Nick Lane-Smith
2005-Mar-16 00:52 UTC
openssh-3.8.1p1, with pthreads enabled, hung in pthread_join.
I connect to my OpenSSH 3.8.1p1 server and when the password dialog shoes up I wait a min or so, long enough for the "Timeout before authentication for %s" alarm to trigger. If at that point I enter my password ssh will just sit there: debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64) And the sshd will be in this state: Attaching to program: `/private/tmp/OpenSSH.roots/OpenSSH~obj/sshd', process 26589. Reading symbols for shared libraries ...................... done 0x9002cf88 in semaphore_wait_trap () (gdb) bt #0 0x9002cf88 in semaphore_wait_trap () #1 0x9006153c in pthread_join () #2 0x00028a50 in sshpam_thread_cleanup () at /tmp/OpenSSH.roots/OpenSSH/openssh/auth-pam.c:417 #3 0x00017110 in do_cleanup (authctxt=0x4034e0) at /tmp/OpenSSH.roots/OpenSSH/openssh/session.c:2273 #4 0x00007044 in cleanup_exit (i=255) at /tmp/OpenSSH.roots/OpenSSH/openssh/sshd.c:1923 #5 0x00035bb0 in fatal (fmt=0x547d0 "Timeout before authentication for %s") at /tmp/OpenSSH.roots/OpenSSH/openssh/fatal.c:40 #6 0x00002d40 in grace_alarm_handler (sig=14) at /tmp/OpenSSH.roots/OpenSSH/openssh/sshd.c:320 #7 <signal handler called> #8 0x90013bc8 in read () #9 0x0002b5ec in atomicio (f=0x90013bc0 <read>, fd=6, _s=0xbfffef60, n=4) at /tmp/OpenSSH.roots/OpenSSH/openssh/atomicio.c:45 #10 0x00020744 in mm_request_receive (socket=6, m=0xbfffefc0) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor_wrap.c:110 #11 0x0001c290 in monitor_read (pmonitor=0x403540, ent=0x633c4, pent=0xbffff030) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor.c:446 #12 0x0001bda8 in monitor_child_preauth (_authctxt=0x4034e0, pmonitor=0x403540) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor.c:343 #13 0x000039dc in privsep_preauth (authctxt=0x4034e0) at /tmp/OpenSSH.roots/OpenSSH/openssh/sshd.c:607 #14 0x000061c0 in main (ac=3, av=0x400f10) at /tmp/OpenSSH.roots/OpenSSH/openssh/sshd.c:1544 (gdb) info threads 2 process 26589 thread 0x1103 0x90013bcc in read () * 1 process 26589 thread 0x203 0x9002cf88 in semaphore_wait_trap () (gdb) thread 2 [Switching to thread 2 (process 26589 thread 0x1103)] #0 0x90013bcc in read () (gdb) bt #0 0x90013bcc in read () #1 0x0002b5ec in atomicio (f=0x90013bc0 <read>, fd=8, _s=0xf0080ac0, n=4) at /tmp/OpenSSH.roots/OpenSSH/openssh/atomicio.c:45 #2 0x000491fc in ssh_msg_recv (fd=8, m=0xf0080b20) at /tmp/OpenSSH.roots/OpenSSH/openssh/msg.c:63 #3 0x00028514 in sshpam_thread_conv (n=1, msg=0xf0080bb4, resp=0xf0080bb8, data=0x403830) at /tmp/OpenSSH.roots/OpenSSH/openssh/auth-pam.c:272 #4 0x96798918 in _pam_system_log () #5 0x967989f4 in pam_get_pass () #6 0x0018a930 in pam_sm_authenticate () #7 0x967961c4 in pam_fail_delay () #8 0x96796514 in _pam_dispatch () #9 0x96797c40 in pam_authenticate () #10 0x00028880 in sshpam_thread (ctxtp=0x403830) at /tmp/OpenSSH.roots/OpenSSH/openssh/auth-pam.c:354 #11 0x9002c7f4 in _pthread_body () Thread two will just sit there in read while thread one waits for thread two to exit. If i attempt this with privilege separation turned on the lowered privilege process will exit and become a zombie, as the original process never exits. Shouldn't the sshpam/read thread have an alarm set so if the authentication times out it will exit cleanly? -Nick
Darren Tucker
2005-Mar-16 02:55 UTC
openssh-3.8.1p1, with pthreads enabled, hung in pthread_join.
First, if you're building with USE_POSIX_THREADS then that's an unsupported configuration. Nick Lane-Smith wrote:> I connect to my OpenSSH 3.8.1p1 server and when the password dialog > shoes up I wait a min or so, long enough for the "Timeout before > authentication for %s" alarm to trigger. If at that point I enter my > password ssh will just sit there: > > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: > debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64) > > And the sshd will be in this state: > > Attaching to program: `/private/tmp/OpenSSH.roots/OpenSSH~obj/sshd', > process 26589. > Reading symbols for shared libraries ...................... done > 0x9002cf88 in semaphore_wait_trap () > (gdb) bt > #0 0x9002cf88 in semaphore_wait_trap () > #1 0x9006153c in pthread_join () > #2 0x00028a50 in sshpam_thread_cleanup () at > /tmp/OpenSSH.roots/OpenSSH/openssh/auth-pam.c:417That line is immediately preceded by: pthread_cancel(ctxt->pam_thread); Maybe pthread_cancel doesn't interrupt the read() syscall? I don't know anything about your thread implementation.> Shouldn't the sshpam/read thread have an alarm set so if the > authentication times out it will exit cleanly?It shouldn't be necessary (and it's a potential source of races). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Reasonably Related Threads
- OpenSSH v6.7 & NumberOfPasswordPrompts Option ...
- chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
- chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
- OpenSSH v6.7 & NumberOfPasswordPrompts Option ...
- Problems using sftp on HMC IBM system