diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | kex.c | 4 | ||||
| -rw-r--r-- | monitor.c | 40 | ||||
| -rw-r--r-- | monitor_wrap.c | 90 | ||||
| -rw-r--r-- | sshd.c | 40 |
5 files changed, 93 insertions, 88 deletions
@@ -28,6 +28,11 @@ [auth-rhosts.c] handle debug messages during rhosts-rsa and hostbased authentication; ok provos@ + - mouring@cvs.openbsd.org 2002/05/15 15:47:49 + [kex.c monitor.c monitor_wrap.c sshd.c] + 'monitor' variable clashes with at least one lame platform (NeXT). i + Renamed to 'pmonitor'. provos@ + - (bal) Fixed up PAM case. I think. 20020514 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. @@ -632,4 +637,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2128 2002/05/15 16:19:37 mouring Exp $ +$Id: ChangeLog,v 1.2129 2002/05/15 16:25:01 mouring Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $"); #include <openssl/crypto.h> @@ -46,7 +46,7 @@ RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $"); /* Use privilege separation for sshd */ int use_privsep; -struct monitor *monitor; +struct monitor *pmonitor; /* prototype */ @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.10 2002/05/12 23:53:45 djm Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $"); #include <openssl/dh.h> @@ -240,7 +240,7 @@ monitor_permit_authentications(int permit) } Authctxt * -monitor_child_preauth(struct monitor *monitor) +monitor_child_preauth(struct monitor *pmonitor) { struct mon_table *ent; int authenticated = 0; @@ -263,7 +263,7 @@ monitor_child_preauth(struct monitor *monitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { - authenticated = monitor_read(monitor, mon_dispatch, &ent); + authenticated = monitor_read(pmonitor, mon_dispatch, &ent); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -291,13 +291,13 @@ monitor_child_preauth(struct monitor *monitor) debug("%s: %s has been authenticated by privileged process", __FUNCTION__, authctxt->user); - mm_get_keystate(monitor); + mm_get_keystate(pmonitor); return (authctxt); } void -monitor_child_postauth(struct monitor *monitor) +monitor_child_postauth(struct monitor *pmonitor) { if (compat20) { mon_dispatch = mon_dispatch_postauth20; @@ -317,18 +317,18 @@ monitor_child_postauth(struct monitor *monitor) } for (;;) - monitor_read(monitor, mon_dispatch, NULL); + monitor_read(pmonitor, mon_dispatch, NULL); } void -monitor_sync(struct monitor *monitor) +monitor_sync(struct monitor *pmonitor) { /* The member allocation is not visible, so sync it */ - mm_share_sync(&monitor->m_zlib, &monitor->m_zback); + mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); } int -monitor_read(struct monitor *monitor, struct mon_table *ent, +monitor_read(struct monitor *pmonitor, struct mon_table *ent, struct mon_table **pent) { Buffer m; @@ -337,7 +337,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent, buffer_init(&m); - mm_request_receive(monitor->m_sendfd, &m); + mm_request_receive(pmonitor->m_sendfd, &m); type = buffer_get_char(&m); debug3("%s: checking request %d", __FUNCTION__, type); @@ -352,7 +352,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent, if (!(ent->flags & MON_PERMIT)) fatal("%s: unpermitted request %d", __FUNCTION__, type); - ret = (*ent->f)(monitor->m_sendfd, &m); + ret = (*ent->f)(pmonitor->m_sendfd, &m); buffer_free(&m); /* The child may use this request only once, disable it */ @@ -1003,7 +1003,7 @@ mm_session_close(Session *s) int mm_answer_pty(int socket, Buffer *m) { - extern struct monitor *monitor; + extern struct monitor *pmonitor; Session *s; int res, fd0; @@ -1015,7 +1015,7 @@ mm_answer_pty(int socket, Buffer *m) goto error; s->authctxt = authctxt; s->pw = authctxt->pw; - s->pid = monitor->m_pid; + s->pid = pmonitor->m_pid; res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); if (res == 0) goto error; @@ -1252,7 +1252,7 @@ mm_answer_rsa_response(int socket, Buffer *m) int mm_answer_term(int socket, Buffer *req) { - extern struct monitor *monitor; + extern struct monitor *pmonitor; int