-/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
debug("sshd version %.100s", SSH_RELEASE);
- /* Store privilege separation user for later use */
- if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
- fatal("Privilege separation user %s does not exist",
- SSH_PRIVSEP_USER);
- memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
- privsep_pw->pw_passwd = "*";
- privsep_pw = pwcopy(privsep_pw);
+ /* Store privilege separation user for later use if required. */
+ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+ if (use_privsep || options.kerberos_authentication)
+ fatal("Privilege separation user %s does not exist",
+ SSH_PRIVSEP_USER);
+ } else {
+ memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+ privsep_pw = pwcopy(privsep_pw);
+ xfree(privsep_pw->pw_passwd);
+ privsep_pw->pw_passwd = xstrdup("*");
+ }
endpwent();
/* load private host keys */
* key is in the highest bits.
*/
if (!rsafail) {
- BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+ (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
len = BN_num_bytes(session_key_int);
if (len < 0 || (u_int)len > sizeof(session_key)) {
- error("do_connection: bad session key len from %s: "
+ error("do_ssh1_kex: bad session key len from %s: "
"session_key_int %d > sizeof(session_key) %lu",
get_remote_ipaddr(), len, (u_long)sizeof(session_key));
rsafail++;
else
gss = NULL;
- if (gss && orig) {
- int len = strlen(orig) + strlen(gss) + 2;
- newstr = xmalloc(len);
- snprintf(newstr, len, "%s,%s", gss, orig);
- } else if (gss) {
+ if (gss && orig)
+ xasprintf(&newstr, "%s,%s", gss, orig);
+ else if (gss)
newstr = gss;
- } else if (orig) {
+ else if (orig)
newstr = orig;
- }
+
/*
* If we've got GSSAPI mechanisms, then we've got the 'null' host
* key alg, but we can't tell people about it unless its the only
#endif
/* start key exchange */
- kex = kex_setup(myproposal);
- kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ /* start key exchange */
+ kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+ kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
#ifdef GSSAPI
kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+ kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
#endif
- kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;