1 /* $OpenBSD: sshd-auth.c,v 1.14 2026/03/11 09:10:59 dtucker Exp $ */
2 /*
3 * SSH2 implementation:
4 * Privilege Separation:
5 *
6 * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved.
7 * Copyright (c) 2002 Niels Provos. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #include "includes.h"
31
32 #include <sys/types.h>
33 #include <sys/ioctl.h>
34 #include <sys/wait.h>
35 #include <sys/tree.h>
36 #include <sys/stat.h>
37 #include <sys/socket.h>
38 #include <sys/time.h>
39 #include <sys/queue.h>
40
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <netdb.h>
44 #include <paths.h>
45 #include <pwd.h>
46 #include <grp.h>
47 #include <signal.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <stdarg.h>
52 #include <unistd.h>
53 #include <limits.h>
54
55 #ifdef WITH_OPENSSL
56 #include <openssl/bn.h>
57 #include <openssl/evp.h>
58 #endif
59
60 #include "xmalloc.h"
61 #include "ssh.h"
62 #include "ssh2.h"
63 #include "sshpty.h"
64 #include "packet.h"
65 #include "log.h"
66 #include "sshbuf.h"
67 #include "misc.h"
68 #include "match.h"
69 #include "servconf.h"
70 #include "uidswap.h"
71 #include "compat.h"
72 #include "cipher.h"
73 #include "digest.h"
74 #include "sshkey.h"
75 #include "kex.h"
76 #include "authfile.h"
77 #include "pathnames.h"
78 #include "atomicio.h"
79 #include "canohost.h"
80 #include "hostfile.h"
81 #include "auth.h"
82 #include "authfd.h"
83 #include "msg.h"
84 #include "dispatch.h"
85 #include "channels.h"
86 #include "session.h"
87 #include "monitor.h"
88 #ifdef GSSAPI
89 #include "ssh-gss.h"
90 #endif
91 #include "monitor_wrap.h"
92 #include "auth-options.h"
93 #include "version.h"
94 #include "ssherr.h"
95 #include "sk-api.h"
96 #include "srclimit.h"
97 #include "ssh-sandbox.h"
98 #include "dh.h"
99 #include "blocklist_client.h"
100
101 /* Privsep fds */
102 #define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1)
103 #define PRIVSEP_LOG_FD (STDERR_FILENO + 2)
104 #define PRIVSEP_MIN_FREE_FD (STDERR_FILENO + 3)
105
106 extern char *__progname;
107
108 /* Server configuration options. */
109 ServerOptions options;
110
111 /* Name of the server configuration file. */
112 char *config_file_name = _PATH_SERVER_CONFIG_FILE;
113
114 /*
115 * Debug mode flag. This can be set on the command line. If debug
116 * mode is enabled, extra debugging output will be sent to the system
117 * log, the daemon will not go to background, and will exit after processing
118 * the first connection.
119 */
120 int debug_flag = 0;
121
122 /* Flag indicating that the daemon is being started from inetd. */
123 static int inetd_flag = 0;
124
125 /* Saved arguments to main(). */
126 static char **saved_argv;
127 static int saved_argc;
128
129
130 /* Daemon's agent connection */
131 int auth_sock = -1;
132 static int have_agent = 0;
133
134 u_int num_hostkeys;
135 struct sshkey **host_pubkeys; /* all public host keys */
136 struct sshkey **host_certificates; /* all public host certificates */
137
138 /* record remote hostname or ip */
139 u_int utmp_len = HOST_NAME_MAX+1;
140
141 /* variables used for privilege separation */
142 struct monitor *pmonitor = NULL;
143 int privsep_is_preauth = 1;
144 static int privsep_chroot = 1;
145
146 /* global connection state and authentication contexts */
147 Authctxt *the_authctxt = NULL;
148 struct ssh *the_active_state;
149
150 /* global key/cert auth options. XXX move to permanent ssh->authctxt? */
151 struct sshauthopt *auth_opts = NULL;
152
153 /* sshd_config buffer */
154 struct sshbuf *cfg;
155
156 /* Included files from the configuration file */
157 struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);
158
159 /* message to be displayed after login */
160 struct sshbuf *loginmsg;
161
162 /* Prototypes for various functions defined later in this file. */
163 static void do_ssh2_kex(struct ssh *);
164
165 /* Unprivileged user */
166 struct passwd *privsep_pw = NULL;
167
168 #ifndef HAVE_PLEDGE
169 static struct ssh_sandbox *box;
170 #endif
171
172 /* XXX stub */
173 int
mm_is_monitor(void)174 mm_is_monitor(void)
175 {
176 return 0;
177 }
178
179 static void
privsep_child_demote(void)180 privsep_child_demote(void)
181 {
182 gid_t gidset[1];
183
184 #ifndef HAVE_PLEDGE
185 if ((box = ssh_sandbox_init(pmonitor)) == NULL)
186 fatal_f("ssh_sandbox_init failed");
187 #endif
188 /* Demote the child */
189 if (privsep_chroot) {
190 /* Change our root directory */
191 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
192 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
193 strerror(errno));
194 if (chdir("/") == -1)
195 fatal("chdir(\"/\"): %s", strerror(errno));
196
197 /*
198 * Drop our privileges
199 * NB. Can't use setusercontext() after chroot.
200 */
201 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
202 (u_int)privsep_pw->pw_gid);
203 gidset[0] = privsep_pw->pw_gid;
204 if (setgroups(1, gidset) == -1)
205 fatal("setgroups: %.100s", strerror(errno));
206 permanently_set_uid(privsep_pw);
207 }
208
209 /* sandbox ourselves */
210 #ifdef HAVE_PLEDGE
211 if (pledge("stdio", NULL) == -1)
212 fatal_f("pledge()");
213 #else
214 ssh_sandbox_child(box);
215 #endif
216 }
217
218 static void
append_hostkey_type(struct sshbuf * b,const char * s)219 append_hostkey_type(struct sshbuf *b, const char *s)
220 {
221 int r;
222
223 if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) {
224 debug3_f("%s key not permitted by HostkeyAlgorithms", s);
225 return;
226 }
227 if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0)
228 fatal_fr(r, "sshbuf_putf");
229 }
230
231 static char *
list_hostkey_types(void)232 list_hostkey_types(void)
233 {
234 struct sshbuf *b;
235 struct sshkey *key;
236 char *ret;
237 u_int i;
238
239 if ((b = sshbuf_new()) == NULL)
240 fatal_f("sshbuf_new failed");
241 for (i = 0; i < options.num_host_key_files; i++) {
242 key = host_pubkeys[i];
243 if (key == NULL)
244 continue;
245 switch (key->type) {
246 case KEY_RSA:
247 /* for RSA we also support SHA2 signatures */
248 append_hostkey_type(b, "rsa-sha2-512");
249 append_hostkey_type(b, "rsa-sha2-256");
250 /* FALLTHROUGH */
251 case KEY_ECDSA:
252 case KEY_ED25519:
253 case KEY_ECDSA_SK:
254 case KEY_ED25519_SK:
255 append_hostkey_type(b, sshkey_ssh_name(key));
256 break;
257 }
258 /* If the private key has a cert peer, then list that too */
259 key = host_certificates[i];
260 if (key == NULL)
261 continue;
262 switch (key->type) {
263 case KEY_RSA_CERT:
264 /* for RSA we also support SHA2 signatures */
265 append_hostkey_type(b,
266 "rsa-sha2-512-cert-v01@openssh.com");
267 append_hostkey_type(b,
268 "rsa-sha2-256-cert-v01@openssh.com");
269 /* FALLTHROUGH */
270 case KEY_ECDSA_CERT:
271 case KEY_ED25519_CERT:
272 case KEY_ECDSA_SK_CERT:
273 case KEY_ED25519_SK_CERT:
274 append_hostkey_type(b, sshkey_ssh_name(key));
275 break;
276 }
277 }
278 if ((ret = sshbuf_dup_string(b)) == NULL)
279 fatal_f("sshbuf_dup_string failed");
280 sshbuf_free(b);
281 debug_f("%s", ret);
282 return ret;
283 }
284
285 struct sshkey *
get_hostkey_public_by_type(int type,int nid,struct ssh * ssh)286 get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)
287 {
288 u_int i;
289 struct sshkey *key;
290
291 for (i = 0; i < options.num_host_key_files; i++) {
292 switch (type) {
293 case KEY_RSA_CERT:
294 case KEY_ECDSA_CERT:
295 case KEY_ED25519_CERT:
296 case KEY_ECDSA_SK_CERT:
297 case KEY_ED25519_SK_CERT:
298 key = host_certificates[i];
299 break;
300 default:
301 key = host_pubkeys[i];
302 break;
303 }
304 if (key == NULL || key->type != type)
305 continue;
306 switch (type) {
307 case KEY_ECDSA:
308 case KEY_ECDSA_SK:
309 case KEY_ECDSA_CERT:
310 case KEY_ECDSA_SK_CERT:
311 if (key->ecdsa_nid != nid)
312 continue;
313 /* FALLTHROUGH */
314 default:
315 return key;
316 }
317 }
318 return NULL;
319 }
320
321 /* XXX remove */
322 struct sshkey *
get_hostkey_private_by_type(int type,int nid,struct ssh * ssh)323 get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)
324 {
325 return NULL;
326 }
327
328 /* XXX remove */
329 struct sshkey *
get_hostkey_by_index(int ind)330 get_hostkey_by_index(int ind)
331 {
332 return NULL;
333 }
334
335 struct sshkey *
get_hostkey_public_by_index(int ind,struct ssh * ssh)336 get_hostkey_public_by_index(int ind, struct ssh *ssh)
337 {
338 if (ind < 0 || (u_int)ind >= options.num_host_key_files)
339 return (NULL);
340 return host_pubkeys[ind];
341 }
342
343 int
get_hostkey_index(struct sshkey * key,int compare,struct ssh * ssh)344 get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh)
345 {
346 u_int i;
347
348 for (i = 0; i < options.num_host_key_files; i++) {
349 if (sshkey_is_cert(key)) {
350 if (key == host_certificates[i] ||
351 (compare && host_certificates[i] &&
352 sshkey_equal(key, host_certificates[i])))
353 return (i);
354 } else {
355 if (key == host_pubkeys[i] ||
356 (compare && host_pubkeys[i] &&
357 sshkey_equal(key, host_pubkeys[i])))
358 return (i);
359 }
360 }
361 return (-1);
362 }
363
364 static void
usage(void)365 usage(void)
366 {
367 fprintf(stderr, "%s, %s\n", SSH_VERSION, SSH_OPENSSL_VERSION);
368 fprintf(stderr,
369 "usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]\n"
370 " [-E log_file] [-f config_file] [-g login_grace_time]\n"
371 " [-h host_key_file] [-o option] [-p port] [-u len]\n"
372 );
373 exit(1);
374 }
375
376 static void
parse_hostkeys(struct sshbuf * hostkeys)377 parse_hostkeys(struct sshbuf *hostkeys)
378 {
379 int r;
380 u_int num_keys = 0;
381 struct sshkey *k;
382 const u_char *cp;
383 size_t len;
384
385 while (sshbuf_len(hostkeys) != 0) {
386 if (num_keys > 2048)
387 fatal_f("too many hostkeys");
388 host_pubkeys = xrecallocarray(host_pubkeys,
389 num_keys, num_keys + 1, sizeof(*host_pubkeys));
390 host_certificates = xrecallocarray(host_certificates,
391 num_keys, num_keys + 1, sizeof(*host_certificates));
392 /* public key */
393 k = NULL;
394 if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0)
395 fatal_fr(r, "extract pubkey");
396 if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0)
397 fatal_fr(r, "parse pubkey");
398 host_pubkeys[num_keys] = k;
399 if (k)
400 debug2_f("key %u: %s", num_keys, sshkey_ssh_name(k));
401 /* certificate */
402 k = NULL;
403 if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0)
404 fatal_fr(r, "extract pubkey");
405 if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0)
406 fatal_fr(r, "parse pubkey");
407 host_certificates[num_keys] = k;
408 if (k)
409 debug2_f("cert %u: %s", num_keys, sshkey_ssh_name(k));
410 num_keys++;
411 }
412 num_hostkeys = num_keys;
413 }
414
415 static void
recv_privsep_state(struct ssh * ssh,struct sshbuf * conf,uint64_t * timing_secretp)416 recv_privsep_state(struct ssh *ssh, struct sshbuf *conf,
417 uint64_t *timing_secretp)
418 {
419 struct sshbuf *hostkeys;
420
421 debug3_f("begin");
422
423 mm_get_state(ssh, &includes, conf, NULL, timing_secretp,
424 &hostkeys, NULL, NULL, NULL, NULL);
425 parse_hostkeys(hostkeys);
426
427 sshbuf_free(hostkeys);
428
429 debug3_f("done");
430 }
431
432 /*
433 * Main program for the daemon.
