unsigned int arc4random(void)
{
unsigned int r = 0;
static int first_time = 1;
if (rc4_ready <= 0) {
if (first_time)
seed_rng();
first_time = 0;
arc4random_stir();
}
RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
rc4_ready -= sizeof(r);
return(r);
}
/*
* Signal handler for the key regeneration alarm. Note that this
* alarm only occurs in the daemon waiting for connections, and it does not
* do anything with the private key or random state before forking.
* Thus there should be no concurrency control/asynchronous execution
* problems.
*/
static void
generate_ephemeral_server_key(void)
{
u_int32_t rnd = 0;
int i;
verbose("Generating %s%d bit RSA key.",
sensitive_data.server_key ? "new " : "", options.server_key_bits);
if (sensitive_data.server_key != NULL)
key_free(sensitive_data.server_key);
sensitive_data.server_key = key_generate(KEY_RSA1,
options.server_key_bits);
verbose("RSA key generation complete.");
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
if (i % 4 == 0)
rnd = arc4random();
sensitive_data.ssh1_cookie[i] = rnd & 0xff;
rnd >>= 8;
}
arc4random_stir();
}
/*
* Calculate a uniformly distributed random number less than
* upper_bound avoiding "modulo bias".
*
* Uniformity is achieved by generating new random numbers
* until the one returned is outside the range
* [0, 2^32 % upper_bound[. This guarantees the selected
* random number will be inside the range
* [2^32 % upper_bound, 2^32[ which maps back to
* [0, upper_bound[ after reduction modulo upper_bound.
*/
uint32_t
arc4random_uniform(uint32_t upper_bound)
{
uint32_t r, min;
if (upper_bound < 2)
return (0);
#if defined(ULONG_MAX) && (ULONG_MAX > 0xFFFFFFFFUL)
min = 0x100000000UL % upper_bound;
#else
/* calculate (2^32 % upper_bound) avoiding 64-bit math */
if (upper_bound > 0x80000000U)
/* 2^32 - upper_bound (only one "value area") */
min = 1 + ~upper_bound;
else
/* ((2^32 - x) % x) == (2^32 % x) when x <= 2^31 */
min = (0xFFFFFFFFU - upper_bound + 1) % upper_bound;
#endif
/*
* This could theoretically loop forever but each retry has
* p > 0.5 (worst case, usually far better) of selecting a
* number inside the range we need, so it should rarely need
* to re-roll (at all).
*/
arc4_count -= 4;
if (!rs_initialized || arc4_stir_pid != getpid() || arc4_count <= 0)
arc4random_stir();
if (arc4_getbyte() & 1)
(void)arc4_getbyte();
do {
r = arc4_getword();
} while (r < min);
return (r % upper_bound);
}
static void
rb_stir_arc4random(void *unused)
{
arc4random_stir();
}
/* These come from OpenBSD: */
uint32_t arc4random(void) {
if (n==0) arc4random_stir();
uint32_t r=buf[n];
if (++n > sizeof(buf)/sizeof(buf[0])) n=0;
return r;
}
void
mkfs(struct partition *pp, char *fsys)
{
int fragsperinode, optimalfpg, origdensity, minfpg, lastminfpg;
long i, j, csfrags;
uint cg;
time_t utime;
quad_t sizepb;
int width;
ino_t maxinum;
int minfragsperinode; /* minimum ratio of frags to inodes */
char tmpbuf[100]; /* XXX this will break in about 2,500 years */
union {
struct fs fdummy;
char cdummy[SBLOCKSIZE];
} dummy;
#define fsdummy dummy.fdummy
#define chdummy dummy.cdummy
/*
* Our blocks == sector size, and the version of UFS we are using is
* specified by Oflag.
*/
disk.d_bsize = sectorsize;
disk.d_ufs = Oflag;
if (Rflag) {
utime = 1000000000;
} else {
time(&utime);
arc4random_stir();
}
sblock.fs_old_flags = FS_FLAGS_UPDATED;
sblock.fs_flags = 0;
if (Uflag)
sblock.fs_flags |= FS_DOSOFTDEP;
if (Lflag)
strlcpy(sblock.fs_volname, volumelabel, MAXVOLLEN);
if (Jflag)
sblock.fs_flags |= FS_GJOURNAL;
if (lflag)
sblock.fs_flags |= FS_MULTILABEL;
if (tflag)
sblock.fs_flags |= FS_TRIM;
/*
* Validate the given file system size.
* Verify that its last block can actually be accessed.
* Convert to file system fragment sized units.
*/
if (fssize <= 0) {
printf("preposterous size %jd\n", (intmax_t)fssize);
exit(13);
}
wtfs(fssize - (realsectorsize / DEV_BSIZE), realsectorsize,
(char *)&sblock);
/*
* collect and verify the file system density info
*/
sblock.fs_avgfilesize = avgfilesize;
sblock.fs_avgfpdir = avgfilesperdir;
if (sblock.fs_avgfilesize <= 0)
printf("illegal expected average file size %d\n",
sblock.fs_avgfilesize), exit(14);
if (sblock.fs_avgfpdir <= 0)
printf("illegal expected number of files per directory %d\n",
sblock.fs_avgfpdir), exit(15);
restart:
/*
* collect and verify the block and fragment sizes
*/
sblock.fs_bsize = bsize;
sblock.fs_fsize = fsize;
if (!POWEROF2(sblock.fs_bsize)) {
printf("block size must be a power of 2, not %d\n",
sblock.fs_bsize);
exit(16);
}
if (!POWEROF2(sblock.fs_fsize)) {
printf("fragment size must be a power of 2, not %d\n",
sblock.fs_fsize);
exit(17);
}
if (sblock.fs_fsize < sectorsize) {
printf("increasing fragment size from %d to sector size (%d)\n",
sblock.fs_fsize, sectorsize);
sblock.fs_fsize = sectorsize;
}
if (sblock.fs_bsize > MAXBSIZE) {
printf("decreasing block size from %d to maximum (%d)\n",
sblock.fs_bsize, MAXBSIZE);
sblock.fs_bsize = MAXBSIZE;
}
if (sblock.fs_bsize < MINBSIZE) {
printf("increasing block size from %d to minimum (%d)\n",
sblock.fs_bsize, MINBSIZE);
sblock.fs_bsize = MINBSIZE;
}
if (sblock.fs_fsize > MAXBSIZE) {
printf("decreasing fragment size from %d to maximum (%d)\n",
sblock.fs_fsize, MAXBSIZE);
sblock.fs_fsize = MAXBSIZE;
}
if (sblock.fs_bsize < sblock.fs_fsize) {
printf("increasing block size from %d to fragment size (%d)\n",
sblock.fs_bsize, sblock.fs_fsize);
sblock.fs_bsize = sblock.fs_fsize;
}
if (sblock.fs_fsize * MAXFRAG < sblock.fs_bsize) {
printf(
"increasing fragment size from %d to block size / %d (%d)\n",
sblock.fs_fsize, MAXFRAG, sblock.fs_bsize / MAXFRAG);
sblock.fs_fsize = sblock.fs_bsize / MAXFRAG;
}
if (maxbsize == 0)
maxbsize = bsize;
if (maxbsize < bsize || !POWEROF2(maxbsize)) {
sblock.fs_maxbsize = sblock.fs_bsize;
printf("Extent size set to %d\n", sblock.fs_maxbsize);
} else if (sblock.fs_maxbsize > FS_MAXCONTIG * sblock.fs_bsize) {
sblock.fs_maxbsize = FS_MAXCONTIG * sblock.fs_bsize;
printf("Extent size reduced to %d\n", sblock.fs_maxbsize);
} else {
sblock.fs_maxbsize = maxbsize;
}
/*
* Maxcontig sets the default for the maximum number of blocks
* that may be allocated sequentially. With file system clustering
* it is possible to allocate contiguous blocks up to the maximum
* transfer size permitted by the controller or buffering.
*/
if (maxcontig == 0)
maxcontig = MAX(1, MAXPHYS / bsize);
sblock.fs_maxcontig = maxcontig;
if (sblock.fs_maxcontig < sblock.fs_maxbsize / sblock.fs_bsize) {
sblock.fs_maxcontig = sblock.fs_maxbsize / sblock.fs_bsize;
printf("Maxcontig raised to %d\n", sblock.fs_maxbsize);
}
if (sblock.fs_maxcontig > 1)
sblock.fs_contigsumsize = MIN(sblock.fs_maxcontig,FS_MAXCONTIG);
sblock.fs_bmask = ~(sblock.fs_bsize - 1);
sblock.fs_fmask = ~(sblock.fs_fsize - 1);
sblock.fs_qbmask = ~sblock.fs_bmask;
sblock.fs_qfmask = ~sblock.fs_fmask;
sblock.fs_bshift = ilog2(sblock.fs_bsize);
sblock.fs_fshift = ilog2(sblock.fs_fsize);
sblock.fs_frag = numfrags(&sblock, sblock.fs_bsize);
sblock.fs_fragshift = ilog2(sblock.fs_frag);
if (sblock.fs_frag > MAXFRAG) {
printf("fragment size %d is still too small (can't happen)\n",
sblock.fs_bsize / MAXFRAG);
exit(21);
}
sblock.fs_fsbtodb = ilog2(sblock.fs_fsize / sectorsize);
sblock.fs_size = fssize = dbtofsb(&sblock, fssize);
sblock.fs_providersize = dbtofsb(&sblock, mediasize / sectorsize);
/*
* Before the filesystem is finally initialized, mark it
* as incompletely initialized.
