; @@ -290,6 +299,10 @@ parse_flag: intptr = &options->password_authentication; goto parse_flag; + case oDSAAuthentication: + intptr = &options->dsa_authentication; + goto parse_flag; + case oRSAAuthentication: intptr = &options->rsa_authentication; goto parse_flag; @@ -382,14 +395,22 @@ parse_flag: goto parse_int; case oIdentityFile: + case oIdentityFile2: cp = strtok(NULL, WHITESPACE); if (!cp) fatal("%.200s line %d: Missing argument.", filename, linenum); if (*activep) { - if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES) + intptr = (opcode == oIdentityFile) ? + &options->num_identity_files : + &options->num_identity_files2; + if (*intptr >= SSH_MAX_IDENTITY_FILES) fatal("%.200s line %d: Too many identity files specified (max %d).", filename, linenum, SSH_MAX_IDENTITY_FILES); - options->identity_files[options->num_identity_files++] = xstrdup(cp); + charptr = (opcode == oIdentityFile) ? + &options->identity_files[*intptr] : + &options->identity_files2[*intptr]; + *charptr = xstrdup(cp); + *intptr = *intptr + 1; } break; @@ -411,6 +432,14 @@ parse_string: charptr = &options->user_hostfile; goto parse_string; + case oGlobalKnownHostsFile2: + charptr = &options->system_hostfile2; + goto parse_string; + + case oUserKnownHostsFile2: + charptr = &options->user_hostfile2; + goto parse_string; + case oHostName: charptr = &options->hostname; goto parse_string; @@ -461,6 +490,26 @@ parse_int: *intptr = value; break; + case oCiphers: + cp = strtok(NULL, WHITESPACE); + if (!ciphers_valid(cp)) + fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", + filename, linenum, cp ? cp : "<NONE>"); + if (*activep && options->ciphers == NULL) + options->ciphers = xstrdup(cp); + break; + + case oProtocol: + intptr = &options->protocol; + cp = strtok(NULL, WHITESPACE); + value = proto_spec(cp); + if (value == SSH_PROTO_UNKNOWN) + fatal("%.200s line %d: Bad protocol spec '%s'.", + filename, linenum, cp ? cp : "<NONE>"); + if (*activep && *intptr == SSH_PROTO_UNKNOWN) + *intptr = value; + break; + case oLogLevel: intptr = (int *) &options->log_level; cp = strtok(NULL, WHITESPACE); @@ -561,7 +610,7 @@ parse_int: * there is an error. If the file does not exist, this returns immediately. */ -void +void read_config_file(const char *filename, const char *host, Options *options) { FILE *f; @@ -601,7 +650,7 @@ read_config_file(const char *filename, const char *host, Options *options) * system config file. Last, fill_default_options is called. */ -void +void initialize_options(Options * options) { memset(options, 'X', sizeof(*options)); @@ -611,6 +660,7 @@ initialize_options(Options * options) options->use_privileged_port = -1; options->rhosts_authentication = -1; options->rsa_authentication = -1; + options->dsa_authentication = -1; options->skey_authentication = -1; #ifdef KRB4 options->krb4_authentication = -1; @@ -637,13 +687,18 @@ initialize_options(Options * options) options->connection_attempts = -1; options->number_of_password_prompts = -1; options->cipher = -1; + options->ciphers = NULL; + options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; + options->num_identity_files2 = 0; options->hostname = NULL; options->proxy_command = NULL; options->user = NULL; options->escape_char = -1; options->system_hostfile = NULL; options->user_hostfile = NULL; + options->system_hostfile2 = NULL; + options->user_hostfile2 = NULL; options->num_local_forwards = 0; options->num_remote_forwards = 0; options->log_level = (LogLevel) - 1; @@ -654,7 +709,7 @@ initialize_options(Options * options) * options for which no value has been specified with their default values. */ -void +void fill_default_options(Options * options) { if (options->forward_agent == -1) @@ -669,6 +724,8 @@ fill_default_options(Options * options) options->rhosts_authentication = 1; if (options->rsa_authentication == -1) options->rsa_authentication = 1; + if (options->dsa_authentication == -1) + options->dsa_authentication = 1; if (options->skey_authentication == -1) options->skey_authentication = 0; #ifdef KRB4 @@ -716,18 +773,31 @@ fill_default_options(Options * options) /* Selected in ssh_login(). */ if (options->cipher == -1) options->cipher = SSH_CIPHER_NOT_SET; + /* options->ciphers, default set in myproposals.h */ + if (options->protocol == SSH_PROTO_UNKNOWN) + options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED; if (options->num_identity_files == 0) { options->identity_files[0] = xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1); sprintf(options->identity_files[0], "~/%.100s", SSH_CLIENT_IDENTITY); options->num_identity_files = 1; } + if (options->num_identity_files2 == 0) { + options->identity_files2[0] = + xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1); + sprintf(options->identity_files2[0], "~/%.100s", SSH_CLIENT_ID_DSA); + options->num_identity_files2 = 1; + } if (options->escape_char == -1) options->escape_char = '~'; if (options->system_hostfile == NULL) options->system_hostfile = SSH_SYSTEM_HOSTFILE; if (options->user_hostfile == NULL) options->user_hostfile = SSH_USER_HOSTFILE; + if (options->system_hostfile2 == NULL) + options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2; + if (options->user_hostfile2 == NULL) + options->user_hostfile2 = SSH_USER_HOSTFILE2; if (options->log_level == (LogLevel) - 1) options->log_level = SYSLOG_LEVEL_INFO; /* options->proxy_command should not be set by default */ diff --git a/crypto/openssh/readconf.h b/crypto/openssh/readconf.h index 5d511aa..d7f44be 100644 --- a/crypto/openssh/readconf.h +++ b/crypto/openssh/readconf.h @@ -1,20 +1,20 @@ /* - * + * * readconf.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Apr 22 00:25:29 1995 ylo - * + * * Functions for reading the configuration file. - * + * * $FreeBSD$ */ -/* RCSID("$Id: readconf.h,v 1.13 1999/12/01 13:59:15 markus Exp $"); */ +/* RCSID("$Id: readconf.h,v 1.18 2000/05/08 17:12:15 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -37,6 +37,7 @@ typedef struct { int rhosts_rsa_authentication; /* Try rhosts with RSA * authentication. */ int rsa_authentication; /* Try RSA authentication. */ + int dsa_authentication; /* Try DSA authentication. */ int skey_authentication; /* Try S/Key or TIS authentication. */ #ifdef KRB4 int krb4_authentication; /* Try Kerberos v4 @@ -71,6 +72,8 @@ typedef struct { int number_of_password_prompts; /* Max number of password * prompts. */ int cipher; /* Cipher to use. */ + char *ciphers; /* SSH2 ciphers in order of preference. */ + int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *proxy_command; /* Proxy command for connecting the host. */ char *user; /* User to log in as. */ @@ -78,9 +81,13 @@ typedef struct { char *system_hostfile;/* Path for /etc/ssh_known_hosts. */ char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */ + char *system_hostfile2; + char *user_hostfile2; int num_identity_files; /* Number of files for RSA identities. */ + int num_identity_files2; /* DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; + char *identity_files2[SSH_MAX_IDENTITY_FILES]; /* Local TCP/IP forward requests. */ int num_local_forwards; @@ -111,7 +118,7 @@ void fill_default_options(Options * options); * only sets those values that have not already been set. Returns 0 for legal * options */ -int +int process_config_line(Options * options, const char *host, char *line, const char *filename, int linenum, int *activep); @@ -121,7 +128,7 @@ process_config_line(Options * options, const char *host, * should already be initialized before this call. This never returns if * there is an error. If the file does not exist, this returns immediately. */ -void +void read_config_file(const char *filename, const char *host, Options * options); @@ -129,7 +136,7 @@ read_config_file(const char *filename, const char *host, * Adds a local TCP/IP port forward to options. Never returns if there is an * error. */ -void +void add_local_forward(Options * options, u_short port, const char *host, u_short host_port); @@ -137,7 +144,7 @@ add_local_forward(Options * options, u_short port, const char *host, * Adds a remote TCP/IP port forward to options. Never returns if there is * an error. */ -void +void add_remote_forward(Options * options, u_short port, const char *host, u_short host_port); diff --git a/crypto/openssh/rsa.c b/crypto/openssh/rsa.c index 4098470..725da1b 100644 --- a/crypto/openssh/rsa.c +++ b/crypto/openssh/rsa.c @@ -1,43 +1,42 @@ /* - * + * * rsa.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 3 22:07:06 1995 ylo - * + * * Description of the RSA algorithm can be found e.g. from the following sources: - * + * * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. - * + * * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to * Computer Security. Prentice-Hall, 1989. - * + * * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill, * 1994. - * + * * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications * System and Method. US Patent 4,405,829, 1983. - * + * * Hans Riesel: Prime Numbers and Computer Methods for Factorization. * Birkhauser, 1994. - * + * * The RSA Frequently Asked Questions document by RSA Data Security, Inc., 1995. - * + * * RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as included * below: - * + * * [gone - had to be deleted - what a pity] * * $FreeBSD$ - * */ #include "includes.h" -RCSID("$Id: rsa.c,v 1.13 2000/03/16 20:56:14 markus Exp $"); +RCSID("$Id: rsa.c,v 1.14 2000/04/14 10:30:32 markus Exp $"); #include "rsa.h" #include "ssh.h" diff --git a/crypto/openssh/rsa.h b/crypto/openssh/rsa.h index c5c601f..878e9b0 100644 --- a/crypto/openssh/rsa.h +++ b/crypto/openssh/rsa.h @@ -1,20 +1,20 @@ /* - * + * * rsa.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 3 22:01:06 1995 ylo - * + * * RSA key generation, encryption and decryption. - * + * * $FreeBSD$ */ -/* RCSID("$Id: rsa.h,v 1.4 1999/11/24 19:53:50 markus Exp $"); */ +/* RCSID("$Id: rsa.h,v 1.6 2000/04/14 10:30:32 markus Exp $"); */ #ifndef RSA_H #define RSA_H diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 0fcd4ee..9f35d4a 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -1,30 +1,31 @@ /* - * + * * servconf.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Aug 21 15:48:58 1995 ylo - * + * * $FreeBSD$ */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.31 2000/03/07 20:40:41 markus Exp $"); +RCSID("$Id: servconf.c,v 1.40 2000/05/08 17:12:15 markus Exp $"); #include "ssh.h" #include "servconf.h" #include "xmalloc.h" +#include "compat.h" /* add listen address */ void add_listen_addr(ServerOptions *options, char *addr); /* Initializes the server options to their default values. */ -void +void initialize_server_options(ServerOptions *options) { memset(options, 0, sizeof(*options)); @@ -32,6 +33,8 @@ initialize_server_options(ServerOptions *options) options->ports_from_cmdline = 0; options->listen_addrs = NULL; options->host_key_file = NULL; + options->host_dsa_key_file = NULL; + options->pid_file = NULL; options->server_key_bits = -1; options->login_grace_time = -1; options->key_regeneration_time = -1; @@ -49,6 +52,7 @@ initialize_server_options(ServerOptions *options) options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->rsa_authentication = -1; + options->dsa_authentication = -1; #ifdef KRB4 options->krb4_authentication = -1; options->krb4_or_local_passwd = -1; @@ -72,11 +76,14 @@ initialize_server_options(ServerOptions *options) options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; + options->ciphers = NULL; + options->protocol = SSH_PROTO_UNKNOWN; + options->gateway_ports = -1; options->connections_per_period = 0; options->connections_period = 0; } -void +void fill_default_server_options(ServerOptions *options) { if (options->num_ports == 0) @@ -85,6 +92,10 @@ fill_default_server_options(ServerOptions *options) add_listen_addr(options, NULL); if (options->host_key_file == NULL) options->host_key_file = HOST_KEY_FILE; + if (options->host_dsa_key_file == NULL) + options->host_dsa_key_file = HOST_DSA_KEY_FILE; + if (options->pid_file == NULL) + options->pid_file = SSH_DAEMON_PID_FILE; if (options->server_key_bits == -1) options->server_key_bits = 768; if (options->login_grace_time == -1) @@ -119,6 +130,8 @@ fill_default_server_options(ServerOptions *options) options->rhosts_rsa_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; + if (options->dsa_authentication == -1) + options->dsa_authentication = 1; #ifdef KRB4 if (options->krb4_authentication == -1) options->krb4_authentication = (access(KEYFILE, R_OK) == 0); @@ -149,6 +162,10 @@ fill_default_server_options(ServerOptions *options) options->permit_empty_passwd = 0; if (options->use_login == -1) options->use_login = 0; + if (options->protocol == SSH_PROTO_UNKNOWN) + options->protocol = SSH_PROTO_1|SSH_PROTO_2; + if (options->gateway_ports == -1) + options->gateway_ports = 0; } #define WHITESPACE " \t\r\n" @@ -175,7 +192,8 @@ typedef enum { sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, - sIgnoreUserKnownHosts, sConnectionsPerPeriod + sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile, + sGatewayPorts, sDSAAuthentication, sConnectionsPerPeriod } ServerOpCodes; /* Textual representation of the tokens. */ @@ -185,6 +203,8 @@ static struct { } keywords[] = { { "port", sPort }, { "hostkey", sHostKeyFile }, + { "hostdsakey", sHostDSAKeyFile }, + { "pidfile", sPidFile }, { "serverkeybits", sServerKeyBits }, { "logingracetime", sLoginGraceTime }, { "keyregenerationinterval", sKeyRegenerationTime }, @@ -194,6 +214,7 @@ static struct { { "rhostsauthentication", sRhostsAuthentication }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "rsaauthentication", sRSAAuthentication }, + { "dsaauthentication", sDSAAuthentication }, #ifdef KRB4 { "kerberos4authentication", sKrb4Authentication }, { "kerberos4orlocalpasswd", sKrb4OrLocalPasswd }, @@ -227,6 +248,9 @@ static struct { { "denyusers", sDenyUsers }, { "allowgroups", sAllowGroups }, { "denygroups", sDenyGroups }, + { "ciphers", sCiphers }, + { "protocol", sProtocol }, + { "gatewayports", sGatewayPorts }, { "connectionsperperiod", sConnectionsPerPeriod }, { NULL, 0 } }; @@ -236,7 +260,7 @@ static struct { * returns if the token is not known. */ -static ServerOpCodes +static ServerOpCodes parse_token(const char *cp, const char *filename, int linenum) { @@ -254,7 +278,7 @@ parse_token(const char *cp, const char *filename, /* * add listen address */ -void +void add_listen_addr(ServerOptions *options, char *addr) { extern int IPv4or6; @@ -284,7 +308,7 @@ add_listen_addr(ServerOptions *options, char *addr) /* Reads the server configuration file. */ -void +void read_server_config(ServerOptions *options, const char *filename) { FILE *f; @@ -320,7 +344,7 @@ read_server_config(ServerOptions *options, const char *filename) "ListenAdress.\n", filename, linenum); if (options->num_ports >= MAX_PORTS) fatal("%s line %d: too many ports.\n", - filename, linenum); + filename, linenum); cp = strtok(NULL, WHITESPACE); if (!cp) fatal("%s line %d: missing port number.\n", @@ -363,11 +387,25 @@ parse_int: break; case sHostKeyFile: - charptr = &options->host_key_file; + case sHostDSAKeyFile: + charptr = (opcode == sHostKeyFile ) ? + &options->host_key_file : &options->host_dsa_key_file; cp = strtok(NULL, WHITESPACE); if (!cp) { fprintf(stderr, "%s line %d: missing file name.\n", - filename, linenum); + filename, linenum); + exit(1); + } + if (*charptr == NULL) + *charptr = tilde_expand_filename(cp, getuid()); + break; + + case sPidFile: + charptr = &options->pid_file; + cp = strtok(NULL, WHITESPACE); + if (!cp) { + fprintf(stderr, "%s line %d: missing file name.\n", + filename, linenum); exit(1); } if (*charptr == NULL) @@ -441,6 +479,10 @@ parse_flag: intptr = &options->rsa_authentication; goto parse_flag; + case sDSAAuthentication: + intptr = &options->dsa_authentication; + goto parse_flag; + #ifdef KRB4 case sKrb4Authentication: intptr = &options->krb4_authentication; @@ -517,13 +559,17 @@ parse_flag: intptr = &options->use_login; goto parse_flag; + case sGatewayPorts: + intptr = &options->gateway_ports; + goto parse_flag; + case sLogFacility: intptr = (int *) &options->log_facility; cp = strtok(NULL, WHITESPACE); value = log_facility_number(cp); if (value == (SyslogFacility) - 1) fatal("%.200s line %d: unsupported log facility '%s'\n", - filename, linenum, cp ? cp : "<NONE>"); + filename, linenum, cp ? cp : "<NONE>"); if (*intptr == -1) *intptr = (SyslogFacility) value; break; @@ -534,7 +580,7 @@ parse_flag: value = log_level_number(cp); if (value == (LogLevel) - 1) fatal("%.200s line %d: unsupported log level '%s'\n", - filename, linenum, cp ? cp : "<NONE>"); + filename, linenum, cp ? cp : "<NONE>"); if (*intptr == -1) *intptr = (LogLevel) value; break; @@ -542,17 +588,16 @@ parse_flag: case sAllowUsers: while ((cp = strtok(NULL, WHITESPACE))) { if (options->num_allow_users >= MAX_ALLOW_USERS) - fatal("%.200s line %d: too many allow users.\n", filename, - linenum); + fatal("%.200s line %d: too many allow users.\n", + filename, linenum); options->allow_users[options->num_allow_users++] = xstrdup(cp); } break; case sDenyUsers: while ((cp = strtok(NULL, WHITESPACE))) { - if (options->num_deny_users >= MAX_DENY_USERS) - fatal("%.200s line %d: too many deny users.\n", filename, - linenum); + fatal("%.200s line %d: too many deny users.\n", + filename, linenum); options->deny_users[options->num_deny_users++] = xstrdup(cp); } break; @@ -560,8 +605,8 @@ parse_flag: case sAllowGroups: while ((cp = strtok(NULL, WHITESPACE))) { if (options->num_allow_groups >= MAX_ALLOW_GROUPS) - fatal("%.200s line %d: too many allow groups.\n", filename, - linenum); + fatal("%.200s line %d: too many allow groups.\n", + filename, linenum); options->allow_groups[options->num_allow_groups++] = xstrdup(cp); } break; @@ -569,12 +614,32 @@ parse_flag: case sDenyGroups: while ((cp = strtok(NULL, WHITESPACE))) { if (options->num_deny_groups >= MAX_DENY_GROUPS) - fatal("%.200s line %d: too many deny groups.\n", filename, - linenum); + fatal("%.200s line %d: too many deny groups.\n", + filename, linenum); options->deny_groups[options->num_deny_groups++] = xstrdup(cp); } break; + case sCiphers: + cp = strtok(NULL, WHITESPACE); + if (!ciphers_valid(cp)) + fatal("%s line %d: Bad SSH2 cipher spec '%s'.", + filename, linenum, cp ? cp : "<NONE>"); + if (options->ciphers == NULL) + options->ciphers = xstrdup(cp); + break; + + case sProtocol: + intptr = &options->protocol; + cp = strtok(NULL, WHITESPACE); + value = proto_spec(cp); + if (value == SSH_PROTO_UNKNOWN) + fatal("%s line %d: Bad protocol spec '%s'.", + filename, linenum, cp ? cp : "<NONE>"); + if (*intptr == SSH_PROTO_UNKNOWN) + *intptr = value; + break; + case sConnectionsPerPeriod: cp = strtok(NULL, WHITESPACE); if (cp == NULL) @@ -594,12 +659,14 @@ parse_flag: fatal("%.200s line %d: Missing handler for opcode %s (%d)\n", filename, linenum, cp, opcode); } - if (strtok(NULL, WHITESPACE) != NULL) - fatal("%.200s line %d: garbage at end of line.\n", filename, - linenum); + if (strtok(NULL, WHITESPACE) != NULL) { + fatal("%.200s line %d: garbage at end of line.\n", + filename, linenum); + } } fclose(f); - if (bad_options > 0) + if (bad_options > 0) { fatal("%.200s: terminating, %d bad configuration options\n", filename, bad_options); + } } diff --git a/crypto/openssh/servconf.h b/crypto/openssh/servconf.h index 3e765b8..fedc9ab 100644 --- a/crypto/openssh/servconf.h +++ b/crypto/openssh/servconf.h @@ -1,20 +1,20 @@ /* - * + * * servconf.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Aug 21 15:35:03 1995 ylo - * + * * Definitions for server configuration data and for the functions reading it. - * + * * $FreeBSD$ */ -/* RCSID("$Id: servconf.h,v 1.15 2000/01/04 00:08:00 markus Exp $"); */ +/* RCSID("$Id: servconf.h,v 1.22 2000/05/06 17:45:37 markus Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H @@ -33,6 +33,8 @@ typedef struct { char *listen_addr; /* Address on which the server listens. */ struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ char *host_key_file; /* File containing host key. */ + char *host_dsa_key_file; /* File containing dsa host key. */ + char *pid_file; /* Where to put our pid */ int server_key_bits;/* Size of the server key. */ int login_grace_time; /* Disconnect if no auth in this time * (sec). */ @@ -48,6 +50,9 @@ typedef struct { * searching at */ int strict_modes; /* If true, require string home dir modes. */ int keepalives; /* If true, set SO_KEEPALIVE. */ + char *ciphers; /* Ciphers in order of preference. */ + int protocol; /* Protocol in order of preference. */ + int gateway_ports; /* If true, allow remote connects to forwarded ports. */ SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for system logging. */ int rhosts_authentication; /* If true, permit rhosts @@ -55,6 +60,7 @@ typedef struct { int rhosts_rsa_authentication; /* If true, permit rhosts RSA * authentication. */ int rsa_authentication; /* If true, permit RSA authentication. */ + int dsa_authentication; /* If true, permit DSA authentication. */ #ifdef KRB4 int krb4_authentication; /* If true, permit Kerberos v4 * authentication. */ diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 53d20c5..e18b2e6 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -5,6 +5,8 @@ /* * SSH2 support by Markus Friedl. * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * $FreeBSD$ */ #include "includes.h" @@ -27,6 +29,15 @@ RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $"); #include "ssh2.h" #include "auth.h" +#ifdef __FreeBSD__ +#define LOGIN_CAP +#define _PATH_CHPASS "/usr/bin/passwd" +#endif /* __FreeBSD__ */ + +#ifdef LOGIN_CAP +#include <login_cap.h> +#endif /* LOGIN_CAP */ + /* types */ #define TTYSZ 64 @@ -504,6 +515,15 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) struct sockaddr_storage from; struct stat st; time_t last_login_time; +#ifdef LOGIN_CAP + login_cap_t *lc; + char *fname; +#endif /* LOGIN_CAP */ +#ifdef __FreeBSD__ +#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ + struct timeval tv; + time_t warntime = DEFAULT_WARN; +#endif /* __FreeBSD__ */ if (s == NULL) fatal("do_exec_pty: no session"); @@ -574,6 +594,66 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); quiet_login = stat(line, &st) >= 0; +#ifdef LOGIN_CAP + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); +#endif /* LOGIN_CAP */ + +#ifdef __FreeBSD__ + if (pw->pw_change || pw->pw_expire) + (void)gettimeofday(&tv, NULL); +#ifdef LOGIN_CAP + warntime = login_getcaptime(lc, "warnpassword", + DEFAULT_WARN, DEFAULT_WARN); +#endif /* LOGIN_CAP */ + /* + * If the password change time is set and has passed, give the + * user a password expiry notice and chance to change it. + */ + if (pw->pw_change != 0) { + if (tv.tv_sec >= pw->pw_change) { + (void)printf( + "Sorry -- your password has expired.\n"); + log("%s Password expired - forcing change", + pw->pw_name); + command = _PATH_CHPASS; + } else if (pw->pw_change - tv.tv_sec < warntime && + !quiet_login) + (void)printf( + "Warning: your password expires on %s", + ctime(&pw->pw_change)); + } +#ifdef LOGIN_CAP + warntime = login_getcaptime(lc, "warnexpire", + DEFAULT_WARN, DEFAULT_WARN); +#endif /* LOGIN_CAP */ + if (pw->pw_expire) { + if (tv.tv_sec >= pw->pw_expire) { + (void)printf( + "Sorry -- your account has expired.\n"); + log( + "LOGIN %.200s REFUSED (EXPIRED) FROM %.200s ON TTY %.200s", + pw->pw_name, hostname, ttyname); + exit(254); + } else if (pw->pw_expire - tv.tv_sec < warntime && + !quiet_login) + (void)printf( + "Warning: your account expires on %s", + ctime(&pw->pw_expire)); + } +#endif /* __FreeBSD__ */ +#ifdef LOGIN_CAP + if (!auth_ttyok(lc, ttyname)) { + (void)printf("Permission denied.\n"); + log( + "LOGIN %.200s REFUSED (TTY) FROM %.200s ON TTY %.200s", + pw->pw_name, hostname, ttyname); + exit(254); + } +#endif /* LOGIN_CAP */ + /* * If the user has logged in before, display the time of last * login. However, don't display anything extra if a command @@ -596,6 +676,22 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) else printf("Last login: %s from %s\r\n", time_string, buf); } + +#ifdef LOGIN_CAP + if (command == NULL && !quiet_login && !options.use_login) { + fname = login_getcapstr(lc, "copyright", NULL, NULL); + if (fname != NULL && (f = fopen(fname, "r")) != NULL) { + while (fgets(line, sizeof(line), f) != NULL) + fputs(line, stdout); + fclose(f); + } else + (void)printf("%s\n\t%s %s\n", + "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", + "The Regents of the University of California. ", + "All rights reserved."); + } +#endif /* LOGIN_CAP */ + /* * Print /etc/motd unless a command was specified or printing * it was disabled in server options or login(1) will be @@ -604,14 +700,24 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) */ if (command == NULL && options.print_motd && !quiet_login && !options.use_login) { - /* Print /etc/motd if it exists. */ +#ifdef LOGIN_CAP + fname = login_getcapstr(lc, "welcome", NULL, NULL); + if (fname == NULL || (f = fopen(fname, "r")) == NULL) + f = fopen("/etc/motd", "r"); +#else /* !LOGIN_CAP */ f = fopen("/etc/motd", "r"); +#endif /* LOGIN_CAP */ + /* Print /etc/motd if it exists. */ if (f) { while (fgets(line, sizeof(line), f)) fputs(line, stdout); fclose(f); } } +#ifdef LOGIN_CAP + login_close(lc); +#endif /* LOGIN_CAP */ + /* Do common processing for the child, such as execing the command. */ do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty); /* NOTREACHED */ @@ -735,15 +841,25 @@ do_child(const char *command, struct passwd * pw, const char *term, const char *display, const char *auth_proto, const char *auth_data, const char *ttyname) { - const char *shell, *cp = NULL; + char *shell; + const char *cp = NULL; char buf[256]; FILE *f; unsigned int envsize, i; - char **env; + char **env = NULL; extern char **environ; struct stat st; char *argv[10]; +#ifdef LOGIN_CAP + login_cap_t *lc; + + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + if (pw->pw_uid != 0) + auth_checknologin(lc); +#else /* !LOGIN_CAP */ f = fopen("/etc/nologin", "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ @@ -753,6 +869,11 @@ do_child(const char *command, struct passwd * pw, const char *term, if (pw->pw_uid != 0) exit(254); } +#endif /* LOGIN_CAP */ + +#ifdef LOGIN_CAP + if (options.use_login) +#endif /* LOGIN_CAP */ /* Set login name in the kernel. */ if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); @@ -761,6 +882,42 @@ do_child(const char *command, struct passwd * pw, const char *term, /* Login(1) does this as well, and it needs uid 0 for the "-h" switch, so we let login(1) to this for us. */ if (!options.use_login) { +#ifdef LOGIN_CAP + char **tmpenv; + + /* Initialize temp environment */ + envsize = 64; + env = xmalloc(envsize * sizeof(char *)); + env[0] = NULL; + + child_set_env(&env, &envsize, "PATH", + (pw->pw_uid == 0) ? + _PATH_STDPATH : _PATH_DEFPATH); + + snprintf(buf, sizeof buf, "%.200s/%.50s", + _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); + + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); + + /* Save parent environment */ + tmpenv = environ; + environ = env; + + if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETALL) < 0) + fatal("setusercontext failed: %s", strerror(errno)); + + /* Restore parent environment */ + env = environ; + environ = tmpenv; + + for (envsize = 0; env[envsize] != NULL; ++envsize) + ; + envsize = (envsize < 100) ? 