OpenSSH_4.3p1 configure patch
Corinna Vinschen
vinschen at redhat.com
Tue Feb 7 23:55:01 EST 2006
On Feb 7 22:52, Darren Tucker wrote:
> On Tue, Feb 07, 2006 at 12:32:33PM +0100, Corinna Vinschen wrote:
> > I found it. If privilege separation is activated, monitor_child_preauth
> > calls auth_log. If privilege separation is not used, userauth_finish
> > calls auth_log. On systems lacking working descriptor passing, both
> > functions are called when privilege separation is on. The only useful
> > way I found to get rid of one of the messages is not to print the
> > message from monitor_child_preauth, if DISABLE_FD_PASSING is set for
> > the target. Patch below. If somebody finds a way without adding another
> > #ifdef, I'd be very glad, though.
>
> I've been looking at this too. It looks like I had a similar problem
> when doing the audit support and came up with an even uglier solution
> (look for SSH_AUDIT_EVENTS in auth.c). There has to be a nicer way
> for all concerned.
I found a better solution which doesn't require an #ifdef:
--- auth2.c.ORIG 2006-02-07 13:53:11.561136300 +0100
+++ auth2.c 2006-02-07 13:51:08.992832300 +0100
@@ -243,7 +243,8 @@ userauth_finish(Authctxt *authctxt, int
#endif /* _UNICOS */
/* Log before sending the reply */
- auth_log(authctxt, authenticated, method, " ssh2");
+ if (!use_privsep)
+ auth_log(authctxt, authenticated, method, " ssh2");
if (authctxt->postponed)
return;
Is that ok?
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list