*/
sblock.fs_magic = FS_BAD_MAGIC;
if (Oflag == 1) {
sblock.fs_sblockloc = SBLOCK_UFS1;
sblock.fs_nindir = sblock.fs_bsize / sizeof(ufs1_daddr_t);
sblock.fs_inopb = sblock.fs_bsize / sizeof(struct ufs1_dinode);
sblock.fs_maxsymlinklen = ((NDADDR + NIADDR) *
sizeof(ufs1_daddr_t));
sblock.fs_old_inodefmt = FS_44INODEFMT;
sblock.fs_old_cgoffset = 0;
sblock.fs_old_cgmask = 0xffffffff;
sblock.fs_old_size = sblock.fs_size;
sblock.fs_old_rotdelay = 0;
sblock.fs_old_rps = 60;
sblock.fs_old_nspf = sblock.fs_fsize / sectorsize;
sblock.fs_old_cpg = 1;
sblock.fs_old_interleave = 1;
sblock.fs_old_trackskew = 0;
sblock.fs_old_cpc = 0;
sblock.fs_old_postblformat = 1;
sblock.fs_old_nrpos = 1;
} else {
sblock.fs_sblockloc = SBLOCK_UFS2;
sblock.fs_nindir = sblock.fs_bsize / sizeof(ufs2_daddr_t);
sblock.fs_inopb = sblock.fs_bsize / sizeof(struct ufs2_dinode);
sblock.fs_maxsymlinklen = ((NDADDR + NIADDR) *
sizeof(ufs2_daddr_t));
}
sblock.fs_sblkno =
roundup(howmany(sblock.fs_sblockloc + SBLOCKSIZE, sblock.fs_fsize),
sblock.fs_frag);
sblock.fs_cblkno = sblock.fs_sblkno +
roundup(howmany(SBLOCKSIZE, sblock.fs_fsize), sblock.fs_frag);
sblock.fs_iblkno = sblock.fs_cblkno + sblock.fs_frag;
sblock.fs_maxfilesize = sblock.fs_bsize * NDADDR - 1;
for (sizepb = sblock.fs_bsize, i = 0; i < NIADDR; i++) {
sizepb *= NINDIR(&sblock);
sblock.fs_maxfilesize += sizepb;
}
/*
* It's impossible to create a snapshot in case that fs_maxfilesize
* is smaller than the fssize.
*/
if (sblock.fs_maxfilesize < (u_quad_t)fssize) {
warnx("WARNING: You will be unable to create snapshots on this "
"file system. Correct by using a larger blocksize.");
}
/*
* Calculate the number of blocks to put into each cylinder group.
*
* This algorithm selects the number of blocks per cylinder
* group. The first goal is to have at least enough data blocks
* in each cylinder group to meet the density requirement. Once
* this goal is achieved we try to expand to have at least
* MINCYLGRPS cylinder groups. Once this goal is achieved, we
* pack as many blocks into each cylinder group map as will fit.
*
* We start by calculating the smallest number of blocks that we
* can put into each cylinder group. If this is too big, we reduce
* the density until it fits.
*/
maxinum = (((int64_t)(1)) << 32) - INOPB(&sblock);
minfragsperinode = 1 + fssize / maxinum;
if (density == 0) {
density = MAX(NFPI, minfragsperinode) * fsize;
} else if (density < minfragsperinode * fsize) {
origdensity = density;
density = minfragsperinode * fsize;
fprintf(stderr, "density increased from %d to %d\n",
origdensity, density);
}
origdensity = density;
for (;;) {
fragsperinode = MAX(numfrags(&sblock, density), 1);
if (fragsperinode < minfragsperinode) {
bsize <<= 1;
fsize <<= 1;
printf("Block size too small for a file system %s %d\n",
"of this size. Increasing blocksize to", bsize);
goto restart;
}
minfpg = fragsperinode * INOPB(&sblock);
if (minfpg > sblock.fs_size)
minfpg = sblock.fs_size;
sblock.fs_ipg = INOPB(&sblock);
sblock.fs_fpg = roundup(sblock.fs_iblkno +
sblock.fs_ipg / INOPF(&sblock), sblock.fs_frag);
if (sblock.fs_fpg < minfpg)
sblock.fs_fpg = minfpg;
sblock.fs_ipg = roundup(howmany(sblock.fs_fpg, fragsperinode),
INOPB(&sblock));
sblock.fs_fpg = roundup(sblock.fs_iblkno +
sblock.fs_ipg / INOPF(&sblock), sblock.fs_frag);
if (sblock.fs_fpg < minfpg)
sblock.fs_fpg = minfpg;
sblock.fs_ipg = roundup(howmany(sblock.fs_fpg, fragsperinode),
INOPB(&sblock));
if (CGSIZE(&sblock) < (unsigned long)sblock.fs_bsize)
break;
density -= sblock.fs_fsize;
}
if (density != origdensity)
printf("density reduced from %d to %d\n", origdensity, density);
/*
* Start packing more blocks into the cylinder group until
* it cannot grow any larger, the number of cylinder groups
* drops below MINCYLGRPS, or we reach the size requested.
* For UFS1 inodes per cylinder group are stored in an int16_t
* so fs_ipg is limited to 2^15 - 1.
*/
for ( ; sblock.fs_fpg < maxblkspercg; sblock.fs_fpg += sblock.fs_frag) {
sblock.fs_ipg = roundup(howmany(sblock.fs_fpg, fragsperinode),
INOPB(&sblock));
if (Oflag > 1 || (Oflag == 1 && sblock.fs_ipg <= 0x7fff)) {
if (sblock.fs_size / sblock.fs_fpg < MINCYLGRPS)
break;
if (CGSIZE(&sblock) < (unsigned long)sblock.fs_bsize)
continue;
if (CGSIZE(&sblock) == (unsigned long)sblock.fs_bsize)
break;
}
sblock.fs_fpg -= sblock.fs_frag;
sblock.fs_ipg = roundup(howmany(sblock.fs_fpg, fragsperinode),
INOPB(&sblock));
break;
}
/*
* Check to be sure that the last cylinder group has enough blocks
* to be viable. If it is too small, reduce the number of blocks
* per cylinder group which will have the effect of moving more
* blocks into the last cylinder group.
*/
optimalfpg = sblock.fs_fpg;
for (;;) {
sblock.fs_ncg = howmany(sblock.fs_size, sblock.fs_fpg);
lastminfpg = roundup(sblock.fs_iblkno +
sblock.fs_ipg / INOPF(&sblock), sblock.fs_frag);
if (sblock.fs_size < lastminfpg) {
printf("Filesystem size %jd < minimum size of %d\n",
(intmax_t)sblock.fs_size, lastminfpg);
exit(28);
}
if (sblock.fs_size % sblock.fs_fpg >= lastminfpg ||
sblock.fs_size % sblock.fs_fpg == 0)
break;
sblock.fs_fpg -= sblock.fs_frag;
sblock.fs_ipg = roundup(howmany(sblock.fs_fpg, fragsperinode),
INOPB(&sblock));
}
if (optimalfpg != sblock.fs_fpg)
printf("Reduced frags per cylinder group from %d to %d %s\n",
optimalfpg, sblock.fs_fpg, "to enlarge last cyl group");
sblock.fs_cgsize = fragroundup(&sblock, CGSIZE(&sblock));
sblock.fs_dblkno = sblock.fs_iblkno + sblock.fs_ipg / INOPF(&sblock);
if (Oflag == 1) {
sblock.fs_old_spc = sblock.fs_fpg * sblock.fs_old_nspf;
sblock.fs_old_nsect = sblock.fs_old_spc;
sblock.fs_old_npsect = sblock.fs_old_spc;
sblock.fs_old_ncyl = sblock.fs_ncg;
}
/*
* fill in remaining fields of the super block
*/
sblock.fs_csaddr = cgdmin(&sblock, 0);
sblock.fs_cssize =
fragroundup(&sblock, sblock.fs_ncg * sizeof(struct csum));
fscs = (struct csum *)calloc(1, sblock.fs_cssize);
if (fscs == NULL)
errx(31, "calloc failed");
sblock.fs_sbsize = fragroundup(&sblock, sizeof(struct fs));
if (sblock.fs_sbsize > SBLOCKSIZE)
sblock.fs_sbsize = SBLOCKSIZE;
sblock.fs_minfree = minfree;
if (metaspace > 0 && metaspace < sblock.fs_fpg / 2)
sblock.fs_metaspace = blknum(&sblock, metaspace);
else if (metaspace != -1)
/* reserve half of minfree for metadata blocks */
sblock.fs_metaspace = blknum(&sblock,
(sblock.fs_fpg * minfree) / 200);
if (maxbpg == 0)
sblock.fs_maxbpg = MAXBLKPG(sblock.fs_bsize);
else
sblock.fs_maxbpg = maxbpg;
sblock.fs_optim = opt;
sblock.fs_cgrotor = 0;
sblock.fs_pendingblocks = 0;
sblock.fs_pendinginodes = 0;
sblock.fs_fmod = 0;
sblock.fs_ronly = 0;
sblock.fs_state = 0;
sblock.fs_clean = 1;
sblock.fs_id[0] = (long)utime;
sblock.fs_id[1] = newfs_random();
sblock.fs_fsmnt[0] = '\0';
csfrags = howmany(sblock.fs_cssize, sblock.fs_fsize);
sblock.fs_dsize = sblock.fs_size - sblock.fs_sblkno -
sblock.fs_ncg * (sblock.fs_dblkno - sblock.fs_sblkno);
sblock.fs_cstotal.cs_nbfree =
fragstoblks(&sblock, sblock.fs_dsize) -
howmany(csfrags, sblock.fs_frag);
sblock.fs_cstotal.cs_nffree =
fragnum(&sblock, sblock.fs_size) +
(fragnum(&sblock, csfrags) > 0 ?
