-/* $OpenBSD: sshd.c,v 1.330 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.339 2006/07/22 20:48:23 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
# include <sys/stat.h>
#endif
#include <sys/ioctl.h>
+#include <sys/socket.h>
#include <sys/wait.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <netdb.h>
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
+#include <grp.h>
+#include <pwd.h>
#include <signal.h>
+#include <string.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
#include "monitor.h"
#include "monitor_wrap.h"
#include "monitor_fdpass.h"
+#include "version.h"
#ifdef LIBWRAP
#include <tcpd.h>
int startup_pipe; /* in child */
/* variables used for privilege separation */
-int use_privsep;
+int use_privsep = -1;
struct monitor *pmonitor = NULL;
/* global authentication context */
Authctxt *the_authctxt = NULL;
+/* sshd_config buffer */
+Buffer cfg;
+
/* message to be displayed after login */
Buffer loginmsg;
Key *key;
Authctxt *authctxt;
int ret, key_used = 0;
- Buffer cfg;
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
- saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
+ saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
for (i = 0; i < ac; i++)
saved_argv[i] = xstrdup(av[i]);
saved_argv[i] = NULL;
case 'o':
line = xstrdup(optarg);
if (process_server_config_line(&options, line,
- "command-line", 0) != 0)
+ "command-line", 0, NULL, NULL, NULL, NULL) != 0)
exit(1);
xfree(line);
break;
else
load_server_config(config_file_name, &cfg);
- parse_server_config(&options,
- rexeced_flag ? "rexec" : config_file_name, &cfg);
-
- if (!rexec_flag)
- buffer_free(&cfg);
+ parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
+ &cfg, NULL, NULL, NULL);
seed_rng();
* We use get_canonical_hostname with usedns = 0 instead of
* get_remote_ipaddr here so IP options will be checked.
*/
- remote_ip = get_canonical_hostname(0);
+ (void) get_canonical_hostname(0);
+ /*
+ * The rest of the code depends on the fact that
+ * get_remote_ipaddr() caches the remote ip, even if
+ * the socket goes away.
+ */
+ remote_ip = get_remote_ipaddr();
#ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port);