propagate PAM crashes to PerSourcePenalties
If the PAM subprocess crashes, exit with a crash status that will be picked up by the sshd(8) listener process where it can be used by PerSourcePenalties to block the client. This is similar handling to the privsep preauth process.
This commit is contained in:
Damien Miller
parent
1c207f456a
commit
b00331402f
15
auth-pam.c
15
auth-pam.c
|
|
@ -100,6 +100,7 @@
|
|||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "srclimit.h"
|
||||
|
||||
extern ServerOptions options;
|
||||
extern struct sshbuf *loginmsg;
|
||||
|
|
@ -166,13 +167,13 @@ sshpam_sigchld_handler(int sig)
|
|||
return;
|
||||
}
|
||||
}
|
||||
if (WIFSIGNALED(sshpam_thread_status) &&
|
||||
WTERMSIG(sshpam_thread_status) == SIGTERM)
|
||||
return; /* terminated by pthread_cancel */
|
||||
if (!WIFEXITED(sshpam_thread_status))
|
||||
sigdie("PAM: authentication thread exited unexpectedly");
|
||||
if (WEXITSTATUS(sshpam_thread_status) != 0)
|
||||
sigdie("PAM: authentication thread exited uncleanly");
|
||||
if (sshpam_thread_status == -1)
|
||||
return;
|
||||
if (WIFSIGNALED(sshpam_thread_status)) {
|
||||
if (signal_is_crash(WTERMSIG(sshpam_thread_status)))
|
||||
_exit(EXIT_CHILD_CRASH);
|
||||
} else if (!WIFEXITED(sshpam_thread_status))
|
||||
_exit(EXIT_CHILD_CRASH);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
|
|
|
|||
Loading…
Reference in New Issue