res, status; debug3("%s: tearing down sessions", __FUNCTION__); @@ -1260,7 +1260,7 @@ mm_answer_term(int socket, Buffer *req) /* The child is terminating */ session_destroy_all(&mm_session_close); - while (waitpid(monitor->m_pid, &status, 0) == -1) + while (waitpid(pmonitor->m_pid, &status, 0) == -1) if (errno != EINTR) exit(1); @@ -1271,7 +1271,7 @@ mm_answer_term(int socket, Buffer *req) } void -monitor_apply_keystate(struct monitor *monitor) +monitor_apply_keystate(struct monitor *pmonitor) { if (compat20) { set_newkeys(MODE_IN); @@ -1303,7 +1303,7 @@ monitor_apply_keystate(struct monitor *monitor) sizeof(outgoing_stream)); /* Update with new address */ - mm_init_compression(monitor->m_zlib); + mm_init_compression(pmonitor->m_zlib); /* Network I/O buffers */ /* XXX inefficient for large buffers, need: buffer_init_from_string */ @@ -1353,7 +1353,7 @@ mm_get_kex(Buffer *m) /* This function requries careful sanity checking */ void -mm_get_keystate(struct monitor *monitor) +mm_get_keystate(struct monitor *pmonitor) { Buffer m; u_char *blob, *p; @@ -1362,7 +1362,7 @@ mm_get_keystate(struct monitor *monitor) debug3("%s: Waiting for new keys", __FUNCTION__); buffer_init(&m); - mm_request_receive_expect(monitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); + mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); if (!compat20) { child_state.ssh1protoflags = buffer_get_int(&m); child_state.ssh1cipher = buffer_get_int(&m); @@ -1372,7 +1372,7 @@ mm_get_keystate(struct monitor *monitor) goto skip; } else { /* Get the Kex for rekeying */ - *monitor->m_pkex = mm_get_kex(&m); + *pmonitor->m_pkex = mm_get_kex(&m); } blob = buffer_get_string(&m, &bloblen); diff --git a/monitor_wrap.c b/monitor_wrap.c index 38017582..c5e3fb98 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.6 2002/05/12 23:53:45 djm Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $"); #include <openssl/bn.h> #include <openssl/dh.h> @@ -56,7 +56,7 @@ extern int compat20; extern Newkeys *newkeys[]; extern z_stream incoming_stream; extern z_stream outgoing_stream; -extern struct monitor *monitor; +extern struct monitor *pmonitor; extern Buffer input, output; void @@ -126,10 +126,10 @@ mm_choose_dh(int min, int nbits, int max) buffer_put_int(&m, nbits); buffer_put_int(&m, max); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_MODULI, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m); debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_MODULI, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m); success = buffer_get_char(&m); if (success == 0) @@ -151,7 +151,7 @@ mm_choose_dh(int min, int nbits, int max) int mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { - Kex *kex = *monitor->m_pkex; + Kex *kex = *pmonitor->m_pkex; Buffer m; debug3("%s entering", __FUNCTION__); @@ -160,10 +160,10 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) buffer_put_int(&m, kex->host_key_index(key)); buffer_put_string(&m, data, datalen); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_SIGN, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SIGN, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); *sigp = buffer_get_string(&m, lenp); buffer_free(&m); @@ -182,10 +182,10 @@ mm_getpwnamallow(const char *login) buffer_init(&m); buffer_put_cstring(&m, login); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_PWNAM, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m); debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PWNAM, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m); if (buffer_get_char(&m) == 0) { buffer_free(&m); @@ -215,10 +215,10 @@ char* mm_auth2_read_banner(void) debug3("%s entering", __FUNCTION__); buffer_init(&m); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); buffer_clear(&m); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); banner = buffer_get_string(&m, NULL); buffer_free(&m); @@ -238,7 +238,7 @@ mm_inform_authserv(char *service, char *style) buffer_put_cstring(&m, service); buffer_put_cstring(&m, style ? style : ""); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); buffer_free(&m); } @@ -254,10 +254,10 @@ mm_auth_password(Authctxt *authctxt, char *password) buffer_init(&m); buffer_put_cstring(&m, password); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); authenticated = buffer_get_int(&m); @@ -327,10 +327,10 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) buffer_put_string(&m, blob, len); xfree(blob); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); allowed = buffer_get_int(&m); @@ -368,10 +368,10 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) buffer_put_string(&m, data, datalen); xfree(blob); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); verified = buffer_get_int(&m); @@ -510,7 +510,7 @@ mm_send_kex(Buffer *m, Kex *kex) } void -mm_send_keystate(struct monitor *monitor) +mm_send_keystate(struct monitor *pmonitor) { Buffer m; u_char *blob, *p; @@ -536,7 +536,7 @@ mm_send_keystate(struct monitor *monitor) goto skip; } else { /* Kex for rekeying */ - mm_send_kex(&m, *monitor->m_pkex); + mm_send_kex(&m, *pmonitor->m_pkex); } debug3("%s: Sending new keys: %p %p", @@ -582,7 +582,7 @@ mm_send_keystate(struct monitor *monitor) buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input)); buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output)); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m); debug3("%s: Finished sending state", __FUNCTION__); buffer_free(&m); @@ -596,10 +596,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) int success = 0; buffer_init(&m); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PTY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m); success = buffer_get_int(&m); if (success == 0) { @@ -613,8 +613,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) strlcpy(namebuf, p, namebuflen); /* Possible truncation */ xfree(p); - *ptyfd = mm_receive_fd(monitor->m_recvfd); - *ttyfd = mm_receive_fd(monitor->m_recvfd); + *ptyfd = mm_receive_fd(pmonitor->m_recvfd); + *ttyfd = mm_receive_fd(pmonitor->m_recvfd); /* Success */ return (1); @@ -630,7 +630,7 @@ mm_session_pty_cleanup2(void *session) return; buffer_init(&m); buffer_put_cstring(&m, s->tty); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); buffer_free(&m); /* closed dup'ed master */ @@ -652,7 +652,7 @@ mm_start_pam(char *user) buffer_init(&m); buffer_put_cstring(&m, user); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_PAM_START, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); buffer_free(&m); } @@ -666,7 +666,7 @@ mm_terminate(void) Buffer m; buffer_init(&m); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_TERM, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m); buffer_free(&m); } @@ -678,9 +678,9 @@ mm_ssh1_session_key(BIGNUM *num) buffer_init(&m); buffer_put_bignum2(&m, num); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSKEY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SESSKEY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m); rsafail = buffer_get_int(&m); buffer_get_bignum2(&m, num); @@ -713,9 +713,9 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, debug3("%s: entering", __FUNCTION__); buffer_init(&m); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, &m); res = buffer_get_int(&m); if (res == -1) { @@ -748,9 +748,9 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) buffer_init(&m); buffer_put_cstring(&m, responses[0]); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); - mm_request_receive_expect(monitor->m_recvfd, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHRESPOND, &m); authok = buffer_get_int(&m); @@ -770,9 +770,9 @@ mm_skey_query(void *ctx, char **name, char **infotxt, debug3("%s: entering", __FUNCTION__); buffer_init(&m); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SKEYQUERY, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, &m); res = buffer_get_int(&m); if (res == -1) { @@ -811,9 +811,9 