summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-05-07 10:06:42 +0100
committerColin Watson <cjwatson@debian.org>2013-05-07 10:06:42 +0100
commitecebda56da46a03dafff923d91c382f31faa9eec (patch)
tree449614b6c06a2622c74a609b31fcc46c60037c56 /sshd.c
parentc6a2c0334e45419875687d250aed9bea78480f2e (diff)
parentffc06452028ba78cd693d4ed43df8b60a10d6163 (diff)
merge 6.2p1; reorder additions to monitor.h for easier merging in future
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c42
1 files changed, 40 insertions, 2 deletions
diff --git a/sshd.c b/sshd.c
index 6b2f59220..d8faaebd5 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.397 2013/02/11 21:21:58 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -363,6 +363,15 @@ grace_alarm_handler(int sig)
363 if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) 363 if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
364 kill(pmonitor->m_pid, SIGALRM); 364 kill(pmonitor->m_pid, SIGALRM);
365 365
366 /*
367 * Try to kill any processes that we have spawned, E.g. authorized
368 * keys command helpers.
369 */
370 if (getpgid(0) == getpid()) {
371 signal(SIGTERM, SIG_IGN);
372 killpg(0, SIGTERM);
373 }
374
366 /* Log error and exit. */ 375 /* Log error and exit. */
367 sigdie("Timeout before authentication for %s", get_remote_ipaddr()); 376 sigdie("Timeout before authentication for %s", get_remote_ipaddr());
368} 377}
@@ -1332,6 +1341,7 @@ main(int ac, char **av)
1332 int remote_port; 1341 int remote_port;
1333 char *line; 1342 char *line;
1334 int config_s[2] = { -1 , -1 }; 1343 int config_s[2] = { -1 , -1 };
1344 u_int n;
1335 u_int64_t ibytes, obytes; 1345 u_int64_t ibytes, obytes;
1336 mode_t new_umask; 1346 mode_t new_umask;
1337 Key *key; 1347 Key *key;
@@ -1554,6 +1564,33 @@ main(int ac, char **av)
1554 if (options.challenge_response_authentication) 1564 if (options.challenge_response_authentication)
1555 options.kbd_interactive_authentication = 1; 1565 options.kbd_interactive_authentication = 1;
1556 1566
1567 /* Check that options are sensible */
1568 if (options.authorized_keys_command_user == NULL &&
1569 (options.authorized_keys_command != NULL &&
1570 strcasecmp(options.authorized_keys_command, "none") != 0))
1571 fatal("AuthorizedKeysCommand set without "
1572 "AuthorizedKeysCommandUser");
1573
1574 /*
1575 * Check whether there is any path through configured auth methods.
1576 * Unfortunately it is not possible to verify this generally before
1577 * daemonisation in the presence of Match block, but this catches
1578 * and warns for trivial misconfigurations that could break login.
1579 */
1580 if (options.num_auth_methods != 0) {
1581 if ((options.protocol & SSH_PROTO_1))
1582 fatal("AuthenticationMethods is not supported with "
1583 "SSH protocol 1");
1584 for (n = 0; n < options.num_auth_methods; n++) {
1585 if (auth2_methods_valid(options.auth_methods[n],
1586 1) == 0)
1587 break;
1588 }
1589 if (n >= options.num_auth_methods)
1590 fatal("AuthenticationMethods cannot be satisfied by "
1591 "enabled authentication methods");
1592 }
1593
1557 /* set default channel AF */ 1594 /* set default channel AF */
1558 channel_set_af(options.address_family); 1595 channel_set_af(options.address_family);
1559 1596
@@ -1563,7 +1600,8 @@ main(int ac, char **av)
1563 exit(1); 1600 exit(1);
1564 } 1601 }
1565 1602
1566 debug("sshd version %.100s", SSH_RELEASE); 1603 debug("sshd version %s, %s", SSH_VERSION,
1604 SSLeay_version(SSLEAY_VERSION));
1567 1605
1568 /* Store privilege separation user for later use if required. */ 1606 /* Store privilege separation user for later use if required. */
1569 if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { 1607 if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {