Merge 4.3p2 to the trunk.

author: Colin Watson <cjwatson@debian.org> 2006-05-12 08:53:37 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-05-12 08:53:37 +0000
commit: 2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (patch)
tree: f64a4ace625514e94759878c0b94ab0a79805bbd /sshd.c
parent: 3c190ec8e469477ea65fbf4cc83062c65c281434 (diff)
parent: 3e2e0ac10674d77618c4c7339e18b83ced247492 (diff)
1 files changed, 37 insertions, 15 deletions
diff --git a/sshd.c b/sshd.c
index 967f5e7f0..df6d1e374 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -633,16 +633,8 @@ privsep_postauth(Authctxt *authctxt)
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
 #endif
                /* File descriptor passing is broken or root login */
-                monitor_apply_keystate(pmonitor);
                use_privsep = 0;
-                return;
+                goto skip;
-        }
-        /* Authentication complete */
-        alarm(0);
-        if (startup_pipe != -1) {
-                close(startup_pipe);
-                startup_pipe = -1;
        }
        /* New socket pair */
@@ -669,6 +661,7 @@ privsep_postauth(Authctxt *authctxt)
        /* Drop privileges */
        do_setusercontext(authctxt->pw);
+ skip:
        /* It is safe now to apply the key state */
        monitor_apply_keystate(pmonitor);
@@ -800,6 +793,7 @@ send_rexec_state(int fd, Buffer *conf)
         *      bignum  iqmp                    "
         *      bignum  p                       "
         *      bignum  q                       "
+         *      string rngseed          (only if OpenSSL is not self-seeded)
         */
        buffer_init(&m);
        buffer_put_cstring(&m, buffer_ptr(conf));
@@ -816,6 +810,10 @@ send_rexec_state(int fd, Buffer *conf)
        } else
                buffer_put_int(&m, 0);
+#ifndef OPENSSL_PRNG_ONLY
+        rexec_send_rng_seed(&m);
+#endif
        if (ssh_msg_send(fd, 0, &m) == -1)
                fatal("%s: ssh_msg_send failed", __func__);
@@ -858,6 +856,11 @@ recv_rexec_state(int fd, Buffer *conf)
                rsa_generate_additional_parameters(
                    sensitive_data.server_key->rsa);
        }
+#ifndef OPENSSL_PRNG_ONLY
+        rexec_recv_rng_seed(&m);
+#endif
        buffer_free(&m);
        debug3("%s: done", __func__);
@@ -914,6 +917,9 @@ main(int ac, char **av)
        if (geteuid() == 0 && setgroups(0, NULL) == -1)
                debug("setgroups(): %.200s", strerror(errno));
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);
@@ -1056,8 +1062,6 @@ main(int ac, char **av)
        drop_cray_privs();
 #endif
-        seed_rng();
        sensitive_data.server_key = NULL;
        sensitive_data.ssh1_host_key = NULL;
        sensitive_data.have_ssh1_key = 0;
@@ -1076,6 +1080,8 @@ main(int ac, char **av)
        if (!rexec_flag)
                buffer_free(&cfg);
+        seed_rng();
        /* Fill in default values for those options not explicitly set. */
        fill_default_server_options(&options);
@@ -1645,7 +1651,12 @@ main(int ac, char **av)
                debug("get_remote_port failed");
                cleanup_exit(255);
        }
-        remote_ip = get_remote_ipaddr();
+        /*
+         * We use get_canonical_hostname with usedns = 0 instead of
+         * get_remote_ipaddr here so IP options will be checked.
+         */
+        remote_ip = get_canonical_hostname(0);
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
@@ -1671,10 +1682,10 @@ main(int ac, char **av)
        verbose("Connection from %.500s port %d", remote_ip, remote_port);
        /*
-         * We don\'t want to listen forever unless the other side
+         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
         * cleared after successful authentication.  A limit of zero
-         * indicates no limit. Note that we don\'t set the alarm in debugging
+         * indicates no limit. Note that we don't set the alarm in debugging
         * mode; it is just annoying to have the server exit just when you
         * are about to discover the bug.
         */
@@ -1721,6 +1732,17 @@ main(int ac, char **av)
        }
 authenticated:
+        /*
+         * Cancel the alarm we set to limit the time taken for
+         * authentication.
+         */
+        alarm(0);
+        signal(SIGALRM, SIG_DFL);
+        if (startup_pipe != -1) {
+                close(startup_pipe);
+                startup_pipe = -1;
+        }
 #ifdef SSH_AUDIT_EVENTS
        audit_event(SSH_AUTH_SUCCESS);
 #endif
author	Colin Watson <cjwatson@debian.org>	2006-05-12 08:53:37 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-05-12 08:53:37 +0000
commit	2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (patch)
tree	f64a4ace625514e94759878c0b94ab0a79805bbd /sshd.c
parent	3c190ec8e469477ea65fbf4cc83062c65c281434 (diff)
parent	3e2e0ac10674d77618c4c7339e18b83ced247492 (diff)

diff --git a/sshd.c b/sshd.c index 967f5e7f0..df6d1e374 100644 --- a/sshd.c +++ b/sshd.c
@@ -42,7 +42,7 @@
42	*/	42	*/
43		43
44	#include "includes.h"	44	#include "includes.h"
45	RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");	45	RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
46		46
47	#include <openssl/dh.h>	47	#include <openssl/dh.h>
48	#include <openssl/bn.h>	48	#include <openssl/bn.h>
@@ -633,16 +633,8 @@ privsep_postauth(Authctxt *authctxt)
633	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {	633	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {
634	#endif	634	#endif
635	/* File descriptor passing is broken or root login */	635	/* File descriptor passing is broken or root login */
636	monitor_apply_keystate(pmonitor);
637	use_privsep = 0;	636	use_privsep = 0;
638	return;	637	goto skip;
639	}
640
641	/* Authentication complete */
642	alarm(0);
643	if (startup_pipe != -1) {
644	close(startup_pipe);
645	startup_pipe = -1;
646	}	638	}
647		639
648	/* New socket pair */	640	/* New socket pair */
@@ -669,6 +661,7 @@ privsep_postauth(Authctxt *authctxt)
669	/* Drop privileges */	661	/* Drop privileges */
670	do_setusercontext(authctxt->pw);	662	do_setusercontext(authctxt->pw);
671		663
		664	skip:
672	/* It is safe now to apply the key state */	665	/* It is safe now to apply the key state */
673	monitor_apply_keystate(pmonitor);	666	monitor_apply_keystate(pmonitor);
674		667
@@ -800,6 +793,7 @@ send_rexec_state(int fd, Buffer *conf)
800	* bignum iqmp "	793	* bignum iqmp "
801	* bignum p "	794	* bignum p "
802	* bignum q "	795	* bignum q "
		796	* string rngseed (only if OpenSSL is not self-seeded)
803	*/	797	*/
804	buffer_init(&m);	798	buffer_init(&m);
805	buffer_put_cstring(&m, buffer_ptr(conf));	799	buffer_put_cstring(&m, buffer_ptr(conf));
@@ -816,6 +810,10 @@ send_rexec_state(int fd, Buffer *conf)
816	} else	810	} else
817	buffer_put_int(&m, 0);	811	buffer_put_int(&m, 0);
818		812
		813	#ifndef OPENSSL_PRNG_ONLY
		814	rexec_send_rng_seed(&m);
		815	#endif
		816
819	if (ssh_msg_send(fd, 0, &m) == -1)	817	if (ssh_msg_send(fd, 0, &m) == -1)
820	fatal("%s: ssh_msg_send failed", __func__);	818	fatal("%s: ssh_msg_send failed", __func__);
821		819
@@ -858,6 +856,11 @@ recv_rexec_state(int fd, Buffer *conf)
858	rsa_generate_additional_parameters(	856	rsa_generate_additional_parameters(
859	sensitive_data.server_key->rsa);	857	sensitive_data.server_key->rsa);
860	}	858	}
		859
		860	#ifndef OPENSSL_PRNG_ONLY
		861	rexec_recv_rng_seed(&m);
		862	#endif
		863
861	buffer_free(&m);	864	buffer_free(&m);
862		865
863	debug3("%s: done", __func__);	866	debug3("%s: done", __func__);
