diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 14 |
1 files changed, 12 insertions, 2 deletions
@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
440 | } | 440 | } |
441 | 441 | ||
442 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 442 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
443 | major, minor, SSH_VERSION, | 443 | major, minor, |
444 | options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, | ||
444 | *options.version_addendum == '\0' ? "" : " ", | 445 | *options.version_addendum == '\0' ? "" : " ", |
445 | options.version_addendum, newline); | 446 | options.version_addendum, newline); |
446 | 447 | ||
@@ -753,7 +754,7 @@ privsep_postauth(Authctxt *authctxt) | |||
753 | RAND_seed(rnd, sizeof(rnd)); | 754 | RAND_seed(rnd, sizeof(rnd)); |
754 | 755 | ||
755 | /* Drop privileges */ | 756 | /* Drop privileges */ |
756 | do_setusercontext(authctxt->pw); | 757 | do_setusercontext(authctxt->pw, authctxt->role); |
757 | 758 | ||
758 | skip: | 759 | skip: |
759 | /* It is safe now to apply the key state */ | 760 | /* It is safe now to apply the key state */ |
@@ -1688,6 +1689,11 @@ main(int ac, char **av) | |||
1688 | sensitive_data.host_pubkeys[i] = NULL; | 1689 | sensitive_data.host_pubkeys[i] = NULL; |
1689 | continue; | 1690 | continue; |
1690 | } | 1691 | } |
1692 | if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) { | ||
1693 | sensitive_data.host_keys[i] = NULL; | ||
1694 | sensitive_data.host_pubkeys[i] = NULL; | ||
1695 | continue; | ||
1696 | } | ||
1691 | 1697 | ||
1692 | switch (keytype) { | 1698 | switch (keytype) { |
1693 | case KEY_RSA1: | 1699 | case KEY_RSA1: |
@@ -1908,6 +1914,10 @@ main(int ac, char **av) | |||
1908 | } | 1914 | } |
1909 | } | 1915 | } |
1910 | 1916 | ||
1917 | if (getenv("SSH_SIGSTOP")) | ||
1918 | /* Tell service supervisor that we are ready. */ | ||
1919 | kill(getpid(), SIGSTOP); | ||
1920 | |||
1911 | /* Accept a connection and return in a forked child */ | 1921 | /* Accept a connection and return in a forked child */ |
1912 | server_accept_loop(&sock_in, &sock_out, | 1922 | server_accept_loop(&sock_in, &sock_out, |
1913 | &newsock, config_s); | 1923 | &newsock, config_s); |