1 files changed, 37 insertions, 15 deletions
diff --git a/sshd.c b/sshd.c
index 92aa9bbd2..def90d827 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -633,16 +633,8 @@ privsep_postauth(Authctxt *authctxt)
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
 #endif
                /* File descriptor passing is broken or root login */
-                monitor_apply_keystate(pmonitor);
                use_privsep = 0;
-                return;
+                goto skip;
-        }
-        /* Authentication complete */
-        alarm(0);
-        if (startup_pipe != -1) {
-                close(startup_pipe);
-                startup_pipe = -1;
        }
        /* New socket pair */
@@ -669,6 +661,7 @@ privsep_postauth(Authctxt *authctxt)
        /* Drop privileges */
        do_setusercontext(authctxt->pw);
+ skip:
        /* It is safe now to apply the key state */
        monitor_apply_keystate(pmonitor);
@@ -800,6 +793,7 @@ send_rexec_state(int fd, Buffer *conf)
         *      bignum  iqmp                    "
         *      bignum  p                       "
         *      bignum  q                       "
+         *      string rngseed          (only if OpenSSL is not self-seeded)
         */
        buffer_init(&m);
        buffer_put_cstring(&m, buffer_ptr(conf));
@@ -816,6 +810,10 @@ send_rexec_state(int fd, Buffer *conf)
        } else
                buffer_put_int(&m, 0);
+#ifndef OPENSSL_PRNG_ONLY
+        rexec_send_rng_seed(&m);
+#endif
        if (ssh_msg_send(fd, 0, &m) == -1)
                fatal("%s: ssh_msg_send failed", __func__);
@@ -858,6 +856,11 @@ recv_rexec_state(int fd, Buffer *conf)
                rsa_generate_additional_parameters(
                    sensitive_data.server_key->rsa);
        }
+#ifndef OPENSSL_PRNG_ONLY
+        rexec_recv_rng_seed(&m);
+#endif
        buffer_free(&m);
        debug3("%s: done", __func__);
@@ -914,6 +917,9 @@ main(int ac, char **av)
        if (geteuid() == 0 && setgroups(0, NULL) == -1)
                debug("setgroups(): %.200s", strerror(errno));
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);
@@ -1051,8 +1057,6 @@ main(int ac, char **av)
        drop_cray_privs();
 #endif
-        seed_rng();
        sensitive_data.server_key = NULL;
        sensitive_data.ssh1_host_key = NULL;
        sensitive_data.have_ssh1_key = 0;
@@ -1071,6 +1075,8 @@ main(int ac, char **av)
        if (!rexec_flag)
                buffer_free(&cfg);
+        seed_rng();
        /* Fill in default values for those options not explicitly set. */
        fill_default_server_options(&options);
@@ -1638,7 +1644,12 @@ main(int ac, char **av)
                debug("get_remote_port failed");
                cleanup_exit(255);
        }
-        remote_ip = get_remote_ipaddr();
+        /*
+         * We use get_canonical_hostname with usedns = 0 instead of
+         * get_remote_ipaddr here so IP options will be checked.
+         */
+        remote_ip = get_canonical_hostname(0);
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
@@ -1664,10 +1675,10 @@ main(int ac, char **av)
        verbose("Connection from %.500s port %d", remote_ip, remote_port);
        /*
-         * We don\'t want to listen forever unless the other side
+         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
         * cleared after successful authentication.  A limit of zero
-         * indicates no limit. Note that we don\'t set the alarm in debugging
+         * indicates no limit. Note that we don't set the alarm in debugging
         * mode; it is just annoying to have the server exit just when you
         * are about to discover the bug.
         */
@@ -1714,6 +1725,17 @@ main(int ac, char **av)
        }
 authenticated:
+        /*
+         * Cancel the alarm we set to limit the time taken for
+         * authentication.
+         */
+        alarm(0);
+        signal(SIGALRM, SIG_DFL);
+        if (startup_pipe != -1) {
+                close(startup_pipe);
+                startup_pipe = -1;
+        }
 #ifdef SSH_AUDIT_EVENTS
        audit_event(SSH_AUTH_SUCCESS);
 #endif

diff --git a/sshd.c b/sshd.c index 92aa9bbd2..def90d827 100644 --- a/sshd.c +++ b/sshd.c
@@ -42,7 +42,7 @@
42	*/	42	*/
43		43
44	#include "includes.h"	44	#include "includes.h"
45	RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");	45	RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
46		46
47	#include <openssl/dh.h>	47	#include <openssl/dh.h>
48	#include <openssl/bn.h>	48	#include <openssl/bn.h>
@@ -633,16 +633,8 @@ privsep_postauth(Authctxt *authctxt)
633	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {	633	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {
634	#endif	634	#endif
635	/* File descriptor passing is broken or root login */	635	/* File descriptor passing is broken or root login */
636	monitor_apply_keystate(pmonitor);
637	use_privsep = 0;	636	use_privsep = 0;
638	return;	637	goto skip;
639	}
640
641	/* Authentication complete */
642	alarm(0);
643	if (startup_pipe != -1) {
644	close(startup_pipe);
645	startup_pipe = -1;
646	}	638	}
647		639
648	/* New socket pair */	640	/* New socket pair */
@@ -669,6 +661,7 @@ privsep_postauth(Authctxt *authctxt)
669	/* Drop privileges */	661	/* Drop privileges */
670	do_setusercontext(authctxt->pw);	662	do_setusercontext(authctxt->pw);
671		663
		664	skip:
672	/* It is safe now to apply the key state */	665	/* It is safe now to apply the key state */
673	monitor_apply_keystate(pmonitor);	666	monitor_apply_keystate(pmonitor);
674		667
@@ -800,6 +793,7 @@ send_rexec_state(int fd, Buffer *conf)
800	* bignum iqmp "	793	* bignum iqmp "
801	* bignum p "	794	* bignum p "
802	* bignum q "	795	* bignum q "
		796	* string rngseed (only if OpenSSL is not self-seeded)
803	*/	797	*/
804	buffer_init(&m);	798	buffer_init(&m);
805	buffer_put_cstring(&m, buffer_ptr(conf));	799	buffer_put_cstring(&m, buffer_ptr(conf));
@@ -816,6 +810,10 @@ send_rexec_state(int fd, Buffer *conf)
816	} else	810	} else
817	buffer_put_int(&m, 0);	811	buffer_put_int(&m, 0);
818		812
		813	#ifndef OPENSSL_PRNG_ONLY
		814	rexec_send_rng_seed(&m);
		815	#endif
		816
819	if (ssh_msg_send(fd, 0, &m) == -1)	817	if (ssh_msg_send(fd, 0, &m) == -1)
820	fatal("%s: ssh_msg_send failed", __func__);	818	fatal("%s: ssh_msg_send failed", __func__);
821		819
@@ -858,6 +856,11 @@ recv_rexec_state(int fd, Buffer *conf)
858	rsa_generate_additional_parameters(	856	rsa_generate_additional_parameters(
859	sensitive_data.server_key->rsa);	857	sensitive_data.server_key->rsa);
860	}	858	}
		859
		860	#ifndef OPENSSL_PRNG_ONLY
		861	rexec_recv_rng_seed(&m);
		862	#endif
		863
861	buffer_free(&m);	864	buffer_free(&m);
862		865
863	debug3("%s: done", __func__);	866	debug3("%s: done", __func__);
@@ -914,6 +917,9 @@ main(int ac, char **av)
914	if (geteuid() == 0 && setgroups(0, NULL) == -1)	917	if (geteuid() == 0 && setgroups(0, NULL) == -1)
915	debug("setgroups(): %.200s", strerror(errno));	918	debug("setgroups(): %.200s", strerror(errno));
916		919
		920	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