434 */
435 int
main(int ac,char ** av)436 main(int ac, char **av)
437 {
438 struct ssh *ssh = NULL;
439 extern char *optarg;
440 extern int optind;
441 int r, opt, have_key = 0;
442 int sock_in = -1, sock_out = -1, rexeced_flag = 0;
443 char *line;
444 u_int i;
445 mode_t new_umask;
446 Authctxt *authctxt;
447 struct connection_info *connection_info = NULL;
448 sigset_t sigmask;
449 uint64_t timing_secret = 0;
450
451 closefrom(PRIVSEP_MIN_FREE_FD);
452 sigemptyset(&sigmask);
453 sigprocmask(SIG_SETMASK, &sigmask, NULL);
454
455 #ifdef HAVE_SECUREWARE
456 (void)set_auth_parameters(ac, av);
457 #endif
458 __progname = ssh_get_progname(av[0]);
459
460 /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
461 saved_argc = ac;
462 saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
463 for (i = 0; (int)i < ac; i++)
464 saved_argv[i] = xstrdup(av[i]);
465 saved_argv[i] = NULL;
466
467 seed_rng();
468
469 #ifndef HAVE_SETPROCTITLE
470 /* Prepare for later setproctitle emulation */
471 compat_init_setproctitle(ac, av);
472 av = saved_argv;
473 #endif
474
475 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
476 sanitise_stdfd();
477
478 /* Initialize configuration options to their default values. */
479 initialize_server_options(&options);
480
481 /* Parse command-line arguments. */
482 while ((opt = getopt(ac, av,
483 "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
484 switch (opt) {
485 case '4':
486 options.address_family = AF_INET;
487 break;
488 case '6':
489 options.address_family = AF_INET6;
490 break;
491 case 'f':
492 config_file_name = optarg;
493 break;
494 case 'c':
495 servconf_add_hostcert("[command-line]", 0,
496 &options, optarg);
497 break;
498 case 'd':
499 if (debug_flag == 0) {
500 debug_flag = 1;
501 options.log_level = SYSLOG_LEVEL_DEBUG1;
502 } else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
503 options.log_level++;
504 break;
505 case 'D':
506 case 'E':
507 case 'e':
508 /* ignore */
509 break;
510 case 'i':
511 inetd_flag = 1;
512 break;
513 case 'r':
514 /* ignore */
515 break;
516 case 'R':
517 rexeced_flag = 1;
518 break;
519 case 'Q':
520 /* ignored */
521 break;
522 case 'q':
523 options.log_level = SYSLOG_LEVEL_QUIET;
524 break;
525 case 'b':
526 /* protocol 1, ignored */
527 break;
528 case 'p':
529 options.ports_from_cmdline = 1;
530 if (options.num_ports >= MAX_PORTS) {
531 fprintf(stderr, "too many ports.\n");
532 exit(1);
533 }
534 options.ports[options.num_ports++] = a2port(optarg);
535 if (options.ports[options.num_ports-1] <= 0) {
536 fprintf(stderr, "Bad port number.\n");
537 exit(1);
538 }
539 break;
540 case 'g':
541 if ((options.login_grace_time = convtime(optarg)) == -1) {
542 fprintf(stderr, "Invalid login grace time.\n");
543 exit(1);
544 }
545 break;
546 case 'k':
547 /* protocol 1, ignored */
548 break;
549 case 'h':
550 servconf_add_hostkey("[command-line]", 0,
551 &options, optarg, 1);
552 break;
553 case 't':
554 case 'T':
555 case 'G':
556 fatal("test/dump modes not supported");
557 break;
558 case 'C':
559 connection_info = server_get_connection_info(ssh, 0, 0);
560 if (parse_server_match_testspec(connection_info,
561 optarg) == -1)
562 exit(1);
563 break;
564 case 'u':
565 utmp_len = (u_int)strtonum(optarg, 0, HOST_NAME_MAX+1+1, NULL);
566 if (utmp_len > HOST_NAME_MAX+1) {
567 fprintf(stderr, "Invalid utmp length.\n");
568 exit(1);
569 }
570 break;
571 case 'o':
572 line = xstrdup(optarg);
573 if (process_server_config_line(&options, line,
574 "command-line", 0, NULL, NULL, &includes) != 0)
575 exit(1);
576 free(line);
577 break;
578 case 'V':
579 fprintf(stderr, "%s, %s\n",
580 SSH_VERSION, SSH_OPENSSL_VERSION);
581 exit(0);
582 default:
583 usage();
584 break;
585 }
586 }
587
588 if (!rexeced_flag)
589 fatal("sshd-auth should not be executed directly");
590
591 log_init(__progname,
592 options.log_level == SYSLOG_LEVEL_NOT_SET ?
593 SYSLOG_LEVEL_INFO : options.log_level,
594 options.log_facility == SYSLOG_FACILITY_NOT_SET ?
595 SYSLOG_FACILITY_AUTH : options.log_facility, 1);
596
597 /* XXX can't use monitor_init(); it makes fds */
598 pmonitor = xcalloc(1, sizeof(*pmonitor));
599 pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
600 pmonitor->m_recvfd = PRIVSEP_MONITOR_FD;
601 pmonitor->m_log_sendfd = PRIVSEP_LOG_FD;
602 set_log_handler(mm_log_handler, pmonitor);
603
604 /* Check that there are no remaining arguments. */
605 if (optind < ac) {
606 fprintf(stderr, "Extra argument %s.\n", av[optind]);
607 exit(1);
608 }
609
610 /* Connection passed by stdin/out */
611 if (inetd_flag) {
612 /*
613 * NB. must be different fd numbers for the !socket case,
614 * as packet_connection_is_on_socket() depends on this.
615 */
616 sock_in = dup(STDIN_FILENO);
617 sock_out = dup(STDOUT_FILENO);
618 } else {
619 /* rexec case; accept()ed socket in ancestor listener */
620 sock_in = sock_out = dup(STDIN_FILENO);
621 }
622
623 if (stdfd_devnull(1, 1, 0) == -1)
624 error("stdfd_devnull failed");
625 debug("network sockets: %d, %d", sock_in, sock_out);
626
627 /*
628 * Register our connection. This turns encryption off because we do
629 * not have a key.
