]> andersk Git - openssh.git/blobdiff - sshd.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- djm@cvs.openbsd.org 2010/01/30 02:54:53
[openssh.git] / sshd.c
diff --git a/sshd.c b/sshd.c
index 91831e208707a77b347c12e42d61862a6782e460..bf2e76cc8ef45a368a5ede22c9d1ddde8e5562f5 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.367 2009/05/28 16:50:16 andreas Exp $ */
+/* $OpenBSD: sshd.c,v 1.372 2010/01/29 00:20:41 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -309,6 +309,7 @@ sighup_restart(void)
        close_listen_socks();
        close_startup_pipes();
        alarm(0);  /* alarm timer persists across exec */
+       signal(SIGHUP, SIG_IGN); /* will be restored after exec */
        execv(saved_argv[0], saved_argv);
        logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
            strerror(errno));
@@ -578,7 +579,7 @@ demote_sensitive_data(void)
 static void
 privsep_preauth_child(void)
 {
-       u_int32_t rnd[256];
+       u_int32_t rnd[256];
        gid_t gidset[1];
 
        /* Enable challenge-response authentication for privilege separation */
@@ -979,15 +980,9 @@ server_listen(void)
                    &on, sizeof(on)) == -1)
                        error("setsockopt SO_REUSEADDR: %s", strerror(errno));
 
-#ifdef IPV6_V6ONLY
                /* Only communicate in IPv6 over AF_INET6 sockets. */
-               if (ai->ai_family == AF_INET6) {
-                       if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY,
-                           &on, sizeof(on)) == -1)
-                               error("setsockopt IPV6_V6ONLY: %s",
-                                   strerror(errno));
-               }
-#endif
+               if (ai->ai_family == AF_INET6)
+                       sock_set_v6only(listen_sock);
 
                debug("Bind to port %s on %s.", strport, ntop);
 
@@ -1356,7 +1351,8 @@ main(int ac, char **av)
                                fprintf(stderr, "too many host keys.\n");
                                exit(1);
                        }
-                       options.host_key_files[options.num_host_key_files++] = optarg;
+                       options.host_key_files[options.num_host_key_files++] = 
+                          derelativise_path(optarg);
                        break;
                case 't':
                        test_flag = 1;
@@ -1662,6 +1658,7 @@ main(int ac, char **av)
        if (inetd_flag) {
                server_accept_inetd(&sock_in, &sock_out);
        } else {
+               platform_pre_listen();
                server_listen();
 
                if (options.protocol & SSH_PROTO_1)
@@ -1751,6 +1748,10 @@ main(int ac, char **av)
                    sock_in, sock_out, newsock, startup_pipe, config_s[0]);
        }
 
+       /* Executed child processes don't need these. */
+       fcntl(sock_out, F_SETFD, FD_CLOEXEC);
+       fcntl(sock_in, F_SETFD, FD_CLOEXEC);
+
        /*
         * Disable the key regeneration alarm.  We will not regenerate the
         * key since we are no longer in a position to give it to anyone. We
git-cvsimport mirror of OpenSSH
This page took 0.05784 seconds and 4 git commands to generate.