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) buffer_init(&m); buffer_put_cstring(&m, responses[0]); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); - mm_request_receive_expect(monitor->m_recvfd, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYRESPOND, &m); authok = buffer_get_int(&m); @@ -834,7 +834,7 @@ mm_ssh1_session_id(u_char session_id[16]) for (i = 0; i < 16; i++) buffer_put_char(&m, session_id[i]); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSID, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m); buffer_free(&m); } @@ -852,8 +852,8 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) buffer_init(&m); buffer_put_bignum2(&m, client_n); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m); allowed = buffer_get_int(&m); @@ -892,8 +892,8 @@ mm_auth_rsa_generate_challenge(Key *key) buffer_put_string(&m, blob, blen); xfree(blob); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); buffer_get_bignum2(&m, challenge); buffer_free(&m); @@ -921,8 +921,8 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) buffer_put_string(&m, response, 16); xfree(blob); - mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); - mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); success = buffer_get_int(&m); buffer_free(&m); @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.242 2002/05/15 15:47:49 mouring Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -202,7 +202,7 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ /* variables used for privilege separation */ -extern struct monitor *monitor; +extern struct monitor *pmonitor; extern int use_privsep; /* Prototypes for various functions defined later in this file. */ @@ -566,9 +566,9 @@ privsep_preauth(void) pid_t pid; /* Set up unprivileged child process to deal with network data */ - monitor = monitor_init(); + pmonitor = monitor_init(); /* Store a pointer to the kex for later rekeying */ - monitor->m_pkex = &xxx_kex; + pmonitor->m_pkex = &xxx_kex; pid = fork(); if (pid == -1) { @@ -576,12 +576,12 @@ privsep_preauth(void) } else if (pid != 0) { debug2("Network child is on pid %d", pid); - close(monitor->m_recvfd); - authctxt = monitor_child_preauth(monitor); - close(monitor->m_sendfd); + close(pmonitor->m_recvfd); + authctxt = monitor_child_preauth(pmonitor); + close(pmonitor->m_sendfd); /* Sync memory */ - monitor_sync(monitor); + monitor_sync(pmonitor); /* Wait for the child's exit status */ while (waitpid(pid, &status, 0) < 0) @@ -591,7 +591,7 @@ privsep_preauth(void) } else { /* child */ - close(monitor->m_sendfd); + close(pmonitor->m_sendfd); /* Demote the child */ if (getuid() == 0 || geteuid() == 0) @@ -611,7 +611,7 @@ privsep_postauth(Authctxt *authctxt) if (authctxt->pw->pw_uid == 0 || options.use_login) { /* File descriptor passing is broken or root login */ - monitor_apply_keystate(monitor); + monitor_apply_keystate(pmonitor); use_privsep = 0; return; } @@ -624,21 +624,21 @@ privsep_postauth(Authctxt *authctxt) } /* New socket pair */ - monitor_reinit(monitor); + monitor_reinit(pmonitor); - monitor->m_pid = fork(); - if (monitor->m_pid == -1) + pmonitor->m_pid = fork(); + if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); - else if (monitor->m_pid != 0) { - debug2("User child is on pid %d", monitor->m_pid); - close(monitor->m_recvfd); - monitor_child_postauth(monitor); + else if (pmonitor->m_pid != 0) { + debug2("User child is on pid %d", pmonitor->m_pid); + close(pmonitor->m_recvfd); + monitor_child_postauth(pmonitor); /* NEVERREACHED */ exit(0); } - close(monitor->m_sendfd); + close(pmonitor->m_sendfd); /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -647,7 +647,7 @@ privsep_postauth(Authctxt *authctxt) do_setusercontext(authctxt->pw); /* It is safe now to apply the key state */ - monitor_apply_keystate(monitor); + monitor_apply_keystate(pmonitor); } static char * @@ -1459,7 +1459,7 @@ main(int ac, char **av) * the current keystate and exits */ if (use_privsep) { - mm_send_keystate(monitor); + mm_send_keystate(pmonitor); exit(0); } |