- markus@cvs.openbsd.org 2006/08/18 09:15:20

[auth.h session.c sshd.c] delay authentication related cleanups until we're authenticated and all alarms have been cancelled; ok deraadt
author: Damien Miller <djm@mindrot.org> 2006-08-19 00:32:46 +1000
committer: Damien Miller <djm@mindrot.org> 2006-08-19 00:32:46 +1000
commit: 3f8123c804bdabbc95caf9e3495310e584944fb2 (patch)
tree: a2451a9b597ab738acc510f3bbee14babc048d2c
parent: 99a648e59291d3adb39eeee4fa1f8a5b2ee2d769 (diff)
4 files changed, 11 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 6a04d1a0f..8fdabe467 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,10 @@
     [log.c log.h sshd.c]
     make signal handler termination path shorter; risky code pointed out by
     mark dowd; ok djm markus
+   - markus@cvs.openbsd.org 2006/08/18 09:15:20
+     [auth.h session.c sshd.c]
+     delay authentication related cleanups until we're authenticated and
+     all alarms have been cancelled; ok deraadt
 20060817
 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
@@ -5247,4 +5251,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4491 2006/08/18 14:32:20 djm Exp $
+$Id: ChangeLog,v 1.4492 2006/08/18 14:32:46 djm Exp $
diff --git a/auth.h b/auth.h
index 26158b9dd..8c554b6a6 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.57 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth.h,v 1.58 2006/08/18 09:15:20 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -48,6 +48,7 @@ typedef struct KbdintDevice KbdintDevice;
 struct Authctxt {
        sig_atomic_t     success;
+        int              authenticated; /* authenticated and alarms cancelled */
        int              postponed;     /* authentication needs another step */
        int              valid;         /* user exists and is allowed to login */
        int              attempt;
diff --git a/session.c b/session.c
index 1eb66f440..057298c86 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.217 2006/08/04 20:46:05 stevesk Exp $ */
+/* $OpenBSD: session.c,v 1.218 2006/08/18 09:15:20 markus Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -2476,7 +2476,7 @@ do_cleanup(Authctxt *authctxt)
                return;
        called = 1;
-        if (authctxt == NULL)
+        if (authctxt == NULL || !authctxt->authenticated)
                return;
 #ifdef KRB5
        if (options.kerberos_ticket_cleanup &&
diff --git a/sshd.c b/sshd.c
index f1f2e38b3..dcc626589 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.346 2006/08/18 09:13:26 deraadt Exp $ */
+/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1800,6 +1800,7 @@ main(int ac, char **av)
         */
        alarm(0);
        signal(SIGALRM, SIG_DFL);
+        authctxt->authenticated = 1;
        if (startup_pipe != -1) {
                close(startup_pipe);
                startup_pipe = -1;
author	Damien Miller <djm@mindrot.org>	2006-08-19 00:32:46 +1000
committer	Damien Miller <djm@mindrot.org>	2006-08-19 00:32:46 +1000
commit	3f8123c804bdabbc95caf9e3495310e584944fb2 (patch)
tree	a2451a9b597ab738acc510f3bbee14babc048d2c
parent	99a648e59291d3adb39eeee4fa1f8a5b2ee2d769 (diff)