/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Created: Fri Mar 17 17:09:28 1995 ylo
* This program is the ssh daemon. It listens for connections from clients, and
* performs authentication, executes use commands or shell, and forwards
* information to/from the application to the user client over an encrypted
* connection. This can also handle forwarding of X11, TCP/IP, and authentication
* agent connections.
*/
#include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.97 2000/04/04 21:37:27 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
#include "pty.h"
#include "packet.h"
#include "cipher.h"
#include "mpaux.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "buffer.h"
#ifdef HAVE_OPENSSL
# include <openssl/dh.h>
# include <openssl/bn.h>
# include <openssl/hmac.h>
# include <openssl/dsa.h>
# include <openssl/rsa.h>
#endif
#ifdef HAVE_SSL
# include <ssl/dh.h>
# include <ssl/bn.h>
# include <ssl/hmac.h>
# include <ssl/dsa.h>
# include <ssl/rsa.h>
#endif
#include "key.h"
#include "auth.h"
#ifdef LIBWRAP
#include <tcpd.h>
#include <syslog.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_WARNING;
#endif /* LIBWRAP */
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
/* Server configuration options. */
ServerOptions options;
/* Name of the server configuration file. */
char *config_file_name = SERVER_CONFIG_FILE;
/*
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
* Default value is AF_UNSPEC means both IPv4 and IPv6.
*/
#ifdef IPV4_DEFAULT
int IPv4or6 = AF_INET;
#else
int IPv4or6 = AF_UNSPEC;
#endif
/*
* Debug mode flag. This can be set on the command line. If debug
* mode is enabled, extra debugging output will be sent to the system
* log, the daemon will not go to background, and will exit after processing
* the first connection.
*/
int debug_flag = 0;
/* Flag indicating that the daemon is being started from inetd. */
int inetd_flag = 0;
/* debug goes to stderr unless inetd_flag is set */
int log_stderr = 0;
/* argv[0] without path. */
char *av0;
/* Saved arguments to main(). */
char **saved_argv;
/*
* The sockets that the server is listening; this is used in the SIGHUP
* signal handler.
*/
#define MAX_LISTEN_SOCKS 16
int listen_socks[MAX_LISTEN_SOCKS];
int num_listen_socks = 0;
/*
* the client's version string, passed by sshd2 in compat mode. if != NULL,
* sshd will skip the version-number exchange
*/
char *client_version_string = NULL;
char *server_version_string = NULL;
/*
* Any really sensitive data in the application is contained in this
* structure. The idea is that this structure could be locked into memory so
* that the pages do not get written into swap. However, there are some
* problems. The private key contains BIGNUMs, and we do not (in principle)
* have access to the internals of them, and locking just the structure is
* not very useful. Currently, memory locking is not implemented.
*/
struct {
RSA *private_key; /* Private part of server key. */
RSA *host_key; /* Private part of host key. */
} sensitive_data;
/*
* Flag indicating whether the current session key has been used. This flag
* is set whenever the key is used, and cleared when the key is regenerated.
*/
int key_used = 0;
/* This is set to true when SIGHUP is received. */
int received_sighup = 0;
/* Public side of the server key. This value is regenerated regularly with
the private key. */
RSA *public_key;
/* session identifier, used by RSA-auth */
unsigned char session_id[16];
/* Prototypes for various functions defined later in this file. */
void do_ssh1_kex();
/*
* Close all listening sockets
*/
void
close_listen_socks(void)
{
int i;
for (i = 0; i < num_listen_socks; i++)
close(listen_socks[i]);
num_listen_socks = -1;
}
/*
* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP;
* the effect is to reread the configuration file (and to regenerate
* the server key).
*/
void
sighup_handler(int sig)
{
received_sighup = 1;
signal(SIGHUP, sighup_handler);
}
/*
* Called from the main program after receiving SIGHUP.
* Restarts the server.
*/
void
sighup_restart()
{
log("Received SIGHUP; restarting.");
close_listen_socks();
execv(saved_argv[0], saved_argv);
log("RESTART FAILED: av0='%s', error: %s.", av0, strerror(errno));
exit(1);
}
/*
* Generic signal handler for terminating signals in the master daemon.
* These close the listen socket; not closing it seems to cause "Address
* already in use" problems on some machines, which is inconvenient.
*/
void
sigterm_handler(int sig)
{
log("Received signal %d; terminating.", sig);
close_listen_socks();
exit(255);
}
/*
* SIGCHLD handler. This is called whenever a child dies. This will then
* reap any zombies left by exited c.
*/
void
main_sigchld_handler(int sig)
{
int save_errno = errno;
int status;
while (waitpid(-1, &status, WNOHANG) > 0)
;
signal(SIGCHLD, main_sigchld_handler);
errno = save_errno;
}
/*
* Signal handler for the alarm after the login grace period has expired.
*/
void
grace_alarm_handler(int sig