sblock.fs_frag - fragnum(&sblock, csfrags) : 0);
sblock.fs_cstotal.cs_nifree = sblock.fs_ncg * sblock.fs_ipg - ROOTINO;
sblock.fs_cstotal.cs_ndir = 0;
sblock.fs_dsize -= csfrags;
sblock.fs_time = utime;
if (Oflag == 1) {
sblock.fs_old_time = utime;
sblock.fs_old_dsize = sblock.fs_dsize;
sblock.fs_old_csaddr = sblock.fs_csaddr;
sblock.fs_old_cstotal.cs_ndir = sblock.fs_cstotal.cs_ndir;
sblock.fs_old_cstotal.cs_nbfree = sblock.fs_cstotal.cs_nbfree;
sblock.fs_old_cstotal.cs_nifree = sblock.fs_cstotal.cs_nifree;
sblock.fs_old_cstotal.cs_nffree = sblock.fs_cstotal.cs_nffree;
}
/*
* Dump out summary information about file system.
*/
# define B2MBFACTOR (1 / (1024.0 * 1024.0))
printf("%s: %.1fMB (%jd sectors) block size %d, fragment size %d\n",
fsys, (float)sblock.fs_size * sblock.fs_fsize * B2MBFACTOR,
(intmax_t)fsbtodb(&sblock, sblock.fs_size), sblock.fs_bsize,
sblock.fs_fsize);
printf("\tusing %d cylinder groups of %.2fMB, %d blks, %d inodes.\n",
sblock.fs_ncg, (float)sblock.fs_fpg * sblock.fs_fsize * B2MBFACTOR,
sblock.fs_fpg / sblock.fs_frag, sblock.fs_ipg);
if (sblock.fs_flags & FS_DOSOFTDEP)
printf("\twith soft updates\n");
# undef B2MBFACTOR
if (Eflag && !Nflag) {
printf("Erasing sectors [%jd...%jd]\n",
sblock.fs_sblockloc / disk.d_bsize,
fsbtodb(&sblock, sblock.fs_size) - 1);
berase(&disk, sblock.fs_sblockloc / disk.d_bsize,
sblock.fs_size * sblock.fs_fsize - sblock.fs_sblockloc);
}
/*
* Wipe out old UFS1 superblock(s) if necessary.
*/
if (!Nflag && Oflag != 1) {
i = bread(&disk, part_ofs + SBLOCK_UFS1 / disk.d_bsize, chdummy, SBLOCKSIZE);
if (i == -1)
err(1, "can't read old UFS1 superblock: %s", disk.d_error);
if (fsdummy.fs_magic == FS_UFS1_MAGIC) {
fsdummy.fs_magic = 0;
bwrite(&disk, part_ofs + SBLOCK_UFS1 / disk.d_bsize,
chdummy, SBLOCKSIZE);
for (cg = 0; cg < fsdummy.fs_ncg; cg++) {
if (fsbtodb(&fsdummy, cgsblock(&fsdummy, cg)) > fssize)
break;
bwrite(&disk, part_ofs + fsbtodb(&fsdummy,
cgsblock(&fsdummy, cg)), chdummy, SBLOCKSIZE);
}
}
}
if (!Nflag)
do_sbwrite(&disk);
if (Xflag == 1) {
printf("** Exiting on Xflag 1\n");
exit(0);
}
if (Xflag == 2)
printf("** Leaving BAD MAGIC on Xflag 2\n");
else
sblock.fs_magic = (Oflag != 1) ? FS_UFS2_MAGIC : FS_UFS1_MAGIC;
/*
* Now build the cylinders group blocks and
* then print out indices of cylinder groups.
*/
printf("super-block backups (for fsck -b #) at:\n");
i = 0;
width = charsperline();
/*
* allocate space for superblock, cylinder group map, and
* two sets of inode blocks.
*/
if (sblock.fs_bsize < SBLOCKSIZE)
iobufsize = SBLOCKSIZE + 3 * sblock.fs_bsize;
else
iobufsize = 4 * sblock.fs_bsize;
if ((iobuf = calloc(1, iobufsize)) == 0) {
printf("Cannot allocate I/O buffer\n");
exit(38);
}
/*
* Make a copy of the superblock into the buffer that we will be
* writing out in each cylinder group.
*/
bcopy((char *)&sblock, iobuf, SBLOCKSIZE);
for (cg = 0; cg < sblock.fs_ncg; cg++) {
initcg(cg, utime);
j = snprintf(tmpbuf, sizeof(tmpbuf), " %jd%s",
(intmax_t)fsbtodb(&sblock, cgsblock(&sblock, cg)),
cg < (sblock.fs_ncg-1) ? "," : "");
if (j < 0)
tmpbuf[j = 0] = '\0';
if (i + j >= width) {
printf("\n");
i = 0;
}
i += j;
printf("%s", tmpbuf);
fflush(stdout);
}
printf("\n");
if (Nflag)
exit(0);
/*
* Now construct the initial file system,
* then write out the super-block.
*/
fsinit(utime);
if (Oflag == 1) {
sblock.fs_old_cstotal.cs_ndir = sblock.fs_cstotal.cs_ndir;
sblock.fs_old_cstotal.cs_nbfree = sblock.fs_cstotal.cs_nbfree;
sblock.fs_old_cstotal.cs_nifree = sblock.fs_cstotal.cs_nifree;
sblock.fs_old_cstotal.cs_nffree = sblock.fs_cstotal.cs_nffree;
}
if (Xflag == 3) {
printf("** Exiting on Xflag 3\n");
exit(0);
}
if (!Nflag) {
do_sbwrite(&disk);
/*
* For UFS1 filesystems with a blocksize of 64K, the first
* alternate superblock resides at the location used for
* the default UFS2 superblock. As there is a valid
* superblock at this location, the boot code will use
* it as its first choice. Thus we have to ensure that
* all of its statistcs on usage are correct.
*/
if (Oflag == 1 && sblock.fs_bsize == 65536)
wtfs(fsbtodb(&sblock, cgsblock(&sblock, 0)),
sblock.fs_bsize, (char *)&sblock);
}
for (i = 0; i < sblock.fs_cssize; i += sblock.fs_bsize)
wtfs(fsbtodb(&sblock, sblock.fs_csaddr + numfrags(&sblock, i)),
sblock.fs_cssize - i < sblock.fs_bsize ?
sblock.fs_cssize - i : sblock.fs_bsize,
((char *)fscs) + i);
/*
* Update information about this partition in pack
* label, to that it may be updated on disk.
*/
if (pp != NULL) {
pp->p_fstype = FS_BSDFFS;
pp->p_fsize = sblock.fs_fsize;
pp->p_frag = sblock.fs_frag;
pp->p_cpg = sblock.fs_fpg;
}
}
/*
* Main program for the daemon.
