| version 1.312, 2005/07/25 11:59:40 |
version 1.312.2.1, 2006/02/03 03:01:58 |
|
|
| { |
{ |
| if (authctxt->pw->pw_uid == 0 || options.use_login) { |
if (authctxt->pw->pw_uid == 0 || options.use_login) { |
| /* File descriptor passing is broken or root login */ |
/* File descriptor passing is broken or root login */ |
| monitor_apply_keystate(pmonitor); |
|
| use_privsep = 0; |
use_privsep = 0; |
| return; |
goto skip; |
| } |
} |
| |
|
| /* Authentication complete */ |
|
| alarm(0); |
|
| if (startup_pipe != -1) { |
|
| close(startup_pipe); |
|
| startup_pipe = -1; |
|
| } |
|
| |
|
| /* New socket pair */ |
/* New socket pair */ |
| monitor_reinit(pmonitor); |
monitor_reinit(pmonitor); |
| |
|
|
|
| /* Drop privileges */ |
/* Drop privileges */ |
| do_setusercontext(authctxt->pw); |
do_setusercontext(authctxt->pw); |
| |
|
| |
skip: |
| /* It is safe now to apply the key state */ |
/* It is safe now to apply the key state */ |
| monitor_apply_keystate(pmonitor); |
monitor_apply_keystate(pmonitor); |
| |
|
|
|
| saved_argv = av; |
saved_argv = av; |
| rexec_argc = ac; |
rexec_argc = ac; |
| |
|
| |
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
| |
sanitise_stdfd(); |
| |
|
| /* Initialize configuration options to their default values. */ |
/* Initialize configuration options to their default values. */ |
| initialize_server_options(&options); |
initialize_server_options(&options); |
| |
|
|
|
| debug("get_remote_port failed"); |
debug("get_remote_port failed"); |
| cleanup_exit(255); |
cleanup_exit(255); |
| } |
} |
| remote_ip = get_remote_ipaddr(); |
|
| |
|
| |
/* |
| |
* We use get_canonical_hostname with usedns = 0 instead of |
| |
* get_remote_ipaddr here so IP options will be checked. |
| |
*/ |
| |
remote_ip = get_canonical_hostname(0); |
| |
|
| #ifdef LIBWRAP |
#ifdef LIBWRAP |
| /* Check whether logins are denied from this host. */ |
/* Check whether logins are denied from this host. */ |
| if (packet_connection_is_on_socket()) { |
if (packet_connection_is_on_socket()) { |
|
|
| verbose("Connection from %.500s port %d", remote_ip, remote_port); |
verbose("Connection from %.500s port %d", remote_ip, remote_port); |
| |
|
| /* |
/* |
| * We don\'t want to listen forever unless the other side |
* We don't want to listen forever unless the other side |
| * successfully authenticates itself. So we set up an alarm which is |
* successfully authenticates itself. So we set up an alarm which is |
| * cleared after successful authentication. A limit of zero |
* cleared after successful authentication. A limit of zero |
| * indicates no limit. Note that we don\'t set the alarm in debugging |
* indicates no limit. Note that we don't set the alarm in debugging |
| * mode; it is just annoying to have the server exit just when you |
* mode; it is just annoying to have the server exit just when you |
| * are about to discover the bug. |
* are about to discover the bug. |
| */ |
*/ |
|
|
| } |
} |
| |
|
| authenticated: |
authenticated: |
| |
/* |
| |
* Cancel the alarm we set to limit the time taken for |
| |
* authentication. |
| |
*/ |
| |
alarm(0); |
| |
signal(SIGALRM, SIG_DFL); |
| |
if (startup_pipe != -1) { |
| |
close(startup_pipe); |
| |
startup_pipe = -1; |
| |
} |
| |
|
| /* |
/* |
| * In privilege separation, we fork another child and prepare |
* In privilege separation, we fork another child and prepare |
| * file descriptor passing. |
* file descriptor passing. |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh