summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2002-03-13 13:19:42 +1100
committerDamien Miller <djm@mindrot.org>2002-03-13 13:19:42 +1100
commit3a5b0233306a3db3a5db5b9ddc187c55e9b251f4 (patch)
tree86478addb63771a9a1be0e13cfbdea9f964f963a
parent3225fb454d0e79cf6f824dd00ff478749620277b (diff)
Stupid djm commits experimental code to head instead of branch
revert
-rw-r--r--Makefile.in6
-rw-r--r--auth.h4
-rw-r--r--auth1.c30
-rw-r--r--auth2.c119
-rw-r--r--bufaux.c2
-rw-r--r--cipher.c40
-rw-r--r--cipher.h2
-rw-r--r--compress.c4
-rw-r--r--kex.c4
-rw-r--r--kex.h1
-rw-r--r--kexdh.c13
-rw-r--r--kexgex.c19
-rw-r--r--key.c43
-rw-r--r--key.h1
-rw-r--r--packet.c106
-rw-r--r--packet.h7
-rw-r--r--servconf.c15
-rw-r--r--session.c53
-rw-r--r--session.h28
-rw-r--r--sshd.c173
20 files changed, 109 insertions, 561 deletions
diff --git a/Makefile.in b/Makefile.in
index 38c1d381..31aa8e58 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.198 2002/03/13 01:47:54 djm Exp $
+# $Id: Makefile.in,v 1.199 2002/03/13 02:19:42 djm Exp $
prefix=@prefix@
exec_prefix=@exec_prefix@
@@ -50,11 +50,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o monitor_fdpass.c monitor_wrap.c mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o monitor.c monitor_mm.c sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1
diff --git a/auth.h b/auth.h
index 9b5b19f6..c7175405 100644
--- a/auth.h
+++ b/auth.h
@@ -121,8 +121,8 @@ void krb5_cleanup_proc(void *authctxt);
#include "auth-pam.h"
#include "auth2-pam.h"
-Authctxt *do_authentication(void);
-Authctxt *do_authentication2(void);
+void do_authentication(void);
+void do_authentication2(void);
Authctxt *authctxt_new(void);
void auth_log(Authctxt *, int, char *, char *);
diff --git a/auth1.c b/auth1.c
index c52f6389..c2d99895 100644
--- a/auth1.c
+++ b/auth1.c
@@ -26,13 +26,8 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $");
#include "session.h"
#include "misc.h"
#include "uidswap.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
/* import */
-extern int use_privsep;
-extern int mm_recvfd;
-
extern ServerOptions options;
/*
@@ -360,13 +355,12 @@ do_authloop(Authctxt *authctxt)
* Performs authentication of an incoming connection. Session key has already
* been exchanged and encryption is enabled.
*/
-Authctxt *
+void
do_authentication(void)
{
Authctxt *authctxt;
- struct passwd *pw = NULL, *pwent;
+ struct passwd *pw;
u_int ulen;
- int allowed;
char *p, *user, *style = NULL;
/* Get the name of the user that we wish to log in as. */
@@ -388,26 +382,17 @@ do_authentication(void)
authctxt->style = style;
/* Verify that the user is a valid user. */
- if (!use_privsep) {
- pwent = getpwnam(user);
- allowed = pwent ? allowed_user(pwent) : 0;
- } else
- pwent = mm_getpwnamallow(mm_recvfd, user, &allowed);
- if (pwent && allowed) {
+ pw = getpwnam(user);
+ if (pw && allowed_user(pw)) {
authctxt->valid = 1;
- pw = pwcopy(pwent);
+ pw = pwcopy(pw);
} else {
debug("do_authentication: illegal user %s", user);
pw = NULL;
}
- /* Free memory */
- if (use_privsep)
- pwfree(pwent);
-
authctxt->pw = pw;
- setproctitle("%s%s", use_privsep ? " [net]" : "",
- pw ? user : "unknown");
+ setproctitle("%s", pw ? user : "unknown");
#ifdef USE_PAM
start_pam(pw == NULL ? "NOUSER" : user);
@@ -433,5 +418,6 @@ do_authentication(void)
packet_send();
packet_write_wait();
- return (authctxt);
+ /* Perform session preparation. */
+ do_authenticated(authctxt);
}
diff --git a/auth2.c b/auth2.c
index f661f8d7..f2a801ec 100644
--- a/auth2.c
+++ b/auth2.c
@@ -51,13 +51,8 @@ RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
#include "hostfile.h"
#include "canohost.h"
#include "match.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
/* import */
-extern int use_privsep;
-extern int mm_recvfd;
-
extern ServerOptions options;
extern u_char *session_id2;
extern int session_id2_len;
@@ -80,8 +75,8 @@ static void input_userauth_request(int, u_int32_t, void *);
/* helper */
static Authmethod *authmethod_lookup(const char *);
static char *authmethods_get(void);
-int user_key_allowed(struct passwd *, Key *);
-int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
