summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-01-19 04:26:52 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-01-19 04:26:52 +0000
commitdb65e8fdedadaf79df2d8393a4d43e9094c80649 (patch)
treee5902db5ee2b69f9f3c2fa0dbdeb7f4fc20c68b4 /sshd.c
parent5aa80596f76ce36dee4623a00a55548834c3328d (diff)
Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location. As for the SKEY comment there is an email out to Markus as to how it should be resolved. Until then I just #ifdef SKEY/#endif out the whole block. - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/18 16:20:21 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems - markus@cvs.openbsd.org 2001/01/18 16:59:59 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c session.h sshconnect1.c] 1) removes fake skey from sshd, since this will be much harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier. - markus@cvs.openbsd.org 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c53
1 files changed, 26 insertions, 27 deletions
diff --git a/sshd.c b/sshd.c
index be7ae5ab..7f9c3ee7 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.150 2001/01/13 18:32:51 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.152 2001/01/18 16:20:22 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -153,10 +153,10 @@ struct {
} sensitive_data;
/*
- * Flag indicating whether the current session key has been used. This flag
- * is set whenever the key is used, and cleared when the key is regenerated.
+ * Flag indicating whether the RSA server key needs to be regenerated.
+ * Is set in the SIGALRM handler and cleared when the key is regenerated.
*/
-int key_used = 0;
+int key_do_regen = 0;
/* This is set to true when SIGHUP is received. */
int received_sighup = 0;
@@ -266,7 +266,6 @@ grace_alarm_handler(int sig)
* do anything with the private key or random state before forking.
* Thus there should be no concurrency control/asynchronous execution
* problems.
- * XXX calling log() is not safe from races.
*/
void
generate_empheral_server_key(void)
@@ -284,17 +283,9 @@ void
key_regeneration_alarm(int sig)
{
int save_errno = errno;
-
- /* Check if we should generate a new key. */
- if (key_used) {
- /* This should really be done in the background. */
- generate_empheral_server_key();
- key_used = 0;
- }
- /* Reschedule the alarm. */
- signal(SIGALRM, key_regeneration_alarm);
- alarm(options.key_regeneration_time);
+ signal(SIGALRM, SIG_DFL);
errno = save_errno;
+ key_do_regen = 1;
}
void
@@ -568,6 +559,7 @@ main(int ac, char **av)
int listen_sock, maxfd;
int startup_p[2];
int startups = 0;
+ int ret, key_used = 0;
__progname = get_progname(av[0]);
init_rng();
@@ -674,7 +666,7 @@ main(int ac, char **av)
* key (unless started from inetd)
*/
log_init(__progname,
- options.log_level == -1 ? SYSLOG_LEVEL_NOTICE : options.log_level,
+ options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
!silent && !inetd_flag);
@@ -890,14 +882,9 @@ main(int ac, char **av)
fclose(f);
}
}
- if (options.protocol & SSH_PROTO_1) {
+ if (options.protocol & SSH_PROTO_1)
generate_empheral_server_key();
- /* Schedule server key regeneration alarm. */
- signal(SIGALRM, key_regeneration_alarm);
- alarm(options.key_regeneration_time);
- }
-
/* Arrange to restart on SIGHUP. The handler needs listen_sock. */
signal(SIGHUP, sighup_handler);
@@ -938,11 +925,17 @@ main(int ac, char **av)
FD_SET(startup_pipes[i], fdset);
/* Wait in select until there is a connection. */
- if (select(maxfd+1, fdset, NULL, NULL, NULL) < 0) {
- if (errno != EINTR)
- error("select: %.100s", strerror(errno));
- continue;
+ ret = select(maxfd+1, fdset, NULL, NULL, NULL);
+ if (ret < 0 && errno != EINTR)
+ error("select: %.100s", strerror(errno));
+ if (key_used && key_do_regen) {
+ generate_empheral_server_key();
+ key_used = 0;
+ key_do_regen = 0;
}
+ if (ret < 0)
+ continue;
+
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1 &&
FD_ISSET(startup_pipes[i], fdset)) {
@@ -1042,7 +1035,13 @@ main(int ac, char **av)
close(startup_p[1]);
/* Mark that the key has been used (it was "given" to the child). */
- key_used = 1;
+ if ((options.protocol & SSH_PROTO_1) &&
+ key_used == 0) {
+ /* Schedule server key regeneration alarm. */
+ signal(SIGALRM, key_regeneration_alarm);
+ alarm(options.key_regeneration_time);
+ key_used = 1;
+ }
arc4random_stir();