diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 96 |
1 files changed, 69 insertions, 27 deletions
@@ -1,3 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.90 2007/02/19 10:45:58 dtucker Exp $ */ | ||
1 | /* | 2 | /* |
2 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
3 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -25,16 +26,38 @@ | |||
25 | */ | 26 | */ |
26 | 27 | ||
27 | #include "includes.h" | 28 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $"); | ||
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <sys/types.h> |
31 | #include <sys/param.h> | ||
32 | #include <sys/socket.h> | ||
33 | #include "openbsd-compat/sys-tree.h" | ||
34 | #include <sys/wait.h> | ||
35 | |||
36 | #include <errno.h> | ||
37 | #include <fcntl.h> | ||
38 | #ifdef HAVE_PATHS_H | ||
39 | #include <paths.h> | ||
40 | #endif | ||
41 | #include <pwd.h> | ||
42 | #include <signal.h> | ||
43 | #include <stdarg.h> | ||
44 | #include <stdlib.h> | ||
45 | #include <string.h> | ||
46 | #include <unistd.h> | ||
31 | 47 | ||
32 | #ifdef SKEY | 48 | #ifdef SKEY |
33 | #include <skey.h> | 49 | #include <skey.h> |
34 | #endif | 50 | #endif |
35 | 51 | ||
52 | #include <openssl/dh.h> | ||
53 | |||
54 | #include "xmalloc.h" | ||
36 | #include "ssh.h" | 55 | #include "ssh.h" |
56 | #include "key.h" | ||
57 | #include "buffer.h" | ||
58 | #include "hostfile.h" | ||
37 | #include "auth.h" | 59 | #include "auth.h" |
60 | #include "cipher.h" | ||
38 | #include "kex.h" | 61 | #include "kex.h" |
39 | #include "dh.h" | 62 | #include "dh.h" |
40 | #ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ | 63 | #ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ |
@@ -55,17 +78,16 @@ RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $"); | |||
55 | #include "servconf.h" | 78 | #include "servconf.h" |
56 | #include "monitor.h" | 79 | #include "monitor.h" |
57 | #include "monitor_mm.h" | 80 | #include "monitor_mm.h" |
81 | #ifdef GSSAPI | ||
82 | #include "ssh-gss.h" | ||
83 | #endif | ||
58 | #include "monitor_wrap.h" | 84 | #include "monitor_wrap.h" |
59 | #include "monitor_fdpass.h" | 85 | #include "monitor_fdpass.h" |
60 | #include "xmalloc.h" | ||
61 | #include "misc.h" | 86 | #include "misc.h" |
62 | #include "buffer.h" | ||
63 | #include "bufaux.h" | ||
64 | #include "compat.h" | 87 | #include "compat.h" |
65 | #include "ssh2.h" | 88 | #include "ssh2.h" |
66 | 89 | ||
67 | #ifdef GSSAPI | 90 | #ifdef GSSAPI |
68 | #include "ssh-gss.h" | ||
69 | static Gssctxt *gsscontext = NULL; | 91 | static Gssctxt *gsscontext = NULL; |
70 | #endif | 92 | #endif |
71 | 93 | ||
@@ -172,6 +194,7 @@ struct mon_table { | |||
172 | #define MON_ISAUTH 0x0004 /* Required for Authentication */ | 194 | #define MON_ISAUTH 0x0004 /* Required for Authentication */ |
173 | #define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ | 195 | #define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ |
174 | #define MON_ONCE 0x0010 /* Disable after calling */ | 196 | #define MON_ONCE 0x0010 /* Disable after calling */ |
197 | #define MON_ALOG 0x0020 /* Log auth attempt without authenticating */ | ||
175 | 198 | ||
176 | #define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) | 199 | #define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) |
177 | 200 | ||
@@ -197,7 +220,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
197 | #endif | 220 | #endif |
198 | #ifdef BSD_AUTH | 221 | #ifdef BSD_AUTH |
199 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, | 222 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
200 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, | 223 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, |
201 | #endif | 224 | #endif |
202 | #ifdef SKEY | 225 | #ifdef SKEY |
203 | {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, | 226 | {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, |
@@ -238,13 +261,13 @@ struct mon_table mon_dispatch_proto15[] = { | |||
238 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, | 261 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, |
239 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, | 262 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, |
240 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 263 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
241 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, | 264 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, |
242 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, | 265 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, |
