1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * This program is the ssh daemon. It listens for connections from clients, 6 * and performs authentication, executes use commands or shell, and forwards 7 * information to/from the application to the user client over an encrypted 8 * connection. This can also handle forwarding of X11, TCP/IP, and 9 * authentication agent connections. 10 * 11 * As far as I am concerned, the code I have written for this software 12 * can be used freely for any purpose. Any derived versions of this 13 * software must be clearly marked as such, and if the derived work is 14 * incompatible with the protocol description in the RFC file, it must be 15 * called by a name other than "ssh" or "Secure Shell". 16 * 17 * SSH2 implementation: 18 * Privilege Separation: 19 * 20 * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved. 21 * Copyright (c) 2002 Niels Provos. All rights reserved. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the above copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 32 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 33 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 34 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 35 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 36 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 37 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 38 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 39 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 40 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 41 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 42 */ 43 44 #include "includes.h" 45 RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $"); 46 RCSID("$FreeBSD$"); 47 48 #include <openssl/dh.h> 49 #include <openssl/bn.h> 50 #include <openssl/md5.h> 51 #include <openssl/rand.h> 52 #ifdef HAVE_SECUREWARE 53 #include <sys/security.h> 54 #include <prot.h> 55 #endif 56 57 #ifdef __FreeBSD__ 58 #include <resolv.h> 59 #endif 60 61 #include "ssh.h" 62 #include "ssh1.h" 63 #include "ssh2.h" 64 #include "xmalloc.h" 65 #include "rsa.h" 66 #include "sshpty.h" 67 #include "packet.h" 68 #include "log.h" 69 #include "servconf.h" 70 #include "uidswap.h" 71 #include "compat.h" 72 #include "buffer.h" 73 #include "bufaux.h" 74 #include "cipher.h" 75 #include "kex.h" 76 #include "key.h" 77 #include "dh.h" 78 #include "myproposal.h" 79 #include "authfile.h" 80 #include "pathnames.h" 81 #include "atomicio.h" 82 #include "canohost.h" 83 #include "auth.h" 84 #include "misc.h" 85 #include "msg.h" 86 #include "dispatch.h" 87 #include "channels.h" 88 #include "session.h" 89 #include "monitor_mm.h" 90 #include "monitor.h" 91 #include "monitor_wrap.h" 92 #include "monitor_fdpass.h" 93 94 #ifdef LIBWRAP 95 #include <tcpd.h> 96 #include <syslog.h> 97 int allow_severity = LOG_INFO; 98 int deny_severity = LOG_WARNING; 99 #endif /* LIBWRAP */ 100 101 #ifndef O_NOCTTY 102 #define O_NOCTTY 0 103 #endif 104 105 /* Re-exec fds */ 106 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) 107 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) 108 #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) 109 #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) 110 111 extern char *__progname; 112 113 /* Server configuration options. */ 114 ServerOptions options; 115 116 /* Name of the server configuration file. */ 117 char *config_file_name = _PATH_SERVER_CONFIG_FILE; 118 119 /* 120 * Debug mode flag. This can be set on the command line. If debug 121 * mode is enabled, extra debugging output will be sent to the system 122 * log, the daemon will not go to background, and will exit after processing 123 * the first connection. 124 */ 125 int debug_flag = 0; 126 127 /* Flag indicating that the daemon should only test the configuration and keys. */ 128 int test_flag = 0; 129 130 /* Flag indicating that the daemon is being started from inetd. */ 131 int inetd_flag = 0; 132 133 /* Flag indicating that sshd should not detach and become a daemon. */ 134 int no_daemon_flag = 0; 135 136 /* debug goes to stderr unless inetd_flag is set */ 137 int log_stderr = 0; 138 139 /* Saved arguments to main(). */ 140 char **saved_argv; 141 int saved_argc; 142 143 /* re-exec */ 144 int rexeced_flag = 0; 145 int rexec_flag = 1; 146 int rexec_argc = 0; 147 char **rexec_argv; 148 149 /* 150 * The sockets that the server is listening; this is used in the SIGHUP 151 * signal handler. 152 */ 153 #define MAX_LISTEN_SOCKS 16 154 int listen_socks[MAX_LISTEN_SOCKS]; 155 int num_listen_socks = 0; 156 157 /* 158 * the client's version string, passed by sshd2 in compat mode. if != NULL, 159 * sshd will skip the version-number exchange 160 */ 161 char *client_version_string = NULL; 162 char *server_version_string = NULL; 163 164 /* for rekeying XXX fixme */ 165 Kex *xxx_kex; 166 167 /* 168 * Any really sensitive data in the application is contained in this 169 * structure. The idea is that this structure could be locked into memory so 170 * that the pages do not get written into swap. However, there are some 171 * problems. The private key contains BIGNUMs, and we do not (in principle) 172 * have access to the internals of them, and locking just the structure is 173 * not very useful. Currently, memory locking is not implemented. 174 */ 175 struct { 176 Key *server_key; /* ephemeral server key */ 177 Key *ssh1_host_key; /* ssh1 host key */ 178 Key **host_keys; /* all private host keys */ 179 int have_ssh1_key; 180 int have_ssh2_key; 181 u_char ssh1_cookie[SSH_SESSION_KEY_LENGTH]; 182 } sensitive_data; 183 184 /* 185 * Flag indicating whether the RSA server key needs to be regenerated. 186 * Is set in the SIGALRM handler and cleared when the key is regenerated. 187 */ 188 static volatile sig_atomic_t key_do_regen = 0; 189 190 /* This is set to true when a signal is received. */ 191 static volatile sig_atomic_t received_sighup = 0; 192 static volatile sig_atomic_t received_sigterm = 0; 193 194 /* session identifier, used by RSA-auth */ 195 u_char session_id[16]; 196 197 /* same for ssh2 */ 198 u_char *session_id2 = NULL; 199 u_int session_id2_len = 0; 200 201 /* record remote hostname or ip */ 202 u_int utmp_len = MAXHOSTNAMELEN; 203 204 /* options.max_startup sized array of fd ints */ 205 int *startup_pipes = NULL; 206 int startup_pipe; /* in child */ 207 208 /* variables used for privilege separation */ 209 int use_privsep; 210 struct monitor *pmonitor = NULL; 211 212 /* global authentication context */ 213 Authctxt *the_authctxt = NULL; 214 215 /* message to be displayed after login */ 216 Buffer loginmsg; 217 218 /* Prototypes for various functions defined later in this file. */ 219 void destroy_sensitive_data(void); 220 void demote_sensitive_data(void); 221 222 static void do_ssh1_kex(void); 223 static void do_ssh2_kex(void); 224 225 /* 226 * Close all listening sockets 227 */ 228 static void 229 close_listen_socks(void) 230 { 231 int i; 232 233 for (i = 0; i < num_listen_socks; i++) 234 close(listen_socks[i]); 235 num_listen_socks = -1; 236 } 237 238 static void 239 close_startup_pipes(void) 240 { 241 int i; 242 243 if (startup_pipes) 244 for (i = 0; i < options.max_startups; i++) 245 if (startup_pipes[i] != -1) 246 close(startup_pipes[i]); 247 } 248 249 /* 250 * Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; 251 * the effect is to reread the configuration file (and to regenerate 252 * the server key). 