src - OpenBSD base system

diff options


context:
space:
mode:

author	Damien Miller <djm@cvs.openbsd.org>	2024-10-14 01:57:51 +0000
committer	Damien Miller <djm@cvs.openbsd.org>	2024-10-14 01:57:51 +0000
commit	eb78392079fefdaa92545cdb5c26ebebc0ef92ad (patch)
tree	bf9cc7f616d9688d143b2d9660bad96968a156e9 /usr.bin/ssh
parent	fda07d0149b31896f67bd12ef691acea767268c4 (diff)

Split per-connection sshd-session binary

This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week

Diffstat (limited to 'usr.bin/ssh')

-rw-r--r--

usr.bin/ssh/Makefile

-rw-r--r--

usr.bin/ssh/Makefile.inc

-rw-r--r--

usr.bin/ssh/log.c

-rw-r--r--

usr.bin/ssh/monitor.c

109

-rw-r--r--

usr.bin/ssh/monitor.h

-rw-r--r--

usr.bin/ssh/monitor_wrap.c

-rw-r--r--

usr.bin/ssh/monitor_wrap.h

-rw-r--r--

usr.bin/ssh/pathnames.h

-rw-r--r--

usr.bin/ssh/sandbox-pledge.c

-rw-r--r--

usr.bin/ssh/sandbox-rlimit.c

-rw-r--r--

usr.bin/ssh/servconf.c

-rw-r--r--

usr.bin/ssh/servconf.h

-rw-r--r--

usr.bin/ssh/session.c

-rw-r--r--[-rwxr-xr-x]

usr.bin/ssh/ssh-sandbox.h

-rw-r--r--

usr.bin/ssh/sshd-auth.c

836

-rw-r--r--

usr.bin/ssh/sshd-auth/Makefile

-rw-r--r--

usr.bin/ssh/sshd-session.c

318

-rw-r--r--

usr.bin/ssh/sshd-session/Makefile

-rw-r--r--

usr.bin/ssh/sshd.c

19 files changed, 1226 insertions, 443 deletions

diff --git a/usr.bin/ssh/Makefile b/usr.bin/ssh/Makefile
index 09f8b0ac800..d42cf19d4fb 100644
--- a/usr.bin/ssh/Makefile
+++ b/usr.bin/ssh/Makefile

@@ -1,8 +1,8 @@

-# $OpenBSD: Makefile,v 1.18 2024/05/17 00:30:23 djm Exp $

+# $OpenBSD: Makefile,v 1.19 2024/10/14 01:57:50 djm Exp $

.include <bsd.own.mk>

-SUBDIR= ssh sshd sshd-session \

+SUBDIR= ssh sshd sshd-session sshd-auth \

ssh-add ssh-keygen ssh-agent scp sftp-server \

ssh-keysign ssh-keyscan sftp ssh-pkcs11-helper ssh-sk-helper

diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc
index 772d7451ce6..85dd5589554 100644
--- a/usr.bin/ssh/Makefile.inc
+++ b/usr.bin/ssh/Makefile.inc

@@ -1,4 +1,4 @@

-# $OpenBSD: Makefile.inc,v 1.96 2024/09/09 02:39:57 djm Exp $

+# $OpenBSD: Makefile.inc,v 1.97 2024/10/14 01:57:50 djm Exp $

.include <bsd.own.mk>

@@ -29,9 +29,9 @@ CDIAGFLAGS+= -Wold-style-definition

CDIAGFLAGS+= -Werror

.endif

-#CDIAGFLAGS+= -fno-common

-#DEBUG=-g

-#INSTALL_STRIP=

+CDIAGFLAGS+= -fno-common

+DEBUG=-g

+INSTALL_STRIP=

WARNINGS=yes

diff --git a/usr.bin/ssh/log.c b/usr.bin/ssh/log.c
index 5e12fcb2804..8b1b3991ae7 100644
--- a/usr.bin/ssh/log.c
+++ b/usr.bin/ssh/log.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: log.c,v 1.62 2024/06/27 22:36:44 djm Exp $ */

+/* $OpenBSD: log.c,v 1.63 2024/10/14 01:57:50 djm Exp $ */

* Author: Tatu Ylonen <ylo@cs.hut.fi>

@@ -418,9 +418,9 @@ sshlogv(const char *file, const char *func, int line, int showfunc,

if (nlog_verbose == 0 && level > log_level)

return;

- snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (pid=%ld)",

+ snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (bin=%s, pid=%ld)",

(cp = strrchr(file, '/')) == NULL ? file : cp + 1, func, line,

- (long)getpid());

+ argv0 == NULL ? "UNKNOWN" : argv0, (long)getpid());

for (i = 0; i < nlog_verbose; i++) {

if (match_pattern_list(tag, log_verbose[i], 0) == 1) {

forced = 1;

diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 61a2310f49e..a36520b030c 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: monitor.c,v 1.245 2024/09/22 12:56:21 jsg Exp $ */

+/* $OpenBSD: monitor.c,v 1.246 2024/10/14 01:57:50 djm Exp $ */

@@ -90,7 +90,9 @@ static Gssctxt *gsscontext = NULL;

/* Imports */

extern ServerOptions options;

extern u_int utmp_len;

+extern struct sshbuf *cfg;

extern struct sshbuf *loginmsg;

+extern struct include_list includes;

extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */

/* State exported from the child */

@@ -111,6 +113,7 @@ int mm_answer_keyverify(struct ssh *, int, struct sshbuf *);

int mm_answer_pty(struct ssh *, int, struct sshbuf *);

int mm_answer_pty_cleanup(struct ssh *, int, struct sshbuf *);

int mm_answer_term(struct ssh *, int, struct sshbuf *);

+int mm_answer_state(struct ssh *, int, struct sshbuf *);

#ifdef GSSAPI

int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);

@@ -155,6 +158,7 @@ static int monitor_read(struct ssh *, struct monitor *, struct mon_table *,

static int monitor_read_log(struct monitor *);

struct mon_table mon_dispatch_proto20[] = {

+ {MONITOR_REQ_STATE, MON_ONCE, mm_answer_state},

#ifdef WITH_OPENSSL

{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},

#endif

@@ -177,6 +181,7 @@ struct mon_table mon_dispatch_proto20[] = {

};

struct mon_table mon_dispatch_postauth20[] = {

+ {MONITOR_REQ_STATE, MON_ONCE, mm_answer_state},

#ifdef WITH_OPENSSL

{MONITOR_REQ_MODULI, 0, mm_answer_moduli},

#endif

@@ -236,7 +241,8 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)

ssh->authctxt = authctxt;

mon_dispatch = mon_dispatch_proto20;

- /* Permit requests for moduli and signatures */

+ /* Permit requests for state, moduli and signatures */

+ monitor_permit(mon_dispatch, MONITOR_REQ_STATE, 1);

monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);

monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);

@@ -339,6 +345,7 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)

mon_dispatch = mon_dispatch_postauth20;

/* Permit requests for moduli and signatures */

+ monitor_permit(mon_dispatch, MONITOR_REQ_STATE, 1);

monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);

monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);

monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);

@@ -396,7 +403,8 @@ monitor_read_log(struct monitor *pmonitor)

/* Log it */

if (log_level_name(level) == NULL)

fatal_f("invalid log level %u (corrupted message?)", level);

- sshlogdirect(level, forced, "%s [preauth]", msg);

+ sshlogdirect(level, forced, "%s [%s]", msg,

+ mon_dispatch == mon_dispatch_postauth20 ? "postauth" : "preauth");

sshbuf_free(logmsg);

free(msg);

@@ -502,6 +510,82 @@ monitor_reset_key_state(void)

hostbased_chost = NULL;

}

+int

+mm_answer_state(struct ssh *ssh, int sock, struct sshbuf *m)

+ struct sshbuf *inc = NULL, *hostkeys = NULL;

+ struct sshbuf *opts = NULL, *confdata = NULL;

+ struct include_item *item = NULL;

+ int postauth;

+ int r;

+ sshbuf_reset(m);

+ debug_f("config len %zu", sshbuf_len(cfg));

+ if ((m = sshbuf_new()) == NULL ||

+ (inc = sshbuf_new()) == NULL ||

+ (opts = sshbuf_new()) == NULL ||

+ (confdata = sshbuf_new()) == NULL)

+ fatal_f("sshbuf_new failed");

+ /* XXX unneccessary? */

+ /* pack includes into a string */

+ TAILQ_FOREACH(item, &includes, entry) {

+ if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||

+ (r = sshbuf_put_cstring(inc, item->filename)) != 0 ||

+ (r = sshbuf_put_stringb(inc, item->contents)) != 0)

+ fatal_fr(r, "compose includes");

+ }

+ hostkeys = pack_hostkeys();

+ /*

+ * Protocol from monitor to unpriv privsep process:

+ * string configuration

+ * uint64 timing_secret XXX move delays to monitor and remove

+ * string host_keys[] {

+ * string public_key

+ * string certificate

+ * }

+ * string server_banner

+ * string client_banner

+ * string included_files[] {

+ * string selector

+ * string filename

+ * string contents

+ * }

+ * string configuration_data (postauth)

