merged OpenSSH 5.1p1 to trunk

[gssapi-openssh.git] / openssh / monitor.c

diff --git a/openssh/monitor.c b/openssh/monitor.c
index 0514f3667667bfa1a1f6aeb1de98dd13a468da2b..f92fd703b349b1ba5c070c6323b72979fa9ef6cc 100644 (file)
--- a/openssh/monitor.c
+++ b/openssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor.c,v 1.99 2008/07/10 18:08:11 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -51,6 +51,7 @@
 
 #include <openssl/dh.h>
 
+#include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
 #include "ssh.h"
 #include "key.h"
@@ -378,7 +379,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
        /* The first few requests do not require asynchronous access */
        while (!authenticated) {
                auth_method = "unknown";
-               authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+               authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
                if (authenticated) {
                        if (!(ent->flags & MON_AUTHDECIDE))
                                fatal("%s: unexpected authentication from %d",
@@ -437,6 +438,7 @@ monitor_child_postauth(struct monitor *pmonitor)
        monitor_set_child_handler(pmonitor->m_pid);
        signal(SIGHUP, &monitor_child_handler);
        signal(SIGTERM, &monitor_child_handler);
+       signal(SIGINT, &monitor_child_handler);
 
        if (compat20) {
                mon_dispatch = mon_dispatch_postauth20;
@@ -681,6 +683,9 @@ mm_answer_pwnamallow(int sock, Buffer *m)
        buffer_put_cstring(m, pwent->pw_shell);
 
  out:
+       buffer_put_string(m, &options, sizeof(options));
+       if (options.banner != NULL)
+               buffer_put_cstring(m, options.banner);
        debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
        mm_request_send(sock, MONITOR_ANS_PWNAM, m);
 
@@ -1047,6 +1052,8 @@ mm_answer_keyallowed(int sock, Buffer *m)
                        allowed = options.pubkey_authentication &&
                            user_key_allowed(authctxt->pw, key);
                        auth_method = "publickey";
+                       if (options.pubkey_authentication && allowed != 1)
+                               auth_clear_options();
                        break;
                case MM_HOSTKEY:
                        allowed = options.hostbased_authentication &&
@@ -1059,6 +1066,8 @@ mm_answer_keyallowed(int sock, Buffer *m)
                        allowed = options.rhosts_rsa_authentication &&
                            auth_rhosts_rsa_key_allowed(authctxt->pw,
                            cuser, chost, key);
+                       if (options.rhosts_rsa_authentication && allowed != 1)
+                               auth_clear_options();
                        auth_method = "rsa";
                        break;
                default:
@@ -1088,7 +1097,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
        }
 
        debug3("%s: key %p is %s",
-           __func__, key, allowed ? "allowed" : "disallowed");
+           __func__, key, allowed ? "allowed" : "not allowed");
 
        buffer_clear(m);
        buffer_put_int(m, allowed);
@@ -1254,7 +1263,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 
        verified = key_verify(key, signature, signaturelen, data, datalen);
        debug3("%s: key %p signature %s",
-           __func__, key, verified ? "verified" : "unverified");
+           __func__, key, (verified == 1) ? "verified" : "unverified");
 
        key_free(key);
        xfree(blob);
@@ -1269,7 +1278,7 @@ mm_answer_keyverify(int sock, Buffer *m)
        buffer_put_int(m, verified);
        mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
 
-       return (verified);
+       return (verified == 1);
 }
 
 static void
@@ -1305,7 +1314,7 @@ mm_session_close(Session *s)
                debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
                session_pty_cleanup2(s);
        }
-       s->used = 0;
+       session_unused(s->self);
 }
 
 int
@@ -1347,8 +1356,9 @@ mm_answer_pty(int sock, Buffer *m)
 
        mm_request_send(sock, MONITOR_ANS_PTY, m);
 
-       mm_send_fd(sock, s->ptyfd);
-       mm_send_fd(sock, s->ttyfd);
+       if (mm_send_fd(sock, s->ptyfd) == -1 ||
+           mm_send_fd(sock, s->ttyfd) == -1)
+               fatal("%s: send fds failed", __func__);
 
        /* make sure nothing uses fd 0 */
        if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
@@ -1579,6 +1589,11 @@ mm_answer_term(int sock, Buffer *req)
        /* The child is terminating */
        session_destroy_all(&mm_session_close);
 
+#ifdef USE_PAM
+       if (options.use_pam)
+               sshpam_cleanup();
+#endif
+
        while (waitpid(pmonitor->m_pid, &status, 0) == -1)
                if (errno != EINTR)
                        exit(1);
@@ -1699,6 +1714,7 @@ mm_get_kex(Buffer *m)
        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 #ifdef GSSAPI
        kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+       kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
        kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
 #endif
        kex->server = 1;
@@ -1731,7 +1747,7 @@ mm_get_keystate(struct monitor *pmonitor)
        u_char *blob, *p;
        u_int bloblen, plen;
        u_int32_t seqnr, packets;
-       u_int64_t blocks;
+       u_int64_t blocks, bytes;
 
        debug3("%s: Waiting for new keys", __func__);
 
@@ -1764,11 +1780,13 @@ mm_get_keystate(struct monitor *pmonitor)
        seqnr = buffer_get_int(&m);
        blocks = buffer_get_int64(&m);
        packets = buffer_get_int(&m);
-       packet_set_state(MODE_OUT, seqnr, blocks, packets);
+       bytes = buffer_get_int64(&m);
+       packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes);
        seqnr = buffer_get_int(&m);
        blocks = buffer_get_int64(&m);
        packets = buffer_get_int(&m);
-       packet_set_state(MODE_IN, seqnr, blocks, packets);
+       bytes = buffer_get_int64(&m);
+       packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
 
  skip:
        /* Get the key context */
@@ -2006,7 +2024,7 @@ mm_answer_gss_sign(int socket, Buffer *m)
        data.value = buffer_get_string(m, &len);
        data.length = len;
        if (data.length != 20) 
-               fatal("%s: data length incorrect: %d", __func__, data.length);
+               fatal("%s: data length incorrect: %d", __func__, (int)data.length);
 
        /* Save the session ID on the first time around */
        if (session_id2_len == 0) {
@@ -2095,5 +2113,4 @@ mm_answer_gss_localname(int socket, Buffer *m) {
 
         return(0);
 }
-
 #endif /* GSSAPI */