+static int user_key_allowed(struct passwd *, Key *);
+static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
/* auth */
static void userauth_banner(void);
@@ -114,7 +109,7 @@ Authmethod authmethods[] = {
* loop until authctxt->success == TRUE
*/
-Authctxt *
+void
do_authentication2(void)
{
Authctxt *authctxt = authctxt_new();
@@ -130,8 +125,7 @@ do_authentication2(void)
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
-
- return(authctxt);
+ do_authenticated(authctxt);
}
static void
@@ -188,15 +182,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
*style++ = 0;
if (authctxt->attempt++ == 0) {
- /* setup auth context */
- int allowed;
+ /* setup auth context */
struct passwd *pw = NULL;
- if (!use_privsep) {
- pw = getpwnam(user);
- allowed = pw ? allowed_user(pw) : 0;
- } else
- pw = mm_getpwnamallow(mm_recvfd, user, &allowed);
- if (pw && allowed && strcmp(service, "ssh-connection")==0) {
+ pw = getpwnam(user);
+ if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
authctxt->pw = pwcopy(pw);
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
@@ -209,18 +198,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
start_pam("NOUSER");
#endif
}
- /* Free memory */
- if (use_privsep)
- pwfree(pw);
-
- setproctitle("%s%s", use_privsep ? " [net]" : "",
- pw ? user : "unknown");
+ setproctitle("%s", pw ? user : "unknown");
authctxt->user = xstrdup(user);
authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL;
-
- if (use_privsep)
- mm_inform_authserv(mm_recvfd, service, style);
} else if (strcmp(user, authctxt->user) != 0 ||
strcmp(service, authctxt->service) != 0) {
packet_disconnect("Change of username or service not allowed: "
@@ -332,8 +313,6 @@ done:
static int
userauth_none(Authctxt *authctxt)
{
- int res = 0;
-
/* disable method "none", only allowed one time */
Authmethod *m = authmethod_lookup("none");
if (m != NULL)
@@ -343,16 +322,18 @@ userauth_none(Authctxt *authctxt)
if (authctxt->valid == 0)
return(0);
- if (!authctxt->valid)
- return (0);
- if (use_privsep)
-#if defined(USE_PAM) || defined(HAVE_OSF_SIA)
-#error NOT IMPLEMENTED FOR PRIVSEP
+
+#ifdef HAVE_CYGWIN
+ if (check_nt_auth(1, authctxt->pw) == 0)
+ return(0);
#endif
- res = mm_auth_password(mm_recvfd, "");
- else
- res = auth_password(authctxt, "");
- return (res);
+#ifdef USE_PAM
+ return auth_pam_password(authctxt->pw, "");
+#elif defined(HAVE_OSF_SIA)
+ return 0;
+#else /* !HAVE_OSF_SIA && !USE_PAM */
+ return auth_password(authctxt, "");
+#endif /* USE_PAM */
}
static int
@@ -367,16 +348,18 @@ userauth_passwd(Authctxt *authctxt)
log("password change not supported");
password = packet_get_string(&len);
packet_check_eom();
-
-#if defined(HAVE_CYGWIN) || defined(USE_PAM) || defined(HAVE_OSF_SIA)
-#error NOT IMPLEMENTED FOR PRIVSEP
+ if (authctxt->valid &&
+#ifdef HAVE_CYGWIN
+ check_nt_auth(1, authctxt->pw) &&
#endif
- if (authctxt->valid) {
- if (use_privsep)
- authenticated = mm_auth_password(mm_recvfd, password);
- else
- authenticated = auth_password(authctxt, password);
- }
+#ifdef USE_PAM
+ auth_pam_password(authctxt->pw, password) == 1)
+#elif defined(HAVE_OSF_SIA)
+ auth_sia_password(authctxt->user, password) == 1)
+#else /* !USE_PAM && !HAVE_OSF_SIA */
+ auth_password(authctxt, password) == 1)
+#endif /* USE_PAM */
+ authenticated = 1;
memset(password, 0, len);
xfree(password);
return authenticated;
@@ -484,23 +467,12 @@ userauth_pubkey(Authctxt *authctxt)
buffer_dump(&b);
#endif
/* test for correct signature */
- authenticated = 0;
- if (use_privsep) {
- if (mm_user_key_allowed(mm_recvfd, key) &&
- mm_key_verify(mm_recvfd,
- MM_USERKEY, NULL, NULL, key, sig, slen,
- buffer_ptr(&b), buffer_len(&b)) == 1)
- authenticated = 1;
- } else {
- if (user_key_allowed(authctxt->pw, key) &&
- key_verify(key, sig, slen, buffer_ptr(&b),
- buffer_len(&b)) == 1)
- authenticated = 1;
- }
+ if (user_key_allowed(authctxt->pw, key) &&
+ key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+ authenticated = 1;
buffer_clear(&b);
xfree(sig);
} else {
- int res = 0;
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
@@ -512,11 +484,7 @@ userauth_pubkey(Authctxt *authctxt)
