diff options
author | des <des@FreeBSD.org> | 2002-06-27 22:31:32 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2002-06-27 22:31:32 +0000 |
commit | bb02848f18878bddada7a9f55b110116f63c2f3c (patch) | |
tree | d93e4bc5fc0a9a5e99878bd93a4d51c873c1a43e /crypto/openssh/sshd.c | |
parent | 610201f50fdb0594e9885594b69e4ee69c71dd08 (diff) | |
download | FreeBSD-src-bb02848f18878bddada7a9f55b110116f63c2f3c.zip FreeBSD-src-bb02848f18878bddada7a9f55b110116f63c2f3c.tar.gz |
Vendor import of OpenSSH 3.3p1.
Diffstat (limited to 'crypto/openssh/sshd.c')
-rw-r--r-- | crypto/openssh/sshd.c | 55 |
1 files changed, 52 insertions, 3 deletions
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 0f04704..feea3ce 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -48,6 +48,10 @@ RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> #include <openssl/rand.h> +#ifdef HAVE_SECUREWARE +#include <sys/security.h> +#include <prot.h> +#endif #include "ssh.h" #include "ssh1.h" @@ -92,7 +96,11 @@ int deny_severity = LOG_WARNING; #define O_NOCTTY 0 #endif +#ifdef HAVE___PROGNAME extern char *__progname; +#else +char *__progname; +#endif /* Server configuration options. */ ServerOptions options; @@ -104,7 +112,11 @@ char *config_file_name = _PATH_SERVER_CONFIG_FILE; * Flag indicating whether IPv4 or IPv6. This can be set on the command line. * Default value is AF_UNSPEC means both IPv4 and IPv6. */ +#ifdef IPV4_DEFAULT +int IPv4or6 = AF_INET; +#else int IPv4or6 = AF_UNSPEC; +#endif /* * Debug mode flag. This can be set on the command line. If debug @@ -128,6 +140,7 @@ int log_stderr = 0; /* Saved arguments to main(). */ char **saved_argv; +int saved_argc; /* * The sockets that the server is listening; this is used in the SIGHUP @@ -777,7 +790,14 @@ main(int ac, char **av) Key *key; int ret, key_used = 0; +#ifdef HAVE_SECUREWARE + (void)set_auth_parameters(ac, av); +#endif + __progname = get_progname(av[0]); + init_rng(); + /* Save argv. */ + saved_argc = ac; saved_argv = av; /* Initialize configuration options to their default values. */ @@ -891,6 +911,15 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, !inetd_flag); +#ifdef _CRAY + /* Cray can define user privs drop all prives now! + * Not needed on PRIV_SU systems! + */ + drop_cray_privs(); +#endif + + seed_rng(); + /* Read server configuration options from the configuration file. */ read_server_config(&options, config_file_name); @@ -989,6 +1018,16 @@ main(int ac, char **av) if (test_flag) exit(0); + /* + * Clear out any supplemental groups we may have inherited. This + * prevents inadvertent creation of files with bad modes (in the + * portable version at least, it's certainly possible for PAM + * to create a file, and we can't control the code in every + * module which might be used). + */ + if (setgroups(0, NULL) < 0) + debug("setgroups() failed: %.200s", strerror(errno)); + /* Initialize the log (it is reinitialized below in case we forked). */ if (debug_flag && !inetd_flag) log_stderr = 1; @@ -1086,8 +1125,9 @@ main(int ac, char **av) /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { - error("Bind to port %s on %s failed: %.200s.", - strport, ntop, strerror(errno)); + if (!ai->ai_next) + error("Bind to port %s on %s failed: %.200s.", + strport, ntop, strerror(errno)); close(listen_sock); continue; } @@ -1129,7 +1169,7 @@ main(int ac, char **av) * fail if there already is a daemon, and this will * overwrite any old pid in the file. */ - f = fopen(options.pid_file, "w"); + f = fopen(options.pid_file, "wb"); if (f) { fprintf(f, "%ld\n", (long) getpid()); fclose(f); @@ -1309,8 +1349,11 @@ main(int ac, char **av) * setlogin() affects the entire process group. We don't * want the child to be able to affect the parent. */ +#if 0 + /* XXX: this breaks Solaris */ if (setsid() < 0) error("setsid: %.100s", strerror(errno)); +#endif /* * Disable the key regeneration alarm. We will not regenerate the @@ -1323,6 +1366,7 @@ main(int ac, char **av) signal(SIGTERM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGINT, SIG_DFL); /* * Set socket options for the connection. We want the socket to @@ -1452,6 +1496,11 @@ main(int ac, char **av) /* The connection has been terminated. */ verbose("Closing connection to %.100s", remote_ip); + +#ifdef USE_PAM + finish_pam(); +#endif /* USE_PAM */ + packet_close(); if (use_privsep) |