diff options
Diffstat (limited to 'serverloop.c')
| -rw-r--r-- | serverloop.c | 50 |
1 files changed, 7 insertions, 43 deletions
diff --git a/serverloop.c b/serverloop.c index f3683c2..757cc6f 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.237 2023/08/21 04:59:54 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.240 2024/06/17 08:28:31 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -86,32 +86,17 @@ extern ServerOptions options; /* XXX */ extern Authctxt *the_authctxt; extern struct sshauthopt *auth_opts; -extern int use_privsep; static int no_more_sessions = 0; /* Disallow further sessions. */ static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */ -/* Cleanup on signals (!use_privsep case only) */ -static volatile sig_atomic_t received_sigterm = 0; - /* prototypes */ static void server_init_dispatch(struct ssh *); /* requested tunnel forwarding interface(s), shared with session.c */ char *tun_fwd_ifnames = NULL; -/* returns 1 if bind to specified port by specified user is permitted */ -static int -bind_permitted(int port, uid_t uid) -{ - if (use_privsep) - return 1; /* allow system to decide */ - if (port < IPPORT_RESERVED && uid != 0) - return 0; - return 1; -} - static void sigchld_handler(int sig) { @@ -119,12 +104,6 @@ sigchld_handler(int sig) } static void -sigterm_handler(int sig) -{ - received_sigterm = sig; -} - -static void client_alive_check(struct ssh *ssh) { char remote_id[512]; @@ -287,11 +266,11 @@ process_input(struct ssh *ssh, int connection_in) if (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK) return 0; if (errno == EPIPE) { - verbose("Connection closed by %.100s port %d", + logit("Connection closed by %.100s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return -1; } - verbose("Read error from remote host %s port %d: %s", + logit("Read error from remote host %s port %d: %s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), strerror(errno)); cleanup_exit(255); @@ -354,12 +333,6 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) connection_in = ssh_packet_get_connection_in(ssh); connection_out = ssh_packet_get_connection_out(ssh); - if (!use_privsep) { - ssh_signal(SIGTERM, sigterm_handler); - ssh_signal(SIGINT, sigterm_handler); - ssh_signal(SIGQUIT, sigterm_handler); - } - server_init_dispatch(ssh); for (;;) { @@ -380,15 +353,9 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) wait_until_can_do_something(ssh, connection_in, connection_out, &pfd, &npfd_alloc, &npfd_active, &osigset, &conn_in_ready, &conn_out_ready); - if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1) + if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1) error_f("osigset sigprocmask: %s", strerror(errno)); - if (received_sigterm) { - logit("Exiting on signal %d", (int)received_sigterm); - /* Clean up sessions, utmp, etc. */ - cleanup_exit(255); - } - channel_after_poll(ssh, pfd, npfd_active); if (conn_in_ready && process_input(ssh, connection_in) < 0) @@ -498,7 +465,7 @@ server_request_direct_streamlocal(struct ssh *ssh) /* XXX fine grained permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && auth_opts->permit_port_forwarding_flag && - !options.disable_forwarding && (pw->pw_uid == 0 || use_privsep)) { + !options.disable_forwarding) { c = channel_connect_to_path(ssh, target, "direct-streamlocal@openssh.com", "direct-streamlocal"); } else { @@ -792,9 +759,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) (options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || !auth_opts->permit_port_forwarding_flag || options.disable_forwarding || - (!want_reply && fwd.listen_port == 0) || - (fwd.listen_port != 0 && - !bind_permitted(fwd.listen_port, pw->pw_uid))) { + (!want_reply && fwd.listen_port == 0)) { success = 0; ssh_packet_send_debug(ssh, "Server has disabled port forwarding."); } else { @@ -827,8 +792,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) /* check permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 || !auth_opts->permit_port_forwarding_flag || - options.disable_forwarding || - (pw->pw_uid != 0 && !use_privsep)) { + options.disable_forwarding) { success = 0; ssh_packet_send_debug(ssh, "Server has disabled " "streamlocal forwarding."); |