OpenSSH_4.3p1 configure patch
Corinna Vinschen
vinschen at redhat.com
Mon Feb 6 23:44:43 EST 2006
On Feb 6 22:38, Darren Tucker wrote:
> On Mon, Feb 06, 2006 at 12:02:43PM +0100, Corinna Vinschen wrote:
> [...]
> > I debugged an sshd child and found this:
> >
> > - On logging out from an interactive session, EOF is encountered and
> > down from do_authenticated, session_close_by_pid is called.
> >
> > - session_by_pid returns the correct Session pointer.
> >
> > - s->chanid is != -1, ==> session_exit_message is called.
> >
> > - session_exit_message sets s->pid = 0 and returns to session_close_by_pid.
> >
> > - s->ttyfd != -1, ==> session_pty_cleanup is called.
> >
> > - session_pty_cleanup calls session_pty_cleanup2.
> >
> > - In session_pty_cleanup2, record_logout is only called if s->pid != 0.
> >
> > Do I miss something or is it somehow impossible to get a logout record
> > this way?!?
>
> When privsep is on, session_exit_message is called in the slave, but
> session_pty_cleanup2 is called by the monitor, so it works.
>
> It looks like a problem when privsep=no, though, and it's not immediately
> obvious to me what to do with it.
This also happens if UsePrivilegeSeparation is set to "yes" in
/etc/sshd_config on Cygwin. The problem is that descriptor passing
doesn't work on Cygwin which in turn sets use_privsep to 0. So, logout
logging is entirely broken for all systems which either don't support,
or have broken file descriptor passing.
Since the old session_exit_message only set s->chanid to -1, maybe we
could remove setting s->pid to 0 from session_exit_message and move it
to the end of session_close_by_pid?
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list