diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 58 |
1 files changed, 24 insertions, 34 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -423,10 +423,12 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
423 | major = PROTOCOL_MAJOR_1; | 423 | major = PROTOCOL_MAJOR_1; |
424 | minor = PROTOCOL_MINOR_1; | 424 | minor = PROTOCOL_MINOR_1; |
425 | } | 425 | } |
426 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 426 | |
427 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | ||
428 | major, minor, | ||
427 | options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, | 429 | options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, |
428 | newline); | 430 | *options.version_addendum == '\0' ? "" : " ", |
429 | server_version_string = xstrdup(buf); | 431 | options.version_addendum, newline); |
430 | 432 | ||
431 | /* Send our protocol version identification. */ | 433 | /* Send our protocol version identification. */ |
432 | if (roaming_atomicio(vwrite, sock_out, server_version_string, | 434 | if (roaming_atomicio(vwrite, sock_out, server_version_string, |
@@ -631,14 +633,14 @@ privsep_preauth(Authctxt *authctxt) | |||
631 | { | 633 | { |
632 | int status; | 634 | int status; |
633 | pid_t pid; | 635 | pid_t pid; |
634 | void *box = NULL; | 636 | struct ssh_sandbox *box = NULL; |
635 | 637 | ||
636 | /* Set up unprivileged child process to deal with network data */ | 638 | /* Set up unprivileged child process to deal with network data */ |
637 | pmonitor = monitor_init(); | 639 | pmonitor = monitor_init(); |
638 | /* Store a pointer to the kex for later rekeying */ | 640 | /* Store a pointer to the kex for later rekeying */ |
639 | pmonitor->m_pkex = &xxx_kex; | 641 | pmonitor->m_pkex = &xxx_kex; |
640 | 642 | ||
641 | if (use_privsep == PRIVSEP_SANDBOX) | 643 | if (use_privsep == PRIVSEP_ON) |
642 | box = ssh_sandbox_init(); | 644 | box = ssh_sandbox_init(); |
643 | pid = fork(); | 645 | pid = fork(); |
644 | if (pid == -1) { | 646 | if (pid == -1) { |
@@ -646,9 +648,9 @@ privsep_preauth(Authctxt *authctxt) | |||
646 | } else if (pid != 0) { | 648 | } else if (pid != 0) { |
647 | debug2("Network child is on pid %ld", (long)pid); | 649 | debug2("Network child is on pid %ld", (long)pid); |
648 | 650 | ||
651 | pmonitor->m_pid = pid; | ||
649 | if (box != NULL) | 652 | if (box != NULL) |
650 | ssh_sandbox_parent_preauth(box, pid); | 653 | ssh_sandbox_parent_preauth(box, pid); |
651 | pmonitor->m_pid = pid; | ||
652 | monitor_child_preauth(authctxt, pmonitor); | 654 | monitor_child_preauth(authctxt, pmonitor); |
653 | 655 | ||
654 | /* Sync memory */ | 656 | /* Sync memory */ |
@@ -1179,7 +1181,10 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1179 | if (*newsock < 0) { | 1181 | if (*newsock < 0) { |
1180 | if (errno != EINTR && errno != EAGAIN && | 1182 | if (errno != EINTR && errno != EAGAIN && |
1181 | errno != EWOULDBLOCK) | 1183 | errno != EWOULDBLOCK) |
1182 | error("accept: %.100s", strerror(errno)); | 1184 | error("accept: %.100s", |
1185 | strerror(errno)); | ||
1186 | if (errno == EMFILE || errno == ENFILE) | ||
1187 | usleep(100 * 1000); | ||
1183 | continue; | 1188 | continue; |
1184 | } | 1189 | } |
1185 | if (unset_nonblock(*newsock) == -1) { | 1190 | if (unset_nonblock(*newsock) == -1) { |
@@ -1325,14 +1330,14 @@ main(int ac, char **av) | |||
1325 | int opt, i, j, on = 1; | 1330 | int opt, i, j, on = 1; |
1326 | int sock_in = -1, sock_out = -1, newsock = -1; | 1331 | int sock_in = -1, sock_out = -1, newsock = -1; |
1327 | const char *remote_ip; | 1332 | const char *remote_ip; |
1328 | char *test_user = NULL, *test_host = NULL, *test_addr = NULL; | ||
1329 | int remote_port; | 1333 | int remote_port; |
1330 | char *line, *p, *cp; | 1334 | char *line; |
1331 | int config_s[2] = { -1 , -1 }; | 1335 | int config_s[2] = { -1 , -1 }; |
1332 | u_int64_t ibytes, obytes; | 1336 | u_int64_t ibytes, obytes; |
1333 | mode_t new_umask; | 1337 | mode_t new_umask; |
