1 files changed, 23 insertions, 33 deletions
diff --git a/sshd.c b/sshd.c
index b63aaa428..9aff5e8af 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -419,9 +419,11 @@ sshd_exchange_identification(int sock_in, int sock_out)
                major = PROTOCOL_MAJOR_1;
                minor = PROTOCOL_MINOR_1;
        }
-        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
-            SSH_VERSION, newline);
+        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-        server_version_string = xstrdup(buf);
+            major, minor, SSH_VERSION,
+            *options.version_addendum == '\0' ? "" : " ",
+            options.version_addendum, newline);
        /* Send our protocol version identification. */
        if (roaming_atomicio(vwrite, sock_out, server_version_string,
@@ -633,7 +635,7 @@ privsep_preauth(Authctxt *authctxt)
        /* Store a pointer to the kex for later rekeying */
        pmonitor->m_pkex = &xxx_kex;
-        if (use_privsep == PRIVSEP_SANDBOX)
+        if (use_privsep == PRIVSEP_ON)
                box = ssh_sandbox_init();
        pid = fork();
        if (pid == -1) {
@@ -641,9 +643,9 @@ privsep_preauth(Authctxt *authctxt)
        } else if (pid != 0) {
                debug2("Network child is on pid %ld", (long)pid);
+                pmonitor->m_pid = pid;
                if (box != NULL)
                        ssh_sandbox_parent_preauth(box, pid);
-                pmonitor->m_pid = pid;
                monitor_child_preauth(authctxt, pmonitor);
                /* Sync memory */
@@ -1174,7 +1176,10 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                        if (*newsock < 0) {
                                if (errno != EINTR && errno != EAGAIN &&
                                    errno != EWOULDBLOCK)
-                                        error("accept: %.100s", strerror(errno));
+                                        error("accept: %.100s",
+                                            strerror(errno));
+                                if (errno == EMFILE || errno == ENFILE)
+                                        usleep(100 * 1000);
                                continue;
                        }
                        if (unset_nonblock(*newsock) == -1) {
@@ -1320,14 +1325,14 @@ main(int ac, char **av)
        int opt, i, j, on = 1;
        int sock_in = -1, sock_out = -1, newsock = -1;
        const char *remote_ip;
-        char *test_user = NULL, *test_host = NULL, *test_addr = NULL;
        int remote_port;
-        char *line, *p, *cp;
+        char *line;
        int config_s[2] = { -1 , -1 };
        u_int64_t ibytes, obytes;
        mode_t new_umask;
        Key *key;
        Authctxt *authctxt;
+        struct connection_info *connection_info = get_connection_info(0, 0);
 #ifdef HAVE_SECUREWARE
        (void)set_auth_parameters(ac, av);
@@ -1449,20 +1454,9 @@ main(int ac, char **av)
                        test_flag = 2;
                        break;
                case 'C':
-                        cp = optarg;
+                        if (parse_server_match_testspec(connection_info,
-                        while ((p = strsep(&cp, ",")) && *p != '\0') {
+                            optarg) == -1)
-                                if (strncmp(p, "addr=", 5) == 0)
+                                exit(1);
-                                        test_addr = xstrdup(p + 5);
-                                else if (strncmp(p, "host=", 5) == 0)
-                                        test_host = xstrdup(p + 5);
-                                else if (strncmp(p, "user=", 5) == 0)
-                                        test_user = xstrdup(p + 5);
-                                else {
-                                        fprintf(stderr, "Invalid test "
-                                            "mode specification %s\n", p);
-                                        exit(1);
-                                }
-                        }
                        break;
                case 'u':
                        utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
@@ -1474,7 +1468,7 @@ main(int ac, char **av)
                case 'o':
                        line = xstrdup(optarg);
                        if (process_server_config_line(&options, line,
-                            "command-line", 0, NULL, NULL, NULL, NULL) != 0)
+                            "command-line", 0, NULL, NULL) != 0)
                                exit(1);
                        xfree(line);
                        break;
@@ -1530,13 +1524,10 @@ main(int ac, char **av)
         * the parameters we need.  If we're not doing an extended test,
         * do not silently ignore connection test params.
