1 /* $OpenBSD: sshd.c,v 1.614 2024/12/07 10:12:19 djm Exp $ */ 2 /* 3 * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved. 4 * Copyright (c) 2002 Niels Provos. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/ioctl.h> 29 #include <sys/wait.h> 30 #include <sys/tree.h> 31 #include <sys/stat.h> 32 #include <sys/socket.h> 33 #include <sys/time.h> 34 #include <sys/queue.h> 35 36 #include <errno.h> 37 #include <fcntl.h> 38 #include <netdb.h> 39 #include <paths.h> 40 #include <poll.h> 41 #include <pwd.h> 42 #include <signal.h> 43 #include <stdio.h> 44 #include <stdlib.h> 45 #include <string.h> 46 #include <stdarg.h> 47 #include <unistd.h> 48 #include <limits.h> 49 50 #ifdef WITH_OPENSSL 51 #include <openssl/bn.h> 52 #include <openssl/evp.h> 53 #endif 54 55 #include "xmalloc.h" 56 #include "ssh.h" 57 #include "sshpty.h" 58 #include "log.h" 59 #include "sshbuf.h" 60 #include "misc.h" 61 #include "servconf.h" 62 #include "compat.h" 63 #include "digest.h" 64 #include "sshkey.h" 65 #include "authfile.h" 66 #include "pathnames.h" 67 #include "canohost.h" 68 #include "hostfile.h" 69 #include "auth.h" 70 #include "authfd.h" 71 #include "msg.h" 72 #include "version.h" 73 #include "ssherr.h" 74 #include "sk-api.h" 75 #include "addr.h" 76 #include "srclimit.h" 77 78 /* Re-exec fds */ 79 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) 80 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) 81 #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) 82 #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) 83 84 extern char *__progname; 85 86 /* Server configuration options. */ 87 ServerOptions options; 88 89 /* 90 * Debug mode flag. This can be set on the command line. If debug 91 * mode is enabled, extra debugging output will be sent to the system 92 * log, the daemon will not go to background, and will exit after processing 93 * the first connection. 94 */ 95 int debug_flag = 0; 96 97 /* Saved arguments to main(). */ 98 static char **saved_argv; 99 100 /* 101 * The sockets that the server is listening; this is used in the SIGHUP 102 * signal handler. 103 */ 104 #define MAX_LISTEN_SOCKS 16 105 static int listen_socks[MAX_LISTEN_SOCKS]; 106 static int num_listen_socks = 0; 107 108 /* 109 * Any really sensitive data in the application is contained in this 110 * structure. The idea is that this structure could be locked into memory so 111 * that the pages do not get written into swap. However, there are some 112 * problems. The private key contains BIGNUMs, and we do not (in principle) 113 * have access to the internals of them, and locking just the structure is 114 * not very useful. Currently, memory locking is not implemented. 115 */ 116 struct { 117 struct sshkey **host_keys; /* all private host keys */ 118 struct sshkey **host_pubkeys; /* all public host keys */ 119 struct sshkey **host_certificates; /* all public host certificates */ 120 int have_ssh2_key; 121 } sensitive_data; 122 123 /* This is set to true when a signal is received. */ 124 static volatile sig_atomic_t received_siginfo = 0; 125 static volatile sig_atomic_t received_sigchld = 0; 126 static volatile sig_atomic_t received_sighup = 0; 127 static volatile sig_atomic_t received_sigterm = 0; 128 129 /* record remote hostname or ip */ 130 u_int utmp_len = HOST_NAME_MAX+1; 131 132 /* 133 * The early_child/children array below is used for tracking children of the 134 * listening sshd process early in their lifespans, before they have 135 * completed authentication. This tracking is needed for four things: 136 * 137 * 1) Implementing the MaxStartups limit of concurrent unauthenticated 138 * connections. 139 * 2) Avoiding a race condition for SIGHUP processing, where child processes 140 * may have listen_socks open that could collide with main listener process 141 * after it restarts. 142 * 3) Ensuring that rexec'd sshd processes have received their initial state 143 * from the parent listen process before handling SIGHUP. 144 * 4) Tracking and logging unsuccessful exits from the preauth sshd monitor, 145 * including and especially those for LoginGraceTime timeouts. 146 * 147 * Child processes signal that they have completed closure of the listen_socks 148 * and (if applicable) received their rexec state by sending a char over their 149 * sock. 150 * 151 * Child processes signal that authentication has completed by sending a 152 * second char over the socket before closing it, otherwise the listener will 153 * continue tracking the child (and using up a MaxStartups slot) until the 154 * preauth subprocess exits, whereupon the listener will log its exit status. 155 * preauth processes will exit with a status of EXIT_LOGIN_GRACE to indicate 156 * they did not authenticate before the LoginGraceTime alarm fired. 157 */ 158 struct early_child { 159 int pipefd; 160 int early; /* Indicates child closed listener */ 161 char *id; /* human readable connection identifier */ 162 pid_t pid; 163 struct xaddr addr; 164 int have_addr; 165 int status, have_status; 166 }; 167 static struct early_child *children; 168 static int children_active; 169 static int startup_pipe = -1; /* in child */ 170 171 /* sshd_config buffer */ 172 struct sshbuf *cfg; 173 174 /* Included files from the configuration file */ 175 struct include_list includes = TAILQ_HEAD_INITIALIZER(includes); 176 177 /* message to be displayed after login */ 178 struct sshbuf *loginmsg; 179 180 static char *listener_proctitle; 181 182 /* 183 * Close all listening sockets 184 */ 185 static void 186 close_listen_socks(void) 187 { 188 int i; 189 190 for (i = 0; i < num_listen_socks; i++) 191 close(listen_socks[i]); 192 num_listen_socks = 0; 193 } 194 195 /* Allocate and initialise the children array */ 196 static void 197 child_alloc(void) 198 { 199 int i; 200 201 children = xcalloc(options.max_startups, sizeof(*children)); 202 for (i = 0; i < options.max_startups; i++) { 203 children[i].pipefd = -1; 204 children[i].pid = -1; 205 } 206 } 207 208 /* Register a new connection in the children array; child pid comes later */ 209 static struct early_child * 210 child_register(int pipefd, int sockfd) 211 { 212 int i, lport, rport; 213 char *laddr = NULL, *raddr = NULL; 214 struct early_child *child = NULL; 215 struct sockaddr_storage addr; 216 socklen_t addrlen = sizeof(addr); 217 struct sockaddr *sa = (struct