diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 53 |
1 files changed, 51 insertions, 2 deletions
@@ -253,6 +253,11 @@ Buffer loginmsg; | |||
253 | /* Unprivileged user */ | 253 | /* Unprivileged user */ |
254 | struct passwd *privsep_pw = NULL; | 254 | struct passwd *privsep_pw = NULL; |
255 | 255 | ||
256 | #ifdef OOM_ADJUST | ||
257 | /* Linux out-of-memory killer adjustment */ | ||
258 | static char oom_adj_save[8]; | ||
259 | #endif | ||
260 | |||
256 | /* Prototypes for various functions defined later in this file. */ | 261 | /* Prototypes for various functions defined later in this file. */ |
257 | void destroy_sensitive_data(void); | 262 | void destroy_sensitive_data(void); |
258 | void demote_sensitive_data(void); | 263 | void demote_sensitive_data(void); |
@@ -419,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
419 | minor = PROTOCOL_MINOR_1; | 424 | minor = PROTOCOL_MINOR_1; |
420 | } | 425 | } |
421 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 426 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, |
422 | SSH_VERSION, newline); | 427 | SSH_RELEASE, newline); |
423 | server_version_string = xstrdup(buf); | 428 | server_version_string = xstrdup(buf); |
424 | 429 | ||
425 | /* Send our protocol version identification. */ | 430 | /* Send our protocol version identification. */ |
@@ -907,6 +912,31 @@ recv_rexec_state(int fd, Buffer *conf) | |||
907 | debug3("%s: done", __func__); | 912 | debug3("%s: done", __func__); |
908 | } | 913 | } |
909 | 914 | ||
915 | #ifdef OOM_ADJUST | ||
916 | /* | ||
917 | * If requested in the environment, tell the Linux kernel's out-of-memory | ||
918 | * killer to avoid sshd. The old state will be restored when forking child | ||
919 | * processes. | ||
920 | */ | ||
921 | static void | ||
922 | oom_adjust_startup(void) | ||
923 | { | ||
924 | const char *oom_adj = getenv("SSHD_OOM_ADJUST"); | ||
925 | |||
926 | if (!oom_adj || !*oom_adj) | ||
927 | return; | ||
928 | oom_adj_get(oom_adj_save, sizeof(oom_adj_save)); | ||
929 | oom_adj_set(oom_adj); | ||
930 | } | ||
931 | |||
932 | static void | ||
933 | oom_restore(void) | ||
934 | { | ||
935 | if (oom_adj_save[0]) | ||
936 | oom_adj_set(oom_adj_save); | ||
937 | } | ||
938 | #endif | ||
939 | |||
910 | /* Accept a connection from inetd */ | 940 | /* Accept a connection from inetd */ |
911 | static void | 941 | static void |
912 | server_accept_inetd(int *sock_in, int *sock_out) | 942 | server_accept_inetd(int *sock_in, int *sock_out) |
@@ -1324,7 +1354,12 @@ main(int ac, char **av) | |||
1324 | /* ignored */ | 1354 | /* ignored */ |
1325 | break; | 1355 | break; |
1326 | case 'q': | 1356 | case 'q': |
1327 | options.log_level = SYSLOG_LEVEL_QUIET; | 1357 | if (options.log_level == SYSLOG_LEVEL_QUIET) { |
1358 | options.log_level = SYSLOG_LEVEL_SILENT; | ||
1359 | } | ||
1360 | else if (options.log_level != SYSLOG_LEVEL_SILENT) { | ||
1361 | options.log_level = SYSLOG_LEVEL_QUIET; | ||
1362 | } | ||
1328 | break; | 1363 | break; |
1329 | case 'b': | 1364 | case 'b': |
1330 | options.server_key_bits = (int)strtonum(optarg, 256, | 1365 | options.server_key_bits = (int)strtonum(optarg, 256, |
@@ -1517,6 +1552,11 @@ main(int ac, char **av) | |||
1517 | sensitive_data.host_keys[i] = NULL; | 1552 | sensitive_data.host_keys[i] = NULL; |
1518 | continue; | 1553 | continue; |
1519 | } | 1554 | } |
1555 | if (reject_blacklisted_key(key, 1) == 1) { | ||
1556 | key_free(key); | ||
1557 | sensitive_data.host_keys[i] = NULL; | ||
1558 | continue; | ||
1559 | } | ||
1520 | switch (key->type) { | 1560 | switch (key->type) { |
1521 | case KEY_RSA1: | 1561 | case KEY_RSA1: |
1522 | sensitive_data.ssh1_host_key = key; | 1562 | sensitive_data.ssh1_host_key = key; |
@@ -1664,6 +1704,11 @@ main(int ac, char **av) | |||
1664 | /* ignore SIGPIPE */ | 1704 | /* ignore SIGPIPE */ |
1665 | signal(SIGPIPE, SIG_IGN); | 1705 | signal(SIGPIPE, SIG_IGN); |
1666 | 1706 | ||
1707 | #ifdef OOM_ADJUST | ||
1708 | /* Adjust out-of-memory killer */ | ||
1709 | oom_adjust_startup(); | ||
1710 | #endif | ||
1711 | |||
1667 | /* Get a connection, either from inetd or a listening TCP socket */ | 1712 | /* Get a connection, either from inetd or a listening TCP socket */ |
1668 | if (inetd_flag) { | 1713 | if (inetd_flag) { |
1669 | server_accept_inetd(&sock_in, &sock_out); | 1714 | server_accept_inetd(&sock_in, &sock_out); |
@@ -1702,6 +1747,10 @@ main(int ac, char **av) | |||
1702 | /* This is the child processing a new connection. */ | 1747 | /* This is the child processing a new connection. */ |
1703 | setproctitle("%s", "[accepted]"); | 1748 | setproctitle("%s", "[accepted]"); |
1704 | 1749 | ||
1750 | #ifdef OOM_ADJUST | ||
1751 | oom_restore(); | ||
1752 | #endif | ||
1753 | |||
1705 | /* | 1754 | /* |
1706 | * Create a new session and process group since the 4.4BSD | 1755 | * Create a new session and process group since the 4.4BSD |
1707 | * setlogin() affects the entire process group. We don't | 1756 | * setlogin() affects the entire process group. We don't |