+ * string keystate (postauth)

+ * string authenticated_user (postauth)

+ * string session_info (postauth)

+ * string authopts (postauth)

+ */

+ if ((r = sshbuf_put_stringb(m, cfg)) != 0 ||

+ (r = sshbuf_put_u64(m, options.timing_secret)) != 0 ||

+ (r = sshbuf_put_stringb(m, hostkeys)) != 0 ||

+ (r = sshbuf_put_stringb(m, ssh->kex->server_version)) != 0 ||

+ (r = sshbuf_put_stringb(m, ssh->kex->client_version)) != 0 ||

+ (r = sshbuf_put_stringb(m, inc)) != 0)

+ fatal_fr(r, "compose config");

+ postauth = (authctxt && authctxt->pw && authctxt->authenticated);

+ if (postauth) {

+ /* XXX shouldn't be reachable */

+ fatal_f("internal error: called in postauth");

+ }

+ sshbuf_free(inc);

+ sshbuf_free(opts);

+ sshbuf_free(confdata);

+ mm_request_send(sock, MONITOR_ANS_STATE, m);

+ debug3_f("done");

+ return (0);

#ifdef WITH_OPENSSL

int

mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m)

@@ -547,24 +631,27 @@ int

mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)

{

extern int auth_sock; /* XXX move to state struct? */

- struct sshkey *key;

+ struct sshkey *pubkey, *key;

struct sshbuf *sigbuf = NULL;

u_char *p = NULL, *signature = NULL;

char *alg = NULL;

- size_t datlen, siglen, alglen;

- int r, is_proof = 0;

- u_int keyid, compat;

+ size_t datlen, siglen;

+ int r, is_proof = 0, keyid;

+ u_int compat;

const char proof_req[] = "hostkeys-prove-00@openssh.com";

debug3_f("entering");

- if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||

+ if ((r = sshkey_froms(m, &pubkey)) != 0 ||

(r = sshbuf_get_string(m, &p, &datlen)) != 0 ||

- (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 ||

+ (r = sshbuf_get_cstring(m, &alg, NULL)) != 0 ||

(r = sshbuf_get_u32(m, &compat)) != 0)

fatal_fr(r, "parse");

- if (keyid > INT_MAX)

- fatal_f("invalid key ID");

+ if ((keyid = get_hostkey_index(pubkey, 1, ssh)) == -1)

+ fatal_f("unknown hostkey");

+ debug_f("hostkey %s index %d", sshkey_ssh_name(pubkey), keyid);

+ sshkey_free(pubkey);

* Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),

diff --git a/usr.bin/ssh/monitor.h b/usr.bin/ssh/monitor.h
index 7049e05db13..03030978557 100644
--- a/usr.bin/ssh/monitor.h
+++ b/usr.bin/ssh/monitor.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: monitor.h,v 1.24 2024/05/17 00:30:24 djm Exp $ */

+/* $OpenBSD: monitor.h,v 1.25 2024/10/14 01:57:50 djm Exp $ */

@@ -56,6 +56,7 @@ enum monitor_reqtype {

MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47,

MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,

MONITOR_REQ_TERM = 50,

+ MONITOR_REQ_STATE = 51, MONITOR_ANS_STATE = 52

};

struct ssh;

@@ -89,4 +90,6 @@ void mm_get_keystate(struct ssh *, struct monitor *);

/* XXX: should be returned via a monitor call rather than config_fd */

void mm_encode_server_options(struct sshbuf *);

+struct sshbuf *pack_hostkeys(void);

#endif /* _MONITOR_H_ */

diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c
index 97ed932b385..a2ff0f8db44 100644
--- a/usr.bin/ssh/monitor_wrap.c
+++ b/usr.bin/ssh/monitor_wrap.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: monitor_wrap.c,v 1.136 2024/06/19 23:24:47 djm Exp $ */

+/* $OpenBSD: monitor_wrap.c,v 1.137 2024/10/14 01:57:50 djm Exp $ */

@@ -107,16 +107,6 @@ mm_log_handler(LogLevel level, int forced, const char *msg, void *ctx)

sshbuf_free(log_msg);

}

-int

-mm_is_monitor(void)

- /*

- * m_pid is only set in the privileged part, and

- * points to the unprivileged child.

- */

- return (pmonitor && pmonitor->m_pid > 0);

static void

mm_reap(void)

{

@@ -260,15 +250,13 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,

const u_char *data, size_t datalen, const char *hostkey_alg,

const char *sk_provider, const char *sk_pin, u_int compat)

{

- struct kex *kex = *pmonitor->m_pkex;

struct sshbuf *m;

- u_int ndx = kex->host_key_index(key, 0, ssh);

int r;

debug3_f("entering");

if ((m = sshbuf_new()) == NULL)

fatal_f("sshbuf_new failed");

- if ((r = sshbuf_put_u32(m, ndx)) != 0 ||

+ if ((r = sshkey_puts(key, m)) != 0 ||

(r = sshbuf_put_string(m, data, datalen)) != 0 ||

(r = sshbuf_put_cstring(m, hostkey_alg)) != 0 ||

(r = sshbuf_put_u32(m, compat)) != 0)

@@ -281,6 +269,7 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,

if ((r = sshbuf_get_string(m, sigp, lenp)) != 0)

fatal_fr(r, "parse");

sshbuf_free(m);

+ debug3_f("%s signature len=%zu", hostkey_alg, *lenp);

return (0);

}

@@ -686,6 +675,72 @@ mm_terminate(void)

sshbuf_free(m);

}

+/* Request state information */

+void

+mm_get_state(struct ssh *ssh, struct include_list *includes,

+ struct sshbuf *conf, struct sshbuf **confdatap,

+ uint64_t *timing_secretp,

+ struct sshbuf **hostkeysp, struct sshbuf **keystatep,

+ u_char **pw_namep,

+ struct sshbuf **authinfop, struct sshbuf **auth_optsp)

+ struct sshbuf *m, *inc;

+ u_char *cp;

+ size_t len;

+ int r;

+ struct include_item *item;

+ debug3_f("entering");

+ if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)

+ fatal_f("sshbuf_new failed");

+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_STATE, m);

+ debug3_f("waiting for MONITOR_ANS_STATE");

+ mm_request_receive_expect(pmonitor->m_recvfd,

+ MONITOR_ANS_STATE, m);

+ if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||

+ (r = sshbuf_get_u64(m, timing_secretp)) != 0 ||

+ (r = sshbuf_froms(m, hostkeysp)) != 0 ||

+ (r = sshbuf_get_stringb(m, ssh->kex->server_version)) != 0 ||

+ (r = sshbuf_get_stringb(m, ssh->kex->client_version)) != 0 ||

+ (r = sshbuf_get_stringb(m, inc)) != 0)

+ fatal_fr(r, "parse config");

+ /* postauth */

+ if (confdatap) {

+ if ((r = sshbuf_froms(m, confdatap)) != 0 ||

+ (r = sshbuf_froms(m, keystatep)) != 0 ||

+ (r = sshbuf_get_string(m, pw_namep, NULL)) != 0 ||

+ (r = sshbuf_froms(m, authinfop)) != 0 ||

+ (r = sshbuf_froms(m, auth_optsp)) != 0)

+ fatal_fr(r, "parse config postauth");

+ }

+ if (conf != NULL && (r = sshbuf_put(conf, cp, len)))

+ fatal_fr(r, "sshbuf_put");

+ while (sshbuf_len(inc) != 0) {

+ item = xcalloc(1, sizeof(*item));

+ if ((item->contents = sshbuf_new()) == NULL)

+ fatal_f("sshbuf_new failed");

+ if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||

+ (r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||

+ (r = sshbuf_get_stringb(inc, item->contents)) != 0)

+ fatal_fr(r, "parse includes");

+ TAILQ_INSERT_TAIL(includes, item, entry);

+ }

+ free(cp);

+ sshbuf_free(m);

+ sshbuf_free(inc);

+ debug3_f("done");

static void

mm_chall_setup(char **name, char **infotxt, u_int *numprompts,

char ***prompts, u_int **echo_on)

diff --git a/usr.bin/ssh/monitor_wrap.h b/usr.bin/ssh/monitor_wrap.h
index a7809982911..af04aa67c28 100644
--- a/usr.bin/ssh/monitor_wrap.h
+++ b/usr.bin/ssh/monitor_wrap.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: monitor_wrap.h,v 1.51 2024/05/17 06:42:04 jsg Exp $ */

+/* $OpenBSD: monitor_wrap.h,v 1.52 2024/10/14 01:57:50 djm Exp $ */

@@ -75,6 +75,12 @@ void mm_session_pty_cleanup2(struct Session *);

void mm_send_keystate(struct ssh *, struct monitor*);

+/* state */

+struct include_list;

+void mm_get_state(struct ssh *, struct include_list *, struct sshbuf *,

+ struct sshbuf **, uint64_t *, struct sshbuf **, struct sshbuf **,

+ u_char **, struct sshbuf **, struct sshbuf **);

/* bsdauth */

int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);

int mm_bsdauth_respond(void *, u_int, char **);

diff --git a/usr.bin/ssh/pathnames.h b/usr.bin/ssh/pathnames.h
index 0b170505fee..2d3057d031e 100644
--- a/usr.bin/ssh/pathnames.h
+++ b/usr.bin/ssh/pathnames.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pathnames.h,v 1.32 2024/05/17 00:30:24 djm Exp $ */

+/* $OpenBSD: pathnames.h,v 1.33 2024/10/14 01:57:50 djm Exp $ */

* Author: Tatu Ylonen <ylo@cs.hut.fi>

@@ -41,6 +41,7 @@

/* Binary paths for the sshd components */

#define _PATH_SSHD_SESSION "/usr/libexec/sshd-session"

+#define _PATH_SSHD_AUTH "/usr/libexec/sshd-auth"

* The process id of the daemon listening for connections is saved here to

diff --git a/usr.bin/ssh/sandbox-pledge.c b/usr.bin/ssh/sandbox-pledge.c
index 9a12dbfead4..e69de29bb2d 100644
--- a/usr.bin/ssh/sandbox-pledge.c
+++ b/usr.bin/ssh/sandbox-pledge.c

@@ -1,71 +0,0 @@

-/* $OpenBSD: sandbox-pledge.c,v 1.2 2020/10/18 11:32:01 djm Exp $ */

-/*

- *

- * Permission to use, copy, modify, and distribute this software for any

- * purpose with or without fee is hereby granted, provided that the above

- * copyright notice and this permission notice appear in all copies.