sockaddr *)&addr; 218 219 for (i = 0; i < options.max_startups; i++) { 220 if (children[i].pipefd != -1 || children[i].pid > 0) 221 continue; 222 child = &(children[i]); 223 break; 224 } 225 if (child == NULL) { 226 fatal_f("error: accepted connection when all %d child " 227 " slots full", options.max_startups); 228 } 229 child->pipefd = pipefd; 230 child->early = 1; 231 /* record peer address, if available */ 232 if (getpeername(sockfd, sa, &addrlen) == 0 && 233 addr_sa_to_xaddr(sa, addrlen, &child->addr) == 0) 234 child->have_addr = 1; 235 /* format peer address string for logs */ 236 if ((lport = get_local_port(sockfd)) == 0 || 237 (rport = get_peer_port(sockfd)) == 0) { 238 /* Not a TCP socket */ 239 raddr = get_peer_ipaddr(sockfd); 240 xasprintf(&child->id, "connection from %s", raddr); 241 } else { 242 laddr = get_local_ipaddr(sockfd); 243 raddr = get_peer_ipaddr(sockfd); 244 xasprintf(&child->id, "connection from %s to %s", raddr, laddr); 245 } 246 free(laddr); 247 free(raddr); 248 if (++children_active > options.max_startups) 249 fatal_f("internal error: more children than max_startups"); 250 251 return child; 252 } 253 254 /* 255 * Finally free a child entry. Don't call this directly. 256 */ 257 static void 258 child_finish(struct early_child *child) 259 { 260 if (children_active == 0) 261 fatal_f("internal error: children_active underflow"); 262 if (child->pipefd != -1) 263 close(child->pipefd); 264 free(child->id); 265 memset(child, '\0', sizeof(*child)); 266 child->pipefd = -1; 267 child->pid = -1; 268 children_active--; 269 } 270 271 /* 272 * Close a child's pipe. This will not stop tracking the child immediately 273 * (it will still be tracked for waitpid()) unless force_final is set, or 274 * child has already exited. 275 */ 276 static void 277 child_close(struct early_child *child, int force_final, int quiet) 278 { 279 if (!quiet) 280 debug_f("enter%s", force_final ? " (forcing)" : ""); 281 if (child->pipefd != -1) { 282 close(child->pipefd); 283 child->pipefd = -1; 284 } 285 if (child->pid == -1 || force_final) 286 child_finish(child); 287 } 288 289 /* Record a child exit. Safe to call from signal handlers */ 290 static void 291 child_exit(pid_t pid, int status) 292 { 293 int i; 294 295 if (children == NULL || pid <= 0) 296 return; 297 for (i = 0; i < options.max_startups; i++) { 298 if (children[i].pid == pid) { 299 children[i].have_status = 1; 300 children[i].status = status; 301 break; 302 } 303 } 304 } 305 306 /* 307 * Reap a child entry that has exited, as previously flagged 308 * using child_exit(). 309 * Handles logging of exit condition and will finalise the child if its pipe 310 * had already been closed. 311 */ 312 static void 313 child_reap(struct early_child *child) 314 { 315 LogLevel level = SYSLOG_LEVEL_DEBUG1; 316 int was_crash, penalty_type = SRCLIMIT_PENALTY_NONE; 317 318 /* Log exit information */ 319 if (WIFSIGNALED(child->status)) { 320 /* 321 * Increase logging for signals potentially associated 322 * with serious conditions. 323 */ 324 if ((was_crash = signal_is_crash(WTERMSIG(child->status)))) 325 level = SYSLOG_LEVEL_ERROR; 326 do_log2(level, "session process %ld for %s killed by " 327 "signal %d%s", (long)child->pid, child->id, 328 WTERMSIG(child->status), child->early ? " (early)" : ""); 329 if (was_crash) 330 penalty_type = SRCLIMIT_PENALTY_CRASH; 331 } else if (!WIFEXITED(child->status)) { 332 penalty_type = SRCLIMIT_PENALTY_CRASH; 333 error("session process %ld for %s terminated abnormally, " 334 "status=0x%x%s", (long)child->pid, child->id, child->status, 335 child->early ? " (early)" : ""); 336 } else { 337 /* Normal exit. We care about the status */ 338 switch (WEXITSTATUS(child->status)) { 339 case 0: 340 debug3_f("preauth child %ld for %s completed " 341 "normally %s", (long)child->pid, child->id, 342 child->early ? " (early)" : ""); 343 break; 344 case EXIT_LOGIN_GRACE: 345 penalty_type = SRCLIMIT_PENALTY_GRACE_EXCEEDED; 346 logit("Timeout before authentication for %s, " 347 "pid = %ld%s", child->id, (long)child->pid, 348 child->early ? " (early)" : ""); 349 break; 350 case EXIT_CHILD_CRASH: 351 penalty_type = SRCLIMIT_PENALTY_CRASH; 352 logit("Session process %ld unpriv child crash for %s%s", 353 (long)child->pid, child->id, 354 child->early ? " (early)" : ""); 355 break; 356 case EXIT_AUTH_ATTEMPTED: 357 penalty_type = SRCLIMIT_PENALTY_AUTHFAIL; 358 debug_f("preauth child %ld for %s exited " 359 "after unsuccessful auth attempt %s", 360 (long)child->pid, child->id, 361 child->early ? " (early)" : ""); 362 break; 363 case EXIT_CONFIG_REFUSED: 364 penalty_type = SRCLIMIT_PENALTY_REFUSECONNECTION; 365 debug_f("preauth child %ld for %s prohibited by" 366 "RefuseConnection %s", 367 (long)child->pid, child->id, 368 child->early ? " (early)" : ""); 369 break; 370 default: 371 penalty_type = SRCLIMIT_PENALTY_NOAUTH; 372 debug_f("preauth child %ld for %s exited " 373 "with status %d%s", (long)child->pid, child->id, 374 WEXITSTATUS(child->status), 375 child->early ? " (early)" : ""); 376 break; 377 } 378 } 379 380 if (child->have_addr) 381 srclimit_penalise(&child->addr, penalty_type); 382 383 child->pid = -1; 384 child->have_status = 0; 385 if (child->pipefd == -1) 386 child_finish(child); 387 } 388 389 /* Reap all children that have exited; called after SIGCHLD */ 390 static void 391 child_reap_all_exited(void) 392 { 393 int i; 394 pid_t pid; 395 int status; 396 397 if (children == NULL) 398 return; 399 400 for (;;) { 401 if ((pid = waitpid(-1, &status, WNOHANG)) == 0) 402 break; 403 else if (pid == -1) { 404 if (errno == EINTR || errno == EAGAIN) 405 continue; 406 if (errno != ECHILD) 407 error_f("waitpid: %s", strerror(errno)); 408 break; 409 } 410 child_exit(pid, status); 411 } 412 413 for (i = 0; i < options.max_startups; i++) { 414 if (!children[i].have_status) 415 continue; 416 child_reap(&(children[i])); 417 } 418 } 419 420 static void 421 close_startup_pipes(void) 422 { 423 int i; 424 425 if (children == NULL) 426 return; 427 for (i = 0; i < options.max_startups; i++) { 428 if (children[i].pipefd != -1) 429 child_close(&(children[i]), 1, 1); 430 } 431 } 432 433 /* Called after SIGINFO */ 434 static void 435 show_info(void) 436 { 437 int i; 438 439 /* XXX print listening sockets here too */ 440 if (children == NULL) 441 return; 442 logit("%d active startups", children_active); 443 for (i = 0; i < options.max_startups; i++) { 444 if (children[i].pipefd == -1 && children[i].pid <= 0) 445 continue; 446 logit("child %d: fd=%d pid=%ld %s%s", i, children[i].pipefd, 447 (long)children[i].pid, children[i].id, 448 children[i].early ? " (early)" : ""); 449 } 450 srclimit_penalty_info(); 451 } 452 453 /* 454 * Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; 455 * the effect is to reread the configuration file (and to regenerate 456 * the server key). 