243 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, | 266 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, |
244 | {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, | 267 | {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, |
245 | #ifdef BSD_AUTH | 268 | #ifdef BSD_AUTH |
246 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, | 269 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
247 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, | 270 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, |
248 | #endif | 271 | #endif |
249 | #ifdef SKEY | 272 | #ifdef SKEY |
250 | {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, | 273 | {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, |
@@ -270,7 +293,7 @@ struct mon_table mon_dispatch_postauth15[] = { | |||
270 | {MONITOR_REQ_TERM, 0, mm_answer_term}, | 293 | {MONITOR_REQ_TERM, 0, mm_answer_term}, |
271 | #ifdef SSH_AUDIT_EVENTS | 294 | #ifdef SSH_AUDIT_EVENTS |
272 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 295 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
273 | {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, | 296 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, |
274 | #endif | 297 | #endif |
275 | {0, 0, NULL} | 298 | {0, 0, NULL} |
276 | }; | 299 | }; |
@@ -337,7 +360,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
337 | 360 | ||
338 | /* The first few requests do not require asynchronous access */ | 361 | /* The first few requests do not require asynchronous access */ |
339 | while (!authenticated) { | 362 | while (!authenticated) { |
340 | authenticated = monitor_read(pmonitor, mon_dispatch, &ent); | 363 | auth_method = "unknown"; |
364 | authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); | ||
341 | if (authenticated) { | 365 | if (authenticated) { |
342 | if (!(ent->flags & MON_AUTHDECIDE)) | 366 | if (!(ent->flags & MON_AUTHDECIDE)) |
343 | fatal("%s: unexpected authentication from %d", | 367 | fatal("%s: unexpected authentication from %d", |
@@ -359,7 +383,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
359 | #endif | 383 | #endif |
360 | } | 384 | } |
361 | 385 | ||
362 | if (ent->flags & MON_AUTHDECIDE) { | 386 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
363 | auth_log(authctxt, authenticated, auth_method, | 387 | auth_log(authctxt, authenticated, auth_method, |
364 | compat20 ? " ssh2" : ""); | 388 | compat20 ? " ssh2" : ""); |
365 | if (!authenticated) | 389 | if (!authenticated) |
@@ -369,6 +393,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
369 | 393 | ||
370 | if (!authctxt->valid) | 394 | if (!authctxt->valid) |
371 | fatal("%s: authenticated invalid user", __func__); | 395 | fatal("%s: authenticated invalid user", __func__); |
396 | if (strcmp(auth_method, "unknown") == 0) | ||
397 | fatal("%s: authentication method name unknown", __func__); | ||
372 | 398 | ||
373 | debug("%s: %s has been authenticated by privileged process", | 399 | debug("%s: %s has been authenticated by privileged process", |
374 | __func__, authctxt->user); | 400 | __func__, authctxt->user); |
@@ -552,7 +578,11 @@ mm_answer_sign(int sock, Buffer *m) | |||
552 | keyid = buffer_get_int(m); | 578 | keyid = buffer_get_int(m); |
553 | p = buffer_get_string(m, &datlen); | 579 | p = buffer_get_string(m, &datlen); |
554 | 580 | ||
555 | if (datlen != 20) | 581 | /* |
582 | * Supported KEX types will only return SHA1 (20 byte) or | ||
583 | * SHA256 (32 byte) hashes | ||
584 | */ | ||
585 | if (datlen != 20 && datlen != 32) | ||
556 | fatal("%s: data length incorrect: %u", __func__, datlen); | 586 | fatal("%s: data length incorrect: %u", __func__, datlen); |
557 | 587 | ||
558 | /* save session id, it will be passed on the first call */ | 588 | /* save session id, it will be passed on the first call */ |
@@ -627,6 +657,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
627 | #endif | 657 | #endif |
628 | buffer_put_cstring(m, pwent->pw_dir); | 658 | buffer_put_cstring(m, pwent->pw_dir); |
629 | buffer_put_cstring(m, pwent->pw_shell); | 659 | buffer_put_cstring(m, pwent->pw_shell); |
660 | buffer_put_string(m, &options, sizeof(options)); | ||
661 | if (options.banner != NULL) | ||
662 | buffer_put_cstring(m, options.banner); | ||
630 | 663 | ||
631 | out: | 664 | out: |
632 | debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); | 665 | debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); |
@@ -645,9 +678,6 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
645 | if (options.use_pam) | 678 | if (options.use_pam) |