- *

- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

- */

-#include <sys/types.h>

-#include <sys/ioctl.h>

-#include <sys/syscall.h>

-#include <sys/socket.h>

-#include <sys/wait.h>

-#include <errno.h>

-#include <limits.h>

-#include <stdarg.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <unistd.h>

-#include <pwd.h>

-#include "log.h"

-#include "ssh-sandbox.h"

-#include "xmalloc.h"

-struct ssh_sandbox {

- pid_t child_pid;

-};

-struct ssh_sandbox *

-ssh_sandbox_init(void)

- struct ssh_sandbox *box;

- debug3_f("preparing pledge sandbox");

- box = xcalloc(1, sizeof(*box));

- box->child_pid = 0;

- return box;

-void

-ssh_sandbox_child(struct ssh_sandbox *box)

- if (pledge("stdio", NULL) == -1)

- fatal_f("pledge()");

-void

-ssh_sandbox_parent_finish(struct ssh_sandbox *box)

- free(box);

- debug3_f("finished");

-void

-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)

- box->child_pid = child_pid;

- /* Nothing to do here */

diff --git a/usr.bin/ssh/sandbox-rlimit.c b/usr.bin/ssh/sandbox-rlimit.c
index 4e86174a03d..e69de29bb2d 100644
--- a/usr.bin/ssh/sandbox-rlimit.c
+++ b/usr.bin/ssh/sandbox-rlimit.c

@@ -1,86 +0,0 @@

-/* $OpenBSD: sandbox-rlimit.c,v 1.5 2020/10/18 11:32:01 djm Exp $ */

-/*

- *

- * Permission to use, copy, modify, and distribute this software for any

- * purpose with or without fee is hereby granted, provided that the above

- * copyright notice and this permission notice appear in all copies.

- *

- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

- */

-#include <sys/types.h>

-#include <sys/time.h>

-#include <sys/resource.h>

-#include <errno.h>

-#include <stdarg.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <unistd.h>

-#include "log.h"

-#include "ssh-sandbox.h"

-#include "xmalloc.h"

-/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */

-struct ssh_sandbox {

- pid_t child_pid;

-};

-struct ssh_sandbox *

-ssh_sandbox_init(void)

- struct ssh_sandbox *box;

- /*

- * Strictly, we don't need to maintain any state here but we need

- * to return non-NULL to satisfy the API.

- */

- debug3_f("preparing rlimit sandbox");

- box = xcalloc(1, sizeof(*box));

- box->child_pid = 0;

- return box;

-void

-ssh_sandbox_child(struct ssh_sandbox *box)

- struct rlimit rl_zero;

- rl_zero.rlim_cur = rl_zero.rlim_max = 0;

- if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)

- fatal_f("setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",

- strerror(errno));

- if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)

- fatal_f("setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",

- strerror(errno));

- if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)

- fatal_f("setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",

- strerror(errno));

-void

-ssh_sandbox_parent_finish(struct ssh_sandbox *box)

- free(box);

- debug3_f("finished");

-void

-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)

- box->child_pid = child_pid;

- /* Nothing to do here */

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index cd57ca01112..fa22d6f5568 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: servconf.c,v 1.419 2024/09/25 01:24:04 djm Exp $ */

+/* $OpenBSD: servconf.c,v 1.420 2024/10/14 01:57:50 djm Exp $ */

@@ -191,6 +191,7 @@ initialize_server_options(ServerOptions *options)

options->num_channel_timeouts = 0;

options->unused_connection_timeout = -1;

options->sshd_session_path = NULL;

+ options->sshd_auth_path = NULL;

options->refuse_connection = -1;

}

@@ -461,6 +462,8 @@ fill_default_server_options(ServerOptions *options)

options->unused_connection_timeout = 0;

if (options->sshd_session_path == NULL)

options->sshd_session_path = xstrdup(_PATH_SSHD_SESSION);

+ if (options->sshd_auth_path == NULL)

+ options->sshd_auth_path = xstrdup(_PATH_SSHD_AUTH);

if (options->refuse_connection == -1)

options->refuse_connection = 0;

@@ -542,7 +545,7 @@ typedef enum {

sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,

sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,

sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout,

- sSshdSessionPath, sRefuseConnection,

+ sSshdSessionPath, sSshdAuthPath, sRefuseConnection,

sDeprecated, sIgnore, sUnsupported

} ServerOpCodes;

@@ -692,6 +695,7 @@ static struct {

{ "channeltimeout", sChannelTimeout, SSHCFG_ALL },

{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },

{ "sshdsessionpath", sSshdSessionPath, SSHCFG_GLOBAL },

+ { "sshdauthpath", sSshdAuthPath, SSHCFG_GLOBAL },

{ "refuseconnection", sRefuseConnection, SSHCFG_ALL },

{ NULL, sBadOption, 0 }

};

@@ -2623,6 +2627,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,

charptr = &options->sshd_session_path;

goto parse_filename;

+ case sSshdAuthPath:

+ charptr = &options->sshd_auth_path;

+ goto parse_filename;

case sRefuseConnection:

intptr = &options->refuse_connection;

multistate_ptr = multistate_flag;

@@ -3198,6 +3206,7 @@ dump_config(ServerOptions *o)

dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);

dump_cfg_string(sRDomain, o->routing_domain);

dump_cfg_string(sSshdSessionPath, o->sshd_session_path);

+ dump_cfg_string(sSshdAuthPath, o->sshd_auth_path);

dump_cfg_string(sPerSourcePenaltyExemptList, o->per_source_penalty_exempt);

/* string arguments requiring a lookup */

diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 33ada42e048..f05f5f3c1aa 100644
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: servconf.h,v 1.168 2024/09/15 01:18:26 djm Exp $ */

+/* $OpenBSD: servconf.h,v 1.169 2024/10/14 01:57:50 djm Exp $ */

* Author: Tatu Ylonen <ylo@cs.hut.fi>

@@ -246,6 +246,7 @@ typedef struct {

int unused_connection_timeout;

char *sshd_session_path;

+ char *sshd_auth_path;

int refuse_connection;

} ServerOptions;

diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index e0239a28c0e..70127823cd0 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: session.c,v 1.338 2024/05/17 00:30:24 djm Exp $ */

+/* $OpenBSD: session.c,v 1.339 2024/10/14 01:57:50 djm Exp $ */

@@ -1224,8 +1224,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)

sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));

- /* remove hostkey from the child's memory */

- destroy_sensitive_data();

+ /* remove keys from memory */

ssh_packet_clear_keys(ssh);

/* Force a password change */

@@ -1827,10 +1826,6 @@ session_signal_req(struct ssh *ssh, Session *s)

signame, s->forced ? "forced-command" : "subsystem");

goto out;

}

- if (mm_is_monitor()) {

- error_f("session signalling requires privilege separation");

- goto out;

- }

debug_f("signal %s, killpg(%ld, %d)", signame, (long)s->pid, sig);

temporarily_use_uid(s->pw);

diff --git a/usr.bin/ssh/ssh-sandbox.h b/usr.bin/ssh/ssh-sandbox.h
index dfecd5aa00a..e69de29bb2d 100755..100644
--- a/usr.bin/ssh/ssh-sandbox.h
+++ b/usr.bin/ssh/ssh-sandbox.h

@@ -1,23 +0,0 @@

-/* $OpenBSD: ssh-sandbox.h,v 1.1 2011/06/23 09:34:13 djm Exp $ */

-/*

- *

- * Permission to use, copy, modify, and distribute this software for any

- * purpose with or without fee is hereby granted, provided that the above

- * copyright notice and this permission notice appear in all copies.

- *

- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

- */

-struct ssh_sandbox;

-struct ssh_sandbox *ssh_sandbox_init(void);

-void ssh_sandbox_child(struct ssh_sandbox *);

-void ssh_sandbox_parent_finish(struct ssh_sandbox *);

-void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);

diff --git a/usr.bin/ssh/sshd-auth.c b/usr.bin/ssh/sshd-auth.c
new file mode 100644
index 00000000000..e7225af22cf
--- /dev/null
+++ b/usr.bin/ssh/sshd-auth.c

@@ -0,0 +1,836 @@

+/* $OpenBSD: sshd-auth.c,v 1.1 2024/10/14 01:57:50 djm Exp $ */

+/*

+ * SSH2 implementation:

+ * Privilege Separation:

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ * 1. Redistributions of source code must retain the above copyright

+ * notice, this list of conditions and the following disclaimer.

+ * 2. Redistributions in binary form must reproduce the above copyright

+ * notice, this list of conditions and the following disclaimer in the

+ * documentation and/or other materials provided with the distribution.

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR

+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,

+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+ */

+#include <sys/types.h>

+#include <sys/ioctl.h>

+#include <sys/wait.h>

+#include <sys/tree.h>

+#include <sys/stat.h>

+#include <sys/socket.h>

+#include <sys/time.h>

+#include <sys/queue.h>

+#include <errno.h>

+#include <fcntl.h>

+#include <netdb.h>

+#include <paths.h>

+#include <pwd.h>

+#include <signal.h>

+#include <stdio.h>

+#include <stdlib.h>

+#include <string.h>

+#include <stdarg.h>

+#include <unistd.h>

+#include <limits.h>

+#ifdef WITH_OPENSSL

+#include <openssl/bn.h>

+#include <openssl/evp.h>

+#endif

+#include "xmalloc.h"

+#include "ssh.h"

+#include "ssh2.h"

+#include "sshpty.h"

+#include "packet.h"

+#include "log.h"

+#include "sshbuf.h"

+#include "misc.h"

+#include "match.h"

+#include "servconf.h"

+#include "uidswap.h"

+#include "compat.h"

+#include "cipher.h"

+#include "digest.h"

+#include "sshkey.h"

+#include "kex.h"

+#include "authfile.h"

+#include "pathnames.h"

+#include "atomicio.h"

+#include "canohost.h"

+#include "hostfile.h"

+#include "auth.h"

+#include "authfd.h"

+#include "msg.h"

+#include "dispatch.h"

+#include "channels.h"

+#include "session.h"

+#include "monitor.h"

+#ifdef GSSAPI

+#include "ssh-gss.h"

+#endif

+#include "monitor_wrap.h"

+#include "auth-options.h"

+#include "version.h"

+#include "ssherr.h"

+#include "sk-api.h"

+#include "srclimit.h"

+#include "dh.h"

+/* Privsep fds */

+#define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1)

+#define PRIVSEP_LOG_FD (STDERR_FILENO + 2)

+#define PRIVSEP_MIN_FREE_FD (STDERR_FILENO + 3)

+extern char *__progname;

+/* Server configuration options. */

+ServerOptions options;

+/* Name of the server configuration file. */

+char *config_file_name = _PATH_SERVER_CONFIG_FILE;

+/*

+ * Debug mode flag. This can be set on the command line. If debug

+ * mode is enabled, extra debugging output will be sent to the system

+ * log, the daemon will not go to background, and will exit after processing

+ * the first connection.

+ */

+int debug_flag = 0;

+/* Flag indicating that the daemon is being started from inetd. */

+static int inetd_flag = 0;

+/* Saved arguments to main(). */

+static char **saved_argv;

+/* Daemon's agent connection */

+int auth_sock = -1;

+static int have_agent = 0;

+u_int num_hostkeys;

+struct sshkey **host_pubkeys; /* all public host keys */

+struct sshkey **host_certificates; /* all public host certificates */

+/* record remote hostname or ip */

+u_int utmp_len = HOST_NAME_MAX+1;

+/* variables used for privilege separation */

+struct monitor *pmonitor = NULL;

+int privsep_is_preauth = 1;

+/* global connection state and authentication contexts */

+Authctxt *the_authctxt = NULL;

+struct ssh *the_active_state;

+/* global key/cert auth options. XXX move to permanent ssh->authctxt? */

+struct sshauthopt *auth_opts = NULL;

+/* sshd_config buffer */

+struct sshbuf *cfg;

+/* Included files from the configuration file */

+struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);

+/* message to be displayed after login */

+struct sshbuf *loginmsg;

+/* Prototypes for various functions defined later in this file. */

+static void do_ssh2_kex(struct ssh *);

+/* XXX stub */

+int

+mm_is_monitor(void)

+ return 0;

+static void

+privsep_child_demote(void)

+ gid_t gidset[1];

+ struct passwd *pw;

+ /* Demote the child */

+ if (getuid() == 0 || geteuid() == 0) {

+ if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)

+ fatal("Privilege separation user %s does not exist",

+ SSH_PRIVSEP_USER);

+ pw = pwcopy(pw); /* Ensure mutable */

+ endpwent();

+ freezero(pw->pw_passwd, strlen(pw->pw_passwd));

+ /* Change our root directory */

+ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)

+ fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,

+ strerror(errno));

+ if (chdir("/") == -1)

+ fatal("chdir(\"/\"): %s", strerror(errno));

+ /*

+ * Drop our privileges

+ * NB. Can't use setusercontext() after chroot.

+ */

+ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,

+ (u_int)pw->pw_gid);

+ gidset[0] = pw->pw_gid;

+ if (setgroups(1, gidset) == -1)

+ fatal("setgroups: %.100s", strerror(errno));

+ permanently_set_uid(pw);

+ }

+ /* sandbox ourselves */

+ if (pledge("stdio", NULL) == -1)

+ fatal_f("pledge()");

+static void

+append_hostkey_type(struct sshbuf *b, const char *s)

+ int r;

+ if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) {

+ debug3_f("%s key not permitted by HostkeyAlgorithms", s);

+ return;

+ }

+ if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0)

+ fatal_fr(r, "sshbuf_putf");

+static char *

+list_hostkey_types(void)

+ struct sshbuf *b;

+ struct sshkey *key;

+ char *ret;

+ u_int i;

+ if ((b = sshbuf_new()) == NULL)

+ fatal_f("sshbuf_new failed");

+ for (i = 0; i < options.num_host_key_files; i++) {

+ key = host_pubkeys[i];

+ if (key == NULL)

+ continue;

+ switch (key->type) {

+ case KEY_RSA:

+ /* for RSA we also support SHA2 signatures */

+ append_hostkey_type(b, "rsa-sha2-512");

+ append_hostkey_type(b, "rsa-sha2-256");

+ /* FALLTHROUGH */

+ case KEY_DSA:

+ case KEY_ECDSA:

+ case KEY_ED25519:

+ case KEY_ECDSA_SK:

+ case KEY_ED25519_SK:

+ case KEY_XMSS:

+ append_hostkey_type(b, sshkey_ssh_name(key));

+ break;

+ }

+ /* If the private key has a cert peer, then list that too */

+ key = host_certificates[i];

+ if (key == NULL)

+ continue;

+ switch (key->type) {

+ case KEY_RSA_CERT:

+ /* for RSA we also support SHA2 signatures */

+ append_hostkey_type(b,

+ "rsa-sha2-512-cert-v01@openssh.com");

+ append_hostkey_type(b,

+ "rsa-sha2-256-cert-v01@openssh.com");

+ /* FALLTHROUGH */

+ case KEY_DSA_CERT:

+ case KEY_ECDSA_CERT:

+ case KEY_ED25519_CERT:

+ case KEY_ECDSA_SK_CERT:

+ case KEY_ED25519_SK_CERT:

+ case KEY_XMSS_CERT:

+ append_hostkey_type(b, sshkey_ssh_name(key));

+ break;

+ }

+ if ((ret = sshbuf_dup_string(b)) == NULL)

+ fatal_f("sshbuf_dup_string failed");

+ sshbuf_free(b);

+ debug_f("%s", ret);

+ return ret;

+struct sshkey *

+get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)

+ u_int i;

+ struct sshkey *key;

+ for (i = 0; i < options.num_host_key_files; i++) {

+ switch (type) {

+ case KEY_RSA_CERT:

+ case KEY_DSA_CERT:

+ case KEY_ECDSA_CERT:

+ case KEY_ED25519_CERT:

+ case KEY_ECDSA_SK_CERT:

+ case KEY_ED25519_SK_CERT:

+ case KEY_XMSS_CERT:

+ key = host_certificates[i];

+ break;

+ default:

+ key = host_pubkeys[i];

+ break;

+ }

+ if (key == NULL || key->type != type)

+ continue;

+ switch (type) {

+ case KEY_ECDSA:

+ case KEY_ECDSA_SK:

+ case KEY_ECDSA_CERT:

+ case KEY_ECDSA_SK_CERT:

+ if (key->ecdsa_nid != nid)

+ continue;

+ /* FALLTHROUGH */

+ default:

+ return key;

+ }

+ return NULL;

+/* XXX remove */

+struct sshkey *

+get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)

+ return NULL;

+/* XXX remove */

+struct sshkey *

+get_hostkey_by_index(int ind)

+ return NULL;

+struct sshkey *

+get_hostkey_public_by_index(int ind, struct ssh *ssh)

