From 814ace08751a80c3b965c06fdfc1c9ac3d7698ca Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 20 May 2011 19:02:47 +1000 Subject: - OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/05/15 08:09:01 [authfd.c monitor.c serverloop.c] use FD_CLOEXEC consistently; patch from zion AT x96.org --- monitor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 29d987c70..732cb365d 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.110 2010/09/09 10:45:45 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.111 2011/05/15 08:09:01 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1834,7 +1834,7 @@ mm_init_compression(struct mm_master *mm) /* XXX */ #define FD_CLOSEONEXEC(x) do { \ - if (fcntl(x, F_SETFD, 1) == -1) \ + if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \ fatal("fcntl(%d, F_SETFD)", x); \ } while (0) -- cgit v1.2.3 From f2e407e2dd83addc26b68b4218d8b6ceaceca54b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 20 May 2011 19:04:14 +1000 Subject: - djm@cvs.openbsd.org 2011/05/20 03:25:45 [monitor.c monitor_wrap.c servconf.c servconf.h] use a macro to define which string options to copy between configs for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@ --- ChangeLog | 7 +++++++ monitor.c | 13 ++++++++++--- monitor_wrap.c | 13 ++++++++++--- servconf.c | 9 +++------ servconf.h | 16 +++++++++++++++- 5 files changed, 45 insertions(+), 13 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index ff81d0522..2cb2dce0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,13 @@ - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 [servconf.c] Add comment documenting what should be after the preauth check. ok djm + - djm@cvs.openbsd.org 2011/05/20 03:25:45 + [monitor.c monitor_wrap.c servconf.c servconf.h] + use a macro to define which string options to copy between configs + for Match. This avoids problems caused by forgetting to keep three + code locations in perfect sync and ordering + + "this is at once beautiful and horrible" + ok dtucker@ 20110515 - (djm) OpenBSD CVS Sync diff --git a/monitor.c b/monitor.c index 732cb365d..c3a418319 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.111 2011/05/15 08:09:01 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.112 2011/05/20 03:25:45 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -671,8 +671,15 @@ mm_answer_pwnamallow(int sock, Buffer *m) out: buffer_put_string(m, &options, sizeof(options)); - if (options.banner != NULL) - buffer_put_cstring(m, options.banner); + +#define M_CP_STROPT(x) do { \ + if (options.x != NULL) \ + buffer_put_cstring(m, options.x); \ + } while (0) + /* See comment in servconf.h */ + COPY_MATCH_STRING_OPTS(); +#undef M_CP_STROPT + debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); diff --git a/monitor_wrap.c b/monitor_wrap.c index 1a5dda561..d3f274021 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.70 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.71 2011/05/20 03:25:45 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -245,8 +245,15 @@ out: newopts = buffer_get_string(&m, &len); if (len != sizeof(*newopts)) fatal("%s: option block size mismatch", __func__); - if (newopts->banner != NULL) - newopts->banner = buffer_get_string(&m, NULL); + +#define M_CP_STROPT(x) do { \ + if (newopts->x != NULL) \ + newopts->x = buffer_get_string(&m, NULL); \ + } while (0) + /* See comment in servconf.h */ + COPY_MATCH_STRING_OPTS(); +#undef M_CP_STROPT + copy_set_server_options(&options, newopts, 1); xfree(newopts); diff --git a/servconf.c b/servconf.c index 04a32973e..daed26a66 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.217 2011/05/20 02:00:19 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.218 2011/05/20 03:25:45 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1499,11 +1499,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_bulk); - M_CP_STROPT(banner); - M_CP_STROPT(trusted_user_ca_keys); - M_CP_STROPT(revoked_keys_file); - M_CP_STROPT(authorized_keys_file); - M_CP_STROPT(authorized_principals_file); + /* See comment in servconf.h */ + COPY_MATCH_STRING_OPTS(); /* * The only things that should be below this point are string options diff --git a/servconf.h b/servconf.h index 3f04b8501..953ef8650 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.96 2011/05/11 04:47:06 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.97 2011/05/20 03:25:45 djm Exp $ */ /* * Author: Tatu Ylonen @@ -161,6 +161,20 @@ typedef struct { char *authorized_principals_file; } ServerOptions; +/* + * These are string