- jmc@cvs.openbsd.org 2006/01/06 13:29:10

[openssh.git] / sshd.c

diff --git a/sshd.c b/sshd.c
index 4b5f89e2a0c697f045ab082208f9d60f0cce8251..def90d827a2b34ef465f5db723e007ea979f464c 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -637,13 +637,6 @@ privsep_postauth(Authctxt *authctxt)
                goto skip;
        }
 
-       /* Authentication complete */
-       alarm(0);
-       if (startup_pipe != -1) {
-               close(startup_pipe);
-               startup_pipe = -1;
-       }
-
        /* New socket pair */
        monitor_reinit(pmonitor);
 
@@ -1682,10 +1675,10 @@ main(int ac, char **av)
        verbose("Connection from %.500s port %d", remote_ip, remote_port);
 
        /*
-        * We don\'t want to listen forever unless the other side
+        * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
         * cleared after successful authentication.  A limit of zero
-        * indicates no limit. Note that we don\'t set the alarm in debugging
+        * indicates no limit. Note that we don't set the alarm in debugging
         * mode; it is just annoying to have the server exit just when you
         * are about to discover the bug.
         */
@@ -1732,6 +1725,17 @@ main(int ac, char **av)
        }
 
  authenticated:
+       /*
+        * Cancel the alarm we set to limit the time taken for
+        * authentication.
+        */
+       alarm(0);
+       signal(SIGALRM, SIG_DFL);
+       if (startup_pipe != -1) {
+               close(startup_pipe);
+               startup_pipe = -1;
+       }
+
 #ifdef SSH_AUDIT_EVENTS
        audit_event(SSH_AUTH_SUCCESS);
 #endif