Imported Upstream version 3.1.0

[debian/amanda] / common-src / ssh-security.c

diff --git a/common-src/ssh-security.c b/common-src/ssh-security.c
index 3736927ca2da74f534367c8e890afb3f65a0207d..19d60692792725905a82e3e4465555201db8fa1c 100644 (file)
--- a/common-src/ssh-security.c
+++ b/common-src/ssh-security.c
@@ -37,13 +37,9 @@
 #include "util.h"
 #include "event.h"
 #include "packet.h"
-#include "queue.h"
 #include "security.h"
 #include "security-util.h"
 #include "stream.h"
-#include "version.h"
-
-#ifdef SSH_SECURITY
 
 /*
  * Number of seconds ssh has to start up
@@ -108,16 +104,14 @@ ssh_connect(
     void *             arg,
     void *             datap)
 {
+    int result;
     struct sec_handle *rh;
     char *amandad_path=NULL, *client_username=NULL, *ssh_keys=NULL;
 
     assert(fn != NULL);
     assert(hostname != NULL);
 
-    (void)conf_fn;     /* Quiet unused parameter warning */
-
-    auth_debug(1, ("%s: ssh: ssh_connect: %s\n", debug_prefix_time(NULL),
-                  hostname));
+    auth_debug(1, "ssh_connect: %s\n", hostname);
 
     rh = alloc(SIZEOF(*rh));
     security_handleinit(&rh->sech, &ssh_security_driver);
@@ -126,14 +120,19 @@ ssh_connect(
     rh->ev_timeout = NULL;
     rh->rc = NULL;
 
+    /* get the canonical hostname */
     rh->hostname = NULL;
-    if (try_resolving_hostname(hostname, &rh->hostname)) {
+    if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) != 0
+        || rh->hostname == NULL) {
        security_seterror(&rh->sech,
-           "%s: ssh could not resolve hostname", hostname);
+           _("ssh_security could not find canonical name for '%s': %s"),
+           hostname, gai_strerror(result));
        (*fn)(arg, &rh->sech, S_ERROR);
        return;
     }
     rh->rs = tcpma_stream_client(rh, newhandle++);
+    rh->rc->conf_fn = conf_fn;
+    rh->rc->datap = datap;
 
     if (rh->rs == NULL)
        goto error;
@@ -153,7 +152,7 @@ ssh_connect(
     }
     if(rh->rc->read == -1) {
        if (runssh(rh->rs->rc, amandad_path, client_username, ssh_keys) < 0) {
-           security_seterror(&rh->sech, "can't connect to %s: %s",
+           security_seterror(&rh->sech, _("can't connect to %s: %s"),
                              hostname, rh->rs->rc->errmsg);
            goto error;
        }
@@ -200,13 +199,13 @@ runssh(
     memset(rpipe, -1, SIZEOF(rpipe));
     memset(wpipe, -1, SIZEOF(wpipe));
     if (pipe(rpipe) < 0 || pipe(wpipe) < 0) {
-       rc->errmsg = newvstralloc(rc->errmsg, "pipe: ", strerror(errno), NULL);
+       rc->errmsg = newvstrallocf(rc->errmsg, _("pipe: %s"), strerror(errno));
        return (-1);
     }
 
     switch (rc->pid = fork()) {
     case -1:
-       rc->errmsg = newvstralloc(rc->errmsg, "fork: ", strerror(errno), NULL);
+       rc->errmsg = newvstrallocf(rc->errmsg, _("fork: %s"), strerror(errno));
        aclose(rpipe[0]);
        aclose(rpipe[1]);
        aclose(wpipe[0]);
@@ -224,11 +223,13 @@ runssh(
        return (0);
     }
 
+    /* drop root privs for good */
+    set_root_privs(-1);
+
     safe_fd(-1, 0);
 
     if(!xamandad_path || strlen(xamandad_path) <= 1) 
-       xamandad_path = vstralloc(libexecdir, "/", "amandad",
-                                versionsuffix(), NULL);
+       xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL);
     if(!xclient_username || strlen(xclient_username) <= 1)
        xclient_username = CLIENT_LOGIN;
     if(!ssh_keys || strlen(ssh_keys) <= 1) {
@@ -246,5 +247,3 @@ runssh(
     /* should never go here, shut up compiler warning */
     return(-1);
 }
-
-#endif /* SSH_SECURITY */