+ if (ind < 0 || (u_int)ind >= options.num_host_key_files)

+ return (NULL);

+ return host_pubkeys[ind];

+int

+get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh)

+ u_int i;

+ for (i = 0; i < options.num_host_key_files; i++) {

+ if (sshkey_is_cert(key)) {

+ if (key == host_certificates[i] ||

+ (compare && host_certificates[i] &&

+ sshkey_equal(key, host_certificates[i])))

+ return (i);

+ } else {

+ if (key == host_pubkeys[i] ||

+ (compare && host_pubkeys[i] &&

+ sshkey_equal(key, host_pubkeys[i])))

+ return (i);

+ }

+ return (-1);

+static void

+usage(void)

+ fprintf(stderr, "%s, %s\n", SSH_VERSION, SSH_OPENSSL_VERSION);

+ fprintf(stderr,

+"usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]\n"

+" [-E log_file] [-f config_file] [-g login_grace_time]\n"

+" [-h host_key_file] [-o option] [-p port] [-u len]\n"

+ );

+ exit(1);

+static void

+parse_hostkeys(struct sshbuf *hostkeys)

+ int r;

+ u_int num_keys = 0;

+ struct sshkey *k;

+ const u_char *cp;

+ size_t len;

+ while (sshbuf_len(hostkeys) != 0) {

+ if (num_keys > 2048)

+ fatal_f("too many hostkeys");

+ host_pubkeys = xrecallocarray(host_pubkeys,

+ num_keys, num_keys + 1, sizeof(*host_pubkeys));

+ host_certificates = xrecallocarray(host_certificates,

+ num_keys, num_keys + 1, sizeof(*host_certificates));

+ /* public key */

+ k = NULL;

+ if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0)

+ fatal_fr(r, "extract pubkey");

+ if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0)

+ fatal_fr(r, "parse pubkey");

+ host_pubkeys[num_keys] = k;

+ if (k)

+ debug2_f("key %u: %s", num_keys, sshkey_ssh_name(k));

+ /* certificate */

+ k = NULL;

+ if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0)

+ fatal_fr(r, "extract pubkey");

+ if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0)

+ fatal_fr(r, "parse pubkey");

+ host_certificates[num_keys] = k;

+ if (k)

+ debug2_f("cert %u: %s", num_keys, sshkey_ssh_name(k));

+ num_keys++;

+ }

+ num_hostkeys = num_keys;

+static void

+recv_privsep_state(struct ssh *ssh, struct sshbuf *conf,

+ uint64_t *timing_secretp)

+ struct sshbuf *hostkeys;

+ debug3_f("begin");

+ mm_get_state(ssh, &includes, conf, NULL, timing_secretp,

+ &hostkeys, NULL, NULL, NULL, NULL);

+ parse_hostkeys(hostkeys);

+ sshbuf_free(hostkeys);

+ debug3_f("done");

+/*

+ * Main program for the daemon.

+ */

+int

+main(int ac, char **av)

+ struct ssh *ssh = NULL;

+ extern char *optarg;

+ extern int optind;

+ int r, opt, have_key = 0;

+ int sock_in = -1, sock_out = -1, rexeced_flag = 0;

+ char *line, *logfile = NULL;

+ u_int i;

+ mode_t new_umask;

+ Authctxt *authctxt;

+ struct connection_info *connection_info = NULL;

+ sigset_t sigmask;

+ uint64_t timing_secret = 0;

+ closefrom(PRIVSEP_MIN_FREE_FD);

+ sigemptyset(&sigmask);

+ sigprocmask(SIG_SETMASK, &sigmask, NULL);

+ /* Save argv. */

+ saved_argv = av;

+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */

+ sanitise_stdfd();

+ /* Initialize configuration options to their default values. */

+ initialize_server_options(&options);

+ /* Parse command-line arguments. */

+ while ((opt = getopt(ac, av,

+ "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {

+ switch (opt) {

+ case '4':

+ options.address_family = AF_INET;

+ break;

+ case '6':

+ options.address_family = AF_INET6;

+ break;

+ case 'f':

+ config_file_name = optarg;

+ break;

+ case 'c':

+ servconf_add_hostcert("[command-line]", 0,

+ &options, optarg);

+ break;

+ case 'd':

+ if (debug_flag == 0) {

+ debug_flag = 1;

+ options.log_level = SYSLOG_LEVEL_DEBUG1;

+ } else if (options.log_level < SYSLOG_LEVEL_DEBUG3)

+ options.log_level++;

+ break;

+ case 'D':

+ /* ignore */

+ break;

+ case 'E':

+ logfile = optarg;

+ /* FALLTHROUGH */

+ case 'e':

+ /* ignore */

+ break;

+ case 'i':

+ inetd_flag = 1;

+ break;

+ case 'r':

+ /* ignore */

+ break;

+ case 'R':

+ rexeced_flag = 1;

+ break;

+ case 'Q':

+ /* ignored */

+ break;

+ case 'q':

+ options.log_level = SYSLOG_LEVEL_QUIET;

+ break;

+ case 'b':

+ /* protocol 1, ignored */

+ break;

+ case 'p':

+ options.ports_from_cmdline = 1;

+ if (options.num_ports >= MAX_PORTS) {

+ fprintf(stderr, "too many ports.\n");

+ exit(1);

+ }

+ options.ports[options.num_ports++] = a2port(optarg);

+ if (options.ports[options.num_ports-1] <= 0) {

+ fprintf(stderr, "Bad port number.\n");

+ exit(1);

+ }

+ break;

+ case 'g':

+ if ((options.login_grace_time = convtime(optarg)) == -1) {

+ fprintf(stderr, "Invalid login grace time.\n");

+ exit(1);

+ }

+ break;

+ case 'k':

+ /* protocol 1, ignored */

+ break;

+ case 'h':

+ servconf_add_hostkey("[command-line]", 0,

+ &options, optarg, 1);

+ break;

+ case 't':

+ case 'T':

+ case 'G':

+ fatal("test/dump modes not supported");

+ break;

+ case 'C':

+ connection_info = server_get_connection_info(ssh, 0, 0);

+ if (parse_server_match_testspec(connection_info,

+ optarg) == -1)

+ exit(1);

+ break;

+ case 'u':

+ utmp_len = (u_int)strtonum(optarg, 0, HOST_NAME_MAX+1+1, NULL);

+ if (utmp_len > HOST_NAME_MAX+1) {

+ fprintf(stderr, "Invalid utmp length.\n");

+ exit(1);

+ }

+ break;

+ case 'o':

+ line = xstrdup(optarg);

+ if (process_server_config_line(&options, line,

+ "command-line", 0, NULL, NULL, &includes) != 0)

+ exit(1);

+ free(line);

+ break;

+ case 'V':

+ fprintf(stderr, "%s, %s\n",

+ SSH_VERSION, SSH_OPENSSL_VERSION);

+ exit(0);

+ default:

+ usage();

+ break;

+ }

+ if (!rexeced_flag)

+ fatal("sshd-auth should not be executed directly");

+#ifdef WITH_OPENSSL

+ OpenSSL_add_all_algorithms();

+#endif

+ /* If requested, redirect the logs to the specified logfile. */

+ if (logfile != NULL) {

+ char *cp, pid_s[32];

+ snprintf(pid_s, sizeof(pid_s), "%ld", (unsigned long)getpid());

+ cp = percent_expand(logfile,

+ "p", pid_s,

+ "P", "sshd-auth",

+ (char *)NULL);

+ log_redirect_stderr_to(cp);

+ free(cp);

+ }

+ log_init(__progname,

+ options.log_level == SYSLOG_LEVEL_NOT_SET ?

+ SYSLOG_LEVEL_INFO : options.log_level,

+ options.log_facility == SYSLOG_FACILITY_NOT_SET ?

+ SYSLOG_FACILITY_AUTH : options.log_facility, 1);

+ /* XXX can't use monitor_init(); it makes fds */

+ pmonitor = xcalloc(1, sizeof(*pmonitor));

+ pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;

+ pmonitor->m_recvfd = PRIVSEP_MONITOR_FD;

+ pmonitor->m_log_sendfd = PRIVSEP_LOG_FD;

+ set_log_handler(mm_log_handler, pmonitor);

+ /* Check that there are no remaining arguments. */

+ if (optind < ac) {

+ fprintf(stderr, "Extra argument %s.\n", av[optind]);

+ exit(1);

+ }

+ debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);

+ /* Connection passed by stdin/out */

+ if (inetd_flag) {

+ /*

+ * NB. must be different fd numbers for the !socket case,

+ * as packet_connection_is_on_socket() depends on this.

+ */

+ sock_in = dup(STDIN_FILENO);

+ sock_out = dup(STDOUT_FILENO);

+ } else {

+ /* rexec case; accept()ed socket in ancestor listener */

+ sock_in = sock_out = dup(STDIN_FILENO);

+ }

+ if (stdfd_devnull(1, 1, 0) == -1)

+ error("stdfd_devnull failed");

+ debug("network sockets: %d, %d", sock_in, sock_out);

+ /*

+ * Register our connection. This turns encryption off because we do

+ * not have a key.

