OpenSSH_4.3p1 configure patch

Roger Cornelius rac at tenzing.org
Tue Feb 7 03:36:45 EST 2006


On 02/06/2006 14:42, Corinna Vinschen wrote:
> On Feb  6 13:44, Corinna Vinschen wrote:
> > On Feb  6 22:38, Darren Tucker wrote:
> > > On Mon, Feb 06, 2006 at 12:02:43PM +0100, Corinna Vinschen wrote:
> > > [...]
> > > > I debugged an sshd child and found this:
> > > > 
> > > >   - On logging out from an interactive session, EOF is encountered and
> > > >     down from do_authenticated, session_close_by_pid is called.
> > > > 
> > > >   - session_by_pid returns the correct Session pointer.
> > > > 
> > > >   - s->chanid is != -1, ==> session_exit_message is called.
> > > > 
> > > >   - session_exit_message sets s->pid = 0 and returns to session_close_by_pid.
> > > > 
> > > >   - s->ttyfd != -1, ==> session_pty_cleanup is called.
> > > > 
> > > >   - session_pty_cleanup calls session_pty_cleanup2.
> > > > 
> > > >   - In session_pty_cleanup2, record_logout is only called if s->pid != 0.
> > > > 
> > > > Do I miss something or is it somehow impossible to get a logout record
> > > > this way?!?
> > > 
> > > When privsep is on, session_exit_message is called in the slave, but
> > > session_pty_cleanup2 is called by the monitor, so it works.
> > > 
> > > It looks like a problem when privsep=no, though, and it's not immediately
> > > obvious to me what to do with it.
> > 
> > This also happens if UsePrivilegeSeparation is set to "yes" in
> > /etc/sshd_config on Cygwin.  The problem is that descriptor passing
> > doesn't work on Cygwin which in turn sets use_privsep to 0.  So, logout
> > logging is entirely broken for all systems which either don't support,
> > or have broken file descriptor passing.
> > 
> > Since the old session_exit_message only set s->chanid to -1, maybe we
> > could remove setting s->pid to 0 from session_exit_message and move it
> > to the end of session_close_by_pid?
> 
> I just tested the below patch and it solves the problem for me.
> Since session_exit_message is only called from session_close_by_pid,
> the solution seems to be the correct one.

I noticed this behaviour on SCO OSR507 after building 4.3p1 over the
weekend.  Finding the problem was on my todo list for today.  Thank you
for saving me the trouble.  I do not see the problem on SCO OSR6, so it
must be one of the excluded cases you mention (though I haven't checked).

Roger
-- 
Roger Cornelius        rac at tenzing.org




More information about the openssh-unix-dev mailing list