@@ -914,6 +917,9 @@ main(int ac, char **av)
914	if (geteuid() == 0 && setgroups(0, NULL) == -1)	917	if (geteuid() == 0 && setgroups(0, NULL) == -1)
915	debug("setgroups(): %.200s", strerror(errno));	918	debug("setgroups(): %.200s", strerror(errno));
916		919
		920	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
		921	sanitise_stdfd();
		922
917	/* Initialize configuration options to their default values. */	923	/* Initialize configuration options to their default values. */
918	initialize_server_options(&options);	924	initialize_server_options(&options);
919		925
@@ -1056,8 +1062,6 @@ main(int ac, char **av)
1056	drop_cray_privs();	1062	drop_cray_privs();
1057	#endif	1063	#endif
1058		1064
1059	seed_rng();
1060
1061	sensitive_data.server_key = NULL;	1065	sensitive_data.server_key = NULL;
1062	sensitive_data.ssh1_host_key = NULL;	1066	sensitive_data.ssh1_host_key = NULL;
1063	sensitive_data.have_ssh1_key = 0;	1067	sensitive_data.have_ssh1_key = 0;
@@ -1076,6 +1080,8 @@ main(int ac, char **av)
1076	if (!rexec_flag)	1080	if (!rexec_flag)
1077	buffer_free(&cfg);	1081	buffer_free(&cfg);
1078		1082
		1083	seed_rng();
		1084
1079	/* Fill in default values for those options not explicitly set. */	1085	/* Fill in default values for those options not explicitly set. */
1080	fill_default_server_options(&options);	1086	fill_default_server_options(&options);
1081		1087
@@ -1645,7 +1651,12 @@ main(int ac, char **av)
1645	debug("get_remote_port failed");	1651	debug("get_remote_port failed");
1646	cleanup_exit(255);	1652	cleanup_exit(255);
1647	}	1653	}
1648	remote_ip = get_remote_ipaddr();	1654
		1655	/*
		1656	* We use get_canonical_hostname with usedns = 0 instead of
		1657	* get_remote_ipaddr here so IP options will be checked.
		1658	*/
		1659	remote_ip = get_canonical_hostname(0);
1649		1660
1650	#ifdef SSH_AUDIT_EVENTS	1661	#ifdef SSH_AUDIT_EVENTS
1651	audit_connection_from(remote_ip, remote_port);	1662	audit_connection_from(remote_ip, remote_port);
@@ -1671,10 +1682,10 @@ main(int ac, char **av)
1671	verbose("Connection from %.500s port %d", remote_ip, remote_port);	1682	verbose("Connection from %.500s port %d", remote_ip, remote_port);
1672		1683
1673	/*	1684	/*
1674	* We don\'t want to listen forever unless the other side	1685	* We don't want to listen forever unless the other side
1675	* successfully authenticates itself. So we set up an alarm which is	1686	* successfully authenticates itself. So we set up an alarm which is
1676	* cleared after successful authentication. A limit of zero	1687	* cleared after successful authentication. A limit of zero
1677	* indicates no limit. Note that we don\'t set the alarm in debugging	1688	* indicates no limit. Note that we don't set the alarm in debugging
1678	* mode; it is just annoying to have the server exit just when you	1689	* mode; it is just annoying to have the server exit just when you
1679	* are about to discover the bug.	1690	* are about to discover the bug.
1680	*/	1691	*/
@@ -1721,6 +1732,17 @@ main(int ac, char **av)
1721	}	1732	}
1722		1733
1723	authenticated:	1734	authenticated:
		1735	/*
		1736	* Cancel the alarm we set to limit the time taken for
		1737	* authentication.
		1738	*/
		1739	alarm(0);
		1740	signal(SIGALRM, SIG_DFL);
		1741	if (startup_pipe != -1) {
		1742	close(startup_pipe);
		1743	startup_pipe = -1;
		1744	}
		1745
1724	#ifdef SSH_AUDIT_EVENTS	1746	#ifdef SSH_AUDIT_EVENTS
1725	audit_event(SSH_AUTH_SUCCESS);	1747	audit_event(SSH_AUTH_SUCCESS);
1726	#endif	1748	#endif