diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 56 |
1 files changed, 23 insertions, 33 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -419,9 +419,11 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
419 | major = PROTOCOL_MAJOR_1; | 419 | major = PROTOCOL_MAJOR_1; |
420 | minor = PROTOCOL_MINOR_1; | 420 | minor = PROTOCOL_MINOR_1; |
421 | } | 421 | } |
422 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 422 | |
423 | SSH_VERSION, newline); | 423 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
424 | server_version_string = xstrdup(buf); | 424 | major, minor, SSH_VERSION, |
425 | *options.version_addendum == '\0' ? "" : " ", | ||
426 | options.version_addendum, newline); | ||
425 | 427 | ||
426 | /* Send our protocol version identification. */ | 428 | /* Send our protocol version identification. */ |
427 | if (roaming_atomicio(vwrite, sock_out, server_version_string, | 429 | if (roaming_atomicio(vwrite, sock_out, server_version_string, |
@@ -633,7 +635,7 @@ privsep_preauth(Authctxt *authctxt) | |||
633 | /* Store a pointer to the kex for later rekeying */ | 635 | /* Store a pointer to the kex for later rekeying */ |
634 | pmonitor->m_pkex = &xxx_kex; | 636 | pmonitor->m_pkex = &xxx_kex; |
635 | 637 | ||
636 | if (use_privsep == PRIVSEP_SANDBOX) | 638 | if (use_privsep == PRIVSEP_ON) |
637 | box = ssh_sandbox_init(); | 639 | box = ssh_sandbox_init(); |
638 | pid = fork(); | 640 | pid = fork(); |
639 | if (pid == -1) { | 641 | if (pid == -1) { |
@@ -641,9 +643,9 @@ privsep_preauth(Authctxt *authctxt) | |||
641 | } else if (pid != 0) { | 643 | } else if (pid != 0) { |
642 | debug2("Network child is on pid %ld", (long)pid); | 644 | debug2("Network child is on pid %ld", (long)pid); |
643 | 645 | ||
646 | pmonitor->m_pid = pid; | ||
644 | if (box != NULL) | 647 | if (box != NULL) |
645 | ssh_sandbox_parent_preauth(box, pid); | 648 | ssh_sandbox_parent_preauth(box, pid); |
646 | pmonitor->m_pid = pid; | ||
647 | monitor_child_preauth(authctxt, pmonitor); | 649 | monitor_child_preauth(authctxt, pmonitor); |
648 | 650 | ||
649 | /* Sync memory */ | 651 | /* Sync memory */ |
@@ -1174,7 +1176,10 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1174 | if (*newsock < 0) { | 1176 | if (*newsock < 0) { |
1175 | if (errno != EINTR && errno != EAGAIN && | 1177 | if (errno != EINTR && errno != EAGAIN && |
1176 | errno != EWOULDBLOCK) | 1178 | errno != EWOULDBLOCK) |
1177 | error("accept: %.100s", strerror(errno)); | 1179 | error("accept: %.100s", |
1180 | strerror(errno)); | ||
1181 | if (errno == EMFILE || errno == ENFILE) | ||
1182 | usleep(100 * 1000); | ||
1178 | continue; | 1183 | continue; |
1179 | } | 1184 | } |
1180 | if (unset_nonblock(*newsock) == -1) { | 1185 | if (unset_nonblock(*newsock) == -1) { |
@@ -1320,14 +1325,14 @@ main(int ac, char **av) | |||
1320 | int opt, i, j, on = 1; | 1325 | int opt, i, j, on = 1; |
1321 | int sock_in = -1, sock_out = -1, newsock = -1; | 1326 | int sock_in = -1, sock_out = -1, newsock = -1; |
1322 | const char *remote_ip; | 1327 | const char *remote_ip; |
1323 | char *test_user = NULL, *test_host = NULL, *test_addr = NULL; | ||
1324 | int remote_port; | 1328 | int remote_port; |
1325 | char *line, *p, *cp; | 1329 | char *line; |
1326 | int config_s[2] = { -1 , -1 }; | 1330 | int config_s[2] = { -1 , -1 }; |
1327 | u_int64_t ibytes, obytes; | 1331 | u_int64_t ibytes, obytes; |
1328 | mode_t new_umask; | 1332 | mode_t new_umask; |
1329 | Key *key; | 1333 | Key *key; |
1330 | Authctxt *authctxt; | 1334 | Authctxt *authctxt; |
1335 | struct connection_info *connection_info = get_connection_info(0, 0); | ||
1331 | 1336 | ||
1332 | #ifdef HAVE_SECUREWARE | 1337 | #ifdef HAVE_SECUREWARE |
