search for: do_child

Displaying 20 results from an estimated 65 matches for "do_child".

2001 Mar 20
1
Tru64 UNIX SIA in 2.5.2p1 is hosed
Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal
2018 Nov 29
2
Where to implement user limit settings ?
...llo, I'm trying to implement setting of user limits (ulimit) in sshd. I'm not using PAM so I need it in the sshd itself. The task is very simple - just to put one line calling setup_limits(pw); and link with -lshadow. But the problem is, where to put this line. I did it in session.c, in do_child(), like this: #ifdef HAVE_OSF_SIA session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); if (!check_quietlogin(s, command)) do_motd(); #else /* HAVE_OSF_SIA */ /* When PAM is enabled we rely on it to do the nologin check */ if (!options.use_pam...
2002 Sep 04
2
uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)
...k with the other stuff going on). When I last looked at it in > depth I hadn't really gotten a good handle on how privsep worked, so I > figured I was just missing something. > Where exactly *is* the privsep transition made? At what point does the process that eventually runs do_child() get its uid set to the real user? Could the setup_sia() routine be moved out of the do_child() function to an earlier phase before the uid is changed? It appears that if setup_sia() were to be moved out of do_child() that would mean that no pty would be passed to the session unless creation of...
2002 Jan 22
7
AIX reading /etc/environment out of step.
...ith Don about a private topic..and while skimming the code I noticed that during a 'ssh mouring at site ls' the /etc/environment is *ONLY* read if the remote machine is an AIX box. This is undocumented and I'm wondering if someone using AIX could explain WHY it exists in the session.c:do_child()? No other OS has this. I don't see why AIX should require it. Can someone JUSTIFY this to me the fact we are going against our own documentation for a single platform? - Ben
2009 Aug 28
8
[Bug 1637] New: Change the context when starting internal-sftp
https://bugzilla.mindrot.org/show_bug.cgi?id=1637 Summary: Change the context when starting internal-sftp Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org
2023 May 29
1
command [argument ...] in ssh(1): a footgun
...t; > quoting itself. > > The footgun is unrelated to shells. > > The SSH_MSG_CHANNEL_REQUEST protocol message for "exec" (RFC 4254) > channels which are used to run a single remote command contains > exactly one string for the command. > > sshd (see bottom of do_child() in session.c) runs that command string as: > > remote_users_shell -c command I'm aware of that. That's why I said what I said. Sorry, but I don't understand what point you are making. > //Peter
2006 Jan 04
0
ssh and pam-script
...module for PAM that enables execution of given script while pam session opens and/or closes. I try to use it with ssh while logging in and out: it is kind of login and logout scripts. PAM session creation is done in function do_pam_session which is invoked by do_setusercontext which is invoked by do_child. do_child function is invoked after fork. In a child process do_pam_session function sets global variable sshpam_session_open to remember that session was opened. After execution of do_setusercontext and do_pam_session function do_child does something and then invokes bash by execve. So in this mom...
2019 Jan 21
4
[Regression] OpenSSH 7.7p1 no longer tests on NonStop Port
Hi All, I finally got around to trying to test the 7.7p1 release on the HPE NonStop Platform. 7.6p1 worked just fine - no issues at all. In 7.7p1, when the agent test ran, the following happened (prior tests worked perfectly): run test agent.sh ... Couldn't open logfile /home/git/openssh-portable/regress/ssh.log: Permission denied agent fwd failed (exit code 1) failed simple agent test
2001 Aug 07
1
do_pre_login() used before declared
...} + + record_utmp_only(pid, s->tty, s->pw->pw_name, + get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), + (struct sockaddr *)&from); +} +#endif + /* * This is called to fork and execute a command when we have no tty. This * will call do_child from the child, and server_loop from the parent after @@ -621,34 +649,6 @@ /* server_loop _has_ closed ptyfd and fdout. */ } } - -#ifdef LOGIN_NEEDS_UTMPX -void -do_pre_login(Session *s) -{ - socklen_t fromlen; - struct sockaddr_storage from; - pid_t pid =...
2017 Feb 20
3
[Bug 2681] New: postauth processes to log via monitor
...ke to log sftp session commands. Similar way as in the pre-authentication phase, we can log the events in the postauth phase if we know the postauth process will not be able to open its own /dev/log (generally in chroot). How does it work? We are trying to solve this problem on two fronts: - In do_child, we check if the /dev/log is available in the chroot and if not, we "leak the FD" to the internal-sftp process. We also postpone the closefrom() call after the internal-sftp call. - In privsep_postauth(), we have the same check (it could be probably written more nicely) which takes care...
2023 May 29
1
command [argument ...] in ssh(1): a footgun
...e reason that ssh couldn't ever do the > quoting itself. The footgun is unrelated to shells. The SSH_MSG_CHANNEL_REQUEST protocol message for "exec" (RFC 4254) channels which are used to run a single remote command contains exactly one string for the command. sshd (see bottom of do_child() in session.c) runs that command string as: remote_users_shell -c command //Peter
2000 Oct 27
0
Segfault in 2.2.0p1 due to connect() changes in Linux 2.4
...ine 1738: sock = socket(ai->ai_family, SOCK_STREAM, 0); if (sock < 0) { if (errno != EINVAL) { error("socket: %.100s", strerror(errno)); return NULL; } else { debug("Socket family %d not supported [X11 disp create]", ai->ai_family); continue; } } session.c, do_child, line 1219: } else if (options.xauth_location != NULL) { /* Add authority data to .Xauthority if appropriate. */ if (auth_proto != NULL && auth_data != NULL) { char *screen = strchr(display, ':'); The problem seems to be that the socket() function not returning EINVAL (as the...
2001 Nov 15
1
Solaris 2.6: acomp failed for session.c
...and failed with no further hint: cc: acomp failed for session.c make: *** [session.o] Error 2 To work around this I had to add a true prototype: *** session.c.ORIG Sun Sep 16 18:17:15 2001 --- session.c Thu Nov 15 14:45:40 2001 *************** *** 132,137 **** --- 132,140 ---- void do_child(Session *, const char *); void do_motd(void); int check_quietlogin(Session *, const char *); + #ifdef LOGIN_NEEDS_UTMPX + static void do_pre_login(Session *); + #endif static void do_authenticated1(Authctxt *); static void do_authenticated2(Authctxt *); FWIW, -- Rick Troxel...
2002 Apr 22
0
[Bug 101] session.c modifications for correct UNICOS behavior
...0) /* stderr */ perror("dup2 stderr"); #endif /* USE_PIPES */ +#ifdef _CRAY + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif /* _CRAY */ /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ } +#ifdef _CRAY + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _CRAY */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -517,7 +527,12 @@ /* r...
2012 Aug 29
0
PATCH: Log the PID of executed commands
...PID of the network child and the user child sshd processes. This patch adds logging the PID of invoked commands for completeness. diff --git a/session.c b/session.c index f3baea2..dd1d0e8 100644 --- a/session.c +++ b/session.c @@ -579,6 +579,7 @@ do_exec_no_pty(Session *s, const char *command) do_child(s, command); /* NOTREACHED */ default: + verbose("command is on pid %ld", (long)pid); break; } @@ -729,6 +730,7 @@ do_exec_pty(Session *s, const char *command) do_child(s, command); /* NOTREACHED */ default: + verbose("command is on pid %ld", (long)pid);...
2002 Feb 20
11
Call for testing.
Recently we made somemajor changes to do_child() in OpenSSH -current. Those changes included splitting it up into smaller chunks to help with readability and also to extract out IRIX and AIX specific code to reduce the number of lines in our diffs against the OpenSSH tree. I need people to do some testing on different platforms to ensure that...
2002 Feb 04
0
[Bug 101] New: session.c modifications for correct UNICOS behavior
...0], 2) < 0) /* stderr */ perror("dup2 stderr"); #endif /* USE_PIPES */ - +#ifdef _CRAY + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ } +#ifdef _CRAY + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _CRAY */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -586,7 +595,12 @@ /* r...
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that a utmp entry does...
2019 Jan 24
2
[Regression] OpenSSH 7.7p1 no longer tests on NonStop Port
...pty default > FAIL: key option failed default > > trace: key option pty restrict,pty > FAIL: key option failed restrict,pty > > /home/git/openssh-portable/regress: tail -7 failed-sshd.log > debug3: do_exec_no_pty: fork() in child > debug3: send packet: type 99 > debug3: do_child: entering do_child() > debug1: permanently_set_uid: 25603/100 > FAIL: key option failed restrict,pty > debug3: do_child: Shell path=/bin/ksh > > So, better, but this is a new break for us. > > > > > [...] > > > We have a rather large set of changes > >...
2002 Feb 12
1
openssh + pam errors (fwd)
...f (is_pam_password_change_required()) packet_disconnect("Password change required but no " @@ -494,6 +493,9 @@ #endif /* USE_PIPES */ /* Do processing for the child (exec command etc). */ +#if defined(USE_PAM) + do_pam_session(s->pw->pw_name, NULL); +#endif /* USE_PAM */ do_child(s, command); /* NOTREACHED */ } @@ -555,7 +557,6 @@ ttyfd = s->ttyfd; #if defined(USE_PAM) - do_pam_session(s->pw->pw_name, s->tty); do_pam_setcred(1); #endif @@ -580,6 +581,9 @@ /* Close the extra descriptor for the pseudo tty. */ close(ttyfd); +#if defined(USE_PAM)...