457 */ 458 459 static void 460 sighup_handler(int sig) 461 { 462 received_sighup = 1; 463 } 464 465 /* 466 * Called from the main program after receiving SIGHUP. 467 * Restarts the server. 468 */ 469 static void 470 sighup_restart(void) 471 { 472 logit("Received SIGHUP; restarting."); 473 if (options.pid_file != NULL) 474 unlink(options.pid_file); 475 close_listen_socks(); 476 close_startup_pipes(); 477 ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */ 478 execv(saved_argv[0], saved_argv); 479 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], 480 strerror(errno)); 481 exit(1); 482 } 483 484 /* 485 * Generic signal handler for terminating signals in the master daemon. 486 */ 487 static void 488 sigterm_handler(int sig) 489 { 490 received_sigterm = sig; 491 } 492 493 static void 494 siginfo_handler(int sig) 495 { 496 received_siginfo = 1; 497 } 498 499 static void 500 main_sigchld_handler(int sig) 501 { 502 received_sigchld = 1; 503 } 504 505 /* 506 * returns 1 if connection should be dropped, 0 otherwise. 507 * dropping starts at connection #max_startups_begin with a probability 508 * of (max_startups_rate/100). the probability increases linearly until 509 * all connections are dropped for startups > max_startups 510 */ 511 static int 512 should_drop_connection(int startups) 513 { 514 int p, r; 515 516 if (startups < options.max_startups_begin) 517 return 0; 518 if (startups >= options.max_startups) 519 return 1; 520 if (options.max_startups_rate == 100) 521 return 1; 522 523 p = 100 - options.max_startups_rate; 524 p *= startups - options.max_startups_begin; 525 p /= options.max_startups - options.max_startups_begin; 526 p += options.max_startups_rate; 527 r = arc4random_uniform(100); 528 529 debug_f("p %d, r %d", p, r); 530 return (r < p) ? 1 : 0; 531 } 532 533 /* 534 * Check whether connection should be accepted by MaxStartups or for penalty. 535 * Returns 0 if the connection is accepted. If the connection is refused, 536 * returns 1 and attempts to send notification to client. 537 * Logs when the MaxStartups condition is entered or exited, and periodically 538 * while in that state. 539 */ 540 static int 541 drop_connection(int sock, int startups, int notify_pipe) 542 { 543 static struct log_ratelimit_ctx ratelimit_maxstartups; 544 static struct log_ratelimit_ctx ratelimit_penalty; 545 static int init_done; 546 char *laddr, *raddr; 547 const char *reason = NULL, *subreason = NULL; 548 const char msg[] = "Not allowed at this time\r\n"; 549 struct log_ratelimit_ctx *rl = NULL; 550 int ratelimited; 551 u_int ndropped; 552 553 if (!init_done) { 554 init_done = 1; 555 log_ratelimit_init(&ratelimit_maxstartups, 4, 60, 20, 5*60); 556 log_ratelimit_init(&ratelimit_penalty, 8, 60, 30, 2*60); 557 } 558 559 /* PerSourcePenalties */ 560 if (!srclimit_penalty_check_allow(sock, &subreason)) { 561 reason = "PerSourcePenalties"; 562 rl = &ratelimit_penalty; 563 } else { 564 /* MaxStartups */ 565 if (!should_drop_connection(startups) && 566 srclimit_check_allow(sock, notify_pipe) == 1) 567 return 0; 568 reason = "Maxstartups"; 569 rl = &ratelimit_maxstartups; 570 } 571 572 laddr = get_local_ipaddr(sock); 573 raddr = get_peer_ipaddr(sock); 574 ratelimited = log_ratelimit(rl, time(NULL), NULL, &ndropped); 575 do_log2(ratelimited ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, 576 "drop connection #%d from [%s]:%d on [%s]:%d %s", 577 startups, 578 raddr, get_peer_port(sock), 579 laddr, get_local_port(sock), 580 subreason != NULL ? subreason : reason); 581 free(laddr); 582 free(raddr); 583 if (ndropped != 0) { 584 logit("%s logging rate-limited: additional %u connections " 585 "dropped", reason, ndropped); 586 } 587 588 /* best-effort notification to client */ 589 (void)write(sock, msg, sizeof(msg) - 1); 590 return 1; 591 } 592 593 static void 594 usage(void) 595 { 596 fprintf(stderr, "%s, %s\n", SSH_VERSION, SSH_OPENSSL_VERSION); 597 fprintf(stderr, 598 "usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]\n" 599 " [-E log_file] [-f config_file] [-g login_grace_time]\n" 600 " [-h host_key_file] [-o option] [-p port] [-u len]\n" 601 ); 602 exit(1); 603 } 604 605 static struct sshbuf * 606 pack_hostkeys(void) 607 { 608 struct sshbuf *keybuf = NULL, *hostkeys = NULL; 609 int r; 610 u_int i; 611 612 if ((keybuf = sshbuf_new()) == NULL || 613 (hostkeys = sshbuf_new()) == NULL) 614 fatal_f("sshbuf_new failed"); 615 616 /* pack hostkeys into a string. Empty key slots get empty strings */ 617 for (i = 0; i < options.num_host_key_files; i++) { 618 /* private key */ 619 sshbuf_reset(keybuf); 620 if (sensitive_data.host_keys[i] != NULL && 621 (r = sshkey_private_serialize(sensitive_data.host_keys[i], 622 keybuf)) != 0) 623 fatal_fr(r, "serialize hostkey private"); 624 if ((r = sshbuf_put_stringb(hostkeys, keybuf)) != 0) 625 fatal_fr(r, "compose hostkey private"); 626 /* public key */ 627 if (sensitive_data.host_pubkeys[i] != NULL) { 628 if ((r = sshkey_puts(sensitive_data.host_pubkeys[i], 629 hostkeys)) != 0) 630 fatal_fr(r, "compose hostkey public"); 631 } else { 632 if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0) 633 fatal_fr(r, "compose hostkey empty public"); 634 } 635 /* cert */ 636 if (sensitive_data.host_certificates[i] != NULL) { 637 if ((r = sshkey_puts( 638 sensitive_data.host_certificates[i], 639 hostkeys)) != 0) 640 fatal_fr(r, "compose host cert"); 641 } else { 642 if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0) 643 fatal_fr(r, "compose host cert empty"); 644 } 645 } 646 647 sshbuf_free(keybuf); 648 return hostkeys; 649 } 650 651 static void 652 send_rexec_state(int fd, struct sshbuf *conf) 653 { 654 struct sshbuf *m = NULL, *inc = NULL, *hostkeys = NULL; 655 struct include_item *item = NULL; 656 int r, sz; 657 658 debug3_f("entering fd = %d config len %zu", fd, 659 sshbuf_len(conf)); 660 661 if ((m = sshbuf_new()) == NULL || 662 (inc = sshbuf_new()) == NULL) 663 fatal_f("sshbuf_new failed"); 664 665 /* pack includes into a string */ 666 TAILQ_FOREACH(item, &includes, entry) { 667 if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 || 668 (r = sshbuf_put_cstring(inc, item->filename)) != 0 || 669 (r = sshbuf_put_stringb(inc, item->contents)) != 0) 670 fatal_fr(r, "compose includes"); 671 } 672 673 hostkeys = pack_hostkeys(); 674 675 /* 676 * Protocol from reexec master to child: 677 * string configuration 678 * uint64 timing_secret 679 * string host_keys[] { 680 * string private_key 681 * string public_key 682 * string certificate 683 * } 684 * string included_files[] { 685 * string selector 686 * string filename 687 * string contents 688 * } 689 */ 690 if ((r = sshbuf_put_stringb(m, conf)) != 0 || 691 (r = sshbuf_put_u64(m, options.timing_secret)) != 0 || 692 (r = sshbuf_put_stringb(m, hostkeys)) != 0 || 693 (r = sshbuf_put_stringb(m, inc)) != 0) 694 fatal_fr(r, "compose config"); 695 696 /* We need to fit the entire message inside the socket send buffer */ 697 sz = ROUNDUP(sshbuf_len(m) + 5, 16*1024); 698 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &sz, sizeof sz) == -1) 699 fatal_f("setsockopt SO_SNDBUF: %s", strerror(errno)); 700 701 if (ssh_msg_send(fd, 0, m) == -1) 702 error_f("ssh_msg_send failed"); 703 704 sshbuf_free(m); 705 sshbuf_free(inc); 706 sshbuf_free(hostkeys); 707 708 debug3_f("done"); 709 } 710 711 /* 712 * Listen for TCP connections 713 */ 714 static void 715 listen_on_addrs(struct listenaddr *la) 716 { 717 int ret, listen_sock; 718 struct addrinfo *ai; 719 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 720 721 for (ai = la->addrs; ai; ai = ai->ai_next) { 722 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 723 continue; 724 if (num_listen_socks >= MAX_LISTEN_SOCKS) 725 fatal("Too many listen sockets. " 726 "Enlarge MAX_LISTEN_SOCKS"); 727 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, 728 ntop, sizeof(ntop), strport, sizeof(strport), 729 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 730 error("getnameinfo failed: %.100s", 731 ssh_gai_strerror(ret)); 732 continue; 733 } 734 /* Create socket for listening. */ 735 listen_sock = socket(ai->ai_family, ai->ai_socktype, 736 ai->ai_protocol); 737 if (listen_sock == -1) { 738 /* kernel may not support ipv6 */ 739 verbose("socket: %.100s", strerror(errno)); 740 continue; 741 } 742 if (set_nonblock(listen_sock) == -1) { 743 close(listen_sock); 744 continue; 745 } 746 if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) { 747 verbose("socket: CLOEXEC: %s", strerror(errno)); 748 close(listen_sock); 749 continue; 750 } 751 /* Socket options */ 752 set_reuseaddr(listen_sock); 753 if (la->rdomain != NULL && 754 set_rdomain(listen_sock, la->rdomain) == -1) { 755 close(listen_sock); 756 continue; 757 } 758 759 debug("Bind to port %s on %s.", strport, ntop); 760 761 /* Bind the socket to the desired port. */ 762 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) { 763 error("Bind to port %s on %s failed: %.200s.", 764 strport, ntop, strerror(errno)); 765 close(listen_sock); 766 continue; 767 } 768 listen_socks[num_listen_socks] = listen_sock; 769 num_listen_socks++; 770 771 /* Start listening on the port. */ 772 if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1) 773 fatal("listen on [%s]:%s: %.100s", 774 ntop, strport, strerror(errno)); 775 logit("Server listening on %s port %s%s%s.", 776 ntop, strport, 777 la->rdomain == NULL ? "" : " rdomain ", 778 la->rdomain == NULL ? "" : la->rdomain); 779 } 780 } 781 782 static void 783 server_listen(void) 784 { 785 u_int i; 786 787 /* Initialise per-source limit tracking. */ 788 srclimit_init(options.max_startups, 789 options.per_source_max_startups, 790 options.per_source_masklen_ipv4, 791 options.per_source_masklen_ipv6, 792 &options.per_source_penalty, 793 options.per_source_penalty_exempt); 794 795 for (i = 0; i < options.num_listen_addrs; i++) { 796 listen_on_addrs(&options.listen_addrs[i]); 797 freeaddrinfo(options.listen_addrs[i].addrs); 798 free(options.listen_addrs[i].rdomain); 799 memset(&options.listen_addrs[i], 0, 800 sizeof(options.listen_addrs[i])); 801 } 802 free(options.listen_addrs); 803 options.listen_addrs = NULL; 804 options.num_listen_addrs = 0; 805 806 if (!num_listen_socks) 807 fatal("Cannot bind any address."); 808 } 809 810 /* 811 * The main TCP accept loop. Note that, for the non-debug case, returns 812 * from this function are in a forked subprocess. 813 */ 814 static void 815 server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s, 816 int log_stderr) 817 { 818 struct pollfd *pfd = NULL; 819 int i, ret, npfd; 820 int oactive = -1, listening = 0, lameduck = 0; 821 int startup_p[2] = { -1 , -1 }, *startup_pollfd; 822 char c = 0; 823 struct sockaddr_storage from; 824 struct early_child *child; 825 socklen_t fromlen; 826 sigset_t nsigset, osigset; 827 828 /* setup fd set for accept */ 829 /* pipes connected to unauthenticated child sshd processes */ 830 child_alloc(); 831 startup_pollfd = xcalloc(options.max_startups, sizeof(int)); 832 833 /* 834 * Prepare signal mask that we use to block signals that might set 835 * received_sigterm/hup/chld/info, so that we are guaranteed 836 * to immediately wake up the ppoll if a signal is received after 837 * the flag is checked. 838 */ 839 sigemptyset(&nsigset); 840 sigaddset(&nsigset, SIGHUP); 841 sigaddset(&nsigset, SIGCHLD); 842 sigaddset(&nsigset, SIGINFO); 843 sigaddset(&nsigset, SIGTERM); 844 sigaddset(&nsigset, SIGQUIT); 845 846 /* sized for worst-case */ 847 pfd = xcalloc(num_listen_socks + options.max_startups, 848 sizeof(struct pollfd)); 849 850 /* 851 * Stay listening for connections until the system crashes or 852 * the daemon is killed with a signal. 853 */ 854 for (;;) { 855 sigprocmask(SIG_BLOCK, &nsigset, &osigset); 856 if (received_sigterm) { 857 logit("Received signal %d; terminating.", 858 (int) received_sigterm); 859 close_listen_socks(); 860 if (options.pid_file != NULL) 861 unlink(options.pid_file); 862 exit(received_sigterm == SIGTERM ? 