* if a user is not allowed to login. is this an
* issue? -markus
*/
- if (use_privsep)
- res = mm_user_key_allowed(mm_recvfd, key);
- else
- res = user_key_allowed(authctxt->pw, key);
- if (res) {
+ if (user_key_allowed(authctxt->pw, key)) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
@@ -604,18 +572,9 @@ userauth_hostbased(Authctxt *authctxt)
buffer_dump(&b);
#endif
/* test for allowed key and correct signature */
- authenticated = 0;
- if (use_privsep) {
- if (mm_hostbased_key_allowed(mm_recvfd, cuser, chost, key) &&
- mm_key_verify(mm_recvfd, MM_HOSTKEY, cuser, chost, key,
- sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
- authenticated = 1;
- } else {
- if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
- key_verify(key, sig, slen, buffer_ptr(&b),
- buffer_len(&b)) == 1)
- authenticated = 1;
- }
+ if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
+ key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+ authenticated = 1;
buffer_clear(&b);
done:
@@ -771,7 +730,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
}
/* check whether given key is in .ssh/authorized_keys* */
-int
+static int
user_key_allowed(struct passwd *pw, Key *key)
{
int success;
@@ -791,7 +750,7 @@ user_key_allowed(struct passwd *pw, Key *key)
}
/* return 1 if given hostkey is allowed */
-int
+static int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
Key *key)
{
diff --git a/bufaux.c b/bufaux.c
index 64b9a26e..23bc0c81 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -221,8 +221,6 @@ buffer_put_string(Buffer *buffer, const void *buf, u_int len)
void
buffer_put_cstring(Buffer *buffer, const char *s)
{
- if (s == NULL)
- fatal("buffer_put_cstring: s == NULL");
buffer_put_string(buffer, s, strlen(s));
}
diff --git a/cipher.c b/cipher.c
index 5ddf819c..9e8f42f5 100644
--- a/cipher.c
+++ b/cipher.c
@@ -541,43 +541,3 @@ evp_rijndael(void)
#endif
return (&rijndal_cbc);
}
-
-/*
- * Exports an IV from the CipherContext required to export the key
- * state back from the unprivileged child to the privileged parent
- * process.
- */
-
-void
-cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
-{
- Cipher *c = cc->cipher;
- u_char *civ = NULL;
- int evplen;
-
- switch (c->number) {
- case SSH_CIPHER_SSH2:
- evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
- if (evplen == 0)
- return;
- if (evplen != len)
- fatal("%s: wrong iv length %d != %d", __FUNCTION__,
- evplen, len);
-
- if (strncmp(c->name, "aes", 3) == 0) {
- struct ssh_rijndael_ctx *aesc;
-
- aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
- if (aesc == NULL)
- fatal("ssh_rijndael_cbc: no context");
- civ = aesc->r_iv;
- } else {
- civ = cc->evp.iv;
- }
- break;
- default:
- fatal("%s: bad cipher %d", __FUNCTION__, c->number);
- }
- memcpy(iv, civ, len);
-}
-
diff --git a/cipher.h b/cipher.h
index c7724469..b3b0303c 100644
--- a/cipher.h
+++ b/cipher.h
@@ -81,6 +81,4 @@ void cipher_cleanup(CipherContext *);
void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
u_int cipher_blocksize(Cipher *);
u_int cipher_keylen(Cipher *);
-
-void cipher_get_keyiv(CipherContext *, u_char *, u_int);
#endif /* CIPHER_H */
diff --git a/compress.c b/compress.c
index dec96ba5..3badbf45 100644
--- a/compress.c
+++ b/compress.c
@@ -19,8 +19,8 @@ RCSID("$OpenBSD: compress.c,v 1.17 2001/12/29 21:56:01 stevesk Exp $");
#include "zlib.h"
#include "compress.h"
-z_stream incoming_stream;
-z_stream outgoing_stream;
+static z_stream incoming_stream;
+static z_stream outgoing_stream;
static int compress_init_send_called = 0;
static int compress_init_recv_called = 0;
diff --git a/kex.c b/kex.c
index e5c0b0d0..bf8fd95b 100644
--- a/kex.c
+++ b/kex.c
@@ -43,10 +43,6 @@ RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $");
#define KEX_COOKIE_LEN 16
-/* Use privilege separation for sshd */
-int use_privsep;
-int mm_recvfd;
-
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
diff --git a/kex.h b/kex.h
index c99afaec..755bf332 100644
--- a/kex.h
+++ b/kex.h
@@ -111,7 +111,6 @@ struct Kex {
char *server_version_string;
int (*verify_host_key)(Key *);
Key *(*load_host_key)(int);
- int (*host_key_index)(Key *);
};
