- (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"

is terminated if the privsep slave exits during keyboard-interactive authentication. ok djm@
author: Darren Tucker <dtucker@zip.com.au> 2004-05-24 11:55:36 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2004-05-24 11:55:36 +1000
commit: b53355eca5dc476aaaf53c49ef145c397c5c2275 (patch)
tree: f4df6b9988eead502fae73d3b15edc396b92ce19
parent: 89413dbafa5a5f237ba1040b74e6437b8b1ff1e0 (diff)
2 files changed, 19 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 9ce0adb09..bc6b40dae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,9 +12,9 @@
     add prototypes for -Wall; ok djm
   - djm@cvs.openbsd.org 2004/05/21 11:33:11
     [channels.c channels.h clientloop.c serverloop.c ssh.1]
-     bz #756: add support for the cancel-tcpip-forward request for the server and
+     bz #756: add support for the cancel-tcpip-forward request for the server
-     the client (through the ~C commandline). reported by z3p AT twistedmatrix.com;
+     and the client (through the ~C commandline). reported by z3p AT
-     ok markus@
+     twistedmatrix.com; ok markus@
   - djm@cvs.openbsd.org 2004/05/22 06:32:12
     [clientloop.c ssh.1]
     use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
@@ -22,8 +22,12 @@
     [ssh.1]
     kill whitespace at eol;
   - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
-     [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
+     [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config
+     sshd_config.5]
     Add MaxAuthTries sshd config option; ok markus@
+ - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
+   is terminated if the privsep slave exits during keyboard-interactive
+   authentication.  ok djm@
 20040523
 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in 
@@ -1153,4 +1157,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3365 2004/05/24 00:36:23 dtucker Exp $
+$Id: ChangeLog,v 1.3366 2004/05/24 01:55:36 dtucker Exp $
diff --git a/auth-pam.c b/auth-pam.c
index faa0b904f..833c850e7 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,7 +31,7 @@
 /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
 #include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.101 2004/05/13 07:29:35 dtucker Exp $");
+RCSID("$Id: auth-pam.c,v 1.102 2004/05/24 01:55:36 dtucker Exp $");
 #ifdef USE_PAM
 #if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -93,10 +93,17 @@ static mysig_t sshpam_oldsig;
 static void 
 sshpam_sigchld_handler(int sig)
 {
+        signal(SIGCHLD, SIG_DFL);
        if (cleanup_ctxt == NULL)
                return; /* handler called after PAM cleanup, shouldn't happen */
-        if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1)
+        if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
-                return; /* couldn't wait for process */
+             == -1) {
+                /* PAM thread has not exitted, privsep slave must have */
+                kill(cleanup_ctxt->pam_thread, SIGTERM);
+                if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
+                    == -1)
+                        return; /* could not wait */
+        }
        if (WIFSIGNALED(sshpam_thread_status) &&
            WTERMSIG(sshpam_thread_status) == SIGTERM)
                return; /* terminated by pthread_cancel */
author	Darren Tucker <dtucker@zip.com.au>	2004-05-24 11:55:36 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2004-05-24 11:55:36 +1000
commit	b53355eca5dc476aaaf53c49ef145c397c5c2275 (patch)
tree	f4df6b9988eead502fae73d3b15edc396b92ce19
parent	89413dbafa5a5f237ba1040b74e6437b8b1ff1e0 (diff)