update to http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.7p1-hpn13v1.diff.gz

[gssapi-openssh.git] / openssh / sshd.c

diff --git a/openssh/sshd.c b/openssh/sshd.c
index f10adb8ec1774c72184ea23d9a6a13ad5d5552b4..0a3a549f2cc16f2d5891da856219659fc71b1198 100644 (file)
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.351 2007/05/22 10:18:52 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -138,6 +138,9 @@ int deny_severity = LOG_WARNING;
 #define REEXEC_CONFIG_PASS_FD          (STDERR_FILENO + 3)
 #define REEXEC_MIN_FREE_FD             (STDERR_FILENO + 4)
 
+int myflag = 0;
+
+
 extern char *__progname;
 
 /* Server configuration options. */
@@ -309,6 +312,7 @@ sighup_restart(void)
        logit("Received SIGHUP; restarting.");
        close_listen_socks();
        close_startup_pipes();
+       alarm(0);  /* alarm timer persists across exec */
        execv(saved_argv[0], saved_argv);
        logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
            strerror(errno));
@@ -473,6 +477,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
        }
        debug("Client protocol version %d.%d; client software version %.100s",
            remote_major, remote_minor, remote_version);
+       logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
+             get_remote_ipaddr(), get_remote_port(),
+           remote_major, remote_minor, remote_version);
 
        compat_datafellows(remote_version);
 
@@ -945,6 +952,8 @@ server_listen(void)
        int ret, listen_sock, on = 1;
        struct addrinfo *ai;
        char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+       int socksize;
+       int socksizelen = sizeof(int);
 
        for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
                if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@@ -982,6 +991,11 @@ server_listen(void)
 
                debug("Bind to port %s on %s.", strport, ntop);
 
+               getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, 
+                                  &socksize, &socksizelen);
+               debug("Server TCP RWIN socket size: %d", socksize);
+               debug("HPN Buffer Size: %d", options.hpn_buffer_size);
+
                /* Bind the socket to the desired port. */
                if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
                        error("Bind to port %s on %s failed: %.200s.",
@@ -1424,6 +1438,10 @@ main(int ac, char **av)
        /* Fill in default values for those options not explicitly set. */
        fill_default_server_options(&options);
 
+       /* challenge-response is implemented via keyboard interactive */
+       if (options.challenge_response_authentication)
+               options.kbd_interactive_authentication = 1;
+
        /* set default channel AF */
        channel_set_af(options.address_family);
 
@@ -1435,13 +1453,17 @@ main(int ac, char **av)
 
        debug("sshd version %.100s", SSH_RELEASE);
 
-       /* Store privilege separation user for later use */
-       if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
-               fatal("Privilege separation user %s does not exist",
-                   SSH_PRIVSEP_USER);
-       memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
-       privsep_pw->pw_passwd = "*";
-       privsep_pw = pwcopy(privsep_pw);
+       /* Store privilege separation user for later use if required. */
+       if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+               if (use_privsep || options.kerberos_authentication)
+                       fatal("Privilege separation user %s does not exist",
+                           SSH_PRIVSEP_USER);
+       } else {
+               memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+               privsep_pw = pwcopy(privsep_pw);
+               xfree(privsep_pw->pw_passwd);
+               privsep_pw->pw_passwd = xstrdup("*");
+       }
        endpwent();
 
        /* load private host keys */
@@ -2077,10 +2099,10 @@ do_ssh1_kex(void)
         * key is in the highest bits.
         */
        if (!rsafail) {
-               BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+               (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
                len = BN_num_bytes(session_key_int);
                if (len < 0 || (u_int)len > sizeof(session_key)) {
-                       error("do_connection: bad session key len from %s: "
+                       error("do_ssh1_kex: bad session key len from %s: "
                            "session_key_int %d > sizeof(session_key) %lu",
                            get_remote_ipaddr(), len, (u_long)sizeof(session_key));
                        rsafail++;
@@ -2153,6 +2175,8 @@ do_ssh2_kex(void)
 {
        Kex *kex;
 
+       myflag++;
+       debug ("MYFLAG IS %d", myflag);
        if (options.ciphers != NULL) {
                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
@@ -2180,8 +2204,6 @@ do_ssh2_kex(void)
 
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
 
-       /* start key exchange */
-  
 #ifdef GSSAPI
        {
        char *orig;
@@ -2190,8 +2212,8 @@ do_ssh2_kex(void)
        orig = myproposal[PROPOSAL_KEX_ALGS];
 
        /* 
-        * If we don't have a host key, then there's no point advertising
-         * the other key exchange algorithms
+        * If we don't have a host key, then there's no point advertising
+        * the other key exchange algorithms
         */
 
        if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
@@ -2224,7 +2246,7 @@ do_ssh2_kex(void)
        }
 #endif
 
-       /* start key exchange */
+       /* start key exchange */
        /* start key exchange */
        kex = kex_setup(myproposal);
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;