Kex *kex_setup(char *[PROPOSAL_MAX]);
diff --git a/kexdh.c b/kexdh.c
index 6256722f..eaf497ca 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -37,12 +37,6 @@ RCSID("$OpenBSD: kexdh.c,v 1.17 2002/02/28 15:46:33 markus Exp $");
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
-
-/* Imports */
-extern int use_privsep;
-extern int mm_recvfd;
static u_char *
kex_dh_hash(
@@ -281,12 +275,7 @@ kexdh_server(Kex *kex)
/* sign H */
/* XXX hashlen depends on KEX */
- if (use_privsep)
- mm_key_sign(mm_recvfd,
- kex->host_key_index(server_host_key),
- &signature, &slen, hash, 20);
- else
- key_sign(server_host_key, &signature, &slen, hash, 20);
+ key_sign(server_host_key, &signature, &slen, hash, 20);
/* destroy_sensitive_data(); */
diff --git a/kexgex.c b/kexgex.c
index 3c811f33..61896e6e 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -38,12 +38,6 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $");
#include "dh.h"
#include "ssh2.h"
#include "compat.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
-
-/* Imports */
-extern int use_privsep;
-extern int mm_recvfd;
static u_char *
kexgex_hash(
@@ -302,11 +296,7 @@ kexgex_server(Kex *kex)
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
min, nbits, max);
- /* Contact privileged parent */
- if (use_privsep)
- dh = mm_choose_dh(mm_recvfd, min, nbits, max);
- else
- dh = choose_dh(min, nbits, max);
+ dh = choose_dh(min, nbits, max);
if (dh == NULL)
packet_disconnect("Protocol error: no matching DH grp found");
@@ -389,11 +379,7 @@ kexgex_server(Kex *kex)
/* sign H */
/* XXX hashlen depends on KEX */
- if (use_privsep)
- mm_key_sign(mm_recvfd, kex->host_key_index(server_host_key),
- &signature, &slen, hash, 20);
- else
- key_sign(server_host_key, &signature, &slen, hash, 20);
+ key_sign(server_host_key, &signature, &slen, hash, 20);
/* destroy_sensitive_data(); */
@@ -404,7 +390,6 @@ kexgex_server(Kex *kex)
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
-
xfree(signature);
xfree(server_host_key_blob);
/* have keys, free DH */
diff --git a/key.c b/key.c
index fb6bff95..cda91571 100644
--- a/key.c
+++ b/key.c
@@ -801,46 +801,3 @@ key_verify(
break;
}
}
-
-/* Converts a private to a public key */
-
-Key *
-key_demote(Key *k)
-{
- Key *pk;
-
- pk = xmalloc(sizeof(*pk));
- pk->type = k->type;
- pk->flags = k->flags;
- pk->dsa = NULL;
- pk->rsa = NULL;
-
- switch (k->type) {
- case KEY_RSA1:
- case KEY_RSA:
- if ((pk->rsa = RSA_new()) == NULL)
- fatal("key_demote: RSA_new failed");
- if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
- fatal("key_demote: BN_dup failed");
- if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
- fatal("key_demote: BN_dup failed");
- break;
- case KEY_DSA:
- if ((pk->dsa = DSA_new()) == NULL)
- fatal("key_demote: DSA_new failed");
- if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
- fatal("key_demote: BN_dup failed");
- if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
- fatal("key_demote: BN_dup failed");
- if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
- fatal("key_demote: BN_dup failed");
- if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
- fatal("key_demote: BN_dup failed");
- break;
- default:
- fatal("key_free: bad key type %d", k->type);
- break;
- }
-
- return (pk);
-}
diff --git a/key.h b/key.h
index bc8b3d06..a2257731 100644
--- a/key.h
+++ b/key.h
@@ -58,7 +58,6 @@ struct Key {
Key *key_new(int);
Key *key_new_private(int);
void key_free(Key *);
-Key *key_demote(Key *);
int key_equal(Key *, Key *);
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
char *key_type(Key *);
diff --git a/packet.c b/packet.c
index 1c80af12..045d5a10 100644
--- a/packet.c
+++ b/packet.c
@@ -115,8 +115,6 @@ static int interactive_mode = 0;
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
-static u_int32_t read_seqnr = 0;
-static u_int32_t send_seqnr = 0;
/* roundup current message to extra_pad bytes */
static u_char extra_pad = 0;
@@ -173,87 +171,6 @@ packet_connection_is_on_socket(void)
return 1;
}
-/*
- * Exports an IV from the CipherContext required to export the key
- * state back from the unprivileged child to the privileged parent
- * process.
- */
-
-void
-packet_get_keyiv(int mode, u_char *iv, u_int len)
-{
- CipherContext *cc;
-
- if (mode == MODE_OUT)
- cc = &send_context;
- else
- cc = &receive_context;
-
- cipher_get_keyiv(cc, iv, len);
-}
-
-int
-packet_get_keycontext(int mode, u_char *dat)
-{
- int plen;
- CipherContext *cc;
-
- if (mode == MODE_OUT)
- cc = &send_context;
- else
- cc = &receive_context;
-
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- plen = sizeof(cc->evp.c);
-#else
- plen = cc->evp.cipher->ctx_size;
-#endif
-
- if (dat == NULL)
- return (plen);
-
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- memcpy(dat, &cc->evp.c, sizeof(cc->evp.c));
-#else
- memcpy(dat, &cc->evp.cipher_data, plen);
-#endif
- return (plen);
-}
-
-void
-packet_set_keycontext(int mode, u_char *dat)
-{
- CipherContext *cc;
-
- if (mode == MODE_OUT)
- cc = &send_context;
- else
- cc = &receive_context;
-
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- memcpy(&cc->evp.c, dat, sizeof(cc->evp.c));
-#else
- memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size);
-#endif
-}
-
-u_int32_t
-packet_get_seqnr(int mode)
-{
- return (mode == MODE_IN ? read_seqnr : send_seqnr);
-}
-
-void
-packet_set_seqnr(int mode, u_int32_t seqnr)
-{
- if (mode == MODE_IN)
- read_seqnr = seqnr;
- else if (mode == MODE_OUT)
- send_seqnr = seqnr;
- else
- fatal("%s: bad mode %d", __FUNCTION__, mode);
-}
-
/* returns 1 if connection is via ipv4 */
int
@@ -516,7 +433,7 @@ packet_send1(void)
*/
}
-void
+static void
set_newkeys(int mode)
{
Enc *enc;
@@ -560,9 +477,8 @@ set_newkeys(int mode)
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
enc->iv, enc->block_size, encrypt);
- /* Deleting the keys does not gain extra security */
- /* memset(enc->iv, 0, enc->block_size);
- memset(enc->key, 0, enc->key_len); */
+ memset(enc->iv, 0, enc->block_size);
+ memset(enc->key, 0, enc->key_len);
if (comp->type != 0 && comp->enabled == 0) {
packet_init_compression();
if (mode == MODE_OUT)
@@ -579,6 +495,7 @@ set_newkeys(int mode)
static void
packet_send2(void)
{
+ static u_int32_t seqnr = 0;
u_char type, *cp, *macbuf = NULL;
u_char padlen, pad;
u_int packet_length = 0;
@@ -659,10 +576,10 @@ packet_send2(void)
/* compute MAC over seqnr and packet(length fields, payload, padding) */
if (mac && mac->enabled) {
- macbuf = mac_compute(mac, send_seqnr,
+ macbuf = mac_compute(mac, seqnr,
buffer_ptr(&outgoing_packet),
buffer_len(&outgoing_packet));
- DBG(debug("done calc MAC out #%d", send_seqnr));
+ DBG(debug("done calc MAC out #%d", seqnr));
}
/* encrypt packet and append to output buffer. */
cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
@@ -676,7 +593,7 @@ packet_send2(void)
buffer_dump(&output);
#endif
/* increment sequence number for outgoing packets */
- if (++send_seqnr == 0)
+ if (++seqnr == 0)
log("outgoing seqnr wraps around");
buffer_clear(&outgoing_packet);
@@ -866,6 +783,7 @@ packet_read_poll1(void)
static int
packet_read_poll2(u_int32_t *seqnr_p)
{
+ static u_int32_t seqnr = 0;
static u_int packet_length = 0;
u_int padlen, need;
u_char *macbuf, *cp, type;
@@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p)
* increment sequence number for incoming packet
*/
if (mac && mac->enabled) {
- macbuf = mac_compute(mac, read_seqnr,
+ macbuf = mac_compute(mac, seqnr,
buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet));
if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
packet_disconnect("Corrupted MAC on input.");
- DBG(debug("MAC #%d ok", read_seqnr));
+ DBG(debug("MAC #%d ok", seqnr));
buffer_consume(&input, mac->mac_len);
}
if (seqnr_p != NULL)
- *seqnr_p = read_seqnr;
- if (++read_seqnr == 0)
+ *seqnr_p = seqnr;
+ if (++seqnr == 0)
log("incoming seqnr wraps around");
/* get padlen */
diff --git a/packet.h b/packet.h
index b87a03cf..d6bf2aab 100644
--- a/packet.h
+++ b/packet.h
@@ -56,13 +56,6 @@ void *packet_get_string(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void set_newkeys(int mode);
-void packet_get_keyiv(int, u_char *, u_int);
-int packet_get_keycontext(int, u_char *);
-void packet_set_keycontext(int, u_char *);
-u_int32_t packet_get_seqnr(int);
-void packet_set_seqnr(int, u_int32_t);
-
void packet_write_poll(void);
void packet_write_wait(void);
int packet_have_data_to_write(void);
diff --git a/servconf.c b/servconf.c
index c3f1253e..9bbd994c 100644
--- a/servconf.c
+++ b/servconf.c
@@ -36,8 +36,6 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short);
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
-/* Use of privilege separation or not */
-extern int use_privsep;
/* Initializes the server options to their default values. */
@@ -112,9 +110,6 @@ initialize_server_options(ServerOptions *options)
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
-
- /* Needs to be accessable in many places */
- use_privsep = -1;
}
void
@@ -240,10 +235,6 @@ fill_default_server_options(ServerOptions *options)
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
-
- /* Turn privilege separation on by default */
- if (use_privsep == -1)
- use_privsep = 1;
}
/* Keyword tokens. */
@@ -276,7 +267,6 @@ typedef enum {
sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
- sUsePrivilegeSeparation,
sDeprecated
} ServerOpCodes;
@@ -352,7 +342,6 @@ static struct {
{ "clientalivecountmax", sClientAliveCountMax },
{ "authorizedkeysfile", sAuthorizedKeysFile },
{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
- { "useprivilegeseparation", sUsePrivilegeSeparation},
{ NULL, sBadOption }
};
@@ -729,10 +718,6 @@ parse_flag:
intptr = &options->allow_tcp_forwarding;
goto parse_flag;
- case sUsePrivilegeSeparation:
- intptr = &use_privsep;
- goto parse_flag;
-
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
diff --git a/session.c b/session.c
index 17227c9f..a31ff85d 100644
--- a/session.c
+++ b/session.c
@@ -56,8 +56,6 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
#include "serverloop.h"
#include "canohost.h"
#include "session.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
#ifdef HAVE_CYGWIN
#include <windows.h>
@@ -65,15 +63,39 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
#define is_winnt (GetVersion() < 0x80000000)
#endif
-/* Imports */
-extern int use_privsep;
-extern int mm_recvfd;
+/* types */
+
+#define TTYSZ 64
+typedef struct Session Session;
+struct Session {
+ int used;
+ int self;
+ struct passwd *pw;
+ Authctxt *authctxt;
+ pid_t pid;
+ /* tty */
+ char *term;
+ int ptyfd, ttyfd, ptymaster;
+ int row, col, xpixel, ypixel;
+ char tty[TTYSZ];
+ /* X11 */
+ int display_number;
+ char *display;
+ int screen;
+ char *auth_display;
+ char *auth_proto;
+ char *auth_data;
+ int single_connection;
+ /* proto 2 */
+ int chanid;
+ int is_subsystem;
+};
/* func */
Session *session_new(void);
void session_set_fds(Session *, int, int, int);
-void session_pty_cleanup(void *);
+static void session_pty_cleanup(void *);
void session_proctitle(Session *);
int session_setup_x11fwd(Session *);
void do_exec_pty(Session *, const char *);
@@ -90,6 +112,7 @@ int check_quietlogin(Session *, const char *);
static void do_authenticated1(Authctxt *);
static void do_authenticated2(Authctxt *);
+static void session_close(Session *);
static int session_pty_req(Session *);
/* import */
@@ -1425,8 +1448,7 @@ session_pty_req(Session *s)
{
u_int len;
int n_bytes;
- int res;
-
+
if (no_pty_flag) {
debug("Allocating a pty not permitted for this authentication.");
return 0;
@@ -1455,15 +1477,7 @@ session_pty_req(Session *s)
/* Allocate a pty and open it. */
debug("Allocating pty.");
- if (!use_privsep) {
- res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
- sizeof(s->tty));
- if (res)
- pty_setowner(s->pw, s->tty);
- } else
- res = mm_pty_allocown(mm_recvfd,
- &s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
- if (!res) {
+ if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) {
if (s->term)
xfree(s->term);
s->term = NULL;
@@ -1484,6 +1498,7 @@ session_pty_req(Session *s)
* time in case we call fatal() (e.g., the connection gets closed).