253 */ 254 static void 255 sighup_handler(int sig) 256 { 257 int save_errno = errno; 258 259 received_sighup = 1; 260 signal(SIGHUP, sighup_handler); 261 errno = save_errno; 262 } 263 264 /* 265 * Called from the main program after receiving SIGHUP. 266 * Restarts the server. 267 */ 268 static void 269 sighup_restart(void) 270 { 271 logit("Received SIGHUP; restarting."); 272 close_listen_socks(); 273 close_startup_pipes(); 274 execv(saved_argv[0], saved_argv); 275 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], 276 strerror(errno)); 277 exit(1); 278 } 279 280 /* 281 * Generic signal handler for terminating signals in the master daemon. 282 */ 283 static void 284 sigterm_handler(int sig) 285 { 286 received_sigterm = sig; 287 } 288 289 /* 290 * SIGCHLD handler. This is called whenever a child dies. This will then 291 * reap any zombies left by exited children. 292 */ 293 static void 294 main_sigchld_handler(int sig) 295 { 296 int save_errno = errno; 297 pid_t pid; 298 int status; 299 300 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 301 (pid < 0 && errno == EINTR)) 302 ; 303 304 signal(SIGCHLD, main_sigchld_handler); 305 errno = save_errno; 306 } 307 308 /* 309 * Signal handler for the alarm after the login grace period has expired. 310 */ 311 static void 312 grace_alarm_handler(int sig) 313 { 314 /* XXX no idea how fix this signal handler */ 315 316 if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) 317 kill(pmonitor->m_pid, SIGALRM); 318 319 /* Log error and exit. */ 320 fatal("Timeout before authentication for %s", get_remote_ipaddr()); 321 } 322 323 /* 324 * Signal handler for the key regeneration alarm. Note that this 325 * alarm only occurs in the daemon waiting for connections, and it does not 326 * do anything with the private key or random state before forking. 327 * Thus there should be no concurrency control/asynchronous execution 328 * problems. 329 */ 330 static void 331 generate_ephemeral_server_key(void) 332 { 333 u_int32_t rnd = 0; 334 int i; 335 336 verbose("Generating %s%d bit RSA key.", 337 sensitive_data.server_key ? "new " : "", options.server_key_bits); 338 if (sensitive_data.server_key != NULL) 339 key_free(sensitive_data.server_key); 340 sensitive_data.server_key = key_generate(KEY_RSA1, 341 options.server_key_bits); 342 verbose("RSA key generation complete."); 343 344 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 345 if (i % 4 == 0) 346 rnd = arc4random(); 347 sensitive_data.ssh1_cookie[i] = rnd & 0xff; 348 rnd >>= 8; 349 } 350 arc4random_stir(); 351 } 352 353 static void 354 key_regeneration_alarm(int sig) 355 { 356 int save_errno = errno; 357 358 signal(SIGALRM, SIG_DFL); 359 errno = save_errno; 360 key_do_regen = 1; 361 } 362 363 static void 364 sshd_exchange_identification(int sock_in, int sock_out) 365 { 366 int i, mismatch; 367 int remote_major, remote_minor; 368 int major, minor; 369 char *s; 370 char buf[256]; /* Must not be larger than remote_version. */ 371 char remote_version[256]; /* Must be at least as big as buf. */ 372 373 if ((options.protocol & SSH_PROTO_1) && 374 (options.protocol & SSH_PROTO_2)) { 375 major = PROTOCOL_MAJOR_1; 376 minor = 99; 377 } else if (options.protocol & SSH_PROTO_2) { 378 major = PROTOCOL_MAJOR_2; 379 minor = PROTOCOL_MINOR_2; 380 } else { 381 major = PROTOCOL_MAJOR_1; 382 minor = PROTOCOL_MINOR_1; 383 } 384 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION); 385 server_version_string = xstrdup(buf); 386 387 /* Send our protocol version identification. */ 388 if (atomicio(vwrite, sock_out, server_version_string, 389 strlen(server_version_string)) 390 != strlen(server_version_string)) { 391 logit("Could not write ident string to %s", get_remote_ipaddr()); 392 cleanup_exit(255); 393 } 394 395 /* Read other sides version identification. */ 396 memset(buf, 0, sizeof(buf)); 397 for (i = 0; i < sizeof(buf) - 1; i++) { 398 if (atomicio(read, sock_in, &buf[i], 1) != 1) { 399 logit("Did not receive identification string from %s", 400 get_remote_ipaddr()); 401 cleanup_exit(255); 402 } 403 if (buf[i] == '\r') { 404 buf[i] = 0; 405 /* Kludge for F-Secure Macintosh < 1.0.2 */ 406 if (i == 12 && 407 strncmp(buf, "SSH-1.5-W1.0", 12) == 0) 408 break; 409 continue; 410 } 411 if (buf[i] == '\n') { 412 buf[i] = 0; 413 break; 414 } 415 } 416 buf[sizeof(buf) - 1] = 0; 417 client_version_string = xstrdup(buf); 418 419 /* 420 * Check that the versions match. In future this might accept 421 * several versions and set appropriate flags to handle them. 422 */ 423 if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", 424 &remote_major, &remote_minor, remote_version) != 3) { 425 s = "Protocol mismatch.\n"; 426 (void) atomicio(vwrite, sock_out, s, strlen(s)); 427 close(sock_in); 428 close(sock_out); 429 logit("Bad protocol version identification '%.100s' from %s", 430 client_version_string, get_remote_ipaddr()); 431 cleanup_exit(255); 432 } 433 debug("Client protocol version %d.%d; client software version %.100s", 434 remote_major, remote_minor, remote_version); 435 436 compat_datafellows(remote_version); 437 438 if (datafellows & SSH_BUG_PROBE) { 439 logit("probed from %s with %s. Don't panic.", 440 get_remote_ipaddr(), client_version_string); 441 cleanup_exit(255); 442 } 443 444 if (datafellows & SSH_BUG_SCANNER) { 445 logit("scanned from %s with %s. Don't panic.", 446 get_remote_ipaddr(), client_version_string); 447 cleanup_exit(255); 448 } 449 450 mismatch = 0; 451 switch (remote_major) { 452 case 1: 453 if (remote_minor == 99) { 454 if (options.protocol & SSH_PROTO_2) 455 enable_compat20(); 456 else 457 mismatch = 1; 458 break; 459 } 460 if (!(options.protocol & SSH_PROTO_1)) { 461 mismatch = 1; 462 break; 463 } 464 if (remote_minor < 3) { 465 packet_disconnect("Your ssh version is too old and " 466 "is no longer supported. Please install a newer version."); 467 } else if (remote_minor == 3) { 468 /* note that this disables agent-forwarding */ 469 enable_compat13(); 470 } 471 break; 472 case 2: 473 if (options.protocol & SSH_PROTO_2) { 474 enable_compat20(); 475 break; 476 } 477 /* FALLTHROUGH */ 478 default: 479 mismatch = 1; 480 break; 481 } 482 chop(server_version_string); 483 debug("Local version string %.200s", server_version_string); 484 485 if (mismatch) { 486 s = "Protocol major versions differ.\n"; 487 (void) atomicio(vwrite, sock_out, s, strlen(s)); 488 close(sock_in); 489 close(sock_out); 490 logit("Protocol major versions differ for %s: %.200s vs. %.200s", 491 get_remote_ipaddr(), 492 server_version_string, client_version_string); 493 cleanup_exit(255); 494 } 495 } 496 497 /* Destroy the host and server keys. They will no longer be needed. */ 498 void 499 destroy_sensitive_data(void) 500 { 501 int i; 502 503 if (sensitive_data.server_key) { 504 key_free(sensitive_data.server_key); 505 sensitive_data.server_key = NULL; 506 } 507 for (i = 0; i < options.num_host_key_files; i++) { 508 if (sensitive_data.host_keys[i]) { 509 key_free(sensitive_data.host_keys[i]); 510 sensitive_data.host_keys[i] = NULL; 511 } 512 } 513 sensitive_data.ssh1_host_key = NULL; 514 memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); 515 } 516 517 /* Demote private to public keys for network child */ 518 void 519 demote_sensitive_data(void) 520 { 521 Key *tmp; 522 int i; 523 524 if (sensitive_data.server_key) { 525 tmp = key_demote(sensitive_data.server_key); 526 key_free(sensitive_data.server_key); 527 sensitive_data.server_key = tmp; 528 } 529 530 for (i = 0; i < options.num_host_key_files; i++) { 531 if (sensitive_data.host_keys[i]) { 532 tmp = key_demote(sensitive_data.host_keys[i]); 533 key_free(sensitive_data.host_keys[i]); 534 sensitive_data.host_keys[i] = tmp; 535 if (tmp->type == KEY_RSA1) 536 sensitive_data.ssh1_host_key = tmp; 537 } 538 } 539 540 /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ 541 } 542 543 static void 544 privsep_preauth_child(void) 545 { 546 u_int32_t rnd[256]; 547 gid_t gidset[1]; 548 struct passwd *pw; 549 int i; 550 551 /* Enable challenge-response authentication for privilege separation */ 552 privsep_challenge_enable(); 553 554 for (i = 0; i < 256; i++) 555 rnd[i] = arc4random(); 556 RAND_seed(rnd, sizeof(rnd)); 557 558 /* Demote the private keys to public keys. */ 559 demote_sensitive_data(); 560 561 if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) 562 fatal("Privilege separation user %s does not exist", 563 SSH_PRIVSEP_USER); 564 memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); 565 endpwent(); 566 567 /* Change our root directory */ 568 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) 569 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, 570 strerror(errno)); 571 if (chdir("/") == -1) 572 fatal("chdir(\"/\"): %s", strerror(errno)); 573 574 /* Drop our privileges */ 575 debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, 576 (u_int)pw->pw_gid); 577 #if 0 578 /* XXX not ready, too heavy after chroot */ 579 do_setusercontext(pw); 580 #else 581 gidset[0] = pw->pw_gid; 582 if (setgroups(1, gidset) < 0) 583 fatal("setgroups: %.100s", strerror(errno)); 584 permanently_set_uid(pw); 585 #endif 586 } 587 588 static int 589 privsep_preauth(Authctxt *authctxt) 590 { 591 int status; 592 pid_t pid; 593 594 /* Set up unprivileged child process to deal with network data */ 595 pmonitor = monitor_init(); 596 /* Store a pointer to the kex for later rekeying */ 597 pmonitor->m_pkex = &xxx_kex; 598 599 pid = fork(); 600 if (pid == -1) { 601 fatal("fork of unprivileged child failed"); 602 } else if (pid != 0) { 603 debug2("Network child is on pid %ld", (long)pid); 604 605 close(pmonitor->m_recvfd); 606 pmonitor->m_pid = pid; 607 monitor_child_preauth(authctxt, pmonitor); 608 close(pmonitor->m_sendfd); 609 610 /* Sync memory */ 611 monitor_sync(pmonitor); 612 613 /* Wait for the child's exit status */ 614 while (waitpid(pid, &status, 0) < 0) 615 if (errno != EINTR) 616 break; 617 return (1); 618 } else { 619 /* child */ 620 621 close(pmonitor->m_sendfd); 622 623 /* Demote the child */ 624 if (getuid() == 0 || geteuid() == 0) 625 privsep_preauth_child(); 626 setproctitle("%s", "[net]"); 627 } 628 return (0); 629 } 630 631 static void 632 privsep_postauth(Authctxt *authctxt) 633 { 634 #ifdef DISABLE_FD_PASSING 635 if (1) { 636 #else 637 if (authctxt->pw->pw_uid == 0 || options.use_login) { 638 #endif 639 /* File descriptor passing is broken or root login */ 640 monitor_apply_keystate(pmonitor); 641 use_privsep = 0; 642 return; 643 } 644 645 /* Authentication complete */ 646 alarm(0); 647 if (startup_pipe != -1) { 648 close(startup_pipe); 649 startup_pipe = -1; 650 } 651 652 /* New socket pair */ 653 monitor_reinit(pmonitor); 654 655 pmonitor->m_pid = fork(); 656 if (pmonitor->m_pid == -1) 657 fatal("fork of unprivileged child failed"); 658 else if (pmonitor->m_pid != 0) { 659 debug2("User child is on pid %ld", (long)pmonitor->m_pid); 660 close(pmonitor->m_recvfd); 661 buffer_clear(&loginmsg); 662 monitor_child_postauth(pmonitor); 663 664 /* NEVERREACHED */ 665 exit(0); 666 } 667 668 close(pmonitor->m_sendfd); 669 670 /* Demote the private keys to public keys. */ 671 demote_sensitive_data(); 672 673 /* Drop privileges */ 674 do_setusercontext(authctxt->pw); 675 676 /* It is safe now to apply the key state */ 677 monitor_apply_keystate(pmonitor); 678 } 679 680 static char * 681 list_hostkey_types(void) 682 { 683 Buffer b; 684 const char *p; 685 char *ret; 686 int i; 687 688 buffer_init(&b); 689 for (i = 0; i < options.num_host_key_files; i++) { 690 Key *key = sensitive_data.host_keys[i]; 691 if (key == NULL) 692 continue; 693 switch (key->type) { 694 case KEY_RSA: 695 case KEY_DSA: 696 if (buffer_len(&b) > 0) 697 buffer_append(&b, ",", 1); 698 p = key_ssh_name(key); 699 buffer_append(&b, p, strlen(p)); 700 break; 701 } 702 } 703 buffer_append(&b, "\0", 1); 704 ret = xstrdup(buffer_ptr(&b)); 705 buffer_free(&b); 706 debug("list_hostkey_types: %s", ret); 707 return ret; 708 } 709 710 Key * 711 get_hostkey_by_type(int type) 712 { 713 int i; 714 715 for (i = 0; i < options.num_host_key_files; i++) { 716 Key *key = sensitive_data.host_keys[i]; 717 if (key != NULL && key->type == type) 718 return key; 719 } 720 return NULL; 721 } 722 723 Key * 724 get_hostkey_by_index(int ind) 725 { 726 if (ind < 0 || ind >= options.num_host_key_files) 727 return (NULL); 728 return (sensitive_data.host_keys[ind]); 729 } 730 731 int 732 get_hostkey_index(Key *key) 733 { 734 int i; 735 736 for (i = 0; i < options.num_host_key_files; i++) { 737 if (key == sensitive_data.host_keys[i]) 738 return (i); 739 } 740 return (-1); 741 } 742 743 /* 744 * returns 1 if connection should be dropped, 0 otherwise. 745 * dropping starts at connection #max_startups_begin with a probability 746 * of (max_startups_rate/100). the probability increases linearly until 747 * all connections are dropped for startups > max_startups 748 */ 749 static int 750 drop_connection(int startups) 751 { 752 int p, r; 753 754 if (startups < options.max_startups_begin) 755 return 0; 756 if (startups >= options.max_startups) 757 return 1; 758 if (options.max_startups_rate == 100) 759 return 1; 760 761 p = 100 - options.max_startups_rate; 762 p *= startups - options.max_startups_begin; 763 p /= options.max_startups - options.max_startups_begin; 764 p += options.max_startups_rate; 765 r = arc4random() % 100; 766 767 debug("drop_connection: p %d, r %d", p, r); 768 return (r < p) ? 1 : 0; 769 } 770 771 static void 772 usage(void) 773 { 774 fprintf(stderr, "%s, %s\n", 775 SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); 776 fprintf(stderr, 777 "usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n" 778 " [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n" 779 ); 780 exit(1); 781 } 782 783 static void 784 send_rexec_state(int fd, Buffer *conf) 785 { 786 Buffer m; 787 788 debug3("%s: entering fd = %d config len %d", __func__, fd, 789 buffer_len(conf)); 790 791 /* 792 * Protocol from reexec master to child: 793 * string configuration 794 * u_int ephemeral_key_follows 795 * bignum e (only if ephemeral_key_follows == 1) 796 * bignum n " 797 * bignum d " 798 * bignum iqmp " 799 * bignum p " 800 * bignum q " 801 */ 802 buffer_init(&m); 803 buffer_put_cstring(&m, buffer_ptr(conf)); 804 805 if (sensitive_data.server_key != NULL && 806 sensitive_data.server_key->type == KEY_RSA1) { 807 buffer_put_int(&m, 1); 808 buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); 809 buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); 810 buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); 811 buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); 812 buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); 813 buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); 814 } else 815 buffer_put_int(&m, 0); 816 817 if (ssh_msg_send(fd, 0, &m) == -1) 818 fatal("%s: ssh_msg_send failed", __func__); 819 820 buffer_free(&m); 821 822 debug3("%s: done", __func__); 823 } 824 825 static void 826 recv_rexec_state(int fd, Buffer *conf) 827 { 828 Buffer m; 829 char *cp; 830 u_int len; 831 832 debug3("%s: entering fd = %d", __func__, fd); 833 834 buffer_init(&m); 835 836 if (ssh_msg_recv(fd, &m) == -1) 837 fatal("%s: ssh_msg_recv failed", __func__); 838 if (buffer_get_char(&m) != 0) 839 fatal("%s: rexec version mismatch", __func__); 840 841 cp = buffer_get_string(&m, &len); 842 if (conf != NULL) 843 buffer_append(conf, cp, len + 1); 844 xfree(cp); 845 846 if (buffer_get_int(&m)) { 847 if (sensitive_data.server_key != NULL) 848 key_free(sensitive_data.server_key); 849 sensitive_data.server_key = key_new_private(KEY_RSA1); 850 buffer_get_bignum(&m, sensitive_data.server_key->rsa->e); 851 buffer_get_bignum(&m, sensitive_data.server_key->rsa->n); 852 buffer_get_bignum(&m, sensitive_data.server_key->rsa->d); 853 buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp); 854 buffer_get_bignum(&m, sensitive_data.server_key->rsa->p); 855 buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); 856 rsa_generate_additional_parameters( 857 sensitive_data.server_key->rsa); 858 } 859 buffer_free(&m); 860 861 debug3("%s: done", __func__); 862 } 863 864 /* 865 * Main program for the daemon. 866 */ 867 int 868 main(int ac, char **av) 869 { 870 extern char *optarg; 871 extern int optind; 872 int opt, j, i, fdsetsz, on = 1; 873 int sock_in = -1, sock_out = -1, newsock = -1; 874 pid_t pid; 875 socklen_t fromlen; 876 fd_set *fdset; 877 struct sockaddr_storage from; 878 const char *remote_ip; 879 int remote_port; 880 FILE *f; 881 struct addrinfo *ai; 882 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 883 char *line; 884 int listen_sock, maxfd; 885 int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 }; 886 int startups = 0; 887 Key *key; 888 Authctxt *authctxt; 889 int ret, key_used = 0; 890 Buffer cfg; 891 892 #ifdef HAVE_SECUREWARE 893 (void)set_auth_parameters(ac, av); 894 #endif 895 __progname = ssh_get_progname(av[0]); 896 init_rng(); 897 898 /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ 899 saved_argc = ac; 900 rexec_argc = ac; 901 saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1)); 902 for (i = 0; i < ac; i++) 903 saved_argv[i] = xstrdup(av[i]); 904 saved_argv[i] = NULL; 905 906 #ifndef HAVE_SETPROCTITLE 907 /* Prepare for later setproctitle emulation */ 908 compat_init_setproctitle(ac, av); 909 av = saved_argv; 910 #endif 911 912 if (geteuid() == 0 && setgroups(0, NULL) == -1) 913 debug("setgroups(): %.200s", strerror(errno)); 914 915 /* Initialize configuration options to their default values. */ 916 initialize_server_options(&options); 917 918 /* Parse command-line arguments. */ 919 while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { 920 switch (opt) { 921 case '4': 922 options.address_family = AF_INET; 923 break; 924 case '6': 925 options.address_family = AF_INET6; 926 break; 927 case 'f': 928 config_file_name = optarg; 929 break; 930 case 'd': 931 if (debug_flag == 0) { 932 debug_flag = 1; 933 options.log_level = SYSLOG_LEVEL_DEBUG1; 934 } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) 935 options.log_level++; 936 break; 937 case 'D': 938 no_daemon_flag = 1; 939 break; 940 case 'e': 941 log_stderr = 1; 942 break; 943 case 'i': 944 inetd_flag = 1; 945 break; 946 case 'r': 947 rexec_flag = 0; 948 break; 949 case 'R': 950 rexeced_flag = 1; 951 inetd_flag = 1; 952 break; 953 case 'Q': 954 /* ignored */ 955 break; 956 case 'q': 957 options.log_level = SYSLOG_LEVEL_QUIET; 958 break; 959 case 'b': 960 options.server_key_bits = atoi(optarg); 961 break; 962 case 'p': 963 options.ports_from_cmdline = 1; 964 if (options.num_ports >= MAX_PORTS) { 965 fprintf(stderr, "too many ports.\n"); 966 exit(1); 967 } 968 options.ports[options.num_ports++] = a2port(optarg); 969 if (options.ports[options.num_ports-1] == 0) { 970 fprintf(stderr, "Bad port number.\n"); 971 exit(1); 972 } 973 break; 974 case 'g': 975 if ((options.login_grace_time = convtime(optarg)) == -1) { 976 fprintf(stderr, "Invalid login grace time.\n"); 977 exit(1); 978 } 979 break; 980 case 'k': 981 if ((options.key_regeneration_time = convtime(optarg)) == -1) { 982 fprintf(stderr, "Invalid key regeneration interval.\n"); 983 exit(1); 984 } 985 break; 986 case 'h': 987 if (options.num_host_key_files >= MAX_HOSTKEYS) { 988 fprintf(stderr, "too many host keys.\n"); 989 exit(1); 990 } 991 options.host_key_files[options.num_host_key_files++] = optarg; 992 break; 993 case 't': 994 test_flag = 1; 995 break; 996 case 'u': 997 utmp_len = atoi(optarg); 998 if (utmp_len > MAXHOSTNAMELEN) { 999 fprintf(stderr, "Invalid utmp length.\n"); 1000 exit(1); 1001 } 1002 break; 1003 case 'o': 1004 line = xstrdup(optarg); 1005 if (process_server_config_line(&options, line, 1006 "command-line", 0) != 0) 1007 exit(1); 1008 xfree(line); 1009 break; 1010 case '?': 1011 default: 1012 usage(); 1013 break; 1014 } 1015 } 1016 if (rexeced_flag || inetd_flag) 1017 rexec_flag = 0; 1018 if (rexec_flag && (av[0] == NULL || *av[0] != '/')) 1019 fatal("sshd re-exec requires execution with an absolute path"); 1020 if (rexeced_flag) 1021 closefrom(REEXEC_MIN_FREE_FD); 1022 else 1023 closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); 1024 1025 SSLeay_add_all_algorithms(); 1026 1027 /* 1028 * Force logging to stderr until we have loaded the private host 1029 * key (unless started from inetd) 1030 */ 1031 log_init(__progname, 1032 options.log_level == SYSLOG_LEVEL_NOT_SET ? 1033 SYSLOG_LEVEL_INFO : options.log_level, 1034 options.log_facility == SYSLOG_FACILITY_NOT_SET ? 1035 SYSLOG_FACILITY_AUTH : options.log_facility, 1036 log_stderr || !inetd_flag); 1037 1038 /* 1039 * Unset KRB5CCNAME, otherwise the user's session may inherit it from 1040 * root's environment 1041 */ 1042 if (getenv("KRB5CCNAME") != NULL) 1043 unsetenv("KRB5CCNAME"); 1044 1045 #ifdef _UNICOS 1046 /* Cray can define user privs drop all privs now! 1047 * Not needed on PRIV_SU systems! 1048 */ 1049 drop_cray_privs(); 1050 #endif 1051 1052 seed_rng(); 1053 1054 sensitive_data.server_key = NULL; 1055 sensitive_data.ssh1_host_key = NULL; 1056 sensitive_data.have_ssh1_key = 0; 1057 sensitive_data.have_ssh2_key = 0; 1058 1059 /* Fetch our configuration */ 1060 buffer_init(&cfg); 1061 if (rexeced_flag) 1062 recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg); 1063 else 1064 load_server_config(config_file_name, &cfg); 1065 1066 parse_server_config(&options, 1067 rexeced_flag ? "rexec" : config_file_name, &cfg); 1068 1069 if (!rexec_flag) 1070 buffer_free(&cfg); 1071 1072 /* Fill in default values for those options not explicitly set. */ 1073 fill_default_server_options(&options); 1074 1075 /* set default channel AF */ 1076 channel_set_af(options.address_family); 1077 1078 /* Check that there are no remaining arguments. */ 1079 if (optind < ac) { 1080 fprintf(stderr, "Extra argument %s.