search for: server_loop2

hello applied the patch described below - unfortunately we still experience rare hangs of the remote sshd. not surprising as the patch only changes a few lines in server_loop() - but not in server_loop2() which i used for non-interactive sessions. process id of hanging sshd: 26110 process is sleeping forever in poll (why does server_loop2() sleep forever?): root at XXX:~# truss -fp 26110 26110: poll(0xFFBEF268, 2, -1) (sleeping...) no child processes are around: root at XXX:~# ps -ef |...

Yes, this is a patch against an older version of OpenSSH with other stuff anyways, BUT, it's so TRIVIAL(*), that you can see how it would apply to newer versions (which I've not tried). Here's the gist: server_loop2() has a race condition with respect to reception of SIGCHLD and checking/setting child_terminated. This patch does two things: wait_until_can_do_something() adds a 1 second timeout to select() IF AND ONLY IF (!channel_still_open) AND, server_loop2() breaks out of its loop when there are no sessions...

When connecting with v1, the server logs a message when I exit my login shell: Closing connection to 130.207.167.32 However, when connecting with v2, it only ever logs: Connection closed by remote host. Tracing through the code, it appears that instead of breaking in serverloop.c:server_loop2() at: if (had_channel && !channel_still_open()) { debug("!channel_still_open."); break; } and returning to sshd.c:main() and logging the nice message, it continues to process_input(), gets a len==0 from the read(), and does: verbose("Connection closed...

...is a rare behaviour we observe about once per week in a ssh intensive environment. the process hangs here: truss: 24453: poll(0xFFBEEF28, 2, -1) (sleeping...) gcore, mdb: libc.so.1`_poll+4(b, 0, 0, ffbeef38, 6fc40, ffbeef28) 0x20710(ffbef084, ffbef080, ffbef07c, ffbef078, 0, 1) server_loop2+0xd4(6a800, 0, 0, ff1e8000, 2151c, 1) do_authenticated+0x80(753b0, 6a400, f90, 1, 2151c, 6d800) main+0xbf4(2f, 6fc00, 6a800, 1ecc, 1, 6dbd0) _start+0x5c(0, 0, 0, 0, 0, 0) the corresponding c sources are: void server_loop2(Authctxt *authctxt) { [ ... ] for (;;) { process_bu...

...#0 0xff19d618 in _poll () from /usr/lib/libc.so.1 #1 0xff14d53c in select () from /usr/lib/libc.so.1 #2 0x000339a0 in wait_until_can_do_something (readsetp=0xffbee5dc, writesetp=0xffbee5d8, maxfdp=0xffbee5d4, nallocp=0xffbee5d0, max_time_milliseconds=0) at serverloop.c:325 #3 0x00034d6c in server_loop2 (authctxt=0x123ac8) at serverloop.c:776 #4 0x0003ae0c in do_authenticated (authctxt=0x123ac8) at session.c:2265 #5 0x0002ea78 in main (ac=1161216, av=0x11f288) at sshd.c:1719 ssh: (gdb) backtrace #0 0xff19d618 in _poll () #1 0xff14d53c in _select () #2 0x3156c in ?? () #3 0x2d048 in ?? ()

...key, file, realname); xfree(file); return success; } diff -ru openssh-3.1p1/serverloop.c openssh-3.1p1-mods/serverloop.c - --- openssh-3.1p1/serverloop.c Thu May 9 12:18:34 2002 +++ openssh-3.1p1-mods/serverloop.c Thu May 9 12:20:03 2002 @@ -734,12 +734,13 @@ } void - -server_loop2(Authctxt *authctxt) +server_loop2(Authctxt *authctxt, const char *realname) { fd_set *readset = NULL, *writeset = NULL; int rekeying = 0, max_fd, nalloc = 0; debug("Entering interactive session for SSH2."); + debug("VIX realname is %s ", realname)...

...} else { -------------------------------------- But as you might recognize, this snipet is from the do_authenticated1() function - which is obviously for ssh protocol 1. I cannot find the ssh protocol 2 counterpart of this code. The do_authenticated2() function simply calls server_loop2(), which does some child care, and I've followed various functions that are called in server_loop2(), and never do I find anything that seems to be checking for a command from the command line of the client and executing it. I'm sure its there, because clearly such functionality works,...

