- deraadt@cvs.openbsd.org 2006/03/19 18:53:12

[openssh.git] / sshd.c

diff --git a/sshd.c b/sshd.c
index 4b5f89e2a0c697f045ab082208f9d60f0cce8251..e6b1f5496656aa94d4204f32a693d014be5f24b7 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,18 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $");
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <signal.h>
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -637,13 +648,6 @@ privsep_postauth(Authctxt *authctxt)
                goto skip;
        }
 
-       /* Authentication complete */
-       alarm(0);
-       if (startup_pipe != -1) {
-               close(startup_pipe);
-               startup_pipe = -1;
-       }
-
        /* New socket pair */
        monitor_reinit(pmonitor);
 
@@ -1330,10 +1334,10 @@ main(int ac, char **av)
                        num_listen_socks++;
 
                        /* Start listening on the port. */
-                       logit("Server listening on %s port %s.", ntop, strport);
                        if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
-                               fatal("listen: %.100s", strerror(errno));
-
+                               fatal("listen on [%s]:%s: %.100s",
+                                   ntop, strport, strerror(errno));
+                       logit("Server listening on %s port %s.", ntop, strport);
                }
                freeaddrinfo(options.listen_addrs);
 
@@ -1682,10 +1686,10 @@ main(int ac, char **av)
        verbose("Connection from %.500s port %d", remote_ip, remote_port);
 
        /*
-        * We don\'t want to listen forever unless the other side
+        * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
         * cleared after successful authentication.  A limit of zero
-        * indicates no limit. Note that we don\'t set the alarm in debugging
+        * indicates no limit. Note that we don't set the alarm in debugging
         * mode; it is just annoying to have the server exit just when you
         * are about to discover the bug.
         */
@@ -1732,6 +1736,17 @@ main(int ac, char **av)
        }
 
  authenticated:
+       /*
+        * Cancel the alarm we set to limit the time taken for
+        * authentication.
+        */
+       alarm(0);
+       signal(SIGALRM, SIG_DFL);
+       if (startup_pipe != -1) {
+               close(startup_pipe);
+               startup_pipe = -1;
+       }
+
 #ifdef SSH_AUDIT_EVENTS
        audit_event(SSH_AUTH_SUCCESS);
 #endif
@@ -2028,6 +2043,7 @@ do_ssh2_kex(void)
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+       kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
        kex->server = 1;
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;