diff options
| author | des <des@FreeBSD.org> | 2008-08-01 02:48:36 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2008-08-01 02:48:36 +0000 |
| commit | b7aa600c416b507a21191efa2689c0a03031d58e (patch) | |
| tree | ed813bdf7d8dbee35f19092d185e1a2793885204 /crypto/openssh/monitor.c | |
| parent | a2326b0bec3be2ec01f66d386cfe43139cbc579c (diff) | |
| parent | 8f6f5baf400f08937451cf9c8ecc220e9efd2f63 (diff) | |
| download | FreeBSD-src-b7aa600c416b507a21191efa2689c0a03031d58e.zip FreeBSD-src-b7aa600c416b507a21191efa2689c0a03031d58e.tar.gz | |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
Diffstat (limited to 'crypto/openssh/monitor.c')
| -rw-r--r-- | crypto/openssh/monitor.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index 48ae46c..73cf6bc 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.99 2008/07/10 18:08:11 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -51,6 +51,7 @@ #include <openssl/dh.h> +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "key.h" @@ -409,6 +410,7 @@ monitor_child_postauth(struct monitor *pmonitor) monitor_set_child_handler(pmonitor->m_pid); signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); + signal(SIGINT, &monitor_child_handler); if (compat20) { mon_dispatch = mon_dispatch_postauth20; @@ -644,6 +646,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) buffer_put_cstring(m, pwent->pw_shell); out: + buffer_put_string(m, &options, sizeof(options)); + if (options.banner != NULL) + buffer_put_cstring(m, options.banner); debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); @@ -1010,6 +1015,8 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); auth_method = "publickey"; + if (options.pubkey_authentication && allowed != 1) + auth_clear_options(); break; case MM_HOSTKEY: allowed = options.hostbased_authentication && @@ -1022,6 +1029,8 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); + if (options.rhosts_rsa_authentication && allowed != 1) + auth_clear_options(); auth_method = "rsa"; break; default: @@ -1051,7 +1060,7 @@ mm_answer_keyallowed(int sock, Buffer *m) } debug3("%s: key %p is %s", - __func__, key, allowed ? "allowed" : "disallowed"); + __func__, key, allowed ? "allowed" : "not allowed"); buffer_clear(m); buffer_put_int(m, allowed); @@ -1268,7 +1277,7 @@ mm_session_close(Session *s) debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); session_pty_cleanup2(s); } - s->used = 0; + session_unused(s->self); } int @@ -1310,8 +1319,9 @@ mm_answer_pty(int sock, Buffer *m) mm_request_send(sock, MONITOR_ANS_PTY, m); - mm_send_fd(sock, s->ptyfd); - mm_send_fd(sock, s->ttyfd); + if (mm_send_fd(sock, s->ptyfd) == -1 || + mm_send_fd(sock, s->ttyfd) == -1) + fatal("%s: send fds failed", __func__); /* make sure nothing uses fd 0 */ if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) @@ -1542,6 +1552,11 @@ mm_answer_term(int sock, Buffer *req) /* The child is terminating */ session_destroy_all(&mm_session_close); +#ifdef USE_PAM + if (options.use_pam) + sshpam_cleanup(); +#endif + while (waitpid(pmonitor->m_pid, &status, 0) == -1) if (errno != EINTR) exit(1); @@ -1690,7 +1705,7 @@ mm_get_keystate(struct monitor *pmonitor) u_char *blob, *p; u_int bloblen, plen; u_int32_t seqnr, packets; - u_int64_t blocks; + u_int64_t blocks, bytes; debug3("%s: Waiting for new keys", __func__); @@ -1723,11 +1738,13 @@ mm_get_keystate(struct monitor *pmonitor) seqnr = buffer_get_int(&m); blocks = buffer_get_int64(&m); packets = buffer_get_int(&m); - packet_set_state(MODE_OUT, seqnr, blocks, packets); + bytes = buffer_get_int64(&m); + packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes); seqnr = buffer_get_int(&m); blocks = buffer_get_int64(&m); packets = buffer_get_int(&m); - packet_set_state(MODE_IN, seqnr, blocks, packets); + bytes = buffer_get_int64(&m); + packet_set_state(MODE_IN, seqnr, blocks, packets, bytes); skip: /* Get the key context */ |