\n", av[optind]); 1081 exit(1); 1082 } 1083 1084 debug("sshd version %.100s", SSH_RELEASE); 1085 1086 /* load private host keys */ 1087 sensitive_data.host_keys = xmalloc(options.num_host_key_files * 1088 sizeof(Key *)); 1089 for (i = 0; i < options.num_host_key_files; i++) 1090 sensitive_data.host_keys[i] = NULL; 1091 1092 for (i = 0; i < options.num_host_key_files; i++) { 1093 key = key_load_private(options.host_key_files[i], "", NULL); 1094 sensitive_data.host_keys[i] = key; 1095 if (key == NULL) { 1096 error("Could not load host key: %s", 1097 options.host_key_files[i]); 1098 sensitive_data.host_keys[i] = NULL; 1099 continue; 1100 } 1101 switch (key->type) { 1102 case KEY_RSA1: 1103 sensitive_data.ssh1_host_key = key; 1104 sensitive_data.have_ssh1_key = 1; 1105 break; 1106 case KEY_RSA: 1107 case KEY_DSA: 1108 sensitive_data.have_ssh2_key = 1; 1109 break; 1110 } 1111 debug("private host key: #%d type %d %s", i, key->type, 1112 key_type(key)); 1113 } 1114 if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { 1115 logit("Disabling protocol version 1. Could not load host key"); 1116 options.protocol &= ~SSH_PROTO_1; 1117 } 1118 if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { 1119 logit("Disabling protocol version 2. Could not load host key"); 1120 options.protocol &= ~SSH_PROTO_2; 1121 } 1122 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { 1123 logit("sshd: no hostkeys available -- exiting."); 1124 exit(1); 1125 } 1126 1127 /* Check certain values for sanity. */ 1128 if (options.protocol & SSH_PROTO_1) { 1129 if (options.server_key_bits < 512 || 1130 options.server_key_bits > 32768) { 1131 fprintf(stderr, "Bad server key size.\n"); 1132 exit(1); 1133 } 1134 /* 1135 * Check that server and host key lengths differ sufficiently. This 1136 * is necessary to make double encryption work with rsaref. Oh, I 1137 * hate software patents. I dont know if this can go? Niels 1138 */ 1139 if (options.server_key_bits > 1140 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - 1141 SSH_KEY_BITS_RESERVED && options.server_key_bits < 1142 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + 1143 SSH_KEY_BITS_RESERVED) { 1144 options.server_key_bits = 1145 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + 1146 SSH_KEY_BITS_RESERVED; 1147 debug("Forcing server key to %d bits to make it differ from host key.", 1148 options.server_key_bits); 1149 } 1150 } 1151 1152 if (use_privsep) { 1153 struct passwd *pw; 1154 struct stat st; 1155 1156 if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) 1157 fatal("Privilege separation user %s does not exist", 1158 SSH_PRIVSEP_USER); 1159 if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || 1160 (S_ISDIR(st.st_mode) == 0)) 1161 fatal("Missing privilege separation directory: %s", 1162 _PATH_PRIVSEP_CHROOT_DIR); 1163 1164 #ifdef HAVE_CYGWIN 1165 if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && 1166 (st.st_uid != getuid () || 1167 (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) 1168 #else 1169 if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) 1170 #endif 1171 fatal("%s must be owned by root and not group or " 1172 "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); 1173 } 1174 1175 /* Configuration looks good, so exit if in test mode. */ 1176 if (test_flag) 1177 exit(0); 1178 1179 /* 1180 * Clear out any supplemental groups we may have inherited. This 1181 * prevents inadvertent creation of files with bad modes (in the 1182 * portable version at least, it's certainly possible for PAM 1183 * to create a file, and we can't control the code in every 1184 * module which might be used). 1185 */ 1186 if (setgroups(0, NULL) < 0) 1187 debug("setgroups() failed: %.200s", strerror(errno)); 1188 1189 if (rexec_flag) { 1190 rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2)); 1191 for (i = 0; i < rexec_argc; i++) { 1192 debug("rexec_argv[%d]='%s'", i, saved_argv[i]); 1193 rexec_argv[i] = saved_argv[i]; 1194 } 1195 rexec_argv[rexec_argc] = "-R"; 1196 rexec_argv[rexec_argc + 1] = NULL; 1197 } 1198 1199 /* Initialize the log (it is reinitialized below in case we forked). */ 1200 if (debug_flag && (!inetd_flag || rexeced_flag)) 1201 log_stderr = 1; 1202 log_init(__progname, options.log_level, options.log_facility, log_stderr); 1203 1204 /* 1205 * If not in debugging mode, and not started from inetd, disconnect 1206 * from the controlling terminal, and fork. The original process 1207 * exits. 1208 */ 1209 if (!(debug_flag || inetd_flag || no_daemon_flag)) { 1210 #ifdef TIOCNOTTY 1211 int fd; 1212 #endif /* TIOCNOTTY */ 1213 if (daemon(0, 0) < 0) 1214 fatal("daemon() failed: %.200s", strerror(errno)); 1215 1216 /* Disconnect from the controlling tty. */ 1217 #ifdef TIOCNOTTY 1218 fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); 1219 if (fd >= 0) { 1220 (void) ioctl(fd, TIOCNOTTY, NULL); 1221 close(fd); 1222 } 1223 #endif /* TIOCNOTTY */ 1224 } 1225 /* Reinitialize the log (because of the fork above). */ 1226 log_init(__progname, options.log_level, options.log_facility, log_stderr); 1227 1228 /* Initialize the random number generator. */ 1229 arc4random_stir(); 1230 1231 /* Chdir to the root directory so that the current disk can be 1232 unmounted if desired. */ 1233 chdir("/"); 1234 1235 /* ignore SIGPIPE */ 1236 signal(SIGPIPE, SIG_IGN); 1237 1238 /* Start listening for a socket, unless started from inetd. */ 1239 if (inetd_flag) { 1240 int fd; 1241 1242 startup_pipe = -1; 1243 if (rexeced_flag) { 1244 close(REEXEC_CONFIG_PASS_FD); 1245 sock_in = sock_out = dup(STDIN_FILENO); 1246 if (!debug_flag) { 1247 startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); 1248 close(REEXEC_STARTUP_PIPE_FD); 1249 } 1250 } else { 1251 sock_in = dup(STDIN_FILENO); 1252 sock_out = dup(STDOUT_FILENO); 1253 } 1254 /* 1255 * We intentionally do not close the descriptors 0, 1, and 2 1256 * as our code for setting the descriptors won't work if 1257 * ttyfd happens to be one of those. 1258 */ 1259 if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { 1260 dup2(fd, STDIN_FILENO); 1261 dup2(fd, STDOUT_FILENO); 1262 if (fd > STDOUT_FILENO) 1263 close(fd); 1264 } 1265 debug("inetd sockets after dupping: %d, %d", sock_in, sock_out); 1266 if ((options.protocol & SSH_PROTO_1) && 1267 sensitive_data.server_key == NULL) 1268 generate_ephemeral_server_key(); 1269 } else { 1270 for (ai = options.listen_addrs; ai; ai = ai->ai_next) { 1271 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 1272 continue; 1273 if (num_listen_socks >= MAX_LISTEN_SOCKS) 1274 fatal("Too many listen sockets. " 1275 "Enlarge MAX_LISTEN_SOCKS"); 1276 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, 1277 ntop, sizeof(ntop), strport, sizeof(strport), 1278 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 1279 error("getnameinfo failed: %.100s", 1280 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 1281 strerror(errno)); 1282 continue; 1283 } 1284 /* Create socket for listening. */ 1285 listen_sock = socket(ai->ai_family, ai->ai_socktype, 1286 ai->ai_protocol); 1287 if (listen_sock < 0) { 1288 /* kernel may not support ipv6 */ 1289 verbose("socket: %.100s", strerror(errno)); 1290 continue; 1291 } 1292 if (set_nonblock(listen_sock) == -1) { 1293 close(listen_sock); 1294 continue; 1295 } 1296 /* 1297 * Set socket options. 