diff options
author | Colin Watson <cjwatson@debian.org> | 2005-09-14 12:45:47 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2005-09-14 12:45:47 +0000 |
commit | 9b71add4cecf753c45f5fbd6ff0913bc95b3e95d (patch) | |
tree | d4ea8fdb30c7949c6433f5277c39548ea579d4dc /sshd.c | |
parent | ed07bcbea56007ab5b218ddf3aa6a7d4e21966e0 (diff) | |
parent | 16704d57999d987fb8d9ba53379841a79f016d67 (diff) |
Merge 4.2p1 to the trunk.
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 38 |
1 files changed, 26 insertions, 12 deletions
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -358,7 +358,8 @@ key_regeneration_alarm(int sig) | |||
358 | static void | 358 | static void |
359 | sshd_exchange_identification(int sock_in, int sock_out) | 359 | sshd_exchange_identification(int sock_in, int sock_out) |
360 | { | 360 | { |
361 | int i, mismatch; | 361 | u_int i; |
362 | int mismatch; | ||
362 | int remote_major, remote_minor; | 363 | int remote_major, remote_minor; |
363 | int major, minor; | 364 | int major, minor; |
364 | char *s; | 365 | char *s; |
@@ -670,6 +671,12 @@ privsep_postauth(Authctxt *authctxt) | |||
670 | 671 | ||
671 | /* It is safe now to apply the key state */ | 672 | /* It is safe now to apply the key state */ |
672 | monitor_apply_keystate(pmonitor); | 673 | monitor_apply_keystate(pmonitor); |
674 | |||
675 | /* | ||
676 | * Tell the packet layer that authentication was successful, since | ||
677 | * this information is not part of the key state. | ||
678 | */ | ||
679 | packet_set_authenticated(); | ||
673 | } | 680 | } |
674 | 681 | ||
675 | static char * | 682 | static char * |
@@ -1038,7 +1045,7 @@ main(int ac, char **av) | |||
1038 | /* | 1045 | /* |
1039 | * Unset KRB5CCNAME, otherwise the user's session may inherit it from | 1046 | * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
1040 | * root's environment | 1047 | * root's environment |
1041 | */ | 1048 | */ |
1042 | if (getenv("KRB5CCNAME") != NULL) | 1049 | if (getenv("KRB5CCNAME") != NULL) |
1043 | unsetenv("KRB5CCNAME"); | 1050 | unsetenv("KRB5CCNAME"); |
1044 | 1051 | ||
@@ -1620,19 +1627,22 @@ main(int ac, char **av) | |||
1620 | signal(SIGCHLD, SIG_DFL); | 1627 | signal(SIGCHLD, SIG_DFL); |
1621 | signal(SIGINT, SIG_DFL); | 1628 | signal(SIGINT, SIG_DFL); |
1622 | 1629 | ||
1623 | /* Set SO_KEEPALIVE if requested. */ | ||
1624 | if (options.tcp_keep_alive && | ||
1625 | setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, | ||
1626 | sizeof(on)) < 0) | ||
1627 | error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); | ||
1628 | |||
1629 | /* | 1630 | /* |
1630 | * Register our connection. This turns encryption off because we do | 1631 | * Register our connection. This turns encryption off because we do |
1631 | * not have a key. | 1632 | * not have a key. |
1632 | */ | 1633 | */ |
1633 | packet_set_connection(sock_in, sock_out, -1); | 1634 | packet_set_connection(sock_in, sock_out, -1); |
1635 | packet_set_server(); | ||
1634 | 1636 | ||
1635 | remote_port = get_remote_port(); | 1637 | /* Set SO_KEEPALIVE if requested. */ |
1638 | if (options.tcp_keep_alive && packet_connection_is_on_socket() && | ||
1639 | setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) | ||
1640 | error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); | ||
1641 | |||
1642 | if ((remote_port = get_remote_port()) < 0) { | ||
1643 | debug("get_remote_port failed"); | ||
1644 | cleanup_exit(255); | ||
1645 | } | ||
1636 | remote_ip = get_remote_ipaddr(); | 1646 | remote_ip = get_remote_ipaddr(); |
1637 | 1647 | ||
1638 | #ifdef SSH_AUDIT_EVENTS | 1648 | #ifdef SSH_AUDIT_EVENTS |
@@ -1903,7 +1913,7 @@ do_ssh1_kex(void) | |||
1903 | if (!rsafail) { | 1913 | if (!rsafail) { |
1904 | BN_mask_bits(session_key_int, sizeof(session_key) * 8); | 1914 | BN_mask_bits(session_key_int, sizeof(session_key) * 8); |
1905 | len = BN_num_bytes(session_key_int); | 1915 | len = BN_num_bytes(session_key_int); |
1906 | if (len < 0 || len > sizeof(session_key)) { | 1916 | if (len < 0 || (u_int)len > sizeof(session_key)) { |
1907 | error("do_connection: bad session key len from %s: " | 1917 | error("do_connection: bad session key len from %s: " |
1908 | "session_key_int %d > sizeof(session_key) %lu", | 1918 | "session_key_int %d > sizeof(session_key) %lu", |
1909 | get_remote_ipaddr(), len, (u_long)sizeof(session_key)); | 1919 | get_remote_ipaddr(), len, (u_long)sizeof(session_key)); |
@@ -1990,10 +2000,14 @@ do_ssh2_kex(void) | |||
1990 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 2000 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
1991 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 2001 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
1992 | } | 2002 | } |
1993 | if (!options.compression) { | 2003 | if (options.compression == COMP_NONE) { |
1994 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 2004 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
1995 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; | 2005 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; |
2006 | } else if (options.compression == COMP_DELAYED) { | ||
2007 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | ||
2008 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; | ||
1996 | } | 2009 | } |
2010 | |||
1997 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2011 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
1998 | 2012 | ||
1999 | /* start key exchange */ | 2013 | /* start key exchange */ |