From c6f8219e0d4ee1f64fb7b4da88523c951a03c68a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 27 Sep 2005 22:46:32 +1000 Subject: - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed process when sshd relies on ssh-random-helper. Should result in faster logins on systems without a real random device or prngd. ok djm@ --- sshd.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'sshd.c') diff --git a/sshd.c b/sshd.c index 92aa9bbd2..e9125a229 100644 --- a/sshd.c +++ b/sshd.c @@ -800,6 +800,7 @@ send_rexec_state(int fd, Buffer *conf) * bignum iqmp " * bignum p " * bignum q " + * string rngseed (only if OpenSSL is not self-seeded) */ buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); @@ -816,6 +817,10 @@ send_rexec_state(int fd, Buffer *conf) } else buffer_put_int(&m, 0); +#ifndef OPENSSL_PRNG_ONLY + rexec_send_rng_seed(&m); +#endif + if (ssh_msg_send(fd, 0, &m) == -1) fatal("%s: ssh_msg_send failed", __func__); @@ -858,6 +863,11 @@ recv_rexec_state(int fd, Buffer *conf) rsa_generate_additional_parameters( sensitive_data.server_key->rsa); } + +#ifndef OPENSSL_PRNG_ONLY + rexec_recv_rng_seed(&m); +#endif + buffer_free(&m); debug3("%s: done", __func__); @@ -1051,8 +1061,6 @@ main(int ac, char **av) drop_cray_privs(); #endif - seed_rng(); - sensitive_data.server_key = NULL; sensitive_data.ssh1_host_key = NULL; sensitive_data.have_ssh1_key = 0; @@ -1071,6 +1079,8 @@ main(int ac, char **av) if (!rexec_flag) buffer_free(&cfg); + seed_rng(); + /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); -- cgit v1.2.3 From ce321d8a30a81222d11a4c27fd353804a9afecd3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:11:24 +1000 Subject: - djm@cvs.openbsd.org 2005/09/13 23:40:07 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@ --- ChangeLog | 6 +++++- misc.c | 22 +++++++++++++++++++++- misc.h | 3 ++- scp.c | 5 ++++- sftp-server.c | 6 +++++- sftp.c | 5 ++++- ssh-add.c | 5 ++++- ssh-agent.c | 5 ++++- ssh-keygen.c | 5 ++++- ssh-keyscan.c | 5 ++++- ssh-keysign.c | 9 ++++++++- ssh.c | 5 ++++- sshd.c | 5 ++++- 13 files changed, 73 insertions(+), 13 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 29a5d7b7a..c8b2f3f86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - markus@cvs.openbsd.org 2005/09/09 19:18:05 [clientloop.c] typo; from mark at mcs.vuw.ac.nz, bug #1082 + - djm@cvs.openbsd.org 2005/09/13 23:40:07 + [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c + scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] + ensure that stdio fds are attached; ok deraadt@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3046,4 +3050,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3903 2005/10/03 08:05:26 dtucker Exp $ +$Id: ChangeLog,v 1.3904 2005/10/03 08:11:24 dtucker Exp $ diff --git a/misc.c b/misc.c index 2dd8ae6e3..27b947f0c 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $"); +RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $"); #include "misc.h" #include "log.h" @@ -507,6 +507,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, return -1; } +void +sanitise_stdfd(void) +{ + int nullfd; + + if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); + exit(1); + } + while (nullfd < 2) { + if (dup2(nullfd, nullfd + 1) == -1) { + fprintf(stderr, "dup2: %s", strerror(errno)); + exit(1); + } + nullfd++; + } + if (nullfd > 2) + close(nullfd); +} + char * tohex(const u_char *d, u_int l) { diff --git a/misc.h b/misc.h index 2d630feb5..51541336c 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $ */ /* * Author: Tatu Ylonen @@ -27,6 +27,7 @@ long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((__sentinel__)); char *tohex(const u_char *, u_int); +void sanitise_stdfd(void); struct passwd *pwcopy(struct passwd *); diff --git a/scp.c b/scp.c index 1407aa71d..58c00442f 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $"); +RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -222,6 +222,9 @@ main(int argc, char **argv) extern char *optarg; extern int optind; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); args.list = NULL; diff --git a/sftp-server.c b/sftp-server.c index 6870e7732..e7d000cff 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,13 +14,14 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $"); #include "buffer.h" #include "bufaux.h" #include "getput.h" #include "log.h" #include "xmalloc.h" +#include "misc.h" #include "sftp.h" #include "sftp-common.h" @@ -1036,6 +1037,9 @@ main(int ac, char **av) int in, out, max; ssize_t len, olen, set_size; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* XXX