1333 | (void)set_auth_parameters(ac, av); | 1338 | (void)set_auth_parameters(ac, av); |
@@ -1449,20 +1454,9 @@ main(int ac, char **av) | |||
1449 | test_flag = 2; | 1454 | test_flag = 2; |
1450 | break; | 1455 | break; |
1451 | case 'C': | 1456 | case 'C': |
1452 | cp = optarg; | 1457 | if (parse_server_match_testspec(connection_info, |
1453 | while ((p = strsep(&cp, ",")) && *p != '\0') { | 1458 | optarg) == -1) |
1454 | if (strncmp(p, "addr=", 5) == 0) | 1459 | exit(1); |
1455 | test_addr = xstrdup(p + 5); | ||
1456 | else if (strncmp(p, "host=", 5) == 0) | ||
1457 | test_host = xstrdup(p + 5); | ||
1458 | else if (strncmp(p, "user=", 5) == 0) | ||
1459 | test_user = xstrdup(p + 5); | ||
1460 | else { | ||
1461 | fprintf(stderr, "Invalid test " | ||
1462 | "mode specification %s\n", p); | ||
1463 | exit(1); | ||
1464 | } | ||
1465 | } | ||
1466 | break; | 1460 | break; |
1467 | case 'u': | 1461 | case 'u': |
1468 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); | 1462 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); |
@@ -1474,7 +1468,7 @@ main(int ac, char **av) | |||
1474 | case 'o': | 1468 | case 'o': |
1475 | line = xstrdup(optarg); | 1469 | line = xstrdup(optarg); |
1476 | if (process_server_config_line(&options, line, | 1470 | if (process_server_config_line(&options, line, |
1477 | "command-line", 0, NULL, NULL, NULL, NULL) != 0) | 1471 | "command-line", 0, NULL, NULL) != 0) |
1478 | exit(1); | 1472 | exit(1); |
1479 | xfree(line); | 1473 | xfree(line); |
1480 | break; | 1474 | break; |
@@ -1530,13 +1524,10 @@ main(int ac, char **av) | |||
1530 | * the parameters we need. If we're not doing an extended test, | 1524 | * the parameters we need. If we're not doing an extended test, |
1531 | * do not silently ignore connection test params. | 1525 | * do not silently ignore connection test params. |
1532 | */ | 1526 | */ |
1533 | if (test_flag >= 2 && | 1527 | if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0) |
1534 | (test_user != NULL || test_host != NULL || test_addr != NULL) | ||
1535 | && (test_user == NULL || test_host == NULL || test_addr == NULL)) | ||
1536 | fatal("user, host and addr are all required when testing " | 1528 | fatal("user, host and addr are all required when testing " |
1537 | "Match configs"); | 1529 | "Match configs"); |
1538 | if (test_flag < 2 && (test_user != NULL || test_host != NULL || | 1530 | if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0) |
1539 | test_addr != NULL)) | ||
1540 | fatal("Config test connection parameter (-C) provided without " | 1531 | fatal("Config test connection parameter (-C) provided without " |
1541 | "test mode (-T)"); | 1532 | "test mode (-T)"); |
1542 | 1533 | ||
@@ -1548,7 +1539,7 @@ main(int ac, char **av) | |||
1548 | load_server_config(config_file_name, &cfg); | 1539 | load_server_config(config_file_name, &cfg); |
1549 | 1540 | ||
1550 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, | 1541 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, |
1551 | &cfg, NULL, NULL, NULL); | 1542 | &cfg, NULL); |
1552 | 1543 | ||
1553 | seed_rng(); | 1544 | seed_rng(); |
1554 | 1545 | ||
@@ -1710,9 +1701,8 @@ main(int ac, char **av) | |||
1710 | } | 1701 | } |
1711 | 1702 | ||
1712 | if (test_flag > 1) { | 1703 | if (test_flag > 1) { |
1713 | if (test_user != NULL && test_addr != NULL && test_host != NULL) | 1704 | if (server_match_spec_complete(connection_info) == 1) |
1714 | parse_server_match_config(&options, test_user, | 1705 | parse_server_match_config(&options, connection_info); |
1715 | test_host, test_addr); | ||
1716 | dump_config(&options); | 1706 | dump_config(&options); |
1717 | } | 1707 | } |
1718 | 1708 | ||