         */
-        if (test_flag >= 2 &&
+        if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0)
-           (test_user != NULL || test_host != NULL || test_addr != NULL)
-            && (test_user == NULL || test_host == NULL || test_addr == NULL))
                fatal("user, host and addr are all required when testing "
                   "Match configs");
-        if (test_flag < 2 && (test_user != NULL || test_host != NULL ||
+        if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0)
-            test_addr != NULL))
                fatal("Config test connection parameter (-C) provided without "
                   "test mode (-T)");
@@ -1548,7 +1539,7 @@ main(int ac, char **av)
                load_server_config(config_file_name, &cfg);
        parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
-            &cfg, NULL, NULL, NULL);
+            &cfg, NULL);
        seed_rng();
@@ -1710,9 +1701,8 @@ main(int ac, char **av)
        }
        if (test_flag > 1) {
-                if (test_user != NULL && test_addr != NULL && test_host != NULL)
+                if (server_match_spec_complete(connection_info) == 1)
-                        parse_server_match_config(&options, test_user,
+                        parse_server_match_config(&options, connection_info);
-                            test_host, test_addr);
                dump_config(&options);
        }

diff --git a/sshd.c b/sshd.c index b63aaa428..9aff5e8af 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */	1	/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -419,9 +419,11 @@ sshd_exchange_identification(int sock_in, int sock_out)
419	major = PROTOCOL_MAJOR_1;	419	major = PROTOCOL_MAJOR_1;
420	minor = PROTOCOL_MINOR_1;	420	minor = PROTOCOL_MINOR_1;
421	}	421	}
422	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,	422
423	SSH_VERSION, newline);	423	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
424	server_version_string = xstrdup(buf);	424	major, minor, SSH_VERSION,
		425	*options.version_addendum == '\0' ? "" : " ",
		426	options.version_addendum, newline);
425		427
426	/* Send our protocol version identification. */	428	/* Send our protocol version identification. */
427	if (roaming_atomicio(vwrite, sock_out, server_version_string,	429	if (roaming_atomicio(vwrite, sock_out, server_version_string,
@@ -633,7 +635,7 @@ privsep_preauth(Authctxt *authctxt)
633	/* Store a pointer to the kex for later rekeying */	635	/* Store a pointer to the kex for later rekeying */
634	pmonitor->m_pkex = &xxx_kex;	636	pmonitor->m_pkex = &xxx_kex;
635		637
636	if (use_privsep == PRIVSEP_SANDBOX)	638	if (use_privsep == PRIVSEP_ON)
637	box = ssh_sandbox_init();	639	box = ssh_sandbox_init();
638	pid = fork();	640	pid = fork();
639	if (pid == -1) {	641	if (pid == -1) {
@@ -641,9 +643,9 @@ privsep_preauth(Authctxt *authctxt)
641	} else if (pid != 0) {	643	} else if (pid != 0) {
642	debug2("Network child is on pid %ld", (long)pid);	644	debug2("Network child is on pid %ld", (long)pid);
643		645
		646	pmonitor->m_pid = pid;
644	if (box != NULL)	647	if (box != NULL)
645	ssh_sandbox_parent_preauth(box, pid);	648	ssh_sandbox_parent_preauth(box, pid);
646	pmonitor->m_pid = pid;
647	monitor_child_preauth(authctxt, pmonitor);	649	monitor_child_preauth(authctxt, pmonitor);
648		650
649	/* Sync memory */	651	/* Sync memory */
@@ -1174,7 +1176,10 @@ server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
1174	if (*newsock < 0) {	1176	if (*newsock < 0) {
1175	if (errno != EINTR && errno != EAGAIN &&	1177	if (errno != EINTR && errno != EAGAIN &&
1176	errno != EWOULDBLOCK)	1178	errno != EWOULDBLOCK)
1177	error("accept: %.100s", strerror(errno));	1179	error("accept: %.100s",
		1180	strerror(errno));
		1181	if (errno == EMFILE \|\| errno == ENFILE)
		1182	usleep(100 * 1000);
1178	continue;	1183	continue;
1179	}	1184	}
1180	if (unset_nonblock(*newsock) == -1) {	1185	if (unset_nonblock(*newsock) == -1) {
@@ -1320,14 +1325,14 @@ main(int ac, char **av)