should use getopt */ __progname = ssh_get_progname(av[0]); diff --git a/sftp.c b/sftp.c index f98ed7d27..f29927c0f 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -1447,6 +1447,9 @@ main(int argc, char **argv) extern int optind; extern char *optarg; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); args.list = NULL; addargs(&args, "ssh"); /* overwritten with ssh_program */ diff --git a/ssh-add.c b/ssh-add.c index a3428769c..749a76829 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $"); #include @@ -312,6 +312,9 @@ main(int argc, char **argv) char *sc_reader_id = NULL; int i, ch, deleting = 0, ret = 0; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); init_rng(); seed_rng(); diff --git a/ssh-agent.c b/ssh-agent.c index dd7e22ad5..6f0ba130d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -1008,6 +1008,9 @@ main(int ac, char **av) pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* drop */ setegid(getgid()); setgid(getgid()); diff --git a/ssh-keygen.c b/ssh-keygen.c index b17851946..92803da45 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -1018,6 +1018,9 @@ main(int ac, char **av) extern int optind; extern char *optarg; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(av[0]); SSLeay_add_all_algorithms(); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 46f063687..8ac97bd35 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -712,6 +712,9 @@ main(int argc, char **argv) seed_rng(); TAILQ_INIT(&tq); + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + if (argc <= 1) usage(); diff --git a/ssh-keysign.c b/ssh-keysign.c index 04597a91d..dae3a2e8c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -148,6 +148,13 @@ main(int argc, char **argv) u_int slen, dlen; u_int32_t rnd[256]; + /* Ensure that stdin and stdout are connected */ + if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) + exit(1); + /* Leave /dev/null fd iff it is attached to stderr */ + if (fd > 2) + close(fd); + key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); diff --git a/ssh.c b/ssh.c index c9e5aac7a..31d09b1be 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -188,6 +188,9 @@ main(int ac, char **av) struct servent *sp; Forward fwd; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(av[0]); init_rng(); diff --git a/sshd.c b/sshd.c index e9125a229..ceb85dd54 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -924,6 +924,9 @@ main(int ac, char **av) if (geteuid() == 0 && setgroups(0, NULL) == -1) debug("setgroups(): %.200s", strerror(errno)); + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* Initialize configuration options to their default values. */ initialize_server_options(&options); -- cgit v1.2.3 From a2cdbda2de465c9f14984fb988fb1c679f69ea69 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:16:02 +1000 Subject: - djm@cvs.openbsd.org 2005/09/19 11:47:09 [sshd.c] stop connection abort on rekey with delayed compression enabled when post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ --- ChangeLog | 6 +++++- sshd.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 7af3d15f7..7c535eae8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ [ssh_config.5 ssh.1] mention ability to specify bind_address for DynamicForward and -D options; bz#1077 spotted by Haruyama Seigo + - djm@cvs.openbsd.org 2005/09/19 11:47:09 + [sshd.c] + stop connection abort on rekey with delayed compression enabled when + post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3054,4 +3058,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3905 2005/10/03 08:13:42 dtucker Exp $ +$Id: ChangeLog,v 1.3906 2005/10/03 08:16:02 dtucker Exp $ diff --git a/sshd.c b/sshd.c index ceb85dd54..6ef2eee13 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.314 2005/09/19 11:47:09 djm Exp $"); #include #include @@ -633,9 +633,8 @@ privsep_postauth(Authctxt *authctxt) if (authctxt->pw->pw_uid == 0 || options.use_login) { #endif /* File descriptor passing is broken or root login */ - monitor_apply_keystate(pmonitor); use_privsep = 0; - return; + goto out; } /* Authentication complete */ @@ -669,6 +668,7 @@ privsep_postauth(Authctxt *authctxt) /* Drop privileges */ do_setusercontext(authctxt->pw); + out: /* It is safe now to apply the key state */ monitor_apply_keystate(pmonitor); -- cgit v1.2.3 From 45b01426431836396e11263692153a19de4c417b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:20:00 +1000 Subject: - djm@cvs.openbsd.org 2005/09/21 23:37:11 [sshd.c] change label at markus@'s request --- ChangeLog | 5 ++++- sshd.c | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index fdf7c72a6..2028be72e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ - djm@cvs.openbsd.org 2005/09/21 23:36:54 [sshd_config.5] aquire -> acquire, from stevesk@ + - djm@cvs.openbsd.org 2005/09/21 23:37:11 + [sshd.c] + change label at markus@'s request 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3073,4 +3076,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3911 2005/10/03 08:19:06 dtucker Exp $ +$Id: ChangeLog,v 1.3912 2005/10/03 08:20:00 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 6ef2eee13..c4d66e2fc 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.314 2005/09/19 11:47:09 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $"); #include #include @@ -634,7 +634,7 @@ privsep_postauth(Authctxt *authctxt) #endif /* File descriptor passing is broken or root login */ use_privsep = 0; - goto out; + goto skip; } /* Authentication complete */ @@ -668,7 +668,7 @@ privsep_postauth(Authctxt *authctxt) /* Drop privileges */ do_setusercontext(authctxt->pw); - out: + skip: /* It is safe now to apply the key state */ monitor_apply_keystate(pmonitor); -- cgit v1.2.3 From 4d3fd54c91dae68ea2642387196015931ee83200 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:13:24 +1100 Subject: - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 [canohost.c sshd.c] Check for connections with IP options earlier and drop silently. ok djm@ --- ChangeLog | 5 ++++- canohost.c | 6 ++---- sshd.c | 9 +++++++-- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 112f5728f..52660e2be 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,9 @@ - djm@cvs.openbsd.org 2005/10/30 04:03:24 [ssh.c] fix misleading debug message; ok dtucker@ + - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 + [canohost.c sshd.c] + Check for connections with IP options earlier and drop silently. ok djm@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3198,4 +3201,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3942 2005/11/05 04:12:59 djm Exp $ +$Id: ChangeLog,v 1.3943 2005/11/05 04:13:24 djm Exp $ diff --git a/canohost.c b/canohost.c index 0c4d36ff6..66867c10b 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $"); #include "packet.h" #include "xmalloc.h" @@ -158,9 +158,7 @@ check_ip_options(int sock, char *ipaddr) for (i = 0; i < option_size; i++) snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", options[i]); - logit("Connection from %.100s with IP options:%.800s", - ipaddr, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", + fatal("Connection from %.100s with IP options:%.800s", ipaddr, text); } #endif /* IP_OPTIONS */ diff --git a/sshd.c b/sshd.c index c4d66e2fc..4b5f89e2a 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $"); #include #include @@ -1651,7 +1651,12 @@ main(int ac, char **av) debug("get_remote_port failed"); cleanup_exit(255); } - remote_ip = get_remote_ipaddr(); + + /* + * We use get_canonical_hostname with usedns = 0 instead of + * get_remote_ipaddr here so IP options will be checked. + */ + remote_ip = get_canonical_hostname(0); #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); -- cgit v1.2.3 From 788f212aed68781efe7aa80e625c5f8cd4d98100 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:14:59 +1100 Subject: - djm@cvs.openbsd.org 2005/10/30 08:52:18 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] [ssh.c sshconnect.c sshconnect1.c sshd.c] no need to escape single quotes in comments, no binary change --- ChangeLog | 6 +++++- clientloop.c | 4 ++-- packet.c | 4 ++-- serverloop.c | 4 ++-- session.c | 6 +++--- ssh-agent.c | 4 ++-- ssh-keygen.c | 4 ++-- ssh.c | 6 +++--- sshconnect.c | 4 ++-- sshconnect1.c | 8 ++++---- sshd.c | 6 +++--- 11 files changed, 30 insertions(+), 26 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 85a2545cc..9adfbb7b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,6 +71,10 @@ - jmc@cvs.openbsd.org 2005/10/30 08:43:47 [ssh_config.5] remove trailing whitespace; + - djm@cvs.openbsd.org 2005/10/30 08:52:18 + [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] + [ssh.c sshconnect.c sshconnect1.c sshd.c] + no need to escape single quotes in comments, no binary change 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3204,4 +3208,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3944 2005/11/05 04:13:49 djm Exp $ +$Id: ChangeLog,v 1.3945 2005/11/05 04:14:59 djm Exp $ diff --git a/clientloop.c b/clientloop.c index b267fa142..001c8f119 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.144 