diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 24 |
1 files changed, 18 insertions, 6 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.385 2011/06/23 09:34:13 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.388 2011/09/30 21:22:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -243,6 +243,7 @@ int startup_pipe; /* in child */ | |||
243 | /* variables used for privilege separation */ | 243 | /* variables used for privilege separation */ |
244 | int use_privsep = -1; | 244 | int use_privsep = -1; |
245 | struct monitor *pmonitor = NULL; | 245 | struct monitor *pmonitor = NULL; |
246 | int privsep_is_preauth = 1; | ||
246 | 247 | ||
247 | /* global authentication context */ | 248 | /* global authentication context */ |
248 | Authctxt *the_authctxt = NULL; | 249 | Authctxt *the_authctxt = NULL; |
@@ -654,10 +655,13 @@ privsep_preauth(Authctxt *authctxt) | |||
654 | 655 | ||
655 | /* Wait for the child's exit status */ | 656 | /* Wait for the child's exit status */ |
656 | while (waitpid(pid, &status, 0) < 0) { | 657 | while (waitpid(pid, &status, 0) < 0) { |
657 | if (errno != EINTR) | 658 | if (errno == EINTR) |
658 | fatal("%s: waitpid: %s", __func__, | 659 | continue; |
659 | strerror(errno)); | 660 | pmonitor->m_pid = -1; |
661 | fatal("%s: waitpid: %s", __func__, strerror(errno)); | ||
660 | } | 662 | } |
663 | privsep_is_preauth = 0; | ||
664 | pmonitor->m_pid = -1; | ||
661 | if (WIFEXITED(status)) { | 665 | if (WIFEXITED(status)) { |
662 | if (WEXITSTATUS(status) != 0) | 666 | if (WEXITSTATUS(status) != 0) |
663 | fatal("%s: preauth child exited with status %d", | 667 | fatal("%s: preauth child exited with status %d", |
@@ -1511,7 +1515,7 @@ main(int ac, char **av) | |||
1511 | * root's environment | 1515 | * root's environment |
1512 | */ | 1516 | */ |
1513 | if (getenv("KRB5CCNAME") != NULL) | 1517 | if (getenv("KRB5CCNAME") != NULL) |
1514 | unsetenv("KRB5CCNAME"); | 1518 | (void) unsetenv("KRB5CCNAME"); |
1515 | 1519 | ||
1516 | #ifdef _UNICOS | 1520 | #ifdef _UNICOS |
1517 | /* Cray can define user privs drop all privs now! | 1521 | /* Cray can define user privs drop all privs now! |
@@ -2470,8 +2474,16 @@ do_ssh2_kex(void) | |||
2470 | void | 2474 | void |
2471 | cleanup_exit(int i) | 2475 | cleanup_exit(int i) |
2472 | { | 2476 | { |
2473 | if (the_authctxt) | 2477 | if (the_authctxt) { |
2474 | do_cleanup(the_authctxt); | 2478 | do_cleanup(the_authctxt); |
2479 | if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) { | ||
2480 | debug("Killing privsep child %d", pmonitor->m_pid); | ||
2481 | if (kill(pmonitor->m_pid, SIGKILL) != 0 && | ||
2482 | errno != ESRCH) | ||
2483 | error("%s: kill(%d): %s", __func__, | ||
2484 | pmonitor->m_pid, strerror(errno)); | ||
2485 | } | ||
2486 | } | ||
2475 | #ifdef SSH_AUDIT_EVENTS | 2487 | #ifdef SSH_AUDIT_EVENTS |
2476 | /* done after do_cleanup so it can cancel the PAM auth 'thread' */ | 2488 | /* done after do_cleanup so it can cancel the PAM auth 'thread' */ |
2477 | if (!use_privsep || mm_is_monitor()) | 2489 | if (!use_privsep || mm_is_monitor()) |