100 : envsize + 16; + env = xrealloc(env, envsize * sizeof(char *)); + +#else /* !LOGIN_CAP */ if (getuid() == 0 || geteuid() == 0) { if (setgid(pw->pw_gid) < 0) { perror("setgid"); @@ -778,12 +935,16 @@ do_child(const char *command, struct passwd * pw, const char *term, } if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %d.", (int) pw->pw_uid); +#endif /* LOGIN_CAP */ } /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; +#ifdef LOGIN_CAP + shell = login_getcapstr(lc, "shell", shell, shell); +#endif /* LOGIN_CAP */ #ifdef AFS /* Try to get AFS tokens for the local cell. */ @@ -798,24 +959,31 @@ do_child(const char *command, struct passwd * pw, const char *term, #endif /* AFS */ /* Initialize the environment. */ - envsize = 100; - env = xmalloc(envsize * sizeof(char *)); - env[0] = NULL; + if (env == NULL) { + envsize = 100; + env = xmalloc(envsize * sizeof(char *)); + env[0] = NULL; + } if (!options.use_login) { /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); child_set_env(&env, &envsize, "HOME", pw->pw_dir); +#ifndef LOGIN_CAP child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); child_set_env(&env, &envsize, "MAIL", buf); +#endif /* !LOGIN_CAP */ /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); } +#ifdef LOGIN_CAP + if (options.use_login) +#endif /* LOGIN_CAP */ if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); @@ -853,6 +1021,31 @@ do_child(const char *command, struct passwd * pw, const char *term, child_set_env(&env, &envsize, "KRBTKFILE", ticket); } #endif /* KRB4 */ +#ifdef KRB5 +{ + extern krb5_ccache mem_ccache; + + if (mem_ccache) { + krb5_error_code problem; + krb5_ccache ccache; +#ifdef AFS + if (k_hasafs()) + krb5_afslog(ssh_context, mem_ccache, NULL, NULL); +#endif /* AFS */ + + problem = krb5_cc_default(ssh_context, &ccache); + if (problem) {} + else { + problem = krb5_cc_copy_cache(ssh_context, mem_ccache, ccache); + if (problem) {} + } + + krb5_cc_close(ssh_context, ccache); + } + + krb5_cleanup_proc(NULL); + } +#endif /* KRB5 */ if (xauthfile) child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); @@ -903,13 +1096,50 @@ do_child(const char *command, struct passwd * pw, const char *term, * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ - for (i = 3; i < 64; i++) + for (i = 3; i < getdtablesize(); i++) close(i); /* Change current directory to the user\'s home directory. */ - if (chdir(pw->pw_dir) < 0) + if ( +#ifdef __FreeBSD__ + !*pw->pw_dir || +#endif /* __FreeBSD__ */ + chdir(pw->pw_dir) < 0 + ) { +#ifdef __FreeBSD__ + int quiet_login = 0; +#endif /* __FreeBSD__ */ +#ifdef LOGIN_CAP + if (login_getcapbool(lc, "requirehome", 0)) { + (void)printf("Home directory not available\n"); + log("LOGIN %.200s REFUSED (HOMEDIR) ON TTY %.200s", + pw->pw_name, ttyname); + exit(254); + } +#endif /* LOGIN_CAP */ +#ifdef __FreeBSD__ + if (chdir("/") < 0) { + (void)printf("Cannot find root directory\n"); + log("LOGIN %.200s REFUSED (ROOTDIR) ON TTY %.200s", + pw->pw_name, ttyname); + exit(254); + } +#ifdef LOGIN_CAP + quiet_login = login_getcapbool(lc, "hushlogin", 0); +#endif /* LOGIN_CAP */ + if (!quiet_login || *pw->pw_dir) + (void)printf( + "No home directory.\nLogging in with home = \"/\".\n"); + +#else /* !__FreeBSD__ */ + fprintf(stderr, "Could not chdir to home directory %s: %s\n", pw->pw_dir, strerror(errno)); +#endif /* __FreeBSD__ */ + } +#ifdef LOGIN_CAP + login_close(lc); +#endif /* LOGIN_CAP */ /* * Must take new environment into use so that .ssh/rc, /etc/sshrc and @@ -989,7 +1219,11 @@ do_child(const char *command, struct passwd * pw, const char *term, mailbox = getenv("MAIL"); if (mailbox != NULL) { if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0) +#ifdef __FreeBSD__ + ; +#else /* !__FreeBSD__ */ printf("No mail.\n"); +#endif /* __FreeBSD__ */ else if (mailstat.st_mtime < mailstat.st_atime) printf("You have mail.\n"); else diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index cd573b0..cb1883a 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1,4 +1,5 @@ -/* $OpenBSD: ssh-agent.c,v 1.26 2000/03/16 20:56:14 markus Exp $ */ +/* $FreeBSD$ */ +/* $OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -6,12 +7,10 @@ * All rights reserved * Created: Wed Mar 29 03:46:59 1995 ylo * The authentication agent program. - * - * $FreeBSD$ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.26 2000/03/16 20:56:14 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -48,7 +47,7 @@ Identity *identities = NULL; int max_fd = 0; /* pid of shell == parent of agent */ -int parent_pid = -1; +pid_t parent_pid = -1; /* pathname and directory for AUTH_SOCKET */ char socket_name[1024]; @@ -176,7 +175,7 @@ process_remove_identity(SocketEntry *e) buffer_get_bignum(&e->input, n); if (bits != BN_num_bits(n)) - error("Warning: identity keysize mismatch: actual %d, announced %d", + log("Warning: identity keysize mismatch: actual %d, announced %d", BN_num_bits(n), bits); /* Check if we have the key. */ @@ -405,7 +404,7 @@ prepare_select(fd_set *readset, fd_set *writeset) } } -void +void after_select(fd_set *readset, fd_set *writeset) { unsigned int i; @@ -438,6 +437,8 @@ after_select(fd_set *readset, fd_set *writeset) shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); sockets[i].type = AUTH_UNUSED; + buffer_free(&sockets[i].input); + buffer_free(&sockets[i].output); break; } buffer_consume(&sockets[i].output, len); @@ -448,6 +449,8 @@ after_select(fd_set *readset, fd_set *writeset) shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); sockets[i].type = AUTH_UNUSED; + buffer_free(&sockets[i].input); + buffer_free(&sockets[i].output); break; } buffer_append(&sockets[i].input, buf, len); @@ -462,7 +465,7 @@ after_select(fd_set *readset, fd_set *writeset) void check_parent_exists(int sig) { - if (kill(parent_pid, 0) < 0) { + if (parent_pid != -1 && kill(parent_pid, 0) < 0) { /* printf("Parent has died - Authentication agent exiting.\n"); */ exit(1); } @@ -548,6 +551,7 @@ main(int ac, char **av) } pid = atoi(pidstr); if (pid < 1) { /* XXX PID_MAX check too */ + /* Yes, PID_MAX check please */ fprintf(stderr, "%s=\"%s\", which is not a good PID\n", SSH_AGENTPID_ENV_NAME, pidstr); exit(1); @@ -639,8 +643,8 @@ main(int ac, char **av) } signal(SIGINT, SIG_IGN); signal(SIGPIPE, SIG_IGN); - signal(SIGHUP, cleanup_exit); - signal(SIGTERM, cleanup_exit); + signal(SIGHUP, cleanup_exit); + signal(SIGTERM, cleanup_exit); while (1) { FD_ZERO(&readset); FD_ZERO(&writeset); diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 4f46288..89a2d47 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -10,6 +10,7 @@ .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" .\" $Id: ssh.1,v 1.43 2000/03/24 03:04:46 brad Exp $ +.\" $Id: ssh.1,v 1.52 2000/05/08 17:21:32 hugh Exp $ .\" $FreeBSD$ .\" .Dd September 25, 1999 @@ -25,8 +26,8 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqtvxCPX46 -.Op Fl c Ar blowfish | 3des +.Op Fl afgknqtvxCPX246 +.Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file .Op Fl l Ar login_name @@ -64,7 +65,10 @@ arbitrary TCP/IP ports can also be forwarded over the secure channel. connects and logs into the specified .Ar hostname . The user must prove -his/her identity to the remote machine using one of several methods. +his/her identity to the remote machine using one of several methods +depending on the protocol version used: +.Pp +.Ss SSH protocol version 1 .Pp First, if the machine the user logs in from is listed in .Pa /etc/hosts.equiv @@ -89,8 +93,8 @@ or .Pa hosts.equiv method combined with RSA-based host authentication. It means that if the login would be permitted by -.Pa \&.rhosts , -.Pa \&.shosts , +.Pa $HOME/.rhosts , +.Pa $HOME/.shosts , .Pa /etc/hosts.equiv , or .Pa /etc/ssh/shosts.equiv , @@ -106,7 +110,7 @@ This authentication method closes security holes due to IP spoofing, DNS spoofing and routing spoofing. [Note to the administrator: .Pa /etc/hosts.equiv , -.Pa \&.rhosts , +.Pa $HOME/.rhosts , and the rlogin/rsh protocol in general, are inherently insecure and should be disabled if security is desired.] .Pp @@ -117,10 +121,10 @@ The scheme is based on public-key cryptography: there are cryptosystems where encryption and decryption are done using separate keys, and it is not possible to derive the decryption key from the encryption key. RSA is one such system. -The idea is that each user creates a public/private +The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. -The file +The file .Pa $HOME/.ssh/authorized_keys lists the public keys that are permitted for logging in. @@ -144,18 +148,18 @@ implements the RSA authentication protocol automatically. The user creates his/her RSA key pair by running .Xr ssh-keygen 1 . This stores the private key in -.Pa \&.ssh/identity +.Pa $HOME/.ssh/identity and the public key in -.Pa \&.ssh/identity.pub +.Pa $HOME/.ssh/identity.pub in the user's home directory. The user should then copy the .Pa identity.pub to -.Pa \&.ssh/authorized_keys +.Pa $HOME/.ssh/authorized_keys in his/her home directory on the remote machine (the .Pa authorized_keys file corresponds to the conventional -.Pa \&.rhosts +.Pa $HOME/.rhosts file, and has one key per line, though the lines can be very long). After this, the user can log in without giving the password. @@ -175,6 +179,38 @@ The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network. .Pp +.Ss SSH protocol version 2 +.Pp +When a user connects using the protocol version 2 +different authentication methods are available: +At first, the client attempts to authenticate using the public key method. +If this method fails password authentication is tried. +.Pp +The public key method is similar to RSA authentication described +in the previous section except that the DSA algorithm is used +instead of the patented RSA algorithm. +The client uses his private DSA key +.Pa $HOME/.ssh/id_dsa +to sign the session identifier and sends the result to the server. +The server checks whether the matching public key is listed in +.Pa $HOME/.ssh/authorized_keys2 +and grants access if both the key is found and the signature is correct. +The session identifier is derived from a shared Diffie-Hellman value +and is only known to the client and the server. +.Pp +If public key authentication fails or is not available a password +can be sent encrypted to the remote host for proving the user's identity. +This protocol 2 implementation does not yet support Kerberos or +S/Key authentication. +.Pp +Protocol 2 provides additional mechanisms for confidentiality +(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) +and integrity (hmac-sha1, hmac-md5). +Note that protocol 1 lacks a strong mechanism for ensuring the +integrity of the connection. +.Pp +.Ss Login session and remote execution +.Pp When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. @@ -220,6 +256,8 @@ The exit status of the remote program is returned as the exit status of .Nm ssh . .Pp +.Ss X11 and TCP forwarding +.Pp If the user is using X11 (the .Ev DISPLAY environment variable is set), the connection to the X11 display can @@ -264,15 +302,22 @@ be specified either on command line or in a configuration file. One possible application of TCP/IP forwarding is a secure connection to an electronic purse; another is going trough firewalls. .Pp +.Ss Server authentication +.Pp .Nm -automatically maintains and checks a database containing RSA-based +automatically maintains and checks a database containing identifications for all hosts it has ever been used with. -The database is stored in -.Pa \&.ssh/known_hosts +RSA host keys are stored in +.Pa $HOME/.ssh/known_hosts +and +DSA host keys are stored in +.Pa $HOME/.ssh/known_hosts2 in the user's home directory. -Additionally, the file +Additionally, the files .Pa /etc/ssh/ssh_known_hosts -is automatically checked for known hosts. +and +.Pa /etc/ssh/ssh_known_hosts2 +are automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, @@ -295,15 +340,20 @@ This may also be specified on a per-host basis in the configuration file. Selects the cipher to use for encrypting the session. .Ar 3des is used by default. -It is believed to be secure. +It is believed to be secure. .Ar 3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. It is presumably more secure than the .Ar des -cipher which is no longer supported in ssh. +cipher which is no longer supported in +.Nm ssh . .Ar blowfish is a fast block cipher, it appears very secure and is much faster than .Ar 3des . +.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" +Additionally, for protocol version 2 a comma-separated list of ciphers can +be specified in order of preference. Protocol version 2 supports +3DES, Blowfish and CAST128 in CBC mode and Arcfour. .It Fl e Ar ch|^ch|none Sets the escape character for sessions with a pty (default: .Ql ~ ) . @@ -324,7 +374,7 @@ This is useful if .Nm is going to ask for passwords or passphrases, but the user wants it in the background. -This implies +This implies .Fl n . The recommended way to start X11 programs at a remote site is with something like @@ -332,10 +382,10 @@ something like .It Fl g Allows remote hosts to connect to local forwarded ports. .It Fl i Ar identity_file -Selects the file from which the identity (private key) for +Selects the file from which the identity (private key) for RSA authentication is read. -Default is -.Pa \&.ssh/identity +Default is +.Pa $HOME/.ssh/identity in the user's home directory. Identity files may also be specified on a per-host basis in the configuration file. @@ -457,6 +507,10 @@ from the local machine. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. +.It Fl 2 +Forces +.Nm +to try protocol version 2 only. .It Fl 4 Forces .Nm @@ -550,6 +604,12 @@ and are supported. The default is .Dq 3des . +.It Cm Ciphers +Specifies the ciphers allowed for protocol version 2 +in order of preference. +Multiple ciphers must be comma-separated. +The default is +.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . .It Cm Compression Specifies whether to use compression. The argument must be @@ -567,6 +627,15 @@ Specifies the number of tries (one per second) to make before falling back to rsh or exiting. The argument must be an integer. This may be useful in scripts if the connection sometimes fails. +.It Cm DSAAuthentication +Specifies whether to try DSA authentication. +The argument to this keyword must be +.Dq yes +or +.Dq no . +DSA authentication will only be +attempted if a DSA identity file exists. +Note that this option applies to protocol version 2 only. .It Cm EscapeChar Sets the escape character (default: .Ql ~ ) . @@ -604,7 +673,7 @@ Specifies whether X11 connections will be automatically redirected over the secure channel and .Ev DISPLAY set. -The argument must be +The argument must be .Dq yes or .Dq no . @@ -632,7 +701,7 @@ specifications). .It Cm IdentityFile Specifies the file from which the user's RSA authentication identity is read (default -.Pa .ssh/identity +.Pa $HOME/.ssh/identity in the user's home directory). Additionally, any identities represented by the authentication agent will be used for authentication. @@ -641,6 +710,16 @@ syntax to refer to a user's home directory. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. +.It Cm IdentityFile2 +Specifies the file from which the user's DSA authentication identity +is read (default +.Pa $HOME/.ssh/id_dsa +in the user's home directory). +The file name may use the tilde +syntax to refer to a user's home directory. +It is possible to have +multiple identity files specified in configuration files; all these +identities will be tried in sequence. .It Cm KeepAlive Specifies whether the system should send keepalive messages to the other side. @@ -696,9 +775,25 @@ The argument to this keyword must be .Dq yes or .Dq no . +Note that this option applies to both protocol version 1 and 2. .It Cm Port Specifies the port number to connect on the remote host. Default is 22. +.It Cm Protocol +Specifies the protocol versions +.Nm +should support in order of preference. +The possible values are +.Dq 1 +and +.Dq 2 . +Multiple versions must be comma-separated. +The default is +.Dq 1,2 . +This means that +.Nm +tries version 1 and falls back to version 2 +if version 1 is not available. .It Cm ProxyCommand Specifies the command to use to connect to the server. The command @@ -763,6 +858,7 @@ or RSA authentication will only be attempted if the identity file exists, or an authentication agent is running. +Note that this option applies to protocol version 1 only. .It Cm SkeyAuthentication Specifies whether to use .Xr skey 1 @@ -779,10 +875,14 @@ If this flag is set to .Nm ssh will never automatically add host keys to the .Pa $HOME/.ssh/known_hosts -file, and refuses to connect hosts whose host key has changed. +and +.Pa $HOME/.ssh/known_hosts2 +files, and refuses to connect hosts whose host key has changed. This provides maximum protection against trojan horse attacks. However, it can be somewhat annoying if you don't have good .Pa /etc/ssh/ssh_known_hosts +and +.Pa /etc/ssh/ssh_known_hosts2 files installed and frequently connect new hosts. Basically this option forces the user to manually @@ -841,7 +941,7 @@ will normally set the following environment variables: The .Ev DISPLAY variable indicates the location of the X11 server. -It is automatically set by +It is automatically set by .Nm to point to a value of the form .Dq hostname:n @@ -902,28 +1002,36 @@ in .Pa /etc/ssh/ssh_known_hosts ) . See .Xr sshd 8 . -.It Pa $HOME/.ssh/identity -Contains the RSA authentication identity of the user. -This file -contains sensitive data and should be readable by the user but not +.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa +Contains the RSA and the DSA authentication identity of the user. +These files +contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). Note that .Nm -ignores this file if it is accessible by others. +ignores a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key; the passphrase will be used to encrypt the sensitive part of this file using 3DES. -.It Pa $HOME/.ssh/identity.pub +.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub Contains the public key for authentication (public part of the identity file in human-readable form). -The contents of this file should be added to +The contents of the +.Pa $HOME/.ssh/identity.pub +file should be added to .Pa $HOME/.ssh/authorized_keys on all machines where you wish to log in using RSA authentication. -This file is not +The contents of the +.Pa $HOME/.ssh/id_dsa.pub +file should be added to +.Pa $HOME/.ssh/authorized_keys2 +on all machines +where you wish to log in using DSA authentication. +These files are not sensitive and can (but need not) be readable by anyone. -This file is -never used automatically and is not necessary; it is only provided for +These files are +never used automatically and are not necessary; they is only provided for the convenience of the user. .It Pa $HOME/.ssh/config This is the per-user configuration file. @@ -945,9 +1053,17 @@ modulus, public exponent, modulus, and comment fields, separated by spaces). This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. -.It Pa /etc/ssh/ssh_known_hosts +.It Pa $HOME/.ssh/authorized_keys2 +Lists the DSA keys that can be used for logging in as this user. +This file is not highly sensitive, but the recommended +permissions are read/write for the user, and not accessible by others. +.It Pa /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2 Systemwide list of known host keys. -This file should be prepared by the +.Pa /etc/ssh_known_hosts +contains RSA and +.Pa /etc/ssh_known_hosts2 +contains DSA keys. +These files should be prepared by the system administrator to contain the public host keys of all machines in the organization. This file should be world-readable. @@ -1006,7 +1122,7 @@ you can store it in .Pa $HOME/.ssh/known_hosts . The easiest way to do this is to connect back to the client from the server machine using ssh; this -will automatically add the host key inxi +will automatically add the host key to .Pa $HOME/.ssh/known_hosts . .It Pa $HOME/.shosts This file is used exactly the same way as @@ -1034,7 +1150,7 @@ Additionally, successful RSA host authentication is normally required. This file should only be writable by root. .It Pa /etc/ssh/shosts.equiv -This file is processed exactly as +This file is processed exactly as .Pa /etc/hosts.equiv . This file may be useful to permit logins using .Nm @@ -1068,6 +1184,7 @@ but with bugs removed and newer features re-added. Rapidly after the 1.2.12 release, newer versions of the original ssh bore successively more restrictive licenses, and thus demand for a free version was born. +.Pp This version of OpenSSH .Bl -bullet .It @@ -1077,8 +1194,8 @@ directly removed from the source code; any licensed or patented components are chosen from external libraries. .It -has been updated to support ssh protocol 1.5, making it compatible with -all other ssh protocol 1 clients and servers. +has been updated to support SSH protocol 1.5 and 2, making it compatible with +all other SSH clients and servers. .It contains added support for .Xr kerberos 8 @@ -1094,6 +1211,8 @@ are required for proper operation. .Pp OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. +.Pp +The support for SSH protocol 2 was written by Markus Friedl. .Sh SEE ALSO .Xr rlogin 1 , .Xr rsh 1 , diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 149f945..39b551f 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -13,7 +13,11 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.43 2000/03/23 21:52:02 markus Exp $"); +RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $"); + +#include <openssl/evp.h> +#include <openssl/dsa.h> +#include <openssl/rsa.h> #include "xmalloc.h" #include "ssh.h" @@ -23,6 +27,14 @@ RCSID("$Id: ssh.c,v 1.43 2000/03/23 21:52:02 markus Exp $"); #include "readconf.h" #include "uidswap.h" +#include "ssh2.h" +#include "compat.h" +#include "channels.h" +#include "key.h" +#include "authfile.h" + +extern char *__progname; + /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ int IPv4or6 = AF_UNSPEC; @@ -30,8 +42,13 @@ int IPv4or6 = AF_UNSPEC; /* Flag indicating whether debug mode is on. This can be set on the command line. */ int debug_flag = 0; +/* Flag indicating whether a tty should be allocated */ int tty_flag = 0; +/* don't exec a shell */ +int no_shell_flag = 0; +int no_tty_flag = 0; + /* * Flag indicating that nothing should be read from stdin. This can be set * on the command line. @@ -81,6 +98,9 @@ RSA *host_private_key = NULL; /* Original real UID. */ uid_t original_real_uid; +/* command to be executed */ +Buffer command; + /* Prints a help message to the user. This function never returns. */ void @@ -98,6 +118,7 @@ usage() fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); + fprintf(stderr, " -T Do not allocate a tty.\n"); fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); fprintf(stderr, " -V Display version number only.\n"); fprintf(stderr, " -P Don't allocate a privileged port.\n"); @@ -114,9 +135,11 @@ usage() fprintf(stderr, " These cause %s to listen for connections on a port, and\n", av0); fprintf(stderr, " forward them to the other side by connecting to host:port.\n"); fprintf(stderr, " -C Enable compression.\n"); + fprintf(stderr, " -N Do not execute a shell or command.\n"); fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); fprintf(stderr, " -4 Use IPv4 only.\n"); fprintf(stderr, " -6 Use IPv6 only.\n"); + fprintf(stderr, " -2 Force protocol version 2.\n"); fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n"); exit(1); } @@ -162,23 +185,22 @@ rsh_connect(char *host, char *user, Buffer * command) exit(1); } +int ssh_session(void); +int ssh_session2(void); + /* * Main program for the ssh client. */ int main(int ac, char **av) { - int i, opt, optind, type, exit_status, ok, authfd; + int i, opt, optind, exit_status, ok; u_short fwd_port, fwd_host_port; char *optarg, *cp, buf[256]; - Buffer command; - struct winsize ws; struct stat st; struct passwd *pw, pwcopy; - int interactive = 0, dummy; - int have_pty = 0; + int dummy; uid_t original_effective_uid; - int plen; /* * Save the original real uid. It will be needed later (uid-swapping @@ -234,8 +256,8 @@ main(int ac, char **av) if (host) break; if ((cp = strchr(av[optind], '@'))) { - if(cp == av[optind]) - usage(); + if(cp == av[optind]) + usage(); options.user = av[optind]; *cp = '\0'; host = ++cp; @@ -259,39 +281,34 @@ main(int ac, char **av) optarg = NULL; } switch (opt) { + case '2': + options.protocol = SSH_PROTO_2; + break; case '4': IPv4or6 = AF_INET; break; - case '6': IPv4or6 = AF_INET6; break; - case 'n': stdin_null_flag = 1; break; - case 'f': fork_after_authentication_flag = 1; stdin_null_flag = 1; break; - case 'x': options.forward_x11 = 0; break; - case 'X': options.forward_x11 = 1; break; - case 'g': options.gateway_ports = 1; break; - case 'P': options.use_privileged_port = 0; break; - case 'a': options.forward_agent = 0; break; @@ -314,26 +331,24 @@ main(int ac, char **av) options.identity_files[options.num_identity_files++] = xstrdup(optarg); break; - case 't': tty_flag = 1; break; - case 'v': case 'V': - fprintf(stderr, "SSH Version %s, protocol version %d.%d.\n", - SSH_VERSION, PROTOCOL_MAJOR, PROTOCOL_MINOR); - fprintf(stderr, "Compiled with SSL.\n"); + fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n", + SSH_VERSION, + PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1, + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2); + fprintf(stderr, "Compiled with SSL (0x%8.8lx).\n", SSLeay()); if (opt == 'V') exit(0); debug_flag = 1; options.log_level = SYSLOG_LEVEL_DEBUG; break; - case 'q': options.log_level = SYSLOG_LEVEL_QUIET; break; - case 'e': if (optarg[0] == '^' && optarg[2] == 0 && (unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128) @@ -347,23 +362,26 @@ main(int ac, char **av) exit(1); } break; - case 'c': - options.cipher = cipher_number(optarg); - if (options.cipher == -1) { - fprintf(stderr, "Unknown cipher type '%s'\n", optarg); - exit(1); + if (ciphers_valid(optarg)) { + /* SSH2 only */ + options.ciphers = xstrdup(optarg); + options.cipher = SSH_CIPHER_ILLEGAL; + } else { + /* SSH1 only */ + options.cipher = cipher_number(optarg); + if (options.cipher == -1) { + fprintf(stderr, "Unknown cipher type '%s'\n", optarg); + exit(1); + } } break; - case 'p': options.port = atoi(optarg); break; - case 'l': options.user = optarg; break; - case 'R': if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, &fwd_host_port) != 3 && @@ -375,7 +393,6 @@ main(int ac, char **av) } add_remote_forward(&options, fwd_port, buf, fwd_host_port); break; - case 'L': if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, &fwd_host_port) != 3 && @@ -387,18 +404,22 @@ main(int ac, char **av) } add_local_forward(&options, fwd_port, buf, fwd_host_port); break; - case 'C': options.compression = 1; break; - + case 'N': + no_shell_flag = 1; + no_tty_flag = 1; + break; + case 'T': + no_tty_flag = 1; + break; case 'o': dummy = 1; if (process_config_line(&options, host ? host : "", optarg, "command-line", 0, &dummy) != 0) exit(1); break; - default: usage(); } @@ -408,15 +429,8 @@ main(int ac, char **av) if (!host) usage(); - /* check if RSA support exists */ - if (rsa_alive() == 0) { - extern char *__progname; + OpenSSL_add_all_algorithms(); - fprintf(stderr, - "%s: no RSA support in libssl and libcrypto. See ssl(8).\n", - __progname); - exit(1); - } /* Initialize the command to execute on remote host. */ buffer_init(&command); @@ -452,6 +466,10 @@ main(int ac, char **av) fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n"); tty_flag = 0; } + /* force */ + if (no_tty_flag) + tty_flag = 0; + /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { @@ -485,6 +503,20 @@ main(int ac, char **av) /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + /* check if RSA support exists */ + if ((options.protocol & SSH_PROTO_1) && + rsa_alive() == 0) { + log("%s: no RSA support in libssl and libcrypto. See ssl(8).", + __progname); + log("Disabling protocol version 1"); + options.protocol &= ~ (SSH_PROTO_1|SSH_PROTO_1_PREFERRED); + } + if (! options.protocol & (SSH_PROTO_1|SSH_PROTO_2)) { + fprintf(stderr, "%s: No protocol version available.