1 files changed, 39 insertions, 19 deletions
diff --git a/sshd.c b/sshd.c
index da0b26587..1eac32797 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -637,16 +637,8 @@ privsep_postauth(Authctxt *authctxt)
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
 #endif
                /* File descriptor passing is broken or root login */
-                monitor_apply_keystate(pmonitor);
                use_privsep = 0;
-                return;
+                goto skip;
-        }
-        /* Authentication complete */
-        alarm(0);
-        if (startup_pipe != -1) {
-                close(startup_pipe);
-                startup_pipe = -1;
        }
        /* New socket pair */
@@ -673,6 +665,7 @@ privsep_postauth(Authctxt *authctxt)
        /* Drop privileges */
        do_setusercontext(authctxt->pw);
+ skip:
        /* It is safe now to apply the key state */
        monitor_apply_keystate(pmonitor);
@@ -804,6 +797,7 @@ send_rexec_state(int fd, Buffer *conf)
         *      bignum  iqmp                    "
         *      bignum  p                       "
         *      bignum  q                       "
+         *      string rngseed          (only if OpenSSL is not self-seeded)
         */
        buffer_init(&m);
        buffer_put_cstring(&m, buffer_ptr(conf));
@@ -820,6 +814,10 @@ send_rexec_state(int fd, Buffer *conf)
        } else
                buffer_put_int(&m, 0);
+#ifndef OPENSSL_PRNG_ONLY
+        rexec_send_rng_seed(&m);
+#endif
        if (ssh_msg_send(fd, 0, &m) == -1)
                fatal("%s: ssh_msg_send failed", __func__);
@@ -862,6 +860,11 @@ recv_rexec_state(int fd, Buffer *conf)
                rsa_generate_additional_parameters(
                    sensitive_data.server_key->rsa);
        }
+#ifndef OPENSSL_PRNG_ONLY
+        rexec_recv_rng_seed(&m);
+#endif
        buffer_free(&m);
        debug3("%s: done", __func__);
@@ -918,6 +921,9 @@ main(int ac, char **av)
        if (geteuid() == 0 && setgroups(0, NULL) == -1)
                debug("setgroups(): %.200s", strerror(errno));
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);
@@ -1055,8 +1061,6 @@ main(int ac, char **av)
        drop_cray_privs();
 #endif
-        seed_rng();
        sensitive_data.server_key = NULL;
        sensitive_data.ssh1_host_key = NULL;
        sensitive_data.have_ssh1_key = 0;
@@ -1075,6 +1079,8 @@ main(int ac, char **av)
        if (!rexec_flag)
                buffer_free(&cfg);
+        seed_rng();
        /* Fill in default values for those options not explicitly set. */
        fill_default_server_options(&options);
@@ -1645,7 +1651,12 @@ main(int ac, char **av)
                debug("get_remote_port failed");
                cleanup_exit(255);
        }
-        remote_ip = get_remote_ipaddr();
+        /*
+         * We use get_canonical_hostname with usedns = 0 instead of
+         * get_remote_ipaddr here so IP options will be checked.
+         */
+        remote_ip = get_canonical_hostname(0);
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
@@ -1699,8 +1710,7 @@ main(int ac, char **av)
                        error("SessionGetInfo() failed with error %.8X",
                            (unsigned) err);
                else
-                        debug("Current Session ID is %.8X / Session Attributes a
+                        debug("Current Session ID is %.8X / Session Attributes are %.8X",
-re %.8X",
                            (unsigned) sid, (unsigned) sattrs);
                if (inetd_flag && !(sattrs & sessionIsRoot))
@@ -1719,18 +1729,17 @@ re %.8X",
                                error("SessionGetInfo() failed with error %.8X",
                                    (unsigned) err);
                        else
-                                debug("New Session ID is %.8X / Session Attribut
+                                debug("New Session ID is %.8X / Session Attributes are %.8X",
-es are %.8X",
                                    (unsigned) sid, (unsigned) sattrs);
                }
        }
 #endif
        /*
-         * We don\'t want to listen forever unless the other side
+         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
         * cleared after successful authentication.  A limit of zero
-         * indicates no limit. Note that we don\'t set the alarm in debugging
+         * indicates no limit. Note that we don't set the alarm in debugging
         * mode; it is just annoying to have the server exit just when you
         * are about to discover the bug.
         */
@@ -1777,6 +1786,17 @@ es are %.8X",
        }
 authenticated:
+        /*
+         * Cancel the alarm we set to limit the time taken for
+         * authentication.
