summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2005-09-14 12:45:47 +0000
committerColin Watson <cjwatson@debian.org>2005-09-14 12:45:47 +0000
commit9b71add4cecf753c45f5fbd6ff0913bc95b3e95d (patch)
treed4ea8fdb30c7949c6433f5277c39548ea579d4dc /sshd.c
parented07bcbea56007ab5b218ddf3aa6a7d4e21966e0 (diff)
parent16704d57999d987fb8d9ba53379841a79f016d67 (diff)
Merge 4.2p1 to the trunk.
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c38
1 files changed, 26 insertions, 12 deletions
diff --git a/sshd.c b/sshd.c
index 8f782d48c..86468318e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -358,7 +358,8 @@ key_regeneration_alarm(int sig)
358static void 358static void
359sshd_exchange_identification(int sock_in, int sock_out) 359sshd_exchange_identification(int sock_in, int sock_out)
360{ 360{
361 int i, mismatch; 361 u_int i;
362 int mismatch;
362 int remote_major, remote_minor; 363 int remote_major, remote_minor;
363 int major, minor; 364 int major, minor;
364 char *s; 365 char *s;
@@ -670,6 +671,12 @@ privsep_postauth(Authctxt *authctxt)
670 671
671 /* It is safe now to apply the key state */ 672 /* It is safe now to apply the key state */
672 monitor_apply_keystate(pmonitor); 673 monitor_apply_keystate(pmonitor);
674
675 /*
676 * Tell the packet layer that authentication was successful, since
677 * this information is not part of the key state.
678 */
679 packet_set_authenticated();
673} 680}
674 681
675static char * 682static char *
@@ -1038,7 +1045,7 @@ main(int ac, char **av)
1038 /* 1045 /*
1039 * Unset KRB5CCNAME, otherwise the user's session may inherit it from 1046 * Unset KRB5CCNAME, otherwise the user's session may inherit it from
1040 * root's environment 1047 * root's environment
1041 */ 1048 */
1042 if (getenv("KRB5CCNAME") != NULL) 1049 if (getenv("KRB5CCNAME") != NULL)
1043 unsetenv("KRB5CCNAME"); 1050 unsetenv("KRB5CCNAME");
1044 1051
@@ -1620,19 +1627,22 @@ main(int ac, char **av)
1620 signal(SIGCHLD, SIG_DFL); 1627 signal(SIGCHLD, SIG_DFL);
1621 signal(SIGINT, SIG_DFL); 1628 signal(SIGINT, SIG_DFL);
1622 1629
1623 /* Set SO_KEEPALIVE if requested. */
1624 if (options.tcp_keep_alive &&
1625 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
1626 sizeof(on)) < 0)
1627 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
1628
1629 /* 1630 /*
1630 * Register our connection. This turns encryption off because we do 1631 * Register our connection. This turns encryption off because we do
1631 * not have a key. 1632 * not have a key.
1632 */ 1633 */
1633 packet_set_connection(sock_in, sock_out, -1); 1634 packet_set_connection(sock_in, sock_out, -1);
1635 packet_set_server();
1634 1636
1635 remote_port = get_remote_port(); 1637 /* Set SO_KEEPALIVE if requested. */
1638 if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
1639 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
1640 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
1641
1642 if ((remote_port = get_remote_port()) < 0) {
1643 debug("get_remote_port failed");
1644 cleanup_exit(255);
1645 }
1636 remote_ip = get_remote_ipaddr(); 1646 remote_ip = get_remote_ipaddr();
1637 1647
1638#ifdef SSH_AUDIT_EVENTS 1648#ifdef SSH_AUDIT_EVENTS
@@ -1903,7 +1913,7 @@ do_ssh1_kex(void)
1903 if (!rsafail) { 1913 if (!rsafail) {
1904 BN_mask_bits(session_key_int, sizeof(session_key) * 8); 1914 BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1905 len = BN_num_bytes(session_key_int); 1915 len = BN_num_bytes(session_key_int);
1906 if (len < 0 || len > sizeof(session_key)) { 1916 if (len < 0 || (u_int)len > sizeof(session_key)) {
1907 error("do_connection: bad session key len from %s: " 1917 error("do_connection: bad session key len from %s: "
1908 "session_key_int %d > sizeof(session_key) %lu", 1918 "session_key_int %d > sizeof(session_key) %lu",
1909 get_remote_ipaddr(), len, (u_long)sizeof(session_key)); 1919 get_remote_ipaddr(), len, (u_long)sizeof(session_key));
@@ -1990,10 +2000,14 @@ do_ssh2_kex(void)
1990 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 2000 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
1991 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 2001 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
1992 } 2002 }
1993 if (!options.compression) { 2003 if (options.compression == COMP_NONE) {
1994 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 2004 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1995 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 2005 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
2006 } else if (options.compression == COMP_DELAYED) {
2007 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
2008 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
1996 } 2009 }
2010
1997 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 2011 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
1998 2012
1999 /* start key exchange */ 2013 /* start key exchange */