config options that must be copied between the + * Match sub-config and the main config, and must be sent from the + * privsep slave to the privsep master. We use a macro to ensure all + * the options are copied and the copies are done in the correct order. + */ +#define COPY_MATCH_STRING_OPTS() do { \ + M_CP_STROPT(banner); \ + M_CP_STROPT(trusted_user_ca_keys); \ + M_CP_STROPT(revoked_keys_file); \ + M_CP_STROPT(authorized_keys_file); \ + M_CP_STROPT(authorized_principals_file); \ + } while (0) + void initialize_server_options(ServerOptions *); void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, -- cgit v1.2.3 From d8478b6a9b32760d47c2419279c4a73f5f88fdb6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 29 May 2011 21:39:36 +1000 Subject: OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/05/23 03:30:07 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@ --- ChangeLog | 13 +++++++++++ auth-rsa.c | 70 ++++++++++++++++++++++++++++++++-------------------------- auth.c | 10 ++------- auth.h | 4 ++-- auth2-pubkey.c | 13 ++++++----- monitor.c | 9 ++++++-- monitor_wrap.c | 9 ++++++-- pathnames.h | 5 ++++- servconf.c | 54 ++++++++++++++++++++++++++++++++++++-------- servconf.h | 8 ++++--- sshd.8 | 12 +++++----- sshd_config | 7 ++++-- sshd_config.5 | 11 +++++---- 13 files changed, 151 insertions(+), 74 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index 1aac69cbc..4e08289d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +20110529 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/05/23 03:30:07 + [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] + [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] + allow AuthorizedKeysFile to specify multiple files, separated by spaces. + Bring back authorized_keys2 as a default search path (to avoid breaking + existing users of this file), but override this in sshd_config so it will + be no longer used on fresh installs. Maybe in 2015 we can remove it + entierly :) + + feedback and ok markus@ dtucker@ + 20110520 - (djm) [session.c] call setexeccon() before executing passwd for pw changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ diff --git a/auth-rsa.c b/auth-rsa.c index 4edaab056..4ab46cd51 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.79 2010/12/03 23:55:27 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.80 2011/05/23 03:30:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -160,44 +160,27 @@ auth_rsa_challenge_dialog(Key *key) return (success); } -/* - * check if there's user key matching client_n, - * return key if login is allowed, NULL otherwise - */ - -int -auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) +static int +rsa_key_allowed_in_file(struct passwd *pw, char *file, + const BIGNUM *client_n, Key **rkey) { - char line[SSH_MAX_PUBKEY_BYTES], *file; + char line[SSH_MAX_PUBKEY_BYTES]; int allowed = 0; u_int bits; FILE *f; u_long linenum = 0; Key *key; - /* Temporarily use the user's uid. */ - temporarily_use_uid(pw); - - /* The authorized keys. */ - file = authorized_keys_file(pw); debug("trying public RSA key file %s", file); - f = auth_openkeyfile(file, pw, options.strict_modes); - if (!f) { - xfree(file); - restore_uid(); - return (0); - } - - /* Flag indicating whether the key is allowed. */ - allowed = 0; - - key = key_new(KEY_RSA1); + if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) + return 0; /* * Go though the accepted keys, looking for the current key. If * found, perform a challenge-response dialog to verify that the * user really has the corresponding private key. */ + key = key_new(KEY_RSA1); while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; @@ -235,7 +218,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) } /* cp now points to the comment part. */ - /* Check if the we have found the desired key (identified by its modulus). */ + /* + * Check if the we have found the desired key (identified + * by its modulus). + */ if (BN_cmp(key->rsa->n, client_n) != 0) continue; @@ -264,11 +250,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) break; } - /* Restore the privileged uid. */ - restore_uid(); - /* Close the file. */ - xfree(file); fclose(f); /* return key if allowed */ @@ -276,7 +258,33 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) *rkey = key; else key_free(key); - return (allowed); + + return allowed; +} + +/* + * check if there's user key matching client_n, + * return key if login is allowed, NULL otherwise + */ + +int +auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) +{ + char *file; + u_int i, allowed = 0; + + temporarily_use_uid(pw); + + for (i = 0; !allowed && i < options.num_authkeys_files; i++) { + file = expand_authorized_keys( + options.authorized_keys_files[i], pw); + allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); + xfree(file); + } + + restore_uid(); + + return allowed; } /* diff --git a/auth.c b/auth.c index be78f1a28..cac12b2e7 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.92 2011/05/11 04:47:06 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.93 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -331,7 +331,7 @@ auth_root_allowed(char *method) * * This returns a buffer allocated by xmalloc. */ -static char * +char * expand_authorized_keys(const char *filename, struct passwd *pw) { char *file, ret[MAXPATHLEN]; @@ -354,12 +354,6 @@ expand_authorized_keys(const char *filename, struct passwd *pw) return (xstrdup(ret)); } -char * -authorized_keys_file(struct passwd *pw) -{ - return expand_authorized_keys(options.authorized_keys_file, pw); -} - char * authorized_principals_file(struct passwd *pw) { diff --git a/auth.h b/auth.h index 227395863..0d786c4d5 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.68 2011/05/11 04:47:06 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -168,7 +168,7 @@ char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); void abandon_challenge_response(Authctxt *); -char *authorized_keys_file(struct passwd *); +char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); FILE *auth_openkeyfile(const char *, struct passwd *, int); diff --git a/auth2-pubkey.c b/auth2-pubkey.c index a97509c28..137887ecd 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.28 2011/05/11 04:47:06 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.29 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -436,7 +436,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) int user_key_allowed(struct passwd *pw, Key *key) { - int success; + u_int success, i; char *file; if (auth_key_is_revoked(key)) @@ -448,9 +448,12 @@ user_key_allowed(struct passwd *pw, Key *key) if (success) return success; - file = authorized_keys_file(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); + for (i = 0; !success && i < options.num_authkeys_files; i++) { + file = expand_authorized_keys( + options.authorized_keys_files[i], pw); + success = user_key_allowed2(pw, key, file); + xfree(file); + } return success; } diff --git a/monitor.c b/monitor.c index c3a418319..4479e0a03 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.112 2011/05/20 03:25:45 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.113 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -632,6 +632,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) char *username; struct passwd *pwent; int allowed = 0; + u_int i; debug3("%s", __func__); @@ -676,9 +677,14 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (options.x != NULL) \ buffer_put_cstring(m, options.x); \ } while (0) +#define M_CP_STRARRAYOPT(x, nx) do { \ + for (i = 0; i < options.nx; i++) \ + buffer_put_cstring(m, options.x[i]); \ + } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); #undef M_CP_STROPT +#undef M_CP_STRARRAYOPT debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); @@ -691,7 +697,6 @@ mm_answer_pwnamallow(int sock, Buffer *m) monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); } - #ifdef USE_PAM if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); diff --git a/monitor_wrap.c b/monitor_wrap.c index d3f274021..7a90b3ba3 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.71 2011/05/20 03:25:45 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.72 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -211,7 +211,7 @@ mm_getpwnamallow(const char *username) { Buffer m; struct passwd *pw; - u_int len; + u_int len, i; ServerOptions *newopts; debug3("%s entering", __func__); @@ -250,9 +250,14 @@ out: if (newopts->x != NULL) \ newopts->x = buffer_get_string(&m, NULL); \ } while (0) +#define M_CP_STRARRAYOPT(x, nx) do { \ + for (i = 0; i < newopts->nx; i++) \ + newopts->x[i] = buffer_get_string(&m, NULL); \ + } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); #undef M_CP_STROPT +#undef M_CP_STRARRAYOPT copy_set_server_options(&options, newopts, 1); xfree(newopts); diff --git a/pathnames.h b/pathnames.h index 787bdb676..c3d9abff5 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.21 2011/05/11 04:47:06 djm Exp $ */ +/* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */ /* * Author: Tatu Ylonen @@ -96,6 +96,9 @@ */ #define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" +/* backward compat for protocol v2 */ +#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" + /* * Per-user and system-wide ssh "rc" files. These files are executed with * /bin/sh before starting the shell or command if they exist. They will be diff --git a/servconf.c b/servconf.c index daed26a66..74710c41f 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.218 2011/05/20 03:25:45 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.219 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -126,7 +126,7 @@ initialize_server_options(ServerOptions *options) options->use_dns = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; - options->authorized_keys_file = NULL; + options->num_authkeys_files = 0; options->num_accept_env = 0; options->permit_tun = -1; options->num_permitted_opens = -1; @@ -263,8 +263,12 @@ fill_default_server_options(ServerOptions *options) options->client_alive_interval = 0; if (options->client_alive_count_max == -1) options->client_alive_count_max = 3; - if (options->authorized_keys_file == NULL) - options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); + if (options->num_authkeys_files == 0) { + options->authorized_keys_files[options->num_authkeys_files++] = + xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); + options->authorized_keys_files[options->num_authkeys_files++] = + xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); + } if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; if (options->zero_knowledge_password_authentication == -1) @@ -430,6 +434,7 @@ static struct { { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, + { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, @@ -1241,11 +1246,22 @@ process_server_config_line(ServerOptions *options, char *line, * AuthorizedKeysFile /etc/ssh_keys/%u */ case sAuthorizedKeysFile: - charptr = &options->authorized_keys_file; - goto parse_tilde_filename; + if (*activep && options->num_authkeys_files == 0) { + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (options->num_authkeys_files >= + MAX_AUTHKEYS_FILES) + fatal("%s line %d: " + "too many authorized keys files.", + filename, linenum); + options->authorized_keys_files[ + options->num_authkeys_files++] = + tilde_expand_filename(arg, getuid()); + } + } + return 0; + case sAuthorizedPrincipalsFile: charptr = &options->authorized_principals_file; - parse_tilde_filename: arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: missing file name.", @@ -1464,6 +1480,12 @@ parse_server_match_config(ServerOptions *options, const char *user, dst->n = src->n; \ } \ } while(0) +#define M_CP_STRARRAYOPT(n, num_n) do {\ + if (src->num_n != 0) { \ + for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ + dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ + } \ +} while(0) /* * Copy any supported values that are set. @@ -1508,12 +1530,14 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) */ if (preauth) return; + M_CP_STROPT(adm_forced_command); M_CP_STROPT(chroot_directory); } #undef M_CP_INTOPT #undef M_CP_STROPT +#undef M_CP_STRARRAYOPT void parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, @@ -1627,7 +1651,18 @@ dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) u_int i; for (i = 0; i < count; i++) - printf("%s %s\n", lookup_opcode_name(code), vals[i]); + printf("%s %s\n", lookup_opcode_name(code), vals[i]); +} + +static void +dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) +{ + u_int i; + + printf("%s", lookup_opcode_name(code)); + for (i = 0; i < count; i++) + printf(" %s", vals[i]); + printf("\n"); } void @@ -1725,7 +1760,6 @@ dump_config(ServerOptions *o) dump_cfg_string(sCiphers, o->ciphers); dump_cfg_string(sMacs, o->macs); dump_cfg_string(sBanner, o->banner); - dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); dump_cfg_string(sForceCommand, o->adm_forced_command); dump_cfg_string(sChrootDirectory, o->chroot_directory); dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); @@ -1738,6 +1772,8 @@ dump_config(ServerOptions *o) dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); /* string array arguments */ + dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, + o->authorized_keys_files); dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, o->host_key_files); dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, diff --git a/servconf.h b/servconf.h index 953ef8650..31e621bde 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.97 2011/05/20 03:25:45 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.98 2011/05/23 03:30:07 djm Exp $ */ /* * Author: Tatu Ylonen @@ -27,6 +27,7 @@ #define MAX_HOSTCERTS 256 /* Max # host certificates. */ #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ #define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ +#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */ /* permit_root_login */ #define PERMIT_NOT_SET -1 @@ -145,7 +146,8 @@ typedef struct { * disconnect the session */ - char *authorized_keys_file; /* File containing public keys */ + u_int num_authkeys_files; /* Files containing public keys */ + char *authorized_keys_files[MAX_AUTHKEYS_FILES]; char *adm_forced_command; @@ -171,8 +173,8 @@ typedef struct { M_CP_STROPT(banner); \ M_CP_STROPT(trusted_user_ca_keys); \ M_CP_STROPT(revoked_keys_file); \ - M_CP_STROPT(authorized_keys_file); \ M_CP_STROPT(authorized_principals_file); \ + M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ } while (0) void initialize_server_options(ServerOptions *); diff --git a/sshd.8 b/sshd.8 index 5503b1331..8e007d100 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.260 2010/10/28 18:33:28 jmc Exp $ -.Dd $Mdocdate: October 28 2010 $ +.\" $OpenBSD: sshd.8,v 1.261 2011/05/23 03:30:07 djm Exp $ +.Dd $Mdocdate: May 23 2011 $ .Dt SSHD 8 .Os .Sh NAME @@ -462,10 +462,12 @@ is run, and if that does not exist either, xauth is used to add the cookie. .Sh AUTHORIZED_KEYS FILE FORMAT .Cm AuthorizedKeysFile -specifies the file containing public keys for +specifies the file or files containing public keys for public key authentication; -if none is specified, the default is -.Pa ~/.ssh/authorized_keys . +if none is specified, the default is both +.Pa ~/.ssh/authorized_keys +and +.Pa ~/.ssh/authorized_keys2 . Each line of the file contains one key (empty lines and lines starting with a .Ql # diff --git a/sshd_config b/sshd_config index 9b0d9fa20..473e86654 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.83 2011/05/06 01:03:35 dtucker Exp $ +# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -44,7 +44,10 @@ #RSAAuthentication yes #PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no diff --git a/sshd_config.5 b/sshd_config.5 index c3d6df30a..b23e0f789 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ -.Dd $Mdocdate: December 8 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.132 2011/05/23 03:30:07 djm Exp $ +.Dd $Mdocdate: May 23 2011 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -168,8 +168,11 @@ After expansion, .Cm AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory. -The default is -.Dq .ssh/authorized_keys . +The default is both +.Dq .ssh/authorized_keys +and +.Dq .ssh/authorized_keys2 . +Multiple files may be listed separated by whitespace. .It Cm AuthorizedPrincipalsFile Specifies a file that lists principal names that are accepted for certificate authentication. -- cgit v1.2.3 From dd9e0385abcf9dd2e6c9fe6dc082b0ffd4ae2bac Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 3 Jun 2011 11:17:52 +1000 Subject: Remove the !HAVE_SOCKETPAIR case. We use socketpair unconditionally in other places and the survey data we have does not show any systems that use it. "nuke it" djm@ --- monitor.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 4479e0a03..2c9254182 100644 --- a/monitor.c +++ b/monitor.c @@ -1853,13 +1853,8 @@ mm_init_compression(struct mm_master *mm) static void monitor_socketpair(int *pair) { -#ifdef HAVE_SOCKETPAIR if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) fatal("%s: socketpair", __func__); -#else - fatal("%s: UsePrivilegeSeparation=yes not supported", - __func__); -#endif FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); } -- cgit v1.2.3 From 8f0bf237d4e699d00c2febaf1b88a9b9b827e77e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Jun 2011 14:42:23 +1000 Subject: - djm@cvs.openbsd.org 2011/06/17 21:44:31 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ --- ChangeLog | 4 ++ log.c | 35 ++++++++++++++-- log.h | 8 +++- monitor.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++++++------- monitor.h | 4 +- monitor_wrap.c | 28 ++++++++++++- monitor_wrap.h | 3 +- sshd.c | 13 +++--- 8 files changed, 197 insertions(+), 26 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index 5dae2a859..d41208092 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ make sure key_parse_public/private_rsa1() no longer consumes its input buffer. fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@ + - djm@cvs.openbsd.org 2011/06/17 21:44:31 + [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] + make the pre-auth privsep slave log via a socketpair shared with the + monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ 20110603 - (dtucker) [README version.h contrib/caldera/openssh.spec diff --git a/log.c b/log.c index 4a8239b93..ad5a10b47 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */ +/* $OpenBSD: log.c,v 1.42 2011/06/17 21:44:30 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -56,6 +56,8 @@ static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; static int log_facility = LOG_AUTH; static char *argv0; +static log_handler_fn *log_handler; +static void *log_handler_ctx; extern char *__progname; @@ -260,6 +262,9 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) exit(1); } + log_handler = NULL; + log_handler_ctx = NULL; + log_on_stderr = on_stderr; if (on_stderr) return; @@ -326,6 +331,23 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) #define MSGBUFSIZ 1024 +void +set_log_handler(log_handler_fn *handler, void *ctx) +{ + log_handler = handler; + log_handler_ctx = ctx; +} + +void +do_log2(LogLevel level, const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(level, fmt, args); + va_end(args); +} + void do_log(LogLevel level, const char *fmt, va_list args) { @@ -337,6 +359,7 @@ do_log(LogLevel level, const char *fmt, va_list args) char *txt = NULL; int pri = LOG_INFO; int saved_errno = errno; + log_handler_fn *tmp_handler; if (level > log_level) return; @@ -375,7 +398,7 @@ do_log(LogLevel level, const char *fmt, va_list args) pri = LOG_ERR; break; } - if (txt != NULL) { + if (txt != NULL && log_handler == NULL) { snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); } else { @@ -383,7 +406,13 @@ do_log(LogLevel level, const char *fmt, va_list args) } strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); - if (log_on_stderr) { + if (log_handler != NULL) { + /* Avoid recursion */ + tmp_handler = log_handler; + log_handler = NULL; + tmp_handler(level, fmtbuf, log_handler_ctx); + log_handler = tmp_handler; + } else if (log_on_stderr) { snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); write(STDERR_FILENO, msgbuf, strlen(msgbuf)); } else { diff --git a/log.h b/log.h index 650582791..1b8d2142b 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.17 2008/06/13 00:12:02 dtucker Exp $ */ +/* $OpenBSD: log.h,v 1.18 2011/06/17 21:44:30 djm Exp $ */ /* * Author: Tatu Ylonen @@ -46,6 +46,8 @@ typedef enum { SYSLOG_LEVEL_NOT_SET = -1 } LogLevel; +typedef void (log_handler_fn)(LogLevel, const char *, void *); + void log_init(char *, LogLevel, SyslogFacility, int); SyslogFacility log_facility_number(char *); @@ -64,6 +66,10 @@ void debug(const char *, ...) __attribute__((format(printf, 1, 2))); void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); + +void set_log_handler(log_handler_fn *, void *); +void do_log2(LogLevel, const char *, ...) + __attribute__((format(printf, 2, 3))); void do_log(LogLevel, const char *, va_list); void cleanup_exit(int) __attribute__((noreturn)); #endif diff --git a/monitor.c b/monitor.c index 2c9254182..bb8003c67 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.113 2011/05/23 03:30:07 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.114 2011/06/17 21:44:30 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -44,6 +44,13 @@ #include #include #include +#ifdef HAVE_POLL_H +#include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif #ifdef SKEY #include @@ -52,6 +59,7 @@ #include #include "openbsd-compat/sys-queue.h" +#include "atomicio.h" #include "xmalloc.h" #include "ssh.h" #include "key.h" @@ -179,6 +187,8 @@ int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_command(int, Buffer *); #endif +static int monitor_read_log(struct monitor *); + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -346,6 +356,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) debug3("preauth child monitor started"); + close(pmonitor->m_recvfd); + close(pmonitor->m_log_sendfd); + pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; + authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); @@ -405,6 +419,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) #endif } + /* Drain any buffered messages from the child */ + while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) + ; + if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); if (strcmp(auth_method, "unknown") == 0) @@ -414,6 +432,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) __func__, authctxt->user); mm_get_keystate(pmonitor); + + close(pmonitor->m_sendfd); + close(pmonitor->m_log_recvfd); + pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; } static