-/* $OpenBSD: sshd.c,v 1.364 2008/07/10 18:08:11 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.367 2009/05/28 16:50:16 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
-#include "monitor_fdpass.h"
+#include "roaming.h"
#include "version.h"
+#include "ssh-globus-usage.h"
#ifdef USE_SECURITY_SESSION_API
#include <Security/AuthSession.h>
server_version_string = xstrdup(buf);
/* Send our protocol version identification. */
- if (atomicio(vwrite, sock_out, server_version_string,
+ if (roaming_atomicio(vwrite, sock_out, server_version_string,
strlen(server_version_string))
!= strlen(server_version_string)) {
logit("Could not write ident string to %s", get_remote_ipaddr());
/* Read other sides version identification. */
memset(buf, 0, sizeof(buf));
for (i = 0; i < sizeof(buf) - 1; i++) {
- if (atomicio(read, sock_in, &buf[i], 1) != 1) {
+ if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
logit("Did not receive identification string from %s",
get_remote_ipaddr());
cleanup_exit(255);
static void
privsep_preauth_child(void)
{
- u_int32_t rnd[256];
+ u_int32_t rnd[256];
gid_t gidset[1];
/* Enable challenge-response authentication for privilege separation */
exit(1);
}
options.ports[options.num_ports++] = a2port(optarg);
- if (options.ports[options.num_ports-1] == 0) {
+ if (options.ports[options.num_ports-1] <= 0) {
fprintf(stderr, "Bad port number.\n");
exit(1);
}
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
+#ifdef HAVE_GLOBUS_USAGE
+ if (ssh_usage_stats_init(options.disable_usage_stats,
+ options.usage_stats_targets) != GLOBUS_SUCCESS) {
+ fatal("Error initializing Globus Usage Metrics");
+ }
+#endif /* HAVE_GLOBUS_USAGE */
+
/* challenge-response is implemented via keyboard interactive */
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
cleanup_exit(255);
}
+ /* set the HPN options for the child */
+ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+
/*
* We use get_canonical_hostname with usedns = 0 instead of
* get_remote_ipaddr here so IP options will be checked.
}
#endif
- /* start key exchange */
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
#ifdef GSSAPI
- kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
- kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
- kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+ if (options.gss_keyex) {
+ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+ kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+ kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+ }
#endif
kex->server = 1;
kex->client_version_string=client_version_string;