-/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.351 2007/05/22 10:18:52 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
logit("Received SIGHUP; restarting.");
close_listen_socks();
close_startup_pipes();
+ alarm(0); /* alarm timer persists across exec */
execv(saved_argv[0], saved_argv);
logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
+ /* challenge-response is implemented via keyboard interactive */
+ if (options.challenge_response_authentication)
+ options.kbd_interactive_authentication = 1;
+
/* set default channel AF */
channel_set_af(options.address_family);
debug("sshd version %.100s", SSH_RELEASE);
- /* Store privilege separation user for later use */
- if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
- fatal("Privilege separation user %s does not exist",
- SSH_PRIVSEP_USER);
- memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
- strlcpy(privsep_pw->pw_passwd, "*", sizeof(privsep_pw->pw_passwd));
- privsep_pw = pwcopy(privsep_pw);
+ /* Store privilege separation user for later use if required. */
+ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+ if (use_privsep || options.kerberos_authentication)
+ fatal("Privilege separation user %s does not exist",
+ SSH_PRIVSEP_USER);
+ } else {
+ memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+ privsep_pw = pwcopy(privsep_pw);
+ xfree(privsep_pw->pw_passwd);
+ privsep_pw->pw_passwd = xstrdup("*");
+ }
endpwent();
/* load private host keys */
* key is in the highest bits.
*/
if (!rsafail) {
- BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+ (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
len = BN_num_bytes(session_key_int);
if (len < 0 || (u_int)len > sizeof(session_key)) {
- error("do_connection: bad session key len from %s: "
+ error("do_ssh1_kex: bad session key len from %s: "
"session_key_int %d > sizeof(session_key) %lu",
get_remote_ipaddr(), len, (u_long)sizeof(session_key));
rsafail++;