void @@ -431,6 +453,9 @@ monitor_child_handler(int sig) void monitor_child_postauth(struct monitor *pmonitor) { + close(pmonitor->m_recvfd); + pmonitor->m_recvfd = -1; + monitor_set_child_handler(pmonitor->m_pid); signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); @@ -454,6 +479,9 @@ monitor_child_postauth(struct monitor *pmonitor) for (;;) monitor_read(pmonitor, mon_dispatch, NULL); + + close(pmonitor->m_sendfd); + pmonitor->m_sendfd = -1; } void @@ -465,6 +493,52 @@ monitor_sync(struct monitor *pmonitor) } } +static int +monitor_read_log(struct monitor *pmonitor) +{ + Buffer logmsg; + u_int len, level; + char *msg; + + buffer_init(&logmsg); + + /* Read length */ + buffer_append_space(&logmsg, 4); + if (atomicio(read, pmonitor->m_log_recvfd, + buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { + if (errno == EPIPE) { + debug("%s: child log fd closed", __func__); + close(pmonitor->m_log_recvfd); + pmonitor->m_log_recvfd = -1; + return -1; + } + fatal("%s: log fd read: %s", __func__, strerror(errno)); + } + len = buffer_get_int(&logmsg); + if (len <= 4 || len > 8192) + fatal("%s: invalid log message length %u", __func__, len); + + /* Read severity, message */ + buffer_clear(&logmsg); + buffer_append_space(&logmsg, len); + if (atomicio(read, pmonitor->m_log_recvfd, + buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) + fatal("%s: log fd read: %s", __func__, strerror(errno)); + + /* Log it */ + level = buffer_get_int(&logmsg); + msg = buffer_get_string(&logmsg, NULL); + if (log_level_name(level) == NULL) + fatal("%s: invalid log level %u (corrupted message?)", + __func__, level); + do_log2(level, "%s [preauth]", msg); + + buffer_free(&logmsg); + xfree(msg); + + return 0; +} + int monitor_read(struct monitor *pmonitor, struct mon_table *ent, struct mon_table **pent) @@ -472,6 +546,27 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, Buffer m; int ret; u_char type; + struct pollfd pfd[2]; + + for (;;) { + bzero(&pfd, sizeof(pfd)); + pfd[0].fd = pmonitor->m_sendfd; + pfd[0].events = POLLIN; + pfd[1].fd = pmonitor->m_log_recvfd; + pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; + if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) + fatal("%s: poll: %s", __func__, strerror(errno)); + if (pfd[1].revents) { + /* + * Drain all log messages before processing next + * monitor request. + */ + monitor_read_log(pmonitor); + continue; + } + if (pfd[0].revents) + break; /* Continues below */ + } buffer_init(&m); @@ -1851,12 +1946,26 @@ mm_init_compression(struct mm_master *mm) } while (0) static void -monitor_socketpair(int *pair) +monitor_openfds(struct monitor *mon, int do_logfds) { + int pair[2]; + if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) - fatal("%s: socketpair", __func__); + fatal("%s: socketpair: %s", __func__, strerror(errno)); FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); + mon->m_recvfd = pair[0]; + mon->m_sendfd = pair[1]; + + if (do_logfds) { + if (pipe(pair) == -1) + fatal("%s: pipe: %s", __func__, strerror(errno)); + FD_CLOSEONEXEC(pair[0]); + FD_CLOSEONEXEC(pair[1]); + mon->m_log_recvfd = pair[0]; + mon->m_log_sendfd = pair[1]; + } else + mon->m_log_recvfd = mon->m_log_sendfd = -1; } #define MM_MEMSIZE 65536 @@ -1865,14 +1974,10 @@ struct monitor * monitor_init(void) { struct monitor *mon; - int pair[2]; mon = xcalloc(1, sizeof(*mon)); - monitor_socketpair(pair); - - mon->m_recvfd = pair[0]; - mon->m_sendfd = pair[1]; + monitor_openfds(mon, 1); /* Used to share zlib space across processes */ if (options.compression) { @@ -1889,12 +1994,7 @@ monitor_init(void) void monitor_reinit(struct monitor *mon) { - int pair[2]; - - monitor_socketpair(pair); - - mon->m_recvfd = pair[0]; - mon->m_sendfd = pair[1]; + monitor_openfds(mon, 0); } #ifdef GSSAPI diff --git a/monitor.h b/monitor.h index a8a2c0c19..5e7d552fb 100644 --- a/monitor.h +++ b/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.15 2008/11/04 08:22:13 djm Exp $ */ +/* $OpenBSD: monitor.h,v 1.16 2011/06/17 21:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -72,6 +72,8 @@ struct mm_master; struct monitor { int m_recvfd; int m_sendfd; + int m_log_recvfd; + int m_log_sendfd; struct mm_master *m_zback; struct mm_master *m_zlib; struct Kex **m_pkex; diff --git a/monitor_wrap.c b/monitor_wrap.c index 7a90b3ba3..1f60658e9 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.72 2011/05/23 03:30:07 