version 1.383, 2011/06/17 21:44:31 |
version 1.384, 2011/06/22 21:57:01 |
|
|
#endif |
#endif |
#include "monitor_wrap.h" |
#include "monitor_wrap.h" |
#include "roaming.h" |
#include "roaming.h" |
|
#include "sandbox.h" |
#include "version.h" |
#include "version.h" |
|
|
#ifdef LIBWRAP |
#ifdef LIBWRAP |
|
|
{ |
{ |
int status; |
int status; |
pid_t pid; |
pid_t pid; |
|
struct ssh_sandbox *box = NULL; |
|
|
/* Set up unprivileged child process to deal with network data */ |
/* Set up unprivileged child process to deal with network data */ |
pmonitor = monitor_init(); |
pmonitor = monitor_init(); |
/* Store a pointer to the kex for later rekeying */ |
/* Store a pointer to the kex for later rekeying */ |
pmonitor->m_pkex = &xxx_kex; |
pmonitor->m_pkex = &xxx_kex; |
|
|
|
if (use_privsep == PRIVSEP_SANDBOX) |
|
box = ssh_sandbox_init(); |
pid = fork(); |
pid = fork(); |
if (pid == -1) { |
if (pid == -1) { |
fatal("fork of unprivileged child failed"); |
fatal("fork of unprivileged child failed"); |
} else if (pid != 0) { |
} else if (pid != 0) { |
debug2("Network child is on pid %ld", (long)pid); |
debug2("Network child is on pid %ld", (long)pid); |
|
|
|
if (box != NULL) |
|
ssh_sandbox_parent_preauth(box, pid); |
pmonitor->m_pid = pid; |
pmonitor->m_pid = pid; |
monitor_child_preauth(authctxt, pmonitor); |
monitor_child_preauth(authctxt, pmonitor); |
|
|
|
|
monitor_sync(pmonitor); |
monitor_sync(pmonitor); |
|
|
/* Wait for the child's exit status */ |
/* Wait for the child's exit status */ |
while (waitpid(pid, &status, 0) < 0) |
while (waitpid(pid, &status, 0) < 0) { |
if (errno != EINTR) |
if (errno != EINTR) |
break; |
fatal("%s: waitpid: %s", __func__, |
return (1); |
strerror(errno)); |
|
} |
|
if (WIFEXITED(status)) { |
|
if (WEXITSTATUS(status) != 0) |
|
fatal("%s: preauth child exited with status %d", |
|
__func__, WEXITSTATUS(status)); |
|
} else if (WIFSIGNALED(status)) |
|
fatal("%s: preauth child terminated by signal %d", |
|
__func__, WTERMSIG(status)); |
|
if (box != NULL) |
|
ssh_sandbox_parent_finish(box); |
|
return 1; |
} else { |
} else { |
/* child */ |
/* child */ |
close(pmonitor->m_sendfd); |
close(pmonitor->m_sendfd); |
|
|
if (getuid() == 0 || geteuid() == 0) |
if (getuid() == 0 || geteuid() == 0) |
privsep_preauth_child(); |
privsep_preauth_child(); |
setproctitle("%s", "[net]"); |
setproctitle("%s", "[net]"); |
|
if (box != NULL) |
|
ssh_sandbox_child(box); |
|
|
|
return 0; |
} |
} |
return (0); |
|
} |
} |
|
|
static void |
static void |