tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix for orphaned unprivileged workers on sshd login timeout (#290) 

Issue: When sshd times out due to login grace timeout, it leaves behind the unprivileged worker orphaned.
Fix: Add missing child's reference in monitor.
This commit is contained in:
Manoj Ampalam 2018-03-20 09:41:52 -07:00 committed by GitHub
parent 966d8c4129
commit 7a8e119275
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
sshd.c
View File

@ -776,15 +776,28 @@ privsep_preauth(Authctxt *authctxt)
posix_spawn_file_actions_adddup2(&actions, tmp_sock, STDOUT_FILENO) != 0 || posix_spawn_file_actions_adddup2(&actions, tmp_sock, STDOUT_FILENO) != 0 ||
posix_spawn_file_actions_adddup2(&actions, pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) != 0 || posix_spawn_file_actions_adddup2(&actions, pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) != 0 ||
posix_spawn_file_actions_adddup2(&actions, pmonitor->m_log_sendfd, PRIVSEP_LOG_FD) != 0 ) posix_spawn_file_actions_adddup2(&actions, pmonitor->m_log_sendfd, PRIVSEP_LOG_FD) != 0 )
error("posix_spawn initialization failed"); fatal("posix_spawn initialization failed");
else {
{
char** argv = privsep_child_cmdline(0); char** argv = privsep_child_cmdline(0);
if (__posix_spawn_asuser(&pid, argv[0], &actions, NULL, argv, NULL, SSH_PRIVSEP_USER) != 0) if (__posix_spawn_asuser(&pid, argv[0], &actions, NULL, argv, NULL, SSH_PRIVSEP_USER) != 0)
error("%s, posix_spawn failed", __func__); fatal("%s, fork of unprivileged child failed", __func__);
else
debug2("Network child is on pid %ld", (long)pid);
posix_spawn_file_actions_destroy(&actions); posix_spawn_file_actions_destroy(&actions);
} }
debug2("Network child is on pid %ld", (long)pid);
pmonitor->m_pid = pid;
if (have_agent) {
r = ssh_get_authentication_socket(&auth_sock);
if (r != 0) {
error("Could not get agent socket: %s",
ssh_err(r));
have_agent = 0;
}
}
close(pmonitor->m_recvfd); close(pmonitor->m_recvfd);
close(pmonitor->m_log_sendfd); close(pmonitor->m_log_sendfd);
send_config_state(pmonitor->m_sendfd, &cfg); send_config_state(pmonitor->m_sendfd, &cfg);
@ -884,16 +897,16 @@ privsep_postauth(Authctxt *authctxt)
posix_spawn_file_actions_adddup2(&actions, tmp_sock, STDIN_FILENO) != 0 || posix_spawn_file_actions_adddup2(&actions, tmp_sock, STDIN_FILENO) != 0 ||
posix_spawn_file_actions_adddup2(&actions, tmp_sock, STDOUT_FILENO) != 0 || posix_spawn_file_actions_adddup2(&actions, tmp_sock, STDOUT_FILENO) != 0 ||
posix_spawn_file_actions_adddup2(&actions, pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) != 0) posix_spawn_file_actions_adddup2(&actions, pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) != 0)
error("posix_spawn initialization failed"); fatal("posix_spawn initialization failed");
else {
{
char** argv = privsep_child_cmdline(1); char** argv = privsep_child_cmdline(1);
if (__posix_spawn_asuser(&pmonitor->m_pid, argv[0], &actions, NULL, argv, NULL, authctxt->pw->pw_name) != 0) if (__posix_spawn_asuser(&pmonitor->m_pid, argv[0], &actions, NULL, argv, NULL, authctxt->pw->pw_name) != 0)
error("%s, posix_spawn failed", __func__); fatal("fork of unprivileged child failed");
else
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
posix_spawn_file_actions_destroy(&actions); posix_spawn_file_actions_destroy(&actions);
} }
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
send_config_state(pmonitor->m_sendfd, &cfg); send_config_state(pmonitor->m_sendfd, &cfg);
send_hostkeys_state(pmonitor->m_sendfd); send_hostkeys_state(pmonitor->m_sendfd);
send_idexch_state(pmonitor->m_sendfd); send_idexch_state(pmonitor->m_sendfd);