tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- mouring@cvs.openbsd.org 2002/05/15 15:47:49 

[kex.c monitor.c monitor_wrap.c sshd.c]
     'monitor' variable clashes with at least one lame platform (NeXT).  i
     Renamed to 'pmonitor'.  provos@
 - (bal) Fixed up PAM case.  I think.
This commit is contained in:
Ben Lindstrom 2002-05-15 16:25:01 +00:00
parent bdde330d2f
commit 7339b2a278
5 changed files with 93 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -28,6 +28,11 @@
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
20020514
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
@ -632,4 +637,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2128 2002/05/15 16:19:37 mouring Exp $
$Id: ChangeLog,v 1.2129 2002/05/15 16:25:01 mouring Exp $

4
kex.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $");
RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
#include <openssl/crypto.h>
@ -46,7 +46,7 @@ RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $");
/* Use privilege separation for sshd */
int use_privsep;
struct monitor *monitor;
struct monitor *pmonitor;
/* prototype */

40
monitor.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.10 2002/05/12 23:53:45 djm Exp $");
RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $");
#include <openssl/dh.h>
@ -240,7 +240,7 @@ monitor_permit_authentications(int permit)
}
Authctxt *
monitor_child_preauth(struct monitor *monitor)
monitor_child_preauth(struct monitor *pmonitor)
{
struct mon_table *ent;
int authenticated = 0;
@ -263,7 +263,7 @@ monitor_child_preauth(struct monitor *monitor)
/* The first few requests do not require asynchronous access */
while (!authenticated) {
authenticated = monitor_read(monitor, mon_dispatch, &ent);
authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
@ -291,13 +291,13 @@ monitor_child_preauth(struct monitor *monitor)
debug("%s: %s has been authenticated by privileged process",
__FUNCTION__, authctxt->user);
mm_get_keystate(monitor);
mm_get_keystate(pmonitor);
return (authctxt);
}
void
monitor_child_postauth(struct monitor *monitor)
monitor_child_postauth(struct monitor *pmonitor)
{
if (compat20) {
mon_dispatch = mon_dispatch_postauth20;
@ -317,18 +317,18 @@ monitor_child_postauth(struct monitor *monitor)
}
for (;;)
monitor_read(monitor, mon_dispatch, NULL);
monitor_read(pmonitor, mon_dispatch, NULL);
}
void
monitor_sync(struct monitor *monitor)
monitor_sync(struct monitor *pmonitor)
{
/* The member allocation is not visible, so sync it */
mm_share_sync(&monitor->m_zlib, &monitor->m_zback);
mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
}
int
monitor_read(struct monitor *monitor, struct mon_table *ent,
monitor_read(struct monitor *pmonitor, struct mon_table *ent,
struct mon_table **pent)
{
Buffer m;
@ -337,7 +337,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent,
buffer_init(&m);
mm_request_receive(monitor->m_sendfd, &m);
mm_request_receive(pmonitor->m_sendfd, &m);
type = buffer_get_char(&m);
debug3("%s: checking request %d", __FUNCTION__, type);
@ -352,7 +352,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent,
if (!(ent->flags & MON_PERMIT))
fatal("%s: unpermitted request %d", __FUNCTION__,
type);
ret = (*ent->f)(monitor->m_sendfd, &m);
ret = (*ent->f)(pmonitor->m_sendfd, &m);
buffer_free(&m);
/* The child may use this request only once, disable it */
@ -1003,7 +1003,7 @@ mm_session_close(Session *s)
int
mm_answer_pty(int socket, Buffer *m)
{
extern struct monitor *monitor;
extern struct monitor *pmonitor;
Session *s;
int res, fd0;
@ -1015,7 +1015,7 @@ mm_answer_pty(int socket, Buffer *m)
goto error;
s->authctxt = authctxt;
s->pw = authctxt->pw;
s->pid = monitor->m_pid;
s->pid = pmonitor->m_pid;
res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
if (res == 0)
goto error;
@ -1252,7 +1252,7 @@ mm_answer_rsa_response(int socket, Buffer *m)
int
mm_answer_term(int socket, Buffer *req)
{
extern struct monitor *monitor;
extern struct monitor *pmonitor;
int res, status;
debug3("%s: tearing down sessions", __FUNCTION__);
@ -1260,7 +1260,7 @@ mm_answer_term(int socket, Buffer *req)
/* The child is terminating */
session_destroy_all(&mm_session_close);
while (waitpid(monitor->m_pid, &status, 0) == -1)
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);
@ -1271,7 +1271,7 @@ mm_answer_term(int socket, Buffer *req)
}
void
monitor_apply_keystate(struct monitor *monitor)
monitor_apply_keystate(struct monitor *pmonitor)
{
if (compat20) {
set_newkeys(MODE_IN);
@ -1303,7 +1303,7 @@ monitor_apply_keystate(struct monitor *monitor)
sizeof(outgoing_stream));
/* Update with new address */
mm_init_compression(monitor->m_zlib);
mm_init_compression(pmonitor->m_zlib);
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
@ -1353,7 +1353,7 @@ mm_get_kex(Buffer *m)
/* This function requries careful sanity checking */
void
mm_get_keystate(struct monitor *monitor)
mm_get_keystate(struct monitor *pmonitor)
{
Buffer m;
u_char *blob, *p;
@ -1362,7 +1362,7 @@ mm_get_keystate(struct monitor *monitor)
debug3("%s: Waiting for new keys", __FUNCTION__);
buffer_init(&m);
mm_request_receive_expect(monitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
if (!compat20) {
child_state.ssh1protoflags = buffer_get_int(&m);
child_state.ssh1cipher = buffer_get_int(&m);
@ -1372,7 +1372,7 @@ mm_get_keystate(struct monitor *monitor)
goto skip;
} else {
/* Get the Kex for rekeying */
*monitor->m_pkex = mm_get_kex(&m);
*pmonitor->m_pkex = mm_get_kex(&m);
}
blob = buffer_get_string(&m, &bloblen);

90
monitor_wrap.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor_wrap.c,v 1.6 2002/05/12 23:53:45 djm Exp $");
RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
@ -56,7 +56,7 @@ extern int compat20;
extern Newkeys *newkeys[];
extern z_stream incoming_stream;
extern z_stream outgoing_stream;
extern struct monitor *monitor;
extern struct monitor *pmonitor;
extern Buffer input, output;
void
@ -126,10 +126,10 @@ mm_choose_dh(int min, int nbits, int max)
buffer_put_int(&m, nbits);
buffer_put_int(&m, max);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_MODULI, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_MODULI, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
success = buffer_get_char(&m);
if (success == 0)
@ -151,7 +151,7 @@ mm_choose_dh(int min, int nbits, int max)
int
mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
{
Kex *kex = *monitor->m_pkex;
Kex *kex = *pmonitor->m_pkex;
Buffer m;
debug3("%s entering", __FUNCTION__);
@ -160,10 +160,10 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
buffer_put_int(&m, kex->host_key_index(key));
buffer_put_string(&m, data, datalen);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_SIGN, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SIGN, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
*sigp = buffer_get_string(&m, lenp);
buffer_free(&m);
@ -182,10 +182,10 @@ mm_getpwnamallow(const char *login)
buffer_init(&m);
buffer_put_cstring(&m, login);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
if (buffer_get_char(&m) == 0) {
buffer_free(&m);
@ -215,10 +215,10 @@ char* mm_auth2_read_banner(void)
debug3("%s entering", __FUNCTION__);
buffer_init(&m);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
buffer_clear(&m);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
banner = buffer_get_string(&m, NULL);
buffer_free(&m);
@ -238,7 +238,7 @@ mm_inform_authserv(char *service, char *style)
buffer_put_cstring(&m, service);
buffer_put_cstring(&m, style ? style : "");
mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
buffer_free(&m);
}
@ -254,10 +254,10 @@ mm_auth_password(Authctxt *authctxt, char *password)
buffer_init(&m);
buffer_put_cstring(&m, password);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
authenticated = buffer_get_int(&m);
@ -327,10 +327,10 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
buffer_put_string(&m, blob, len);
xfree(blob);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
allowed = buffer_get_int(&m);
@ -368,10 +368,10 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
buffer_put_string(&m, data, datalen);
xfree(blob);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
verified = buffer_get_int(&m);
@ -510,7 +510,7 @@ mm_send_kex(Buffer *m, Kex *kex)
}
void
mm_send_keystate(struct monitor *monitor)
mm_send_keystate(struct monitor *pmonitor)
{
Buffer m;
u_char *blob, *p;
@ -536,7 +536,7 @@ mm_send_keystate(struct monitor *monitor)
goto skip;
} else {
/* Kex for rekeying */
mm_send_kex(&m, *monitor->m_pkex);
mm_send_kex(&m, *pmonitor->m_pkex);
}
debug3("%s: Sending new keys: %p %p",
@ -582,7 +582,7 @@ mm_send_keystate(struct monitor *monitor)
buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
debug3("%s: Finished sending state", __FUNCTION__);
buffer_free(&m);
@ -596,10 +596,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
int success = 0;
buffer_init(&m);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTY, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PTY, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
success = buffer_get_int(&m);
if (success == 0) {
@ -613,8 +613,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
xfree(p);
*ptyfd = mm_receive_fd(monitor->m_recvfd);
*ttyfd = mm_receive_fd(monitor->m_recvfd);
*ptyfd = mm_receive_fd(pmonitor->m_recvfd);
*ttyfd = mm_receive_fd(pmonitor->m_recvfd);
/* Success */
return (1);
@ -630,7 +630,7 @@ mm_session_pty_cleanup2(void *session)
return;
buffer_init(&m);
buffer_put_cstring(&m, s->tty);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
buffer_free(&m);
/* closed dup'ed master */
@ -652,7 +652,7 @@ mm_start_pam(char *user)
buffer_init(&m);
buffer_put_cstring(&m, user);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
buffer_free(&m);
}
@ -666,7 +666,7 @@ mm_terminate(void)
Buffer m;
buffer_init(&m);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_TERM, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
buffer_free(&m);
}
@ -678,9 +678,9 @@ mm_ssh1_session_key(BIGNUM *num)
buffer_init(&m);
buffer_put_bignum2(&m, num);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
rsafail = buffer_get_int(&m);
buffer_get_bignum2(&m, num);
@ -713,9 +713,9 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
debug3("%s: entering", __FUNCTION__);
buffer_init(&m);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
res = buffer_get_int(&m);
if (res == -1) {
@ -748,9 +748,9 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
buffer_init(&m);
buffer_put_cstring(&m, responses[0]);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
mm_request_receive_expect(monitor->m_recvfd,
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_BSDAUTHRESPOND, &m);
authok = buffer_get_int(&m);
@ -770,9 +770,9 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
debug3("%s: entering", __FUNCTION__);
buffer_init(&m);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
&m);
res = buffer_get_int(&m);
if (res == -1) {
@ -811,9 +811,9 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses)
buffer_init(&m);
buffer_put_cstring(&m, responses[0]);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
mm_request_receive_expect(monitor->m_recvfd,
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_SKEYRESPOND, &m);
authok = buffer_get_int(&m);
@ -834,7 +834,7 @@ mm_ssh1_session_id(u_char session_id[16])
for (i = 0; i < 16; i++)
buffer_put_char(&m, session_id[i]);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSID, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
buffer_free(&m);
}
@ -852,8 +852,8 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
buffer_init(&m);
buffer_put_bignum2(&m, client_n);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
allowed = buffer_get_int(&m);
@ -892,8 +892,8 @@ mm_auth_rsa_generate_challenge(Key *key)
buffer_put_string(&m, blob, blen);
xfree(blob);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
buffer_get_bignum2(&m, challenge);
buffer_free(&m);
@ -921,8 +921,8 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
buffer_put_string(&m, response, 16);
xfree(blob);
mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
success = buffer_get_int(&m);
buffer_free(&m);

