Page MenuHomeFreeBSD
Differential D5915 Diff 17382 head/crypto/openssh/sshd.c

Changeset View

Standalone View

View Options

head/crypto/openssh/sshd.c

Show First 20 LinesShow All 129 Lines▼ Show 20 Lines
#include "monitor.h" #include "monitor.h"
#ifdef GSSAPI #ifdef GSSAPI
#include "ssh-gss.h" #include "ssh-gss.h"
#endif #endif
#include "monitor_wrap.h" #include "monitor_wrap.h"
#include "ssh-sandbox.h" #include "ssh-sandbox.h"
#include "version.h" #include "version.h"
#include "ssherr.h" #include "ssherr.h"
#ifdef USE_BLACKLIST
#include "blacklist_client.h"
#endif
#ifdef LIBWRAP #ifdef LIBWRAP
#include <tcpd.h> #include <tcpd.h>
#include <syslog.h> #include <syslog.h>
int allow_severity; int allow_severity;
int deny_severity; int deny_severity;
#endif /* LIBWRAP */ #endif /* LIBWRAP */
▲ Show 20 LinesShow All 237 Lines▼ Show 20 Linesgrace_alarm_handler(int sig)
* Try to kill any processes that we have spawned, E.g. authorized * Try to kill any processes that we have spawned, E.g. authorized
* keys command helpers. * keys command helpers.
*/ */
if (getpgid(0) == getpid()) { if (getpgid(0) == getpid()) {
signal(SIGTERM, SIG_IGN); signal(SIGTERM, SIG_IGN);
kill(0, SIGTERM); kill(0, SIGTERM);
} }
#ifdef USE_BLACKLIST
blacklist_notify(1);
#endif
/* Log error and exit. */ /* Log error and exit. */
sigdie("Timeout before authentication for %s", get_remote_ipaddr()); sigdie("Timeout before authentication for %s", get_remote_ipaddr());
} }
/* /*
* Signal handler for the key regeneration alarm. Note that this * Signal handler for the key regeneration alarm. Note that this
* alarm only occurs in the daemon waiting for connections, and it does not * alarm only occurs in the daemon waiting for connections, and it does not
* do anything with the private key or random state before forking. * do anything with the private key or random state before forking.
▲ Show 20 LinesShow All 245 Lines▼ Show 20 Lines#ifdef WITH_OPENSSL
if ((RAND_bytes((u_char *)rnd, 1)) != 1) if ((RAND_bytes((u_char *)rnd, 1)) != 1)
fatal("%s: RAND_bytes failed", __func__); fatal("%s: RAND_bytes failed", __func__);
#endif #endif
explicit_bzero(rnd, sizeof(rnd)); explicit_bzero(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */ /* Demote the private keys to public keys. */
demote_sensitive_data(); demote_sensitive_data();
#ifdef USE_BLACKLIST
blacklist_init();
#endif
/* Demote the child */ /* Demote the child */
if (getuid() == 0 || geteuid() == 0) { if (getuid() == 0 || geteuid() == 0) {
/* Change our root directory */ /* Change our root directory */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno)); strerror(errno));
if (chdir("/") == -1) if (chdir("/") == -1)
fatal("chdir(\"/\"): %s", strerror(errno)); fatal("chdir(\"/\"): %s", strerror(errno));
▲ Show 20 LinesShow All 607 Lines▼ Show 20 Linesserver_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
for (i = 0; i < num_listen_socks; i++) for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd) if (listen_socks[i] > maxfd)
maxfd = listen_socks[i]; maxfd = listen_socks[i];
/* pipes connected to unauthenticated childs */ /* pipes connected to unauthenticated childs */
startup_pipes = xcalloc(options.max_startups, sizeof(int)); startup_pipes = xcalloc(options.max_startups, sizeof(int));
for (i = 0; i < options.max_startups; i++) for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1; startup_pipes[i] = -1;
#ifdef USE_BLACKLIST
blacklist_init();
#endif
/* /*
* Stay listening for connections until the system crashes or * Stay listening for connections until the system crashes or
* the daemon is killed with a signal. * the daemon is killed with a signal.
*/ */
for (;;) { for (;;) {
if (received_sighup) if (received_sighup)
sighup_restart(); sighup_restart();
free(fdset); free(fdset);
▲ Show 20 LinesShow All 1,418 LinesShow Last 20 Lines