version 1.308.2.1, 2005/09/04 18:40:11 |
version 1.308.2.2, 2006/02/03 02:53:46 |
|
|
{ |
{ |
if (authctxt->pw->pw_uid == 0 || options.use_login) { |
if (authctxt->pw->pw_uid == 0 || options.use_login) { |
/* File descriptor passing is broken or root login */ |
/* File descriptor passing is broken or root login */ |
monitor_apply_keystate(pmonitor); |
|
use_privsep = 0; |
use_privsep = 0; |
return; |
goto skip; |
} |
} |
|
|
/* Authentication complete */ |
|
alarm(0); |
|
if (startup_pipe != -1) { |
|
close(startup_pipe); |
|
startup_pipe = -1; |
|
} |
|
|
|
/* New socket pair */ |
/* New socket pair */ |
monitor_reinit(pmonitor); |
monitor_reinit(pmonitor); |
|
|
|
|
/* Drop privileges */ |
/* Drop privileges */ |
do_setusercontext(authctxt->pw); |
do_setusercontext(authctxt->pw); |
|
|
|
skip: |
/* It is safe now to apply the key state */ |
/* It is safe now to apply the key state */ |
monitor_apply_keystate(pmonitor); |
monitor_apply_keystate(pmonitor); |
|
|
|
|
saved_argv = av; |
saved_argv = av; |
rexec_argc = ac; |
rexec_argc = ac; |
|
|
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
|
sanitise_stdfd(); |
|
|
/* Initialize configuration options to their default values. */ |
/* Initialize configuration options to their default values. */ |
initialize_server_options(&options); |
initialize_server_options(&options); |
|
|
|
|
debug("get_remote_port failed"); |
debug("get_remote_port failed"); |
cleanup_exit(255); |
cleanup_exit(255); |
} |
} |
remote_ip = get_remote_ipaddr(); |
|
|
|
|
/* |
|
* We use get_canonical_hostname with usedns = 0 instead of |
|
* get_remote_ipaddr here so IP options will be checked. |
|
*/ |
|
remote_ip = get_canonical_hostname(0); |
|
|
#ifdef LIBWRAP |
#ifdef LIBWRAP |
/* Check whether logins are denied from this host. */ |
/* Check whether logins are denied from this host. */ |
if (packet_connection_is_on_socket()) { |
if (packet_connection_is_on_socket()) { |
|
|
verbose("Connection from %.500s port %d", remote_ip, remote_port); |
verbose("Connection from %.500s port %d", remote_ip, remote_port); |
|
|
/* |
/* |
* We don\'t want to listen forever unless the other side |
* We don't want to listen forever unless the other side |
* successfully authenticates itself. So we set up an alarm which is |
* successfully authenticates itself. So we set up an alarm which is |
* cleared after successful authentication. A limit of zero |
* cleared after successful authentication. A limit of zero |
* indicates no limit. Note that we don\'t set the alarm in debugging |
* indicates no limit. Note that we don't set the alarm in debugging |
* mode; it is just annoying to have the server exit just when you |
* mode; it is just annoying to have the server exit just when you |
* are about to discover the bug. |
* are about to discover the bug. |
*/ |
*/ |
|
|
} |
} |
|
|
authenticated: |
authenticated: |
|
/* |
|
* Cancel the alarm we set to limit the time taken for |
|
* authentication. |
|
*/ |
|
alarm(0); |
|
signal(SIGALRM, SIG_DFL); |
|
if (startup_pipe != -1) { |
|
close(startup_pipe); |
|
startup_pipe = -1; |
|
} |
|
|
/* |
/* |
* In privilege separation, we fork another child and prepare |
* In privilege separation, we fork another child and prepare |
* file descriptor passing. |
* file descriptor passing. |