diff options
| author | Colin Watson <cjwatson@debian.org> | 2012-05-17 13:04:02 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2012-05-17 13:04:02 +0100 |
| commit | dd5ed53e20d218607260916a6b04d1c8c5b3d88f (patch) | |
| tree | c59b4dbcc610f10700945f885adf3bddc2542c26 /sshd.c | |
| parent | 8241a65bf12ac53c1b7304bba7ce739aad80b8b8 (diff) | |
| parent | b9bc38990c5eb5d99e28ca5af6d3491fd4a0060a (diff) | |
merge 6.0p1
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 24 |
1 files changed, 18 insertions, 6 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.385 2011/06/23 09:34:13 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -243,6 +243,7 @@ int startup_pipe; /* in child */ | |||
| 243 | /* variables used for privilege separation */ | 243 | /* variables used for privilege separation */ |
| 244 | int use_privsep = -1; | 244 | int use_privsep = -1; |
| 245 | struct monitor *pmonitor = NULL; | 245 | struct monitor *pmonitor = NULL; |
| 246 | int privsep_is_preauth = 1; | ||
| 246 | 247 | ||
| 247 | /* global authentication context */ | 248 | /* global authentication context */ |
| 248 | Authctxt *the_authctxt = NULL; | 249 | Authctxt *the_authctxt = NULL; |
| @@ -654,10 +655,13 @@ privsep_preauth(Authctxt *authctxt) | |||
| 654 | 655 | ||
| 655 | /* Wait for the child's exit status */ | 656 | /* Wait for the child's exit status */ |
| 656 | while (waitpid(pid, &status, 0) < 0) { | 657 | while (waitpid(pid, &status, 0) < 0) { |
| 657 | if (errno != EINTR) | 658 | if (errno == EINTR) |
| 658 | fatal("%s: waitpid: %s", __func__, | 659 | continue; |
| 659 | strerror(errno)); | 660 | pmonitor->m_pid = -1; |
| 661 | fatal("%s: waitpid: %s", __func__, strerror(errno)); | ||
| 660 | } | 662 | } |
| 663 | privsep_is_preauth = 0; | ||
| 664 | pmonitor->m_pid = -1; | ||
| 661 | if (WIFEXITED(status)) { | 665 | if (WIFEXITED(status)) { |
| 662 | if (WEXITSTATUS(status) != 0) | 666 | if (WEXITSTATUS(status) != 0) |
| 663 | fatal("%s: preauth child exited with status %d", | 667 | fatal("%s: preauth child exited with status %d", |
| @@ -1511,7 +1515,7 @@ main(int ac, char **av) | |||
| 1511 | * root's environment | 1515 | * root's environment |
| 1512 | */ | 1516 | */ |
| 1513 | if (getenv("KRB5CCNAME") != NULL) | 1517 | if (getenv("KRB5CCNAME") != NULL) |
| 1514 | unsetenv("KRB5CCNAME"); | 1518 | (void) unsetenv("KRB5CCNAME"); |
| 1515 | 1519 | ||
| 1516 | #ifdef _UNICOS | 1520 | #ifdef _UNICOS |
| 1517 | /* Cray can define user privs drop all privs now! | 1521 | /* Cray can define user privs drop all privs now! |
| @@ -2470,8 +2474,16 @@ do_ssh2_kex(void) | |||
| 2470 | void | 2474 | void |
| 2471 | cleanup_exit(int i) | 2475 | cleanup_exit(int i) |
| 2472 | { | 2476 | { |
| 2473 | if (the_authctxt) | 2477 | if (the_authctxt) { |
| 2474 | do_cleanup(the_authctxt); | 2478 | do_cleanup(the_authctxt); |
| 2479 | if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) { | ||
| 2480 | debug("Killing privsep child %d", pmonitor->m_pid); | ||
| 2481 | if (kill(pmonitor->m_pid, SIGKILL) != 0 && | ||
| 2482 | errno != ESRCH) | ||
| 2483 | error("%s: kill(%d): %s", __func__, | ||
| 2484 | pmonitor->m_pid, strerror(errno)); | ||
| 2485 | } | ||
| 2486 | } | ||
| 2475 | #ifdef SSH_AUDIT_EVENTS | 2487 | #ifdef SSH_AUDIT_EVENTS |
| 2476 | /* done after do_cleanup so it can cancel the PAM auth 'thread' */ | 2488 | /* done after do_cleanup so it can cancel the PAM auth 'thread' */ |
| 2477 | if (!use_privsep || mm_is_monitor()) | 2489 | if (!use_privsep || mm_is_monitor()) |