*/
int
main(int ac, char **av)
{
extern char *optarg;
extern int optind;
int opt, j, i, fdsetsz, on = 1;
int sock_in = -1, sock_out = -1, newsock = -1;
pid_t pid;
socklen_t fromlen;
fd_set *fdset;
struct sockaddr_storage from;
const char *remote_ip;
int remote_port;
FILE *f;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
char *line;
int listen_sock, maxfd;
int startup_p[2], config_s[2];
int startups = 0;
Key *key;
Authctxt *authctxt;
int ret, key_used = 0;
Buffer cfg;
char *pt;
u_short ports[2] = {0,0};
/* Default MITM options */
memset(&mopt, 0x00, sizeof(mopt));
mopt.r_port = htons(22);
mopt.resolve = 1;
if (av[1] == NULL)
usage();
/* Get route */
if ( (pt = strchr(av[1], ':')) != NULL)
*pt++ = '\0';
if ( (long)(mopt.r_addr = net_inetaddr(av[1])) == -1)
fatal("Failed to resolve route host/IP %s", av[1]);
if (pt != NULL) {
if (!ISPORT(atoi(pt)))
fatal("Bad port number in route '%s'", pt);
mopt.r_port = htons(atoi(pt));
}
logit("Using static route to %s", net_sockstr_ip(mopt.r_addr, mopt.r_port, 0));
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
__progname = ssh_get_progname(av[0]);
init_rng();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
for (i = 0; i < ac; i++)
saved_argv[i] = xstrdup(av[i]);
saved_argv[i] = NULL;
#ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */
compat_init_setproctitle(ac, av);
av = saved_argv;
#endif
if (geteuid() == 0 && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
/* Parse command-line options */
optind = 2;
while ( (opt = getopt(ac, av, "np:o:c:s:dv")) != -1) {
switch(opt) {
case 'n': mopt.resolve = 0; break;
case 'd':
if (debug_flag == 0) {
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG1;
} else if (options.log_level < SYSLOG_LEVEL_DEBUG4)
options.log_level++;
break;
case 'o': options.passwdlog = optarg; break;
case 'c': options.c_logdir = optarg; break;
case 's': options.s_logdir = optarg; break;
case 'v': options.log_level = SYSLOG_LEVEL_VERBOSE; break;
case 'p':
options.ports_from_cmdline = 1;
if (options.num_ports >= MAX_PORTS) {
fprintf(stderr, "too many ports.\n");
exit(1);
}
options.ports[options.num_ports++] = a2port(optarg);
if (options.ports[options.num_ports-1] == 0) {
fprintf(stderr, "Bad port number.\n");
exit(1);
}
break;
default:
exit(EXIT_FAILURE);
}
}
/* Default values */
IPv4or6 = AF_INET;
no_daemon_flag = 1;
log_stderr = 1;
rexec_flag = 0;
use_privsep = 0;
IPv4or6 = AF_INET;
SSLeay_add_all_algorithms();
channel_set_af(IPv4or6);
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
*/
log_init(__progname,
options.log_level == SYSLOG_LEVEL_NOT_SET ?
SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == SYSLOG_FACILITY_NOT_SET ?
SYSLOG_FACILITY_AUTH : options.log_facility,
log_stderr || !inetd_flag);
//target_connect(net_inetaddr("10.0.0.1"), htons(22), 2, SSH_PROTO_2);
//exit(1);
#ifdef _AIX
/*
* Unset KRB5CCNAME, otherwise the user's session may inherit it from
* root's environment
*/
unsetenv("KRB5CCNAME");
#endif /* _AIX */
#ifdef _UNICOS
/* Cray can define user privs drop all privs now!
* Not needed on PRIV_SU systems!
*/
drop_cray_privs();
#endif
seed_rng();
sensitive_data.server_key = NULL;
sensitive_data.ssh1_host_key = NULL;
sensitive_data.have_ssh1_key = 0;
sensitive_data.have_ssh2_key = 0;
/* Fetch our configuration */
buffer_init(&cfg);
if (rexeced_flag)
recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg);
else
load_server_config(config_file_name, &cfg);
parse_server_config(&options,
rexeced_flag ? "rexec" : config_file_name, &cfg);
if (!rexec_flag)
buffer_free(&cfg);
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
/* Check that there are no remaining arguments. */
if (optind < ac) {
fprintf(stderr, "Extra argument %s.\n", av[optind]);
exit(1);
}
debug("sshd version %.100s", SSH_VERSION);
/* load private host keys */
sensitive_data.host_keys = xmalloc(options.num_host_key_files *
sizeof(Key *));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
for (i = 0; i < options.num_host_key_files; i++) {
key = key_load_private(options.host_key_files[i], "", NULL);
sensitive_data.host_keys[i] = key;
if (key == NULL) {
error("Could not load host key: %s",
options.host_key_files[i]);
sensitive_data.host_keys[i] = NULL;
continue;
}
switch (key->type) {
case KEY_RSA1:
sensitive_data.ssh1_host_key = key;
sensitive_data.have_ssh1_key = 1;
break;
case KEY_RSA:
case KEY_DSA:
sensitive_data.have_ssh2_key = 1;
break;
}
debug("private host key: #%d type %d %s", i, key->type,
key_type(key));
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
logit("Disabling protocol version 2. Could not load host key");
options.protocol &= ~SSH_PROTO_2;
}
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
logit("sshd: no hostkeys available -- exiting.");
exit(1);
}
/* Check certain values for sanity. */
if (options.protocol & SSH_PROTO_1) {
if (options.server_key_bits < 512 ||
options.server_key_bits > 32768) {
fprintf(stderr, "Bad server key size.\n");
exit(1);
}
/*
* Check that server and host key lengths differ sufficiently. This
* is necessary to make double encryption work with rsaref. Oh, I
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
SSH_KEY_BITS_RESERVED && options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
}
if (use_privsep) {
struct passwd *pw;
struct stat st;
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
#ifdef HAVE_CYGWIN
if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
fatal("%s must be owned by root and not group or "
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* module which might be used).
*/
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
if (rexec_flag) {
rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
for (i = 0; i < rexec_argc; i++) {
debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
rexec_argv[i] = saved_argv[i];
}
rexec_argv[rexec_argc] = "-R";
rexec_argv[rexec_argc + 1] = NULL;
}
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
log_stderr = 1;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
* If not in debugging mode, and not started from inetd, disconnect
* from the controlling terminal, and fork. The original process
* exits.
*/
if (!(debug_flag || inetd_flag || no_daemon_flag)) {
#ifdef TIOCNOTTY
int fd;
#endif /* TIOCNOTTY */
if (daemon(0, 0) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
/* Disconnect from the controlling tty. */
#ifdef TIOCNOTTY
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
(void) ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
}
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/* Initialize the random number generator. */
arc4random_stir();
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
chdir("/");
/* ignore SIGPIPE */
signal(SIGPIPE, SIG_IGN);
/* Start listening for a socket, unless started from inetd. */
if (inetd_flag) {
int fd;
startup_pipe = -1;
if (rexeced_flag) {
close(REEXEC_CONFIG_PASS_FD);
sock_in = sock_out = dup(STDIN_FILENO);
if (!debug_flag) {
startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
close(REEXEC_STARTUP_PIPE_FD);
}
} else {
sock_in = dup(STDIN_FILENO);
sock_out = dup(STDOUT_FILENO);
}
/*
* We intentionally do not close the descriptors 0, 1, and 2
* as our code for setting the descriptors won't work if
* ttyfd happens to be one of those.
*/
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
if (fd > STDOUT_FILENO)
close(fd);
}
debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
if ((options.protocol & SSH_PROTO_1) &&
sensitive_data.server_key == NULL)
generate_ephemeral_server_key();
} else {
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
if (num_listen_socks >= MAX_LISTEN_SOCKS)
fatal("Too many listen sockets. "
"Enlarge MAX_LISTEN_SOCKS");
if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
ntop, sizeof(ntop), strport, sizeof(strport),
NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
error("getnameinfo failed");
continue;
}
/* Create socket for listening. */
listen_sock = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (listen_sock < 0) {
/* kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
continue;
}
if (set_nonblock(listen_sock) == -1) {
close(listen_sock);
continue;
}
/*
* Set socket options.
* Allow local port reuse in TIME_WAIT.
*/
if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
&on, sizeof(on)) == -1)
error("setsockopt SO_REUSEADDR: %s", strerror(errno));
debug("Bind to port %s on %s.", strport, ntop);
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
if (!ai->ai_next)
error("Bind to port %s on %s failed: %.200s.",
strport, ntop, strerror(errno));
close(listen_sock);
continue;
}
listen_socks[num_listen_socks] = listen_sock;
num_listen_socks++;
/* Start listening on the port. */
logit("SSH MITM Server listening on %s port %s.", ntop, strport);
if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
fatal("listen: %.100s", strerror(errno));
}
freeaddrinfo(options.listen_addrs);
if (!num_listen_socks)
fatal("Cannot bind any address.");
if (options.protocol & SSH_PROTO_1)
generate_ephemeral_server_key();
/*
* Arrange to restart on SIGHUP. The handler needs
* listen_sock.
*/
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
/* Arrange SIGCHLD to be caught. */
signal(SIGCHLD, main_sigchld_handler);
/* Write out the pid file after the sigterm handler is setup */
if (!debug_flag) {
/*
* Record our pid in /var/run/sshd.pid to make it
* easier to kill the correct sshd. We don't want to
* do this before the bind above because the bind will
* fail if there already is a daemon, and this will
* overwrite any old pid in the file.