1320	int opt, i, j, on = 1;	1325	int opt, i, j, on = 1;
1321	int sock_in = -1, sock_out = -1, newsock = -1;	1326	int sock_in = -1, sock_out = -1, newsock = -1;
1322	const char *remote_ip;	1327	const char *remote_ip;
1323	char test_user = NULL, test_host = NULL, *test_addr = NULL;
1324	int remote_port;	1328	int remote_port;
1325	char line, p, *cp;	1329	char *line;
1326	int config_s[2] = { -1 , -1 };	1330	int config_s[2] = { -1 , -1 };
1327	u_int64_t ibytes, obytes;	1331	u_int64_t ibytes, obytes;
1328	mode_t new_umask;	1332	mode_t new_umask;
1329	Key *key;	1333	Key *key;
1330	Authctxt *authctxt;	1334	Authctxt *authctxt;
		1335	struct connection_info *connection_info = get_connection_info(0, 0);
1331		1336
1332	#ifdef HAVE_SECUREWARE	1337	#ifdef HAVE_SECUREWARE
1333	(void)set_auth_parameters(ac, av);	1338	(void)set_auth_parameters(ac, av);
@@ -1449,20 +1454,9 @@ main(int ac, char **av)
1449	test_flag = 2;	1454	test_flag = 2;
1450	break;	1455	break;
1451	case 'C':	1456	case 'C':
1452	cp = optarg;	1457	if (parse_server_match_testspec(connection_info,
1453	while ((p = strsep(&cp, ",")) && *p != '\0') {	1458	optarg) == -1)
1454	if (strncmp(p, "addr=", 5) == 0)	1459	exit(1);
1455	test_addr = xstrdup(p + 5);
1456	else if (strncmp(p, "host=", 5) == 0)
1457	test_host = xstrdup(p + 5);
1458	else if (strncmp(p, "user=", 5) == 0)
1459	test_user = xstrdup(p + 5);
1460	else {
1461	fprintf(stderr, "Invalid test "
1462	"mode specification %s\n", p);
1463	exit(1);
1464	}
1465	}
1466	break;	1460	break;
1467	case 'u':	1461	case 'u':
1468	utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);	1462	utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
@@ -1474,7 +1468,7 @@ main(int ac, char **av)
1474	case 'o':	1468	case 'o':
1475	line = xstrdup(optarg);	1469	line = xstrdup(optarg);
1476	if (process_server_config_line(&options, line,	1470	if (process_server_config_line(&options, line,
1477	"command-line", 0, NULL, NULL, NULL, NULL) != 0)	1471	"command-line", 0, NULL, NULL) != 0)
1478	exit(1);	1472	exit(1);
1479	xfree(line);	1473	xfree(line);
1480	break;	1474	break;
@@ -1530,13 +1524,10 @@ main(int ac, char **av)
1530	* the parameters we need. If we're not doing an extended test,	1524	* the parameters we need. If we're not doing an extended test,
1531	* do not silently ignore connection test params.	1525	* do not silently ignore connection test params.
1532	*/	1526	*/
1533	if (test_flag >= 2 &&	1527	if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0)
1534	(test_user != NULL \|\| test_host != NULL \|\| test_addr != NULL)
1535	&& (test_user == NULL \|\| test_host == NULL \|\| test_addr == NULL))
1536	fatal("user, host and addr are all required when testing "	1528	fatal("user, host and addr are all required when testing "
1537	"Match configs");	1529	"Match configs");
1538	if (test_flag < 2 && (test_user != NULL \|\| test_host != NULL \|\|	1530	if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0)
1539	test_addr != NULL))
1540	fatal("Config test connection parameter (-C) provided without "	1531	fatal("Config test connection parameter (-C) provided without "
1541	"test mode (-T)");	1532	"test mode (-T)");
1542		1533
@@ -1548,7 +1539,7 @@ main(int ac, char **av)
1548	load_server_config(config_file_name, &cfg);	1539	load_server_config(config_file_name, &cfg);
1549		1540
1550	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,	1541	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
1551	&cfg, NULL, NULL, NULL);	1542	&cfg, NULL);
1552		1543
1553	seed_rng();	1544	seed_rng();
1554		1545
@@ -1710,9 +1701,8 @@ main(int ac, char **av)
1710	}	1701	}
1711		1702
1712	if (test_flag > 1) {	1703	if (test_flag > 1) {
1713	if (test_user != NULL && test_addr != NULL && test_host != NULL)	1704	if (server_match_spec_complete(connection_info) == 1)
1714	parse_server_match_config(&options, test_user,	1705	parse_server_match_config(&options, connection_info);
1715	test_host, test_addr);
1716	dump_config(&options);	1706	dump_config(&options);
1717	}	1707	}
1718		1708