+ */

+ if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)

+ fatal("Unable to create connection");

+ the_active_state = ssh;

+ ssh_packet_set_server(ssh);

+ pmonitor->m_pkex = &ssh->kex;

+ /* Fetch our configuration */

+ if ((cfg = sshbuf_new()) == NULL)

+ fatal("sshbuf_new config buf failed");

+ setproctitle("%s", "[session-auth early]");

+ recv_privsep_state(ssh, cfg, &timing_secret);

+ parse_server_config(&options, "rexec", cfg, &includes, NULL, 1);

+ /* Fill in default values for those options not explicitly set. */

+ fill_default_server_options(&options);

+ options.timing_secret = timing_secret; /* XXX eliminate from unpriv */

+#ifdef WITH_OPENSSL

+ if (options.moduli_file != NULL)

+ dh_set_moduli_file(options.moduli_file);

+#endif

+ if (options.host_key_agent) {

+ if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))

+ setenv(SSH_AUTHSOCKET_ENV_NAME,

+ options.host_key_agent, 1);

+ if ((r = ssh_get_authentication_socket(NULL)) == 0)

+ have_agent = 1;

+ else

+ error_r(r, "Could not connect to agent \"%s\"",

+ options.host_key_agent);

+ }

+ if (options.num_host_key_files != num_hostkeys) {

+ fatal("internal error: hostkeys confused (config %u recvd %u)",

+ options.num_host_key_files, num_hostkeys);

+ }

+ for (i = 0; i < options.num_host_key_files; i++) {

+ if (host_pubkeys[i] != NULL) {

+ have_key = 1;

+ break;

+ }

+ if (!have_key)

+ fatal("internal error: recieved no hostkeys");

+ /* Ensure that umask disallows at least group and world write */

+ new_umask = umask(0077) | 0022;

+ (void) umask(new_umask);

+ /* Initialize the log (it is reinitialized below in case we forked). */

+ log_init(__progname, options.log_level, options.log_facility, 1);

+ set_log_handler(mm_log_handler, pmonitor);

+ for (i = 0; i < options.num_log_verbose; i++)

+ log_verbose_add(options.log_verbose[i]);

+ /*

+ * Chdir to the root directory so that the current disk can be

+ * unmounted if desired.

+ */

+ if (chdir("/") == -1)

+ error("chdir(\"/\"): %s", strerror(errno));

+ /* This is the child authenticating a new connection. */

+ setproctitle("%s", "[session-auth]");

+ /* Executed child processes don't need these. */

+ fcntl(sock_out, F_SETFD, FD_CLOEXEC);

+ fcntl(sock_in, F_SETFD, FD_CLOEXEC);

+ ssh_signal(SIGPIPE, SIG_IGN);

+ ssh_signal(SIGALRM, SIG_DFL);

+ ssh_signal(SIGHUP, SIG_DFL);

+ ssh_signal(SIGTERM, SIG_DFL);

+ ssh_signal(SIGQUIT, SIG_DFL);

+ ssh_signal(SIGCHLD, SIG_DFL);

+ /* Prepare the channels layer */

+ channel_init_channels(ssh);

+ channel_set_af(ssh, options.address_family);

+ server_process_channel_timeouts(ssh);

+ server_process_permitopen(ssh);

+ ssh_packet_set_nonblocking(ssh);

+ /* allocate authentication context */

+ authctxt = xcalloc(1, sizeof(*authctxt));

+ ssh->authctxt = authctxt;

+ /* XXX global for cleanup, access from other modules */

+ the_authctxt = authctxt;

+ /* Set default key authentication options */

+ if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL)

+ fatal("allocation failed");

+ /* prepare buffer to collect messages to display to user after login */

+ if ((loginmsg = sshbuf_new()) == NULL)

+ fatal("sshbuf_new loginmsg failed");

+ auth_debug_reset();

+ /* Enable challenge-response authentication for privilege separation */

+ privsep_challenge_enable();

+#ifdef GSSAPI

+ /* Cache supported mechanism OIDs for later use */

+ ssh_gssapi_prepare_supported_oids();

+#endif

+ privsep_child_demote();

+ /* perform the key exchange */

+ /* authenticate user and start session */

+ do_ssh2_kex(ssh);

+ do_authentication2(ssh);

+ /*

+ * The unprivileged child now transfers the current keystate and exits.

+ */

+ mm_send_keystate(ssh, pmonitor);

+ ssh_packet_clear_keys(ssh);

+ exit(0);

+int

+sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,

+ struct sshkey *pubkey, u_char **signature, size_t *slenp,

+ const u_char *data, size_t dlen, const char *alg)

+ if (privkey) {

+ if (mm_sshkey_sign(ssh, privkey, signature, slenp,

+ data, dlen, alg, options.sk_provider, NULL,

+ ssh->compat) < 0)

+ fatal_f("privkey sign failed");

+ } else {

+ if (mm_sshkey_sign(ssh, pubkey, signature, slenp,

+ data, dlen, alg, options.sk_provider, NULL,

+ ssh->compat) < 0)

+ fatal_f("pubkey sign failed");

+ }

+ return 0;

+/* SSH2 key exchange */

+static void

+do_ssh2_kex(struct ssh *ssh)

+ char *hkalgs = NULL, *myproposal[PROPOSAL_MAX];

+ const char *compression = NULL;

+ struct kex *kex;

+ int r;

+ if (options.rekey_limit || options.rekey_interval)

+ ssh_packet_set_rekey_limits(ssh, options.rekey_limit,

+ options.rekey_interval);

+ if (options.compression == COMP_NONE)

+ compression = "none";

+ hkalgs = list_hostkey_types();

+ kex_proposal_populate_entries(ssh, myproposal, options.kex_algorithms,

+ options.ciphers, options.macs, compression, hkalgs);

+ free(hkalgs);

+ /* start key exchange */

+ if ((r = kex_setup(ssh, myproposal)) != 0)

+ fatal_r(r, "kex_setup");

+ kex_set_server_sig_algs(ssh, options.pubkey_accepted_algos);

+ kex = ssh->kex;

+#ifdef WITH_OPENSSL

+ kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;

+ kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;

+ kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;

+ kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;

+ kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;

+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;

+ kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;

+ kex->kex[KEX_ECDH_SHA2] = kex_gen_server;

+#endif

+ kex->kex[KEX_C25519_SHA256] = kex_gen_server;

+ kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;

+ kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server;

+ kex->load_host_public_key=&get_hostkey_public_by_type;

+ kex->load_host_private_key=&get_hostkey_private_by_type;

+ kex->host_key_index=&get_hostkey_index;

+ kex->sign = sshd_hostkey_sign;

+ ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);

+ kex_proposal_free_entries(myproposal);

+#ifdef DEBUG_KEXDH

+ /* send 1st encrypted/maced/compressed message */

+ if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||

+ (r = sshpkt_put_cstring(ssh, "markus")) != 0 ||

+ (r = sshpkt_send(ssh)) != 0 ||

+ (r = ssh_packet_write_wait(ssh)) != 0)

+ fatal_fr(r, "send test");

+#endif

+ debug("KEX done");

+/* server specific fatal cleanup */

+void

+cleanup_exit(int i)

+ _exit(i);

diff --git a/usr.bin/ssh/sshd-auth/Makefile b/usr.bin/ssh/sshd-auth/Makefile
new file mode 100644
index 00000000000..25e94157eeb
--- /dev/null
+++ b/usr.bin/ssh/sshd-auth/Makefile

@@ -0,0 +1,71 @@

+# $OpenBSD: Makefile,v 1.1 2024/10/14 01:57:50 djm Exp $

+.PATH: ${.CURDIR}/..

+SRCS= sshd-auth.c auth2-methods.c \

+ auth-rhosts.c auth-passwd.c sshpty.c sshlogin.c servconf.c \

+ serverloop.c auth.c auth2.c auth-options.c session.c auth2-chall.c \

+ groupaccess.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \

+ auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-pubkeyfile.c \

+ monitor_wrap.c \

+ sftp-server.c sftp-common.c sftp-realpath.c

+SRCS+= authfd.c compat.c dns.c fatal.c hostfile.c readpass.c utf8.c uidswap.c

+SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXS} ${SRCS_KEY} ${SRCS_KEYP} \

+ ${SRCS_KRL} ${SRCS_PROT} ${SRCS_PKT} ${SRCS_UTL} ${SRCS_PKCS11} \

+ ${SRCS_SK_CLIENT}

+PROG= sshd-auth

+BINDIR= /usr/libexec

+BINMODE=511

+NOMAN= 1

+.include <bsd.own.mk> # for KERBEROS and AFS

+KERBEROS5=no

+.if (${KERBEROS5:L} == "yes")

+CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV -DGSSAPI

+SRCS+= auth-krb5.c auth2-gss.c gss-serv.c gss-serv-krb5.c

+.endif

+.include <bsd.prog.mk>

+.if (${KERBEROS5:L} == "yes")

+LDADD+= -lgssapi -lkrb5 -lasn1

+LDADD+= -lwind -lroken -lcom_err -lpthread -lheimbase -lkafs

+DPADD+= ${LIBGSSAPI} ${LIBKRB5}

+.endif

+.if (${OPENSSL:L} == "yes")

+LDADD+= -lcrypto

+DPADD+= ${LIBCRYPTO}

+.endif

+LDADD+= -lutil

+DPADD+= ${LIBUTIL}

+.if (${ZLIB:L} == "yes")

+LDADD+= -lz

+DPADD+= ${LIBZ}

+.endif

+# The random relink kit, used on OpenBSD by /etc/rc

+CLEANFILES+= ${PROG}.tar install.sh

+install.sh: Makefile

+ echo "set -o errexit" > $@

+ echo "${CC} ${LDFLAGS} ${LDSTATIC} -o ${PROG}" \

+ "\`echo " ${OBJS} "| tr ' ' '\\\n' | sort -R\`" ${LDADD} >> $@

+ echo "./${PROG} -V # test it works" >> $@

+ echo "install -c -s -o root -g bin -m ${BINMODE} ${PROG} " \

+ "${BINDIR}/${PROG}" >> $@

+${PROG}.tar: ${OBJS} install.sh

+ tar cf $@ ${OBJS} install.sh

+afterinstall: ${PROG}.tar

+ install -d -o root -g wheel -m 755 \

+ ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG}

+ install -o ${BINOWN} -g ${BINGRP} -m 640 \

+ ${PROG}.tar ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG}/${PROG}.tar

diff --git a/usr.bin/ssh/sshd-session.c b/usr.bin/ssh/sshd-session.c
index e4b698db539..235f818ca88 100644
--- a/usr.bin/ssh/sshd-session.c
+++ b/usr.bin/ssh/sshd-session.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: sshd-session.c,v 1.9 2024/09/09 02:39:57 djm Exp $ */

+/* $OpenBSD: sshd-session.c,v 1.10 2024/10/14 01:57:50 djm Exp $ */

* SSH2 implementation:

* Privilege Separation:

@@ -86,7 +86,6 @@

#include "ssh-gss.h"

#endif

#include "monitor_wrap.h"

-#include "ssh-sandbox.h"

#include "auth-options.h"

#include "version.h"

#include "ssherr.h"

@@ -100,6 +99,11 @@

#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)

#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)

+/* Privsep fds */

+#define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1)

+#define PRIVSEP_LOG_FD (STDERR_FILENO + 2)

+#define PRIVSEP_MIN_FREE_FD (STDERR_FILENO + 3)

extern char *__progname;

/* Server configuration options. */

@@ -172,7 +176,17 @@ struct sshbuf *loginmsg;

/* Prototypes for various functions defined later in this file. */

void destroy_sensitive_data(void);

void demote_sensitive_data(void);

-static void do_ssh2_kex(struct ssh *);

+/* XXX reduce to stub once postauth split */

+int

+mm_is_monitor(void)

+ /*

+ * m_pid is only set in the privileged part, and

+ * points to the unprivileged child.

+ */

+ return (pmonitor && pmonitor->m_pid > 0);

* Signal handler for the alarm after the login grace period has expired.

@@ -239,50 +253,41 @@ demote_sensitive_data(void)

}

-static void

-privsep_preauth_child(void)

+struct sshbuf *

+pack_hostkeys(void)

{

- gid_t gidset[1];

- struct passwd *pw;

- /* Enable challenge-response authentication for privilege separation */

- privsep_challenge_enable();

-#ifdef GSSAPI

- /* Cache supported mechanism OIDs for later use */

- ssh_gssapi_prepare_supported_oids();

-#endif

- /* Demote the private keys to public keys. */

- demote_sensitive_data();

+ struct sshbuf *keybuf = NULL, *hostkeys = NULL;

+ int r;

+ u_int i;

- /* Demote the child */

- if (getuid() == 0 || geteuid() == 0) {

- if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)

- fatal("Privilege separation user %s does not exist",

- SSH_PRIVSEP_USER);

- pw = pwcopy(pw); /* Ensure mutable */

- endpwent();

- freezero(pw->pw_passwd, strlen(pw->pw_passwd));

- /* Change our root directory */

- if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)

- fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,

- strerror(errno));

- if (chdir("/") == -1)

- fatal("chdir(\"/\"): %s", strerror(errno));

+ if ((hostkeys = sshbuf_new()) == NULL)

+ fatal_f("sshbuf_new failed");

- /*

- * Drop our privileges

- * NB. Can't use setusercontext() after chroot.

- */

- debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,

- (u_int)pw->pw_gid);

- gidset[0] = pw->pw_gid;

- if (setgroups(1, gidset) == -1)

- fatal("setgroups: %.100s", strerror(errno));

- permanently_set_uid(pw);

+ /* pack hostkeys into a string. Empty key slots get empty strings */

+ for (i = 0; i < options.num_host_key_files; i++) {

+ /* public key */

+ if (sensitive_data.host_pubkeys[i] != NULL) {

+ if ((r = sshkey_puts(sensitive_data.host_pubkeys[i],

+ hostkeys)) != 0)

+ fatal_fr(r, "compose hostkey public");

+ } else {

+ if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0)

+ fatal_fr(r, "compose hostkey empty public");

+ }

+ /* cert */

+ if (sensitive_data.host_certificates[i] != NULL) {

+ if ((r = sshkey_puts(

+ sensitive_data.host_certificates[i],

+ hostkeys)) != 0)

+ fatal_fr(r, "compose host cert");

+ } else {

+ if ((r = sshbuf_put_string(hostkeys, NULL, 0)) != 0)

+ fatal_fr(r, "compose host cert empty");

+ }

}

+ sshbuf_free(keybuf);

+ return hostkeys;

}

static int

@@ -290,20 +295,16 @@ privsep_preauth(struct ssh *ssh)

{

int status, r;

pid_t pid;

- struct ssh_sandbox *box = NULL;

/* Set up unprivileged child process to deal with network data */

pmonitor = monitor_init();

/* Store a pointer to the kex for later rekeying */

pmonitor->m_pkex = &ssh->kex;

- box = ssh_sandbox_init();

- pid = fork();

- if (pid == -1) {

+ if ((pid = fork()) == -1)

fatal("fork of unprivileged child failed");

- } else if (pid != 0) {

+ else if (pid != 0) {

debug2("Network child is on pid %ld", (long)pid);

pmonitor->m_pid = pid;

if (have_agent) {

r = ssh_get_authentication_socket(&auth_sock);

@@ -312,8 +313,6 @@ privsep_preauth(struct ssh *ssh)

have_agent = 0;

}

- if (box != NULL)

- ssh_sandbox_parent_preauth(box, pid);

monitor_child_preauth(ssh, pmonitor);

/* Wait for the child's exit status */

@@ -332,23 +331,46 @@ privsep_preauth(struct ssh *ssh)

} else if (WIFSIGNALED(status))

fatal_f("preauth child terminated by signal %d",

WTERMSIG(status));

- if (box != NULL)

- ssh_sandbox_parent_finish(box);

return 1;

} else {

/* child */

close(pmonitor->m_sendfd);

close(pmonitor->m_log_recvfd);

- /* Arrange for logging to be sent to the monitor */

- set_log_handler(mm_log_handler, pmonitor);

- privsep_preauth_child();

- setproctitle("%s", "[net]");

- if (box != NULL)

- ssh_sandbox_child(box);

+ /*

+ * Arrange unpriv-preauth child process fds:

+ * 0, 1 network socket

+ * 2 optional stderr

+ * 3 reserved

+ * 4 monitor message socket

+ * 5 monitor logging socket

+ *

+ * We know that the monitor sockets will have fds > 4 because

+ * of the reserved fds in main()

+ */

- return 0;

+ if (ssh_packet_get_connection_in(ssh) != STDIN_FILENO &&

+ dup2(ssh_packet_get_connection_in(ssh), STDIN_FILENO) == -1)

+ fatal("dup2 stdin failed: %s", strerror(errno));

+ if (ssh_packet_get_connection_out(ssh) != STDOUT_FILENO &&

+ dup2(ssh_packet_get_connection_out(ssh),

+ STDOUT_FILENO) == -1)

+ fatal("dup2 stdout failed: %s", strerror(errno));

+ /* leave stderr as-is */

+ log_redirect_stderr_to(NULL); /* dup can clobber log fd */

+ if (pmonitor->m_recvfd != PRIVSEP_MONITOR_FD &&

+ dup2(pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) == -1)

+ fatal("dup2 monitor fd: %s", strerror(errno));

+ if (pmonitor->m_log_sendfd != PRIVSEP_LOG_FD &&

+ dup2(pmonitor->m_log_sendfd, PRIVSEP_LOG_FD) == -1)

+ fatal("dup2 log fd: %s", strerror(errno));

+ closefrom(PRIVSEP_MIN_FREE_FD);

+ saved_argv[0] = options.sshd_auth_path;

+ execv(options.sshd_auth_path, saved_argv);

+ fatal_f("exec of %s failed: %s",

+ options.sshd_auth_path, strerror(errno));

}

@@ -392,79 +414,6 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)

ssh_packet_set_authenticated(ssh);

}

-static void

-append_hostkey_type(struct sshbuf *b, const char *s)

- int r;

- if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) {

- debug3_f("%s key not permitted by HostkeyAlgorithms", s);

