+/* $OpenBSD: sshd.c,v 1.339 2006/07/22 20:48:23 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
# include <sys/stat.h>
#endif
#include <sys/ioctl.h>
+#include <sys/socket.h>
#include <sys/wait.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <netdb.h>
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
+#include <grp.h>
+#include <pwd.h>
#include <signal.h>
+#include <string.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
#include "monitor.h"
#include "monitor_wrap.h"
#include "monitor_fdpass.h"
+#include "version.h"
#ifdef LIBWRAP
#include <tcpd.h>
int startup_pipe; /* in child */
/* variables used for privilege separation */
-int use_privsep;
+int use_privsep = -1;
struct monitor *pmonitor = NULL;
/* global authentication context */
Authctxt *the_authctxt = NULL;
+/* sshd_config buffer */
+Buffer cfg;
+
/* message to be displayed after login */
Buffer loginmsg;
* Called from the main program after receiving SIGHUP.
* Restarts the server.
*/
-/*ARGSUSED*/
static void
sighup_restart(void)
{
{
extern char *optarg;
extern int optind;
- int opt, j, i, fdsetsz, on = 1;
+ int opt, j, i, on = 1;
int sock_in = -1, sock_out = -1, newsock = -1;
pid_t pid;
socklen_t fromlen;
Key *key;
Authctxt *authctxt;
int ret, key_used = 0;
- Buffer cfg;
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
- saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
+ saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
for (i = 0; i < ac; i++)
saved_argv[i] = xstrdup(av[i]);
saved_argv[i] = NULL;
case 'o':
line = xstrdup(optarg);
if (process_server_config_line(&options, line,
- "command-line", 0) != 0)
+ "command-line", 0, NULL, NULL, NULL, NULL) != 0)
exit(1);
xfree(line);
break;
else
load_server_config(config_file_name, &cfg);
- parse_server_config(&options,
- rexeced_flag ? "rexec" : config_file_name, &cfg);
-
- if (!rexec_flag)
- buffer_free(&cfg);
+ parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
+ &cfg, NULL, NULL, NULL);
seed_rng();
debug("sshd version %.100s", SSH_RELEASE);
/* load private host keys */
- sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+ sensitive_data.host_keys = xcalloc(options.num_host_key_files,
sizeof(Key *));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
debug("setgroups() failed: %.200s", strerror(errno));
if (rexec_flag) {
- rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
+ rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
for (i = 0; i < rexec_argc; i++) {
debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
rexec_argv[i] = saved_argv[i];
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
/* pipes connected to unauthenticated childs */
- startup_pipes = xmalloc(options.max_startups * sizeof(int));
+ startup_pipes = xcalloc(options.max_startups, sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
sighup_restart();
if (fdset != NULL)
xfree(fdset);
- fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
- fdset = (fd_set *)xmalloc(fdsetsz);
- memset(fdset, 0, fdsetsz);
+ fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
+ sizeof(fd_mask));
for (i = 0; i < num_listen_socks; i++)
FD_SET(listen_socks[i], fdset);
* We use get_canonical_hostname with usedns = 0 instead of
* get_remote_ipaddr here so IP options will be checked.
*/
- remote_ip = get_canonical_hostname(0);
+ (void) get_canonical_hostname(0);
+ /*
+ * The rest of the code depends on the fact that
+ * get_remote_ipaddr() caches the remote ip, even if
+ * the socket goes away.
+ */
+ remote_ip = get_remote_ipaddr();
#ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port);
packet_set_nonblocking();
/* allocate authentication context */
- authctxt = xmalloc(sizeof(*authctxt));
- memset(authctxt, 0, sizeof(*authctxt));
+ authctxt = xcalloc(1, sizeof(*authctxt));
authctxt->loginmsg = &loginmsg;