0 : 255); 863 } 864 if (received_sigchld) { 865 child_reap_all_exited(); 866 received_sigchld = 0; 867 } 868 if (received_siginfo) { 869 show_info(); 870 received_siginfo = 0; 871 } 872 if (oactive != children_active) { 873 setproctitle("%s [listener] %d of %d-%d startups", 874 listener_proctitle, children_active, 875 options.max_startups_begin, options.max_startups); 876 oactive = children_active; 877 } 878 if (received_sighup) { 879 if (!lameduck) { 880 debug("Received SIGHUP; waiting for children"); 881 close_listen_socks(); 882 lameduck = 1; 883 } 884 if (listening <= 0) { 885 sigprocmask(SIG_SETMASK, &osigset, NULL); 886 sighup_restart(); 887 } 888 } 889 890 for (i = 0; i < num_listen_socks; i++) { 891 pfd[i].fd = listen_socks[i]; 892 pfd[i].events = POLLIN; 893 } 894 npfd = num_listen_socks; 895 for (i = 0; i < options.max_startups; i++) { 896 startup_pollfd[i] = -1; 897 if (children[i].pipefd != -1) { 898 pfd[npfd].fd = children[i].pipefd; 899 pfd[npfd].events = POLLIN; 900 startup_pollfd[i] = npfd++; 901 } 902 } 903 904 /* Wait until a connection arrives or a child exits. */ 905 ret = ppoll(pfd, npfd, NULL, &osigset); 906 if (ret == -1 && errno != EINTR) { 907 error("ppoll: %.100s", strerror(errno)); 908 if (errno == EINVAL) 909 cleanup_exit(1); /* can't recover */ 910 } 911 sigprocmask(SIG_SETMASK, &osigset, NULL); 912 if (ret == -1) 913 continue; 914 915 for (i = 0; i < options.max_startups; i++) { 916 if (children[i].pipefd == -1 || 917 startup_pollfd[i] == -1 || 918 !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP))) 919 continue; 920 switch (read(children[i].pipefd, &c, sizeof(c))) { 921 case -1: 922 if (errno == EINTR || errno == EAGAIN) 923 continue; 924 if (errno != EPIPE) { 925 error_f("startup pipe %d (fd=%d): " 926 "read %s", i, children[i].pipefd, 927 strerror(errno)); 928 } 929 /* FALLTHROUGH */ 930 case 0: 931 /* child exited preauth */ 932 if (children[i].early) 933 listening--; 934 srclimit_done(children[i].pipefd); 935 child_close(&(children[i]), 0, 0); 936 break; 937 case 1: 938 if (children[i].early && c == '\0') { 939 /* child has finished preliminaries */ 940 listening--; 941 children[i].early = 0; 942 debug2_f("child %lu for %s received " 943 "config", (long)children[i].pid, 944 children[i].id); 945 } else if (!children[i].early && c == '\001') { 946 /* child has completed auth */ 947 debug2_f("child %lu for %s auth done", 948 (long)children[i].pid, 949 children[i].id); 950 child_close(&(children[i]), 1, 0); 951 } else { 952 error_f("unexpected message 0x%02x " 953 "child %ld for %s in state %d", 954 (int)c, (long)children[i].pid, 955 children[i].id, children[i].early); 956 } 957 break; 958 } 959 } 960 for (i = 0; i < num_listen_socks; i++) { 961 if (!(pfd[i].revents & POLLIN)) 962 continue; 963 fromlen = sizeof(from); 964 *newsock = accept(listen_socks[i], 965 (struct sockaddr *)&from, &fromlen); 966 if (*newsock == -1) { 967 if (errno != EINTR && errno != EWOULDBLOCK && 968 errno != ECONNABORTED) 969 error("accept: %.100s", 970 strerror(errno)); 971 if (errno == EMFILE || errno == ENFILE) 972 usleep(100 * 1000); 973 continue; 974 } 975 if (unset_nonblock(*newsock) == -1) { 976 close(*newsock); 977 continue; 978 } 979 if (pipe(startup_p) == -1) { 980 error_f("pipe(startup_p): %s", strerror(errno)); 981 close(*newsock); 982 continue; 983 } 984 if (drop_connection(*newsock, 985 children_active, startup_p[0])) { 986 close(*newsock); 987 close(startup_p[0]); 988 close(startup_p[1]); 989 continue; 990 } 991 992 if (socketpair(AF_UNIX, 993 SOCK_STREAM, 0, config_s) == -1) { 994 error("reexec socketpair: %s", 995 strerror(errno)); 996 close(*newsock); 997 close(startup_p[0]); 998 close(startup_p[1]); 999 continue; 1000 } 1001 1002 /* 1003 * Got connection. Fork a child to handle it, unless 1004 * we are in debugging mode. 1005 */ 1006 if (debug_flag) { 1007 /* 1008 * In debugging mode. Close the listening 1009 * socket, and start processing the 1010 * connection without forking. 1011 */ 1012 debug("Server will not fork when running in debugging mode."); 1013 close_listen_socks(); 1014 *sock_in = *newsock; 1015 *sock_out = *newsock; 1016 close(startup_p[0]); 1017 close(startup_p[1]); 1018 startup_pipe = -1; 1019 send_rexec_state(config_s[0], cfg); 1020 close(config_s[0]); 1021 free(pfd); 1022 return; 1023 } 1024 1025 /* 1026 * Normal production daemon. Fork, and have 1027 * the child process the connection. The 1028 * parent continues listening. 1029 */ 1030 listening++; 1031 child = child_register(startup_p[0], *newsock); 1032 if ((child->pid = fork()) == 0) { 1033 /* 1034 * Child. Close the listening and 1035 * max_startup sockets. Start using 1036 * the accepted socket. Reinitialize 1037 * logging (since our pid has changed). 1038 * We return from this function to handle 1039 * the connection. 1040 */ 1041 startup_pipe = startup_p[1]; 1042 close_startup_pipes(); 1043 close_listen_socks(); 1044 *sock_in = *newsock; 1045 *sock_out = *newsock; 1046 log_init(__progname, 1047 options.log_level, 1048 options.log_facility, 1049 log_stderr); 1050 close(config_s[0]); 1051 free(pfd); 1052 return; 1053 } 1054 1055 /* Parent. Stay in the loop. */ 1056 if (child->pid == -1) 1057 error("fork: %.100s", strerror(errno)); 1058 else 1059 debug("Forked child %ld.", (long)child->pid); 1060 1061 close(startup_p[1]); 1062 1063 close(config_s[1]); 1064 send_rexec_state(config_s[0], cfg); 1065 close(config_s[0]); 1066 close(*newsock); 1067 } 1068 } 1069 } 1070 1071 static void 1072 accumulate_host_timing_secret(struct sshbuf *server_cfg, 1073 struct sshkey *key) 1074 { 1075 static struct ssh_digest_ctx *ctx; 1076 u_char *hash; 1077 size_t len; 1078 struct sshbuf *buf; 1079 int r; 1080 1081 if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL) 1082 fatal_f("ssh_digest_start"); 1083 if (key == NULL) { /* finalize */ 1084 /* add server config in case we are using agent for host keys */ 1085 if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg), 1086 sshbuf_len(server_cfg)) != 0) 1087 fatal_f("ssh_digest_update"); 1088 len = ssh_digest_bytes(SSH_DIGEST_SHA512); 1089 hash = xmalloc(len); 1090 if (ssh_digest_final(ctx, hash, len) != 0) 1091 fatal_f("ssh_digest_final"); 1092 options.timing_secret = PEEK_U64(hash); 1093 freezero(hash, len); 1094 ssh_digest_free(ctx); 1095 ctx = NULL; 1096 return; 1097 } 1098 if ((buf = sshbuf_new()) == NULL) 1099 fatal_f("could not allocate buffer"); 1100 if ((r = sshkey_private_serialize(key, buf)) != 0) 1101 fatal_fr(r, "encode %s key", sshkey_ssh_name(key)); 1102 if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0) 1103 fatal_f("ssh_digest_update"); 1104 sshbuf_reset(buf); 1105 sshbuf_free(buf); 1106 } 1107 1108 static char * 1109 prepare_proctitle(int ac, char **av) 1110 { 1111 char *ret = NULL; 1112 int i; 1113 1114 for (i = 0; i < ac; i++) 1115 xextendf(&ret, " ", "%s", av[i]); 1116 return ret; 1117 } 1118 1119 static void 1120 print_config(struct connection_info *connection_info) 1121 { 1122 connection_info->test = 1; 1123 parse_server_match_config(&options, &includes, connection_info); 1124 dump_config(&options); 1125 exit(0); 1126 } 1127 1128 /* 1129 * Main program for the daemon. 1130 */ 1131 int 1132 main(int ac, char **av) 1133 { 1134 extern char *optarg; 1135 extern int optind; 1136 int log_stderr = 0, inetd_flag = 0, test_flag = 0, no_daemon_flag = 0; 1137 char *config_file_name = _PATH_SERVER_CONFIG_FILE; 1138 int r, opt, do_dump_cfg = 0, keytype, already_daemon, have_agent = 0; 1139 int sock_in = -1, sock_out = -1, newsock = -1, rexec_argc = 0; 1140 int devnull, config_s[2] = { -1 , -1 }, have_connection_info = 0; 1141 char *fp, *line, *logfile = NULL, **rexec_argv = NULL; 1142 struct stat sb; 1143 u_int i, j; 1144 mode_t new_umask; 1145 struct sshkey *key; 1146 struct sshkey *pubkey; 1147 struct connection_info connection_info; 1148 sigset_t sigmask; 1149 1150 memset(&connection_info, 0, sizeof(connection_info)); 1151 1152 sigemptyset(&sigmask); 1153 sigprocmask(SIG_SETMASK, &sigmask, NULL); 1154 1155 /* Save argv. */ 1156 saved_argv = av; 1157 rexec_argc = ac; 1158 1159 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 1160 sanitise_stdfd(); 1161 1162 /* Initialize configuration options to their default values. */ 1163 initialize_server_options(&options); 1164 1165 /* Parse command-line arguments. */ 1166 while ((opt = getopt(ac, av, 1167 "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) { 1168 switch (opt) { 1169 case '4': 1170 options.address_family = AF_INET; 1171 break; 1172 case '6': 1173 options.address_family = AF_INET6; 1174 break; 1175 case 'f': 1176 config_file_name = optarg; 1177 break; 1178 case 'c': 1179 servconf_add_hostcert("[command-line]", 0, 1180 &options, optarg); 1181 break; 1182 case 'd': 1183 if (debug_flag == 0) { 1184 debug_flag = 1; 1185 options.log_level = SYSLOG_LEVEL_DEBUG1; 1186 } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) 1187 options.log_level++; 1188 break; 1189 case 'D': 1190 no_daemon_flag = 1; 1191 break; 1192 case 'G': 1193 do_dump_cfg = 1; 1194 break; 1195 case 'E': 1196 logfile = optarg; 1197 /* FALLTHROUGH */ 1198 case 'e': 1199 log_stderr = 1; 1200 break; 1201 case 'i': 1202 inetd_flag = 1; 1203 break; 1204 case 'r': 1205 logit("-r option is deprecated"); 1206 break; 1207 case 'R': 1208 fatal("-R not supported here"); 1209 break; 1210 case 'Q': 1211 /* ignored */ 1212 break; 1213 case 'q': 1214 options.log_level = SYSLOG_LEVEL_QUIET; 1215 break; 1216 case 'b': 1217 /* protocol 1, ignored */ 1218 break; 1219 case 'p': 1220 options.ports_from_cmdline = 1; 1221 if (options.num_ports >= MAX_PORTS) { 1222 fprintf(stderr, "too many ports.\n"); 1223 exit(1); 1224 } 1225 options.ports[options.num_ports++] = a2port(optarg); 1226 if (options.ports[options.num_ports-1] <= 0) { 1227 fprintf(stderr, "Bad port number.\n"); 1228 exit(1); 1229 } 1230 break; 1231 case 'g': 1232 if ((options.login_grace_time = convtime(optarg)) == -1) { 1233 fprintf(stderr, "Invalid login grace time.\n"); 1234 exit(1); 1235 } 1236 break; 1237 case 'k': 1238 /* protocol 1, ignored */ 1239 break; 1240 case 'h': 1241 servconf_add_hostkey("[command-line]", 0, 1242 &options, optarg, 1); 1243 break; 1244 case 't': 1245 test_flag = 1; 1246 break; 1247 case 'T': 1248 test_flag = 2; 1249 break; 1250 case 'C': 1251 if (parse_server_match_testspec(&connection_info, 1252 optarg) == -1) 1253 exit(1); 1254 have_connection_info = 1; 1255 break; 1256 case 'u': 1257 utmp_len = (u_int)strtonum(optarg, 0, HOST_NAME_MAX+1+1, NULL); 1258 if (utmp_len > HOST_NAME_MAX+1) { 1259 fprintf(stderr, "Invalid utmp length.\n"); 1260 exit(1); 1261 } 1262 break; 1263 case 'o': 1264 line = xstrdup(optarg); 1265 if (process_server_config_line(&options, line, 1266 "command-line", 0, NULL, NULL, &includes) != 0) 1267 exit(1); 1268 free(line); 1269 break; 1270 case 'V': 1271 fprintf(stderr, "%s, %s\n", 1272 SSH_VERSION, SSH_OPENSSL_VERSION); 1273 exit(0); 1274 default: 1275 usage(); 1276 break; 1277 } 1278 } 1279 if (!test_flag && !inetd_flag && !do_dump_cfg && !path_absolute(av[0])) 1280 fatal("sshd requires execution with an absolute path"); 1281 1282 closefrom(STDERR_FILENO + 1); 1283 1284 /* Reserve fds we'll need later for reexec things */ 1285 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) 1286 fatal("open %s: %s", _PATH_DEVNULL, strerror(errno)); 1287 while (devnull < REEXEC_MIN_FREE_FD) { 1288 if ((devnull = dup(devnull)) == -1) 1289 fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno)); 1290 } 1291 1292 #ifdef WITH_OPENSSL 1293 OpenSSL_add_all_algorithms(); 1294 #endif 1295 1296 /* If requested, redirect the logs to the specified logfile. */ 1297 if (logfile != NULL) { 1298 char *cp, pid_s[32]; 1299 1300 snprintf(pid_s, sizeof(pid_s), "%ld", (unsigned long)getpid()); 1301 cp = percent_expand(logfile, 1302 "p", pid_s, 1303 "P", "sshd", 1304 (char *)NULL); 1305 log_redirect_stderr_to(cp); 1306 free(cp); 1307 } 1308 1309 /* 1310 * Force logging to stderr until we have loaded the private host 1311 * key (unless started from inetd) 1312 */ 1313 log_init(__progname, 1314 options.log_level == SYSLOG_LEVEL_NOT_SET ? 1315 SYSLOG_LEVEL_INFO : options.log_level, 1316 options.log_facility == SYSLOG_FACILITY_NOT_SET ? 1317 SYSLOG_FACILITY_AUTH : options.log_facility, 1318 log_stderr || !inetd_flag || debug_flag); 1319 1320 sensitive_data.have_ssh2_key = 0; 1321 1322 /* 1323 * If we're not doing an extended test do not silently ignore connection 1324 * test params. 