- stevesk@cvs.openbsd.org 2002/08/08 23:54:52

[openssh.git] / sshd.c

diff --git a/sshd.c b/sshd.c
index 765dac99c2ae72b998a13af1c5419a7f01df3c80..55c57e1955dd9dd5684fe9a85cdbed57c61d8af3 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.254 2002/06/30 21:54:16 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.257 2002/07/23 16:03:10 stevesk Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -303,9 +303,6 @@ grace_alarm_handler(int sig)
 {
        /* XXX no idea how fix this signal handler */
 
-       /* Close the connection. */
-       packet_close();
-
        /* Log error and exit. */
        fatal("Timeout before authentication for %s.", get_remote_ipaddr());
 }
@@ -550,7 +547,7 @@ privsep_preauth_child(void)
        memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
        endpwent();
 
-       /* Change our root directory*/
+       /* Change our root directory */
        if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
                fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
                    strerror(errno));
@@ -573,7 +570,7 @@ privsep_preauth_child(void)
 #endif
 }
 
-static Authctxt*
+static Authctxt *
 privsep_preauth(void)
 {
        Authctxt *authctxt = NULL;
@@ -589,6 +586,8 @@ privsep_preauth(void)
        if (pid == -1) {
                fatal("fork of unprivileged child failed");
        } else if (pid != 0) {
+               fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
                debug2("Network child is on pid %ld", (long)pid);
 
                close(pmonitor->m_recvfd);
@@ -602,6 +601,10 @@ privsep_preauth(void)
                while (waitpid(pid, &status, 0) < 0)
                        if (errno != EINTR)
                                break;
+
+               /* Reinstall, since the child has finished */
+               fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
+
                return (authctxt);
        } else {
                /* child */
@@ -624,7 +627,7 @@ privsep_postauth(Authctxt *authctxt)
        /* XXX - Remote port forwarding */
        x_authctxt = authctxt;
 
-#ifdef BROKEN_FD_PASSING
+#ifdef DISABLE_FD_PASSING
        if (1) {
 #else
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
@@ -649,6 +652,8 @@ privsep_postauth(Authctxt *authctxt)
        if (pmonitor->m_pid == -1)
                fatal("fork of unprivileged child failed");
        else if (pmonitor->m_pid != 0) {
+               fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
                debug2("User child is on pid %ld", (long)pmonitor->m_pid);
                close(pmonitor->m_recvfd);
                monitor_child_postauth(pmonitor);
@@ -906,8 +911,10 @@ main(int ac, char **av)
                        break;
                case 'u':
                        utmp_len = atoi(optarg);
-                       if (utmp_len < 0 || utmp_len > MAXHOSTNAMELEN)
-                               usage();
+                       if (utmp_len > MAXHOSTNAMELEN) {
+                               fprintf(stderr, "Invalid utmp length.\n");
+                               exit(1);
+                       }
                        break;
                case 'o':
                        if (process_server_config_line(&options, optarg,
@@ -934,7 +941,7 @@ main(int ac, char **av)
            SYSLOG_FACILITY_AUTH : options.log_facility,
            !inetd_flag);
 
-#ifdef _CRAY
+#if defined(_CRAY) && !defined(_CRAYSV2)
        /* Cray can define user privs drop all prives now!
         * Not needed on PRIV_SU systems!
         */
@@ -958,7 +965,8 @@ main(int ac, char **av)
        debug("sshd version %.100s", SSH_VERSION);
 
        /* load private host keys */
-       sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
+       sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+           sizeof(Key *));
        for (i = 0; i < options.num_host_key_files; i++)
                sensitive_data.host_keys[i] = NULL;
        sensitive_data.server_key = NULL;