\n", + __progname); + exit(1); + } + if (options.user == NULL) options.user = xstrdup(pw->pw_name); @@ -551,9 +583,12 @@ main(int ac, char **av) * authentication. This must be done before releasing extra * privileges, because the file is only readable by root. */ - if (ok) { + if (ok && (options.protocol & SSH_PROTO_1)) { + Key k; host_private_key = RSA_new(); - if (load_private_key(HOST_KEY_FILE, "", host_private_key, NULL)) + k.type = KEY_RSA; + k.rsa = host_private_key; + if (load_private_key(HOST_KEY_FILE, "", &k, NULL)) host_private_key_loaded = 1; } /* @@ -599,15 +634,22 @@ main(int ac, char **av) exit(1); } /* Expand ~ in options.identity_files. */ + /* XXX mem-leaks */ for (i = 0; i < options.num_identity_files; i++) options.identity_files[i] = tilde_expand_filename(options.identity_files[i], original_real_uid); - + for (i = 0; i < options.num_identity_files2; i++) + options.identity_files2[i] = + tilde_expand_filename(options.identity_files2[i], original_real_uid); /* Expand ~ in known host file names. */ options.system_hostfile = tilde_expand_filename(options.system_hostfile, - original_real_uid); + original_real_uid); options.user_hostfile = tilde_expand_filename(options.user_hostfile, - original_real_uid); + original_real_uid); + options.system_hostfile2 = tilde_expand_filename(options.system_hostfile2, + original_real_uid); + options.user_hostfile2 = tilde_expand_filename(options.user_hostfile2, + original_real_uid); /* Log into the remote system. This never returns if the login fails. */ ssh_login(host_private_key_loaded, host_private_key, @@ -617,6 +659,62 @@ main(int ac, char **av) if (host_private_key_loaded) RSA_free(host_private_key); /* Destroys contents safely */ + exit_status = compat20 ? ssh_session2() : ssh_session(); + packet_close(); + return exit_status; +} + +void +x11_get_proto(char *proto, int proto_len, char *data, int data_len) +{ + char line[512]; + FILE *f; + int got_data = 0, i; + +#ifdef XAUTH_PATH + /* Try to get Xauthority information for the display. */ + snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null", + XAUTH_PATH, getenv("DISPLAY")); + f = popen(line, "r"); + if (f && fgets(line, sizeof(line), f) && + sscanf(line, "%*s %s %s", proto, data) == 2) + got_data = 1; + if (f) + pclose(f); +#endif /* XAUTH_PATH */ + /* + * If we didn't get authentication data, just make up some + * data. The forwarding code will check the validity of the + * response anyway, and substitute this data. The X11 + * server, however, will ignore this fake data and use + * whatever authentication mechanisms it was using otherwise + * for the local connection. + */ + if (!got_data) { + u_int32_t rand = 0; + + strlcpy(proto, "MIT-MAGIC-COOKIE-1", proto_len); + for (i = 0; i < 16; i++) { + if (i % 4 == 0) + rand = arc4random(); + snprintf(data + 2 * i, data_len - 2 * i, "%02x", rand & 0xff); + rand >>= 8; + } + } +} + +int +ssh_session(void) +{ + int type; + int i; + int plen; + int interactive = 0; + int have_tty = 0; + struct winsize ws; + int authfd; + char *cp; + /* Enable compression if requested. */ if (options.compression) { debug("Requesting compression at level %d.", options.compression_level); @@ -670,7 +768,7 @@ main(int ac, char **av) type = packet_read(&plen); if (type == SSH_SMSG_SUCCESS) { interactive = 1; - have_pty = 1; + have_tty = 1; } else if (type == SSH_SMSG_FAILURE) log("Warning: Remote host failed or refused to allocate a pseudo tty."); else @@ -678,56 +776,22 @@ main(int ac, char **av) } /* Request X11 forwarding if enabled and DISPLAY is set. */ if (options.forward_x11 && getenv("DISPLAY") != NULL) { - char line[512], proto[512], data[512]; - FILE *f; - int forwarded = 0, got_data = 0, i; - -#ifdef XAUTH_PATH - /* Try to get Xauthority information for the display. */ - snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null", - XAUTH_PATH, getenv("DISPLAY")); - f = popen(line, "r"); - if (f && fgets(line, sizeof(line), f) && - sscanf(line, "%*s %s %s", proto, data) == 2) - got_data = 1; - if (f) - pclose(f); -#endif /* XAUTH_PATH */ - /* - * If we didn't get authentication data, just make up some - * data. The forwarding code will check the validity of the - * response anyway, and substitute this data. The X11 - * server, however, will ignore this fake data and use - * whatever authentication mechanisms it was using otherwise - * for the local connection. - */ - if (!got_data) { - u_int32_t rand = 0; - - strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); - for (i = 0; i < 16; i++) { - if (i % 4 == 0) - rand = arc4random(); - snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", rand & 0xff); - rand >>= 8; - } - } - /* - * Got local authentication reasonable information. Request - * forwarding with authentication spoofing. - */ + char proto[512], data[512]; + /* Get reasonable local authentication information. */ + x11_get_proto(proto, sizeof proto, data, sizeof data); + /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication spoofing."); - x11_request_forwarding_with_spoofing(proto, data); + x11_request_forwarding_with_spoofing(0, proto, data); /* Read response from the server. */ type = packet_read(&plen); if (type == SSH_SMSG_SUCCESS) { - forwarded = 1; interactive = 1; - } else if (type == SSH_SMSG_FAILURE) + } else if (type == SSH_SMSG_FAILURE) { log("Warning: Remote host denied X11 forwarding."); - else + } else { packet_disconnect("Protocol error waiting for X11 forwarding"); + } } /* Tell the packet module whether this is an interactive session. */ packet_set_interactive(interactive, options.keepalives); @@ -757,7 +821,7 @@ main(int ac, char **av) options.local_forwards[i].host, options.local_forwards[i].host_port); channel_request_local_forwarding(options.local_forwards[i].port, - options.local_forwards[i].host, + options.local_forwards[i].host, options.local_forwards[i].host_port, options.gateway_ports); } @@ -770,11 +834,11 @@ main(int ac, char **av) options.remote_forwards[i].host_port); channel_request_remote_forwarding(options.remote_forwards[i].port, options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].host_port); } /* If requested, let ssh continue in the background. */ - if (fork_after_authentication_flag) + if (fork_after_authentication_flag) if (daemon(1, 1) < 0) fatal("daemon() failed: %.200s", strerror(errno)); @@ -799,11 +863,114 @@ main(int ac, char **av) } /* Enter the interactive session. */ - exit_status = client_loop(have_pty, tty_flag ? options.escape_char : -1); + return client_loop(have_tty, tty_flag ? options.escape_char : -1); +} - /* Close the connection to the remote host. */ - packet_close(); +void +init_local_fwd(void) +{ + int i; + /* Initiate local TCP/IP port forwardings. */ + for (i = 0; i < options.num_local_forwards; i++) { + debug("Connections to local port %d forwarded to remote address %.200s:%d", + options.local_forwards[i].port, + options.local_forwards[i].host, + options.local_forwards[i].host_port); + channel_request_local_forwarding(options.local_forwards[i].port, + options.local_forwards[i].host, + options.local_forwards[i].host_port, + options.gateway_ports); + } +} + +extern void client_set_session_ident(int id); + +void +client_init(int id, void *arg) +{ + int len; + debug("client_init id %d arg %d", id, (int)arg); + + if (no_shell_flag) + goto done; + + if (tty_flag) { + struct winsize ws; + char *cp; + cp = getenv("TERM"); + if (!cp) + cp = ""; + /* Store window size in the packet. */ + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) + memset(&ws, 0, sizeof(ws)); + + channel_request_start(id, "pty-req", 0); + packet_put_cstring(cp); + packet_put_int(ws.ws_col); + packet_put_int(ws.ws_row); + packet_put_int(ws.ws_xpixel); + packet_put_int(ws.ws_ypixel); + packet_put_cstring(""); /* XXX: encode terminal modes */ + packet_send(); + /* XXX wait for reply */ + } + if (options.forward_x11 && + getenv("DISPLAY") != NULL) { + char proto[512], data[512]; + /* Get reasonable local authentication information. */ + x11_get_proto(proto, sizeof proto, data, sizeof data); + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication spoofing."); + x11_request_forwarding_with_spoofing(id, proto, data); + /* XXX wait for reply */ + } + + len = buffer_len(&command); + if (len > 0) { + if (len > 900) + len = 900; + debug("Sending command: %.*s", len, buffer_ptr(&command)); + channel_request_start(id, "exec", 0); + packet_put_string(buffer_ptr(&command), len); + packet_send(); + } else { + channel_request(id, "shell", 0); + } + /* channel_callback(id, SSH2_MSG_OPEN_CONFIGMATION, client_init, 0); */ +done: + /* register different callback, etc. XXX */ + client_set_session_ident(id); +} + +int +ssh_session2(void) +{ + int window, packetmax, id; + int in = dup(STDIN_FILENO); + int out = dup(STDOUT_FILENO); + int err = dup(STDERR_FILENO); + + if (in < 0 || out < 0 || err < 0) + fatal("dump in/out/err failed"); + + /* should be pre-session */ + init_local_fwd(); + + window = 32*1024; + if (tty_flag) { + packetmax = window/8; + } else { + window *= 2; + packetmax = window/2; + } + + id = channel_new( + "session", SSH_CHANNEL_OPENING, in, out, err, + window, packetmax, CHAN_EXTENDED_WRITE, xstrdup("client-session")); + + + channel_open(id); + channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0); - /* Exit with the status returned by the program on the remote side. */ - exit(exit_status); + return client_loop(tty_flag, tty_flag ? options.escape_char : -1); } diff --git a/crypto/openssh/ssh.h b/crypto/openssh/ssh.h index 7b32bda..df61945 100644 --- a/crypto/openssh/ssh.h +++ b/crypto/openssh/ssh.h @@ -1,20 +1,20 @@ /* - * + * * ssh.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 17 17:09:37 1995 ylo - * + * * Generic header file for ssh. - * + * * $FreeBSD$ */ -/* RCSID("$Id: ssh.h,v 1.34 2000/03/23 22:15:33 markus Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.45 2000/05/08 17:12:16 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -23,6 +23,7 @@ #include "cipher.h" /* + * XXX * The default cipher used if IDEA is not supported by the remote host. It is * recommended that this be one of the mandatory ciphers (DES, 3DES), though * that is not required. @@ -47,14 +48,16 @@ /* * Major protocol version. Different version indicates major incompatiblity * that prevents communication. - */ -#define PROTOCOL_MAJOR 1 - -/* + * * Minor protocol version. Different version indicates minor incompatibility * that does not prevent interoperation. */ -#define PROTOCOL_MINOR 5 +#define PROTOCOL_MAJOR_1 1 +#define PROTOCOL_MINOR_1 5 + +/* We support both SSH1 and SSH2 */ +#define PROTOCOL_MAJOR_2 2 +#define PROTOCOL_MINOR_2 0 /* * Name for the service. The port named by this service overrides the @@ -70,6 +73,7 @@ * world-readable. */ #define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" +#define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2" /* * Of these, ssh_host_key must be readable only by root, whereas ssh_config @@ -78,6 +82,7 @@ #define HOST_KEY_FILE ETCDIR "/ssh_host_key" #define SERVER_CONFIG_FILE ETCDIR "/sshd_config" #define HOST_CONFIG_FILE ETCDIR "/ssh_config" +#define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" #define SSH_PROGRAM "/usr/bin/ssh" @@ -99,12 +104,14 @@ * contain anything particularly secret. */ #define SSH_USER_HOSTFILE "~/.ssh/known_hosts" +#define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" /* * Name of the default file containing client-side authentication key. This * file should only be readable by the user him/herself. */ #define SSH_CLIENT_IDENTITY ".ssh/identity" +#define SSH_CLIENT_ID_DSA ".ssh/id_dsa" /* * Configuration file in user\'s home directory. This file need not be @@ -123,6 +130,7 @@ * running as root.) */ #define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" +#define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" /* * Per-user and system-wide ssh "rc" files. These files are executed with @@ -259,7 +267,7 @@ * information is not available. This must be called before record_login. * The host from which the user logged in is stored in buf. */ -unsigned long +unsigned long get_last_login_time(uid_t uid, const char *logname, char *buf, unsigned int bufsize); @@ -267,15 +275,15 @@ get_last_login_time(uid_t uid, const char *logname, * Records that the user has logged in. This does many things normally done * by login(1). */ -void -record_login(int pid, const char *ttyname, const char *user, uid_t uid, +void +record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, const char *host, struct sockaddr *addr); /* * Records that the user has logged out. This does many thigs normally done * by login(1) or init. */ -void record_logout(int pid, const char *ttyname); +void record_logout(pid_t pid, const char *ttyname); /*------------ definitions for sshconnect.c ----------*/ @@ -288,7 +296,7 @@ void record_logout(int pid, const char *ttyname); * and zero on failure. If the connection is successful, this calls * packet_set_connection for the connection. */ -int +int ssh_connect(const char *host, struct sockaddr_storage * hostaddr, u_short port, int connection_attempts, int anonymous, uid_t original_real_uid, @@ -303,7 +311,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, * references from the packet module). */ -void +void ssh_login(int host_key_valid, RSA * host_key, const char *host, struct sockaddr * hostaddr, uid_t original_real_uid); @@ -320,7 +328,7 @@ int auth_rhosts(struct passwd * pw, const char *client_user); * Tries to authenticate the user using the .rhosts file and the host using * its host key. Returns true if authentication succeeds. */ -int +int auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); /* @@ -383,36 +391,6 @@ int auth_rsa_challenge_dialog(RSA *pk); */ char *read_passphrase(const char *prompt, int from_stdin); -/* - * Saves the authentication (private) key in a file, encrypting it with - * passphrase. The identification of the file (lowest 64 bits of n) will - * precede the key to provide identification of the key without needing a - * passphrase. - */ -int -save_private_key(const char *filename, const char *passphrase, - RSA * private_key, const char *comment); - -/* - * Loads the public part of the key file (public key and comment). Returns 0 - * if an error occurred; zero if the public key was successfully read. The - * comment of the key is returned in comment_return if it is non-NULL; the - * caller must free the value with xfree. - */ -int -load_public_key(const char *filename, RSA * pub, - char **comment_return); - -/* - * Loads the private key from the file. Returns 0 if an error is encountered - * (file does not exist or is not readable, or passphrase is bad). This - * initializes the private key. The comment of the key is returned in - * comment_return if it is non-NULL; the caller must free the value with - * xfree. - */ -int -load_private_key(const char *filename, const char *passphrase, - RSA * private_key, char **comment_return); /*------------ Definitions for logging. -----------------------*/ @@ -469,174 +447,7 @@ void fatal_add_cleanup(void (*proc) (void *context), void *context); /* Removes a cleanup function to be called at fatal(). */ void fatal_remove_cleanup(void (*proc) (void *context), void *context); -/*---------------- definitions for channels ------------------*/ - -/* Sets specific protocol options. */ -void channel_set_options(int hostname_in_open); - -/* - * Allocate a new channel object and set its type and socket. Remote_name - * must have been allocated with xmalloc; this will free it when the channel - * is freed. - */ -int channel_allocate(int type, int sock, char *remote_name); - -/* Free the channel and close its socket. */ -void channel_free(int channel); - -/* Add any bits relevant to channels in select bitmasks. */ -void channel_prepare_select(fd_set * readset, fd_set * writeset); - -/* - * After select, perform any appropriate operations for channels which have - * events pending. - */ -void channel_after_select(fd_set * readset, fd_set * writeset); - -/* If there is data to send to the connection, send some of it now. */ -void channel_output_poll(void); - -/* - * This is called when a packet of type CHANNEL_DATA has just been received. - * The message type has already been consumed, but channel number and data is - * still there. - */ -void channel_input_data(int payload_len); - -/* Returns true if no channel has too much buffered data. */ -int channel_not_very_much_buffered_data(void); - -/* This is called after receiving CHANNEL_CLOSE. */ -void channel_input_close(void); - -/* This is called after receiving CHANNEL_CLOSE_CONFIRMATION. */ -void channel_input_close_confirmation(void); - -/* This is called after receiving CHANNEL_OPEN_CONFIRMATION. */ -void channel_input_open_confirmation(void); - -/* This is called after receiving CHANNEL_OPEN_FAILURE from the other side. */ -void channel_input_open_failure(void); - -/* This closes any sockets that are listening for connections; this removes - any unix domain sockets. */ -void channel_stop_listening(void); - -/* - * Closes the sockets of all channels. This is used to close extra file - * descriptors after a fork. - */ -void channel_close_all(void); - -/* Returns the maximum file descriptor number used by the channels. */ -int channel_max_fd(void); - -/* Returns true if there is still an open channel over the connection. */ -int channel_still_open(void); - -/* - * Returns a string containing a list of all open channels. The list is - * suitable for displaying to the user. It uses crlf instead of newlines. - * The caller should free the string with xfree. - */ -char *channel_open_message(void); - -/* - * Initiate forwarding of connections to local port "port" through the secure - * channel to host:port from remote side. This never returns if there was an - * error. - */ -void -channel_request_local_forwarding(u_short port, const char *host, - u_short remote_port, int gateway_ports); - -/* - * Initiate forwarding of connections to port "port" on remote host through - * the secure channel to host:port from local side. This never returns if - * there was an error. This registers that open requests for that port are - * permitted. - */ -void -channel_request_remote_forwarding(u_short port, const char *host, - u_short remote_port); - -/* - * Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually - * called by the server, because the user could connect to any port anyway, - * and the server has no way to know but to trust the client anyway. - */ -void channel_permit_all_opens(void); - -/* - * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates - * listening for the port, and sends back a success reply (or disconnect - * message if there was an error). This never returns if there was an error. - */ -void channel_input_port_forward_request(int is_root); - -/* - * This is called after receiving PORT_OPEN message. This attempts to - * connect to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION - * or CHANNEL_OPEN_FAILURE. - */ -void channel_input_port_open(int payload_len); - -/* - * Creates a port for X11 connections, and starts listening for it. Returns - * the display name, or NULL if an error was encountered. - */ -char *x11_create_display(int screen); - -/* - * Creates an internet domain socket for listening for X11 connections. - * Returns a suitable value for the DISPLAY variable, or NULL if an error - * occurs. - */ -char *x11_create_display_inet(int screen, int x11_display_offset); - -/* - * This is called when SSH_SMSG_X11_OPEN is received. The packet contains - * the remote channel number. We should do whatever we want, and respond - * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. - */ -void x11_input_open(int payload_len); - -/* - * Requests forwarding of X11 connections. This should be called on the - * client only. - */ -void x11_request_forwarding(void); - -/* - * Requests forwarding for X11 connections, with authentication spoofing. - * This should be called in the client only. - */ -void x11_request_forwarding_with_spoofing(const char *proto, const char *data); - -/* Sends a message to the server to request authentication fd forwarding. */ -void auth_request_forwarding(void); - -/* - * Returns the name of the forwarded authentication socket. Returns NULL if - * there is no forwarded authentication socket. The returned value points to - * a static buffer. - */ -char *auth_get_socket_name(void); - -/* - * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. - * This starts forwarding authentication requests. - */ -void auth_input_request_forwarding(struct passwd * pw); - -/* This is called to process an SSH_SMSG_AGENT_OPEN message. */ -void auth_input_open_request(void); - -/* - * Returns true if the given string matches the pattern (which may contain ? - * and * as wildcards), and zero if it does not match. - */ -int match_pattern(const char *s, const char *pattern); +/* ---- misc */ /* * Expands tildes in the file name. Returns data allocated by xmalloc. @@ -651,7 +462,8 @@ char *tilde_expand_filename(const char *filename, uid_t my_uid); * (of the child program), and reads from stdout and stderr (of the child * program). */ -void server_loop(int pid, int fdin, int fdout, int fderr); +void server_loop(pid_t pid, int fdin, int fdout, int fderr); +void server_loop2(void); /* Client side main loop for the interactive session. */ int client_loop(int have_pty, int escape_char); @@ -695,14 +507,14 @@ int auth_krb4_password(struct passwd * pw, const char *password); int auth_krb4_tgt(struct passwd * pw, const char *string); int auth_afs_token(struct passwd * pw, const char *token_string); -int creds_to_radix(CREDENTIALS * creds, unsigned char *buf); +int creds_to_radix(CREDENTIALS * creds, unsigned char *buf, size_t buflen); int radix_to_creds(const char *buf, CREDENTIALS * creds); #endif /* AFS */ #endif /* KRB4 */ #ifdef SKEY -#include <skey.h> +#include <opie.h> char *skey_fake_keyinfo(char *username); int auth_skey_password(struct passwd * pw, const char *password); #endif /* SKEY */ diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 6d823f5..059817d 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -28,5 +28,6 @@ # StrictHostKeyChecking no # IdentityFile ~/.ssh/identity # Port 22 +# Protocol 2,1 # Cipher blowfish # EscapeChar ~ diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index ca5cee2..1ad91cf 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -10,31 +10,26 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.58 2000/03/23 22:15:33 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.72 2000/05/04 09:50:22 markus Exp $"); #include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rsa.h> + #include "xmalloc.h" #include "rsa.h" #include "ssh.h" +#include "buffer.h" #include "packet.h" -#include "authfd.h" -#include "cipher.h" -#include "mpaux.h" #include "uidswap.h" #include "compat.h" #include "readconf.h" - -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include <openssl/md5.h> #include "key.h" +#include "sshconnect.h" #include "hostfile.h" -/* Session id for the current session. */ -unsigned char session_id[16]; - -/* authentications supported by server */ -unsigned int supported_authentications; +char *client_version_string = NULL; +char *server_version_string = NULL; extern Options options; extern char *__progname; @@ -50,7 +45,7 @@ ssh_proxy_connect(const char *host, u_short port, uid_t original_real_uid, const char *cp; char *command_string; int pin[2], pout[2]; - int pid; + pid_t pid; char strport[NI_MAXSERV]; /* Convert the port number into a string. */ @@ -231,7 +226,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, debug("Trying again..."); /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ + sequence until the connection succeeds. */ for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; @@ -245,7 +240,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, host, ntop, strport); /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, + sock = ssh_create_socket(original_real_uid, !anonymous && geteuid() == 0 && port < IPPORT_RESERVED, ai->ai_family); if (sock < 0) @@ -304,562 +299,362 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, return 1; } -/* - * Checks if the user has an authentication agent, and if so, tries to - * authenticate using the agent. - */ -int -try_agent_authentication() +char * +chop(char *s) { - int status, type; - char *comment; - AuthenticationConnection *auth; - unsigned char response[16]; - unsigned int i; - BIGNUM *e, *n, *challenge; - - /* Get connection to the agent. */ - auth = ssh_get_authentication_connection(); - if (!auth) - return 0; - - e = BN_new(); - n = BN_new(); - challenge = BN_new(); - - /* Loop through identities served by the agent. */ - for (status = ssh_get_first_identity(auth, e, n, &comment); - status; - status = ssh_get_next_identity(auth, e, n, &comment)) { - int plen, clen; - - /* Try this identity. */ - debug("Trying RSA authentication via agent with '%.100s'", comment); - xfree(comment); - - /* Tell the server that we are willing to authenticate using this key. */ - packet_start(SSH_CMSG_AUTH_RSA); - packet_put_bignum(n); - packet_send(); - packet_write_wait(); - - /* Wait for server's response. */ - type = packet_read(&plen); - - /* The server sends failure if it doesn\'t like our key or - does not support RSA authentication. */ - if (type == SSH_SMSG_FAILURE) { - debug("Server refused our key."); - continue; + char *t = s; + while (*t) { + if(*t == '\n' || *t == '\r') { + *t = '\0'; + return s; } - /* Otherwise it should have sent a challenge. */ - if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) - packet_disconnect("Protocol error during RSA authentication: %d", - type); - - packet_get_bignum(challenge, &clen); - - packet_integrity_check(plen, clen, type); - - debug("Received RSA challenge from server."); - - /* Ask the agent to decrypt the challenge. */ - if (!ssh_decrypt_challenge(auth, e, n, challenge, - session_id, 1, response)) { - /* The agent failed to authenticate this identifier although it - advertised it supports this. Just return a wrong value. */ - log("Authentication agent failed to decrypt challenge."); - memset(response, 0, sizeof(response)); - } - debug("Sending response to RSA challenge."); - - /* Send the decrypted challenge back to the server. */ - packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); - for (i = 0; i < 16; i++) - packet_put_char(response[i]); - packet_send(); - packet_write_wait(); - - /* Wait for response from the server. */ - type = packet_read(&plen); - - /* The server returns success if it accepted the authentication. */ - if (type == SSH_SMSG_SUCCESS) { - debug("RSA authentication accepted by server."); - BN_clear_free(e); - BN_clear_free(n); - BN_clear_free(challenge); - return 1; - } - /* Otherwise it should return failure. */ - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error waiting RSA auth response: %d", - type); + t++; } + return s; - BN_clear_free(e); - BN_clear_free(n); - BN_clear_free(challenge); - - debug("RSA authentication using agent refused."); - return 0; } /* - * Computes the proper response to a RSA challenge, and sends the response to - * the server. + * Waits for the server identification string, and sends our own + * identification string. */ void -respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) +ssh_exchange_identification() { - unsigned char buf[32], response[16]; - MD5_CTX md; - int i, len; - - /* Decrypt the challenge using the private key. */ - rsa_private_decrypt(challenge, challenge, prv); - - /* Compute the response. */ - /* The response is MD5 of decrypted challenge plus session id. */ - len = BN_num_bytes(challenge); - if (len <= 0 || len > sizeof(buf)) - packet_disconnect("respond_to_rsa_challenge: bad challenge length %d", - len); - - memset(buf, 0, sizeof(buf)); - BN_bn2bin(challenge, buf + sizeof(buf) - len); - MD5_Init(&md); - MD5_Update(&md, buf, 32); - MD5_Update(&md, session_id, 16); - MD5_Final(response, &md); - - debug("Sending response to host key RSA challenge."); - - /* Send the response back to the server. */ - packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); - for (i = 0; i < 16; i++) - packet_put_char(response[i]); - packet_send(); - packet_write_wait(); - - memset(buf, 0, sizeof(buf)); - memset(response, 0, sizeof(response)); - memset(&md, 0, sizeof(md)); -} + char buf[256], remote_version[256]; /* must be same size! */ + int remote_major, remote_minor, i, mismatch; + int connection_in = packet_get_connection_in(); + int connection_out = packet_get_connection_out(); -/* - * Checks if the user has authentication file, and if so, tries to authenticate - * the user using it. - */ -int -try_rsa_authentication(const char *authfile) -{ - BIGNUM *challenge; - RSA *private_key; - RSA *public_key; - char *passphrase, *comment; - int type, i; - int plen, clen; - - /* Try to load identification for the authentication key. */ - public_key = RSA_new(); - if (!load_public_key(authfile, public_key, &comment)) { - RSA_free(public_key); - /* Could not load it. Fail. */ - return 0; + /* Read other side\'s version identification. */ + for (i = 0; i < sizeof(buf) - 1; i++) { + int len = read(connection_in, &buf[i], 1); + if (len < 0) + fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); + if (len != 1) + fatal("ssh_exchange_identification: Connection closed by remote host"); + if (buf[i] == '\r') { + buf[i] = '\n'; + buf[i + 1] = 0; + continue; /**XXX wait for \n */ + } + if (buf[i] == '\n') { + buf[i + 1] = 0; + break; + } } - debug("Trying RSA authentication with key '%.100s'", comment); - - /* Tell the server that we are willing to authenticate using this key. */ - packet_start(SSH_CMSG_AUTH_RSA); - packet_put_bignum(public_key->n); - packet_send(); - packet_write_wait(); - - /* We no longer need the public key. */ - RSA_free(public_key); - - /* Wait for server's response. */ - type = packet_read(&plen); + buf[sizeof(buf) - 1] = 0; + server_version_string = xstrdup(buf); /* - * The server responds with failure if it doesn\'t like our key or - * doesn\'t support RSA authentication. + * Check that the versions match. In future this might accept + * several versions and set appropriate flags to handle them. */ - if (type == SSH_SMSG_FAILURE) { - debug("Server refused our key."); - xfree(comment); - return 0; - } - /* Otherwise, the server should respond with a challenge. */ - if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) - packet_disconnect("Protocol error during RSA authentication: %d", type); - - /* Get the challenge from the packet. */ - challenge = BN_new(); - packet_get_bignum(challenge, &clen); - - packet_integrity_check(plen, clen, type); + if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n", + &remote_major, &remote_minor, remote_version) != 3) + fatal("Bad remote protocol version identification: '%.100s'", buf); + debug("Remote protocol version %d.