- (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem

[openssh.git] / sshd.c

diff --git a/sshd.c b/sshd.c
index f9b87ea1ce50a77327a8ccfc356160b31be5be1c..3b5cd3cfd60edea82dcdce7dc810396f185901b5 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.360 2008/06/12 20:38:28 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.366 2009/01/22 10:02:34 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -117,7 +117,6 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
-#include "monitor_fdpass.h"
 #include "version.h"
 
 #ifdef LIBWRAP
@@ -399,7 +398,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
        int mismatch;
        int remote_major, remote_minor;
        int major, minor;
-       char *s;
+       char *s, *newline = "\n";
        char buf[256];                  /* Must not be larger than remote_version. */
        char remote_version[256];       /* Must be at least as big as buf. */
 
@@ -410,11 +409,13 @@ sshd_exchange_identification(int sock_in, int sock_out)
        } else if (options.protocol & SSH_PROTO_2) {
                major = PROTOCOL_MAJOR_2;
                minor = PROTOCOL_MINOR_2;
+               newline = "\r\n";
        } else {
                major = PROTOCOL_MAJOR_1;
                minor = PROTOCOL_MINOR_1;
        }
-       snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
+       snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
+           SSH_VERSION, newline);
        server_version_string = xstrdup(buf);
 
        /* Send our protocol version identification. */
@@ -675,7 +676,7 @@ privsep_postauth(Authctxt *authctxt)
        if (pmonitor->m_pid == -1)
                fatal("fork of unprivileged child failed");
        else if (pmonitor->m_pid != 0) {
-               debug2("User child is on pid %ld", (long)pmonitor->m_pid);
+               verbose("User child is on pid %ld", (long)pmonitor->m_pid);
                close(pmonitor->m_recvfd);
                buffer_clear(&loginmsg);
                monitor_child_postauth(pmonitor);
@@ -1094,7 +1095,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                        *newsock = accept(listen_socks[i],
                            (struct sockaddr *)&from, &fromlen);
                        if (*newsock < 0) {
-                               if (errno != EINTR && errno != EWOULDBLOCK)
+                               if (errno != EINTR && errno != EAGAIN &&
+                                   errno != EWOULDBLOCK)
                                        error("accept: %.100s", strerror(errno));
                                continue;
                        }
@@ -1245,6 +1247,8 @@ main(int ac, char **av)
        int remote_port;
        char *line, *p, *cp;
        int config_s[2] = { -1 , -1 };
+       u_int64_t ibytes, obytes;
+       mode_t new_umask;
        Key *key;
        Authctxt *authctxt;
 
@@ -1329,7 +1333,7 @@ main(int ac, char **av)
                                exit(1);
                        }
                        options.ports[options.num_ports++] = a2port(optarg);
-                       if (options.ports[options.num_ports-1] == 0) {
+                       if (options.ports[options.num_ports-1] <= 0) {
                                fprintf(stderr, "Bad port number.\n");
                                exit(1);
                        }
@@ -1441,7 +1445,8 @@ main(int ac, char **av)
         * the parameters we need.  If we're not doing an extended test,
         * do not silently ignore connection test params.
         */
-       if (test_flag >= 2 && (test_user != NULL || test_host != NULL || test_addr != NULL)
+       if (test_flag >= 2 &&
+          (test_user != NULL || test_host != NULL || test_addr != NULL)
            && (test_user == NULL || test_host == NULL || test_addr == NULL))
                fatal("user, host and addr are all required when testing "
                   "Match configs");
@@ -1609,6 +1614,10 @@ main(int ac, char **av)
                rexec_argv[rexec_argc + 1] = NULL;
        }
 
+       /* Ensure that umask disallows at least group and world write */
+       new_umask = umask(0077) | 0022;
+       (void) umask(new_umask);
+
        /* Initialize the log (it is reinitialized below in case we forked). */
        if (debug_flag && (!inetd_flag || rexeced_flag))
                log_stderr = 1;
@@ -1910,7 +1919,11 @@ main(int ac, char **av)
        do_authenticated(authctxt);
 
        /* The connection has been terminated. */
-       verbose("Closing connection to %.100s", remote_ip);
+       packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
+       packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
+       verbose("Transferred: sent %llu, received %llu bytes", obytes, ibytes);
+
+       verbose("Closing connection to %.500s port %d", remote_ip, remote_port);
 
 #ifdef USE_PAM
        if (options.use_pam)