*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.242 2002/05/15 15:47:49 mouring Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
fatal_cleanup();
}
- /* Read other side's version identification. */
+ /* Read other sides version identification. */
memset(buf, 0, sizeof(buf));
for (i = 0; i < sizeof(buf) - 1; i++) {
if (atomicio(read, sock_in, &buf[i], 1) != 1) {
if (pid == -1) {
fatal("fork of unprivileged child failed");
} else if (pid != 0) {
- debug2("Network child is on pid %d", pid);
+ debug2("Network child is on pid %ld", (long)pid);
close(pmonitor->m_recvfd);
authctxt = monitor_child_preauth(pmonitor);
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
- debug2("User child is on pid %d", pmonitor->m_pid);
+ debug2("User child is on pid %ld", (long)pmonitor->m_pid);
close(pmonitor->m_recvfd);
monitor_child_postauth(pmonitor);
}
}
+ if (use_privsep) {
+ struct passwd *pw;
+ struct stat st;
+
+ if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+ fatal("Privilege separation user %s does not exist",
+ SSH_PRIVSEP_USER);
+ if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
+ (S_ISDIR(st.st_mode) == 0))
+ fatal("Missing privilege separation directory: %s",
+ _PATH_PRIVSEP_CHROOT_DIR);
+ }
+
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
ssh_gssapi_clean_env();
#endif /* GSSAPI */
-#ifndef HAVE_CYGWIN
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
*/
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
-#endif /* !HAVE_CYGWIN */
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
*/
f = fopen(options.pid_file, "wb");
if (f) {
- fprintf(f, "%u\n", (u_int) getpid());
+ fprintf(f, "%ld\n", (long) getpid());
fclose(f);
}
}
if (pid < 0)
error("fork: %.100s", strerror(errno));
else
- debug("Forked child %d.", pid);
+ debug("Forked child %ld.", (long)pid);
close(startup_p[1]);
sshd_exchange_identification(sock_in, sock_out);
/*
* Check that the connection comes from a privileged port.
- * Rhosts-Authentication only makes sense from priviledged
+ * Rhosts-Authentication only makes sense from privileged
* programs. Of course, if the intruder has root access on his local
* machine, he can connect from any port. So do not use these
* authentication methods from machines that you do not trust.
debug("Received session key; encryption turned on.");
- /* Send an acknowledgement packet. Note that this packet is sent encrypted. */
+ /* Send an acknowledgment packet. Note that this packet is sent encrypted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
+ if (!options.compression) {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ }
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
#ifdef GSSAPI