From 54fd7cf2db5327f304825e0f9aaf9af5a490a75f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Sep 2007 12:04:08 +1000 Subject: - djm@cvs.openbsd.org 2007/09/04 03:21:03 [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h] [monitor_wrap.c ssh.c] make file descriptor passing code return an error rather than call fatal() when it encounters problems, and use this to make session multiplexing masters survive slaves failing to pass all stdio FDs; ok markus@ --- monitor_fdpass.c | 56 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 20 deletions(-) (limited to 'monitor_fdpass.c') diff --git a/monitor_fdpass.c b/monitor_fdpass.c index 9f8e9cd55..a572302e8 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.13 2007/09/04 03:21:03 djm Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -40,7 +40,7 @@ #include "log.h" #include "monitor_fdpass.h" -void +int mm_send_fd(int sock, int fd) { #if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) @@ -72,15 +72,21 @@ mm_send_fd(int sock, int fd) msg.msg_iov = &vec; msg.msg_iovlen = 1; - if ((n = sendmsg(sock, &msg, 0)) == -1) - fatal("%s: sendmsg(%d): %s", __func__, fd, + if ((n = sendmsg(sock, &msg, 0)) == -1) { + error("%s: sendmsg(%d): %s", __func__, fd, strerror(errno)); - if (n != 1) - fatal("%s: sendmsg: expected sent 1 got %ld", + return -1; + } + + if (n != 1) { + error("%s: sendmsg: expected sent 1 got %ld", __func__, (long)n); + return -1; + } + return 0; #else - fatal("%s: UsePrivilegeSeparation=yes not supported", - __func__); + error("%s: file descriptor passing not supported", __func__); + return -1; #endif } @@ -111,29 +117,39 @@ mm_receive_fd(int sock) msg.msg_controllen = sizeof(tmp); #endif - if ((n = recvmsg(sock, &msg, 0)) == -1) - fatal("%s: recvmsg: %s", __func__, strerror(errno)); - if (n != 1) - fatal("%s: recvmsg: expected received 1 got %ld", + if ((n = recvmsg(sock, &msg, 0)) == -1) { + error("%s: recvmsg: %s", __func__, strerror(errno)); + return -1; + } + if (n != 1) { + error("%s: recvmsg: expected received 1 got %ld", __func__, (long)n); + return -1; + } #ifdef HAVE_ACCRIGHTS_IN_MSGHDR - if (msg.msg_accrightslen != sizeof(fd)) - fatal("%s: no fd", __func__); + if (msg.msg_accrightslen != sizeof(fd)) { + error("%s: no fd", __func__); + return -1; + } #else cmsg = CMSG_FIRSTHDR(&msg); - if (cmsg == NULL) - fatal("%s: no message header", __func__); + if (cmsg == NULL) { + error("%s: no message header", __func__); + return -1; + } #ifndef BROKEN_CMSG_TYPE - if (cmsg->cmsg_type != SCM_RIGHTS) - fatal("%s: expected type %d got %d", __func__, + if (cmsg->cmsg_type != SCM_RIGHTS) { + error("%s: expected type %d got %d", __func__, SCM_RIGHTS, cmsg->cmsg_type); + return -1; + } #endif fd = (*(int *)CMSG_DATA(cmsg)); #endif return fd; #else - fatal("%s: UsePrivilegeSeparation=yes not supported", - __func__); + error("%s: file descriptor passing not supported", __func__); + return -1; #endif } -- cgit v1.2.3 From c0c53c3114b652d30b8277d66fec82482bcde38d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Mar 2008 18:35:26 +1100 Subject: - deraadt@cvs.openbsd.org 2008/03/02 18:19:35 [monitor_fdpass.c] use a union to ensure alignment of the cmsg (pay attention: various other parts of the tree need this treatment too); ok djm --- ChangeLog | 6 +++++- monitor_fdpass.c | 16 +++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) (limited to 'monitor_fdpass.c') diff --git a/ChangeLog b/ChangeLog index 0aa5c9920..b89e5ff4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,10 @@ add an extension method "posix-rename@openssh.com" to perform POSIX atomic rename() operations. based on patch from miklos AT szeredi.hu in bz#1400; ok dtucker@ markus@ + - deraadt@cvs.openbsd.org 2008/03/02 18:19:35 + [monitor_fdpass.c] + use a union to ensure alignment of the cmsg (pay attention: various other + parts of the tree need this treatment too); ok djm 20080302 - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect @@ -3690,4 +3694,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4857 2008/03/07 07:33:53 djm Exp $ +$Id: ChangeLog,v 1.4858 2008/03/07 07:35:26 djm Exp $ diff --git a/monitor_fdpass.c b/monitor_fdpass.c index a572302e8..fb00ab7ab 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.13 2007/09/04 03:21:03 djm Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.14 2008/03/02 18:19:35 deraadt Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -49,7 +49,10 @@ mm_send_fd(int sock, int fd) char ch = '\0'; ssize_t n; #ifndef HAVE_ACCRIGHTS_IN_MSGHDR - char tmp[CMSG_SPACE(sizeof(int))]; + union { + struct cmsghdr hdr; + char tmp[CMSG_SPACE(sizeof(int))]; + } tmp; struct cmsghdr *cmsg; #endif @@ -58,7 +61,7 @@ mm_send_fd(int sock, int fd) msg.msg_accrights = (caddr_t)&fd; msg.msg_accrightslen = sizeof(fd); #else - msg.msg_control = (caddr_t)tmp; + msg.msg_control = (caddr_t)&tmp; msg.msg_controllen = CMSG_LEN(sizeof(int)); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); @@ -100,7 +103,10 @@ mm_receive_fd(int sock) char ch; int fd; #ifndef HAVE_ACCRIGHTS_IN_MSGHDR - char tmp[CMSG_SPACE(sizeof(int))]; + union { + char tmp[CMSG_SPACE(sizeof(int))]; + struct cmsghdr hdr; + } tmp; struct cmsghdr *cmsg; #endif @@ -113,7 +119,7 @@ mm_receive_fd(int sock) msg.msg_accrights = (caddr_t)&fd; msg.msg_accrightslen = sizeof(fd); #else - msg.msg_control = tmp; + msg.msg_control = &tmp; msg.msg_controllen = sizeof(tmp); #endif -- cgit v1.2.3 From f92e063872ffc12fd82be7e344e8aeeeefd7a8ee Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 27 Mar 2008 10:53:23 +1100 Subject: - deraadt@cvs.openbsd.org 2008/03/13 01:49:53 [monitor_fdpass.c] Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to an extensive discussion with otto, kettenis, millert, and hshoexer --- ChangeLog | 6 +++++- monitor_fdpass.c | 17 +++++++++-------- 2 files changed, 14 insertions(+), 9 deletions(-) (limited to 'monitor_fdpass.c') diff --git a/ChangeLog b/ChangeLog index 03635b5e3..4d222aa98 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ [ssh.1 sshd.8 sshd_config.5] bump Mdocdate for pages committed in "febuary", necessary because of a typo in rcs.c; + - deraadt@cvs.openbsd.org 2008/03/13 01:49:53 + [monitor_fdpass.c] + Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to + an extensive discussion with otto, kettenis, millert, and hshoexer 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are @@ -3777,4 +3781,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4882 2008/03/26 23:50:21 djm Exp $ +$Id: ChangeLog,v 1.4883 2008/03/26 23:53:23 djm Exp $ diff --git a/monitor_fdpass.c b/monitor_fdpass.c index fb00ab7ab..a3e995df8 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.14 2008/03/02 18:19:35 deraadt Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.15 2008/03/13 01:49:53 deraadt Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -52,7 +52,8 @@ mm_send_fd(int sock, int fd) union { struct cmsghdr hdr; char tmp[CMSG_SPACE(sizeof(int))]; - } tmp; + char buf[CMSG_SPACE(sizeof(int))]; + } cmsgbuf; struct cmsghdr *cmsg; #endif @@ -61,8 +62,8 @@ mm_send_fd(int sock, int fd) msg.msg_accrights = (caddr_t)&fd; msg.msg_accrightslen = sizeof(fd); #else - msg.msg_control = (caddr_t)&tmp; - msg.msg_controllen = CMSG_LEN(sizeof(int)); + msg.msg_control = (caddr_t)&cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); cmsg->cmsg_level = SOL_SOCKET; @@ -104,9 +105,9 @@ mm_receive_fd(int sock) int fd; #ifndef HAVE_ACCRIGHTS_IN_MSGHDR union { - char tmp[CMSG_SPACE(sizeof(int))]; struct cmsghdr hdr; - } tmp; + char buf[CMSG_SPACE(sizeof(int))]; + } cmsgbuf; struct cmsghdr *cmsg; #endif @@ -119,8 +120,8 @@ mm_receive_fd(int sock) msg.msg_accrights = (caddr_t)&fd; msg.msg_accrightslen = sizeof(fd); #else - msg.msg_control = &tmp; - msg.msg_controllen = sizeof(tmp); + msg.msg_control = &cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); #endif if ((n = recvmsg(sock, &msg, 0)) == -1) { -- cgit v1.2.3 From be71e2d9725cf0833ee208222eb6860bb17316ef Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 27 Mar 2008 10:54:44 +1100 Subject: - deraadt@cvs.openbsd.org 2008/03/15 16:19:02 [monitor_fdpass.c] Repair the simple cases for msg_controllen where it should just be CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer --- ChangeLog | 7 ++++++- monitor_fdpass.c | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'monitor_fdpass.c') diff --git a/ChangeLog b/ChangeLog index 4d222aa98..985e8050d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,11 @@ [monitor_fdpass.c] Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to an extensive discussion with otto, kettenis, millert, and hshoexer + - deraadt@cvs.openbsd.org 2008/03/15 16:19:02 + [monitor_fdpass.c] + Repair the simple cases for msg_controllen where it should just be + CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because + of alignment; ok kettenis hshoexer 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are @@ -3781,4 +3786,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4883 2008/03/26 23:53:23 djm Exp $ +$Id: ChangeLog,v 1.4884 2008/03/26 23:54:44 djm Exp $ diff --git a/monitor_fdpass.c b/monitor_fdpass.c index a3e995df8..18ae6248a 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.15 2008/03/13 01:49:53 deraadt Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.16 2008/03/15 16:19:02 deraadt Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -63,7 +63,7 @@ mm_send_fd(int sock, int fd) msg.msg_accrightslen = sizeof(fd); #else msg.msg_control = (caddr_t)&cmsgbuf.buf; - msg.msg_controllen = sizeof(cmsgbuf.buf); + msg.msg_controllen = CMSG_LEN(sizeof(int)); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); cmsg->cmsg_level = SOL_SOCKET; @@ -121,7 +121,7 @@ mm_receive_fd(int sock) msg.msg_accrightslen = sizeof(fd); #else msg.msg_control = &cmsgbuf.buf; - msg.msg_controllen = sizeof(cmsgbuf.buf); + msg.msg_controllen = CMSG_LEN(sizeof(int)); #endif if ((n = recvmsg(sock, &msg, 0)) == -1) { -- cgit v1.2.3 From e241e85ad3fd50fb94666ddaa52e44cbaae47fbb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 27 Mar 2008 11:01:15 +1100 Subject: - deraadt@cvs.openbsd.org 2008/03/24 16:11:07 [monitor_fdpass.c] msg_controllen has to be CMSG_SPACE so that the kernel can account for each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis --- ChangeLog | 9 ++++++++- monitor_fdpass.c | 6 +++--- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'monitor_fdpass.c') diff --git a/ChangeLog b/ChangeLog index 73760b809..876055383 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,13 @@ existing file. Users who depended on this should adjust their sftp(1) usage. ok deraadt@ markus@ + - deraadt@cvs.openbsd.org 2008/03/24 16:11:07 + [monitor_fdpass.c] + msg_controllen has to be CMSG_SPACE so that the kernel can account for + each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This + works now that kernel fd passing has been fixed to accept a bit of + sloppiness because of this ABI repair. + lots of discussion with kettenis 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are @@ -3794,4 +3801,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4885 2008/03/26 23:59:57 djm Exp $ +$Id: ChangeLog,v 1.4886 2008/03/27 00:01:15 djm Exp $ diff --git a/monitor_fdpass.c b/monitor_fdpass.c index 18ae6248a..cab538bc9 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.16 2008/03/15 16:19:02 deraadt Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.17 2008/03/24 16:11:07 deraadt Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -63,7 +63,7 @@ mm_send_fd(int sock, int fd) msg.msg_accrightslen = sizeof(fd); #else msg.msg_control = (caddr_t)&cmsgbuf.buf; - msg.msg_controllen = CMSG_LEN(sizeof(int)); + msg.msg_controllen = sizeof(cmsgbuf.buf); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); cmsg->cmsg_level = SOL_SOCKET; @@ -121,7 +121,7 @@ mm_receive_fd(int sock) msg.msg_accrightslen = sizeof(fd); #else msg.msg_control = &cmsgbuf.buf; - msg.msg_controllen = CMSG_LEN(sizeof(int)); + msg.msg_controllen = sizeof(cmsgbuf.buf); #endif if ((n = recvmsg(sock, &msg, 0)) == -1) { -- cgit v1.2.3