1325 */ 1326 if (test_flag < 2 && have_connection_info) 1327 fatal("Config test connection parameter (-C) provided without " 1328 "test mode (-T)"); 1329 1330 /* Fetch our configuration */ 1331 if ((cfg = sshbuf_new()) == NULL) 1332 fatal("sshbuf_new config failed"); 1333 if (strcasecmp(config_file_name, "none") != 0) 1334 load_server_config(config_file_name, cfg); 1335 1336 parse_server_config(&options, config_file_name, cfg, 1337 &includes, NULL, 0); 1338 1339 /* Fill in default values for those options not explicitly set. */ 1340 fill_default_server_options(&options); 1341 1342 /* Check that options are sensible */ 1343 if (options.authorized_keys_command_user == NULL && 1344 (options.authorized_keys_command != NULL && 1345 strcasecmp(options.authorized_keys_command, "none") != 0)) 1346 fatal("AuthorizedKeysCommand set without " 1347 "AuthorizedKeysCommandUser"); 1348 if (options.authorized_principals_command_user == NULL && 1349 (options.authorized_principals_command != NULL && 1350 strcasecmp(options.authorized_principals_command, "none") != 0)) 1351 fatal("AuthorizedPrincipalsCommand set without " 1352 "AuthorizedPrincipalsCommandUser"); 1353 1354 /* 1355 * Check whether there is any path through configured auth methods. 1356 * Unfortunately it is not possible to verify this generally before 1357 * daemonisation in the presence of Match blocks, but this catches 1358 * and warns for trivial misconfigurations that could break login. 1359 */ 1360 if (options.num_auth_methods != 0) { 1361 for (i = 0; i < options.num_auth_methods; i++) { 1362 if (auth2_methods_valid(options.auth_methods[i], 1363 1) == 0) 1364 break; 1365 } 1366 if (i >= options.num_auth_methods) 1367 fatal("AuthenticationMethods cannot be satisfied by " 1368 "enabled authentication methods"); 1369 } 1370 1371 /* Check that there are no remaining arguments. */ 1372 if (optind < ac) { 1373 fprintf(stderr, "Extra argument %s.\n", av[optind]); 1374 exit(1); 1375 } 1376 1377 debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION); 1378 1379 if (do_dump_cfg) 1380 print_config(&connection_info); 1381 1382 /* load host keys */ 1383 sensitive_data.host_keys = xcalloc(options.num_host_key_files, 1384 sizeof(struct sshkey *)); 1385 sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, 1386 sizeof(struct sshkey *)); 1387 1388 if (options.host_key_agent) { 1389 if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) 1390 setenv(SSH_AUTHSOCKET_ENV_NAME, 1391 options.host_key_agent, 1); 1392 if ((r = ssh_get_authentication_socket(NULL)) == 0) 1393 have_agent = 1; 1394 else 1395 error_r(r, "Could not connect to agent \"%s\"", 1396 options.host_key_agent); 1397 } 1398 1399 for (i = 0; i < options.num_host_key_files; i++) { 1400 int ll = options.host_key_file_userprovided[i] ? 1401 SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1; 1402 1403 if (options.host_key_files[i] == NULL) 1404 continue; 1405 if ((r = sshkey_load_private(options.host_key_files[i], "", 1406 &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) 1407 do_log2_r(r, ll, "Unable to load host key \"%s\"", 1408 options.host_key_files[i]); 1409 if (sshkey_is_sk(key) && 1410 key->sk_flags & SSH_SK_USER_PRESENCE_REQD) { 1411 debug("host key %s requires user presence, ignoring", 1412 options.host_key_files[i]); 1413 key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD; 1414 } 1415 if (r == 0 && key != NULL && 1416 (r = sshkey_shield_private(key)) != 0) { 1417 do_log2_r(r, ll, "Unable to shield host key \"%s\"", 1418 options.host_key_files[i]); 1419 sshkey_free(key); 1420 key = NULL; 1421 } 1422 if ((r = sshkey_load_public(options.host_key_files[i], 1423 &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) 1424 do_log2_r(r, ll, "Unable to load host key \"%s\"", 1425 options.host_key_files[i]); 1426 if (pubkey != NULL && key != NULL) { 1427 if (!sshkey_equal(pubkey, key)) { 1428 error("Public key for %s does not match " 1429 "private key", options.host_key_files[i]); 1430 sshkey_free(pubkey); 1431 pubkey = NULL; 1432 } 1433 } 1434 if (pubkey == NULL && key != NULL) { 1435 if ((r = sshkey_from_private(key, &pubkey)) != 0) 1436 fatal_r(r, "Could not demote key: \"%s\"", 1437 options.host_key_files[i]); 1438 } 1439 if (pubkey != NULL && (r = sshkey_check_rsa_length(pubkey, 1440 options.required_rsa_size)) != 0) { 1441 error_fr(r, "Host key %s", options.host_key_files[i]); 1442 sshkey_free(pubkey); 1443 sshkey_free(key); 1444 continue; 1445 } 1446 sensitive_data.host_keys[i] = key; 1447 sensitive_data.host_pubkeys[i] = pubkey; 1448 1449 if (key == NULL && pubkey != NULL && have_agent) { 1450 debug("will rely on agent for hostkey %s", 1451 options.host_key_files[i]); 1452 keytype = pubkey->type; 1453 } else if (key != NULL) { 1454 keytype = key->type; 1455 accumulate_host_timing_secret(cfg, key); 1456 } else { 1457 do_log2(ll, "Unable to load host key: %s", 1458 options.host_key_files[i]); 1459 sensitive_data.host_keys[i] = NULL; 1460 sensitive_data.host_pubkeys[i] = NULL; 1461 continue; 1462 } 1463 1464 switch (keytype) { 1465 case KEY_RSA: 1466 case KEY_DSA: 1467 case KEY_ECDSA: 1468 case KEY_ED25519: 1469 case KEY_ECDSA_SK: 1470 case KEY_ED25519_SK: 1471 case KEY_XMSS: 1472 if (have_agent || key != NULL) 1473 sensitive_data.have_ssh2_key = 1; 1474 break; 1475 } 1476 if ((fp = sshkey_fingerprint(pubkey, options.fingerprint_hash, 1477 SSH_FP_DEFAULT)) == NULL) 1478 fatal("sshkey_fingerprint failed"); 1479 debug("%s host key #%d: %s %s", 1480 key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); 1481 free(fp); 1482 } 1483 accumulate_host_timing_secret(cfg, NULL); 1484 if (!sensitive_data.have_ssh2_key) { 1485 logit("sshd: no hostkeys available -- exiting."); 1486 exit(1); 1487 } 1488 1489 /* 1490 * Load certificates. They are stored in an array at identical 1491 * indices to the public keys that they relate to. 1492 */ 1493 sensitive_data.host_certificates = xcalloc(options.num_host_key_files, 1494 sizeof(struct sshkey *)); 1495 for (i = 0; i < options.num_host_key_files; i++) 1496 sensitive_data.host_certificates[i] = NULL; 1497 1498 for (i = 0; i < options.num_host_cert_files; i++) { 1499 if (options.host_cert_files[i] == NULL) 1500 continue; 1501 if ((r = sshkey_load_public(options.host_cert_files[i], 1502 &key, NULL)) != 0) { 1503 error_r(r, "Could not load host certificate \"%s\"", 1504 options.host_cert_files[i]); 1505 continue; 1506 } 1507 if (!sshkey_is_cert(key)) { 1508 error("Certificate file is not a certificate: %s", 1509 options.host_cert_files[i]); 1510 sshkey_free(key); 1511 continue; 1512 } 1513 /* Find matching private key */ 1514 for (j = 0; j < options.num_host_key_files; j++) { 1515 if (sshkey_equal_public(key, 1516 sensitive_data.host_pubkeys[j])) { 1517 sensitive_data.host_certificates[j] = key; 