1 files changed, 23 insertions, 33 deletions
diff --git a/sshd.c b/sshd.c
index 9d21b30f3..6b2f59220 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -423,9 +423,11 @@ sshd_exchange_identification(int sock_in, int sock_out)
                major = PROTOCOL_MAJOR_1;
                minor = PROTOCOL_MINOR_1;
        }
-        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
-            SSH_VERSION, newline);
+        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-        server_version_string = xstrdup(buf);
+            major, minor, SSH_VERSION,
+            *options.version_addendum == '\0' ? "" : " ",
+            options.version_addendum, newline);
        /* Send our protocol version identification. */
        if (roaming_atomicio(vwrite, sock_out, server_version_string,
@@ -637,7 +639,7 @@ privsep_preauth(Authctxt *authctxt)
        /* Store a pointer to the kex for later rekeying */
        pmonitor->m_pkex = &xxx_kex;
-        if (use_privsep == PRIVSEP_SANDBOX)
+        if (use_privsep == PRIVSEP_ON)
                box = ssh_sandbox_init();
        pid = fork();
        if (pid == -1) {
@@ -645,9 +647,9 @@ privsep_preauth(Authctxt *authctxt)
        } else if (pid != 0) {
                debug2("Network child is on pid %ld", (long)pid);
+                pmonitor->m_pid = pid;
                if (box != NULL)
                        ssh_sandbox_parent_preauth(box, pid);
-                pmonitor->m_pid = pid;
                monitor_child_preauth(authctxt, pmonitor);
                /* Sync memory */
@@ -1178,7 +1180,10 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                        if (*newsock < 0) {
                                if (errno != EINTR && errno != EAGAIN &&
                                    errno != EWOULDBLOCK)
-                                        error("accept: %.100s", strerror(errno));
+                                        error("accept: %.100s",
+                                            strerror(errno));
+                                if (errno == EMFILE || errno == ENFILE)
+                                        usleep(100 * 1000);
                                continue;
                        }
                        if (unset_nonblock(*newsock) == -1) {
@@ -1324,14 +1329,14 @@ main(int ac, char **av)
        int opt, i, j, on = 1;
        int sock_in = -1, sock_out = -1, newsock = -1;
        const char *remote_ip;
-        char *test_user = NULL, *test_host = NULL, *test_addr = NULL;
        int remote_port;
-        char *line, *p, *cp;
+        char *line;
        int config_s[2] = { -1 , -1 };
        u_int64_t ibytes, obytes;
        mode_t new_umask;
        Key *key;
        Authctxt *authctxt;
+        struct connection_info *connection_info = get_connection_info(0, 0);
 #ifdef HAVE_SECUREWARE
        (void)set_auth_parameters(ac, av);
@@ -1453,20 +1458,9 @@ main(int ac, char **av)
                        test_flag = 2;
                        break;
                case 'C':
-                        cp = optarg;
+                        if (parse_server_match_testspec(connection_info,
-                        while ((p = strsep(&cp, ",")) && *p != '\0') {
+                            optarg) == -1)
-                                if (strncmp(p, "addr=", 5) == 0)
+                                exit(1);
-                                        test_addr = xstrdup(p + 5);
-                                else if (strncmp(p, "host=", 5) == 0)
-                                        test_host = xstrdup(p + 5);
-                                else if (strncmp(p, "user=", 5) == 0)
-                                        test_user = xstrdup(p + 5);
-                                else {
-                                        fprintf(stderr, "Invalid test "
-                                            "mode specification %s\n", p);
-                                        exit(1);
-                                }
-                        }
                        break;
                case 'u':
                        utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
@@ -1478,7 +1472,7 @@ main(int ac, char **av)
                case 'o':
                        line = xstrdup(optarg);
                        if (process_server_config_line(&options, line,
-                            "command-line", 0, NULL, NULL, NULL, NULL) != 0)
+                            "command-line", 0, NULL, NULL) != 0)
                                exit(1);
                        xfree(line);
                        break;
@@ -1534,13 +1528,10 @@ main(int ac, char **av)
         * the parameters we need.  If we're not doing an extended test,
         * do not silently ignore connection test params.