630 */
631 if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)
632 fatal("Unable to create connection");
633 the_active_state = ssh;
634 ssh_packet_set_server(ssh);
635 pmonitor->m_pkex = &ssh->kex;
636
637 /* Fetch our configuration */
638 if ((cfg = sshbuf_new()) == NULL)
639 fatal("sshbuf_new config buf failed");
640 setproctitle("%s", "[session-auth early]");
641 recv_privsep_state(ssh, cfg, &timing_secret);
642 parse_server_config(&options, "rexec", cfg, &includes, NULL, 1);
643 /* Fill in default values for those options not explicitly set. */
644 fill_default_server_options(&options);
645 options.timing_secret = timing_secret; /* XXX eliminate from unpriv */
646 ssh_packet_set_qos(ssh, options.ip_qos_interactive,
647 options.ip_qos_bulk);
648
649 /* Reinit logging in case config set Level, Facility or Verbose. */
650 log_init(__progname, options.log_level, options.log_facility, 1);
651 set_log_handler(mm_log_handler, pmonitor);
652
653 debug("sshd-auth version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
654
655 /* Store privilege separation user for later use if required. */
656 privsep_chroot = (getuid() == 0 || geteuid() == 0);
657 if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
658 if (privsep_chroot || options.kerberos_authentication)
659 fatal("Privilege separation user %s does not exist",
660 SSH_PRIVSEP_USER);
661 } else {
662 privsep_pw = pwcopy(privsep_pw);
663 freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd));
664 privsep_pw->pw_passwd = xstrdup("*");
665 }
666 endpwent();
667
668 #ifdef WITH_OPENSSL
669 if (options.moduli_file != NULL)
670 dh_set_moduli_file(options.moduli_file);
671 #endif
672
673 if (options.host_key_agent) {
674 if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
675 setenv(SSH_AUTHSOCKET_ENV_NAME,
676 options.host_key_agent, 1);
677 if ((r = ssh_get_authentication_socket(NULL)) == 0)
678 have_agent = 1;
679 else
680 error_r(r, "Could not connect to agent \"%s\"",
681 options.host_key_agent);
682 }
683
684 if (options.num_host_key_files != num_hostkeys) {
685 fatal("internal error: hostkeys confused (config %u recvd %u)",
686 options.num_host_key_files, num_hostkeys);
687 }
688
689 for (i = 0; i < options.num_host_key_files; i++) {
690 if (host_pubkeys[i] != NULL) {
691 have_key = 1;
692 break;
693 }
694 }
695 if (!have_key)
696 fatal("internal error: received no hostkeys");
697
698 /* Ensure that umask disallows at least group and world write */
699 new_umask = umask(0077) | 0022;
700 (void) umask(new_umask);
701
702 /* Initialize the log (it is reinitialized below in case we forked). */
703 log_init(__progname, options.log_level, options.log_facility, 1);
704 set_log_handler(mm_log_handler, pmonitor);
705 for (i = 0; i < options.num_log_verbose; i++)
706 log_verbose_add(options.log_verbose[i]);
707
708 /*
709 * Chdir to the root directory so that the current disk can be
710 * unmounted if desired.
711 */
712 if (chdir("/") == -1)
713 error("chdir(\"/\"): %s", strerror(errno));
714
715 /* This is the child authenticating a new connection. */
716 setproctitle("%s", "[session-auth]");
717
718 /* Executed child processes don't need these. */
719 FD_CLOSEONEXEC(sock_out);
720 FD_CLOSEONEXEC(sock_in);
721
722 ssh_signal(SIGPIPE, SIG_IGN);
723 ssh_signal(SIGALRM, SIG_DFL);
724 ssh_signal(SIGHUP, SIG_DFL);
725 ssh_signal(SIGTERM, SIG_DFL);
726 ssh_signal(SIGQUIT, SIG_DFL);
727 ssh_signal(SIGCHLD, SIG_DFL);
728
729 /* Prepare the channels layer */
730 channel_init_channels(ssh);
731 channel_set_af(ssh, options.address_family);
732 server_process_channel_timeouts(ssh);
733 server_process_permitopen(ssh);
734
735 ssh_packet_set_nonblocking(ssh);
736
737 /* allocate authentication context */
738 authctxt = xcalloc(1, sizeof(*authctxt));
739 ssh->authctxt = authctxt;
740
741 /* XXX global for cleanup, access from other modules */
742 the_authctxt = authctxt;
743
744 /* Set default key authentication options */
745 if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL)
746 fatal("allocation failed");
747
748 /* prepare buffer to collect messages to display to user after login */
749 if ((loginmsg = sshbuf_new()) == NULL)
750 fatal("sshbuf_new loginmsg failed");
751 auth_debug_reset();
752
753 #ifdef GSSAPI
754 /* Cache supported mechanism OIDs for later use */
755 ssh_gssapi_prepare_supported_oids();
756 #endif
757
758 privsep_child_demote();
759
760 /* perform the key exchange */
761 /* authenticate user and start session */
762 do_ssh2_kex(ssh);
763 do_authentication2(ssh);
764
765 /*
766 * The unprivileged child now transfers the current keystate and exits.