40
sshd.c
View File

@ -42,7 +42,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $");
RCSID("$OpenBSD: sshd.c,v 1.242 2002/05/15 15:47:49 mouring Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@ -202,7 +202,7 @@ int *startup_pipes = NULL;
int startup_pipe; /* in child */
/* variables used for privilege separation */
extern struct monitor *monitor;
extern struct monitor *pmonitor;
extern int use_privsep;
/* Prototypes for various functions defined later in this file. */
@ -566,9 +566,9 @@ privsep_preauth(void)
pid_t pid;
/* Set up unprivileged child process to deal with network data */
monitor = monitor_init();
pmonitor = monitor_init();
/* Store a pointer to the kex for later rekeying */
monitor->m_pkex = &xxx_kex;
pmonitor->m_pkex = &xxx_kex;
pid = fork();
if (pid == -1) {
@ -576,12 +576,12 @@ privsep_preauth(void)
} else if (pid != 0) {
debug2("Network child is on pid %d", pid);
close(monitor->m_recvfd);
authctxt = monitor_child_preauth(monitor);
close(monitor->m_sendfd);
close(pmonitor->m_recvfd);
authctxt = monitor_child_preauth(pmonitor);
close(pmonitor->m_sendfd);
/* Sync memory */
monitor_sync(monitor);
monitor_sync(pmonitor);
/* Wait for the child's exit status */
while (waitpid(pid, &status, 0) < 0)
@ -591,7 +591,7 @@ privsep_preauth(void)
} else {
/* child */
close(monitor->m_sendfd);
close(pmonitor->m_sendfd);
/* Demote the child */
if (getuid() == 0 || geteuid() == 0)
@ -611,7 +611,7 @@ privsep_postauth(Authctxt *authctxt)
if (authctxt->pw->pw_uid == 0 || options.use_login) {
/* File descriptor passing is broken or root login */
monitor_apply_keystate(monitor);
monitor_apply_keystate(pmonitor);
use_privsep = 0;
return;
}
@ -624,21 +624,21 @@ privsep_postauth(Authctxt *authctxt)
}
/* New socket pair */
monitor_reinit(monitor);
monitor_reinit(pmonitor);
monitor->m_pid = fork();
if (monitor->m_pid == -1)
pmonitor->m_pid = fork();
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (monitor->m_pid != 0) {
debug2("User child is on pid %d", monitor->m_pid);
close(monitor->m_recvfd);
monitor_child_postauth(monitor);
else if (pmonitor->m_pid != 0) {
debug2("User child is on pid %d", pmonitor->m_pid);
close(pmonitor->m_recvfd);
monitor_child_postauth(pmonitor);
/* NEVERREACHED */
exit(0);
}
close(monitor->m_sendfd);
close(pmonitor->m_sendfd);
/* Demote the private keys to public keys. */
demote_sensitive_data();
@ -647,7 +647,7 @@ privsep_postauth(Authctxt *authctxt)
do_setusercontext(authctxt->pw);
/* It is safe now to apply the key state */
monitor_apply_keystate(monitor);
monitor_apply_keystate(pmonitor);
}
static char *
@ -1459,7 +1459,7 @@ main(int ac, char **av)
* the current keystate and exits
*/
if (use_privsep) {
mm_send_keystate(monitor);
mm_send_keystate(pmonitor);
exit(0);
}