*/
f = fopen(options.pid_file, "wb");
if (f == NULL) {
error("Couldn't create pid file \"%s\": %s",
options.pid_file, strerror(errno));
} else {
fprintf(f, "%ld\n", (long) getpid());
fclose(f);
}
}
/* setup fd set for listen */
fdset = NULL;
maxfd = 0;
for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
/* pipes connected to unauthenticated childs */
startup_pipes = xmalloc(options.max_startups * sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
*/
for (;;) {
if (received_sighup)
sighup_restart();
if (fdset != NULL)
xfree(fdset);
fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
memset(fdset, 0, fdsetsz);
for (i = 0; i < num_listen_socks; i++)
FD_SET(listen_socks[i], fdset);
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
FD_SET(startup_pipes[i], fdset);
/* Wait in select until there is a connection. */
ret = select(maxfd+1, fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR)
error("select: %.100s", strerror(errno));
if (received_sigterm) {
logit("Received signal %d; terminating.",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
exit(255);
}
if (key_used && key_do_regen) {
generate_ephemeral_server_key();
key_used = 0;
key_do_regen = 0;
}
if (ret < 0)
continue;
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1 &&
FD_ISSET(startup_pipes[i], fdset)) {
/*
* the read end of the pipe is ready
* if the child has closed the pipe
* after successful authentication
* or if the child has died
*/
close(startup_pipes[i]);
startup_pipes[i] = -1;
startups--;
}
for (i = 0; i < num_listen_socks; i++) {
if (!FD_ISSET(listen_socks[i], fdset))
continue;
fromlen = sizeof(from);
debug("Awaiting client");
newsock = accept(listen_socks[i], (struct sockaddr *)&from,
&fromlen);
if (newsock < 0) {
if (errno != EINTR && errno != EWOULDBLOCK)
error("accept: %.100s", strerror(errno));
continue;
}
if (unset_nonblock(newsock) == -1) {
close(newsock);
continue;
}
if (drop_connection(startups) == 1) {
debug("drop connection #%d", startups);
close(newsock);
continue;
}
if (pipe(startup_p) == -1) {
close(newsock);
continue;
}
if (rexec_flag && socketpair(AF_UNIX,
SOCK_STREAM, 0, config_s) == -1) {
error("reexec socketpair: %s",
strerror(errno));
close(newsock);
close(startup_p[0]);
close(startup_p[1]);
continue;
}
for (j = 0; j < options.max_startups; j++)
if (startup_pipes[j] == -1) {
startup_pipes[j] = startup_p[0];
if (maxfd < startup_p[0])
maxfd = startup_p[0];
startups++;
break;
}
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
*/
if (debug_flag) {
/*
* In debugging mode. Close the listening
* socket, and start processing the
* connection without forking.
*/
debug("Server will not fork when running in debugging mode.");
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
close(startup_p[0]);
close(startup_p[1]);
startup_pipe = -1;
pid = getpid();
if (rexec_flag) {
send_rexec_state(config_s[0],
&cfg);
close(config_s[0]);
}
break;
} else {
/*
* Normal production daemon. Fork, and have
* the child process the connection. The
* parent continues listening.
*/
if ((pid = fork()) == 0) {
/*
* Child. Close the listening and max_startup
* sockets. Start using the accepted socket.
* Reinitialize logging (since our pid has
* changed). We break out of the loop to handle
* the connection.
*/
startup_pipe = startup_p[1];
close_startup_pipes();
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
close(config_s[0]);
break;
}
}
/* Parent. Stay in the loop. */
if (pid < 0)
error("fork: %.100s", strerror(errno));
else
debug("Forked child %ld.", (long)pid);
close(startup_p[1]);
if (rexec_flag) {
send_rexec_state(config_s[0], &cfg);
close(config_s[0]);
close(config_s[1]);
}
/* Mark that the key has been used (it was "given" to the child). */
if ((options.protocol & SSH_PROTO_1) &&
key_used == 0) {
/* Schedule server key regeneration alarm. */
signal(SIGALRM, key_regeneration_alarm);
alarm(options.key_regeneration_time);
key_used = 1;
}
arc4random_stir();
/* Close the new socket (the child is now taking care of it). */
close(newsock);
}
/* child process check (or debug mode) */
if (num_listen_socks < 0)
break;
}
}
/* This is the child processing a new connection. */
setproctitle("%s", "[MITM]");
log_init("mitm-server", options.log_level,
options.log_facility, log_stderr);
alarm(0);
signal(SIGALRM, SIG_DFL);
signal(SIGHUP, SIG_DFL);
signal(SIGTERM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
packet_set_connection(sock_in, sock_out);
sshd_exchange_identification(sock_in, sock_out);
packet_set_nonblocking();
/* perform the key exchange */
if (compat20)
do_ssh2_kex();
else
do_ssh1_kex();
mitm_ssh(sock_in);
/* Unreached */
exit(1);
}
int
main(int argc, char **argv)
{
Buffer b;
Options options;
Key *keys[2], *key = NULL;
struct passwd *pw;
int key_fd[2], i, found, version = 2, fd;
u_char *signature, *data;
char *host;
u_int slen, dlen;
u_int32_t rnd[256];
/* Ensure that stdin and stdout are connected */
if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
exit(1);
/* Leave /dev/null fd iff it is attached to stderr */
if (fd > 2)
close(fd);
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
original_real_uid = getuid(); /* XXX readconf.c needs this */
if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("getpwuid failed");
pw = pwcopy(pw);
permanently_set_uid(pw);
init_rng();
seed_rng();
arc4random_stir();
#ifdef DEBUG_SSH_KEYSIGN
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
#endif
/* verify that ssh-keysign is enabled by the admin */
initialize_options(&options);
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
fill_default_options(&options);
if (options.enable_ssh_keysign != 1)
fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE);
if (key_fd[0] == -1 && key_fd[1] == -1)
fatal("could not open any host key");
SSLeay_add_all_algorithms();
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd));
found = 0;
for (i = 0; i < 2; i++) {
keys[i] = NULL;
if (key_fd[i] == -1)
continue;
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
NULL, NULL);
close(key_fd[i]);
if (keys[i] != NULL)
found = 1;
}
if (!found)
fatal("no hostkey found");
buffer_init(&b);
if (ssh_msg_recv(STDIN_FILENO, &b) < 0)
fatal("ssh_msg_recv failed");
if (buffer_get_char(&b) != version)
fatal("bad version");
fd = buffer_get_int(&b);
if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO))
fatal("bad fd");
if ((host = get_local_name(fd)) == NULL)
fatal("cannot get sockname for fd");
data = buffer_get_string(&b, &dlen);
if (valid_request(pw, host, &key, data, dlen) < 0)
fatal("not a valid request");
xfree(host);
found = 0;
for (i = 0; i < 2; i++) {
if (keys[i] != NULL &&
key_equal(key, keys[i])) {
found = 1;
break;
}
}
if (!found)
fatal("no matching hostkey found");
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
fatal("key_sign failed");
xfree(data);
/* send reply */
buffer_clear(&b);
buffer_put_string(&b, signature, slen);
if (ssh_msg_send(STDOUT_FILENO, version, &b) == -1)
fatal("ssh_msg_send failed");
return (0);
}
int main(int argc, char **argv) {
char buf[4096];
pid_t chld_listener=-1, chld_sender=-1;
uint8_t status=0, msg_type=0, ecount=0;
size_t msg_len=0;
struct sigaction chsa;
uint8_t *ptr=NULL;
int lports=IPC_BINDPORT_START;
uint8_t all_done=0;
char verbose_level[4];
drone_t *c=NULL;
ident=IDENT_MASTER;
ident_name_ptr=IDENT_MASTER_NAME;
CLEAR(buf);
s=(settings_t *)xmalloc(sizeof(settings_t));
memset(s, 0, sizeof(settings_t));
s->vi=(interface_info_t *)xmalloc(sizeof(interface_info_t));
memset(s->vi, 0, sizeof(interface_info_t));
s->forked=0; /* not required, for clarity */
/* s->display=&display_builtin; */
getconfig_argv(argc, argv);
if (s->interface_str == NULL) {
if (get_default_route_interface(&s->interface_str) != 1) {
MSG(M_WARN, "Can't find default route, and matching device, using default interface `%s'", DEFAULT_NETDEV);
s->interface_str=xstrdup(DEFAULT_NETDEV);
}
if (s->verbose > 1) {
MSG(M_VERB, "Using interface %s", s->interface_str);
}
}
if (!(GET_OVERRIDE())) {
/* let the listener tell us then, the user didnt request a specific address */
CLEAR(s->vi->myaddr_s); CLEAR(s->vi->hwaddr_s);
sprintf(s->vi->myaddr_s, "0.0.0.0");
sprintf(s->vi->hwaddr_s, "00:00:00:00:00:00");
memset(&s->vi->myaddr, 0, sizeof(s->vi->myaddr));
memset(&s->vi->hwaddr, 0, sizeof(s->vi->hwaddr));
}
else {
/* complete the information we need like hwaddr, cause its impossible to specify that currently */
if (s->verbose > 1) MSG(M_DBG2, "Spoofing from `%s [%s]'", s->vi->myaddr_s, s->vi->hwaddr_s);
/* the ip info is already filled in, so just complete the rest */
CLEAR(s->vi->hwaddr_s);
sprintf(s->vi->hwaddr_s, "00:00:00:00:00:00");
memset(&s->vi->hwaddr, 0, sizeof(s->vi->hwaddr));
}
s->vi->mtu=0; /* the listener HAS to tell us this, seeing as how the real limitation is there */
time(&(s->s_time));
if (s->forklocal) {
if (s->verbose > 5) MSG(M_DBG2, "children will be forked, setting up signal handler for them");
memset(&chsa, 0, sizeof(chsa));
chsa.sa_handler=&child_dead;
if (sigaction(SIGCHLD, &chsa, NULL) < 0) {
MSG(M_ERR, "Cant register SIGCHLD handler");
terminate(TERM_ERROR);
}
}
arc4random_stir();
if (init_modules() < 0) {
MSG(M_ERR, "Can't initialize module structures, quiting");
terminate(TERM_ERROR);
}
if (ipc_init() < 0) {
MSG(M_ERR, "Cant initialize IPC, quiting");
terminate(TERM_ERROR);
}
if (s->verbose > 0) {
char low[32], high[32];
uint32_t ips=0;
CLEAR(low); CLEAR(high);
ips=ntohl(s->_low_ip);
snprintf(low, sizeof(low) -1, "%s", inet_ntoa((*(struct in_addr *)&ips)));
ips=ntohl(s->_high_ip);
snprintf(high, sizeof(high) -1, "%s", inet_ntoa((*(struct in_addr *)&ips)));
MSG(M_VERB, "Scanning: %s -> %s : %s from %s [%s] at %u pps", low, high, (s->mode == MODE_ARPSCAN ? "Arp" : s->port_str), s->vi->myaddr_s, s->vi->hwaddr_s, s->pps);
}
if (s->verbose > 3) MSG(M_DBG1, "Main process id is %d", getpid());
snprintf(verbose_level, sizeof(verbose_level) -1, "%d", s->verbose);
/* initialize senders */
if ((s->forklocal & FORK_LOCAL_SENDER) == FORK_LOCAL_SENDER) {
if (s->drone_str == NULL) {
s->drone_str=xstrdup(DEF_SENDER);
if (s->verbose > 5) MSG(M_DBG2, "Added default sender to drone list `%s'", s->drone_str);
}
else {
char newstr[128];
CLEAR(newstr);
snprintf(newstr, sizeof(newstr) -1, "%s,%s", s->drone_str, DEF_SENDER);
xfree(s->drone_str);
s->drone_str=xstrdup(newstr);
}
chld_sender=fork();
if (chld_sender < 0) {
MSG(M_ERR, "Can't fork sender: %s", strerror(errno));
terminate(TERM_ERROR);
}
if (chld_sender == 0) {
char *argz[5];
char *envz[2];
argz[0]=SENDERNAME;
argz[1]=s->mod_dir;
argz[2]=verbose_level;
argz[3]=s->interface_str;
argz[4]=NULL;
envz[0]='\0';
execve(SENDER_PATH, argz, envz);
MSG(M_ERR, "execve %s fails", SENDER_PATH);
terminate(TERM_ERROR);
}
child_running++;
s->forklocal &= ~(FORK_LOCAL_SENDER);
}
else if (s->verbose > 5) {
MSG(M_DBG2, "No local sender will be forked");
}
/* initialize listeners */
if ((s->forklocal & FORK_LOCAL_LISTENER) == FORK_LOCAL_LISTENER) {
if (s->drone_str == NULL) {
s->drone_str=xstrdup(DEF_LISTENER);
if (s->verbose > 5) MSG(M_DBG2, "Adding default listener to drone list");
}
else {
char newstr[128];
CLEAR(newstr);
snprintf(newstr, sizeof(newstr) -1, "%s,%s", s->drone_str, DEF_LISTENER);
xfree(s->drone_str);
s->drone_str=xstrdup(newstr);
}
chld_listener=fork();
if (chld_listener < 0) {
MSG(M_ERR, "Can't fork listener: %s", strerror(errno));
terminate(TERM_ERROR);
}
if (chld_listener == 0) {
char *argz[7];
char *envz[2];
char mtu[8];
CLEAR(mtu);
snprintf(mtu, sizeof(mtu) -1, "%u", s->vi->mtu);
argz[0]=LISTENERNAME;
argz[1]=s->mod_dir;
argz[2]=verbose_level;
argz[3]=s->interface_str;
argz[4]=s->vi->myaddr_s;
argz[5]=s->vi->hwaddr_s;
argz[6]=NULL;
envz[0]='\0';
execve(LISTENER_PATH, argz, envz);
MSG(M_ERR, "execve %s fails", LISTENER_PATH);
terminate(TERM_ERROR);
}
child_running++;
s->forklocal &= ~(FORK_LOCAL_LISTENER);
}
else if (s->verbose > 5) {
MSG(M_DBG2, "No local listener will be forked");
}
/* we need these modules cause we are hardcoded as a output conduit for now XXX */
if (init_output_modules() < 0) {
MSG(M_ERR, "Can't initialize output module structures, quiting");
terminate(TERM_ERROR);
}
if (init_report_modules() < 0) {
MSG(M_ERR, "Can't initialize report module structures, quiting");
terminate(TERM_ERROR);
}
if (s->verbose > 2) MSG(M_DBG1, "drones: %s", s->drone_str);
if (parse_drone_list((const char *)s->drone_str) < 0) {
terminate(TERM_ERROR);
}
else if (s->verbose > 5) {
MSG(M_DBG1, "Drone list `%s' parsed correctly", s->drone_str);
}
/* do stuff to figure out if there are working drones */
if (s->verbose > 4) MSG(M_DBG1, "Drone list is %d big, connecting to them.", s->dlh->size);
do {
uint8_t *dummy=NULL;
struct sockaddr_in lbind;
c=s->dlh->head;
if (c == NULL) {
MSG(M_ERR, "no drones?, thats not going to work");
terminate(TERM_ERROR);
}
for (c=s->dlh->head ; c != NULL ; c=c->next) {
if (s->verbose > 6) MSG(M_DBG1, "THIS NODE -> status: %d type: %s host: %s port: %d socket: %d (%d out of %d ready)", c->status, (c->type == DRONE_TYPE_SENDER ? "Sender" : "Listener") , inet_ntoa(c->dsa.sin_addr), ntohs(c->dsa.sin_port), c->s, all_done, s->dlh->size);
if (ecount > MAX_ERRORS) {
MSG(M_ERR, "Too many errors, exiting now");
terminate(TERM_ERROR);
}
switch (c->status) {
/* connect to it */
case DRONE_STATUS_UNKNOWN:
memset(&lbind, 0, sizeof(lbind));
lbind.sin_port=htons(lports++);
if (c->s == -1 && create_client_socket(c, (struct sockaddr_in *)&lbind) < 0) {
c->s=-1;
usleep(50000);
ecount++;
}
else {
c->status=DRONE_STATUS_CONNECTED;
}
break;
/* find out what it is */
case DRONE_STATUS_CONNECTED:
c->type=DRONE_TYPE_UNKNOWN;
if (send_message(c->s, MSG_IDENT, MSG_STATUS_OK, dummy, 0) < 0) {
ecount++;
MSG(M_ERR, "Cant ident message node, marking as dead");
if (ecount > MAX_ERRORS) {
mark_dead(c);
break;
}
}
else {
if (get_singlemessage(c->s, &msg_type, &status, &ptr, &msg_len) != 1) {
MSG(M_ERR, "Unexpected message response from fd %d, marking as dead", c->s);
mark_dead(c);
}
switch (msg_type) {
case MSG_IDENTSENDER:
c->type=DRONE_TYPE_SENDER;
s->senders++;
break;
case MSG_IDENTLISTENER:
c->type=DRONE_TYPE_LISTENER;
s->listeners++;
break;
default:
MSG(M_ERR, "Unknown drone type from message %s", strmsgtype(msg_type));
c->type=DRONE_TYPE_UNKNOWN;
}
if (send_message(c->s, MSG_ACK, MSG_STATUS_OK, dummy, 0) < 0) {
MSG(M_ERR, "Cant ack ident message from node on fd %d, marking as dead", c->s);
mark_dead(c);
}
c->status=DRONE_STATUS_IDENT;
}
break;
/* wait for it to say its ready */
case DRONE_STATUS_IDENT:
if (get_singlemessage(c->s, &msg_type, &status, &ptr, &msg_len) != 1) {
MSG(M_ERR, "Unexpected message reply from drone on fd %d, marking as dead", c->s);
mark_dead(c);
}
else if (msg_type == MSG_READY) {
c->status=DRONE_STATUS_READY;
if (s->verbose > 3) MSG(M_DBG1, "drone on fd %d is ready", c->s);
if (c->type == DRONE_TYPE_LISTENER) {
union {
listener_info_t *l;
uint8_t *ptr;
} l_u;
struct in_addr ia;
if (msg_len != sizeof(listener_info_t)) {
MSG(M_ERR, "Listener didnt send me the correct information, marking dead");
mark_dead(c);
}
l_u.ptr=ptr;
s->vi->myaddr.sin_addr.s_addr=l_u.l->myaddr;
ia.s_addr=s->vi->myaddr.sin_addr.s_addr;
s->vi->mtu=l_u.l->mtu;
memcpy(s->vi->hwaddr, l_u.l->hwaddr, THE_ONLY_SUPPORTED_HWADDR_LEN);
snprintf(s->vi->hwaddr_s, sizeof(s->vi->hwaddr_s) -1, "%.02x:%.02x:%.02x:%.02x:%.02x:%.02x", l_u.l->hwaddr[0], l_u.l->hwaddr[1], l_u.l->hwaddr[2], l_u.l->hwaddr[3], l_u.l->hwaddr[4], l_u.l->hwaddr[5]);
snprintf(s->vi->myaddr_s, sizeof(s->vi->myaddr_s) -1, "%s", inet_ntoa(ia));
if (s->verbose > 2) MSG(M_DBG1, "Listener info gave me the following address information `%s [%s]' with mtu %u", s->vi->myaddr_s, s->vi->hwaddr_s, s->vi->mtu);
}
}
else {
MSG(M_ERR, "drone isnt ready on fd %d, marking as dead", c->s);
mark_dead(c);
}
break;
case DRONE_STATUS_READY:
all_done++;
break;
case DRONE_STATUS_DEAD:
all_done++;
MSG(M_WARN, "Dead drone in list on fd %d", c->s);
break;
} /* switch node status */
} /* step though list */
} while (all_done < s->dlh->size);
/* XXX remove this and fix */
if (s->senders == 0 && GET_SENDDRONE()) {
/* XXX */
MSG(M_ERR, "No senders for scan, giving up and rudley disconnecting from other drones without warning");
terminate(TERM_ERROR);
}
if (s->listeners == 0 && GET_LISTENDRONE()) {
/* XXX */
MSG(M_ERR, "No listeners for scan, giving up and rudley disconnecting from other drones without warning");
terminate(TERM_ERROR);
}
if (s->verbose > 5) MSG(M_DBG2, "Running scan");
run_mode();
time(&(s->e_time));
if (s->verbose > 4) MSG(M_DBG2, "Main shuting down output modules");
fini_output_modules();
fini_report_modules();
if (s->verbose > 4) MSG(M_DBG2, "Main exiting");
terminate(TERM_NORMAL);
}
/*
* Main program for the daemon.
