X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/3a85986d3f277a68ff96095e452fdb6b93656cb6..b4bbf172dbda6f98756b1e531533caa932312974:/sshd.c

diff --git a/sshd.c b/sshd.c
index 4b5f89e2..e6b1f549 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,18 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $");
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <signal.h>
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -637,13 +648,6 @@ privsep_postauth(Authctxt *authctxt)
 		goto skip;
 	}
 
-	/* Authentication complete */
-	alarm(0);
-	if (startup_pipe != -1) {
-		close(startup_pipe);
-		startup_pipe = -1;
-	}
-
 	/* New socket pair */
 	monitor_reinit(pmonitor);
 
@@ -1330,10 +1334,10 @@ main(int ac, char **av)
 			num_listen_socks++;
 
 			/* Start listening on the port. */
-			logit("Server listening on %s port %s.", ntop, strport);
 			if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
-				fatal("listen: %.100s", strerror(errno));
-
+				fatal("listen on [%s]:%s: %.100s",
+				    ntop, strport, strerror(errno));
+			logit("Server listening on %s port %s.", ntop, strport);
 		}
 		freeaddrinfo(options.listen_addrs);
 
@@ -1682,10 +1686,10 @@ main(int ac, char **av)
 	verbose("Connection from %.500s port %d", remote_ip, remote_port);
 
 	/*
-	 * We don\'t want to listen forever unless the other side
+	 * We don't want to listen forever unless the other side
 	 * successfully authenticates itself.  So we set up an alarm which is
 	 * cleared after successful authentication.  A limit of zero
-	 * indicates no limit. Note that we don\'t set the alarm in debugging
+	 * indicates no limit. Note that we don't set the alarm in debugging
 	 * mode; it is just annoying to have the server exit just when you
 	 * are about to discover the bug.
 	 */
@@ -1732,6 +1736,17 @@ main(int ac, char **av)
 	}
 
  authenticated:
+	/*
+	 * Cancel the alarm we set to limit the time taken for
+	 * authentication.
+	 */
+	alarm(0);
+	signal(SIGALRM, SIG_DFL);
+	if (startup_pipe != -1) {
+		close(startup_pipe);
+		startup_pipe = -1;
+	}
+
 #ifdef SSH_AUDIT_EVENTS
 	audit_event(SSH_AUTH_SUCCESS);
 #endif
@@ -2028,6 +2043,7 @@ do_ssh2_kex(void)
 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 	kex->server = 1;
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;