646 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); | 679 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); |
647 | #endif | 680 | #endif |
648 | #ifdef SSH_AUDIT_EVENTS | ||
649 | monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1); | ||
650 | #endif | ||
651 | 681 | ||
652 | return (0); | 682 | return (0); |
653 | } | 683 | } |
@@ -908,6 +938,7 @@ mm_answer_pam_query(int sock, Buffer *m) | |||
908 | xfree(prompts); | 938 | xfree(prompts); |
909 | if (echo_on != NULL) | 939 | if (echo_on != NULL) |
910 | xfree(echo_on); | 940 | xfree(echo_on); |
941 | auth_method = "keyboard-interactive/pam"; | ||
911 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); | 942 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); |
912 | return (0); | 943 | return (0); |
913 | } | 944 | } |
@@ -923,7 +954,7 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
923 | sshpam_authok = NULL; | 954 | sshpam_authok = NULL; |
924 | num = buffer_get_int(m); | 955 | num = buffer_get_int(m); |
925 | if (num > 0) { | 956 | if (num > 0) { |
926 | resp = xmalloc(num * sizeof(char *)); | 957 | resp = xcalloc(num, sizeof(char *)); |
927 | for (i = 0; i < num; ++i) | 958 | for (i = 0; i < num; ++i) |
928 | resp[i] = buffer_get_string(m, NULL); | 959 | resp[i] = buffer_get_string(m, NULL); |
929 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); | 960 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); |
@@ -950,6 +981,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) | |||
950 | (sshpam_device.free_ctx)(sshpam_ctxt); | 981 | (sshpam_device.free_ctx)(sshpam_ctxt); |
951 | buffer_clear(m); | 982 | buffer_clear(m); |
952 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); | 983 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); |
984 | auth_method = "keyboard-interactive/pam"; | ||
953 | return (sshpam_authok == sshpam_ctxt); | 985 | return (sshpam_authok == sshpam_ctxt); |
954 | } | 986 | } |
955 | #endif | 987 | #endif |
@@ -995,17 +1027,20 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
995 | case MM_USERKEY: | 1027 | case MM_USERKEY: |
996 | allowed = options.pubkey_authentication && | 1028 | allowed = options.pubkey_authentication && |
997 | user_key_allowed(authctxt->pw, key); | 1029 | user_key_allowed(authctxt->pw, key); |
1030 | auth_method = "publickey"; | ||
998 | break; | 1031 | break; |
999 | case MM_HOSTKEY: | 1032 | case MM_HOSTKEY: |
1000 | allowed = options.hostbased_authentication && | 1033 | allowed = options.hostbased_authentication && |
1001 | hostbased_key_allowed(authctxt->pw, | 1034 | hostbased_key_allowed(authctxt->pw, |
1002 | cuser, chost, key); | 1035 | cuser, chost, key); |
1036 | auth_method = "hostbased"; | ||
1003 | break; | 1037 | break; |
1004 | case MM_RSAHOSTKEY: | 1038 | case MM_RSAHOSTKEY: |
1005 | key->type = KEY_RSA1; /* XXX */ | 1039 | key->type = KEY_RSA1; /* XXX */ |
1006 | allowed = options.rhosts_rsa_authentication && | 1040 | allowed = options.rhosts_rsa_authentication && |
1007 | auth_rhosts_rsa_key_allowed(authctxt->pw, | 1041 | auth_rhosts_rsa_key_allowed(authctxt->pw, |
1008 | cuser, chost, key); | 1042 | cuser, chost, key); |
1043 | auth_method = "rsa"; | ||
1009 | break; | 1044 | break; |
1010 | default: | 1045 | default: |
1011 | fatal("%s: unknown key type %d", __func__, type); | 1046 | fatal("%s: unknown key type %d", __func__, type); |
@@ -1025,6 +1060,12 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1025 | key_blobtype = type; | 1060 | key_blobtype = type; |
1026 | hostbased_cuser = cuser; | 1061 | hostbased_cuser = cuser; |
1027 | hostbased_chost = chost; | 1062 | hostbased_chost = chost; |
1063 | } else { | ||
1064 | /* Log failed attempt */ | ||
1065 | auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); | ||
1066 | xfree(blob); | ||
1067 | xfree(cuser); | ||
1068 | xfree(chost); | ||
1028 | } | 1069 | } |
1029 | 1070 | ||
1030 | debug3("%s: key %p is %s", | 1071 | debug3("%s: key %p is %s", |
@@ -1194,7 +1235,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1194 | 1235 | ||
1195 | verified = key_verify(key, signature, signaturelen, data, datalen); | 1236 | verified = key_verify(key, signature, signaturelen, data, datalen); |
1196 | debug3("%s: key %p signature %s", | 1237 | debug3("%s: key %p signature %s", |
1197 | __func__, key, verified ? "verified" : "unverified"); | 1238 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1198 | 1239 | ||
1199 | key_free(key); | 1240 | key_free(key); |
1200 | xfree(blob); | 1241 | xfree(blob); |