*/
fatal_add_cleanup(session_pty_cleanup, (void *)s);
+ pty_setowner(s->pw, s->tty);
/* Set window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
@@ -1646,7 +1661,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
* Function to perform pty cleanup. Also called if we get aborted abnormally
* (e.g., due to a dropped connection).
*/
-void
+static void
session_pty_cleanup(void *session)
{
Session *s = session;
@@ -1724,7 +1739,7 @@ session_exit_message(Session *s, int status)
s->chanid = -1;
}
-void
+static void
session_close(Session *s)
{
debug("session_close: session %d pid %d", s->self, s->pid);
diff --git a/session.h b/session.h
index e3123bee..ec8284a5 100644
--- a/session.h
+++ b/session.h
@@ -26,32 +26,6 @@
#ifndef SESSION_H
#define SESSION_H
-#define TTYSZ 64
-typedef struct Session Session;
-struct Session {
- int used;
- int self;
- struct passwd *pw;
- Authctxt *authctxt;
- pid_t pid;
- /* tty */
- char *term;
- int ptyfd, ttyfd, ptymaster;
- int row, col, xpixel, ypixel;
- char tty[TTYSZ];
- /* X11 */
- int display_number;
- char *display;
- int screen;
- char *auth_display;
- char *auth_proto;
- char *auth_data;
- int single_connection;
- /* proto 2 */
- int chanid;
- int is_subsystem;
-};
-
void do_authenticated(Authctxt *);
int session_open(Authctxt*, int);
@@ -60,6 +34,4 @@ void session_close_by_pid(pid_t, int);
void session_close_by_channel(int, void *);
void session_destroy_all(void);
-Session *session_new(void);
-void session_close(Session *);
#endif
diff --git a/sshd.c b/sshd.c
index cbe31608..ea929325 100644
--- a/sshd.c
+++ b/sshd.c
@@ -72,11 +72,6 @@ RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $");
#include "misc.h"
#include "dispatch.h"
#include "channels.h"
-#include "session.h"
-#include "monitor_mm.h"
-#include "monitor.h"
-#include "monitor_wrap.h"
-#include "monitor_fdpass.h"
#ifdef LIBWRAP
#include <tcpd.h>
@@ -194,20 +189,8 @@ u_int utmp_len = MAXHOSTNAMELEN;
int *startup_pipes = NULL;
int startup_pipe; /* in child */
-/* variables used for privilege separation */
-#define MM_MEMSIZE 65536
-struct mm_master *mm_zback;
-struct mm_master *mm_zlib;
-
-extern int use_privsep;
-/* Socket for the child to receive a fd */
-extern int mm_recvfd;
-/* Socket for the parent to send a fd */
-int mm_sendfd;
-
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
-void demote_sensitive_data(void);
static void do_ssh1_kex(void);
static void do_ssh2_kex(void);
@@ -494,69 +477,6 @@ destroy_sensitive_data(void)
memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
}
-/* Demote private to public keys for network child */
-void
-demote_sensitive_data(void)
-{
- Key *tmp;
- int i;
-
- if (sensitive_data.server_key) {
- tmp = key_demote(sensitive_data.server_key);
- key_free(sensitive_data.server_key);
- sensitive_data.server_key = tmp;
- }
- for (i = 0; i < options.num_host_key_files; i++) {
- if (sensitive_data.host_keys[i]) {
- tmp = key_demote(sensitive_data.host_keys[i]);
- key_free(sensitive_data.host_keys[i]);
- sensitive_data.host_keys[i] = tmp;
- }
- }
-
- /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */
-}
-
-void
-privsep_postauth(Authctxt *authctxt)
-{
- pid_t pid;
-
- if (0) {
- /* File descriptor passing is broken */
- mm_apply_keystate(mm_zlib);
- use_privsep = 0;
- return;
- }
-
- pid = fork();
- if (pid == -1)
- fatal("fork of unprivileged child failed");
- else if (pid != 0) {
- debug2("User child is on pid %d", pid);
- close(mm_recvfd);
- monitor_child_postauth(mm_sendfd);
-
- /* Teardown? */
- exit(0);
- }
-
- close(mm_sendfd);
-
- /* Demote the private keys to public keys. */
- demote_sensitive_data();
-
- /* Drop privileges */
- if (seteuid(authctxt->pw->pw_uid) == -1)
- fatal("%s: seteuid", __FUNCTION__);
- if (setuid(authctxt->pw->pw_uid) == -1)
- fatal("%s: setuid", __FUNCTION__);
-
- /* It is safe now to apply the key state */
- mm_apply_keystate(mm_zlib);
-}
-
-
static char *
list_hostkey_types(void)
{
@@ -598,25 +518,6 @@ get_hostkey_by_type(int type)
return NULL;
}
-Key *
-get_hostkey_by_index(int ind)
-{
- if (ind < 0 || ind >= options.num_host_key_files)
- return (NULL);
- return (sensitive_data.host_keys[ind]);
-}
-
-int
-get_hostkey_index(Key *key)
-{
- int i;
- for (i = 0; i < options.num_host_key_files; i++) {
- if (key == sensitive_data.host_keys[i])
- return (i);
- }
- return (-1);
-}
-
/*
* returns 1 if connection should be dropped, 0 otherwise.
* dropping starts at connection #max_startups_begin with a probability
@@ -693,8 +594,6 @@ main(int ac, char **av)
int listen_sock, maxfd;
int startup_p[2];
int startups = 0;
- Authctxt *authctxt;
- int sp[2];
Key *key;
int ret, key_used = 0;
@@ -1332,84 +1231,23 @@ main(int ac, char **av)
packet_set_nonblocking();
- if (!use_privsep)
- goto skip_privilegeseparation;
-
- /* Set up unprivileged child process to deal with network data */
- monitor_socketpair(sp);
- mm_recvfd = sp[0];
- mm_sendfd = sp[1];
-
- /* Used to share zlib space across processes */
- mm_zback = mm_create(NULL, MM_MEMSIZE);
- mm_zlib = mm_create(mm_zback, 20 * MM_MEMSIZE);
-
- /* Compression needs to share state across borders */
- mm_init_compression(mm_zlib);
-
- pid = fork();
- if (pid == -1)
- fatal("fork of unprivileged child failed");
- else if (pid != 0) {
- debug2("Network child is on pid %d", pid);
- authctxt = monitor_child_preauth(mm_sendfd);
-
- /* The member allocation is not visible, so sync it */
- mm_share_sync(&mm_zlib, &mm_zback);
- goto authenticated;
- } else {
- /* Demote the private keys to public keys. */
- demote_sensitive_data();
-
- /* Change our root directory - /var/empty is standard*/
- if (chroot("/var/empty") == -1)
- fatal("chroot(/var/empty)");
- if (chdir("/") == -1)
- fatal("chdir(/)");
-
- /* Drop our privileges */
- seteuid(32767); /* XXX - Niels */
- setuid(32767);
- }
-
- skip_privilegeseparation:
-
/* perform the key exchange */
/* authenticate user and start session */
if (compat20) {
do_ssh2_kex();
- authctxt = do_authentication2();
- if (use_privsep)
- mm_send_keystate(mm_recvfd);
+ do_authentication2();
} else {
do_ssh1_kex();
- authctxt = do_authentication();
+ do_authentication();
}
-
- /* If we use privilege separation, the unprivileged child exits */
- if (use_privsep)
- exit(0);
-
- authenticated:
- /*
- * In privilege separation, we fork another child and prepare
- * file descriptor passing.
- */
- if (use_privsep)
- privsep_postauth(authctxt);
-
- /* Perform session preparation. */
- do_authenticated(authctxt);
+ /* The connection has been terminated. */
+ verbose("Closing connection to %.100s", remote_ip);
#ifdef USE_PAM
finish_pam();
#endif /* USE_PAM */
packet_close();
-
- if (use_privsep)
- mm_terminate(mm_recvfd);
-
exit(0);
}
@@ -1615,6 +1453,8 @@ do_ssh1_kex(void)
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
}
+ /* Destroy the private and public keys. They will no longer be needed. */
+ destroy_sensitive_data();
/* Destroy the decrypted integer. It is no longer needed. */
BN_clear_free(session_key_int);
@@ -1662,7 +1502,6 @@ do_ssh2_kex(void)
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->load_host_key=&get_hostkey_by_type;
- kex->host_key_index=&get_hostkey_index;
xxx_kex = kex;