- return;

- }

- if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0)

- fatal_fr(r, "sshbuf_putf");

-static char *

-list_hostkey_types(void)

- struct sshbuf *b;

- struct sshkey *key;

- char *ret;

- u_int i;

- if ((b = sshbuf_new()) == NULL)

- fatal_f("sshbuf_new failed");

- for (i = 0; i < options.num_host_key_files; i++) {

- key = sensitive_data.host_keys[i];

- if (key == NULL)

- key = sensitive_data.host_pubkeys[i];

- if (key == NULL)

- continue;

- switch (key->type) {

- case KEY_RSA:

- /* for RSA we also support SHA2 signatures */

- append_hostkey_type(b, "rsa-sha2-512");

- append_hostkey_type(b, "rsa-sha2-256");

- /* FALLTHROUGH */

- case KEY_DSA:

- case KEY_ECDSA:

- case KEY_ED25519:

- case KEY_ECDSA_SK:

- case KEY_ED25519_SK:

- case KEY_XMSS:

- append_hostkey_type(b, sshkey_ssh_name(key));

- break;

- }

- /* If the private key has a cert peer, then list that too */

- key = sensitive_data.host_certificates[i];

- if (key == NULL)

- continue;

- switch (key->type) {

- case KEY_RSA_CERT:

- /* for RSA we also support SHA2 signatures */

- append_hostkey_type(b,

- "rsa-sha2-512-cert-v01@openssh.com");

- append_hostkey_type(b,

- "rsa-sha2-256-cert-v01@openssh.com");

- /* FALLTHROUGH */

- case KEY_DSA_CERT:

- case KEY_ECDSA_CERT:

- case KEY_ED25519_CERT:

- case KEY_ECDSA_SK_CERT:

- case KEY_ED25519_SK_CERT:

- case KEY_XMSS_CERT:

- append_hostkey_type(b, sshkey_ssh_name(key));

- break;

- }

- if ((ret = sshbuf_dup_string(b)) == NULL)

- fatal_f("sshbuf_dup_string failed");

- sshbuf_free(b);

- debug_f("%s", ret);

- return ret;

static struct sshkey *

get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)

{

@@ -801,7 +750,7 @@ main(int ac, char **av)

struct ssh *ssh = NULL;

extern char *optarg;

extern int optind;

- int r, opt, on = 1, remote_port;

+ int devnull, r, opt, on = 1, remote_port;

int sock_in = -1, sock_out = -1, rexeced_flag = 0, have_key = 0;

const char *remote_ip, *rdomain;

char *line, *laddr, *logfile = NULL;

@@ -950,6 +899,14 @@ main(int ac, char **av)

closefrom(REEXEC_MIN_FREE_FD);

+ /* Reserve fds we'll need later for reexec things */

+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)

+ fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));

+ while (devnull < PRIVSEP_MIN_FREE_FD) {

+ if ((devnull = dup(devnull)) == -1)

+ fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));

+ }

#ifdef WITH_OPENSSL

OpenSSL_add_all_algorithms();

#endif

@@ -985,15 +942,21 @@ main(int ac, char **av)

fatal("sshbuf_new config buf failed");

setproctitle("%s", "[rexeced]");

recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);

- close(REEXEC_CONFIG_PASS_FD);

+ /* close the fd, but keep the slot reserved */

+ if (dup2(devnull, REEXEC_CONFIG_PASS_FD) == -1)

+ fatal("dup2 devnull->config fd: %s", strerror(errno));

parse_server_config(&options, "rexec", cfg, &includes, NULL, 1);

/* Fill in default values for those options not explicitly set. */

fill_default_server_options(&options);

options.timing_secret = timing_secret;

- if (!debug_flag) {

- startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);

- close(REEXEC_STARTUP_PIPE_FD);

+ if (!debug_flag && !inetd_flag) {

+ if ((startup_pipe = dup(REEXEC_STARTUP_PIPE_FD)) == -1)

+ fatal("internal error: no startup pipe");

+ /* close the fd, but keep the slot reserved */

+ if (dup2(devnull, REEXEC_STARTUP_PIPE_FD) == -1)

+ fatal("dup2 devnull->startup fd: %s", strerror(errno));

* Signal parent that this child is at a point where

* they can go away if they have a SIGHUP pending.

@@ -1210,23 +1173,12 @@ main(int ac, char **av)

fatal("sshbuf_new loginmsg failed");

auth_debug_reset();

- if (privsep_preauth(ssh) == 1)

- goto authenticated;

+ if (privsep_preauth(ssh) != 1)

+ fatal("privsep_preauth failed");

- /* perform the key exchange */

- /* authenticate user and start session */

- do_ssh2_kex(ssh);

- do_authentication2(ssh);

+ /* Now user is authenticated */

- * The unprivileged child now transfers the current keystate and exits.

- */

- mm_send_keystate(ssh, pmonitor);

- ssh_packet_clear_keys(ssh);

- exit(0);

- authenticated:

- /*

* Cancel the alarm we set to limit the time taken for

* authentication.

@@ -1294,66 +1246,6 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,

return 0;

}

-/* SSH2 key exchange */

-static void

-do_ssh2_kex(struct ssh *ssh)

- char *hkalgs = NULL, *myproposal[PROPOSAL_MAX];

- const char *compression = NULL;

- struct kex *kex;

- int r;

- if (options.rekey_limit || options.rekey_interval)

- ssh_packet_set_rekey_limits(ssh, options.rekey_limit,

- options.rekey_interval);

- if (options.compression == COMP_NONE)

- compression = "none";

- hkalgs = list_hostkey_types();

- kex_proposal_populate_entries(ssh, myproposal, options.kex_algorithms,

- options.ciphers, options.macs, compression, hkalgs);

- free(hkalgs);

- /* start key exchange */

- if ((r = kex_setup(ssh, myproposal)) != 0)

- fatal_r(r, "kex_setup");

- kex_set_server_sig_algs(ssh, options.pubkey_accepted_algos);

- kex = ssh->kex;

-#ifdef WITH_OPENSSL

- kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;

- kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;

- kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;

- kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;

- kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;

- kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;

- kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;

- kex->kex[KEX_ECDH_SHA2] = kex_gen_server;

-#endif

- kex->kex[KEX_C25519_SHA256] = kex_gen_server;

- kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;

- kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server;

- kex->load_host_public_key=&get_hostkey_public_by_type;

- kex->load_host_private_key=&get_hostkey_private_by_type;

- kex->host_key_index=&get_hostkey_index;

- kex->sign = sshd_hostkey_sign;

- ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);

- kex_proposal_free_entries(myproposal);

-#ifdef DEBUG_KEXDH

- /* send 1st encrypted/maced/compressed message */

- if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||

- (r = sshpkt_put_cstring(ssh, "markus")) != 0 ||

- (r = sshpkt_send(ssh)) != 0 ||

- (r = ssh_packet_write_wait(ssh)) != 0)

- fatal_fr(r, "send test");

-#endif

- debug("KEX done");

/* server specific fatal cleanup */

void

cleanup_exit(int i)

diff --git a/usr.bin/ssh/sshd-session/Makefile b/usr.bin/ssh/sshd-session/Makefile
index 40d5ee270e7..04e46449ae3 100644
--- a/usr.bin/ssh/sshd-session/Makefile
+++ b/usr.bin/ssh/sshd-session/Makefile

@@ -1,4 +1,4 @@

-# $OpenBSD: Makefile,v 1.3 2024/05/17 14:42:00 naddy Exp $

+# $OpenBSD: Makefile,v 1.4 2024/10/14 01:57:50 djm Exp $

.PATH: ${.CURDIR}/..

@@ -8,7 +8,7 @@ SRCS= sshd-session.c auth2-methods.c \

groupaccess.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \

auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-pubkeyfile.c \

monitor.c monitor_wrap.c \

- sftp-server.c sftp-common.c sftp-realpath.c sandbox-pledge.c srclimit.c

+ sftp-server.c sftp-common.c sftp-realpath.c srclimit.c

SRCS+= authfd.c compat.c dns.c fatal.c hostfile.c readpass.c utf8.c uidswap.c

SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXS} ${SRCS_KEY} ${SRCS_KEYP} \

${SRCS_KRL} ${SRCS_PROT} ${SRCS_PKT} ${SRCS_UTL} ${SRCS_PKCS11} \

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index c02a7b9640c..07c62bacd7a 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: sshd.c,v 1.612 2024/09/15 01:11:26 djm Exp $ */

+/* $OpenBSD: sshd.c,v 1.613 2024/10/14 01:57:50 djm Exp $ */

@@ -1573,6 +1573,13 @@ main(int ac, char **av)

fatal("%s does not exist or is not executable", rexec_argv[0]);

debug3("using %s for re-exec", rexec_argv[0]);

+ /* Ensure that the privsep binary exists now too. */

+ if (stat(options.sshd_auth_path, &sb) != 0 ||

+ !(sb.st_mode & (S_IXOTH|S_IXUSR))) {

+ fatal("%s does not exist or is not executable",

+ options.sshd_auth_path);

+ }

listener_proctitle = prepare_proctitle(ac, av);

/* Ensure that umask disallows at least group and world write */