         */
-        if (test_flag >= 2 &&
+        if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0)
-           (test_user != NULL || test_host != NULL || test_addr != NULL)
-            && (test_user == NULL || test_host == NULL || test_addr == NULL))
                fatal("user, host and addr are all required when testing "
                   "Match configs");
-        if (test_flag < 2 && (test_user != NULL || test_host != NULL ||
+        if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0)
-            test_addr != NULL))
                fatal("Config test connection parameter (-C) provided without "
                   "test mode (-T)");
@@ -1552,7 +1543,7 @@ main(int ac, char **av)
                load_server_config(config_file_name, &cfg);
        parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
-            &cfg, NULL, NULL, NULL);
+            &cfg, NULL);
        seed_rng();
@@ -1717,9 +1708,8 @@ main(int ac, char **av)
        }
        if (test_flag > 1) {
-                if (test_user != NULL && test_addr != NULL && test_host != NULL)
+                if (server_match_spec_complete(connection_info) == 1)
-                        parse_server_match_config(&options, test_user,
+                        parse_server_match_config(&options, connection_info);
-                            test_host, test_addr);
                dump_config(&options);
        }

diff --git a/sshd.c b/sshd.c index 9d21b30f3..6b2f59220 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */	1	/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -423,9 +423,11 @@ sshd_exchange_identification(int sock_in, int sock_out)
423	major = PROTOCOL_MAJOR_1;	423	major = PROTOCOL_MAJOR_1;
424	minor = PROTOCOL_MINOR_1;	424	minor = PROTOCOL_MINOR_1;
425	}	425	}
426	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,	426
427	SSH_VERSION, newline);	427	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
428	server_version_string = xstrdup(buf);	428	major, minor, SSH_VERSION,
		429	*options.version_addendum == '\0' ? "" : " ",
		430	options.version_addendum, newline);
429		431
430	/* Send our protocol version identification. */	432	/* Send our protocol version identification. */
431	if (roaming_atomicio(vwrite, sock_out, server_version_string,	433	if (roaming_atomicio(vwrite, sock_out, server_version_string,
@@ -637,7 +639,7 @@ privsep_preauth(Authctxt *authctxt)
637	/* Store a pointer to the kex for later rekeying */	639	/* Store a pointer to the kex for later rekeying */
638	pmonitor->m_pkex = &xxx_kex;	640	pmonitor->m_pkex = &xxx_kex;
639		641
640	if (use_privsep == PRIVSEP_SANDBOX)	642	if (use_privsep == PRIVSEP_ON)
641	box = ssh_sandbox_init();	643	box = ssh_sandbox_init();
642	pid = fork();	644	pid = fork();
643	if (pid == -1) {	645	if (pid == -1) {
@@ -645,9 +647,9 @@ privsep_preauth(Authctxt *authctxt)
645	} else if (pid != 0) {	647	} else if (pid != 0) {
646	debug2("Network child is on pid %ld", (long)pid);	648	debug2("Network child is on pid %ld", (long)pid);
647		649
		650	pmonitor->m_pid = pid;
648	if (box != NULL)	651	if (box != NULL)
649	ssh_sandbox_parent_preauth(box, pid);	652	ssh_sandbox_parent_preauth(box, pid);
650	pmonitor->m_pid = pid;
651	monitor_child_preauth(authctxt, pmonitor);	653	monitor_child_preauth(authctxt, pmonitor);
652		654
653	/* Sync memory */	655	/* Sync memory */
@@ -1178,7 +1180,10 @@ server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
1178	if (*newsock < 0) {	1180	if (*newsock < 0) {
1179	if (errno != EINTR && errno != EAGAIN &&	1181	if (errno != EINTR && errno != EAGAIN &&
1180	errno != EWOULDBLOCK)	1182	errno != EWOULDBLOCK)
1181	error("accept: %.100s", strerror(errno));	1183	error("accept: %.100s",
		1184	strerror(errno));
		1185	if (errno == EMFILE \|\| errno == ENFILE)
		1186	usleep(100 * 1000);
1182	continue;	1187	continue;
1183	}	1188	}
1184	if (unset_nonblock(*newsock) == -1) {	1189	if (unset_nonblock(*newsock) == -1) {
@@ -1324,14 +1329,14 @@ main(int ac, char **av)
