OpenSSH_4.3p1 configure patch

Corinna Vinschen vinschen at redhat.com
Tue Feb 7 22:32:33 EST 2006


On Feb  6 19:16, Corinna Vinschen wrote:
> On Feb  7 01:06, Darren Tucker wrote:
> > On Mon, Feb 06, 2006 at 02:42:55PM +0100, Corinna Vinschen wrote:
> > > I just tested the below patch and it solves the problem for me.
> > > Since session_exit_message is only called from session_close_by_pid,
> > > the solution seems to be the correct one.
> > > 
> > > 
> > > --- session.c.ORIG	2006-02-06 13:50:21.788927500 +0100
> > > +++ session.c	2006-02-06 13:45:27.042081500 +0100
> > > @@ -2176,7 +2176,6 @@ session_exit_message(Session *s, int sta
> > >  
> > >  	/* disconnect channel */
> > >  	debug("session_exit_message: release channel %d", s->chanid);
> > > -	s->pid = 0;
> > >  
> > >  	/*
> > >  	 * Adjust cleanup callback attachment to send close messages when
> > > @@ -2238,6 +2237,7 @@ session_close_by_pid(pid_t pid, int stat
> > >  		session_exit_message(s, status);
> > >  	if (s->ttyfd != -1)
> > >  		session_pty_cleanup(s);
> > > +	s->pid = 0;
> > >  }
> > 
> > FWIW the s->pid bit was added in this change:
> 
> I found another problem.  If I switch on privilege separation on
> Cygwin, I get two syslog messages per login, one from the privsep
> process and another one from the child sshd which handles the connection.
> 
> This is only a headsup so far, it's too late for today to debug this.

I found it.  If privilege separation is activated, monitor_child_preauth
calls auth_log.  If privilege separation is not used, userauth_finish
calls auth_log.  On systems lacking working descriptor passing, both
functions are called when privilege separation is on.  The only useful
way I found to get rid of one of the messages is not to print the
message from monitor_child_preauth, if DISABLE_FD_PASSING is set for
the target.  Patch below.  If somebody finds a way without adding another
#ifdef, I'd be very glad, though.


Corinna

--- monitor.c.ORIG	2006-02-07 12:23:49.792704600 +0100
+++ monitor.c	2006-02-07 12:22:55.282671000 +0100
@@ -349,8 +349,10 @@ monitor_child_preauth(Authctxt *_authctx
 		}
 
 		if (ent->flags & MON_AUTHDECIDE) {
+#ifndef DISABLE_FD_PASSING
 			auth_log(authctxt, authenticated, auth_method,
 			    compat20 ? " ssh2" : "");
+#endif
 			if (!authenticated)
 				authctxt->failures++;
 		}


-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat




More information about the openssh-unix-dev mailing list