767 */
768 mm_send_keystate(ssh, pmonitor);
769 sshauthopt_free(auth_opts);
770 ssh_packet_clear_keys(ssh);
771 exit(0);
772 }
773
774 int
sshd_hostkey_sign(struct ssh * ssh,struct sshkey * privkey,struct sshkey * pubkey,u_char ** signature,size_t * slenp,const u_char * data,size_t dlen,const char * alg)775 sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
776 struct sshkey *pubkey, u_char **signature, size_t *slenp,
777 const u_char *data, size_t dlen, const char *alg)
778 {
779 if (privkey) {
780 if (mm_sshkey_sign(ssh, privkey, signature, slenp,
781 data, dlen, alg, options.sk_provider, NULL,
782 ssh->compat) < 0)
783 fatal_f("privkey sign failed");
784 } else {
785 if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
786 data, dlen, alg, options.sk_provider, NULL,
787 ssh->compat) < 0)
788 fatal_f("pubkey sign failed");
789 }
790 return 0;
791 }
792
793 /* SSH2 key exchange */
794 static void
do_ssh2_kex(struct ssh * ssh)795 do_ssh2_kex(struct ssh *ssh)
796 {
797 char *hkalgs = NULL, *myproposal[PROPOSAL_MAX];
798 const char *compression = NULL;
799 struct kex *kex;
800 int r;
801
802 if (options.rekey_limit || options.rekey_interval)
803 ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
804 options.rekey_interval);
805
806 if (options.compression == COMP_NONE)
807 compression = "none";
808 hkalgs = list_hostkey_types();
809
810 kex_proposal_populate_entries(ssh, myproposal, options.kex_algorithms,
811 options.ciphers, options.macs, compression, hkalgs);
812
813 free(hkalgs);
814
815 if ((r = kex_exchange_identification(ssh, -1,
816 options.version_addendum)) != 0) {
817 BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, "Banner exchange");
818 sshpkt_fatal(ssh, r, "banner exchange");
819 }
820 mm_sshkey_setcompat(ssh); /* tell monitor */
821
822 if ((ssh->compat & SSH_BUG_NOREKEY))
823 debug("client does not support rekeying");
824
825 /* start key exchange */
826 if ((r = kex_setup(ssh, myproposal)) != 0)
827 fatal_r(r, "kex_setup");
828 kex_set_server_sig_algs(ssh, options.pubkey_accepted_algos);
829 kex = ssh->kex;
830
831 #ifdef WITH_OPENSSL
832 kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
833 kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
834 kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
835 kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
836 kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
837 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
838 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
839 # ifdef OPENSSL_HAS_ECC
840 kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
841 # endif /* OPENSSL_HAS_ECC */
842 #endif /* WITH_OPENSSL */
843 kex->kex[KEX_C25519_SHA256] = kex_gen_server;
844 kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
845 kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server;
846 kex->load_host_public_key=&get_hostkey_public_by_type;
847 kex->load_host_private_key=&get_hostkey_private_by_type;
848 kex->host_key_index=&get_hostkey_index;
849 kex->sign = sshd_hostkey_sign;
850
851 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
852 kex_proposal_free_entries(myproposal);
853
854 #ifdef DEBUG_KEXDH
855 /* send 1st encrypted/maced/compressed message */
856 if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||
857 (r = sshpkt_put_cstring(ssh, "markus")) != 0 ||
858 (r = sshpkt_send(ssh)) != 0 ||
859 (r = ssh_packet_write_wait(ssh)) != 0)
860 fatal_fr(r, "send test");
861 #endif
862 debug("KEX done");
863 }
864
865 /* server specific fatal cleanup */
866 void
cleanup_exit(int i)867 cleanup_exit(int i)
868 {
869 _exit(i);
870 }
871