...26 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); (gdb) p connection_closed $1 = 0 (gdb) bt #0 wait_until_can_do_something (readsetp=0x7ffff8e4, writesetp=0x7ffff8e0, maxfdp=0x7ffff8dc, nallocp=0x7ffff8d8, max_time_milliseconds=0) at serverloop.c:326 #1 0x8bfc in server_loop2 (authctxt=0x42f91c) at serverloop.c:771 #2 0x1030f in do_authenticated2 (authctxt=0x42f91c) at session.c:2086 #3 0xcc19 in do_authenticated (authctxt=0x42f91c) at session.c:216 #4 0x2eaa in main (ac=6, av=0x7ffffe28) at sshd.c:1506 (gdb) s at this point the connection this hangs. I do not know...

...(id=0, arg=0x0) at session.c:1795 #8 0x3a040 in channel_input_channel_request (type=98, plen=19, ctxt=0x116898) at channels.c:1974 #9 0x3cae0 in dispatch_run (mode=1, done=0x0, ctxt=0x116898) at dispatch.c:71 #10 0x30e1c in process_buffered_input_packets () at serverloop.c:423 #11 0x314b8 in server_loop2 (authctxt=0xffbef408) at serverloop.c:705 #12 0x348d8 in do_authenticated2 (authctxt=0x1170f0) at session.c:2063 #13 0x31eb4 in do_authenticated (authctxt=0x1170f0) at session.c:199 #14 0x29c68 in do_authentication2 () at auth2.c:134 #15 0x280d4 in main (ac=6, av=0x8) at sshd.c:1204 I do not clai...

...fault encryption algorithm aes128-cbc then we get a Bad Packet length problem on server side. 2) If we run the sshd after setting encryption algorithm to say 3des-cbc or aes192-cbc, then everything works fine except for sftp. When we exit from sftp then it hangs in select() called from server_loop2(). Both the problems are posted on the mailing list and both recur with the latest version of openssh i.e. 3.5p1 with openssl 0.9.6b. Kindly suggest something. We want to fix the problems. Best Regards Manish

...is a patch. 2001-09-28 Paul Eggert <eggert at twinsun.com> * authfile.c (key_perm_ok): Work even if system integer types are 'long', not 'int'. * entropy.c (prng_check_seedfile, prng_write_seedfile, prng_read_seedfile): Likewise. * serverloop.c (server_loop, server_loop2): Likewise. * session.c (session_dump, session_by_pid, session_exit_message, session_close_by_pid, session_have_children, session_close_by_channel): Likewise. * ssh-agent.c, sshd.c (main): Likewise. * sshpty.c (pty_setowner): Likewise. * uidswap.c: (temporarily_use_uid): Lik...

...:51 2000 +++ openssh/session.c Wed Aug 30 12:17:13 2000 @@ -943,6 +943,9 @@ while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); +#ifdef NOLOGINALLOW + if (nologin_allow(pw->pw_name) != 1) +#endif /* NOLOGINALLOW */ exit(254); } } @@ -1858,4 +1861,29 @@ server_loop2(); if (xauthfile) xauthfile_cleanup_proc(NULL); +} + +int +nologin_allow(char *username) +{ + char buf[256], buf2[256]; + FILE *f = NULL; + + /* Appending an "\n" to the username since that's what it'll read like + * in the file. + */ + strcpy(buf2, username)...

...put_channel_req (c=0x110cd8, rtype=0x10f750 "shell") at ../session.c:1780 #9 0x00028790 in server_input_channel_req (type=1111888, seq=13, ctxt=0x10d018) at ../serverloop.c:1021 #10 0x00038930 in dispatch_run (mode=1, done=0x0, ctxt=0x10d018) at ../dispatch.c:93 #11 0x00027f5c in server_loop2 (authctxt=0xff800) at ../serverloop.c:764 #12 0x00028d18 in do_authenticated (authctxt=0x109230) at ../session.c:218 #13 0x0001d84c in main (ac=7868, av=0x6) at ../sshd.c:1536 (gdb) frame 1 #1 0x0003ccb4 in fatal_cleanup () at ../log.c:254 254 (*cu->proc) (cu->context); (...

...tvp = NULL; (gdb) 326 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); (gdb) bt #0 wait_until_can_do_something (readsetp=0x7ffff8e4, writesetp=0x7ffff8e0, maxfdp=0x7ffff8dc, nallocp=0x7ffff8d8, max_time_milliseconds=0) at serverloop.c:326 #1 0x8bfc in server_loop2 (authctxt=0x42f91c) at serverloop.c:771 #2 0x1030f in do_authenticated2 (authctxt=0x42f91c) at session.c:2086 #3 0xcc19 in do_authenticated (authctxt=0x42f91c) at session.c:216 #4 0x2eaa in main (ac=6, av=0x7ffffe28) at sshd.c:1506 (gdb) s

...arg, int &nalloc, max_time_milliseconds); if (received_sigterm) { - logit("Exiting on signal %d", received_sigterm); + logit("Exiting on signal %d", (int)received_sigterm); /* Clean up sessions, utmp, etc. */ cleanup_exit(255); } @@ -858,7 +858,7 @@ server_loop2(Authctxt *authctxt) &nalloc, 0); if (received_sigterm) { - logit("Exiting on signal %d", received_sigterm); + logit("Exiting on signal %d", (int)received_sigterm); /* Clean up sessions, utmp, etc. */ cleanup_exit(255); -- Brightest day, Blackest nigh...

...ession.c function: child_set_env At line 962: if (*envp == NULL && *envsizep == 0) Is it possible that *envp == NULL while *envsizep != 0? If it is feasible, null pointer dereference would occur At line 975: for (i = 0; env[i]; i++) env is null. 3. Null Pointer file: serverloop.c function: server_loop2 At line 853: rekeying = (xxx_kex != NULL && !xxx_kex->done); xxx_key may be null. At line 871: xxx_kex->done = 0; directly use xxx_key. 4. Null Pointer file: sftp.c function: parse_args At line 1143: for (i = 0; cmds[i].c != NULL; i++) { Could this loop breaks when cmds[i].c is null...

...processes attached to that pty. The problem can be reproduced by connecting to the localhost host via ssh using protocol version 2, and then killing the ssh client with a SIGKILL. The sshd server notices the connection closing and exits, but does not update /etc/utmp. I believe the problem is in server_loop2() in serverloop.c. When the ssh connection is terminated abruptly, one falls out of the input processing loop and tries to clean up. There is a loop that "wait"s for child processes to die, and terminates the associated sessions. Unfortuately, the "wait" uses the WNOHANG flag...

http://bugzilla.mindrot.org/show_bug.cgi?id=1029 Summary: SIGTERM and cleanup of wtmp files Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: senthilkumar_sen

I have just published a pre-alfa of a patch that has the goal to make OpenSSH aware with PMI. Reference site : http://nutmay.sourceforge.net -- Vincenzo Sciarra

...x0, 0x0, 0x0, 0x4, 0xeb, 0x145918), at 0x41ac8 [9] channel_input_channel_request(0x62, 0x19, 0x145498, 0x0, 0x0, 0x0), at 0x4e9a0 [10] dispatch_run(0x1, 0x0, 0x145498, 0x147348, 0x21a54, 0x3bb78), at 0x53790 [11] 0x3c2c4(0x147348, 0x147348, 0xffbef160, 0xffbef158, 0x0, 0x0), at 0x3c2c3 [12] server_loop2(0x1456a8, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x3cc54 [13] 0x4284c(0x1456a8, 0x0, 0x0, 0x0, 0x21b6c, 0x3de34), at 0x4284b [14] do_authenticated(0x1456a8, 0x1456a8, 0x1456a8, 0x80, 0x8, 0x5e27c), at 0x3de90 [15] do_authentication2(0x109df0, 0x8, 0xd144, 0x8, 0x2152c, 0x2c38c), at 0x2eef0 [16] main(...