1 files changed, 30 insertions, 3 deletions

diff --git a/monitor.c b/monitor.c
index 7c105e687..cc15ce486 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.135 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -40,9 +40,10 @@
 #endif
 #include <pwd.h>
 #include <signal.h>
-#include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
 #include <unistd.h>
 #ifdef HAVE_POLL_H
 #include <poll.h>
@@ -56,7 +57,9 @@
 #include <skey.h>
 #endif
 
+#ifdef WITH_OPENSSL
 #include <openssl/dh.h>
+#endif
 
 #include "openbsd-compat/sys-queue.h"
 #include "atomicio.h"
@@ -84,6 +87,7 @@
 #include "sshlogin.h"
 #include "canohost.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "monitor.h"
 #include "monitor_mm.h"
@@ -92,7 +96,6 @@
 #endif
 #include "monitor_wrap.h"
 #include "monitor_fdpass.h"
-#include "misc.h"
 #include "compat.h"
 #include "ssh2.h"
 #include "roaming.h"
@@ -195,7 +198,10 @@ int mm_answer_consolekit_register(int, Buffer *);
 #endif
 
 static Authctxt *authctxt;
+
+#ifdef WITH_SSH1
 static BIGNUM *ssh1_challenge = NULL;   /* used for ssh1 rsa auth */
+#endif
 
 /* local state for key verify */
 static u_char *key_blob = NULL;
@@ -225,7 +231,9 @@ struct mon_table {
 #define MON_PERMIT      0x1000  /* Request is permitted */
 
 struct mon_table mon_dispatch_proto20[] = {
+#ifdef WITH_OPENSSL
     {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
+#endif
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -270,7 +278,9 @@ struct mon_table mon_dispatch_postauth20[] = {
     {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
     {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds},
 #endif
+#ifdef WITH_OPENSSL
     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
+#endif
     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
     {MONITOR_REQ_PTY, 0, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
@@ -286,6 +296,7 @@ struct mon_table mon_dispatch_postauth20[] = {
 };
 
 struct mon_table mon_dispatch_proto15[] = {
+#ifdef WITH_SSH1
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
     {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
@@ -313,10 +324,12 @@ struct mon_table mon_dispatch_proto15[] = {
 #ifdef SSH_AUDIT_EVENTS
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
 #endif
+#endif /* WITH_SSH1 */
     {0, 0, NULL}
 };
 
 struct mon_table mon_dispatch_postauth15[] = {
+#ifdef WITH_SSH1
     {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
     {MONITOR_REQ_TERM, 0, mm_answer_term},
@@ -327,6 +340,7 @@ struct mon_table mon_dispatch_postauth15[] = {
 #ifdef USE_CONSOLEKIT
     {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
 #endif
+#endif /* WITH_SSH1 */
     {0, 0, NULL}
 };
 
@@ -485,6 +499,9 @@ monitor_child_postauth(struct monitor *pmonitor)
         signal(SIGHUP, &monitor_child_handler);
         signal(SIGTERM, &monitor_child_handler);
         signal(SIGINT, &monitor_child_handler);
+#ifdef SIGXFSZ
+        signal(SIGXFSZ, SIG_IGN);
+#endif
 
         if (compat20) {
                 mon_dispatch = mon_dispatch_postauth20;
@@ -665,6 +682,7 @@ monitor_reset_key_state(void)
         hostbased_chost = NULL;
 }
 
+#ifdef WITH_OPENSSL
 int
 mm_answer_moduli(int sock, Buffer *m)
 {
@@ -699,6 +717,7 @@ mm_answer_moduli(int sock, Buffer *m)
         mm_request_send(sock, MONITOR_ANS_MODULI, m);
         return (0);
 }
+#endif
 
 extern AuthenticationConnection *auth_conn;
 
@@ -1225,6 +1244,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
                             cuser, chost);
                         auth_method = "hostbased";
                         break;
+#ifdef WITH_SSH1
                 case MM_RSAHOSTKEY:
                         key->type = KEY_RSA1; /* XXX */
                         allowed = options.rhosts_rsa_authentication &&
@@ -1234,6 +1254,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
                                 auth_clear_options();
                         auth_method = "rsa";
                         break;
+#endif
                 default:
                         fatal("%s: unknown key type %d", __func__, type);
                         break;
@@ -1570,6 +1591,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m)
         return (0);
 }
 
+#ifdef WITH_SSH1
 int
 mm_answer_sesskey(int sock, Buffer *m)
 {
@@ -1747,6 +1769,7 @@ mm_answer_rsa_response(int sock, Buffer *m)
 
         return (success);
 }
+#endif
 
 int
 mm_answer_term(int sock, Buffer *req)
@@ -1851,6 +1874,8 @@ monitor_apply_keystate(struct monitor *pmonitor)
         if (options.compression)
                 mm_init_compression(pmonitor->m_zlib);
 
+        packet_set_postauth();
+
         if (options.rekey_limit || options.rekey_interval)
                 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
                     (time_t)options.rekey_interval);
@@ -1887,11 +1912,13 @@ mm_get_kex(Buffer *m)
             timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0)
                 fatal("mm_get_get: internal error: bad session id");
         kex->we_need = buffer_get_int(m);
+#ifdef WITH_OPENSSL
         kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
         kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
         kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
         kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
         kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+#endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 #ifdef GSSAPI
         if (options.gss_keyex) {