%d, remote software version %.100s", + remote_major, remote_minor, remote_version); - debug("Received RSA challenge from server."); + compat_datafellows(remote_version); + mismatch = 0; - private_key = RSA_new(); - /* - * Load the private key. Try first with empty passphrase; if it - * fails, ask for a passphrase. - */ - if (!load_private_key(authfile, "", private_key, NULL)) { - char buf[300]; - snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", - comment); - if (!options.batch_mode) - passphrase = read_passphrase(buf, 0); - else { - debug("Will not query passphrase for %.100s in batch mode.", - comment); - passphrase = xstrdup(""); + switch(remote_major) { + case 1: + if (remote_minor == 99 && + (options.protocol & SSH_PROTO_2) && + !(options.protocol & SSH_PROTO_1_PREFERRED)) { + enable_compat20(); + break; } - - /* Load the authentication file using the pasphrase. */ - if (!load_private_key(authfile, passphrase, private_key, NULL)) { - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); - error("Bad passphrase."); - - /* Send a dummy response packet to avoid protocol error. */ - packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); - for (i = 0; i < 16; i++) - packet_put_char(0); - packet_send(); - packet_write_wait(); - - /* Expect the server to reject it... */ - packet_read_expect(&plen, SSH_SMSG_FAILURE); - xfree(comment); - return 0; + if (!(options.protocol & SSH_PROTO_1)) { + mismatch = 1; + break; } - /* Destroy the passphrase. */ - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); - } - /* We no longer need the comment. */ - xfree(comment); - - /* Compute and send a response to the challenge. */ - respond_to_rsa_challenge(challenge, private_key); - - /* Destroy the private key. */ - RSA_free(private_key); - - /* We no longer need the challenge. */ - BN_clear_free(challenge); - - /* Wait for response from the server. */ - type = packet_read(&plen); - if (type == SSH_SMSG_SUCCESS) { - debug("RSA authentication accepted by server."); - return 1; + if (remote_minor < 3) { + fatal("Remote machine has too old SSH software version."); + } else if (remote_minor == 3) { + /* We speak 1.3, too. */ + enable_compat13(); + if (options.forward_agent) { + log("Agent forwarding disabled for protocol 1.3"); + options.forward_agent = 0; + } + } + break; + case 2: + if (options.protocol & SSH_PROTO_2) { + enable_compat20(); + break; + } + /* FALLTHROUGH */ + default: + mismatch = 1; + break; } - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error waiting RSA auth response: %d", type); - debug("RSA authentication refused."); - return 0; + if (mismatch) + fatal("Protocol major versions differ: %d vs. %d", + (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, + remote_major); + if (compat20) + packet_set_ssh2_format(); + /* Send our own protocol version identification. */ + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", + compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, + compat20 ? PROTOCOL_MINOR_2 : PROTOCOL_MINOR_1, + SSH_VERSION); + if (atomicio(write, connection_out, buf, strlen(buf)) != strlen(buf)) + fatal("write: %.100s", strerror(errno)); + client_version_string = xstrdup(buf); + chop(client_version_string); + chop(server_version_string); + debug("Local version string %.100s", client_version_string); } -/* - * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv - * authentication and RSA host authentication. - */ int -try_rhosts_rsa_authentication(const char *local_user, RSA * host_key) +read_yes_or_no(const char *prompt, int defval) { - int type; - BIGNUM *challenge; - int plen, clen; - - debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); - - /* Tell the server that we are willing to authenticate using this key. */ - packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); - packet_put_string(local_user, strlen(local_user)); - packet_put_int(BN_num_bits(host_key->n)); - packet_put_bignum(host_key->e); - packet_put_bignum(host_key->n); - packet_send(); - packet_write_wait(); - - /* Wait for server's response. */ - type = packet_read(&plen); - - /* The server responds with failure if it doesn't admit our - .rhosts authentication or doesn't know our host key. */ - if (type == SSH_SMSG_FAILURE) { - debug("Server refused our rhosts authentication or host key."); - return 0; - } - /* Otherwise, the server should respond with a challenge. */ - if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) - packet_disconnect("Protocol error during RSA authentication: %d", type); + char buf[1024]; + FILE *f; + int retval = -1; - /* Get the challenge from the packet. */ - challenge = BN_new(); - packet_get_bignum(challenge, &clen); + if (isatty(0)) + f = stdin; + else + f = fopen("/dev/tty", "rw"); - packet_integrity_check(plen, clen, type); + if (f == NULL) + return 0; - debug("Received RSA challenge for host key from server."); + fflush(stdout); - /* Compute a response to the challenge. */ - respond_to_rsa_challenge(challenge, host_key); + while (1) { + fprintf(stderr, "%s", prompt); + if (fgets(buf, sizeof(buf), f) == NULL) { + /* Print a newline (the prompt probably didn\'t have one). */ + fprintf(stderr, "\n"); + strlcpy(buf, "no", sizeof buf); + } + /* Remove newline from response. */ + if (strchr(buf, '\n')) + *strchr(buf, '\n') = 0; - /* We no longer need the challenge. */ - BN_clear_free(challenge); + if (buf[0] == 0) + retval = defval; + if (strcmp(buf, "yes") == 0) + retval = 1; + if (strcmp(buf, "no") == 0) + retval = 0; - /* Wait for response from the server. */ - type = packet_read(&plen); - if (type == SSH_SMSG_SUCCESS) { - debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); - return 1; + if (retval != -1) { + if (f != stdin) + fclose(f); + return retval; + } } - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error waiting RSA auth response: %d", type); - debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused."); - return 0; } -#ifdef KRB4 -int -try_krb4_authentication() -{ - KTEXT_ST auth; /* Kerberos data */ - char *reply; - char inst[INST_SZ]; - char *realm; - CREDENTIALS cred; - int r, type, plen; - socklen_t slen; - Key_schedule schedule; - u_long checksum, cksum; - MSG_DAT msg_data; - struct sockaddr_in local, foreign; - struct stat st; - - /* Don't do anything if we don't have any tickets. */ - if (stat(tkt_string(), &st) < 0) - return 0; - - strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ); +/* + * check whether the supplied host key is valid, return only if ok. + */ - realm = (char *) krb_realmofhost(get_canonical_hostname()); - if (!realm) { - debug("Kerberos V4: no realm for %s", get_canonical_hostname()); - return 0; - } - /* This can really be anything. */ - checksum = (u_long) getpid(); +void +check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, + const char *user_hostfile, const char *system_hostfile) +{ + Key *file_key; + char *type = key_type(host_key); + char *ip = NULL; + char hostline[1000], *hostp; + HostStatus host_status; + HostStatus ip_status; + int local = 0, host_ip_differ = 0; + char ntop[NI_MAXHOST]; - r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum); - if (r != KSUCCESS) { - debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]); - return 0; - } - /* Get session key to decrypt the server's reply with. */ - r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred); - if (r != KSUCCESS) { - debug("get_cred failed: %s", krb_err_txt[r]); - return 0; - } - des_key_sched((des_cblock *) cred.session, schedule); - - /* Send authentication info to server. */ - packet_start(SSH_CMSG_AUTH_KRB4); - packet_put_string((char *) auth.dat, auth.length); - packet_send(); - packet_write_wait(); - - /* Zero the buffer. */ - (void) memset(auth.dat, 0, MAX_KTXT_LEN); - - slen = sizeof(local); - memset(&local, 0, sizeof(local)); - if (getsockname(packet_get_connection_in(), - (struct sockaddr *) & local, &slen) < 0) - debug("getsockname failed: %s", strerror(errno)); - - slen = sizeof(foreign); - memset(&foreign, 0, sizeof(foreign)); - if (getpeername(packet_get_connection_in(), - (struct sockaddr *) & foreign, &slen) < 0) { - debug("getpeername failed: %s", strerror(errno)); - fatal_cleanup(); - } - /* Get server reply. */ - type = packet_read(&plen); - switch (type) { - case SSH_SMSG_FAILURE: - /* Should really be SSH_SMSG_AUTH_KRB4_FAILURE */ - debug("Kerberos V4 authentication failed."); - return 0; + /* + * Force accepting of the host key for loopback/localhost. The + * problem is that if the home directory is NFS-mounted to multiple + * machines, localhost will refer to a different machine in each of + * them, and the user will get bogus HOST_CHANGED warnings. This + * essentially disables host authentication for localhost; however, + * this is probably not a real problem. + */ + /** hostaddr == 0! */ + switch (hostaddr->sa_family) { + case AF_INET: + local = (ntohl(((struct sockaddr_in *)hostaddr)->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; break; - - case SSH_SMSG_AUTH_KRB4_RESPONSE: - /* SSH_SMSG_AUTH_KRB4_SUCCESS */ - debug("Kerberos V4 authentication accepted."); - - /* Get server's response. */ - reply = packet_get_string((unsigned int *) &auth.length); - memcpy(auth.dat, reply, auth.length); - xfree(reply); - - packet_integrity_check(plen, 4 + auth.length, type); - - /* - * If his response isn't properly encrypted with the session - * key, and the decrypted checksum fails to match, he's - * bogus. Bail out. - */ - r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session, - &foreign, &local, &msg_data); - if (r != KSUCCESS) { - debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]); - packet_disconnect("Kerberos V4 challenge failed!"); - } - /* Fetch the (incremented) checksum that we supplied in the request. */ - (void) memcpy((char *) &cksum, (char *) msg_data.app_data, sizeof(cksum)); - cksum = ntohl(cksum); - - /* If it matches, we're golden. */ - if (cksum == checksum + 1) { - debug("Kerberos V4 challenge successful."); - return 1; - } else - packet_disconnect("Kerberos V4 challenge failed!"); + case AF_INET6: + local = IN6_IS_ADDR_LOOPBACK(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); break; - default: - packet_disconnect("Protocol error on Kerberos V4 response: %d", type); + local = 0; + break; + } + if (local) { + debug("Forcing accepting of host key for loopback/localhost."); + return; } - return 0; -} -#endif /* KRB4 */ + /* + * Turn off check_host_ip for proxy connects, since + * we don't have the remote ip-address + */ + if (options.proxy_command != NULL && options.check_host_ip) + options.check_host_ip = 0; -#ifdef AFS -int -send_krb4_tgt() -{ - CREDENTIALS *creds; - char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; - int r, type, plen; - char buffer[8192]; - struct stat st; - - /* Don't do anything if we don't have any tickets. */ - if (stat(tkt_string(), &st) < 0) - return 0; + if (options.check_host_ip) { + if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop), + NULL, 0, NI_NUMERICHOST) != 0) + fatal("check_host_key: getnameinfo failed"); + ip = xstrdup(ntop); + } - creds = xmalloc(sizeof(*creds)); + /* + * Store the host key from the known host file in here so that we can + * compare it with the key for the IP address. + */ + file_key = key_new(host_key->type); - if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) { - debug("Kerberos V4 tf_fullname failed: %s", krb_err_txt[r]); - return 0; - } - if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) { - debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]); - return 0; - } - if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) { - debug("Kerberos V4 ticket expired: %s", TKT_FILE); - return 0; - } - creds_to_radix(creds, (unsigned char *)buffer); - xfree(creds); + /* + * Check if the host key is present in the user\'s list of known + * hosts or in the systemwide list. + */ + host_status = check_host_in_hostfile(user_hostfile, host, host_key, file_key); + if (host_status == HOST_NEW) + host_status = check_host_in_hostfile(system_hostfile, host, host_key, file_key); + /* + * Also perform check for the ip address, skip the check if we are + * localhost or the hostname was an ip address to begin with + */ + if (options.check_host_ip && !local && strcmp(host, ip)) { + Key *ip_key = key_new(host_key->type); + ip_status = check_host_in_hostfile(user_hostfile, ip, host_key, ip_key); - packet_start(SSH_CMSG_HAVE_KRB4_TGT); - packet_put_string((char *) buffer, strlen(buffer)); - packet_send(); - packet_write_wait(); + if (ip_status == HOST_NEW) + ip_status = check_host_in_hostfile(system_hostfile, ip, host_key, ip_key); + if (host_status == HOST_CHANGED && + (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) + host_ip_differ = 1; - type = packet_read(&plen); + key_free(ip_key); + } else + ip_status = host_status; - if (type == SSH_SMSG_FAILURE) - debug("Kerberos TGT for realm %s rejected.", prealm); - else if (type != SSH_SMSG_SUCCESS) - packet_disconnect("Protocol error on Kerberos TGT response: %d", type); + key_free(file_key); - return 1; -} + switch (host_status) { + case HOST_OK: + /* The host is known and the key matches. */ + debug("Host '%.200s' is known and matches the %s host key.", + host, type); + if (options.check_host_ip) { + if (ip_status == HOST_NEW) { + if (!add_host_to_hostfile(user_hostfile, ip, host_key)) + log("Failed to add the %s host key for IP address '%.30s' to the list of known hosts (%.30s).", + type, ip, user_hostfile); + else + log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", + type, ip); + } else if (ip_status != HOST_OK) + log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", + type, host, ip); + } + break; + case HOST_NEW: + /* The host is new. */ + if (options.strict_host_key_checking == 1) { + /* User has requested strict host key checking. We will not add the host key + automatically. The only alternative left is to abort. */ + fatal("No %s host key is known for %.200s and you have requested strict checking.", type, host); + } else if (options.strict_host_key_checking == 2) { + /* The default */ + char prompt[1024]; + char *fp = key_fingerprint(host_key); + snprintf(prompt, sizeof(prompt), + "The authenticity of host '%.200s' can't be established.\n" + "%s key fingerprint is %s.\n" + "Are you sure you want to continue connecting (yes/no)? ", + host, type, fp); + if (!read_yes_or_no(prompt, -1)) + fatal("Aborted by user!\n"); + } + if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) { + snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); + hostp = hostline; + } else + hostp = host; -void -send_afs_tokens(void) -{ - CREDENTIALS creds; - struct ViceIoctl parms; - struct ClearToken ct; - int i, type, len, plen; - char buf[2048], *p, *server_cell; - char buffer[8192]; - - /* Move over ktc_GetToken, here's something leaner. */ - for (i = 0; i < 100; i++) { /* just in case */ - parms.in = (char *) &i; - parms.in_size = sizeof(i); - parms.out = buf; - parms.out_size = sizeof(buf); - if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) - break; - p = buf; + /* If not in strict mode, add the key automatically to the local known_hosts file. */ + if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) + log("Failed to add the host to the list of known hosts (%.500s).", + user_hostfile); + else + log("Warning: Permanently added '%.200s' (%s) to the list of known hosts.", + hostp, type); + break; + case HOST_CHANGED: + if (options.check_host_ip && host_ip_differ) { + char *msg; + if (ip_status == HOST_NEW) + msg = "is unknown"; + else if (ip_status == HOST_OK) + msg = "is unchanged"; + else + msg = "has a different value"; + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("The %s host key for %s has changed,", type, host); + error("and the key for the according IP address %s", ip); + error("%s. This could either mean that", msg); + error("DNS SPOOFING is happening or the IP address for the host"); + error("and its host key have changed at the same time"); + } + /* The host key has changed. */ + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); + error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); + error("It is also possible that the %s host key has just been changed.", type); + error("Please contact your system administrator."); + error("Add correct host key in %.100s to get rid of this message.", + user_hostfile); - /* Get secret token. */ - memcpy(&creds.ticket_st.length, p, sizeof(unsigned int)); - if (creds.ticket_st.length > MAX_KTXT_LEN) - break; - p += sizeof(unsigned int); - memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); - p += creds.ticket_st.length; + /* + * If strict host key checking is in use, the user will have + * to edit the key manually and we can only abort. + */ + if (options.strict_host_key_checking) + fatal("%s host key for %.200s has changed and you have requested strict checking.", type, host); - /* Get clear token. */ - memcpy(&len, p, sizeof(len)); - if (len != sizeof(struct ClearToken)) - break; - p += sizeof(len); - memcpy(&ct, p, len); - p += len; - p += sizeof(len); /* primary flag */ - server_cell = p; - - /* Flesh out our credentials. */ - strlcpy(creds.service, "afs", sizeof creds.service); - creds.instance[0] = '\0'; - strlcpy(creds.realm, server_cell, REALM_SZ); - memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); - creds.issue_date = ct.BeginTimestamp; - creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp); - creds.kvno = ct.AuthHandle; - snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId); - creds.pinst[0] = '\0'; - - /* Encode token, ship it off. */ - if (!creds_to_radix(&creds, (unsigned char*) buffer)) - break; - packet_start(SSH_CMSG_HAVE_AFS_TOKEN); - packet_put_string(buffer, strlen(buffer)); - packet_send(); - packet_write_wait(); - - /* Roger, Roger. Clearance, Clarence. What's your vector, - Victor? */ - type = packet_read(&plen); - - if (type == SSH_SMSG_FAILURE) - debug("AFS token for cell %s rejected.", server_cell); - else if (type != SSH_SMSG_SUCCESS) - packet_disconnect("Protocol error on AFS token response: %d", type); + /* + * If strict host key checking has not been requested, allow + * the connection but without password authentication or + * agent forwarding. + */ + if (options.password_authentication) { + error("Password authentication is disabled to avoid trojan horses."); + options.password_authentication = 0; + } + if (options.forward_agent) { + error("Agent forwarding is disabled to avoid trojan horses."); + options.forward_agent = 0; + } + /* + * XXX Should permit the user to change to use the new id. + * This could be done by converting the host key to an + * identifying sentence, tell that the host identifies itself + * by that sentence, and ask the user if he/she whishes to + * accept the authentication. + */ + break; } + if (options.check_host_ip) + xfree(ip); } -#endif /* AFS */ - #ifdef KRB5 int try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) @@ -1102,780 +897,6 @@ out: #endif /* KRB5 */ /* - * Tries to authenticate with any string-based challenge/response system. - * Note that the client code is not tied to s/key or TIS. - */ -int -try_skey_authentication() -{ - int type, i; - int payload_len; - unsigned int clen; - char *challenge, *response; - - debug("Doing skey authentication."); - - /* request a challenge */ - packet_start(SSH_CMSG_AUTH_TIS); - packet_send(); - packet_write_wait(); - - type = packet_read(&payload_len); - if (type != SSH_SMSG_FAILURE && - type != SSH_SMSG_AUTH_TIS_CHALLENGE) { - packet_disconnect("Protocol error: got %d in response " - "to skey-auth", type); - } - if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { - debug("No challenge for skey authentication."); - return 0; - } - challenge = packet_get_string(&clen); - packet_integrity_check(payload_len, (4 + clen), type); - if (options.cipher == SSH_CIPHER_NONE) - log("WARNING: Encryption is disabled! " - "Reponse will be transmitted in clear text."); - fprintf(stderr, "%s\n", challenge); - xfree(challenge); - fflush(stderr); - for (i = 0; i < options.number_of_password_prompts; i++) { - if (i != 0) - error("Permission denied, please try again."); - response = read_passphrase("Response: ", 0); - packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); - packet_put_string(response, strlen(response)); - memset(response, 0, strlen(response)); - xfree(response); - packet_send(); - packet_write_wait(); - type = packet_read(&payload_len); - if (type == SSH_SMSG_SUCCESS) - return 1; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response " - "to skey-auth-reponse", type); - } - /* failure */ - return 0; -} - -/* - * Tries to authenticate with plain passwd authentication. - */ -int -try_password_authentication(char *prompt) -{ - int type, i, payload_len; - char *password; - - debug("Doing password authentication."); - if (options.cipher == SSH_CIPHER_NONE) - log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); - for (i = 0; i < options.number_of_password_prompts; i++) { - if (i != 0) - error("Permission denied, please try again."); - password = read_passphrase(prompt, 0); - packet_start(SSH_CMSG_AUTH_PASSWORD); - packet_put_string(password, strlen(password)); - memset(password, 0, strlen(password)); - xfree(password); - packet_send(); - packet_write_wait(); - - type = packet_read(&payload_len); - if (type == SSH_SMSG_SUCCESS) - return 1; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to passwd auth", type); - } - /* failure */ - return 0; -} - -/* - * Waits for the server identification string, and sends our own - * identification string. - */ -void -ssh_exchange_identification() -{ - char buf[256], remote_version[256]; /* must be same size! */ - int remote_major, remote_minor, i; - int connection_in = packet_get_connection_in(); - int connection_out = packet_get_connection_out(); - - /* Read other side\'s version identification. */ - for (i = 0; i < sizeof(buf) - 1; i++) { - int len = read(connection_in, &buf[i], 1); - if (len < 0) - fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); - if (len != 1) - fatal("ssh_exchange_identification: Connection closed by remote host"); - if (buf[i] == '\r') { - buf[i] = '\n'; - buf[i + 1] = 0; - break; - } - if (buf[i] == '\n') { - buf[i + 1] = 0; - break; - } - } - buf[sizeof(buf) - 1] = 0; - - /* - * Check that the versions match. In future this might accept - * several versions and set appropriate flags to handle them. - */ - if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, - remote_version) != 3) - fatal("Bad remote protocol version identification: '%.100s'", buf); - debug("Remote protocol version %d.%d, remote software version %.100s", - remote_major, remote_minor, remote_version); - - /* Check if the remote protocol version is too old. */ - if (remote_major == 1 && remote_minor < 3) - fatal("Remote machine has too old SSH software version."); - - /* We speak 1.3, too. */ - if (remote_major == 1 && remote_minor == 3) { - enable_compat13(); - if (options.forward_agent) { - log("Agent forwarding disabled for protocol 1.3"); - options.forward_agent = 0; - } - } -#if 0 - /* - * Removed for now, to permit compatibility with latter versions. The - * server will reject our version and disconnect if it doesn't - * support it. - */ - if (remote_major != PROTOCOL_MAJOR) - fatal("Protocol major versions differ: %d vs. %d", - PROTOCOL_MAJOR, remote_major); -#endif - - /* Send our own protocol version identification. */ - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", - PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); - if (atomicio(write, connection_out, buf, strlen(buf)) != strlen(buf)) - fatal("write: %.100s", strerror(errno)); -} - -int ssh_cipher_default = SSH_CIPHER_3DES; - -int -read_yes_or_no(const char *prompt, int defval) -{ - char buf[1024]; - FILE *f; - int retval = -1; - - if (isatty(0)) - f = stdin; - else - f = fopen("/dev/tty", "rw"); - - if (f == NULL) - return 0; - - fflush(stdout); - - while (1) { - fprintf(stderr, "%s", prompt); - if (fgets(buf, sizeof(buf), f) == NULL) { - /* Print a newline (the prompt probably didn\'t have one). */ - fprintf(stderr, "\n"); - strlcpy(buf, "no", sizeof buf); - } - /* Remove newline from response. */ - if (strchr(buf, '\n')) - *strchr(buf, '\n') = 0; - - if (buf[0] == 0) - retval = defval; - if (strcmp(buf, "yes") == 0) - retval = 1; - if (strcmp(buf, "no") == 0) - retval = 0; - - if (retval != -1) { - if (f != stdin) - fclose(f); - return retval; - } - } -} - -/* - * check whether the supplied host key is valid, return only if ok. - */ - -void -check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) -{ - Key *file_key; - char *ip = NULL; - char hostline[1000], *hostp; - HostStatus host_status; - HostStatus ip_status; - int local = 0, host_ip_differ = 0; - char ntop[NI_MAXHOST]; - - /* - * Force accepting of the host key for loopback/localhost. The - * problem is that if the home directory is NFS-mounted to multiple - * machines, localhost will refer to a different machine in each of - * them, and the user will get bogus HOST_CHANGED warnings. This - * essentially disables host authentication for localhost; however, - * this is probably not a real problem. - */ - switch (hostaddr->sa_family) { - case AF_INET: - local = (ntohl(((struct sockaddr_in *)hostaddr)->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; - break; - case AF_INET6: - local = IN6_IS_ADDR_LOOPBACK(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); - break; - default: - local = 0; - break; - } - if (local) { - debug("Forcing accepting of host key for loopback/localhost."); - return; - } - - /* - * Turn off check_host_ip for proxy connects, since - * we don't have the remote ip-address - */ - if (options.proxy_command != NULL && options.check_host_ip) - options.check_host_ip = 0; - - if (options.check_host_ip) { - if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop), - NULL, 0, NI_NUMERICHOST) != 0) - fatal("check_host_key: getnameinfo failed"); - ip = xstrdup(ntop); - } - - /* - * Store the host key from the known host file in here so that we can - * compare it with the key for the IP address. - */ - file_key = key_new(host_key->type); - - /* - * Check if the host key is present in the user\'s list of known - * hosts or in the systemwide list. - */ - host_status = check_host_in_hostfile(options.user_hostfile, host, host_key, file_key); - if (host_status == HOST_NEW) - host_status = check_host_in_hostfile(options.system_hostfile, host, host_key, file_key); - /* - * Also perform check for the ip address, skip the check if we are - * localhost or the hostname was an ip address to begin with - */ - if (options.check_host_ip && !local && strcmp(host, ip)) { - Key *ip_key = key_new(host_key->type); - ip_status = check_host_in_hostfile(options.user_hostfile, ip, host_key, ip_key); - - if (ip_status == HOST_NEW) - ip_status = check_host_in_hostfile(options.system_hostfile, ip, host_key, ip_key); - if (host_status == HOST_CHANGED && - (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) - host_ip_differ = 1; - - key_free(ip_key); - } else - ip_status = host_status; - - key_free(file_key); - - switch (host_status) { - case HOST_OK: - /* The host is known and the key matches. */ - debug("Host '%.200s' is known and matches the host key.", host); - if (options.check_host_ip) { - if (ip_status == HOST_NEW) { - if (!add_host_to_hostfile(options.user_hostfile, ip, host_key)) - log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).", - ip, options.user_hostfile); - else - log("Warning: Permanently added host key for IP address '%.30s' to the list of known hosts.", - ip); - } else if (ip_status != HOST_OK) - log("Warning: the host key for '%.200s' differs from the key for the IP address '%.30s'", - host, ip); - } - break; - case HOST_NEW: - /* The host is new. */ - if (options.strict_host_key_checking == 1) { - /* User has requested strict host key checking. We will not add the host key - automatically. The only alternative left is to abort. */ - fatal("No host key is known for %.200s and you have requested strict checking.", host); - } else if (options.strict_host_key_checking == 2) { - /* The default */ - char prompt[1024]; - char *fp = key_fingerprint(host_key); - snprintf(prompt, sizeof(prompt), - "The authenticity of host '%.200s' can't be established.