OpenSSH_4.3p1 configure patch
Corinna Vinschen
vinschen at redhat.com
Tue Feb 7 22:32:33 EST 2006
On Feb 6 19:16, Corinna Vinschen wrote:
> On Feb 7 01:06, Darren Tucker wrote:
> > On Mon, Feb 06, 2006 at 02:42:55PM +0100, Corinna Vinschen wrote:
> > > I just tested the below patch and it solves the problem for me.
> > > Since session_exit_message is only called from session_close_by_pid,
> > > the solution seems to be the correct one.
> > >
> > >
> > > --- session.c.ORIG 2006-02-06 13:50:21.788927500 +0100
> > > +++ session.c 2006-02-06 13:45:27.042081500 +0100
> > > @@ -2176,7 +2176,6 @@ session_exit_message(Session *s, int sta
> > >
> > > /* disconnect channel */
> > > debug("session_exit_message: release channel %d", s->chanid);
> > > - s->pid = 0;
> > >
> > > /*
> > > * Adjust cleanup callback attachment to send close messages when
> > > @@ -2238,6 +2237,7 @@ session_close_by_pid(pid_t pid, int stat
> > > session_exit_message(s, status);
> > > if (s->ttyfd != -1)
> > > session_pty_cleanup(s);
> > > + s->pid = 0;
> > > }
> >
> > FWIW the s->pid bit was added in this change:
>
> I found another problem. If I switch on privilege separation on
> Cygwin, I get two syslog messages per login, one from the privsep
> process and another one from the child sshd which handles the connection.
>
> This is only a headsup so far, it's too late for today to debug this.
I found it. If privilege separation is activated, monitor_child_preauth
calls auth_log. If privilege separation is not used, userauth_finish
calls auth_log. On systems lacking working descriptor passing, both
functions are called when privilege separation is on. The only useful
way I found to get rid of one of the messages is not to print the
message from monitor_child_preauth, if DISABLE_FD_PASSING is set for
the target. Patch below. If somebody finds a way without adding another
#ifdef, I'd be very glad, though.
Corinna
--- monitor.c.ORIG 2006-02-07 12:23:49.792704600 +0100
+++ monitor.c 2006-02-07 12:22:55.282671000 +0100
@@ -349,8 +349,10 @@ monitor_child_preauth(Authctxt *_authctx
}
if (ent->flags & MON_AUTHDECIDE) {
+#ifndef DISABLE_FD_PASSING
auth_log(authctxt, authenticated, auth_method,
compat20 ? " ssh2" : "");
+#endif
if (!authenticated)
authctxt->failures++;
}
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list