2005/10/14 02:29:37 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.145 2005/10/30 08:52:17 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -113,7 +113,7 @@ extern char *host; static volatile sig_atomic_t received_window_change_signal = 0; static volatile sig_atomic_t received_signal = 0; -/* Flag indicating whether the user\'s terminal is in non-blocking mode. */ +/* Flag indicating whether the user's terminal is in non-blocking mode. */ static int in_non_blocking_mode = 0; /* Common data for the client loop code. */ diff --git a/packet.c b/packet.c index 70e0110cb..db2aa2411 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.120 2005/10/30 08:52:17 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -572,7 +572,7 @@ packet_send1(void) buffer_clear(&outgoing_packet); /* - * Note that the packet is now only buffered in output. It won\'t be + * Note that the packet is now only buffered in output. It won't be * actually sent until packet_write_wait or packet_write_poll is * called. */ diff --git a/serverloop.c b/serverloop.c index 17608c238..208f7e1e9 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.119 2005/10/10 10:23:08 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.120 2005/10/30 08:52:17 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -548,7 +548,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) * If we have no separate fderr (which is the case when we have a pty * - there we cannot make difference between data sent to stdout and * stderr), indicate that we have seen an EOF from stderr. This way - * we don\'t need to check the descriptor everywhere. + * we don't need to check the descriptor everywhere. */ if (fderr == -1) fderr_eof = 1; diff --git a/session.c b/session.c index 5e6627cb0..7863aa15f 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.187 2005/10/10 10:23:08 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.188 2005/10/30 08:52:17 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1419,7 +1419,7 @@ child_close_fds(void) endpwent(); /* - * Close any extra open file descriptors so that we don\'t have them + * Close any extra open file descriptors so that we don't have them * hanging around in clients. Note that we want to do this after * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. @@ -1554,7 +1554,7 @@ do_child(Session *s, const char *command) } #endif - /* Change current directory to the user\'s home directory. */ + /* Change current directory to the user's home directory. */ if (chdir(pw->pw_dir) < 0) { fprintf(stderr, "Could not chdir to home directory %s: %s\n", pw->pw_dir, strerror(errno)); diff --git a/ssh-agent.c b/ssh-agent.c index 6f0ba130d..a69c25eec 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.124 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -355,7 +355,7 @@ process_remove_identity(SocketEntry *e, int version) if (id != NULL) { /* * We have this key. Free the old key. Since we - * don\'t want to leave empty slots in the middle of + * don't want to leave empty slots in the middle of * the array, we actually free the key there and move * all the entries between the empty slot and the end * of the array. diff --git a/ssh-keygen.c b/ssh-keygen.c index 040813c5a..915d5580b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.131 2005/10/14 02:17:59 stevesk Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.132 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -1274,7 +1274,7 @@ main(int ac, char **av) if (!have_identity) ask_filename(pw, "Enter file in which to save the key"); - /* Create ~/.ssh directory if it doesn\'t already exist. */ + /* Create ~/.ssh directory if it doesn't already exist. */ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL && stat(dotsshdir, &st) < 0) { diff --git a/ssh.c b/ssh.c index 7e8bc1f24..2227755cd 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.253 2005/10/30 04:03:24 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.254 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -698,7 +698,7 @@ again: /* * Now that we are back to our own permissions, create ~/.ssh - * directory if it doesn\'t already exist. + * directory if it doesn't already exist. */ snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (stat(buf, &st) < 0) @@ -810,7 +810,7 @@ static void check_agent_present(void) { if (options.forward_agent) { - /* Clear agent forwarding if we don\'t have an agent. */ + /* Clear agent forwarding if we don't have an agent. */ if (!ssh_agent_present()) options.forward_agent = 0; } diff --git a/sshconnect.c b/sshconnect.c index d8cfd35b3..2245a8af6 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.169 2005/10/15 15:28:12 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.170 2005/10/30 08:52:18 djm Exp $"); #include @@ -603,7 +603,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, file_key = key_new(host_key->type); /* - * Check if the host key is present in the user\'s list of known + * Check if the host key is present in the user's list of known * hosts or in the systemwide list. */ host_file = user_hostfile; diff --git a/sshconnect1.c b/sshconnect1.c index bd05723c7..440d7c5bd 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.62 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -84,7 +84,7 @@ try_agent_authentication(void) /* Wait for server's response. */ type = packet_read(); - /* The server sends failure if it doesn\'t like our key or + /* The server sends failure if it doesn't like our key or does not support RSA authentication. */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); @@ -215,8 +215,8 @@ try_rsa_authentication(int idx) type = packet_read(); /* - * The server responds with failure if it doesn\'t like our key or - * doesn\'t support RSA authentication. + * The server responds with failure if it doesn't like our key or + * doesn't support RSA authentication. */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); diff --git a/sshd.c b/sshd.c index 4b5f89e2a..f0fdf5a83 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.317 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -1682,10 +1682,10 @@ main(int ac, char **av) verbose("Connection from %.500s port %d", remote_ip, remote_port); /* - * We don\'t want to listen forever unless the other side + * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is * cleared after successful authentication. A limit of zero - * indicates no limit. Note that we don\'t set the alarm in debugging + * indicates no limit. Note that we don't set the alarm in debugging * mode; it is just annoying to have the server exit just when you * are about to discover the bug. */ -- cgit v1.2.3 From 7bff1a9b5e6a0958ebc8201542eb6d359d987a1e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:59:12 +1100 Subject: - djm@cvs.openbsd.org 2005/12/24 02:27:41 [session.c sshd.c] eliminate some code duplicated in privsep and non-privsep paths, and explicitly clear SIGALRM handler; "groovy" deraadt@ --- ChangeLog | 6 +++++- session.c | 11 +---------- sshd.c | 20 ++++++++++++-------- 3 files changed, 18 insertions(+), 19 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index aa210591e..3b7c6f700 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,10 @@ - jmc@cvs.openbsd.org 2005/12/23 23:46:23 [ssh.1] less mark up for -c; + - djm@cvs.openbsd.org 2005/12/24 02:27:41 + [session.c sshd.c] + eliminate some code duplicated in privsep and non-privsep paths, and + explicitly clear SIGALRM handler; "groovy" deraadt@ 20051220 - (dtucker) OpenBSD CVS Sync @@ -3545,4 +3549,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4050 2005/12/24 03:56:47 djm Exp $ +$Id: ChangeLog,v 1.4051 2005/12/24 03:59:12 djm Exp $ diff --git a/session.c b/session.c index 8826fabaa..2bf904404 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.190 2005/12/17 21:13:05 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -209,15 +209,6 @@ do_authenticated(Authctxt *authctxt) { setproctitle("%s", authctxt->pw->pw_name); - /* - * Cancel the alarm we set to limit the time taken for - * authentication. - */ - alarm(0); - if (startup_pipe != -1) { - close(startup_pipe); - startup_pipe = -1; - } /* setup the channel layer */ if (!no_port_forwarding_flag && options.allow_tcp_forwarding) channel_permit_all_opens(); diff --git a/sshd.c b/sshd.c index f0fdf5a83..def90d827 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.317 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $"); #include #include @@ -637,13 +637,6 @@ privsep_postauth(Authctxt *authctxt) goto skip; } - /* Authentication complete */ - alarm(0); - if (startup_pipe != -1) { - close(startup_pipe); - startup_pipe = -1; - } - /* New socket pair */ monitor_reinit(pmonitor); @@ -1732,6 +1725,17 @@ main(int ac, char **av) } authenticated: + /* + * Cancel the alarm we set to limit the time taken for + * authentication. + */ + alarm(0); + signal(SIGALRM, SIG_DFL); + if (startup_pipe != -1) { + close(startup_pipe); + startup_pipe = -1; + } + #ifdef SSH_AUDIT_EVENTS audit_event(SSH_AUTH_SUCCESS); #endif -- cgit v1.2.3