summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2011-06-20 14:42:23 +1000
committerDamien Miller <djm@mindrot.org>2011-06-20 14:42:23 +1000
commit8f0bf237d4e699d00c2febaf1b88a9b9b827e77e (patch)
tree212a2ef9014a216e7ab96060e81ab3c1d737ba7c /sshd.c
parente7ac2bd42ad16c2e2485331641befedebaebdb46 (diff)
- djm@cvs.openbsd.org 2011/06/17 21:44:31
[log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/sshd.c b/sshd.c
index 50d0dede4..6e15522b3 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.382 2011/04/12 05:32:49 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.383 2011/06/17 21:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -636,10 +636,8 @@ privsep_preauth(Authctxt *authctxt)
636 } else if (pid != 0) { 636 } else if (pid != 0) {
637 debug2("Network child is on pid %ld", (long)pid); 637 debug2("Network child is on pid %ld", (long)pid);
638 638
639 close(pmonitor->m_recvfd);
640 pmonitor->m_pid = pid; 639 pmonitor->m_pid = pid;
641 monitor_child_preauth(authctxt, pmonitor); 640 monitor_child_preauth(authctxt, pmonitor);
642 close(pmonitor->m_sendfd);
643 641
644 /* Sync memory */ 642 /* Sync memory */
645 monitor_sync(pmonitor); 643 monitor_sync(pmonitor);
@@ -651,8 +649,11 @@ privsep_preauth(Authctxt *authctxt)
651 return (1); 649 return (1);
652 } else { 650 } else {
653 /* child */ 651 /* child */
654
655 close(pmonitor->m_sendfd); 652 close(pmonitor->m_sendfd);
653 close(pmonitor->m_log_recvfd);
654
655 /* Arrange for logging to be sent to the monitor */
656 set_log_handler(mm_log_handler, pmonitor);
656 657
657 /* Demote the child */ 658 /* Demote the child */
658 if (getuid() == 0 || geteuid() == 0) 659 if (getuid() == 0 || geteuid() == 0)
@@ -685,7 +686,6 @@ privsep_postauth(Authctxt *authctxt)
685 fatal("fork of unprivileged child failed"); 686 fatal("fork of unprivileged child failed");
686 else if (pmonitor->m_pid != 0) { 687 else if (pmonitor->m_pid != 0) {
687 verbose("User child is on pid %ld", (long)pmonitor->m_pid); 688 verbose("User child is on pid %ld", (long)pmonitor->m_pid);
688 close(pmonitor->m_recvfd);
689 buffer_clear(&loginmsg); 689 buffer_clear(&loginmsg);
690 monitor_child_postauth(pmonitor); 690 monitor_child_postauth(pmonitor);
691 691
@@ -693,7 +693,10 @@ privsep_postauth(Authctxt *authctxt)
693 exit(0); 693 exit(0);
694 } 694 }
695 695
696 /* child */
697
696 close(pmonitor->m_sendfd); 698 close(pmonitor->m_sendfd);
699 pmonitor->m_sendfd = -1;
697 700
698 /* Demote the private keys to public keys. */ 701 /* Demote the private keys to public keys. */
699 demote_sensitive_data(); 702 demote_sensitive_data();
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 05:55:46 +0000