1298 * Allow local port reuse in TIME_WAIT. 1299 */ 1300 if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, 1301 &on, sizeof(on)) == -1) 1302 error("setsockopt SO_REUSEADDR: %s", strerror(errno)); 1303 1304 debug("Bind to port %s on %s.", strport, ntop); 1305 1306 /* Bind the socket to the desired port. */ 1307 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { 1308 if (!ai->ai_next) 1309 error("Bind to port %s on %s failed: %.200s.", 1310 strport, ntop, strerror(errno)); 1311 close(listen_sock); 1312 continue; 1313 } 1314 listen_socks[num_listen_socks] = listen_sock; 1315 num_listen_socks++; 1316 1317 /* Start listening on the port. */ 1318 logit("Server listening on %s port %s.", ntop, strport); 1319 if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) 1320 fatal("listen: %.100s", strerror(errno)); 1321 1322 } 1323 freeaddrinfo(options.listen_addrs); 1324 1325 if (!num_listen_socks) 1326 fatal("Cannot bind any address."); 1327 1328 if (options.protocol & SSH_PROTO_1) 1329 generate_ephemeral_server_key(); 1330 1331 /* 1332 * Arrange to restart on SIGHUP. The handler needs 1333 * listen_sock. 1334 */ 1335 signal(SIGHUP, sighup_handler); 1336 1337 signal(SIGTERM, sigterm_handler); 1338 signal(SIGQUIT, sigterm_handler); 1339 1340 /* Arrange SIGCHLD to be caught. */ 1341 signal(SIGCHLD, main_sigchld_handler); 1342 1343 /* Write out the pid file after the sigterm handler is setup */ 1344 if (!debug_flag) { 1345 /* 1346 * Record our pid in /var/run/sshd.pid to make it 1347 * easier to kill the correct sshd. We don't want to 1348 * do this before the bind above because the bind will 1349 * fail if there already is a daemon, and this will 1350 * overwrite any old pid in the file. 1351 */ 1352 f = fopen(options.pid_file, "wb"); 1353 if (f == NULL) { 1354 error("Couldn't create pid file \"%s\": %s", 1355 options.pid_file, strerror(errno)); 1356 } else { 1357 fprintf(f, "%ld\n", (long) getpid()); 1358 fclose(f); 1359 } 1360 } 1361 1362 /* setup fd set for listen */ 1363 fdset = NULL; 1364 maxfd = 0; 1365 for (i = 0; i < num_listen_socks; i++) 1366 if (listen_socks[i] > maxfd) 1367 maxfd = listen_socks[i]; 1368 /* pipes connected to unauthenticated childs */ 1369 startup_pipes = xmalloc(options.max_startups * sizeof(int)); 1370 for (i = 0; i < options.max_startups; i++) 1371 startup_pipes[i] = -1; 1372 1373 /* 1374 * Stay listening for connections until the system crashes or 1375 * the daemon is killed with a signal. 1376 */ 1377 for (;;) { 1378 if (received_sighup) 1379 sighup_restart(); 1380 if (fdset != NULL) 1381 xfree(fdset); 1382 fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask); 1383 fdset = (fd_set *)xmalloc(fdsetsz); 1384 memset(fdset, 0, fdsetsz); 1385 1386 for (i = 0; i < num_listen_socks; i++) 1387 FD_SET(listen_socks[i], fdset); 1388 for (i = 0; i < options.max_startups; i++) 1389 if (startup_pipes[i] != -1) 1390 FD_SET(startup_pipes[i], fdset); 1391 1392 /* Wait in select until there is a connection. */ 1393 ret = select(maxfd+1, fdset, NULL, NULL, NULL); 1394 if (ret < 0 && errno != EINTR) 1395 error("select: %.100s", strerror(errno)); 1396 if (received_sigterm) { 1397 logit("Received signal %d; terminating.", 1398 (int) received_sigterm); 1399 close_listen_socks(); 1400 unlink(options.pid_file); 1401 exit(255); 1402 } 1403 if (key_used && key_do_regen) { 1404 generate_ephemeral_server_key(); 1405 key_used = 0; 1406 key_do_regen = 0; 1407 } 1408 if (ret < 0) 1409 continue; 1410 1411 for (i = 0; i < options.max_startups; i++) 1412 if (startup_pipes[i] != -1 && 1413 FD_ISSET(startup_pipes[i], fdset)) { 1414 /* 1415 * the read end of the pipe is ready 1416 * if the child has closed the pipe 1417 * after successful authentication 1418 * or if the child has died 1419 */ 1420 close(startup_pipes[i]); 1421 startup_pipes[i] = -1; 1422 startups--; 1423 } 1424 for (i = 0; i < num_listen_socks; i++) { 1425 if (!FD_ISSET(listen_socks[i], fdset)) 1426 continue; 1427 fromlen = sizeof(from); 1428 newsock = accept(listen_socks[i], (struct sockaddr *)&from, 1429 &fromlen); 1430 if (newsock < 0) { 1431 if (errno != EINTR && errno != EWOULDBLOCK) 1432 error("accept: %.100s", strerror(errno)); 1433 continue; 1434 } 1435 if (unset_nonblock(newsock) == -1) { 1436 close(newsock); 1437 continue; 1438 } 1439 if (drop_connection(startups) == 1) { 1440 debug("drop connection #%d", startups); 1441 close(newsock); 1442 continue; 1443 } 1444 if (pipe(startup_p) == -1) { 1445 close(newsock); 1446 continue; 1447 } 1448 1449 if (rexec_flag && socketpair(AF_UNIX, 1450 SOCK_STREAM, 0, config_s) == -1) { 1451 error("reexec socketpair: %s", 1452 strerror(errno)); 1453 close(newsock); 1454 close(startup_p[0]); 1455 close(startup_p[1]); 1456 continue; 1457 } 1458 1459 for (j = 0; j < options.max_startups; j++) 1460 if (startup_pipes[j] == -1) { 1461 startup_pipes[j] = startup_p[0]; 1462 if (maxfd < startup_p[0]) 1463 maxfd = startup_p[0]; 1464 startups++; 1465 break; 1466 } 1467 1468 /* 1469 * Got connection. Fork a child to handle it, unless 1470 * we are in debugging mode. 1471 */ 1472 if (debug_flag) { 1473 /* 1474 * In debugging mode. Close the listening 1475 * socket, and start processing the 1476 * connection without forking. 1477 */ 1478 debug("Server will not fork when running in debugging mode."); 1479 close_listen_socks(); 1480 sock_in = newsock; 1481 sock_out = newsock; 1482 close(startup_p[0]); 1483 close(startup_p[1]); 1484 startup_pipe = -1; 1485 pid = getpid(); 1486 if (rexec_flag) { 1487 send_rexec_state(config_s[0], 1488 &cfg); 1489 close(config_s[0]); 1490 } 1491 break; 1492 } else { 1493 /* 1494 * Normal production daemon. Fork, and have 1495 * the child process the connection. The 1496 * parent continues listening. 1497 */ 1498 if ((pid = fork()) == 0) { 1499 /* 1500 * Child. Close the listening and max_startup 1501 * sockets. Start using the accepted socket. 1502 * Reinitialize logging (since our pid has 1503 * changed). We break out of the loop to handle 1504 * the connection. 1505 */ 1506 startup_pipe = startup_p[1]; 1507 close_startup_pipes(); 1508 close_listen_socks(); 1509 sock_in = newsock; 1510 sock_out = newsock; 1511 log_init(__progname, options.log_level, options.log_facility, log_stderr); 1512 if (rexec_flag) 1513 close(config_s[0]); 1514 break; 1515 } 1516 } 1517 1518 /* Parent. Stay in the loop. */ 1519 if (pid < 0) 1520 error("fork: %.100s", strerror(errno)); 1521 else 1522 debug("Forked child %ld.", (long)pid); 1523 1524 close(startup_p[1]); 1525 1526 if (rexec_flag) { 1527 send_rexec_state(config_s[0], &cfg); 1528 close(config_s[0]); 1529 close(config_s[1]); 1530 } 1531 1532 /* Mark that the key has been used (it was "given" to the child). */ 1533 if ((options.protocol & SSH_PROTO_1) && 1534 key_used == 0) { 1535 /* Schedule server key regeneration alarm. */ 1536 signal(SIGALRM, key_regeneration_alarm); 1537 alarm(options.key_regeneration_time); 1538 key_used = 1; 1539 } 1540 1541 arc4random_stir(); 1542 1543 /* Close the new socket (the child is now taking care of it). */ 1544 close(newsock); 1545 } 1546 /* child process check (or debug mode) */ 1547 if (num_listen_socks < 0) 1548 break; 1549 } 1550 } 1551 1552 /* This is the child processing a new connection. */ 1553 setproctitle("%s", "[accepted]"); 1554 1555 /* 1556 * Create a new session and process group since the 4.4BSD 1557 * setlogin() affects the entire process group. We don't 1558 * want the child to be able to affect the parent. 1559 */ 1560 #if !defined(SSHD_ACQUIRES_CTTY) 1561 /* 1562 * If setsid is called, on some platforms sshd will later acquire a 1563 * controlling terminal which will result in "could not set 1564 * controlling tty" errors. 