X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/98a58edad29e2c355de1a79d40801036a6bde5e8..0daa6547440ce987e35650166f45fb0b22635c40:/sshd.c

diff --git a/sshd.c b/sshd.c
index 86441cff..bc458488 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.268 2003/06/04 10:23:48 djm Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -112,11 +112,7 @@ char *config_file_name = _PATH_SERVER_CONFIG_FILE;
  * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
  * Default value is AF_UNSPEC means both IPv4 and IPv6.
  */
-#ifdef IPV4_DEFAULT
-int IPv4or6 = AF_INET;
-#else
 int IPv4or6 = AF_UNSPEC;
-#endif
 
 /*
  * Debug mode flag.  This can be set on the command line.  If debug
@@ -258,11 +254,11 @@ sighup_handler(int sig)
 static void
 sighup_restart(void)
 {
-	log("Received SIGHUP; restarting.");
+	logit("Received SIGHUP; restarting.");
 	close_listen_socks();
 	close_startup_pipes();
 	execv(saved_argv[0], saved_argv);
-	log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+	logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
 	    strerror(errno));
 	exit(1);
 }
@@ -376,7 +372,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
 		if (atomicio(write, sock_out, server_version_string,
 		    strlen(server_version_string))
 		    != strlen(server_version_string)) {
-			log("Could not write ident string to %s", get_remote_ipaddr());
+			logit("Could not write ident string to %s", get_remote_ipaddr());
 			fatal_cleanup();
 		}
 
@@ -384,7 +380,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
 		memset(buf, 0, sizeof(buf));
 		for (i = 0; i < sizeof(buf) - 1; i++) {
 			if (atomicio(read, sock_in, &buf[i], 1) != 1) {
-				log("Did not receive identification string from %s",
+				logit("Did not receive identification string from %s",
 				    get_remote_ipaddr());
 				fatal_cleanup();
 			}
@@ -415,7 +411,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
 		(void) atomicio(write, sock_out, s, strlen(s));
 		close(sock_in);
 		close(sock_out);
-		log("Bad protocol version identification '%.100s' from %s",
+		logit("Bad protocol version identification '%.100s' from %s",
 		    client_version_string, get_remote_ipaddr());
 		fatal_cleanup();
 	}
@@ -425,13 +421,13 @@ sshd_exchange_identification(int sock_in, int sock_out)
 	compat_datafellows(remote_version);
 
 	if (datafellows & SSH_BUG_PROBE) {
-		log("probed from %s with %s.  Don't panic.",
+		logit("probed from %s with %s.  Don't panic.",
 		    get_remote_ipaddr(), client_version_string);
 		fatal_cleanup();
 	}
 
 	if (datafellows & SSH_BUG_SCANNER) {
-		log("scanned from %s with %s.  Don't panic.",
+		logit("scanned from %s with %s.  Don't panic.",
 		    get_remote_ipaddr(), client_version_string);
 		fatal_cleanup();
 	}
@@ -476,7 +472,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
 		(void) atomicio(write, sock_out, s, strlen(s));
 		close(sock_in);
 		close(sock_out);
-		log("Protocol major versions differ for %s: %.200s vs. %.200s",
+		logit("Protocol major versions differ for %s: %.200s vs. %.200s",
 		    get_remote_ipaddr(),
 		    server_version_string, client_version_string);
 		fatal_cleanup();
@@ -568,8 +564,6 @@ privsep_preauth_child(void)
 	do_setusercontext(pw);
 #else
 	gidset[0] = pw->pw_gid;
-	if (setgid(pw->pw_gid) < 0)
-		fatal("setgid failed for %u", pw->pw_gid );
 	if (setgroups(1, gidset) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
 	permanently_set_uid(pw);
@@ -829,14 +823,15 @@ main(int ac, char **av)
 
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
-	saved_argv = av;
-	saved_argv = xmalloc(sizeof(*saved_argv) * ac);
+	saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
 	for (i = 0; i < ac; i++)
 		saved_argv[i] = xstrdup(av[i]);
+	saved_argv[i] = NULL;
 
 #ifndef HAVE_SETPROCTITLE
 	/* Prepare for later setproctitle emulation */
 	compat_init_setproctitle(ac, av);
+	av = saved_argv;
 #endif
 
