diff options
author | Colin Watson <cjwatson@debian.org> | 2013-05-07 10:06:42 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-05-07 10:06:42 +0100 |
commit | ecebda56da46a03dafff923d91c382f31faa9eec (patch) | |
tree | 449614b6c06a2622c74a609b31fcc46c60037c56 /sshd.c | |
parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) | |
parent | ffc06452028ba78cd693d4ed43df8b60a10d6163 (diff) |
merge 6.2p1; reorder additions to monitor.h for easier merging in future
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 42 |
1 files changed, 40 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.397 2013/02/11 21:21:58 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -363,6 +363,15 @@ grace_alarm_handler(int sig) | |||
363 | if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) | 363 | if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) |
364 | kill(pmonitor->m_pid, SIGALRM); | 364 | kill(pmonitor->m_pid, SIGALRM); |
365 | 365 | ||
366 | /* | ||
367 | * Try to kill any processes that we have spawned, E.g. authorized | ||
368 | * keys command helpers. | ||
369 | */ | ||
370 | if (getpgid(0) == getpid()) { | ||
371 | signal(SIGTERM, SIG_IGN); | ||
372 | killpg(0, SIGTERM); | ||
373 | } | ||
374 | |||
366 | /* Log error and exit. */ | 375 | /* Log error and exit. */ |
367 | sigdie("Timeout before authentication for %s", get_remote_ipaddr()); | 376 | sigdie("Timeout before authentication for %s", get_remote_ipaddr()); |
368 | } | 377 | } |
@@ -1332,6 +1341,7 @@ main(int ac, char **av) | |||
1332 | int remote_port; | 1341 | int remote_port; |
1333 | char *line; | 1342 | char *line; |
1334 | int config_s[2] = { -1 , -1 }; | 1343 | int config_s[2] = { -1 , -1 }; |
1344 | u_int n; | ||
1335 | u_int64_t ibytes, obytes; | 1345 | u_int64_t ibytes, obytes; |
1336 | mode_t new_umask; | 1346 | mode_t new_umask; |
1337 | Key *key; | 1347 | Key *key; |
@@ -1554,6 +1564,33 @@ main(int ac, char **av) | |||
1554 | if (options.challenge_response_authentication) | 1564 | if (options.challenge_response_authentication) |
1555 | options.kbd_interactive_authentication = 1; | 1565 | options.kbd_interactive_authentication = 1; |
1556 | 1566 | ||
1567 | /* Check that options are sensible */ | ||
1568 | if (options.authorized_keys_command_user == NULL && | ||
1569 | (options.authorized_keys_command != NULL && | ||
1570 | strcasecmp(options.authorized_keys_command, "none") != 0)) | ||
1571 | fatal("AuthorizedKeysCommand set without " | ||
1572 | "AuthorizedKeysCommandUser"); | ||
1573 | |||
1574 | /* | ||
1575 | * Check whether there is any path through configured auth methods. | ||
1576 | * Unfortunately it is not possible to verify this generally before | ||
1577 | * daemonisation in the presence of Match block, but this catches | ||
1578 | * and warns for trivial misconfigurations that could break login. | ||
1579 | */ | ||
1580 | if (options.num_auth_methods != 0) { | ||
1581 | if ((options.protocol & SSH_PROTO_1)) | ||
1582 | fatal("AuthenticationMethods is not supported with " | ||
1583 | "SSH protocol 1"); | ||
1584 | for (n = 0; n < options.num_auth_methods; n++) { | ||
1585 | if (auth2_methods_valid(options.auth_methods[n], | ||
1586 | 1) == 0) | ||
1587 | break; | ||
1588 | } | ||
1589 | if (n >= options.num_auth_methods) | ||
1590 | fatal("AuthenticationMethods cannot be satisfied by " | ||
1591 | "enabled authentication methods"); | ||
1592 | } | ||
1593 | |||
1557 | /* set default channel AF */ | 1594 | /* set default channel AF */ |
1558 | channel_set_af(options.address_family); | 1595 | channel_set_af(options.address_family); |
1559 | 1596 | ||
@@ -1563,7 +1600,8 @@ main(int ac, char **av) | |||
1563 | exit(1); | 1600 | exit(1); |
1564 | } | 1601 | } |
1565 | 1602 | ||
1566 | debug("sshd version %.100s", SSH_RELEASE); | 1603 | debug("sshd version %s, %s", SSH_VERSION, |
1604 | SSLeay_version(SSLEAY_VERSION)); | ||
1567 | 1605 | ||
1568 | /* Store privilege separation user for later use if required. */ | 1606 | /* Store privilege separation user for later use if required. */ |
1569 | if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { | 1607 | if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { |