version 1.424, 2014/04/18 23:52:25 |
version 1.425, 2014/04/19 14:53:48 |
|
|
|
|
#include <openssl/dh.h> |
#include <openssl/dh.h> |
#include <openssl/bn.h> |
#include <openssl/bn.h> |
#include <openssl/rand.h> |
|
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "ssh.h" |
#include "ssh.h" |
|
|
static void |
static void |
privsep_preauth_child(void) |
privsep_preauth_child(void) |
{ |
{ |
u_int32_t rnd[256]; |
|
gid_t gidset[1]; |
gid_t gidset[1]; |
struct passwd *pw; |
struct passwd *pw; |
|
|
|
|
ssh_gssapi_prepare_supported_oids(); |
ssh_gssapi_prepare_supported_oids(); |
#endif |
#endif |
|
|
arc4random_buf(rnd, sizeof(rnd)); |
|
RAND_seed(rnd, sizeof(rnd)); |
|
explicit_bzero(rnd, sizeof(rnd)); |
|
|
|
/* Demote the private keys to public keys. */ |
/* Demote the private keys to public keys. */ |
demote_sensitive_data(); |
demote_sensitive_data(); |
|
|
|
|
static void |
static void |
privsep_postauth(Authctxt *authctxt) |
privsep_postauth(Authctxt *authctxt) |
{ |
{ |
u_int32_t rnd[256]; |
|
|
|
if (authctxt->pw->pw_uid == 0 || options.use_login) { |
if (authctxt->pw->pw_uid == 0 || options.use_login) { |
/* File descriptor passing is broken or root login */ |
/* File descriptor passing is broken or root login */ |
|
|
/* Demote the private keys to public keys. */ |
/* Demote the private keys to public keys. */ |
demote_sensitive_data(); |
demote_sensitive_data(); |
|
|
arc4random_buf(rnd, sizeof(rnd)); |
|
RAND_seed(rnd, sizeof(rnd)); |
|
explicit_bzero(rnd, sizeof(rnd)); |
|
|
|
/* Drop privileges */ |
/* Drop privileges */ |
do_setusercontext(authctxt->pw); |
do_setusercontext(authctxt->pw); |
|
|
|
|
struct sockaddr_storage from; |
struct sockaddr_storage from; |
socklen_t fromlen; |
socklen_t fromlen; |
pid_t pid; |
pid_t pid; |
u_char rnd[256]; |
|
|
|
/* setup fd set for accept */ |
/* setup fd set for accept */ |
fdset = NULL; |
fdset = NULL; |
|
|
} |
} |
|
|
close(*newsock); |
close(*newsock); |
|
|
/* |
|
* Ensure that our random state differs |
|
* from that of the child |
|
*/ |
|
arc4random_buf(rnd, sizeof(rnd)); |
|
RAND_seed(rnd, sizeof(rnd)); |
|
explicit_bzero(rnd, sizeof(rnd)); |
|
} |
} |
|
|
/* child process check (or debug mode) */ |
/* child process check (or debug mode) */ |