diff options
Diffstat (limited to 'crypto/openssh/sshd.c')
-rw-r--r-- | crypto/openssh/sshd.c | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index a6c9943..070ef0c 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.381 2011/01/11 06:13:10 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.385 2011/06/23 09:34:13 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -130,6 +130,7 @@ __RCSID("$FreeBSD$"); #endif #include "monitor_wrap.h" #include "roaming.h" +#include "ssh-sandbox.h" #include "version.h" #ifdef LIBWRAP @@ -636,42 +637,62 @@ privsep_preauth(Authctxt *authctxt) { int status; pid_t pid; + struct ssh_sandbox *box = NULL; /* Set up unprivileged child process to deal with network data */ pmonitor = monitor_init(); /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; + if (use_privsep == PRIVSEP_SANDBOX) + box = ssh_sandbox_init(); pid = fork(); if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); - close(pmonitor->m_recvfd); + if (box != NULL) + ssh_sandbox_parent_preauth(box, pid); pmonitor->m_pid = pid; monitor_child_preauth(authctxt, pmonitor); - close(pmonitor->m_sendfd); /* Sync memory */ monitor_sync(pmonitor); /* Wait for the child's exit status */ - while (waitpid(pid, &status, 0) < 0) + while (waitpid(pid, &status, 0) < 0) { if (errno != EINTR) - break; - return (1); + fatal("%s: waitpid: %s", __func__, + strerror(errno)); + } + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) != 0) + fatal("%s: preauth child exited with status %d", + __func__, WEXITSTATUS(status)); + } else if (WIFSIGNALED(status)) + fatal("%s: preauth child terminated by signal %d", + __func__, WTERMSIG(status)); + if (box != NULL) + ssh_sandbox_parent_finish(box); + return 1; } else { /* child */ - close(pmonitor->m_sendfd); + close(pmonitor->m_log_recvfd); + + /* Arrange for logging to be sent to the monitor */ + set_log_handler(mm_log_handler, pmonitor); /* Demote the child */ if (getuid() == 0 || geteuid() == 0) privsep_preauth_child(); setproctitle("%s", "[net]"); + if (box != NULL) + ssh_sandbox_child(box); + + return 0; } - return (0); } static void @@ -697,7 +718,6 @@ privsep_postauth(Authctxt *authctxt) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); - close(pmonitor->m_recvfd); buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); @@ -705,7 +725,10 @@ privsep_postauth(Authctxt *authctxt) exit(0); } + /* child */ + close(pmonitor->m_sendfd); + pmonitor->m_sendfd = -1; /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -1134,7 +1157,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) (int) received_sigterm); close_listen_socks(); unlink(options.pid_file); - exit(255); + exit(received_sigterm == SIGTERM ? 0 : 255); } if (key_used && key_do_regen) { generate_ephemeral_server_key(); @@ -1325,7 +1348,6 @@ main(int ac, char **av) (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); - init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; |