\n" - "Key fingerprint is %s.\n" - "Are you sure you want to continue connecting (yes/no)? ", - host, fp); - if (!read_yes_or_no(prompt, -1)) - fatal("Aborted by user!\n"); - } - if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) { - snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); - hostp = hostline; - } else - hostp = host; - - /* If not in strict mode, add the key automatically to the local known_hosts file. */ - if (!add_host_to_hostfile(options.user_hostfile, hostp, host_key)) - log("Failed to add the host to the list of known hosts (%.500s).", - options.user_hostfile); - else - log("Warning: Permanently added '%.200s' to the list of known hosts.", - hostp); - break; - case HOST_CHANGED: - if (options.check_host_ip && host_ip_differ) { - char *msg; - if (ip_status == HOST_NEW) - msg = "is unknown"; - else if (ip_status == HOST_OK) - msg = "is unchanged"; - else - msg = "has a different value"; - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("The host key for %s has changed,", host); - error("and the key for the according IP address %s", ip); - error("%s. This could either mean that", msg); - error("DNS SPOOFING is happening or the IP address for the host"); - error("and its host key have changed at the same time"); - } - /* The host key has changed. */ - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the host key has just been changed."); - error("Please contact your system administrator."); - error("Add correct host key in %.100s to get rid of this message.", - options.user_hostfile); - - /* - * If strict host key checking is in use, the user will have - * to edit the key manually and we can only abort. - */ - if (options.strict_host_key_checking) - fatal("Host key for %.200s has changed and you have requested strict checking.", host); - - /* - * If strict host key checking has not been requested, allow - * the connection but without password authentication or - * agent forwarding. - */ - if (options.password_authentication) { - error("Password authentication is disabled to avoid trojan horses."); - options.password_authentication = 0; - } - if (options.forward_agent) { - error("Agent forwarding is disabled to avoid trojan horses."); - options.forward_agent = 0; - } - /* - * XXX Should permit the user to change to use the new id. - * This could be done by converting the host key to an - * identifying sentence, tell that the host identifies itself - * by that sentence, and ask the user if he/she whishes to - * accept the authentication. - */ - break; - } - if (options.check_host_ip) - xfree(ip); -} -void -check_rsa_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key) -{ - Key k; - k.type = KEY_RSA; - k.rsa = host_key; - check_host_key(host, hostaddr, &k); -} - -/* - * SSH1 key exchange - */ -void -ssh_kex(char *host, struct sockaddr *hostaddr) -{ - int i; - BIGNUM *key; - RSA *host_key; - RSA *public_key; - int bits, rbits; - unsigned char session_key[SSH_SESSION_KEY_LENGTH]; - unsigned char cookie[8]; - unsigned int supported_ciphers; - unsigned int server_flags, client_flags; - int payload_len, clen, sum_len = 0; - u_int32_t rand = 0; - - debug("Waiting for server public key."); - - /* Wait for a public key packet from the server. */ - packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY); - - /* Get cookie from the packet. */ - for (i = 0; i < 8; i++) - cookie[i] = packet_get_char(); - - /* Get the public key. */ - public_key = RSA_new(); - bits = packet_get_int();/* bits */ - public_key->e = BN_new(); - packet_get_bignum(public_key->e, &clen); - sum_len += clen; - public_key->n = BN_new(); - packet_get_bignum(public_key->n, &clen); - sum_len += clen; - - rbits = BN_num_bits(public_key->n); - if (bits != rbits) { - log("Warning: Server lies about size of server public key: " - "actual size is %d bits vs. announced %d.", rbits, bits); - log("Warning: This may be due to an old implementation of ssh."); - } - /* Get the host key. */ - host_key = RSA_new(); - bits = packet_get_int();/* bits */ - host_key->e = BN_new(); - packet_get_bignum(host_key->e, &clen); - sum_len += clen; - host_key->n = BN_new(); - packet_get_bignum(host_key->n, &clen); - sum_len += clen; - - rbits = BN_num_bits(host_key->n); - if (bits != rbits) { - log("Warning: Server lies about size of server host key: " - "actual size is %d bits vs. announced %d.", rbits, bits); - log("Warning: This may be due to an old implementation of ssh."); - } - - /* Get protocol flags. */ - server_flags = packet_get_int(); - packet_set_protocol_flags(server_flags); - - supported_ciphers = packet_get_int(); - supported_authentications = packet_get_int(); - - debug("Received server public key (%d bits) and host key (%d bits).", - BN_num_bits(public_key->n), BN_num_bits(host_key->n)); - - packet_integrity_check(payload_len, - 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, - SSH_SMSG_PUBLIC_KEY); - - check_rsa_host_key(host, hostaddr, host_key); - - client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; - - compute_session_id(session_id, cookie, host_key->n, public_key->n); - - /* Generate a session key. */ - arc4random_stir(); - - /* - * Generate an encryption key for the session. The key is a 256 bit - * random number, interpreted as a 32-byte key, with the least - * significant 8 bits being the first byte of the key. - */ - for (i = 0; i < 32; i++) { - if (i % 4 == 0) - rand = arc4random(); - session_key[i] = rand & 0xff; - rand >>= 8; - } - - /* - * According to the protocol spec, the first byte of the session key - * is the highest byte of the integer. The session key is xored with - * the first 16 bytes of the session id. - */ - key = BN_new(); - BN_set_word(key, 0); - for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { - BN_lshift(key, key, 8); - if (i < 16) - BN_add_word(key, session_key[i] ^ session_id[i]); - else - BN_add_word(key, session_key[i]); - } - - /* - * Encrypt the integer using the public key and host key of the - * server (key with smaller modulus first). - */ - if (BN_cmp(public_key->n, host_key->n) < 0) { - /* Public key has smaller modulus. */ - if (BN_num_bits(host_key->n) < - BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { - fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " - "SSH_KEY_BITS_RESERVED %d", - BN_num_bits(host_key->n), - BN_num_bits(public_key->n), - SSH_KEY_BITS_RESERVED); - } - rsa_public_encrypt(key, key, public_key); - rsa_public_encrypt(key, key, host_key); - } else { - /* Host key has smaller modulus (or they are equal). */ - if (BN_num_bits(public_key->n) < - BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { - fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " - "SSH_KEY_BITS_RESERVED %d", - BN_num_bits(public_key->n), - BN_num_bits(host_key->n), - SSH_KEY_BITS_RESERVED); - } - rsa_public_encrypt(key, key, host_key); - rsa_public_encrypt(key, key, public_key); - } - - /* Destroy the public keys since we no longer need them. */ - RSA_free(public_key); - RSA_free(host_key); - - if (options.cipher == SSH_CIPHER_NOT_SET) { - if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) - options.cipher = ssh_cipher_default; - else { - debug("Cipher %s not supported, using %.100s instead.", - cipher_name(ssh_cipher_default), - cipher_name(SSH_FALLBACK_CIPHER)); - options.cipher = SSH_FALLBACK_CIPHER; - } - } - /* Check that the selected cipher is supported. */ - if (!(supported_ciphers & (1 << options.cipher))) - fatal("Selected cipher type %.100s not supported by server.", - cipher_name(options.cipher)); - - debug("Encryption type: %.100s", cipher_name(options.cipher)); - - /* Send the encrypted session key to the server. */ - packet_start(SSH_CMSG_SESSION_KEY); - packet_put_char(options.cipher); - - /* Send the cookie back to the server. */ - for (i = 0; i < 8; i++) - packet_put_char(cookie[i]); - - /* Send and destroy the encrypted encryption key integer. */ - packet_put_bignum(key); - BN_clear_free(key); - - /* Send protocol flags. */ - packet_put_int(client_flags); - - /* Send the packet now. */ - packet_send(); - packet_write_wait(); - - debug("Sent encrypted session key."); - - /* Set the encryption key. */ - packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); - - /* We will no longer need the session key here. Destroy any extra copies. */ - memset(session_key, 0, sizeof(session_key)); - - /* - * Expect a success message from the server. Note that this message - * will be received in encrypted form. - */ - packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); - - debug("Received encrypted confirmation."); -} - -/* - * Authenticate user - */ -void -ssh_userauth(int host_key_valid, RSA *own_host_key, - uid_t original_real_uid, char *host) -{ - int i, type; - int payload_len; - struct passwd *pw; - const char *server_user, *local_user; - - /* Get local user name. Use it as server user if no user name was given. */ - pw = getpwuid(original_real_uid); - if (!pw) - fatal("User id %d not found from user database.", original_real_uid); - local_user = xstrdup(pw->pw_name); - server_user = options.user ? options.user : local_user; - - /* Send the name of the user to log in as on the server. */ - packet_start(SSH_CMSG_USER); - packet_put_string(server_user, strlen(server_user)); - packet_send(); - packet_write_wait(); - - /* - * The server should respond with success if no authentication is - * needed (the user has no password). Otherwise the server responds - * with failure. - */ - type = packet_read(&payload_len); - - /* check whether the connection was accepted without authentication. */ - if (type == SSH_SMSG_SUCCESS) - return; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", - type); - -#ifdef AFS - /* Try Kerberos tgt passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_KRB4_TGT)) && - options.krb4_tgt_passing) { - if (options.cipher == SSH_CIPHER_NONE) - log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); - (void) send_krb4_tgt(); - } - /* Try AFS token passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && - options.afs_token_passing && k_hasafs()) { - if (options.cipher == SSH_CIPHER_NONE) - log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); - send_afs_tokens(); - } -#endif /* AFS */ - -#ifdef KRB4 - if ((supported_authentications & (1 << SSH_AUTH_KRB4)) && - options.krb4_authentication) { - debug("Trying Kerberos authentication."); - if (try_krb4_authentication()) { - /* The server should respond with success or failure. */ - type = packet_read(&payload_len); - if (type == SSH_SMSG_SUCCESS) - return; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to Kerberos auth", type); - } - } -#endif /* KRB4 */ - -#ifdef KRB5 - if ((supported_authentications & (1 << SSH_AUTH_KRB5)) && - options.krb5_authentication){ - krb5_context ssh_context = NULL; - krb5_auth_context auth_context = NULL; - - debug("Trying Kerberos V5 authentication."); - - if (try_krb5_authentication(&ssh_context, &auth_context)) { - type = packet_read(&payload_len); - if (type == SSH_SMSG_SUCCESS) { - if ((supported_authentications & (1 << SSH_PASS_KRB5_TGT)) && - options.krb5_tgt_passing) { - if (options.cipher == SSH_CIPHER_NONE) - log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); - send_krb5_tgt(ssh_context, auth_context); - - } - krb5_auth_con_free(ssh_context, auth_context); - krb5_free_context(ssh_context); - return; - } - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to Kerberos5 auth", type); - - } - } -#endif /* KRB5 */ - - /* - * Use rhosts authentication if running in privileged socket and we - * do not wish to remain anonymous. - */ - if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && - options.rhosts_authentication) { - debug("Trying rhosts authentication."); - packet_start(SSH_CMSG_AUTH_RHOSTS); - packet_put_string(local_user, strlen(local_user)); - packet_send(); - packet_write_wait(); - - /* The server should respond with success or failure. */ - type = packet_read(&payload_len); - if (type == SSH_SMSG_SUCCESS) - return; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to rhosts auth", - type); - } - /* - * Try .rhosts or /etc/hosts.equiv authentication with RSA host - * authentication. - */ - if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && - options.rhosts_rsa_authentication && host_key_valid) { - if (try_rhosts_rsa_authentication(local_user, own_host_key)) - return; - } - /* Try RSA authentication if the server supports it. */ - if ((supported_authentications & (1 << SSH_AUTH_RSA)) && - options.rsa_authentication) { - /* - * Try RSA authentication using the authentication agent. The - * agent is tried first because no passphrase is needed for - * it, whereas identity files may require passphrases. - */ - if (try_agent_authentication()) - return; - - /* Try RSA authentication for each identity. */ - for (i = 0; i < options.num_identity_files; i++) - if (try_rsa_authentication(options.identity_files[i])) - return; - } - /* Try skey authentication if the server supports it. */ - if ((supported_authentications & (1 << SSH_AUTH_TIS)) && - options.skey_authentication && !options.batch_mode) { - if (try_skey_authentication()) - return; - } - /* Try password authentication if the server supports it. */ - if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && - options.password_authentication && !options.batch_mode) { - char prompt[80]; - - snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ", - server_user, host); - if (try_password_authentication(prompt)) - return; - } - /* All authentication methods have failed. Exit with an error message. */ - fatal("Permission denied."); - /* NOTREACHED */ -} -/* * Starts a dialog with the server, and authenticates the current user on the * server. This does not need any extra privileges. The basic connection * to the server must already have been established before this is called. @@ -1886,7 +907,16 @@ void ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost, struct sockaddr *hostaddr, uid_t original_real_uid) { + struct passwd *pw; char *host, *cp; + char *server_user, *local_user; + + /* Get local user name. Use it as server user if no user name was given. */ + pw = getpwuid(original_real_uid); + if (!pw) + fatal("User id %d not found from user database.", original_real_uid); + local_user = xstrdup(pw->pw_name); + server_user = options.user ? options.user : local_user; /* Convert the user-supplied hostname into all lowercase. */ host = xstrdup(orighost); @@ -1900,12 +930,13 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost, /* Put the connection into non-blocking mode. */ packet_set_nonblocking(); - supported_authentications = 0; /* key exchange */ - ssh_kex(host, hostaddr); - if (supported_authentications == 0) - fatal("supported_authentications == 0."); - /* authenticate user */ - ssh_userauth(host_key_valid, own_host_key, original_real_uid, host); + if (compat20) { + ssh_kex2(host, hostaddr); + ssh_userauth2(server_user, host); + } else { + ssh_kex(host, hostaddr); + ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key); + } } diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c index 4360d72..929581c 100644 --- a/crypto/openssh/sshconnect1.c +++ b/crypto/openssh/sshconnect1.c @@ -6,6 +6,7 @@ * Code to connect to a remote host, and to perform the client side of the * login (authentication) dialog. * + * $FreeBSD$ */ #include "includes.h" @@ -362,7 +363,7 @@ try_rhosts_rsa_authentication(const char *local_user, RSA * host_key) #ifdef KRB4 int -try_kerberos_authentication() +try_krb4_authentication() { KTEXT_ST auth; /* Kerberos data */ char *reply; @@ -405,7 +406,7 @@ try_kerberos_authentication() des_key_sched((des_cblock *) cred.session, schedule); /* Send authentication info to server. */ - packet_start(SSH_CMSG_AUTH_KERBEROS); + packet_start(SSH_CMSG_AUTH_KRB4); packet_put_string((char *) auth.dat, auth.length); packet_send(); packet_write_wait(); @@ -430,13 +431,13 @@ try_kerberos_authentication() type = packet_read(&plen); switch (type) { case SSH_SMSG_FAILURE: - /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ + /* Should really be SSH_SMSG_AUTH_KRB4_FAILURE */ debug("Kerberos V4 authentication failed."); return 0; break; - case SSH_SMSG_AUTH_KERBEROS_RESPONSE: - /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ + case SSH_SMSG_AUTH_KRB4_RESPONSE: + /* SSH_SMSG_AUTH_KRB4_SUCCESS */ debug("Kerberos V4 authentication accepted."); /* Get server's response. */ @@ -479,7 +480,7 @@ try_kerberos_authentication() #ifdef AFS int -send_kerberos_tgt() +send_krb4_tgt() { CREDENTIALS *creds; char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; @@ -508,7 +509,7 @@ send_kerberos_tgt() creds_to_radix(creds, (unsigned char *)buffer, sizeof buffer); xfree(creds); - packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); + packet_start(SSH_CMSG_HAVE_KRB4_TGT); packet_put_string(buffer, strlen(buffer)); packet_send(); packet_write_wait(); @@ -927,11 +928,11 @@ ssh_userauth( #ifdef AFS /* Try Kerberos tgt passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && - options.kerberos_tgt_passing) { + if ((supported_authentications & (1 << SSH_PASS_KRB4_TGT)) && + options.krb4_tgt_passing) { if (options.cipher == SSH_CIPHER_NONE) log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); - (void) send_kerberos_tgt(); + (void) send_krb4_tgt(); } /* Try AFS token passing if the server supports it. */ if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && @@ -943,10 +944,10 @@ ssh_userauth( #endif /* AFS */ #ifdef KRB4 - if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && - options.kerberos_authentication) { + if ((supported_authentications & (1 << SSH_AUTH_KRB4)) && + options.krb4_authentication) { debug("Trying Kerberos authentication."); - if (try_kerberos_authentication()) { + if (try_krb4_authentication()) { /* The server should respond with success or failure. */ type = packet_read(&payload_len); if (type == SSH_SMSG_SUCCESS) @@ -957,6 +958,35 @@ ssh_userauth( } #endif /* KRB4 */ +#ifdef KRB5 + if ((supported_authentications & (1 << SSH_AUTH_KRB5)) && + options.krb5_authentication){ + krb5_context ssh_context = NULL; + krb5_auth_context auth_context = NULL; + + debug("Trying Kerberos V5 authentication."); + + if (try_krb5_authentication(&ssh_context, &auth_context)) { + type = packet_read(&payload_len); + if (type == SSH_SMSG_SUCCESS) { + if ((supported_authentications & (1 << SSH_PASS_KRB5_TGT)) && + options.krb5_tgt_passing) { + if (options.cipher == SSH_CIPHER_NONE) + log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); + send_krb5_tgt(ssh_context, auth_context); + + } + krb5_auth_con_free(ssh_context, auth_context); + krb5_free_context(ssh_context); + return; + } + if (type != SSH_SMSG_FAILURE) + packet_disconnect("Protocol error: got %d in response to Kerberos5 auth", type); + + } + } +#endif /* KRB5 */ + /* * Use rhosts authentication if running in privileged socket and we * do not wish to remain anonymous. diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 521bee6..e39c7f4 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.37 2000/03/24 03:04:46 brad Exp $ +.\" $Id: sshd.8,v 1.51 2000/05/08 17:42:31 hugh Exp $ .\" $FreeBSD$ .\" .Dd September 25, 1999 @@ -28,11 +28,11 @@ .Op Fl k Ar key_gen_time .Op Fl p Ar port .Op Fl V Ar client_protocol_id -.Sh DESCRIPTION +.Sh DESCRIPTION .Nm -(Secure Shell Daemon) is the daemon program for +(Secure Shell Daemon) is the daemon program for .Xr ssh 1 . -Together these programs replace rlogin and rsh programs, and +Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. The programs are intended to be as easy to @@ -47,9 +47,14 @@ daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange. -.Pp +This implementation of +.Nm +supports both SSH protocol version 1 and 2 simultaneously. .Nm works as follows. +.Pp +.Ss SSH protocol version 1 +.Pp Each host has a host-specific RSA key (normally 1024 bits) used to identify the host. Additionally, when @@ -57,20 +62,20 @@ the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and is never stored on disk. .Pp -Whenever a client connects the daemon, the daemon sends its host -and server public keys to the client. +Whenever a client connects the daemon responds with its public +host and server keys. The client compares the -host key against its own database to verify that it has not changed. +RSA host key against its own database to verify that it has not changed. The client then generates a 256 bit random number. It encrypts this random number using both the host key and the server key, and sends the encrypted number to the server. -Both sides then start to use this +Both sides then use this random number as a session key which is used to encrypt all further communications in the session. The rest of the session is encrypted -using a conventional cipher, currently Blowfish and 3DES, with 3DES -being is used by default. +using a conventional cipher, currently Blowfish or 3DES, with 3DES +being used by default. The client selects the encryption algorithm to use from those offered by the server. .Pp @@ -96,7 +101,29 @@ are disabled (thus completely disabling .Xr rlogin 1 and .Xr rsh 1 -into that machine). +into the machine). +.Pp +.Ss SSH protocol version 2 +.Pp +Version 2 works similar: +Each host has a host-specific DSA key used to identify the host. +However, when the daemon starts, it does not generate a server key. +Forward security is provided through a Diffie-Hellman key agreement. +This key agreement results in a shared session key. +The rest of the session is encrypted +using a symmetric cipher, currently +Blowfish, 3DES or CAST128 in CBC mode or Arcfour. +The client selects the encryption algorithm +to use from those offered by the server. +Additionally, session integrity is provided +through a cryptographic message authentication code +(hmac-sha1 or hmac-md5). +.Pp +Protocol version 2 provides a public key based +user authentication method (DSAAuthentication) +and conventional password authentication. +.Pp +.Ss Command execution and data forwarding .Pp If the client successfully authenticates itself, a dialog for preparing the session is entered. @@ -149,7 +176,7 @@ If the client fails to authenticate the user within this many seconds, the server disconnects and exits. A value of zero indicates no limit. .It Fl h Ar host_key_file -Specifies the file from which the host key is read (default +Specifies the file from which the RSA host key is read (default .Pa /etc/ssh/ssh_host_key ) . This option must be given if .Nm @@ -158,7 +185,7 @@ host file is normally not readable by anyone but root). .It Fl i Specifies that .Nm -is being run from inetd. +is being run from inetd. .Nm is normally not run from inetd because it needs to generate the server key before it can @@ -189,9 +216,9 @@ authentication, and termination of each connection is logged. Do not print an error message if RSA support is missing. .It Fl V Ar client_protocol_id SSH2 compatibility mode. -When this options is specified +When this option is specified .Nm -assumes the client has sent the given version string +assumes the client has sent the supplied version string and skips the Protocol Version Identification Exchange. .It Fl 4 @@ -205,7 +232,7 @@ to use IPv6 addresses only. .El .Sh CONFIGURATION FILE .Nm -reads configuration data from +reads configuration data from .Pa /etc/ssh/sshd_config (or the file specified with .Fl f @@ -247,6 +274,11 @@ wildcards in the patterns. Only user names are valid, a numerical user ID isn't recognized. By default login is allowed regardless of the user name. .Pp +.It Cm Ciphers +Specifies the ciphers allowed for protocol version 2. +Multiple ciphers must be comma-separated. +The default is +.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . .It Cm CheckMail Specifies whether .Nm @@ -301,24 +333,45 @@ and can be used as wildcards in the patterns. Only user names are valid, a numerical user ID isn't recognized. By default login is allowed regardless of the user name. +.It Cm DSAAuthentication +Specifies whether DSA authentication is allowed. +The default is +.Dq yes . +Note that this option applies to protocol version 2 only. +.It Cm GatewayPorts +Specifies whether remote hosts are allowed to connect to ports +forwarded for the client. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . +.It Cm HostDsaKey +Specifies the file containing the private DSA host key (default +.Pa /etc/ssh/ssh_host_dsa_key ) +used by SSH protocol 2.0. +Note that +.Nm +disables protocol 2.0 if this file is group/world-accessible. .It Cm HostKey -Specifies the file containing the private host key (default -.Pa /etc/ssh/ssh_host_key ) . +Specifies the file containing the private RSA host key (default +.Pa /etc/ssh/ssh_host_key ) +used by SSH protocols 1.3 and 1.5. Note that .Nm -does not start if this file is group/world-accessible. +disables protocols 1.3 and 1.5 if this file is group/world-accessible. .It Cm IgnoreRhosts Specifies that .Pa .rhosts -and +and .Pa .shosts files will not be used in authentication. .Pa /etc/hosts.equiv and .Pa /etc/ssh/shosts.equiv -.Pa /etc/shosts.equiv are still used. -The default is +The default is .Dq yes . .It Cm IgnoreUserKnownHosts Specifies whether @@ -337,7 +390,7 @@ of the machines will be properly noticed. However, this means that connections will die if the route is down temporarily, and some people find it annoying. -On the other hand, if keepalives are not send, +On the other hand, if keepalives are not sent, sessions may hang indefinitely on the server, leaving .Dq ghost users and consuming server resources. @@ -369,7 +422,7 @@ Default is .Dq yes . .It Cm KerberosTgtPassing Specifies whether a Kerberos TGT may be forwarded to the server. -Default is +Default is .Dq no , as this only works when the Kerberos KDC is actually an AFS kaserver. .It Cm KerberosTicketCleanup @@ -412,6 +465,7 @@ and is not recommended. Specifies whether password authentication is allowed. The default is .Dq yes . +Note that this option applies to both protocol version 1 and 2. .It Cm PermitEmptyPasswords When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. @@ -437,6 +491,12 @@ option has been specified will be allowed regardless of the value of this setting (which may be useful for taking remote backups even if root login is normally not allowed). +.It Cm PidFile +Specifies the file that contains the process identifier of the +.Nm +daemon. +The default is +.Pa /var/run/sshd.pid . .It Cm Port Specifies the port number that .Nm @@ -446,7 +506,7 @@ Multiple options of this type are permitted. .It Cm PrintMotd Specifies whether .Nm -should print +should print .Pa /etc/motd when a user logs in interactively. (On some systems it is also printed by the shell, @@ -454,6 +514,17 @@ when a user logs in interactively. or equivalent.) The default is .Dq yes . +.It Cm Protocol +Specifies the protocol versions +.Nm +should support. +The possible values are +.Dq 1 +and +.Dq 2 . +Multiple versions must be comma-separated. +The default is +.Dq 1 . .It Cm RandomSeed Obsolete - accepted and ignored with a warning. Random number generation uses other techniques. @@ -481,12 +552,13 @@ The default is Specifies whether pure RSA authentication is allowed. The default is .Dq yes . +Note that this option applies to protocol version 1 only. .It Cm ServerKeyBits Defines the number of bits in the server key. The minimum value is 512, and the default is 768. .It Cm SkeyAuthentication Specifies whether -.Xr skey 1 +.Xr skey 1 authentication is allowed. The default is .Dq yes . @@ -536,12 +608,12 @@ does the following: .Bl -enum -offset indent .It If the login is on a tty, and no command has been specified, -prints last login time and +prints last login time and .Pa /etc/motd (unless prevented in the configuration file or by .Pa $HOME/.hushlogin ; see the -.Sx FILES +.Sx FILES section). .It If the login is on a tty, records login time. @@ -577,10 +649,14 @@ authentication protocol and cookie (if applicable) in standard input. Runs user's shell or command. .El .Sh AUTHORIZED_KEYS FILE FORMAT -The +The .Pa $HOME/.ssh/authorized_keys file lists the RSA keys that are -permitted for RSA authentication. +permitted for RSA authentication in SSH protocols 1.3 and 1.5 +Similarly, the +.Pa $HOME/.ssh/authorized_keys2 +file lists the DSA keys that are +permitted for DSA authentication in SSH protocol 2.0. Each line of the file contains one key (empty lines and lines starting with a .Ql # @@ -636,8 +712,8 @@ A quote may be included in the command by quoting it with a backslash. This option might be useful to restrict certain RSA keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. -Notice that the client may specify TCP/IP and/or X11 -forwardings unless they are explicitly prohibited. +Note that the client may specify TCP/IP and/or X11 +forwarding unless they are explicitly prohibited. .It Cm environment="NAME=value" Specifies that the string is to be added to the environment when logging in using this key. @@ -666,10 +742,12 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi .Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT -The -.Pa /etc/ssh/ssh_known_hosts -and -.Pa $HOME/.ssh/known_hosts +The +.Pa /etc/ssh/ssh_known_hosts , +.Pa /etc/ssh/ssh_known_hosts2 , +.Pa $HOME/.ssh/known_hosts , +and +.Pa $HOME/.ssh/known_hosts2 files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is @@ -690,7 +768,7 @@ to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. .Pp -Bits, exponent, and modulus are taken directly from the host key; they +Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from .Pa /etc/ssh/ssh_host_key.pub . The optional comment field continues to the end of the line, and is not used. @@ -713,7 +791,7 @@ accepted if valid information can be found from either file. Note that the lines in these files are typically hundreds of characters long, and you definitely don't want to type in the host keys by hand. Rather, generate them by a script -or by taking +or by taking .Pa /etc/ssh/ssh_host_key.pub and adding the host names at the front. .Ss Examples @@ -758,6 +836,21 @@ it being world-readable if the user's home directory resides on an NFS volume). It is recommended that it not be accessible by others. The format of this file is described above. +Users will place the contents of their +.Pa identity.pub +files into this file, as described in +.Xr ssh-keygen 1 . +.It Pa $HOME/.ssh/authorized_keys2 +Lists the DSA keys that can be used to log into the user's account. +This file must be readable by root (which may on some machines imply +it being world-readable if the user's home directory resides on an NFS +volume). +It is recommended that it not be accessible by others. +The format of this file is described above. +Users will place the contents of their +.Pa id_dsa.pub +files into this file, as described in +.Xr ssh-keygen 1 . .It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" These files are consulted when using rhosts with RSA host authentication to check the public key of the host. @@ -770,7 +863,7 @@ should be world-readable, and .Pa $HOME/.ssh/known_hosts can but need not be world-readable. .It Pa /etc/nologin -If this file exists, +If this file exists, .Nm refuses to let anyone except root log in. The contents of the file @@ -897,6 +990,7 @@ but with bugs removed and newer features re-added. Rapidly after the 1.2.12 release, newer versions of the original ssh bore successively more restrictive licenses, and thus demand for a free version was born. +.Pp This version of OpenSSH .Bl -bullet .It @@ -906,10 +1000,10 @@ directly removed from the source code; any licensed or patented components are chosen from external libraries. .It -has been updated to support ssh protocol 1.5, making it compatible with -all other ssh protocol 1 clients and servers. +has been updated to support SSH protocol 1.5 and 2, making it compatible with +all other SSH clients and servers. .It -contains added support for +contains added support for .Xr kerberos 8 authentication and ticket passing. .It @@ -920,12 +1014,17 @@ supports one-time password authentication with The libraries described in .Xr ssl 8 are required for proper operation. +.Pp +OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl, +Niels Provos, Theo de Raadt, and Dug Song. +.Pp +The support for SSH protocol 2 was written by Markus Friedl. .Sh SEE ALSO -.Xr rlogin 1 , -.Xr rsh 1 , .Xr scp 1 , .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , -.Xr ssl 8 +.Xr ssl 8 , +.Xr rlogin 1 , +.Xr rsh 1 diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index b2b7e90..a0e4e0f 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -8,27 +8,44 @@ * information to/from the application to the user client over an encrypted * connection. This can also handle forwarding of X11, TCP/IP, and authentication * agent connections. - * + * + * SSH2 implementation, + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * * $FreeBSD$ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.94 2000/03/23 22:15:34 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $"); #include "xmalloc.h" #include "rsa.h" #include "ssh.h" #include "pty.h" #include "packet.h" -#include "buffer.h" #include "cipher.h" #include "mpaux.h" #include "servconf.h" #include "uidswap.h" #include "compat.h" +#include "buffer.h" #include <poll.h> #include <time.h> +#include "ssh2.h" +#include <openssl/dh.h> +#include <openssl/bn.h> +#include <openssl/hmac.h> +#include "kex.h" +#include <openssl/dsa.h> +#include <openssl/rsa.h> +#include "key.h" +#include "dsa.h" + +#include "auth.h" +#include "myproposal.h" +#include "authfile.h" + #ifdef LIBWRAP #include <tcpd.h> #include <syslog.h> @@ -36,15 +53,6 @@ int allow_severity = LOG_INFO; int deny_severity = LOG_WARNING; #endif /* LIBWRAP */ -#ifdef __FreeBSD__ -#define LOGIN_CAP -#define _PATH_CHPASS "/usr/bin/passwd" -#endif /* __FreeBSD__ */ - -#ifdef LOGIN_CAP -#include <login_cap.h> -#endif /* LOGIN_CAP */ - #ifndef O_NOCTTY #define O_NOCTTY 0 #endif @@ -56,17 +64,13 @@ krb5_principal tkt_client = NULL; /* Principal from the received ticket. Also is used as an indication of succesful krb5 authentization. */ #endif /* KRB5 */ - -/* Local Xauthority file. */ -static char *xauthfile = NULL; - /* Server configuration options. */ ServerOptions options; /* Name of the server configuration file. */ char *config_file_name = SERVER_CONFIG_FILE; -/* +/* * Flag indicating whether IPv4 or IPv6. This can be set on the command line. * Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -105,21 +109,7 @@ int num_listen_socks = 0; * sshd will skip the version-number exchange */ char *client_version_string = NULL; - -/* Flags set in auth-rsa from authorized_keys flags. These are set in auth-rsa.c. */ -int no_port_forwarding_flag = 0; -int no_agent_forwarding_flag = 0; -int no_x11_forwarding_flag = 0; -int no_pty_flag = 0; - -/* RSA authentication "command=" option. */ -char *forced_command = NULL; - -/* RSA authentication "environment=" options. */ -struct envstring *custom_environment = NULL; - -/* Session id for the current session. */ -unsigned char session_id[16]; +char *server_version_string = NULL; /* * Any really sensitive data in the application is contained in this @@ -130,8 +120,9 @@ unsigned char session_id[16]; * not very useful. Currently, memory locking is not implemented. */ struct { - RSA *private_key; /* Private part of server key. */ + RSA *private_key; /* Private part of empheral server key. */ RSA *host_key; /* Private part of host key. */ + Key *dsa_host_key; /* Private DSA host key. */ } sensitive_data; /* @@ -147,6 +138,13 @@ int received_sighup = 0; the private key. */ RSA *public_key; +/* session identifier, used by RSA-auth */ +unsigned char session_id[16]; + +/* same for ssh2 */ +unsigned char *session_id2 = NULL; +int session_id2_len = 0; + /* These are used to implement connections_per_period. */ struct magic_connection { struct timeval connections_begin; @@ -174,42 +172,8 @@ timevaldiff(struct timeval *tv1, struct timeval *tv2) { } /* Prototypes for various functions defined later in this file. */ -void do_ssh_kex(); -void do_authentication(); -void do_authloop(struct passwd * pw); -void do_fake_authloop(char *user); -void do_authenticated(struct passwd * pw); -void do_exec_pty(const char *command, int ptyfd, int ttyfd, - const char *ttyname, struct passwd * pw, const char *term, - const char *display, const char *auth_proto, - const char *auth_data); -void do_exec_no_pty(const char *command, struct passwd * pw, - const char *display, const char *auth_proto, - const char *auth_data); -void do_child(const char *command, struct passwd * pw, const char *term, - const char *display, const char *auth_proto, - const char *auth_data, const char *ttyname); - -/* - * Remove local Xauthority file. - */ -void -xauthfile_cleanup_proc(void *ignore) -{ - debug("xauthfile_cleanup_proc called"); - - if (xauthfile != NULL) { - char *p; - unlink(xauthfile); - p = strrchr(xauthfile, '/'); - if (p != NULL) { - *p = '\0'; - rmdir(xauthfile); - } - xfree(xauthfile); - xauthfile = NULL; - } -} +void do_ssh1_kex(); +void do_ssh2_kex(); /* * Close all listening sockets @@ -228,7 +192,7 @@ close_listen_socks(void) * the effect is to reread the configuration file (and to regenerate * the server key). */ -void +void sighup_handler(int sig) { received_sighup = 1; @@ -239,7 +203,7 @@ sighup_handler(int sig) * Called from the main program after receiving SIGHUP. * Restarts the server. */ -void +void sighup_restart() { log("Received SIGHUP; restarting."); @@ -254,11 +218,12 @@ sighup_restart() * These close the listen socket; not closing it seems to cause "Address * already in use" problems on some machines, which is inconvenient. */ -void +void sigterm_handler(int sig) { log("Received signal %d; terminating.", sig); close_listen_socks(); + unlink(options.pid_file); exit(255); } @@ -266,7 +231,7 @@ sigterm_handler(int sig) * SIGCHLD handler. This is called whenever a child dies. This will then * reap any zombies left by exited c. */ -void +void main_sigchld_handler(int sig) { int save_errno = errno; @@ -282,7 +247,7 @@ main_sigchld_handler(int sig) /* * Signal handler for the alarm after the login grace period has expired. */ -void +void grace_alarm_handler(int sig) { /* Close the connection. */ @@ -293,46 +258,14 @@ grace_alarm_handler(int sig) } /* - * convert ssh auth msg type into description - */ -char * -get_authname(int type) -{ - static char buf[1024]; - switch (type) { - case SSH_CMSG_AUTH_PASSWORD: - return "password"; - case SSH_CMSG_AUTH_RSA: - return "rsa"; - case SSH_CMSG_AUTH_RHOSTS_RSA: - return "rhosts-rsa"; - case SSH_CMSG_AUTH_RHOSTS: - return "rhosts"; -#ifdef KRB4 - case SSH_CMSG_AUTH_KRB4: - return "kerberosV4"; -#endif -#ifdef KRB5 - case SSH_CMSG_AUTH_KRB5: - return "kerberosV5"; -#endif /* KRB5 */ -#ifdef SKEY - case SSH_CMSG_AUTH_TIS_RESPONSE: - return "s/key"; -#endif - } - snprintf(buf, sizeof buf, "bad-auth-msg-%d", type); - return buf; -} - -/* * Signal handler for the key regeneration alarm. Note that this * alarm only occurs in the daemon waiting for connections, and it does not * do anything with the private key or random state before forking. * Thus there should be no concurrency control/asynchronous execution * problems. */ -void +/* XXX do we really want this work to be done in a signal handler ? -m */ +void key_regeneration_alarm(int sig) { int save_errno = errno; @@ -362,6 +295,155 @@ key_regeneration_alarm(int sig) errno = save_errno; } +char * +chop(char *s) +{ + char *t = s; + while (*t) { + if(*t == '\n' || *t == '\r') { + *t = '\0'; + return s; + } + t++; + } + return s; + +} + +void +sshd_exchange_identification(int sock_in, int sock_out) +{ + int i, mismatch; + int remote_major, remote_minor; + int major, minor; + char *s; + char buf[256]; /* Must not be larger than remote_version. */ + char remote_version[256]; /* Must be at least as big as buf. */ + + if ((options.protocol & SSH_PROTO_1) && + (options.protocol & SSH_PROTO_2)) { + major = PROTOCOL_MAJOR_1; + minor = 99; + } else if (options.protocol & SSH_PROTO_2) { + major = PROTOCOL_MAJOR_2; + minor = PROTOCOL_MINOR_2; + } else { + major = PROTOCOL_MAJOR_1; + minor = PROTOCOL_MINOR_1; + } + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION); + server_version_string = xstrdup(buf); + + if (client_version_string == NULL) { + /* Send our protocol version identification. */ + if (atomicio(write, sock_out, server_version_string, strlen(server_version_string)) + != strlen(server_version_string)) { + log("Could not write ident string to %s.", get_remote_ipaddr()); + fatal_cleanup(); + } + + /* Read other side\'s version identification. */ + for (i = 0; i < sizeof(buf) - 1; i++) { + if (read(sock_in, &buf[i], 1) != 1) { + log("Did not receive ident string from %s.", get_remote_ipaddr()); + fatal_cleanup(); + } + if (buf[i] == '\r') { + buf[i] = '\n'; + buf[i + 1] = 0; + continue; + } + if (buf[i] == '\n') { + /* buf[i] == '\n' */ + buf[i + 1] = 0; + break; + } + } + buf[sizeof(buf) - 1] = 0; + client_version_string = xstrdup(buf); + } + + /* + * Check that the versions match. In future this might accept + * several versions and set appropriate flags to handle them. + */ + if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", + &remote_major, &remote_minor, remote_version) != 3) { + s = "Protocol mismatch.\n"; + (void) atomicio(write, sock_out, s, strlen(s)); + close(sock_in); + close(sock_out); + log("Bad protocol version identification '%.100s' from %s", + client_version_string, get_remote_ipaddr()); + fatal_cleanup(); + } + debug("Client protocol version %d.%d; client software version %.100s", + remote_major, remote_minor, remote_version); + + compat_datafellows(remote_version); + + mismatch = 0; + switch(remote_major) { + case 1: + if (remote_minor == 99) { + if (options.protocol & SSH_PROTO_2) + enable_compat20(); + else + mismatch = 1; + break; + } + if (!(options.protocol & SSH_PROTO_1)) { + mismatch = 1; + break; + } + if (remote_minor < 3) { + packet_disconnect("Your ssh version is too old and" + "is no longer supported. Please install a newer version."); + } else if (remote_minor == 3) { + /* note that this disables agent-forwarding */ + enable_compat13(); + } + break; + case 2: + if (options.protocol & SSH_PROTO_2) { + enable_compat20(); + break; + } + /* FALLTHROUGH */ + default: + mismatch = 1; + break; + } + chop(server_version_string); + chop(client_version_string); + debug("Local version string %.200s", server_version_string); + + if (mismatch) { + s = "Protocol major versions differ.\n"; + (void) atomicio(write, sock_out, s, strlen(s)); + close(sock_in); + close(sock_out); + log("Protocol major versions differ for %s: %.200s vs. %.200s", + get_remote_ipaddr(), + server_version_string, client_version_string); + fatal_cleanup(); + } + if (compat20) + packet_set_ssh2_format(); +} + + +void +destroy_sensitive_data(void) +{ + /* Destroy the private and public keys. They will no longer be needed. */ + RSA_free(public_key); + RSA_free(sensitive_data.private_key); + RSA_free(sensitive_data.host_key); + if (sensitive_data.dsa_host_key != NULL) + key_free(sensitive_data.dsa_host_key); +} + /* * Main program for the daemon. */ @@ -370,23 +452,20 @@ main(int ac, char **av) { extern char *optarg; extern int optind; - int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, pid, on = 1; + int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, on = 1; + pid_t pid; socklen_t fromlen; - int connections_per_period_exceeded = 0; - int remote_major, remote_minor; - int silentrsa = 0; + int silent = 0; fd_set *fdset; struct sockaddr_storage from; - char buf[100]; /* Must not be larger than remote_version. */ - char remote_version[100]; /* Must be at least as big as buf. */ const char *remote_ip; int remote_port; - char *comment; FILE *f; struct linger linger; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; int listen_sock, maxfd; + int connections_per_period_exceeded = 0; /* Save argv[0]. */ saved_argv = av; @@ -418,7 +497,7 @@ main(int ac, char **av) inetd_flag = 1; break; case 'Q': - silentrsa = 1; + silent = 1; break; case 'q': options.log_level = SYSLOG_LEVEL_QUIET; @@ -474,27 +553,14 @@ main(int ac, char **av) log_init(av0, options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, - !inetd_flag); + !silent && !inetd_flag); - /* check if RSA support exists */ - if (rsa_alive() == 0) { - if (silentrsa == 0) - printf("sshd: no RSA support in libssl and libcrypto -- exiting. See ssl(8)\n"); - log("no RSA support in libssl and libcrypto -- exiting. See ssl(8)"); - exit(1); - } /* Read server configuration options from the configuration file. */ read_server_config(&options, config_file_name); /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); - /* Check certain values for sanity. */ - if (options.server_key_bits < 512 || - options.server_key_bits > 32768) { - fprintf(stderr, "Bad server key size.\n"); - exit(1); - } /* Check that there are no remaining arguments. */ if (optind < ac) { fprintf(stderr, "Extra argument %s.\n", av[optind]); @@ -503,26 +569,80 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_VERSION); - sensitive_data.host_key = RSA_new(); - errno = 0; - /* Load the host key. It must have empty passphrase. */ - if (!load_private_key(options.host_key_file, "", - sensitive_data.host_key, &comment)) { - error("Could not load host key: %.200s: %.100s", - options.host_key_file, strerror(errno)); + sensitive_data.dsa_host_key = NULL; + sensitive_data.host_key = NULL; + + /* check if RSA support exists */ + if ((options.protocol & SSH_PROTO_1) && + rsa_alive() == 0) { + log("no RSA support in libssl and libcrypto. See ssl(8)"); + log("Disabling protocol version 1"); + options.protocol &= ~SSH_PROTO_1; + } + /* Load the RSA/DSA host key. It must have empty passphrase. */ + if (options.protocol & SSH_PROTO_1) { + Key k; + sensitive_data.host_key = RSA_new(); + k.type = KEY_RSA; + k.rsa = sensitive_data.host_key; + errno = 0; + if (!load_private_key(options.host_key_file, "", &k, NULL)) { + error("Could not load host key: %.200s: %.100s", + options.host_key_file, strerror(errno)); + log("Disabling protocol version 1"); + options.protocol &= ~SSH_PROTO_1; + } + k.rsa = NULL; + } + if (options.protocol & SSH_PROTO_2) { + sensitive_data.dsa_host_key = key_new(KEY_DSA); + if (!load_private_key(options.host_dsa_key_file, "", sensitive_data.dsa_host_key, NULL)) { + + error("Could not load DSA host key: %.200s", options.host_dsa_key_file); + log("Disabling protocol version 2"); + options.protocol &= ~SSH_PROTO_2; + } + } + if (! options.protocol & (SSH_PROTO_1|SSH_PROTO_2)) { + if (silent == 0) + fprintf(stderr, "sshd: no hostkeys available -- exiting.\n"); + log("sshd: no hostkeys available -- exiting.\n"); exit(1); } - xfree(comment); - /* Initialize the log (it is reinitialized below in case we - forked). */ + /* Check certain values for sanity. */ + if (options.protocol & SSH_PROTO_1) { + if (options.server_key_bits < 512 || + options.server_key_bits > 32768) { + fprintf(stderr, "Bad server key size.\n"); + exit(1); + } + /* + * Check that server and host key lengths differ sufficiently. This + * is necessary to make double encryption work with rsaref. Oh, I + * hate software patents. I dont know if this can go? Niels + */ + if (options.server_key_bits > + BN_num_bits(sensitive_data.host_key->n) - SSH_KEY_BITS_RESERVED && + options.server_key_bits < + BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) { + options.server_key_bits = + BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED; + debug("Forcing server key to %d bits to make it differ from host key.", + options.server_key_bits); + } + } + + /* Initialize the log (it is reinitialized below in case we forked). */ if (debug_flag && !inetd_flag) log_stderr = 1; log_init(av0, options.log_level, options.log_facility, log_stderr); - /* If not in debugging mode, and not started from inetd, - disconnect from the controlling terminal, and fork. The - original process exits. */ + /* + * If not in debugging mode, and not started from inetd, disconnect + * from the controlling terminal, and fork. The original process + * exits. + */ if (!debug_flag && !inetd_flag) { #ifdef TIOCNOTTY int fd; @@ -542,18 +662,6 @@ main(int ac, char **av) /* Reinitialize the log (because of the fork above). */ log_init(av0, options.log_level, options.log_facility, log_stderr); - /* Check that server and host key lengths differ sufficiently. - This is necessary to make double encryption work with rsaref. - Oh, I hate software patents. I dont know if this can go? Niels */ - if (options.server_key_bits > - BN_num_bits(sensitive_data.host_key->n) - SSH_KEY_BITS_RESERVED && - options.server_key_bits < - BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) { - options.server_key_bits = - BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED; - debug("Forcing server key to %d bits to make it differ from host key.", - options.server_key_bits); - } /* Do not display messages to stdout in RSA code. */ rsa_set_verbose(0); @@ -571,19 +679,22 @@ main(int ac, char **av) s2 = dup(s1); sock_in = dup(0); sock_out = dup(1); - /* We intentionally do not close the descriptors 0, 1, and 2 - as our code for setting the descriptors won\'t work - if ttyfd happens to be one of those. */ + /* + * We intentionally do not close the descriptors 0, 1, and 2 + * as our code for setting the descriptors won\'t work if + * ttyfd happens to be one of those. + */ debug("inetd sockets after dupping: %d, %d", sock_in, sock_out); - public_key = RSA_new(); - sensitive_data.private_key = RSA_new(); - - log("Generating %d bit RSA key.", options.server_key_bits); - rsa_generate_key(sensitive_data.private_key, public_key, - options.server_key_bits); - arc4random_stir(); - log("RSA key generation complete."); + if (options.protocol & SSH_PROTO_1) { + public_key = RSA_new(); + sensitive_data.private_key = RSA_new(); + log("Generating %d bit RSA key.", options.server_key_bits); + rsa_generate_key(sensitive_data.private_key, public_key, + options.server_key_bits); + arc4random_stir(); + log("RSA key generation complete."); + } } else { for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) @@ -653,25 +764,26 @@ main(int ac, char **av) * fail if there already is a daemon, and this will * overwrite any old pid in the file. */ - f = fopen(SSH_DAEMON_PID_FILE, "w"); + f = fopen(options.pid_file, "w"); if (f) { fprintf(f, "%u\n", (unsigned int) getpid()); fclose(f); } } + if (options.protocol & SSH_PROTO_1) { + public_key = RSA_new(); + sensitive_data.private_key = RSA_new(); - public_key = RSA_new(); - sensitive_data.private_key = RSA_new(); - - log("Generating %d bit RSA key.", options.server_key_bits); - rsa_generate_key(sensitive_data.private_key, public_key, - options.server_key_bits); - arc4random_stir(); - log("RSA key generation complete."); + log("Generating %d bit RSA key.", options.server_key_bits); + rsa_generate_key(sensitive_data.private_key, public_key, + options.server_key_bits); + arc4random_stir(); + log("RSA key generation complete."); - /* Schedule server key regeneration alarm. */ - signal(SIGALRM, key_regeneration_alarm); - alarm(options.key_regeneration_time); + /* Schedule server key regeneration alarm. */ + signal(SIGALRM, key_regeneration_alarm); + alarm(options.key_regeneration_time); + } /* Arrange to restart on SIGHUP. The handler needs listen_sock. */ signal(SIGHUP, sighup_handler); @@ -686,8 +798,8 @@ main(int ac, char **av) for (i = 0; i < num_listen_socks; i++) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; - fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask); - fdset = (fd_set *)xmalloc(fdsetsz); + fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask); + fdset = (fd_set *)xmalloc(fdsetsz); /* Initialize the magic_connections table. It's magical! */ magic_connections = calloc(MAGIC_CONNECTIONS_SIZE, @@ -874,73 +986,7 @@ main(int ac, char **av) if (!debug_flag) alarm(options.login_grace_time); - if (client_version_string != NULL) { - /* we are exec'ed by sshd2, so skip exchange of protocol version */ - strlcpy(buf, client_version_string, sizeof(buf)); - } else { - /* Send our protocol version identification. */ - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", - PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); - if (atomicio(write, sock_out, buf, strlen(buf)) != strlen(buf)) { - log("Could not write ident string to %s.", remote_ip); - fatal_cleanup(); - } - - /* Read other side\'s version identification. */ - for (i = 0; i < sizeof(buf) - 1; i++) { - if (read(sock_in, &buf[i], 1) != 1) { - log("Did not receive ident string from %s.", remote_ip); - fatal_cleanup(); - } - if (buf[i] == '\r') { - buf[i] = '\n'; - buf[i + 1] = 0; - break; - } - if (buf[i] == '\n') { - /* buf[i] == '\n' */ - buf[i + 1] = 0; - break; - } - } - buf[sizeof(buf) - 1] = 0; - } - - /* - * Check that the versions match. In future this might accept - * several versions and set appropriate flags to handle them. - */ - if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, - remote_version) != 3) { - char *s = "Protocol mismatch.\n"; - - (void) atomicio(write, sock_out, s, strlen(s)); - close(sock_in); - close(sock_out); - log("Bad protocol version identification '%.100s' from %s", - buf, remote_ip); - fatal_cleanup(); - } - debug("Client protocol version %d.%d; client software version %.100s", - remote_major, remote_minor, remote_version); - if (remote_major != PROTOCOL_MAJOR) { - char *s = "Protocol major versions differ.