http://www.sxw.org.uk/computing/patches/openssh-4.2p1-gsskex-20050926-2.patch

[gssapi-openssh.git] / openssh / sshd.c

diff --git a/openssh/sshd.c b/openssh/sshd.c
index 11d618d11163f9df05ff75ecc4b97f56d8ea561e..92aa9bbd21501e3b17657c869d227babf8778696 100644 (file)
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -358,7 +358,8 @@ key_regeneration_alarm(int sig)
 static void
 sshd_exchange_identification(int sock_in, int sock_out)
 {
-       int i, mismatch;
+       u_int i;
+       int mismatch;
        int remote_major, remote_minor;
        int major, minor;
        char *s;
@@ -670,6 +671,12 @@ privsep_postauth(Authctxt *authctxt)
 
        /* It is safe now to apply the key state */
        monitor_apply_keystate(pmonitor);
+
+       /*
+        * Tell the packet layer that authentication was successful, since
+        * this information is not part of the key state.
+        */
+       packet_set_authenticated();
 }
 
 static char *
@@ -1033,7 +1040,7 @@ main(int ac, char **av)
        /*
         * Unset KRB5CCNAME, otherwise the user's session may inherit it from
         * root's environment
-        */ 
+        */
        if (getenv("KRB5CCNAME") != NULL)
                unsetenv("KRB5CCNAME");
 
@@ -1615,19 +1622,22 @@ main(int ac, char **av)
        signal(SIGCHLD, SIG_DFL);
        signal(SIGINT, SIG_DFL);
 
-       /* Set SO_KEEPALIVE if requested. */
-       if (options.tcp_keep_alive &&
-           setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
-           sizeof(on)) < 0)
-               error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
-
        /*
         * Register our connection.  This turns encryption off because we do
         * not have a key.
         */
        packet_set_connection(sock_in, sock_out);
+       packet_set_server();
 
-       remote_port = get_remote_port();
+       /* Set SO_KEEPALIVE if requested. */
+       if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
+           setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
+               error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
+
+       if ((remote_port = get_remote_port()) < 0) {
+               debug("get_remote_port failed");
+               cleanup_exit(255);
+       }
        remote_ip = get_remote_ipaddr();
 
 #ifdef SSH_AUDIT_EVENTS
@@ -1673,6 +1683,8 @@ main(int ac, char **av)
        authctxt = xmalloc(sizeof(*authctxt));
        memset(authctxt, 0, sizeof(*authctxt));
 
+       authctxt->loginmsg = &loginmsg;
+
        /* XXX global for cleanup, access from other modules */
        the_authctxt = authctxt;
 
@@ -1896,7 +1908,7 @@ do_ssh1_kex(void)
        if (!rsafail) {
                BN_mask_bits(session_key_int, sizeof(session_key) * 8);
                len = BN_num_bytes(session_key_int);
-               if (len < 0 || len > sizeof(session_key)) {
+               if (len < 0 || (u_int)len > sizeof(session_key)) {
                        error("do_connection: bad session key len from %s: "
                            "session_key_int %d > sizeof(session_key) %lu",
                            get_remote_ipaddr(), len, (u_long)sizeof(session_key));
@@ -1983,10 +1995,14 @@ do_ssh2_kex(void)
                myproposal[PROPOSAL_MAC_ALGS_CTOS] =
                myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
        }
-       if (!options.compression) {
+       if (options.compression == COMP_NONE) {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+       } else if (options.compression == COMP_DELAYED) {
+               myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+               myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
        }
+       
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
 
        /* start key exchange */