1324	int opt, i, j, on = 1;	1329	int opt, i, j, on = 1;
1325	int sock_in = -1, sock_out = -1, newsock = -1;	1330	int sock_in = -1, sock_out = -1, newsock = -1;
1326	const char *remote_ip;	1331	const char *remote_ip;
1327	char test_user = NULL, test_host = NULL, *test_addr = NULL;
1328	int remote_port;	1332	int remote_port;
1329	char line, p, *cp;	1333	char *line;
1330	int config_s[2] = { -1 , -1 };	1334	int config_s[2] = { -1 , -1 };
1331	u_int64_t ibytes, obytes;	1335	u_int64_t ibytes, obytes;
1332	mode_t new_umask;	1336	mode_t new_umask;
1333	Key *key;	1337	Key *key;
1334	Authctxt *authctxt;	1338	Authctxt *authctxt;
		1339	struct connection_info *connection_info = get_connection_info(0, 0);
1335		1340
1336	#ifdef HAVE_SECUREWARE	1341	#ifdef HAVE_SECUREWARE
1337	(void)set_auth_parameters(ac, av);	1342	(void)set_auth_parameters(ac, av);
@@ -1453,20 +1458,9 @@ main(int ac, char **av)
1453	test_flag = 2;	1458	test_flag = 2;
1454	break;	1459	break;
1455	case 'C':	1460	case 'C':
1456	cp = optarg;	1461	if (parse_server_match_testspec(connection_info,
1457	while ((p = strsep(&cp, ",")) && *p != '\0') {	1462	optarg) == -1)
1458	if (strncmp(p, "addr=", 5) == 0)	1463	exit(1);
1459	test_addr = xstrdup(p + 5);
1460	else if (strncmp(p, "host=", 5) == 0)
1461	test_host = xstrdup(p + 5);
1462	else if (strncmp(p, "user=", 5) == 0)
1463	test_user = xstrdup(p + 5);
1464	else {
1465	fprintf(stderr, "Invalid test "
1466	"mode specification %s\n", p);
1467	exit(1);
1468	}
1469	}
1470	break;	1464	break;
1471	case 'u':	1465	case 'u':
1472	utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);	1466	utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
@@ -1478,7 +1472,7 @@ main(int ac, char **av)
1478	case 'o':	1472	case 'o':
1479	line = xstrdup(optarg);	1473	line = xstrdup(optarg);
1480	if (process_server_config_line(&options, line,	1474	if (process_server_config_line(&options, line,
1481	"command-line", 0, NULL, NULL, NULL, NULL) != 0)	1475	"command-line", 0, NULL, NULL) != 0)
1482	exit(1);	1476	exit(1);
1483	xfree(line);	1477	xfree(line);
1484	break;	1478	break;
@@ -1534,13 +1528,10 @@ main(int ac, char **av)
1534	* the parameters we need. If we're not doing an extended test,	1528	* the parameters we need. If we're not doing an extended test,
1535	* do not silently ignore connection test params.	1529	* do not silently ignore connection test params.
1536	*/	1530	*/
1537	if (test_flag >= 2 &&	1531	if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0)
1538	(test_user != NULL \|\| test_host != NULL \|\| test_addr != NULL)
1539	&& (test_user == NULL \|\| test_host == NULL \|\| test_addr == NULL))
1540	fatal("user, host and addr are all required when testing "	1532	fatal("user, host and addr are all required when testing "
1541	"Match configs");	1533	"Match configs");
1542	if (test_flag < 2 && (test_user != NULL \|\| test_host != NULL \|\|	1534	if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0)
1543	test_addr != NULL))
1544	fatal("Config test connection parameter (-C) provided without "	1535	fatal("Config test connection parameter (-C) provided without "
1545	"test mode (-T)");	1536	"test mode (-T)");
1546		1537
@@ -1552,7 +1543,7 @@ main(int ac, char **av)
1552	load_server_config(config_file_name, &cfg);	1543	load_server_config(config_file_name, &cfg);
1553		1544
1554	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,	1545	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
1555	&cfg, NULL, NULL, NULL);	1546	&cfg, NULL);
1556		1547
1557	seed_rng();	1548	seed_rng();
1558		1549
@@ -1717,9 +1708,8 @@ main(int ac, char **av)
1717	}	1708	}
1718		1709
1719	if (test_flag > 1) {	1710	if (test_flag > 1) {
1720	if (test_user != NULL && test_addr != NULL && test_host != NULL)	1711	if (server_match_spec_complete(connection_info) == 1)
1721	parse_server_match_config(&options, test_user,	1712	parse_server_match_config(&options, connection_info);
1722	test_host, test_addr);
1723	dump_config(&options);	1713	dump_config(&options);
1724	}	1714	}
1725		1715