\n"; - - (void) atomicio(write, sock_out, s, strlen(s)); - close(sock_in); - close(sock_out); - log("Protocol major versions differ for %s: %d vs. %d", - remote_ip, PROTOCOL_MAJOR, remote_major); - fatal_cleanup(); - } - /* Check that the client has sufficiently high software version. */ - if (remote_major == 1 && remote_minor < 3) - packet_disconnect("Your ssh version is too old and is no longer supported. Please install a newer version."); - - if (remote_major == 1 && remote_minor == 3) { - /* note that this disables agent-forwarding */ - enable_compat13(); - } + sshd_exchange_identification(sock_in, sock_out); /* * Check that the connection comes from a privileged port. Rhosts- * and Rhosts-RSA-Authentication only make sense from priviledged @@ -964,10 +1010,14 @@ main(int ac, char **av) packet_set_nonblocking(); /* perform the key exchange */ - do_ssh_kex(); - /* authenticate user and start session */ - do_authentication(); + if (compat20) { + do_ssh2_kex(); + do_authentication2(); + } else { + do_ssh1_kex(); + do_authentication(); + } #ifdef KRB4 /* Cleanup user's ticket cache file. */ @@ -975,10 +1025,6 @@ main(int ac, char **av) (void) dest_tkt(); #endif /* KRB4 */ - /* Cleanup user's local Xauthority file. */ - if (xauthfile) - xauthfile_cleanup_proc(NULL); - /* The connection has been terminated. */ verbose("Closing connection to %.100s", remote_ip); packet_close(); @@ -989,7 +1035,7 @@ main(int ac, char **av) * SSH1 key exchange */ void -do_ssh_kex() +do_ssh1_kex() { int i, len; int plen, slen; @@ -1038,7 +1084,7 @@ do_ssh_kex() packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN); /* Declare which ciphers we support. */ - packet_put_int(cipher_mask()); + packet_put_int(cipher_mask1()); /* Declare supported authentication types. */ auth_mask = 0; @@ -1089,7 +1135,7 @@ do_ssh_kex() /* Get cipher type and check whether we accept this. */ cipher_type = packet_get_char(); - if (!(cipher_mask() & (1 << cipher_type))) + if (!(cipher_mask() & (1 << cipher_type))) packet_disconnect("Warning: client selects unsupported cipher."); /* Get check bytes from the packet. These must match those we @@ -1148,9 +1194,7 @@ do_ssh_kex() sensitive_data.private_key->n); /* Destroy the private and public keys. They will no longer be needed. */ - RSA_free(public_key); - RSA_free(sensitive_data.private_key); - RSA_free(sensitive_data.host_key); + destroy_sensitive_data(); /* * Extract session key from the decrypted integer. The key is in the @@ -1187,1818 +1231,196 @@ do_ssh_kex() packet_write_wait(); } - /* - * Check if the user is allowed to log in via ssh. If user is listed in - * DenyUsers or user's primary group is listed in DenyGroups, false will - * be returned. If AllowUsers isn't empty and user isn't listed there, or - * if AllowGroups isn't empty and user isn't listed there, false will be - * returned. - * If the user's shell is not executable, false will be returned. - * Otherwise true is returned. + * SSH2 key exchange: diffie-hellman-group1-sha1 */ -static int -allowed_user(struct passwd * pw) +void +do_ssh2_kex() { - struct stat st; - struct group *grp; + Buffer *server_kexinit; + Buffer *client_kexinit; + int payload_len, dlen; + int slen; + unsigned int klen, kout; + char *ptr; + unsigned char *signature = NULL; + unsigned char *server_host_key_blob = NULL; + unsigned int sbloblen; + DH *dh; + BIGNUM *dh_client_pub = 0; + BIGNUM *shared_secret = 0; int i; + unsigned char *kbuf; + unsigned char *hash; + Kex *kex; + char *cprop[PROPOSAL_MAX]; + char *sprop[PROPOSAL_MAX]; - /* Shouldn't be called if pw is NULL, but better safe than sorry... */ - if (!pw) - return 0; - - /* deny if shell does not exists or is not executable */ - if (stat(pw->pw_shell, &st) != 0) - return 0; - if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) - return 0; - - /* Return false if user is listed in DenyUsers */ - if (options.num_deny_users > 0) { - if (!pw->pw_name) - return 0; - for (i = 0; i < options.num_deny_users; i++) - if (match_pattern(pw->pw_name, options.deny_users[i])) - return 0; - } - /* Return false if AllowUsers isn't empty and user isn't listed there */ - if (options.num_allow_users > 0) { - if (!pw->pw_name) - return 0; - for (i = 0; i < options.num_allow_users; i++) - if (match_pattern(pw->pw_name, options.allow_users[i])) - break; - /* i < options.num_allow_users iff we break for loop */ - if (i >= options.num_allow_users) - return 0; - } - /* Get the primary group name if we need it. Return false if it fails */ - if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { - grp = getgrgid(pw->pw_gid); - if (!grp) - return 0; - - /* Return false if user's group is listed in DenyGroups */ - if (options.num_deny_groups > 0) { - if (!grp->gr_name) - return 0; - for (i = 0; i < options.num_deny_groups; i++) - if (match_pattern(grp->gr_name, options.deny_groups[i])) - return 0; - } - /* - * Return false if AllowGroups isn't empty and user's group - * isn't listed there - */ - if (options.num_allow_groups > 0) { - if (!grp->gr_name) - return 0; - for (i = 0; i < options.num_allow_groups; i++) - if (match_pattern(grp->gr_name, options.allow_groups[i])) - break; - /* i < options.num_allow_groups iff we break for - loop */ - if (i >= options.num_allow_groups) - return 0; - } - } -#ifndef __FreeBSD__ /* FreeBSD handle it later */ - /* Fail if the account's expiration time has passed. */ - if (pw->pw_expire != 0) { - struct timeval tv; - - (void)gettimeofday(&tv, NULL); - if (tv.tv_sec >= pw->pw_expire) - return 0; - } -#endif /* !__FreeBSD__ */ - /* We found no reason not to let this user try to log on... */ - return 1; -} - -/* - * Performs authentication of an incoming connection. Session key has already - * been exchanged and encryption is enabled. - */ -void -do_authentication() -{ - struct passwd *pw, pwcopy; - int plen; - unsigned int ulen; - char *user; -#ifdef LOGIN_CAP - login_cap_t *lc; -#endif /* LOGIN_CAP */ -#if defined(LOGIN_CAP) || defined(LOGIN_ACCESS) - const char *from_host, *from_ip; +/* KEXINIT */ - from_host = get_canonical_hostname(); - from_ip = get_remote_ipaddr(); -#endif /* LOGIN_CAP || LOGIN_ACCESS */ + if (options.ciphers != NULL) { + myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; + } - /* Get the name of the user that we wish to log in as. */ - packet_read_expect(&plen, SSH_CMSG_USER); + debug("Sending KEX init."); - /* Get the user name. */ - user = packet_get_string(&ulen); - packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER); + for (i = 0; i < PROPOSAL_MAX; i++) + sprop[i] = xstrdup(myproposal[i]); + server_kexinit = kex_init(sprop); + packet_start(SSH2_MSG_KEXINIT); + packet_put_raw(buffer_ptr(server_kexinit), buffer_len(server_kexinit)); + packet_send(); + packet_write_wait(); - setproctitle("%s", user); + debug("done"); -#ifdef AFS - /* If machine has AFS, set process authentication group. */ - if (k_hasafs()) { - k_setpag(); - k_unlog(); - } -#endif /* AFS */ - - /* Verify that the user is a valid user. */ - pw = getpwnam(user); - if (!pw || !allowed_user(pw)) - do_fake_authloop(user); - xfree(user); - - /* Take a copy of the returned structure. */ - memset(&pwcopy, 0, sizeof(pwcopy)); - pwcopy.pw_name = xstrdup(pw->pw_name); - pwcopy.pw_passwd = xstrdup(pw->pw_passwd); - pwcopy.pw_uid = pw->pw_uid; - pwcopy.pw_gid = pw->pw_gid; - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_expire = pw->pw_expire; - pwcopy.pw_change = pw->pw_change; - pw = &pwcopy; + packet_read_expect(&payload_len, SSH2_MSG_KEXINIT); /* - * If we are not running as root, the user must have the same uid as - * the server. + * save raw KEXINIT payload in buffer. this is used during + * computation of the session_id and the session keys. */ - if (getuid() != 0 && pw->pw_uid != getuid()) - packet_disconnect("Cannot change user when server not running as root."); - - debug("Attempting authentication for %.100s.", pw->pw_name); - - /* If the user has no password, accept authentication immediately. */ - if (options.password_authentication && -#ifdef KRB5 - !options.krb5_authentication && -#endif /* KRB5 */ -#ifdef KRB4 - (!options.krb4_authentication || options.krb4_or_local_passwd) && -#endif /* KRB4 */ - auth_password(pw, "")) { - /* Authentication with empty password succeeded. */ - log("Login for user %s from %.100s, accepted without authentication.", - pw->pw_name, get_remote_ipaddr()); - } else { - /* Loop until the user has been authenticated or the - connection is closed, do_authloop() returns only if - authentication is successfull */ - do_authloop(pw); - } + client_kexinit = xmalloc(sizeof(*client_kexinit)); + buffer_init(client_kexinit); + ptr = packet_get_raw(&payload_len); + buffer_append(client_kexinit, ptr, payload_len); - /* Check if the user is logging in as root and root logins are disallowed. */ - if (pw->pw_uid == 0 && !options.permit_root_login) { - if (forced_command) - log("Root login accepted for forced command."); - else - packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", - get_canonical_hostname()); + /* skip cookie */ + for (i = 0; i < 16; i++) + (void) packet_get_char(); + /* save kex init proposal strings */ + for (i = 0; i < PROPOSAL_MAX; i++) { + cprop[i] = packet_get_string(NULL); + debug("got kexinit string: %s", cprop[i]); } -#ifdef LOGIN_CAP - lc = login_getpwclass(pw); - if (lc == NULL) - lc = login_getclassbyname(NULL, pw); - if (!auth_hostok(lc, from_host, from_ip)) { - log("Denied connection for %.200s from %.200s [%.200s].", - pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } - if (!auth_timeok(lc, time(NULL))) { - log("LOGIN %.200s REFUSED (TIME) FROM %.200s", - pw->pw_name, from_host); - packet_disconnect("Logins not available right now."); - } - login_close(lc); -#endif /* LOGIN_CAP */ -#ifdef LOGIN_ACCESS - if (!login_access(pw->pw_name, from_host)) { - log("Denied connection for %.200s from %.200s [%.200s].", - pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } -#endif /* LOGIN_ACCESS */ + i = (int) packet_get_char(); + debug("first kex follow == %d", i); + i = packet_get_int(); + debug("reserved == %d", i); - if (pw->pw_uid == 0) - log("ROOT LOGIN as '%.100s' from %.100s", - pw->pw_name, get_canonical_hostname()); + debug("done read kexinit"); + kex = kex_choose_conf(cprop, sprop, 1); - /* The user has been authenticated and accepted. */ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); +/* KEXDH */ - /* Perform session preparation. */ - do_authenticated(pw); -} + debug("Wait SSH2_MSG_KEXDH_INIT."); + packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT); -#define AUTH_FAIL_MAX 6 -#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) -#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" + /* key, cert */ + dh_client_pub = BN_new(); + if (dh_client_pub == NULL) + fatal("dh_client_pub == NULL"); + packet_get_bignum2(dh_client_pub, &dlen); -/* - * read packets and try to authenticate local user *pw. - * return if authentication is successfull - */ -void -do_authloop(struct passwd * pw) -{ - int attempt = 0; - unsigned int bits; - RSA *client_host_key; - BIGNUM *n; - char *client_user, *password; - char user[1024]; - unsigned int dlen; - int plen, nlen, elen; - unsigned int ulen; - int type = 0; - void (*authlog) (const char *fmt,...) = verbose; -#ifdef HAVE_LIBPAM - int pam_retval; -#endif /* HAVE_LIBPAM */ -#if 0 -#ifdef KRB5 - { - krb5_error_code ret; - - ret = krb5_init_context(&ssh_context); - if (ret) - verbose("Error while initializing Kerberos V5."); - krb5_init_ets(ssh_context); - - } -#endif /* KRB5 */ +#ifdef DEBUG_KEXDH + fprintf(stderr, "\ndh_client_pub= "); + bignum_print(dh_client_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_client_pub)); #endif - /* Indicate that authentication is needed. */ - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - - for (attempt = 1;; attempt++) { - int authenticated = 0; - strlcpy(user, "", sizeof user); - - /* Get a packet from the client. */ - type = packet_read(&plen); - - /* Process the packet. */ - switch (type) { -#ifdef AFS - case SSH_CMSG_HAVE_KRB4_TGT: - if (!options.krb4_tgt_passing) { - /* packet_get_all(); */ - verbose("Kerberos v4 tgt passing disabled."); - break; - } else { - /* Accept Kerberos v4 tgt. */ - char *tgt = packet_get_string(&dlen); - packet_integrity_check(plen, 4 + dlen, type); - if (!auth_krb4_tgt(pw, tgt)) - verbose("Kerberos v4 tgt REFUSED for %s", pw->pw_name); - xfree(tgt); - } - continue; - - case SSH_CMSG_HAVE_AFS_TOKEN: - if (!options.afs_token_passing || !k_hasafs()) { - /* packet_get_all(); */ - verbose("AFS token passing disabled."); - break; - } else { - /* Accept AFS token. */ - char *token_string = packet_get_string(&dlen); - packet_integrity_check(plen, 4 + dlen, type); - if (!auth_afs_token(pw, token_string)) - verbose("AFS token REFUSED for %s", pw->pw_name); - xfree(token_string); - } - continue; -#endif /* AFS */ -#ifdef KRB4 - case SSH_CMSG_AUTH_KRB4: - if (!options.krb4_authentication) { - /* packet_get_all(); */ - verbose("Kerberos v4 authentication disabled."); - break; - } else { - /* Try Kerberos v4 authentication. */ - KTEXT_ST auth; - char *tkt_user = NULL; - char *kdata = packet_get_string((unsigned int *) &auth.length); - packet_integrity_check(plen, 4 + auth.length, type); - - if (auth.length < MAX_KTXT_LEN) - memcpy(auth.dat, kdata, auth.length); - xfree(kdata); - - authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user); - - if (authenticated) { - snprintf(user, sizeof user, " tktuser %s", tkt_user); - xfree(tkt_user); - } - } - break; -#endif /* KRB4 */ -#ifdef KRB5 - case SSH_CMSG_AUTH_KRB5: - if (!options.krb5_authentication) { - verbose("Kerberos v5 authentication disabled."); - break; - } else { - krb5_data k5data; -#if 0 - if (krb5_init_context(&ssh_context)) { - verbose("Error while initializing Kerberos V5."); - break; - } - krb5_init_ets(ssh_context); + /* generate DH key */ + dh = dh_new_group1(); /* XXX depends on 'kex' */ + +#ifdef DEBUG_KEXDH + fprintf(stderr, "\np= "); + bignum_print(dh->p); + fprintf(stderr, "\ng= "); + bignum_print(dh->g); + fprintf(stderr, "\npub= "); + bignum_print(dh->pub_key); + fprintf(stderr, "\n"); #endif - - k5data.data = packet_get_string(&k5data.length); - packet_integrity_check(plen, 4 + k5data.length, type); - if (auth_krb5(pw->pw_name, &k5data, &tkt_client)) { - /* pw->name is passed just for logging purposes - * */ - /* authorize client against .k5login */ - if (krb5_kuserok(ssh_context, - tkt_client, - pw->pw_name)) - authenticated = 1; - } - xfree(k5data.data); - } - break; -#endif /* KRB5 */ - - case SSH_CMSG_AUTH_RHOSTS: - if (!options.rhosts_authentication) { - verbose("Rhosts authentication disabled."); - break; - } - /* - * Get client user name. Note that we just have to - * trust the client; this is one reason why rhosts - * authentication is insecure. (Another is - * IP-spoofing on a local network.) - */ - client_user = packet_get_string(&ulen); - packet_integrity_check(plen, 4 + ulen, type); - - /* Try to authenticate using /etc/hosts.equiv and - .rhosts. */ - authenticated = auth_rhosts(pw, client_user); - - snprintf(user, sizeof user, " ruser %s", client_user); - xfree(client_user); - break; - - case SSH_CMSG_AUTH_RHOSTS_RSA: - if (!options.rhosts_rsa_authentication) { - verbose("Rhosts with RSA authentication disabled."); - break; - } - /* - * Get client user name. Note that we just have to - * trust the client; root on the client machine can - * claim to be any user. - */ - client_user = packet_get_string(&ulen); - - /* Get the client host key. */ - client_host_key = RSA_new(); - if (client_host_key == NULL) - fatal("RSA_new failed"); - client_host_key->e = BN_new(); - client_host_key->n = BN_new(); - if (client_host_key->e == NULL || client_host_key->n == NULL) - fatal("BN_new failed"); - bits = packet_get_int(); - packet_get_bignum(client_host_key->e, &elen); - packet_get_bignum(client_host_key->n, &nlen); - - if (bits != BN_num_bits(client_host_key->n)) - error("Warning: keysize mismatch for client_host_key: " - "actual %d, announced %d", BN_num_bits(client_host_key->n), bits); - packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); - - authenticated = auth_rhosts_rsa(pw, client_user, client_host_key); - RSA_free(client_host_key); - - snprintf(user, sizeof user, " ruser %s", client_user); - xfree(client_user); - break; - - case SSH_CMSG_AUTH_RSA: - if (!options.rsa_authentication) { - verbose("RSA authentication disabled."); - break; - } - /* RSA authentication requested. */ - n = BN_new(); - packet_get_bignum(n, &nlen); - packet_integrity_check(plen, nlen, type); - authenticated = auth_rsa(pw, n); - BN_clear_free(n); - break; - - case SSH_CMSG_AUTH_PASSWORD: - if (!options.password_authentication) { - verbose("Password authentication disabled."); - break; - } - /* - * Read user password. It is in plain text, but was - * transmitted over the encrypted channel so it is - * not visible to an outside observer. - */ - password = packet_get_string(&dlen); - packet_integrity_check(plen, 4 + dlen, type); - - /* Try authentication with the password. */ - authenticated = auth_password(pw, password); - - memset(password, 0, strlen(password)); - xfree(password); - break; - -#ifdef SKEY - case SSH_CMSG_AUTH_TIS: - debug("rcvd SSH_CMSG_AUTH_TIS"); - if (options.skey_authentication == 1) { - char *skeyinfo = skey_keyinfo(pw->pw_name); - if (skeyinfo == NULL) { - debug("generating fake skeyinfo for %.100s.", pw->pw_name); - skeyinfo = skey_fake_keyinfo(pw->pw_name); - } - if (skeyinfo != NULL) { - /* we send our s/key- in tis-challenge messages */ - debug("sending challenge '%s'", skeyinfo); - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_string(skeyinfo, strlen(skeyinfo)); - packet_send(); - packet_write_wait(); - continue; - } - } - break; - case SSH_CMSG_AUTH_TIS_RESPONSE: - debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); - if (options.skey_authentication == 1) { - char *response = packet_get_string(&dlen); - debug("skey response == '%s'", response); - packet_integrity_check(plen, 4 + dlen, type); - authenticated = (skey_haskey(pw->pw_name) == 0 && - skey_passcheck(pw->pw_name, response) != -1); - xfree(response); - } - break; -#else - case SSH_CMSG_AUTH_TIS: - /* TIS Authentication is unsupported */ - log("TIS authentication unsupported."); - break; + if (!dh_pub_is_valid(dh, dh_client_pub)) + packet_disconnect("bad client public DH value"); + + klen = DH_size(dh); + kbuf = xmalloc(klen); + kout = DH_compute_key(kbuf, dh_client_pub, dh); + +#ifdef DEBUG_KEXDH + debug("shared secret: len %d/%d", klen, kout); + fprintf(stderr, "shared secret == "); + for (i = 0; i< kout; i++) + fprintf(stderr, "%02x", (kbuf[i])&0xff); + fprintf(stderr, "\n"); #endif + shared_secret = BN_new(); + + BN_bin2bn(kbuf, kout, shared_secret); + memset(kbuf, 0, klen); + xfree(kbuf); + + /* XXX precompute? */ + dsa_make_key_blob(sensitive_data.dsa_host_key, &server_host_key_blob, &sbloblen); + + /* calc H */ /* XXX depends on 'kex' */ + hash = kex_hash( + client_version_string, + server_version_string, + buffer_ptr(client_kexinit), buffer_len(client_kexinit), + buffer_ptr(server_kexinit), buffer_len(server_kexinit), + (char *)server_host_key_blob, sbloblen, + dh_client_pub, + dh->pub_key, + shared_secret + ); + buffer_free(client_kexinit); + buffer_free(server_kexinit); + xfree(client_kexinit); + xfree(server_kexinit); +#ifdef DEBUG_KEXDH + fprintf(stderr, "hash == "); + for (i = 0; i< 20; i++) + fprintf(stderr, "%02x", (hash[i])&0xff); + fprintf(stderr, "\n"); +#endif + /* save session id := H */ + /* XXX hashlen depends on KEX */ + session_id2_len = 20; + session_id2 = xmalloc(session_id2_len); + memcpy(session_id2, hash, session_id2_len); + + /* sign H */ + /* XXX hashlen depends on KEX */ + dsa_sign(sensitive_data.dsa_host_key, &signature, &slen, hash, 20); + + destroy_sensitive_data(); + + /* send server hostkey, DH pubkey 'f' and singed H */ + packet_start(SSH2_MSG_KEXDH_REPLY); + packet_put_string((char *)server_host_key_blob, sbloblen); + packet_put_bignum2(dh->pub_key); /* f */ + packet_put_string((char *)signature, slen); + packet_send(); + xfree(signature); + xfree(server_host_key_blob); + packet_write_wait(); - default: - /* - * Any unknown messages will be ignored (and failure - * returned) during authentication. - */ - log("Unknown message during authentication: type %d", type); - break; - } - - /* - * Check if the user is logging in as root and root logins - * are disallowed. - * Note that root login is allowed for forced commands. - */ - if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { - if (forced_command) { - log("Root login accepted for forced command."); - } else { - authenticated = 0; - log("ROOT LOGIN REFUSED FROM %.200s", - get_canonical_hostname()); - } - } + kex_derive_keys(kex, hash, shared_secret); + packet_set_kex(kex); - /* Raise logging level */ - if (authenticated || - attempt == AUTH_FAIL_LOG || - type == SSH_CMSG_AUTH_PASSWORD) - authlog = log; - - authlog("%s %s for %.200s from %.200s port %d%s", - authenticated ? "Accepted" : "Failed", - get_authname(type), - pw->pw_uid == 0 ? "ROOT" : pw->pw_name, - get_remote_ipaddr(), - get_remote_port(), - user); - - if (authenticated) - return; - - if (attempt > AUTH_FAIL_MAX) - packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); - - /* Send a message indicating that the authentication attempt failed. */ - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - } -} + /* have keys, free DH */ + DH_free(dh); -/* - * The user does not exist or access is denied, - * but fake indication that authentication is needed. - */ -void -do_fake_authloop(char *user) -{ - int attempt = 0; + debug("send SSH2_MSG_NEWKEYS."); + packet_start(SSH2_MSG_NEWKEYS); + packet_send(); + packet_write_wait(); + debug("done: send SSH2_MSG_NEWKEYS."); - log("Faking authloop for illegal user %.200s from %.200s port %d", - user, - get_remote_ipaddr(), - get_remote_port()); + debug("Wait SSH2_MSG_NEWKEYS."); + packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS); + debug("GOT SSH2_MSG_NEWKEYS."); - /* Indicate that authentication is needed. */ - packet_start(SSH_SMSG_FAILURE); +#ifdef DEBUG_KEXDH + /* send 1st encrypted/maced/compressed message */ + packet_start(SSH2_MSG_IGNORE); + packet_put_cstring("markus"); packet_send(); packet_write_wait(); - - /* - * Keep reading packets, and always respond with a failure. This is - * to avoid disclosing whether such a user really exists. - */ - for (attempt = 1;; attempt++) { - /* Read a packet. This will not return if the client disconnects. */ - int plen; - int type = packet_read(&plen); -#ifdef SKEY - unsigned int dlen; - char *password, *skeyinfo; - /* Try to send a fake s/key challenge. */ - if (options.skey_authentication == 1 && - (skeyinfo = skey_fake_keyinfo(user)) != NULL) { - password = NULL; - if (type == SSH_CMSG_AUTH_TIS) { - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_string(skeyinfo, strlen(skeyinfo)); - packet_send(); - packet_write_wait(); - continue; - } else if (type == SSH_CMSG_AUTH_PASSWORD && - options.password_authentication && - (password = packet_get_string(&dlen)) != NULL && - dlen == 5 && - strncasecmp(password, "s/key", 5) == 0 ) { - packet_send_debug(skeyinfo); - } - if (password != NULL) - xfree(password); - } #endif - if (attempt > AUTH_FAIL_MAX) - packet_disconnect(AUTH_FAIL_MSG, user); - - /* - * Send failure. This should be indistinguishable from a - * failed authentication. - */ - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - } - /* NOTREACHED */ - abort(); -} - -struct pty_cleanup_context { - const char *ttyname; - int pid; -}; - -/* - * Function to perform cleanup if we get aborted abnormally (e.g., due to a - * dropped connection). - */ -void -pty_cleanup_proc(void *context) -{ - struct pty_cleanup_context *cu = context; - - debug("pty_cleanup_proc called"); - - /* Record that the user has logged out. */ - record_logout(cu->pid, cu->ttyname); - - /* Release the pseudo-tty. */ - pty_release(cu->ttyname); -} - -/* simple cleanup: chown tty slave back to root */ -static void -pty_release_proc(void *tty) -{ - char *ttyname = tty; - pty_release(ttyname); -} - -/* - * Prepares for an interactive session. This is called after the user has - * been successfully authenticated. During this message exchange, pseudo - * terminals are allocated, X11, TCP/IP, and authentication agent forwardings - * are requested, etc. - */ -void -do_authenticated(struct passwd * pw) -{ - int type; - int compression_level = 0, enable_compression_after_reply = 0; - int have_pty = 0, ptyfd = -1, ttyfd = -1; - int row, col, xpixel, ypixel, screen; - char ttyname[64]; - char *command, *term = NULL, *display = NULL, *proto = NULL, *data = NULL; - int plen; - unsigned int dlen; - int n_bytes; - - /* - * Cancel the alarm we set to limit the time taken for - * authentication. - */ - alarm(0); - - /* - * Inform the channel mechanism that we are the server side and that - * the client may request to connect to any port at all. (The user - * could do it anyway, and we wouldn\'t know what is permitted except - * by the client telling us, so we can equally well trust the client - * not to request anything bogus.) - */ - if (!no_port_forwarding_flag) - channel_permit_all_opens(); - - /* - * We stay in this loop until the client requests to execute a shell - * or a command. - */ - while (1) { - - /* Get a packet from the client. */ - type = packet_read(&plen); - - /* Process the packet. */ - switch (type) { - case SSH_CMSG_REQUEST_COMPRESSION: - packet_integrity_check(plen, 4, type); - compression_level = packet_get_int(); - if (compression_level < 1 || compression_level > 9) { - packet_send_debug("Received illegal compression level %d.", - compression_level); - goto fail; - } - /* Enable compression after we have responded with SUCCESS. */ - enable_compression_after_reply = 1; - break; - - case SSH_CMSG_REQUEST_PTY: - if (no_pty_flag) { - debug("Allocating a pty not permitted for this authentication."); - goto fail; - } - if (have_pty) - packet_disconnect("Protocol error: you already have a pty."); - - debug("Allocating pty."); - - /* Allocate a pty and open it. */ - if (!pty_allocate(&ptyfd, &ttyfd, ttyname, - sizeof(ttyname))) { - error("Failed to allocate pty."); - goto fail; - } - fatal_add_cleanup(pty_release_proc, (void *)ttyname); - pty_setowner(pw, ttyname); - - /* Get TERM from the packet. Note that the value may be of arbitrary length. */ - term = packet_get_string(&dlen); - packet_integrity_check(dlen, strlen(term), type); - - /* Remaining bytes */ - n_bytes = plen - (4 + dlen + 4 * 4); - - if (strcmp(term, "") == 0) { - xfree(term); - term = NULL; - } - - /* Get window size from the packet. */ - row = packet_get_int(); - col = packet_get_int(); - xpixel = packet_get_int(); - ypixel = packet_get_int(); - pty_change_window_size(ptyfd, row, col, xpixel, ypixel); - - /* Get tty modes from the packet. */ - tty_parse_modes(ttyfd, &n_bytes); - packet_integrity_check(plen, 4 + dlen + 4 * 4 + n_bytes, type); - - /* Indicate that we now have a pty. */ - have_pty = 1; - break; - - case SSH_CMSG_X11_REQUEST_FORWARDING: - if (!options.x11_forwarding) { - packet_send_debug("X11 forwarding disabled in server configuration file."); - goto fail; - } -#ifdef XAUTH_PATH - if (no_x11_forwarding_flag) { - packet_send_debug("X11 forwarding not permitted for this authentication."); - goto fail; - } - debug("Received request for X11 forwarding with auth spoofing."); - if (display) - packet_disconnect("Protocol error: X11 display already set."); - { - unsigned int proto_len, data_len; - proto = packet_get_string(&proto_len); - data = packet_get_string(&data_len); - packet_integrity_check(plen, 4 + proto_len + 4 + data_len + 4, type); - } - if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER) - screen = packet_get_int(); - else - screen = 0; - display = x11_create_display_inet(screen, options.x11_display_offset); - if (!display) - goto fail; - - /* Setup to always have a local .Xauthority. */ - xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); - temporarily_use_uid(pw->pw_uid); - if (mkdtemp(xauthfile) == NULL) { - restore_uid(); - error("private X11 dir: mkdtemp %s failed: %s", - xauthfile, strerror(errno)); - xfree(xauthfile); - xauthfile = NULL; - goto fail; - } - strlcat(xauthfile, "/cookies", MAXPATHLEN); - open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600); - restore_uid(); - fatal_add_cleanup(xauthfile_cleanup_proc, NULL); - break; -#else /* XAUTH_PATH */ - packet_send_debug("No xauth program; cannot forward with spoofing."); - goto fail; -#endif /* XAUTH_PATH */ - - case SSH_CMSG_AGENT_REQUEST_FORWARDING: - if (no_agent_forwarding_flag || compat13) { - debug("Authentication agent forwarding not permitted for this authentication."); - goto fail; - } - debug("Received authentication agent