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.73 2011/06/17 21:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -88,6 +88,32 @@ extern struct monitor *pmonitor; extern Buffer loginmsg; extern ServerOptions options; +void +mm_log_handler(LogLevel level, const char *msg, void *ctx) +{ + Buffer log_msg; + struct monitor *mon = (struct monitor *)ctx; + + if (mon->m_log_sendfd == -1) + fatal("%s: no log channel", __func__); + + buffer_init(&log_msg); + /* + * Placeholder for packet length. Will be filled in with the actual + * packet length once the packet has been constucted. This saves + * fragile math. + */ + buffer_put_int(&log_msg, 0); + + buffer_put_int(&log_msg, level); + buffer_put_cstring(&log_msg, msg); + put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); + if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), + buffer_len(&log_msg)) != buffer_len(&log_msg)) + fatal("%s: write: %s", __func__, strerror(errno)); + buffer_free(&log_msg); +} + int mm_is_monitor(void) { diff --git a/monitor_wrap.h b/monitor_wrap.h index de2d16f66..0c7f2e384 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.22 2009/03/05 07:18:19 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.23 2011/06/17 21:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -37,6 +37,7 @@ struct monitor; struct mm_master; struct Authctxt; +void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); diff --git a/sshd.c b/sshd.c index 50d0dede4..6e15522b3 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.382 2011/04/12 05:32:49 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.383 2011/06/17 21:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -636,10 +636,8 @@ privsep_preauth(Authctxt *authctxt) } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); - close(pmonitor->m_recvfd); pmonitor->m_pid = pid; monitor_child_preauth(authctxt, pmonitor); - close(pmonitor->m_sendfd); /* Sync memory */ monitor_sync(pmonitor); @@ -651,8 +649,11 @@ privsep_preauth(Authctxt *authctxt) return (1); } else { /* child */ - close(pmonitor->m_sendfd); + close(pmonitor->m_log_recvfd); + + /* Arrange for logging to be sent to the monitor */ + set_log_handler(mm_log_handler, pmonitor); /* Demote the child */ if (getuid() == 0 || geteuid() == 0) @@ -685,7 +686,6 @@ privsep_postauth(Authctxt *authctxt) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); - close(pmonitor->m_recvfd); buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); @@ -693,7 +693,10 @@ privsep_postauth(Authctxt *authctxt) exit(0); } + /* child */ + close(pmonitor->m_sendfd); + pmonitor->m_sendfd = -1; /* Demote the private keys to public keys. */ demote_sensitive_data(); -- cgit v1.2.3 From 7741ce8bd2d0aef8aae0c2406eb51b617f1165fe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 6 Aug 2011 06:15:15 +1000 Subject: - djm@cvs.openbsd.org 2011/06/23 23:35:42 [monitor.c] ignore EINTR errors from poll() --- ChangeLog | 6 ++++++ Makefile.in | 4 +++- monitor.c | 7 +++++-- 3 files changed, 14 insertions(+), 3 deletions(-) (limited to 'monitor.c') diff --git a/ChangeLog b/ChangeLog index f25da55fb..ae6de3f2a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20110805 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/23 23:35:42 + [monitor.c] + ignore EINTR errors from poll() + 20110624 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing diff --git a/Makefile.in b/Makefile.in index aeb67e1d8..3be3aa617 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.324 2011/06/26 21:18:20 djm Exp $ +# $Id: Makefile.in,v 1.325 2011/08/05 20:15:18 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -213,6 +213,8 @@ distclean: regressclean veryclean: distclean rm -f configure config.h.in *.0 +cleandir: veryclean + mrproper: veryclean realclean: veryclean diff --git a/monitor.c b/monitor.c index bb8003c67..a166fed2e 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.114 2011/06/17 21:44:30 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.115 2011/06/23 23:35:42 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -554,8 +554,11 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, pfd[0].events = POLLIN; pfd[1].fd = pmonitor->m_log_recvfd; pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; - if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) + if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { + if (errno == EINTR || errno == EAGAIN) + continue; fatal("%s: poll: %s", __func__, strerror(errno)); + } if (pfd[1].revents) { /* * Drain all log messages before processing next -- cgit v1.2.3