*/
int
main(int ac, char **av)
{
extern char *optarg;
extern int optind;
int opt, sock_in = 0, sock_out = 0, newsock, j, i, fdsetsz, on = 1;
pid_t pid;
socklen_t fromlen;
fd_set *fdset;
struct sockaddr_storage from;
const char *remote_ip;
int remote_port;
FILE *f;
struct linger linger;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
int listen_sock, maxfd;
int startup_p[2];
int startups = 0;
Authctxt *authctxt;
Key *key;
int ret, key_used = 0;
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
__progname = get_progname(av[0]);
init_rng();
/* Save argv. */
saved_argc = ac;
saved_argv = av;
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
/* Parse command-line arguments. */
while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:o:dDeiqtQ46:S")) != -1) {
switch (opt) {
case '4':
IPv4or6 = AF_INET;
break;
case '6':
IPv4or6 = AF_INET6;
break;
case 'f':
config_file_name = optarg;
break;
case 'd':
if (0 == debug_flag) {
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG1;
} else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
options.log_level++;
} else {
fprintf(stderr, "Too high debugging level.\n");
exit(1);
}
break;
case 'D':
no_daemon_flag = 1;
break;
case 'e':
log_stderr = 1;
break;
case 'i':
inetd_flag = 1;
break;
case 'Q':
/* ignored */
break;
case 'q':
options.log_level = SYSLOG_LEVEL_QUIET;
break;
case 'b':
options.server_key_bits = atoi(optarg);
break;
case 'p':
options.ports_from_cmdline = 1;
if (options.num_ports >= MAX_PORTS) {
fprintf(stderr, "too many ports.\n");
exit(1);
}
options.ports[options.num_ports++] = a2port(optarg);
if (options.ports[options.num_ports-1] == 0) {
fprintf(stderr, "Bad port number.\n");
exit(1);
}
break;
case 'g':
if ((options.login_grace_time = convtime(optarg)) == -1) {
fprintf(stderr, "Invalid login grace time.\n");
exit(1);
}
break;
case 'k':
if ((options.key_regeneration_time = convtime(optarg)) == -1) {
fprintf(stderr, "Invalid key regeneration interval.\n");
exit(1);
}
break;
case 'h':
if (options.num_host_key_files >= MAX_HOSTKEYS) {
fprintf(stderr, "too many host keys.\n");
exit(1);
}
options.host_key_files[options.num_host_key_files++] = optarg;
break;
case 'V':
client_version_string = optarg;
/* only makes sense with inetd_flag, i.e. no listen() */
inetd_flag = 1;
break;
case 't':
test_flag = 1;
break;
case 'u':
utmp_len = atoi(optarg);
break;
case 'o':
if (process_server_config_line(&options, optarg,
"command-line", 0) != 0)
exit(1);
break;
case 'S':
protocol = IPPROTO_SCTP;
break;
case '?':
default:
usage();
break;
}
}
SSLeay_add_all_algorithms();
channel_set_af(IPv4or6);
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
*/
log_init(__progname,
options.log_level == SYSLOG_LEVEL_NOT_SET ?
SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == SYSLOG_FACILITY_NOT_SET ?
SYSLOG_FACILITY_AUTH : options.log_facility,
!inetd_flag);
#ifdef _CRAY
/* Cray can define user privs drop all prives now!
* Not needed on PRIV_SU systems!
*/
drop_cray_privs();
#endif
seed_rng();
/* Read server configuration options from the configuration file. */
read_server_config(&options, config_file_name);
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
/* Check that there are no remaining arguments. */
if (optind < ac) {
fprintf(stderr, "Extra argument %s.\n", av[optind]);
exit(1);
}
debug("sshd version %.100s", SSH_VERSION);
/* load private host keys */
sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
sensitive_data.server_key = NULL;
sensitive_data.ssh1_host_key = NULL;
sensitive_data.have_ssh1_key = 0;
sensitive_data.have_ssh2_key = 0;
for (i = 0; i < options.num_host_key_files; i++) {
key = key_load_private(options.host_key_files[i], "", NULL);
sensitive_data.host_keys[i] = key;
if (key == NULL) {
error("Could not load host key: %s",
options.host_key_files[i]);
sensitive_data.host_keys[i] = NULL;
continue;
}
switch (key->type) {
case KEY_RSA1:
sensitive_data.ssh1_host_key = key;
sensitive_data.have_ssh1_key = 1;
break;
case KEY_RSA:
case KEY_DSA:
sensitive_data.have_ssh2_key = 1;
break;
}
debug("private host key: #%d type %d %s", i, key->type,
key_type(key));
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
log("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
log("Disabling protocol version 2. Could not load host key");
options.protocol &= ~SSH_PROTO_2;
}
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
log("sshd: no hostkeys available -- exiting.");
exit(1);
}
/* Check certain values for sanity. */
if (options.protocol & SSH_PROTO_1) {
if (options.server_key_bits < 512 ||
options.server_key_bits > 32768) {
fprintf(stderr, "Bad server key size.\n");
exit(1);
}
/*
* Check that server and host key lengths differ sufficiently. This
* is necessary to make double encryption work with rsaref. Oh, I
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
SSH_KEY_BITS_RESERVED && options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
}
if (use_privsep) {
struct passwd *pw;
struct stat st;
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
fatal("Bad owner or mode for %s",
_PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* module which might be used).
*/
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
log_stderr = 1;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
* If not in debugging mode, and not started from inetd, disconnect
* from the controlling terminal, and fork. The original process
* exits.
*/
if (!(debug_flag || inetd_flag || no_daemon_flag)) {
#ifdef TIOCNOTTY
int fd;
#endif /* TIOCNOTTY */
if (daemon(0, 0) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
/* Disconnect from the controlling tty. */
#ifdef TIOCNOTTY
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
(void) ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
}
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/* Initialize the random number generator. */
arc4random_stir();
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
chdir("/");
/* ignore SIGPIPE */
signal(SIGPIPE, SIG_IGN);
/* Start listening for a socket, unless started from inetd. */
if (inetd_flag) {
int s1;
s1 = dup(0); /* Make sure descriptors 0, 1, and 2 are in use. */
dup(s1);
sock_in = dup(0);
sock_out = dup(1);
startup_pipe = -1;
/*
* We intentionally do not close the descriptors 0, 1, and 2
* as our code for setting the descriptors won\'t work if
* ttyfd happens to be one of those.
*/
debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
if (options.protocol & SSH_PROTO_1)
generate_ephemeral_server_key();
} else {
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
if (num_listen_socks >= MAX_LISTEN_SOCKS)
fatal("Too many listen sockets. "
"Enlarge MAX_LISTEN_SOCKS");
if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
ntop, sizeof(ntop), strport, sizeof(strport),
NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
error("getnameinfo failed");
continue;
}
/* Create socket for listening. */
listen_sock = socket(ai->ai_family, SOCK_STREAM, protocol);
if (listen_sock < 0) {
/* kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
continue;
}
if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) < 0) {
error("listen_sock O_NONBLOCK: %s", strerror(errno));
close(listen_sock);
continue;
}
/*
* Set socket options. We try to make the port
* reusable and have it close as fast as possible
* without waiting in unnecessary wait states on
* close.