1518 break; 1519 } 1520 } 1521 if (j >= options.num_host_key_files) { 1522 error("No matching private key for certificate: %s", 1523 options.host_cert_files[i]); 1524 sshkey_free(key); 1525 continue; 1526 } 1527 sensitive_data.host_certificates[j] = key; 1528 debug("host certificate: #%u type %d %s", j, key->type, 1529 sshkey_type(key)); 1530 } 1531 1532 /* Ensure privsep directory is correctly configured. */ 1533 if (getpwnam(SSH_PRIVSEP_USER) == NULL) 1534 fatal("Privilege separation user %s does not exist", 1535 SSH_PRIVSEP_USER); 1536 endpwent(); 1537 if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &sb) == -1) || 1538 (S_ISDIR(sb.st_mode) == 0)) 1539 fatal("Missing privilege separation directory: %s", 1540 _PATH_PRIVSEP_CHROOT_DIR); 1541 if (sb.st_uid != 0 || (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) 1542 fatal("%s must be owned by root and not group or " 1543 "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); 1544 1545 if (test_flag > 1) 1546 print_config(&connection_info); 1547 1548 /* Configuration looks good, so exit if in test mode. */ 1549 if (test_flag) 1550 exit(0); 1551 1552 /* Prepare arguments for sshd-session */ 1553 if (rexec_argc < 0) 1554 fatal("rexec_argc %d < 0", rexec_argc); 1555 rexec_argv = xcalloc(rexec_argc + 3, sizeof(char *)); 1556 /* Point to the sshd-session binary instead of sshd */ 1557 rexec_argv[0] = options.sshd_session_path; 1558 for (i = 1; i < (u_int)rexec_argc; i++) { 1559 debug("rexec_argv[%d]='%s'", i, saved_argv[i]); 1560 rexec_argv[i] = saved_argv[i]; 1561 } 1562 rexec_argv[rexec_argc++] = "-R"; 1563 rexec_argv[rexec_argc] = NULL; 1564 if (stat(rexec_argv[0], &sb) != 0 || !(sb.st_mode & (S_IXOTH|S_IXUSR))) 1565 fatal("%s does not exist or is not executable", rexec_argv[0]); 1566 debug3("using %s for re-exec", rexec_argv[0]); 1567 1568 /* Ensure that the privsep binary exists now too. */ 1569 if (stat(options.sshd_auth_path, &sb) != 0 || 1570 !(sb.st_mode & (S_IXOTH|S_IXUSR))) { 1571 fatal("%s does not exist or is not executable", 1572 options.sshd_auth_path); 1573 } 1574 1575 listener_proctitle = prepare_proctitle(ac, av); 1576 1577 /* Ensure that umask disallows at least group and world write */ 1578 new_umask = umask(0077) | 0022; 1579 (void) umask(new_umask); 1580 1581 /* Initialize the log (it is reinitialized below in case we forked). */ 1582 if (debug_flag && !inetd_flag) 1583 log_stderr = 1; 1584 log_init(__progname, options.log_level, 1585 options.log_facility, log_stderr); 1586 for (i = 0; i < options.num_log_verbose; i++) 1587 log_verbose_add(options.log_verbose[i]); 1588 1589 /* 1590 * If not in debugging mode, not started from inetd and not already 1591 * daemonized (eg re-exec via SIGHUP), disconnect from the controlling 1592 * terminal, and fork. The original process exits. 1593 */ 1594 already_daemon = daemonized(); 1595 if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) { 1596 1597 if (daemon(0, 0) == -1) 1598 fatal("daemon() failed: %.200s", strerror(errno)); 1599 1600 disconnect_controlling_tty(); 1601 } 1602 /* Reinitialize the log (because of the fork above). */ 1603 log_init(__progname, options.log_level, options.log_facility, log_stderr); 1604 1605 /* 1606 * Chdir to the root directory so that the current disk can be 1607 * unmounted if desired. 1608 */ 1609 if (chdir("/") == -1) 1610 error("chdir(\"/\"): %s", strerror(errno)); 1611 1612 /* ignore SIGPIPE */ 1613 ssh_signal(SIGPIPE, SIG_IGN); 1614 1615 /* Get a connection, either from inetd or a listening TCP socket */ 1616 if (inetd_flag) { 1617 /* Send configuration to ancestor sshd-session process */ 1618 if (socketpair(AF_UNIX, SOCK_STREAM, 0, config_s) == -1) 1619 fatal("socketpair: %s", strerror(errno)); 1620 send_rexec_state(config_s[0], cfg); 1621 close(config_s[0]); 1622 } else { 1623 server_listen(); 1624 1625 ssh_signal(SIGHUP, sighup_handler); 1626 ssh_signal(SIGCHLD, main_sigchld_handler); 1627 ssh_signal(SIGTERM, sigterm_handler); 1628 ssh_signal(SIGQUIT, sigterm_handler); 1629 ssh_signal(SIGINFO, siginfo_handler); 1630 1631 /* 1632 * Write out the pid file after the sigterm handler 1633 * is setup and the listen sockets are bound 1634 */ 1635 if (options.pid_file != NULL && !debug_flag) { 1636 FILE *f = fopen(options.pid_file, "w"); 1637 1638 if (f == NULL) { 1639 error("Couldn't create pid file \"%s\": %s", 1640 options.pid_file, strerror(errno)); 1641 } else { 1642 fprintf(f, "%ld\n", (long) getpid()); 1643 fclose(f); 1644 } 1645 } 1646 1647 /* Accept a connection and return in a forked child */ 1648 server_accept_loop(&sock_in, &sock_out, 1649 &newsock, config_s, log_stderr); 1650 } 1651 1652 /* This is the child processing a new connection. */ 1653 setproctitle("%s", "[accepted]"); 1654 1655 /* 1656 * Create a new session and process group since the 4.4BSD 1657 * setlogin() affects the entire process group. We don't 1658 * want the child to be able to affect the parent. 1659 */ 1660 if (!debug_flag && !inetd_flag && setsid() == -1) 1661 error("setsid: %.100s", strerror(errno)); 1662 1663 debug("rexec start in %d out %d newsock %d pipe %d sock %d/%d", 1664 sock_in, sock_out, newsock, startup_pipe, config_s[0], config_s[1]); 1665 if (!inetd_flag) { 1666 if (dup2(newsock, STDIN_FILENO) == -1) 1667 fatal("dup2 stdin: %s", strerror(errno)); 1668 if (dup2(STDIN_FILENO, STDOUT_FILENO) == -1) 1669 fatal("dup2 stdout: %s", strerror(errno)); 1670 if (newsock > STDOUT_FILENO) 1671 close(newsock); 1672 } 1673 if (config_s[1] != REEXEC_CONFIG_PASS_FD) { 1674 if (dup2(config_s[1], REEXEC_CONFIG_PASS_FD) == -1) 1675 fatal("dup2 config_s: %s", strerror(errno)); 1676 close(config_s[1]); 1677 } 1678 if (startup_pipe == -1) 1679 close(REEXEC_STARTUP_PIPE_FD); 1680 else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) { 1681 if (dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD) == -1) 1682 fatal("dup2 startup_p: %s", strerror(errno)); 1683 close(startup_pipe); 1684 } 1685 log_redirect_stderr_to(NULL); 1686 closefrom(REEXEC_MIN_FREE_FD); 1687 1688 ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */ 1689 execv(rexec_argv[0], rexec_argv); 1690 1691 fatal("rexec of %s failed: %s", rexec_argv[0], strerror(errno)); 1692 } 1693 1694 /* server specific fatal cleanup */ 1695 void 1696 cleanup_exit(int i) 1697 { 1698 _exit(i); 1699 } 1700