+         */
+        alarm(0);
+        signal(SIGALRM, SIG_DFL);
+        if (startup_pipe != -1) {
+                close(startup_pipe);
+                startup_pipe = -1;
+        }
 #ifdef SSH_AUDIT_EVENTS
        audit_event(SSH_AUTH_SUCCESS);
 #endif

diff --git a/sshd.c b/sshd.c index da0b26587..1eac32797 100644 --- a/sshd.c +++ b/sshd.c
@@ -42,7 +42,7 @@
42	*/	42	*/
43		43
44	#include "includes.h"	44	#include "includes.h"
45	RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");	45	RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
46		46
47	#include <openssl/dh.h>	47	#include <openssl/dh.h>
48	#include <openssl/bn.h>	48	#include <openssl/bn.h>
@@ -637,16 +637,8 @@ privsep_postauth(Authctxt *authctxt)
637	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {	637	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {
638	#endif	638	#endif
639	/* File descriptor passing is broken or root login */	639	/* File descriptor passing is broken or root login */
640	monitor_apply_keystate(pmonitor);
641	use_privsep = 0;	640	use_privsep = 0;
642	return;	641	goto skip;
643	}
644
645	/* Authentication complete */
646	alarm(0);
647	if (startup_pipe != -1) {
648	close(startup_pipe);
649	startup_pipe = -1;
650	}	642	}
651		643
652	/* New socket pair */	644	/* New socket pair */
@@ -673,6 +665,7 @@ privsep_postauth(Authctxt *authctxt)
673	/* Drop privileges */	665	/* Drop privileges */
674	do_setusercontext(authctxt->pw);	666	do_setusercontext(authctxt->pw);
675		667
		668	skip:
676	/* It is safe now to apply the key state */	669	/* It is safe now to apply the key state */
677	monitor_apply_keystate(pmonitor);	670	monitor_apply_keystate(pmonitor);
678		671
@@ -804,6 +797,7 @@ send_rexec_state(int fd, Buffer *conf)
804	* bignum iqmp "	797	* bignum iqmp "
805	* bignum p "	798	* bignum p "
806	* bignum q "	799	* bignum q "
		800	* string rngseed (only if OpenSSL is not self-seeded)
807	*/	801	*/
808	buffer_init(&m);	802	buffer_init(&m);
809	buffer_put_cstring(&m, buffer_ptr(conf));	803	buffer_put_cstring(&m, buffer_ptr(conf));
@@ -820,6 +814,10 @@ send_rexec_state(int fd, Buffer *conf)
820	} else	814	} else
821	buffer_put_int(&m, 0);	815	buffer_put_int(&m, 0);
822		816
		817	#ifndef OPENSSL_PRNG_ONLY
		818	rexec_send_rng_seed(&m);
		819	#endif
		820
823	if (ssh_msg_send(fd, 0, &m) == -1)	821	if (ssh_msg_send(fd, 0, &m) == -1)
824	fatal("%s: ssh_msg_send failed", __func__);	822	fatal("%s: ssh_msg_send failed", __func__);
825		823
@@ -862,6 +860,11 @@ recv_rexec_state(int fd, Buffer *conf)
862	rsa_generate_additional_parameters(	860	rsa_generate_additional_parameters(
863	sensitive_data.server_key->rsa);	861	sensitive_data.server_key->rsa);
864	}	862	}
		863
		864	#ifndef OPENSSL_PRNG_ONLY
		865	rexec_recv_rng_seed(&m);
		866	#endif
		867
865	buffer_free(&m);	868	buffer_free(&m);
866		869
867	debug3("%s: done", __func__);	870	debug3("%s: done", __func__);
@@ -918,6 +921,9 @@ main(int ac, char **av)
918	if (geteuid() == 0 && setgroups(0, NULL) == -1)	921	if (geteuid() == 0 && setgroups(0, NULL) == -1)
919	debug("setgroups(): %.200s", strerror(errno));	922	debug("setgroups(): %.200s", strerror(errno));
920		923
		924	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
		925	sanitise_stdfd();
		926
921	/* Initialize configuration options to their default values. */	927	/* Initialize configuration options to their default values. */
922	initialize_server_options(&options);	928	initialize_server_options(&options);
923		929
@@ -1055,8 +1061,6 @@ main(int ac, char **av)
1055	drop_cray_privs();	1061	drop_cray_privs();
1056	#endif	1062	#endif
1057		1063
1058	seed_rng();
1059
1060	sensitive_data.server_key = NULL;	1064	sensitive_data.server_key = NULL;
1061	sensitive_data.ssh1_host_key = NULL;	1065	sensitive_data.ssh1_host_key = NULL;
1062	sensitive_data.have_ssh1_key = 0;	1066	sensitive_data.have_ssh1_key = 0;
@@ -1075,6 +1079,8 @@ main(int ac, char **av)
1075	if (!rexec_flag)	1079	if (!rexec_flag)
1076	buffer_free(&cfg);	1080	buffer_free(&cfg);
1077		1081
		1082	seed_rng();
		1083
1078	/* Fill in default values for those options not explicitly set. */	1084	/* Fill in default values for those options not explicitly set. */
1079	fill_default_server_options(&options);	1085	fill_default_server_options(&options);
1080		1086
@@ -1645,7 +1651,12 @@ main(int ac, char **av)
1645	debug("get_remote_port failed");	1651	debug("get_remote_port failed");
1646	cleanup_exit(255);	1652	cleanup_exit(255);
1647	}	1653	}
1648	remote_ip = get_remote_ipaddr();	1654
		1655	/*
		1656	* We use get_canonical_hostname with usedns = 0 instead of
		1657	* get_remote_ipaddr here so IP options will be checked.
		1658	*/
		1659	remote_ip = get_canonical_hostname(0);
1649		1660
1650	#ifdef SSH_AUDIT_EVENTS	1661	#ifdef SSH_AUDIT_EVENTS
1651	audit_connection_from(remote_ip, remote_port);	1662	audit_connection_from(remote_ip, remote_port);
@@ -1699,8 +1710,7 @@ main(int ac, char **av)
1699	error("SessionGetInfo() failed with error %.8X",	1710	error("SessionGetInfo() failed with error %.8X",
1700	(unsigned) err);	1711	(unsigned) err);
1701	else	1712	else
1702	debug("Current Session ID is %.8X / Session Attributes a	1713	debug("Current Session ID is %.8X / Session Attributes are %.8X",
1703	re %.8X",
1704	(unsigned) sid, (unsigned) sattrs);	1714	(unsigned) sid, (unsigned) sattrs);
1705		1715
1706	if (inetd_flag && !(sattrs & sessionIsRoot))	1716	if (inetd_flag && !(sattrs & sessionIsRoot))
@@ -1719,18 +1729,17 @@ re %.8X",
1719	error("SessionGetInfo() failed with error %.8X",	1729	error("SessionGetInfo() failed with error %.8X",
1720	(unsigned) err);	1730	(unsigned) err);
1721	else	1731	else
1722	debug("New Session ID is %.8X / Session Attribut	1732	debug("New Session ID is %.8X / Session Attributes are %.8X",
1723	es are %.8X",
1724	(unsigned) sid, (unsigned) sattrs);	1733	(unsigned) sid, (unsigned) sattrs);
1725	}	1734	}
1726	}	1735	}
1727	#endif	1736	#endif
1728		1737
1729	/*	1738	/*
1730	* We don\'t want to listen forever unless the other side	1739	* We don't want to listen forever unless the other side
1731	* successfully authenticates itself. So we set up an alarm which is	1740	* successfully authenticates itself. So we set up an alarm which is
1732	* cleared after successful authentication. A limit of zero	1741	* cleared after successful authentication. A limit of zero
1733	* indicates no limit. Note that we don\'t set the alarm in debugging	1742	* indicates no limit. Note that we don't set the alarm in debugging
1734	* mode; it is just annoying to have the server exit just when you	1743	* mode; it is just annoying to have the server exit just when you
1735	* are about to discover the bug.	1744	* are about to discover the bug.
1736	*/	1745	*/
@@ -1777,6 +1786,17 @@ es are %.8X",
1777	}	1786	}
1778		1787
1779	authenticated:	1788	authenticated:
		1789	/*
		1790	* Cancel the alarm we set to limit the time taken for
		1791	* authentication.
		1792	*/
		1793	alarm(0);
		1794	signal(SIGALRM, SIG_DFL);
		1795	if (startup_pipe != -1) {
		1796	close(startup_pipe);
		1797	startup_pipe = -1;
		1798	}
		1799
1780	#ifdef SSH_AUDIT_EVENTS	1800	#ifdef SSH_AUDIT_EVENTS
1781	audit_event(SSH_AUTH_SUCCESS);	1801	audit_event(SSH_AUTH_SUCCESS);
1782	#endif	1802	#endif