		921	sanitise_stdfd();
		922
917	/* Initialize configuration options to their default values. */	923	/* Initialize configuration options to their default values. */
918	initialize_server_options(&options);	924	initialize_server_options(&options);
919		925
@@ -1051,8 +1057,6 @@ main(int ac, char **av)
1051	drop_cray_privs();	1057	drop_cray_privs();
1052	#endif	1058	#endif
1053		1059
1054	seed_rng();
1055
1056	sensitive_data.server_key = NULL;	1060	sensitive_data.server_key = NULL;
1057	sensitive_data.ssh1_host_key = NULL;	1061	sensitive_data.ssh1_host_key = NULL;
1058	sensitive_data.have_ssh1_key = 0;	1062	sensitive_data.have_ssh1_key = 0;
@@ -1071,6 +1075,8 @@ main(int ac, char **av)
1071	if (!rexec_flag)	1075	if (!rexec_flag)
1072	buffer_free(&cfg);	1076	buffer_free(&cfg);
1073		1077
		1078	seed_rng();
		1079
1074	/* Fill in default values for those options not explicitly set. */	1080	/* Fill in default values for those options not explicitly set. */
1075	fill_default_server_options(&options);	1081	fill_default_server_options(&options);
1076		1082
@@ -1638,7 +1644,12 @@ main(int ac, char **av)
1638	debug("get_remote_port failed");	1644	debug("get_remote_port failed");
1639	cleanup_exit(255);	1645	cleanup_exit(255);
1640	}	1646	}
1641	remote_ip = get_remote_ipaddr();	1647
		1648	/*
		1649	* We use get_canonical_hostname with usedns = 0 instead of
		1650	* get_remote_ipaddr here so IP options will be checked.
		1651	*/
		1652	remote_ip = get_canonical_hostname(0);
1642		1653
1643	#ifdef SSH_AUDIT_EVENTS	1654	#ifdef SSH_AUDIT_EVENTS
1644	audit_connection_from(remote_ip, remote_port);	1655	audit_connection_from(remote_ip, remote_port);
@@ -1664,10 +1675,10 @@ main(int ac, char **av)
1664	verbose("Connection from %.500s port %d", remote_ip, remote_port);	1675	verbose("Connection from %.500s port %d", remote_ip, remote_port);
1665		1676
1666	/*	1677	/*
1667	* We don\'t want to listen forever unless the other side	1678	* We don't want to listen forever unless the other side
1668	* successfully authenticates itself. So we set up an alarm which is	1679	* successfully authenticates itself. So we set up an alarm which is
1669	* cleared after successful authentication. A limit of zero	1680	* cleared after successful authentication. A limit of zero
1670	* indicates no limit. Note that we don\'t set the alarm in debugging	1681	* indicates no limit. Note that we don't set the alarm in debugging
1671	* mode; it is just annoying to have the server exit just when you	1682	* mode; it is just annoying to have the server exit just when you
1672	* are about to discover the bug.	1683	* are about to discover the bug.
1673	*/	1684	*/
@@ -1714,6 +1725,17 @@ main(int ac, char **av)
1714	}	1725	}
1715		1726
1716	authenticated:	1727	authenticated:
		1728	/*
		1729	* Cancel the alarm we set to limit the time taken for
		1730	* authentication.
		1731	*/
		1732	alarm(0);
		1733	signal(SIGALRM, SIG_DFL);
		1734	if (startup_pipe != -1) {
		1735	close(startup_pipe);
		1736	startup_pipe = -1;
		1737	}
		1738
1717	#ifdef SSH_AUDIT_EVENTS	1739	#ifdef SSH_AUDIT_EVENTS
1718	audit_event(SSH_AUTH_SUCCESS);	1740	audit_event(SSH_AUTH_SUCCESS);
1719	#endif	1741	#endif