diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-05-24 11:53:42 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-05-24 11:53:42 +1000 |
| commit | f148bb848fefa905b3e6d24957d7f33c27161f40 (patch) | |
| tree | c99d1d60accd1a5a5522b69ec19d54c9a4411627 | |
| parent | c4b99d4ec2e7f410588a559dc79dbc9d8e62a890 (diff) | |
- (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
is terminated if the privsep slave exits during keyboard-interactive
authentication. ok djm@
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | auth-pam.c | 13 |
2 files changed, 16 insertions, 4 deletions
@@ -1,3 +1,8 @@ +20040524 + - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread" + is terminated if the privsep slave exits during keyboard-interactive + authentication. ok djm@ + 20040513 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in libresolv, fixes problems detecting it on some platforms @@ -994,4 +999,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3316.2.4 2004/05/13 01:56:40 dtucker Exp $ +$Id: ChangeLog,v 1.3316.2.5 2004/05/24 01:53:42 dtucker Exp $ @@ -31,7 +31,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.100 2004/04/18 01:00:26 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.100.2.1 2004/05/24 01:53:42 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -93,10 +93,17 @@ static mysig_t sshpam_oldsig; static void sshpam_sigchld_handler(int sig) { + signal(SIGCHLD, SIG_DFL); if (cleanup_ctxt == NULL) return; /* handler called after PAM cleanup, shouldn't happen */ - if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1) - return; /* couldn't wait for process */ + if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG) + == -1) { + /* PAM thread has not exitted, privsep slave must have */ + kill(cleanup_ctxt->pam_thread, SIGTERM); + if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) + == -1) + return; /* could not wait */ + } if (WIFSIGNALED(sshpam_thread_status) && WTERMSIG(sshpam_thread_status) == SIGTERM) return; /* terminated by pthread_cancel */ |