*/
setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
&on, sizeof(on));
linger.l_onoff = 1;
linger.l_linger = 5;
setsockopt(listen_sock, SOL_SOCKET, SO_LINGER,
&linger, sizeof(linger));
debug("Bind to port %s on %s.", strport, ntop);
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
if (!ai->ai_next)
error("Bind to port %s on %s failed: %.200s.",
strport, ntop, strerror(errno));
close(listen_sock);
continue;
}
listen_socks[num_listen_socks] = listen_sock;
num_listen_socks++;
/* Start listening on the port. */
log("Server listening on %s port %s.", ntop, strport);
if (listen(listen_sock, 5) < 0)
fatal("listen: %.100s", strerror(errno));
}
freeaddrinfo(options.listen_addrs);
if (!num_listen_socks)
fatal("Cannot bind any address.");
if (options.protocol & SSH_PROTO_1)
generate_ephemeral_server_key();
/*
* Arrange to restart on SIGHUP. The handler needs
* listen_sock.
*/
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
/* Arrange SIGCHLD to be caught. */
signal(SIGCHLD, main_sigchld_handler);
/* Write out the pid file after the sigterm handler is setup */
if (!debug_flag) {
/*
* Record our pid in /var/run/sshd.pid to make it
* easier to kill the correct sshd. We don't want to
* do this before the bind above because the bind will
* fail if there already is a daemon, and this will
* overwrite any old pid in the file.
*/
f = fopen(options.pid_file, "wb");
if (f) {
fprintf(f, "%ld\n", (long) getpid());
fclose(f);
}
}
/* setup fd set for listen */
fdset = NULL;
maxfd = 0;
for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
/* pipes connected to unauthenticated childs */
startup_pipes = xmalloc(options.max_startups * sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
*/
for (;;) {
if (received_sighup)
sighup_restart();
if (fdset != NULL)
xfree(fdset);
fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
memset(fdset, 0, fdsetsz);
for (i = 0; i < num_listen_socks; i++)
FD_SET(listen_socks[i], fdset);
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
FD_SET(startup_pipes[i], fdset);
/* Wait in select until there is a connection. */
ret = select(maxfd+1, fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR)
error("select: %.100s", strerror(errno));
if (received_sigterm) {
log("Received signal %d; terminating.",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
exit(255);
}
if (key_used && key_do_regen) {
generate_ephemeral_server_key();
key_used = 0;
key_do_regen = 0;
}
if (ret < 0)
continue;
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1 &&
FD_ISSET(startup_pipes[i], fdset)) {
/*
* the read end of the pipe is ready
* if the child has closed the pipe
* after successful authentication
* or if the child has died
*/
close(startup_pipes[i]);
startup_pipes[i] = -1;
startups--;
}
for (i = 0; i < num_listen_socks; i++) {
if (!FD_ISSET(listen_socks[i], fdset))
continue;
fromlen = sizeof(from);
newsock = accept(listen_socks[i], (struct sockaddr *)&from,
&fromlen);
if (newsock < 0) {
if (errno != EINTR && errno != EWOULDBLOCK)
error("accept: %.100s", strerror(errno));
continue;
}
if (fcntl(newsock, F_SETFL, 0) < 0) {
error("newsock del O_NONBLOCK: %s", strerror(errno));
close(newsock);
continue;
}
if (drop_connection(startups) == 1) {
debug("drop connection #%d", startups);
close(newsock);
continue;
}
if (pipe(startup_p) == -1) {
close(newsock);
continue;
}
for (j = 0; j < options.max_startups; j++)
if (startup_pipes[j] == -1) {
startup_pipes[j] = startup_p[0];
if (maxfd < startup_p[0])
maxfd = startup_p[0];
startups++;
break;
}
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
*/
if (debug_flag) {
/*
* In debugging mode. Close the listening
* socket, and start processing the
* connection without forking.
*/
debug("Server will not fork when running in debugging mode.");
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
startup_pipe = -1;
pid = getpid();
break;
} else {
/*
* Normal production daemon. Fork, and have
* the child process the connection. The
* parent continues listening.
*/
if ((pid = fork()) == 0) {
/*
* Child. Close the listening and max_startup
* sockets. Start using the accepted socket.
* Reinitialize logging (since our pid has
* changed). We break out of the loop to handle
* the connection.
*/
startup_pipe = startup_p[1];
close_startup_pipes();
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
break;
}
}
/* Parent. Stay in the loop. */
if (pid < 0)
error("fork: %.100s", strerror(errno));
else
debug("Forked child %ld.", (long)pid);
close(startup_p[1]);
/* Mark that the key has been used (it was "given" to the child). */
if ((options.protocol & SSH_PROTO_1) &&
key_used == 0) {
/* Schedule server key regeneration alarm. */
signal(SIGALRM, key_regeneration_alarm);
alarm(options.key_regeneration_time);
key_used = 1;
}
arc4random_stir();
/* Close the new socket (the child is now taking care of it). */
close(newsock);
}
/* child process check (or debug mode) */
if (num_listen_socks < 0)
break;
}
}
/* This is the child processing a new connection. */
/*
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group. We don't
* want the child to be able to affect the parent.
*/
#if 0
/* XXX: this breaks Solaris */
if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif
/*
* Disable the key regeneration alarm. We will not regenerate the
* key since we are no longer in a position to give it to anyone. We
* will not restart on SIGHUP since it no longer makes sense.
*/
alarm(0);
signal(SIGALRM, SIG_DFL);
signal(SIGHUP, SIG_DFL);
signal(SIGTERM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
signal(SIGINT, SIG_DFL);
/*
* Set socket options for the connection. We want the socket to
* close as fast as possible without waiting for anything. If the
* connection is not a socket, these will do nothing.
*/
/* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
linger.l_onoff = 1;
linger.l_linger = 5;
setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
/* Set keepalives if requested. */
if (options.keepalives &&
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
sizeof(on)) < 0)
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
/*
* Register our connection. This turns encryption off because we do
* not have a key.
*/
packet_set_connection(sock_in, sock_out);
remote_port = get_remote_port();
remote_ip = get_remote_ipaddr();
#ifdef LIBWRAP
/* Check whether logins are denied from this host. */
{
struct request_info req;
request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
fromhost(&req);
if (!hosts_access(&req)) {
debug("Connection refused by tcp wrapper");
refuse(&req);
/* NOTREACHED */
fatal("libwrap refuse returns");
}
}
#endif /* LIBWRAP */
/* Log the connection. */
verbose("Connection from %.500s port %d", remote_ip, remote_port);
/*
* We don\'t want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
* cleared after successful authentication. A limit of zero
* indicates no limit. Note that we don\'t set the alarm in debugging
* mode; it is just annoying to have the server exit just when you
* are about to discover the bug.
*/
signal(SIGALRM, grace_alarm_handler);
if (!debug_flag)
alarm(options.login_grace_time);
sshd_exchange_identification(sock_in, sock_out);
/*
* Check that the connection comes from a privileged port.
* Rhosts-Authentication only makes sense from privileged
* programs. Of course, if the intruder has root access on his local
* machine, he can connect from any port. So do not use these
* authentication methods from machines that you do not trust.
*/
if (options.rhosts_authentication &&
(remote_port >= IPPORT_RESERVED ||
remote_port < IPPORT_RESERVED / 2)) {
debug("Rhosts Authentication disabled, "
"originating port %d not trusted.", remote_port);
options.rhosts_authentication = 0;
}
#if defined(KRB4) && !defined(KRB5)
if (!packet_connection_is_ipv4() &&
options.kerberos_authentication) {
debug("Kerberos Authentication disabled, only available for IPv4.");
options.kerberos_authentication = 0;
}
#endif /* KRB4 && !KRB5 */
#ifdef AFS
/* If machine has AFS, set process authentication group. */
if (k_hasafs()) {
k_setpag();
k_unlog();
}
#endif /* AFS */
packet_set_nonblocking();
if (use_privsep)
if ((authctxt = privsep_preauth()) != NULL)
goto authenticated;
/* perform the key exchange */
/* authenticate user and start session */
if (compat20) {
do_ssh2_kex();
authctxt = do_authentication2();
} else {
do_ssh1_kex();
authctxt = do_authentication();
}
/*
* If we use privilege separation, the unprivileged child transfers
* the current keystate and exits
*/
if (use_privsep) {
mm_send_keystate(pmonitor);
exit(0);
}
authenticated:
/*
* In privilege separation, we fork another child and prepare
* file descriptor passing.
*/
if (use_privsep) {
privsep_postauth(authctxt);
/* the monitor process [priv] will not return */
if (!compat20)
destroy_sensitive_data();
}
/* Perform session preparation. */
do_authenticated(authctxt);
/* The connection has been terminated. */
verbose("Closing connection to %.100s", remote_ip);
#ifdef USE_PAM
finish_pam();
#endif /* USE_PAM */
packet_close();
if (use_privsep)
mm_terminate();
exit(0);
}