@@ -1209,7 +1250,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1209 | buffer_put_int(m, verified); | 1250 | buffer_put_int(m, verified); |
1210 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); | 1251 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); |
1211 | 1252 | ||
1212 | return (verified); | 1253 | return (verified == 1); |
1213 | } | 1254 | } |
1214 | 1255 | ||
1215 | static void | 1256 | static void |
@@ -1226,7 +1267,7 @@ mm_record_login(Session *s, struct passwd *pw) | |||
1226 | fromlen = sizeof(from); | 1267 | fromlen = sizeof(from); |
1227 | if (packet_connection_is_on_socket()) { | 1268 | if (packet_connection_is_on_socket()) { |
1228 | if (getpeername(packet_get_connection_in(), | 1269 | if (getpeername(packet_get_connection_in(), |
1229 | (struct sockaddr *) & from, &fromlen) < 0) { | 1270 | (struct sockaddr *)&from, &fromlen) < 0) { |
1230 | debug("getpeername: %.100s", strerror(errno)); | 1271 | debug("getpeername: %.100s", strerror(errno)); |
1231 | cleanup_exit(255); | 1272 | cleanup_exit(255); |
1232 | } | 1273 | } |
@@ -1242,7 +1283,7 @@ mm_session_close(Session *s) | |||
1242 | { | 1283 | { |
1243 | debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); | 1284 | debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); |
1244 | if (s->ttyfd != -1) { | 1285 | if (s->ttyfd != -1) { |
1245 | debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); | 1286 | debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); |
1246 | session_pty_cleanup2(s); | 1287 | session_pty_cleanup2(s); |
1247 | } | 1288 | } |
1248 | s->used = 0; | 1289 | s->used = 0; |
@@ -1302,7 +1343,7 @@ mm_answer_pty(int sock, Buffer *m) | |||
1302 | /* no need to dup() because nobody closes ptyfd */ | 1343 | /* no need to dup() because nobody closes ptyfd */ |
1303 | s->ptymaster = s->ptyfd; | 1344 | s->ptymaster = s->ptyfd; |
1304 | 1345 | ||
1305 | debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); | 1346 | debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); |
1306 | 1347 | ||
1307 | return (0); | 1348 | return (0); |
1308 | 1349 | ||
@@ -1389,6 +1430,7 @@ mm_answer_rsa_keyallowed(int sock, Buffer *m) | |||
1389 | 1430 | ||
1390 | debug3("%s entering", __func__); | 1431 | debug3("%s entering", __func__); |
1391 | 1432 | ||
1433 | auth_method = "rsa"; | ||
1392 | if (options.rsa_authentication && authctxt->valid) { | 1434 | if (options.rsa_authentication && authctxt->valid) { |
1393 | if ((client_n = BN_new()) == NULL) | 1435 | if ((client_n = BN_new()) == NULL) |
1394 | fatal("%s: BN_new", __func__); | 1436 | fatal("%s: BN_new", __func__); |
@@ -1625,8 +1667,7 @@ mm_get_kex(Buffer *m) | |||
1625 | void *blob; | 1667 | void *blob; |
1626 | u_int bloblen; | 1668 | u_int bloblen; |
1627 | 1669 | ||
1628 | kex = xmalloc(sizeof(*kex)); | 1670 | kex = xcalloc(1, sizeof(*kex)); |
1629 | memset(kex, 0, sizeof(*kex)); | ||
1630 | kex->session_id = buffer_get_string(m, &kex->session_id_len); | 1671 | kex->session_id = buffer_get_string(m, &kex->session_id_len); |
1631 | if ((session_id2 == NULL) || | 1672 | if ((session_id2 == NULL) || |
1632 | (kex->session_id_len != session_id2_len) || | 1673 | (kex->session_id_len != session_id2_len) || |
@@ -1636,8 +1677,10 @@ mm_get_kex(Buffer *m) | |||
1636 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1677 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
1637 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 1678 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
1638 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 1679 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
1680 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | ||
1639 | #ifdef GSSAPI | 1681 | #ifdef GSSAPI |
1640 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; | 1682 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; |
1683 | kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; | ||
1641 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; | 1684 | kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; |
1642 | #endif | 1685 | #endif |
1643 | kex->server = 1; | 1686 | kex->server = 1; |
@@ -1799,9 +1842,8 @@ monitor_init(void) | |||
1799 | struct monitor *mon; | 1842 | struct monitor *mon; |
1800 | int pair[2]; | 1843 | int pair[2]; |
1801 | 1844 | ||
1802 | mon = xmalloc(sizeof(*mon)); | 1845 | mon = xcalloc(1, sizeof(*mon)); |
1803 | 1846 | ||
1804 | mon->m_pid = 0; | ||
1805 | monitor_socketpair(pair); | 1847 | monitor_socketpair(pair); |
1806 | 1848 | ||
1807 | mon->m_recvfd = pair[0]; | 1849 | mon->m_recvfd = pair[0]; |