Changeset View
Changeset View
Standalone View
Standalone View
head/crypto/openssh/sshd.c
Show First 20 Lines • Show All 129 Lines • ▼ Show 20 Lines | |||||
#include "monitor.h" | #include "monitor.h" | ||||
#ifdef GSSAPI | #ifdef GSSAPI | ||||
#include "ssh-gss.h" | #include "ssh-gss.h" | ||||
#endif | #endif | ||||
#include "monitor_wrap.h" | #include "monitor_wrap.h" | ||||
#include "ssh-sandbox.h" | #include "ssh-sandbox.h" | ||||
#include "version.h" | #include "version.h" | ||||
#include "ssherr.h" | #include "ssherr.h" | ||||
#ifdef USE_BLACKLIST | |||||
#include "blacklist_client.h" | |||||
#endif | |||||
#ifdef LIBWRAP | #ifdef LIBWRAP | ||||
#include <tcpd.h> | #include <tcpd.h> | ||||
#include <syslog.h> | #include <syslog.h> | ||||
int allow_severity; | int allow_severity; | ||||
int deny_severity; | int deny_severity; | ||||
#endif /* LIBWRAP */ | #endif /* LIBWRAP */ | ||||
▲ Show 20 Lines • Show All 237 Lines • ▼ Show 20 Lines | grace_alarm_handler(int sig) | ||||
* Try to kill any processes that we have spawned, E.g. authorized | * Try to kill any processes that we have spawned, E.g. authorized | ||||
* keys command helpers. | * keys command helpers. | ||||
*/ | */ | ||||
if (getpgid(0) == getpid()) { | if (getpgid(0) == getpid()) { | ||||
signal(SIGTERM, SIG_IGN); | signal(SIGTERM, SIG_IGN); | ||||
kill(0, SIGTERM); | kill(0, SIGTERM); | ||||
} | } | ||||
#ifdef USE_BLACKLIST | |||||
blacklist_notify(1); | |||||
#endif | |||||
/* Log error and exit. */ | /* Log error and exit. */ | ||||
sigdie("Timeout before authentication for %s", get_remote_ipaddr()); | sigdie("Timeout before authentication for %s", get_remote_ipaddr()); | ||||
} | } | ||||
/* | /* | ||||
* Signal handler for the key regeneration alarm. Note that this | * Signal handler for the key regeneration alarm. Note that this | ||||
* alarm only occurs in the daemon waiting for connections, and it does not | * alarm only occurs in the daemon waiting for connections, and it does not | ||||
* do anything with the private key or random state before forking. | * do anything with the private key or random state before forking. | ||||
▲ Show 20 Lines • Show All 245 Lines • ▼ Show 20 Lines | #ifdef WITH_OPENSSL | ||||
if ((RAND_bytes((u_char *)rnd, 1)) != 1) | if ((RAND_bytes((u_char *)rnd, 1)) != 1) | ||||
fatal("%s: RAND_bytes failed", __func__); | fatal("%s: RAND_bytes failed", __func__); | ||||
#endif | #endif | ||||
explicit_bzero(rnd, sizeof(rnd)); | explicit_bzero(rnd, sizeof(rnd)); | ||||
/* Demote the private keys to public keys. */ | /* Demote the private keys to public keys. */ | ||||
demote_sensitive_data(); | demote_sensitive_data(); | ||||
#ifdef USE_BLACKLIST | |||||
blacklist_init(); | |||||
#endif | |||||
/* Demote the child */ | /* Demote the child */ | ||||
if (getuid() == 0 || geteuid() == 0) { | if (getuid() == 0 || geteuid() == 0) { | ||||
/* Change our root directory */ | /* Change our root directory */ | ||||
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) | ||||
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, | ||||
strerror(errno)); | strerror(errno)); | ||||
if (chdir("/") == -1) | if (chdir("/") == -1) | ||||
fatal("chdir(\"/\"): %s", strerror(errno)); | fatal("chdir(\"/\"): %s", strerror(errno)); | ||||
▲ Show 20 Lines • Show All 607 Lines • ▼ Show 20 Lines | server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | ||||
for (i = 0; i < num_listen_socks; i++) | for (i = 0; i < num_listen_socks; i++) | ||||
if (listen_socks[i] > maxfd) | if (listen_socks[i] > maxfd) | ||||
maxfd = listen_socks[i]; | maxfd = listen_socks[i]; | ||||
/* pipes connected to unauthenticated childs */ | /* pipes connected to unauthenticated childs */ | ||||
startup_pipes = xcalloc(options.max_startups, sizeof(int)); | startup_pipes = xcalloc(options.max_startups, sizeof(int)); | ||||
for (i = 0; i < options.max_startups; i++) | for (i = 0; i < options.max_startups; i++) | ||||
startup_pipes[i] = -1; | startup_pipes[i] = -1; | ||||
#ifdef USE_BLACKLIST | |||||
blacklist_init(); | |||||
#endif | |||||
/* | /* | ||||
* Stay listening for connections until the system crashes or | * Stay listening for connections until the system crashes or | ||||
* the daemon is killed with a signal. | * the daemon is killed with a signal. | ||||
*/ | */ | ||||
for (;;) { | for (;;) { | ||||
if (received_sighup) | if (received_sighup) | ||||
sighup_restart(); | sighup_restart(); | ||||
free(fdset); | free(fdset); | ||||
▲ Show 20 Lines • Show All 1,418 Lines • Show Last 20 Lines |