search for: fatal_add_cleanup

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

...see, that session_pty_cleanup() is not being called. As far as I understood the code in session.c:session_pty_req() /* * Add a cleanup function to clear the utmp entry and record logout * time in case we call fatal() (e.g., the connection gets closed). */ fatal_add_cleanup(session_pty_cleanup, (void *)s); should make sure, that the utmp entry is cleared, but it obviously doesn't work as I expected from that statement. Best regards, Lutz ----- Forwarded message from Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE> ----- Delivered-To: openssh-unix-dev-l...

http://bugzilla.mindrot.org/show_bug.cgi?id=771 openssh at faxm0dem.org changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|openssh-bugs at mindrot.org |bitbucket at mindrot.org ------- Comment #5 from openssh at faxm0dem.org 2006-04-13 01:12 ------- There is a patch that

...G_LEVEL_FATAL, fmt, args); - va_end(args); - if (nonfatal_fatal) + if (nonfatal_fatal) { + fatal_cleanup_called = 0; longjmp(kexjmp, -1); - else - fatal_cleanup(); + } } static void @@ -777,6 +778,7 @@ usage(); log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1); + fatal_add_cleanup(fatal_callback, NULL); maxfd = fdlim_get(1); if (maxfd < 0) --- log.c.orig Tue Feb 26 12:52:15 2002 +++ log.c Wed Mar 20 21:13:04 2002 @@ -216,15 +216,16 @@ } /* Cleanup and exit */ +int fatal_cleanup_called = 0; void fatal_cleanup(void) { struct fatal_cleanup *cu, *next_cu; - sta...

...X11 dir: mkdtemp %s failed: %s", + xauthfile, strerror(errno)); + xfree(xauthfile); + xauthfile = NULL; + } else { + strlcat(xauthfile, "/cookies", MAXPATHLEN); + fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd >= 0) + close(fd); + restore_uid(); + fatal_add_cleanup((void (*) (void *)) xauthfile_cleanup_proc, s->pw); + } + } + return 1; } @@ -2074,4 +2124,6 @@ do_authenticated2(Authctxt *authctxt) { server_loop2(authctxt); + if (xauthfile) + xauthfile_cleanup_proc(authctxt->pw); }

...log the "connection closing" message. I don't understand the protocol well enough to know if there was a better way to have it handle the situation so that it actually does return to main. So, I did this: - added a routine log_connect_close() and pushed this with fatal_add_cleanup() to run on fatal_cleanup() - saved hostname, ipaddr, and port in global vars There's almost certainly a better way to do this, though. The attached patch is made against the openssh-SNAP-20000823 source. -- Will Day <PGP mail preferred> OIT / O&E / Technical Suppor...

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

...ifndef DISABLE_PRIVSEP if (!use_privsep) +#endif /* DISABLE_PRIVSEP */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, get_remote_name_or_ip(utmp_len, options.use_dns), @@ -1668,7 +1670,9 @@ * time in case we call fatal() (e.g., the connection gets closed). */ fatal_add_cleanup(session_pty_cleanup, (void *)s); +#ifndef DISABLE_PRIVSEP if (!use_privsep) +#endif /* DISABLE_PRIVSEP */ pty_setowner(s->pw, s->tty); /* Set window size from the packet. */ diff -adurN openssh-3.7.1p2.privsep/sshd.c openssh-3.7.1p2/sshd.c --- openssh-3.7.1p2.privsep/sshd.c Tue Sep...

...quot;Please separate options T and v from any other options."); + goto triple_break; + } } - if (timeout <= 0) - usage(); +double_break: + argno++; } +triple_break: if (argc <= argno) usage(); + log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1); + fatal_add_cleanup(fatal_callback, NULL); + maxfd = fdlim_get(1); if (maxfd < 0) fatal("%s: fdlim_get: bad value", __progname); @@ -603,6 +780,9 @@ fdcon = xmalloc(maxfd * sizeof(con)); memset(fdcon, 0, maxfd * sizeof(con)); + init_rng(); + seed_rng(); + read_wait_size = howmany(maxfd, NFD...

...r[0] == ''-'' || user[0] == ''+'' || user[0] == ''@'' || - !login_permitted(user, pw)) + !login_permitted(user, pw) +#ifdef HAVE_PAM + || ((retval=pam_start("ssh", pw->pw_name, &conv, (pam_handle_t **)&pamh)), + (fatal_add_cleanup (&pam_cleanup_proc, NULL)), + (origretval = retval), (retval != PAM_SUCCESS)) +#endif /* HAVE_PAM */ + ) do_authentication_fail_loop(); /* Take a copy of the returned structure. */ @@ -2189,6 +2262,7 @@ debug("Attempting authentication for %.100s.", use...

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

..._client.store.filename); + unlink(gssapi_client.store.filename); + } +} + +/* As user */ +void +ssh_gssapi_storecreds(void) +{ + if (gssapi_client.mech && gssapi_client.mech->storecreds) { + (*gssapi_client.mech->storecreds)(&gssapi_client); + if (options.gss_cleanup_creds) + fatal_add_cleanup(ssh_gssapi_cleanup_creds, NULL); + } else + debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism"); +} + +/* This allows GSSAPI methods to do things to the childs environment based + * on the passed authentication process and credentials. + */ +/* As user */ +void +ssh_gssapi_do_child(ch...