forwarding request."); - auth_input_request_forwarding(pw); - break; - - case SSH_CMSG_PORT_FORWARD_REQUEST: - if (no_port_forwarding_flag) { - debug("Port forwarding not permitted for this authentication."); - goto fail; - } - debug("Received TCP/IP port forwarding request."); - channel_input_port_forward_request(pw->pw_uid == 0); - break; - - case SSH_CMSG_MAX_PACKET_SIZE: - if (packet_set_maxsize(packet_get_int()) < 0) - goto fail; - break; - - case SSH_CMSG_EXEC_SHELL: - /* Set interactive/non-interactive mode. */ - packet_set_interactive(have_pty || display != NULL, - options.keepalives); - - if (forced_command != NULL) - goto do_forced_command; - debug("Forking shell."); - packet_integrity_check(plen, 0, type); - if (have_pty) - do_exec_pty(NULL, ptyfd, ttyfd, ttyname, pw, term, display, proto, data); - else - do_exec_no_pty(NULL, pw, display, proto, data); - return; - - case SSH_CMSG_EXEC_CMD: - /* Set interactive/non-interactive mode. */ - packet_set_interactive(have_pty || display != NULL, - options.keepalives); - - if (forced_command != NULL) - goto do_forced_command; - /* Get command from the packet. */ - { - unsigned int dlen; - command = packet_get_string(&dlen); - debug("Executing command '%.500s'", command); - packet_integrity_check(plen, 4 + dlen, type); - } - if (have_pty) - do_exec_pty(command, ptyfd, ttyfd, ttyname, pw, term, display, proto, data); - else - do_exec_no_pty(command, pw, display, proto, data); - xfree(command); - return; -#ifdef KRB5 - case SSH_CMSG_HAVE_KRB5_TGT: - /* Passing krb5 ticket */ - if (!options.krb5_tgt_passing - /*|| !options.krb5_authentication */) { - - } - - if (tkt_client == NULL) { - /* passing tgt without krb5 authentication */ - } - - { - krb5_data tgt; - tgt.data = packet_get_string(&tgt.length); - - if (!auth_krb5_tgt(pw->pw_name, &tgt, tkt_client)) { - verbose ("Kerberos V5 TGT refused for %.100s", pw->pw_name); - xfree(tgt.data); - goto fail; - } - xfree(tgt.data); - - break; - } -#endif /* KRB5 */ - - default: - /* - * Any unknown messages in this phase are ignored, - * and a failure message is returned. - */ - log("Unknown packet type received after authentication: %d", type); - goto fail; - } - - /* The request was successfully processed. */ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); - - /* Enable compression now that we have replied if appropriate. */ - if (enable_compression_after_reply) { - enable_compression_after_reply = 0; - packet_start_compression(compression_level); - } - continue; - -fail: - /* The request failed. */ - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - continue; - -do_forced_command: - /* - * There is a forced command specified for this login. - * Execute it. - */ - debug("Executing forced command: %.900s", forced_command); - if (have_pty) - do_exec_pty(forced_command, ptyfd, ttyfd, ttyname, pw, term, display, proto, data); - else - do_exec_no_pty(forced_command, pw, display, proto, data); - return; - } -} - -/* - * This is called to fork and execute a command when we have no tty. This - * will call do_child from the child, and server_loop from the parent after - * setting up file descriptors and such. - */ -void -do_exec_no_pty(const char *command, struct passwd * pw, - const char *display, const char *auth_proto, - const char *auth_data) -{ - int pid; - -#ifdef USE_PIPES - int pin[2], pout[2], perr[2]; - /* Allocate pipes for communicating with the program. */ - if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0) - packet_disconnect("Could not create pipes: %.100s", - strerror(errno)); -#else /* USE_PIPES */ - int inout[2], err[2]; - /* Uses socket pairs to communicate with the program. */ - if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 || - socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) - packet_disconnect("Could not create socket pairs: %.100s", - strerror(errno)); -#endif /* USE_PIPES */ - - setproctitle("%s@notty", pw->pw_name); - - /* Fork the child. */ - if ((pid = fork()) == 0) { - /* Child. Reinitialize the log since the pid has changed. */ - log_init(av0, options.log_level, options.log_facility, log_stderr); - - /* - * Create a new session and process group since the 4.4BSD - * setlogin() affects the entire process group. - */ - if (setsid() < 0) - error("setsid failed: %.100s", strerror(errno)); - -#ifdef USE_PIPES - /* - * Redirect stdin. We close the parent side of the socket - * pair, and make the child side the standard input. - */ - close(pin[1]); - if (dup2(pin[0], 0) < 0) - perror("dup2 stdin"); - close(pin[0]); - - /* Redirect stdout. */ - close(pout[0]); - if (dup2(pout[1], 1) < 0) - perror("dup2 stdout"); - close(pout[1]); - - /* Redirect stderr. */ - close(perr[0]); - if (dup2(perr[1], 2) < 0) - perror("dup2 stderr"); - close(perr[1]); -#else /* USE_PIPES */ - /* - * Redirect stdin, stdout, and stderr. Stdin and stdout will - * use the same socket, as some programs (particularly rdist) - * seem to depend on it. - */ - close(inout[1]); - close(err[1]); - if (dup2(inout[0], 0) < 0) /* stdin */ - perror("dup2 stdin"); - if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */ - perror("dup2 stdout"); - if (dup2(err[0], 2) < 0) /* stderr */ - perror("dup2 stderr"); -#endif /* USE_PIPES */ - - /* Do processing for the child (exec command etc). */ - do_child(command, pw, NULL, display, auth_proto, auth_data, NULL); - /* NOTREACHED */ - } - if (pid < 0) - packet_disconnect("fork failed: %.100s", strerror(errno)); -#ifdef USE_PIPES - /* We are the parent. Close the child sides of the pipes. */ - close(pin[0]); - close(pout[1]); - close(perr[1]); - - /* Enter the interactive session. */ - server_loop(pid, pin[1], pout[0], perr[0]); - /* server_loop has closed pin[1], pout[1], and perr[1]. */ -#else /* USE_PIPES */ - /* We are the parent. Close the child sides of the socket pairs. */ - close(inout[0]); - close(err[0]); - - /* - * Enter the interactive session. Note: server_loop must be able to - * handle the case that fdin and fdout are the same. - */ - server_loop(pid, inout[1], inout[1], err[1]); - /* server_loop has closed inout[1] and err[1]. */ -#endif /* USE_PIPES */ -} - -/* - * This is called to fork and execute a command when we have a tty. This - * will call do_child from the child, and server_loop from the parent after - * setting up file descriptors, controlling tty, updating wtmp, utmp, - * lastlog, and other such operations. - */ -void -do_exec_pty(const char *command, int ptyfd, int ttyfd, - const char *ttyname, struct passwd * pw, const char *term, - const char *display, const char *auth_proto, - const char *auth_data) -{ - int pid, fdout; - int ptymaster; - const char *hostname; - time_t last_login_time; - char buf[100], *time_string; - FILE *f; - char line[256]; - struct stat st; - int quiet_login; - struct sockaddr_storage from; - socklen_t fromlen; - struct pty_cleanup_context cleanup_context; -#ifdef LOGIN_CAP - login_cap_t *lc; - char *fname; -#endif /* LOGIN_CAP */ -#ifdef __FreeBSD__ -#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ - struct timeval tv; - time_t warntime = DEFAULT_WARN; -#endif /* __FreeBSD__ */ - - /* Get remote host name. */ - hostname = get_canonical_hostname(); - - /* - * Get the time when the user last logged in. Buf will be set to - * contain the hostname the last login was from. - */ - if (!options.use_login) { - last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name, - buf, sizeof(buf)); - } - setproctitle("%s@%s", pw->pw_name, strrchr(ttyname, '/') + 1); - - /* Fork the child. */ - if ((pid = fork()) == 0) { - pid = getpid(); - - /* Child. Reinitialize the log because the pid has - changed. */ - log_init(av0, options.log_level, options.log_facility, log_stderr); - - /* Close the master side of the pseudo tty. */ - close(ptyfd); - - /* Make the pseudo tty our controlling tty. */ - pty_make_controlling_tty(&ttyfd, ttyname); - - /* Redirect stdin from the pseudo tty. */ - if (dup2(ttyfd, fileno(stdin)) < 0) - error("dup2 stdin failed: %.100s", strerror(errno)); - - /* Redirect stdout to the pseudo tty. */ - if (dup2(ttyfd, fileno(stdout)) < 0) - error("dup2 stdin failed: %.100s", strerror(errno)); - - /* Redirect stderr to the pseudo tty. */ - if (dup2(ttyfd, fileno(stderr)) < 0) - error("dup2 stdin failed: %.100s", strerror(errno)); - - /* Close the extra descriptor for the pseudo tty. */ - close(ttyfd); - - /* - * Get IP address of client. This is needed because we want - * to record where the user logged in from. If the - * connection is not a socket, let the ip address be 0.0.0.0. - */ - memset(&from, 0, sizeof(from)); - if (packet_get_connection_in() == packet_get_connection_out()) { - fromlen = sizeof(from); - if (getpeername(packet_get_connection_in(), - (struct sockaddr *) & from, &fromlen) < 0) { - debug("getpeername: %.100s", strerror(errno)); - fatal_cleanup(); - } - } - /* Record that there was a login on that terminal. */ - record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, - (struct sockaddr *)&from); - - /* Check if .hushlogin exists. */ - snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); - quiet_login = stat(line, &st) >= 0; -#ifdef LOGIN_CAP - lc = login_getpwclass(pw); - if (lc == NULL) - lc = login_getclassbyname(NULL, pw); - quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); -#endif /* LOGIN_CAP */ - -#ifdef __FreeBSD__ - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tv, NULL); -#ifdef LOGIN_CAP - warntime = login_getcaptime(lc, "warnpassword", - DEFAULT_WARN, DEFAULT_WARN); -#endif /* LOGIN_CAP */ - /* - * If the password change time is set and has passed, give the - * user a password expiry notice and chance to change it. - */ - if (pw->pw_change != 0) { - if (tv.tv_sec >= pw->pw_change) { - (void)printf( - "Sorry -- your password has expired.\n"); - log("%s Password expired - forcing change", - pw->pw_name); - command = _PATH_CHPASS; - } else if (pw->pw_change - tv.tv_sec < warntime && - !quiet_login) - (void)printf( - "Warning: your password expires on %s", - ctime(&pw->pw_change)); - } -#ifdef LOGIN_CAP - warntime = login_getcaptime(lc, "warnexpire", - DEFAULT_WARN, DEFAULT_WARN); -#endif /* LOGIN_CAP */ - if (pw->pw_expire) { - if (tv.tv_sec >= pw->pw_expire) { - (void)printf( - "Sorry -- your account has expired.\n"); - log( - "LOGIN %.200s REFUSED (EXPIRED) FROM %.200s ON TTY %.200s", - pw->pw_name, hostname, ttyname); - exit(254); - } else if (pw->pw_expire - tv.tv_sec < warntime && - !quiet_login) - (void)printf( - "Warning: your account expires on %s", - ctime(&pw->pw_expire)); - } -#endif /* __FreeBSD__ */ -#ifdef LOGIN_CAP - if (!auth_ttyok(lc, ttyname)) { - (void)printf("Permission denied.\n"); - log( - "LOGIN %.200s REFUSED (TTY) FROM %.200s ON TTY %.200s", - pw->pw_name, hostname, ttyname); - exit(254); - } -#endif /* LOGIN_CAP */ - - /* - * If the user has logged in before, display the time of last - * login. However, don't display anything extra if a command - * has been specified (so that ssh can be used to execute - * commands on a remote machine without users knowing they - * are going to another machine). Login(1) will do this for - * us as well, so check if login(1) is used - */ - if (command == NULL && last_login_time != 0 && !quiet_login && - !options.use_login) { - /* Convert the date to a string. */ - time_string = ctime(&last_login_time); - /* Remove the trailing newline. */ - if (strchr(time_string, '\n')) - *strchr(time_string, '\n') = 0; - /* Display the last login time. Host if displayed - if known. */ - if (strcmp(buf, "") == 0) - printf("Last login: %s\r\n", time_string); - else - printf("Last login: %s from %s\r\n", time_string, buf); - } -#ifdef LOGIN_CAP - if (command == NULL && !quiet_login && !options.use_login) { - fname = login_getcapstr(lc, "copyright", NULL, NULL); - if (fname != NULL && (f = fopen(fname, "r")) != NULL) { - while (fgets(line, sizeof(line), f) != NULL) - fputs(line, stdout); - fclose(f); - } else - (void)printf("%s\n\t%s %s\n", - "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", - "The Regents of the University of California. ", - "All rights reserved."); - } -#endif /* LOGIN_CAP */ - /* - * Print /etc/motd unless a command was specified or printing - * it was disabled in server options or login(1) will be - * used. Note that some machines appear to print it in - * /etc/profile or similar. - */ - if (command == NULL && options.print_motd && !quiet_login && - !options.use_login) { -#ifdef LOGIN_CAP - fname = login_getcapstr(lc, "welcome", NULL, NULL); - if (fname == NULL || (f = fopen(fname, "r")) == NULL) - f = fopen("/etc/motd", "r"); -#else /* !LOGIN_CAP */ - f = fopen("/etc/motd", "r"); -#endif /* LOGIN_CAP */ - /* Print /etc/motd if it exists. */ - if (f) { - while (fgets(line, sizeof(line), f)) - fputs(line, stdout); - fclose(f); - } - } -#ifdef LOGIN_CAP - login_close(lc); -#endif /* LOGIN_CAP */ - - /* Do common processing for the child, such as execing the command. */ - do_child(command, pw, term, display, auth_proto, auth_data, ttyname); - /* NOTREACHED */ - } - if (pid < 0) - packet_disconnect("fork failed: %.100s", strerror(errno)); - /* Parent. Close the slave side of the pseudo tty. */ - close(ttyfd); - - /* - * Add a cleanup function to clear the utmp entry and record logout - * time in case we call fatal() (e.g., the connection gets closed). - */ - cleanup_context.pid = pid; - cleanup_context.ttyname = ttyname; - fatal_add_cleanup(pty_cleanup_proc, (void *) &cleanup_context); - fatal_remove_cleanup(pty_release_proc, (void *) ttyname); - - /* - * Create another descriptor of the pty master side for use as the - * standard input. We could use the original descriptor, but this - * simplifies code in server_loop. The descriptor is bidirectional. - */ - fdout = dup(ptyfd); - if (fdout < 0) - packet_disconnect("dup #1 failed: %.100s", strerror(errno)); - - /* we keep a reference to the pty master */ - ptymaster = dup(ptyfd); - if (ptymaster < 0) - packet_disconnect("dup #2 failed: %.100s", strerror(errno)); - - /* Enter interactive session. */ - server_loop(pid, ptyfd, fdout, -1); - /* server_loop _has_ closed ptyfd and fdout. */ - - /* Cancel the cleanup function. */ - fatal_remove_cleanup(pty_cleanup_proc, (void *) &cleanup_context); - - /* Record that the user has logged out. */ - record_logout(pid, ttyname); - - /* Release the pseudo-tty. */ - pty_release(ttyname); - - /* - * Close the server side of the socket pairs. We must do this after - * the pty cleanup, so that another process doesn't get this pty - * while we're still cleaning up. - */ - if (close(ptymaster) < 0) - error("close(ptymaster): %s", strerror(errno)); -} - -/* - * Sets the value of the given variable in the environment. If the variable - * already exists, its value is overriden. - */ -void -child_set_env(char ***envp, unsigned int *envsizep, const char *name, - const char *value) -{ - unsigned int i, namelen; - char **env; - - /* - * Find the slot where the value should be stored. If the variable - * already exists, we reuse the slot; otherwise we append a new slot - * at the end of the array, expanding if necessary. - */ - env = *envp; - namelen = strlen(name); - for (i = 0; env[i]; i++) - if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') - break; - if (env[i]) { - /* Reuse the slot. */ - xfree(env[i]); - } else { - /* New variable. Expand if necessary. */ - if (i >= (*envsizep) - 1) { - (*envsizep) += 50; - env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); - } - /* Need to set the NULL pointer at end of array beyond the new slot. */ - env[i + 1] = NULL; - } - - /* Allocate space and format the variable in the appropriate slot. */ - env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); - snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); -} - -/* - * Reads environment variables from the given file and adds/overrides them - * into the environment. If the file does not exist, this does nothing. - * Otherwise, it must consist of empty lines, comments (line starts with '#') - * and assignments of the form name=value. No other forms are allowed. - */ -void -read_environment_file(char ***env, unsigned int *envsize, - const char *filename) -{ - FILE *f; - char buf[4096]; - char *cp, *value; - - f = fopen(filename, "r"); - if (!f) - return; - - while (fgets(buf, sizeof(buf), f)) { - for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '#' || *cp == '\n') - continue; - if (strchr(cp, '\n')) - *strchr(cp, '\n') = '\0'; - value = strchr(cp, '='); - if (value == NULL) { - fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); - continue; - } - /* Replace the equals sign by nul, and advance value to the value string. */ - *value = '\0'; - value++; - child_set_env(env, envsize, cp, value); - } - fclose(f); -} - -/* - * Performs common processing for the child, such as setting up the - * environment, closing extra file descriptors, setting the user and group - * ids, and executing the command or shell. - */ -void -do_child(const char *command, struct passwd * pw, const char *term, - const char *display, const char *auth_proto, - const char *auth_data, const char *ttyname) -{ - char *shell; - const char *cp = NULL; - char buf[256]; - FILE *f; - unsigned int envsize, i; - char **env = NULL; - extern char **environ; - struct stat st; - char *argv[10]; -#ifdef LOGIN_CAP - login_cap_t *lc; - - lc = login_getpwclass(pw); - if (lc == NULL) - lc = login_getclassbyname(NULL, pw); - if (pw->pw_uid != 0) - auth_checknologin(lc); -#else /* !LOGIN_CAP */ - f = fopen("/etc/nologin", "r"); - if (f) { - /* /etc/nologin exists. Print its contents and exit. */ - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); - if (pw->pw_uid != 0) - exit(254); - - } -#endif /* LOGIN_CAP */ - -#ifdef LOGIN_CAP - if (options.use_login) -#endif /* LOGIN_CAP */ - /* Set login name in the kernel. */ - if (setlogin(pw->pw_name) < 0) - error("setlogin failed: %s", strerror(errno)); - - /* Set uid, gid, and groups. */ - /* Login(1) does this as well, and it needs uid 0 for the "-h" - switch, so we let login(1) to this for us. */ - if (!options.use_login) { -#ifdef LOGIN_CAP - char **tmpenv; - - /* Initialize temp environment */ - envsize = 64; - env = xmalloc(envsize * sizeof(char *)); - env[0] = NULL; - - child_set_env(&env, &envsize, "PATH", - (pw->pw_uid == 0) ? - _PATH_STDPATH : _PATH_DEFPATH); - - snprintf(buf, sizeof buf, "%.200s/%.50s", - _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); - - if (getenv("TZ")) - child_set_env(&env, &envsize, "TZ", getenv("TZ")); - - /* Save parent environment */ - tmpenv = environ; - environ = env; - - if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETALL) < 0) - fatal("setusercontext failed: %s", strerror(errno)); - - /* Restore parent environment */ - env = environ; - environ = tmpenv; - - for (envsize = 0; env[envsize] != NULL; ++envsize) - ; - envsize = (envsize < 100) ? 100 : envsize + 16; - env = xrealloc(env, envsize * sizeof(char *)); - -#else /* !LOGIN_CAP */ - - if (getuid() == 0 || geteuid() == 0) { - if (setgid(pw->pw_gid) < 0) { - perror("setgid"); - exit(1); - } - /* Initialize the group list. */ - if (initgroups(pw->pw_name, pw->pw_gid) < 0) { - perror("initgroups"); - exit(1); - } - endgrent(); - - /* Permanently switch to the desired uid. */ - permanently_set_uid(pw->pw_uid); - } - if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) - fatal("Failed to set uids to %d.", (int) pw->pw_uid); -#endif /* LOGIN_CAP */ - } - /* - * Get the shell from the password data. An empty shell field is - * legal, and means /bin/sh. - */ - shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; -#ifdef LOGIN_CAP - shell = login_getcapstr(lc, "shell", shell, shell); -#endif /* LOGIN_CAP */ - -#ifdef AFS - /* Try to get AFS tokens for the local cell. */ - if (k_hasafs()) { - char cell[64]; - - if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) - krb_afslog(cell, 0); - - krb_afslog(0, 0); - } -#endif /* AFS */ - - /* Initialize the environment. */ - if (env == NULL) { - envsize = 100; - env = xmalloc(envsize * sizeof(char *)); - env[0] = NULL; - } - - if (!options.use_login) { - /* Set basic environment. */ - child_set_env(&env, &envsize, "USER", pw->pw_name); - child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); - child_set_env(&env, &envsize, "HOME", pw->pw_dir); -#ifndef LOGIN_CAP - child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); - - snprintf(buf, sizeof buf, "%.200s/%.50s", - _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); -#endif /* !LOGIN_CAP */ - - /* Normal systems set SHELL by default. */ - child_set_env(&env, &envsize, "SHELL", shell); - } -#ifdef LOGIN_CAP - if (options.use_login) -#endif /* LOGIN_CAP */ - if (getenv("TZ")) - child_set_env(&env, &envsize, "TZ", getenv("TZ")); - - /* Set custom environment options from RSA authentication. */ - while (custom_environment) { - struct envstring *ce = custom_environment; - char *s = ce->s; - int i; - for (i = 0; s[i] != '=' && s[i]; i++); - if (s[i] == '=') { - s[i] = 0; - child_set_env(&env, &envsize, s, s + i + 1); - } - custom_environment = ce->next; - xfree(ce->s); - xfree(ce); - } - - snprintf(buf, sizeof buf, "%.50s %d %d", - get_remote_ipaddr(), get_remote_port(), get_local_port()); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - if (ttyname) - child_set_env(&env, &envsize, "SSH_TTY", ttyname); - if (term) - child_set_env(&env, &envsize, "TERM", term); - if (display) - child_set_env(&env, &envsize, "DISPLAY", display); - -#ifdef KRB4 - { - extern char *ticket; - - if (ticket) - child_set_env(&env, &envsize, "KRBTKFILE", ticket); - } -#endif /* KRB4 */ - -#ifdef KRB5 - { - extern krb5_ccache mem_ccache; - - if (mem_ccache) { - krb5_error_code problem; - krb5_ccache ccache; -#ifdef AFS - if (k_hasafs()) - krb5_afslog(ssh_context, mem_ccache, NULL, NULL); -#endif /* AFS */ - - problem = krb5_cc_default(ssh_context, &ccache); - if (problem) {} - else { - problem = krb5_cc_copy_cache(ssh_context, mem_ccache, ccache); - if (problem) {} - } - - krb5_cc_close(ssh_context, ccache); - } - - krb5_cleanup_proc(NULL); - } -#endif /* KRB5 */ - - if (xauthfile) - child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); - if (auth_get_socket_name() != NULL) - child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_get_socket_name()); - - /* read $HOME/.ssh/environment. */ - if (!options.use_login) { - snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); - read_environment_file(&env, &envsize, buf); - } - if (debug_flag) { - /* dump the environment */ - fprintf(stderr, "Environment:\n"); - for (i = 0; env[i]; i++) - fprintf(stderr, " %.200s\n", env[i]); - } - /* - * Close the connection descriptors; note that this is the child, and - * the server will still have the socket open, and it is important - * that we do not shutdown it. Note that the descriptors cannot be - * closed before building the environment, as we call - * get_remote_ipaddr there. - */ - if (packet_get_connection_in() == packet_get_connection_out()) - close(packet_get_connection_in()); - else { - close(packet_get_connection_in()); - close(packet_get_connection_out()); - } - /* - * Close all descriptors related to channels. They will still remain - * open in the parent. - */ - /* XXX better use close-on-exec? -markus */ - channel_close_all(); - - /* - * Close any extra file descriptors. Note that there may still be - * descriptors left by system functions. They will be closed later. - */ - endpwent(); - - /* - * Close any extra open file descriptors so that we don\'t have them - * hanging around in clients. Note that we want to do this after - * initgroups, because at least on Solaris 2.3 it leaves file - * descriptors open. - */ - for (i = 3; i < getdtablesize(); i++) - close(i); - - /* Change current directory to the user\'s home directory. */ - if ( -#ifdef __FreeBSD__ - !*pw->pw_dir || -#endif /* __FreeBSD__ */ - chdir(pw->pw_dir) < 0 - ) { -#ifdef __FreeBSD__ - int quiet_login = 0; -#endif /* __FreeBSD__ */ -#ifdef LOGIN_CAP - if (login_getcapbool(lc, "requirehome", 0)) { - (void)printf("Home directory not available\n"); - log("LOGIN %.200s REFUSED (HOMEDIR) ON TTY %.200s", - pw->pw_name, ttyname); - exit(254); - } -#endif /* LOGIN_CAP */ -#ifdef __FreeBSD__ - if (chdir("/") < 0) { - (void)printf("Cannot find root directory\n"); - log("LOGIN %.200s REFUSED (ROOTDIR) ON TTY %.200s", - pw->pw_name, ttyname); - exit(254); - } -#ifdef LOGIN_CAP - quiet_login = login_getcapbool(lc, "hushlogin", 0); -#endif /* LOGIN_CAP */ - if (!quiet_login || *pw->pw_dir) - (void)printf( - "No home directory.\nLogging in with home = \"/\".\n"); - -#else /* !__FreeBSD__ */ - - fprintf(stderr, "Could not chdir to home directory %s: %s\n", - pw->pw_dir, strerror(errno)); -#endif /* __FreeBSD__ */ - } -#ifdef LOGIN_CAP - login_close(lc); -#endif /* LOGIN_CAP */ - - /* - * Must take new environment into use so that .ssh/rc, /etc/sshrc and - * xauth are run in the proper environment. - */ - environ = env; - - /* - * Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found first - * in this order). - */ - if (!options.use_login) { - if (stat(SSH_USER_RC, &st) >= 0) { - if (debug_flag) - fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC); - - f = popen("/bin/sh " SSH_USER_RC, "w"); - if (f) { - if (auth_proto != NULL && auth_data != NULL) - fprintf(f, "%s %s\n", auth_proto, auth_data); - pclose(f); - } else - fprintf(stderr, "Could not run %s\n", SSH_USER_RC); - } else if (stat(SSH_SYSTEM_RC, &st) >= 0) { - if (debug_flag) - fprintf(stderr, "Running /bin/sh %s\n", SSH_SYSTEM_RC); - - f = popen("/bin/sh " SSH_SYSTEM_RC, "w"); - if (f) { - if (auth_proto != NULL && auth_data != NULL) - fprintf(f, "%s %s\n", auth_proto, auth_data); - pclose(f); - } else - fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC); - } -#ifdef XAUTH_PATH - else { - /* Add authority data to .Xauthority if appropriate. */ - if (auth_proto != NULL && auth_data != NULL) { - if (debug_flag) - fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n", - XAUTH_PATH, display, auth_proto, auth_data); - - f = popen(XAUTH_PATH " -q -", "w"); - if (f) { - fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data); - pclose(f); - } else - fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH); - } - } -#endif /* XAUTH_PATH */ - - /* Get the last component of the shell name. */ - cp = strrchr(shell, '/'); - if (cp) - cp++; - else - cp = shell; - } - /* - * If we have no command, execute the shell. In this case, the shell - * name to be passed in argv[0] is preceded by '-' to indicate that - * this is a login shell. - */ - if (!command) { - if (!options.use_login) { - char buf[256]; - - /* - * Check for mail if we have a tty and it was enabled - * in server options. - */ - if (ttyname && options.check_mail) { - char *mailbox; - struct stat mailstat; - mailbox = getenv("MAIL"); - if (mailbox != NULL) { - if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0) -#ifdef __FreeBSD__ - ; -#else /* !__FreeBSD__ */ - printf("No mail.\n"); -#endif /* __FreeBSD__ */ - else if (mailstat.st_mtime < mailstat.st_atime) - printf("You have mail.\n"); - else - printf("You have new mail.\n"); - } - } - /* Start the shell. Set initial character to '-'. */ - buf[0] = '-'; - strncpy(buf + 1, cp, sizeof(buf) - 1); - buf[sizeof(buf) - 1] = 0; - - /* Execute the shell. */ - argv[0] = buf; - argv[1] = NULL; - execve(shell, argv, env); - - /* Executing the shell failed. */ - perror(shell); - exit(1); - - } else { - /* Launch login(1). */ - - execl("/usr/bin/login", "login", "-h", get_remote_ipaddr(), - "-p", "-f", "--", pw->pw_name, NULL); - - /* Login couldn't be executed, die. */ - - perror("login"); - exit(1); - } - } - /* - * Execute the command using the user's shell. This uses the -c - * option to execute the command. - */ - argv[0] = (char *) cp; - argv[1] = "-c"; - argv[2] = (char *) command; - argv[3] = NULL; - execve(shell, argv, env); - perror(shell); - exit(1); + debug("done: KEX2."); } diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 7142e25..4596cb8 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -3,6 +3,7 @@ # $FreeBSD$ Port 22 +#Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key |