1565 */ 1566 if (!debug_flag && !inetd_flag && setsid() < 0) 1567 error("setsid: %.100s", strerror(errno)); 1568 #endif 1569 1570 if (rexec_flag) { 1571 int fd; 1572 1573 debug("rexec start in %d out %d newsock %d pipe %d sock %d", 1574 sock_in, sock_out, newsock, startup_pipe, config_s[0]); 1575 dup2(newsock, STDIN_FILENO); 1576 dup2(STDIN_FILENO, STDOUT_FILENO); 1577 if (startup_pipe == -1) 1578 close(REEXEC_STARTUP_PIPE_FD); 1579 else 1580 dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD); 1581 1582 dup2(config_s[1], REEXEC_CONFIG_PASS_FD); 1583 close(config_s[1]); 1584 if (startup_pipe != -1) 1585 close(startup_pipe); 1586 1587 execv(rexec_argv[0], rexec_argv); 1588 1589 /* Reexec has failed, fall back and continue */ 1590 error("rexec of %s failed: %s", rexec_argv[0], strerror(errno)); 1591 recv_rexec_state(REEXEC_CONFIG_PASS_FD, NULL); 1592 log_init(__progname, options.log_level, 1593 options.log_facility, log_stderr); 1594 1595 /* Clean up fds */ 1596 startup_pipe = REEXEC_STARTUP_PIPE_FD; 1597 close(config_s[1]); 1598 close(REEXEC_CONFIG_PASS_FD); 1599 newsock = sock_out = sock_in = dup(STDIN_FILENO); 1600 if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { 1601 dup2(fd, STDIN_FILENO); 1602 dup2(fd, STDOUT_FILENO); 1603 if (fd > STDERR_FILENO) 1604 close(fd); 1605 } 1606 debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d", 1607 sock_in, sock_out, newsock, startup_pipe, config_s[0]); 1608 } 1609 1610 /* 1611 * Disable the key regeneration alarm. We will not regenerate the 1612 * key since we are no longer in a position to give it to anyone. We 1613 * will not restart on SIGHUP since it no longer makes sense. 1614 */ 1615 alarm(0); 1616 signal(SIGALRM, SIG_DFL); 1617 signal(SIGHUP, SIG_DFL); 1618 signal(SIGTERM, SIG_DFL); 1619 signal(SIGQUIT, SIG_DFL); 1620 signal(SIGCHLD, SIG_DFL); 1621 signal(SIGINT, SIG_DFL); 1622 1623 /* Set SO_KEEPALIVE if requested. */ 1624 if (options.tcp_keep_alive && 1625 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, 1626 sizeof(on)) < 0) 1627 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 1628 1629 #ifdef __FreeBSD__ 1630 /* 1631 * Initialize the resolver. This may not happen automatically 1632 * before privsep chroot(). 1633 */ 1634 if ((_res.options & RES_INIT) == 0) { 1635 debug("res_init()"); 1636 res_init(); 1637 } 1638 #endif 1639 1640 /* 1641 * Register our connection. This turns encryption off because we do 1642 * not have a key. 1643 */ 1644 packet_set_connection(sock_in, sock_out); 1645 1646 remote_port = get_remote_port(); 1647 remote_ip = get_remote_ipaddr(); 1648 1649 #ifdef SSH_AUDIT_EVENTS 1650 audit_connection_from(remote_ip, remote_port); 1651 #endif 1652 #ifdef LIBWRAP 1653 /* Check whether logins are denied from this host. */ 1654 if (packet_connection_is_on_socket()) { 1655 struct request_info req; 1656 1657 request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); 1658 fromhost(&req); 1659 1660 if (!hosts_access(&req)) { 1661 debug("Connection refused by tcp wrapper"); 1662 refuse(&req); 1663 /* NOTREACHED */ 1664 fatal("libwrap refuse returns"); 1665 } 1666 } 1667 #endif /* LIBWRAP */ 1668 1669 /* Log the connection. */ 1670 verbose("Connection from %.500s port %d", remote_ip, remote_port); 1671 1672 /* 1673 * We don\'t want to listen forever unless the other side 1674 * successfully authenticates itself. So we set up an alarm which is 1675 * cleared after successful authentication. A limit of zero 1676 * indicates no limit. Note that we don\'t set the alarm in debugging 1677 * mode; it is just annoying to have the server exit just when you 1678 * are about to discover the bug. 1679 */ 1680 signal(SIGALRM, grace_alarm_handler); 1681 if (!debug_flag) 1682 alarm(options.login_grace_time); 1683 1684 sshd_exchange_identification(sock_in, sock_out); 1685 1686 packet_set_nonblocking(); 1687 1688 /* allocate authentication context */ 1689 authctxt = xmalloc(sizeof(*authctxt)); 1690 memset(authctxt, 0, sizeof(*authctxt)); 1691 1692 authctxt->loginmsg = &loginmsg; 1693 1694 /* XXX global for cleanup, access from other modules */ 1695 the_authctxt = authctxt; 1696 1697 /* prepare buffer to collect messages to display to user after login */ 1698 buffer_init(&loginmsg); 1699 1700 if (use_privsep) 1701 if (privsep_preauth(authctxt) == 1) 1702 goto authenticated; 1703 1704 /* perform the key exchange */ 1705 /* authenticate user and start session */ 1706 if (compat20) { 1707 do_ssh2_kex(); 1708 do_authentication2(authctxt); 1709 } else { 1710 do_ssh1_kex(); 1711 do_authentication(authctxt); 1712 } 1713 /* 1714 * If we use privilege separation, the unprivileged child transfers 1715 * the current keystate and exits 1716 */ 1717 if (use_privsep) { 1718 mm_send_keystate(pmonitor); 1719 exit(0); 1720 } 1721 1722 authenticated: 1723 #ifdef SSH_AUDIT_EVENTS 1724 audit_event(SSH_AUTH_SUCCESS); 1725 #endif 1726 1727 /* 1728 * In privilege separation, we fork another child and prepare 1729 * file descriptor passing. 1730 */ 1731 if (use_privsep) { 1732 privsep_postauth(authctxt); 1733 /* the monitor process [priv] will not return */ 1734 if (!compat20) 1735 destroy_sensitive_data(); 1736 } 1737 1738 /* Start session. */ 1739 do_authenticated(authctxt); 1740 1741 /* The connection has been terminated. */ 1742 verbose("Closing connection to %.100s", remote_ip); 1743 1744 #ifdef USE_PAM 1745 if (options.use_pam) 1746 finish_pam(); 1747 #endif /* USE_PAM */ 1748 1749 #ifdef SSH_AUDIT_EVENTS 1750 PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); 1751 #endif 1752 1753 packet_close(); 1754 1755 if (use_privsep) 1756 mm_terminate(); 1757 1758 exit(0); 1759 } 1760 1761 /* 1762 * Decrypt session_key_int using our private server key and private host key 1763 * (key with larger modulus first). 1764 */ 1765 int 1766 ssh1_session_key(BIGNUM *session_key_int) 1767 { 1768 int rsafail = 0; 1769 1770 if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) { 1771 /* Server key has bigger modulus. */ 1772 if (BN_num_bits(sensitive_data.server_key->rsa->n) < 1773 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 1774 fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", 1775 get_remote_ipaddr(), 1776 BN_num_bits(sensitive_data.server_key->rsa->n), 1777 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), 1778 SSH_KEY_BITS_RESERVED); 1779 } 1780 if (rsa_private_decrypt(session_key_int, session_key_int, 1781 sensitive_data.server_key->rsa) <= 0) 1782 rsafail++; 1783 if (rsa_private_decrypt(session_key_int, session_key_int, 1784 sensitive_data.ssh1_host_key->rsa) <= 0) 1785 rsafail++; 1786 } else { 1787 /* Host key has bigger modulus (or they are equal). */ 1788 if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < 1789 BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 1790 fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", 1791 get_remote_ipaddr(), 1792 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), 1793 BN_num_bits(sensitive_data.server_key->rsa->n), 1794 SSH_KEY_BITS_RESERVED); 1795 } 1796 if (rsa_private_decrypt(session_key_int, session_key_int, 1797 sensitive_data.ssh1_host_key->rsa) < 0) 1798 rsafail++; 1799 if (rsa_private_decrypt(session_key_int, session_key_int, 1800 sensitive_data.server_key->rsa) < 0) 1801 rsafail++; 1802 } 1803 return (rsafail); 1804 } 1805 /* 1806 * SSH1 key exchange 1807 */ 1808 static void 1809 do_ssh1_kex(void) 1810 { 1811 int i, len; 1812 int rsafail = 0; 1813 BIGNUM *session_key_int; 1814 u_char session_key[SSH_SESSION_KEY_LENGTH]; 1815 u_char cookie[8]; 1816 u_int cipher_type, auth_mask, protocol_flags; 1817 u_int32_t rnd = 0; 1818 1819 /* 1820 * Generate check bytes that the client must send back in the user 1821 * packet in order for it to be accepted; this is used to defy ip 1822 * spoofing attacks. Note that this only works against somebody 1823 * doing IP spoofing from a remote machine; any machine on the local 1824 * network can still see outgoing packets and catch the random 1825 * cookie. This only affects rhosts authentication, and this is one 1826 * of the reasons why it is inherently insecure. 