1334 | Key *key; | 1338 | Key *key; |
1335 | Authctxt *authctxt; | 1339 | Authctxt *authctxt; |
1340 | struct connection_info *connection_info = get_connection_info(0, 0); | ||
1336 | 1341 | ||
1337 | #ifdef HAVE_SECUREWARE | 1342 | #ifdef HAVE_SECUREWARE |
1338 | (void)set_auth_parameters(ac, av); | 1343 | (void)set_auth_parameters(ac, av); |
@@ -1454,20 +1459,9 @@ main(int ac, char **av) | |||
1454 | test_flag = 2; | 1459 | test_flag = 2; |
1455 | break; | 1460 | break; |
1456 | case 'C': | 1461 | case 'C': |
1457 | cp = optarg; | 1462 | if (parse_server_match_testspec(connection_info, |
1458 | while ((p = strsep(&cp, ",")) && *p != '\0') { | 1463 | optarg) == -1) |
1459 | if (strncmp(p, "addr=", 5) == 0) | 1464 | exit(1); |
1460 | test_addr = xstrdup(p + 5); | ||
1461 | else if (strncmp(p, "host=", 5) == 0) | ||
1462 | test_host = xstrdup(p + 5); | ||
1463 | else if (strncmp(p, "user=", 5) == 0) | ||
1464 | test_user = xstrdup(p + 5); | ||
1465 | else { | ||
1466 | fprintf(stderr, "Invalid test " | ||
1467 | "mode specification %s\n", p); | ||
1468 | exit(1); | ||
1469 | } | ||
1470 | } | ||
1471 | break; | 1465 | break; |
1472 | case 'u': | 1466 | case 'u': |
1473 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); | 1467 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); |
@@ -1479,7 +1473,7 @@ main(int ac, char **av) | |||
1479 | case 'o': | 1473 | case 'o': |
1480 | line = xstrdup(optarg); | 1474 | line = xstrdup(optarg); |
1481 | if (process_server_config_line(&options, line, | 1475 | if (process_server_config_line(&options, line, |
1482 | "command-line", 0, NULL, NULL, NULL, NULL) != 0) | 1476 | "command-line", 0, NULL, NULL) != 0) |
1483 | exit(1); | 1477 | exit(1); |
1484 | xfree(line); | 1478 | xfree(line); |
1485 | break; | 1479 | break; |
@@ -1535,13 +1529,10 @@ main(int ac, char **av) | |||
1535 | * the parameters we need. If we're not doing an extended test, | 1529 | * the parameters we need. If we're not doing an extended test, |
1536 | * do not silently ignore connection test params. | 1530 | * do not silently ignore connection test params. |
1537 | */ | 1531 | */ |
1538 | if (test_flag >= 2 && | 1532 | if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0) |
1539 | (test_user != NULL || test_host != NULL || test_addr != NULL) | ||
1540 | && (test_user == NULL || test_host == NULL || test_addr == NULL)) | ||
1541 | fatal("user, host and addr are all required when testing " | 1533 | fatal("user, host and addr are all required when testing " |
1542 | "Match configs"); | 1534 | "Match configs"); |
1543 | if (test_flag < 2 && (test_user != NULL || test_host != NULL || | 1535 | if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0) |
1544 | test_addr != NULL)) | ||
1545 | fatal("Config test connection parameter (-C) provided without " | 1536 | fatal("Config test connection parameter (-C) provided without " |
1546 | "test mode (-T)"); | 1537 | "test mode (-T)"); |
1547 | 1538 | ||
@@ -1553,7 +1544,7 @@ main(int ac, char **av) | |||
1553 | load_server_config(config_file_name, &cfg); | 1544 | load_server_config(config_file_name, &cfg); |
1554 | 1545 | ||
1555 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, | 1546 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, |
1556 | &cfg, NULL, NULL, NULL); | 1547 | &cfg, NULL); |
1557 | 1548 | ||
1558 | seed_rng(); | 1549 | seed_rng(); |
1559 | 1550 | ||
@@ -1723,9 +1714,8 @@ main(int ac, char **av) | |||
1723 | } | 1714 | } |
1724 | 1715 | ||
1725 | if (test_flag > 1) { | 1716 | if (test_flag > 1) { |
1726 | if (test_user != NULL && test_addr != NULL && test_host != NULL) | 1717 | if (server_match_spec_complete(connection_info) == 1) |
1727 | parse_server_match_config(&options, test_user, | 1718 | parse_server_match_config(&options, connection_info); |
1728 | test_host, test_addr); | ||
1729 | dump_config(&options); | 1719 | dump_config(&options); |
1730 | } | 1720 | } |
1731 | 1721 | ||