summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c24
1 files changed, 18 insertions, 6 deletions
diff --git a/sshd.c b/sshd.c
index 112a5f96f..9d21b30f3 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.385 2011/06/23 09:34:13 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -243,6 +243,7 @@ int startup_pipe; /* in child */
243/* variables used for privilege separation */ 243/* variables used for privilege separation */
244int use_privsep = -1; 244int use_privsep = -1;
245struct monitor *pmonitor = NULL; 245struct monitor *pmonitor = NULL;
246int privsep_is_preauth = 1;
246 247
247/* global authentication context */ 248/* global authentication context */
248Authctxt *the_authctxt = NULL; 249Authctxt *the_authctxt = NULL;
@@ -654,10 +655,13 @@ privsep_preauth(Authctxt *authctxt)
654 655
655 /* Wait for the child's exit status */ 656 /* Wait for the child's exit status */
656 while (waitpid(pid, &status, 0) < 0) { 657 while (waitpid(pid, &status, 0) < 0) {
657 if (errno != EINTR) 658 if (errno == EINTR)
658 fatal("%s: waitpid: %s", __func__, 659 continue;
659 strerror(errno)); 660 pmonitor->m_pid = -1;
661 fatal("%s: waitpid: %s", __func__, strerror(errno));
660 } 662 }
663 privsep_is_preauth = 0;
664 pmonitor->m_pid = -1;
661 if (WIFEXITED(status)) { 665 if (WIFEXITED(status)) {
662 if (WEXITSTATUS(status) != 0) 666 if (WEXITSTATUS(status) != 0)
663 fatal("%s: preauth child exited with status %d", 667 fatal("%s: preauth child exited with status %d",
@@ -1511,7 +1515,7 @@ main(int ac, char **av)
1511 * root's environment 1515 * root's environment
1512 */ 1516 */
1513 if (getenv("KRB5CCNAME") != NULL) 1517 if (getenv("KRB5CCNAME") != NULL)
1514 unsetenv("KRB5CCNAME"); 1518 (void) unsetenv("KRB5CCNAME");
1515 1519
1516#ifdef _UNICOS 1520#ifdef _UNICOS
1517 /* Cray can define user privs drop all privs now! 1521 /* Cray can define user privs drop all privs now!
@@ -2470,8 +2474,16 @@ do_ssh2_kex(void)
2470void 2474void
2471cleanup_exit(int i) 2475cleanup_exit(int i)
2472{ 2476{
2473 if (the_authctxt) 2477 if (the_authctxt) {
2474 do_cleanup(the_authctxt); 2478 do_cleanup(the_authctxt);
2479 if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
2480 debug("Killing privsep child %d", pmonitor->m_pid);
2481 if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
2482 errno != ESRCH)
2483 error("%s: kill(%d): %s", __func__,
2484 pmonitor->m_pid, strerror(errno));
2485 }
2486 }
2475#ifdef SSH_AUDIT_EVENTS 2487#ifdef SSH_AUDIT_EVENTS
2476 /* done after do_cleanup so it can cancel the PAM auth 'thread' */ 2488 /* done after do_cleanup so it can cancel the PAM auth 'thread' */
2477 if (!use_privsep || mm_is_monitor()) 2489 if (!use_privsep || mm_is_monitor())