1827 */ 1828 for (i = 0; i < 8; i++) { 1829 if (i % 4 == 0) 1830 rnd = arc4random(); 1831 cookie[i] = rnd & 0xff; 1832 rnd >>= 8; 1833 } 1834 1835 /* 1836 * Send our public key. We include in the packet 64 bits of random 1837 * data that must be matched in the reply in order to prevent IP 1838 * spoofing. 1839 */ 1840 packet_start(SSH_SMSG_PUBLIC_KEY); 1841 for (i = 0; i < 8; i++) 1842 packet_put_char(cookie[i]); 1843 1844 /* Store our public server RSA key. */ 1845 packet_put_int(BN_num_bits(sensitive_data.server_key->rsa->n)); 1846 packet_put_bignum(sensitive_data.server_key->rsa->e); 1847 packet_put_bignum(sensitive_data.server_key->rsa->n); 1848 1849 /* Store our public host RSA key. */ 1850 packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); 1851 packet_put_bignum(sensitive_data.ssh1_host_key->rsa->e); 1852 packet_put_bignum(sensitive_data.ssh1_host_key->rsa->n); 1853 1854 /* Put protocol flags. */ 1855 packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN); 1856 1857 /* Declare which ciphers we support. */ 1858 packet_put_int(cipher_mask_ssh1(0)); 1859 1860 /* Declare supported authentication types. */ 1861 auth_mask = 0; 1862 if (options.rhosts_rsa_authentication) 1863 auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; 1864 if (options.rsa_authentication) 1865 auth_mask |= 1 << SSH_AUTH_RSA; 1866 if (options.challenge_response_authentication == 1) 1867 auth_mask |= 1 << SSH_AUTH_TIS; 1868 if (options.password_authentication) 1869 auth_mask |= 1 << SSH_AUTH_PASSWORD; 1870 packet_put_int(auth_mask); 1871 1872 /* Send the packet and wait for it to be sent. */ 1873 packet_send(); 1874 packet_write_wait(); 1875 1876 debug("Sent %d bit server key and %d bit host key.", 1877 BN_num_bits(sensitive_data.server_key->rsa->n), 1878 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); 1879 1880 /* Read clients reply (cipher type and session key). */ 1881 packet_read_expect(SSH_CMSG_SESSION_KEY); 1882 1883 /* Get cipher type and check whether we accept this. */ 1884 cipher_type = packet_get_char(); 1885 1886 if (!(cipher_mask_ssh1(0) & (1 << cipher_type))) 1887 packet_disconnect("Warning: client selects unsupported cipher."); 1888 1889 /* Get check bytes from the packet. These must match those we 1890 sent earlier with the public key packet. */ 1891 for (i = 0; i < 8; i++) 1892 if (cookie[i] != packet_get_char()) 1893 packet_disconnect("IP Spoofing check bytes do not match."); 1894 1895 debug("Encryption type: %.200s", cipher_name(cipher_type)); 1896 1897 /* Get the encrypted integer. */ 1898 if ((session_key_int = BN_new()) == NULL) 1899 fatal("do_ssh1_kex: BN_new failed"); 1900 packet_get_bignum(session_key_int); 1901 1902 protocol_flags = packet_get_int(); 1903 packet_set_protocol_flags(protocol_flags); 1904 packet_check_eom(); 1905 1906 /* Decrypt session_key_int using host/server keys */ 1907 rsafail = PRIVSEP(ssh1_session_key(session_key_int)); 1908 1909 /* 1910 * Extract session key from the decrypted integer. The key is in the 1911 * least significant 256 bits of the integer; the first byte of the 1912 * key is in the highest bits. 1913 */ 1914 if (!rsafail) { 1915 BN_mask_bits(session_key_int, sizeof(session_key) * 8); 1916 len = BN_num_bytes(session_key_int); 1917 if (len < 0 || len > sizeof(session_key)) { 1918 error("do_connection: bad session key len from %s: " 1919 "session_key_int %d > sizeof(session_key) %lu", 1920 get_remote_ipaddr(), len, (u_long)sizeof(session_key)); 1921 rsafail++; 1922 } else { 1923 memset(session_key, 0, sizeof(session_key)); 1924 BN_bn2bin(session_key_int, 1925 session_key + sizeof(session_key) - len); 1926 1927 derive_ssh1_session_id( 1928 sensitive_data.ssh1_host_key->rsa->n, 1929 sensitive_data.server_key->rsa->n, 1930 cookie, session_id); 1931 /* 1932 * Xor the first 16 bytes of the session key with the 1933 * session id. 1934 */ 1935 for (i = 0; i < 16; i++) 1936 session_key[i] ^= session_id[i]; 1937 } 1938 } 1939 if (rsafail) { 1940 int bytes = BN_num_bytes(session_key_int); 1941 u_char *buf = xmalloc(bytes); 1942 MD5_CTX md; 1943 1944 logit("do_connection: generating a fake encryption key"); 1945 BN_bn2bin(session_key_int, buf); 1946 MD5_Init(&md); 1947 MD5_Update(&md, buf, bytes); 1948 MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); 1949 MD5_Final(session_key, &md); 1950 MD5_Init(&md); 1951 MD5_Update(&md, session_key, 16); 1952 MD5_Update(&md, buf, bytes); 1953 MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); 1954 MD5_Final(session_key + 16, &md); 1955 memset(buf, 0, bytes); 1956 xfree(buf); 1957 for (i = 0; i < 16; i++) 1958 session_id[i] = session_key[i] ^ session_key[i + 16]; 1959 } 1960 /* Destroy the private and public keys. No longer. */ 1961 destroy_sensitive_data(); 1962 1963 if (use_privsep) 1964 mm_ssh1_session_id(session_id); 1965 1966 /* Destroy the decrypted integer. It is no longer needed. */ 1967 BN_clear_free(session_key_int); 1968 1969 /* Set the session key. From this on all communications will be encrypted. */ 1970 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); 1971 1972 /* Destroy our copy of the session key. It is no longer needed. */ 1973 memset(session_key, 0, sizeof(session_key)); 1974 1975 debug("Received session key; encryption turned on."); 1976 1977 /* Send an acknowledgment packet. Note that this packet is sent encrypted. */ 1978 packet_start(SSH_SMSG_SUCCESS); 1979 packet_send(); 1980 packet_write_wait(); 1981 } 1982 1983 /* 1984 * SSH2 key exchange: diffie-hellman-group1-sha1 1985 */ 1986 static void 1987 do_ssh2_kex(void) 1988 { 1989 Kex *kex; 1990 1991 if (options.ciphers != NULL) { 1992 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 1993 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; 1994 } 1995 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 1996 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); 1997 myproposal[PROPOSAL_ENC_ALGS_STOC] = 1998 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); 1999 2000 if (options.macs != NULL) { 2001 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 2002 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 2003 } 2004 if (!options.compression) { 2005 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 2006 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 2007 } 2008 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 2009 2010 /* start key exchange */ 2011 kex = kex_setup(myproposal); 2012 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 2013 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 2014 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2015 kex->server = 1; 2016 kex->client_version_string=client_version_string; 2017 kex->server_version_string=server_version_string; 2018 kex->load_host_key=&get_hostkey_by_type; 2019 kex->host_key_index=&get_hostkey_index; 2020 2021 xxx_kex = kex; 2022 2023 dispatch_run(DISPATCH_BLOCK, &kex->done, kex); 2024 2025 session_id2 = kex->session_id; 2026 session_id2_len = kex->session_id_len; 2027 2028 #ifdef DEBUG_KEXDH 2029 /* send 1st encrypted/maced/compressed message */ 2030 packet_start(SSH2_MSG_IGNORE); 2031 packet_put_cstring("markus"); 2032 packet_send(); 2033 packet_write_wait(); 2034 #endif 2035 debug("KEX done"); 2036 } 2037 2038 /* server specific fatal cleanup */ 2039 void 2040 cleanup_exit(int i) 2041 { 2042 if (the_authctxt) 2043 do_cleanup(the_authctxt); 2044 #ifdef SSH_AUDIT_EVENTS 2045 /* done after do_cleanup so it can cancel the PAM auth 'thread' */ 2046 if (!use_privsep || mm_is_monitor()) 2047 audit_event(SSH_CONNECTION_ABANDON); 2048 #endif 2049 _exit(i); 2050 } 2051