 	/* Initialize configuration options to their default values. */
@@ -1010,15 +1005,15 @@ main(int ac, char **av)
 		    key_type(key));
 	}
 	if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
-		log("Disabling protocol version 1. Could not load host key");
+		logit("Disabling protocol version 1. Could not load host key");
 		options.protocol &= ~SSH_PROTO_1;
 	}
 	if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
-		log("Disabling protocol version 2. Could not load host key");
+		logit("Disabling protocol version 2. Could not load host key");
 		options.protocol &= ~SSH_PROTO_2;
 	}
 	if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
-		log("sshd: no hostkeys available -- exiting.");
+		logit("sshd: no hostkeys available -- exiting.");
 		exit(1);
 	}
 
@@ -1153,7 +1148,8 @@ main(int ac, char **av)
 				continue;
 			}
 			/* Create socket for listening. */
-			listen_sock = socket(ai->ai_family, SOCK_STREAM, 0);
+			listen_sock = socket(ai->ai_family, ai->ai_socktype,
+			    ai->ai_protocol);
 			if (listen_sock < 0) {
 				/* kernel may not support ipv6 */
 				verbose("socket: %.100s", strerror(errno));
@@ -1186,7 +1182,7 @@ main(int ac, char **av)
 			num_listen_socks++;
 
 			/* Start listening on the port. */
-			log("Server listening on %s port %s.", ntop, strport);
+			logit("Server listening on %s port %s.", ntop, strport);
 			if (listen(listen_sock, 5) < 0)
 				fatal("listen: %.100s", strerror(errno));
 
@@ -1262,7 +1258,7 @@ main(int ac, char **av)
 			if (ret < 0 && errno != EINTR)
 				error("select: %.100s", strerror(errno));
 			if (received_sigterm) {
-				log("Received signal %d; terminating.",
+				logit("Received signal %d; terminating.",
 				    (int) received_sigterm);
 				close_listen_socks();
 				unlink(options.pid_file);
@@ -1377,7 +1373,7 @@ main(int ac, char **av)
 				if ((options.protocol & SSH_PROTO_1) &&
 				    key_used == 0) {
 					/* Schedule server key regeneration alarm. */
-					signal(SIGALRM, key_regeneration_alarm);
+					mysignal(SIGALRM, key_regeneration_alarm);
 					alarm(options.key_regeneration_time);
 					key_used = 1;
 				}
@@ -1400,8 +1396,12 @@ main(int ac, char **av)
 	 * setlogin() affects the entire process group.  We don't
 	 * want the child to be able to affect the parent.
 	 */
-#if 0
-	/* XXX: this breaks Solaris */
+#if !defined(SSHD_ACQUIRES_CTTY)
+	/*
+	 * If setsid is called, on some platforms sshd will later acquire a
+	 * controlling terminal which will result in "could not set
+	 * controlling tty" errors.
+	 */
 	if (!debug_flag && !inetd_flag && setsid() < 0)
 		error("setsid: %.100s", strerror(errno));
 #endif
@@ -1462,7 +1462,7 @@ main(int ac, char **av)
 	 * mode; it is just annoying to have the server exit just when you
 	 * are about to discover the bug.
 	 */
-	signal(SIGALRM, grace_alarm_handler);
+	mysignal(SIGALRM, grace_alarm_handler);
 	if (!debug_flag)
 		alarm(options.login_grace_time);
 
@@ -1539,7 +1539,8 @@ main(int ac, char **av)
 	verbose("Closing connection to %.100s", remote_ip);
 
 #ifdef USE_PAM
-	finish_pam();
+	if (options.use_pam)
+		finish_pam();
 #endif /* USE_PAM */
 
 	packet_close();
@@ -1746,7 +1747,7 @@ do_ssh1_kex(void)
 		u_char *buf = xmalloc(bytes);
 		MD5_CTX md;
 
-		log("do_connection: generating a fake encryption key");
+		logit("do_connection: generating a fake encryption key");
 		BN_bn2bin(session_key_int, buf);
 		MD5_Init(&md);
 		MD5_Update(&md, buf, bytes);