commit 54fd7cf2db5327f304825e0f9aaf9af5a490a75f
author Damien Miller <djm@mindrot.org> Mon Sep 17 12:04:08 2007 +1000
committer Damien Miller <djm@mindrot.org> Mon Sep 17 12:04:08 2007 +1000
tree 37d1a37a4ff6a5a7b6e774937ba3703edca7bc1a
parent 1d824ab2e72daf8563f6dc72f4b3638da3b91dce

   - djm@cvs.openbsd.org 2007/09/04 03:21:03
     [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
     [monitor_wrap.c ssh.c]
     make file descriptor passing code return an error rather than call fatal()
     when it encounters problems, and use this to make session multiplexing
     masters survive slaves failing to pass all stdio FDs; ok markus@

monitor_fdpass.c

diff --git a/monitor_fdpass.c b/monitor_fdpass.c
index 9f8e9cd..a572302 100644
--- a/monitor_fdpass.c
+++ b/monitor_fdpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_fdpass.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: monitor_fdpass.c,v 1.13 2007/09/04 03:21:03 djm Exp $ */
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -40,7 +40,7 @@
 #include "log.h"
 #include "monitor_fdpass.h"
 
-void
+int
 mm_send_fd(int sock, int fd)
 {
 #if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
@@ -72,15 +72,21 @@
 	msg.msg_iov = &vec;
 	msg.msg_iovlen = 1;
 
-	if ((n = sendmsg(sock, &msg, 0)) == -1)
-		fatal("%s: sendmsg(%d): %s", __func__, fd,
+	if ((n = sendmsg(sock, &msg, 0)) == -1) {
+		error("%s: sendmsg(%d): %s", __func__, fd,
 		    strerror(errno));
-	if (n != 1)
-		fatal("%s: sendmsg: expected sent 1 got %ld",
+		return -1;
+	}
+
+	if (n != 1) {
+		error("%s: sendmsg: expected sent 1 got %ld",
 		    __func__, (long)n);
+		return -1;
+	}
+	return 0;
 #else
-	fatal("%s: UsePrivilegeSeparation=yes not supported",
-	    __func__);
+	error("%s: file descriptor passing not supported", __func__);
+	return -1;
 #endif
 }
 
@@ -111,29 +117,39 @@
 	msg.msg_controllen = sizeof(tmp);
 #endif
 
-	if ((n = recvmsg(sock, &msg, 0)) == -1)
-		fatal("%s: recvmsg: %s", __func__, strerror(errno));
-	if (n != 1)
-		fatal("%s: recvmsg: expected received 1 got %ld",
+	if ((n = recvmsg(sock, &msg, 0)) == -1) {
+		error("%s: recvmsg: %s", __func__, strerror(errno));
+		return -1;
+	}
+	if (n != 1) {
+		error("%s: recvmsg: expected received 1 got %ld",
 		    __func__, (long)n);
+		return -1;
+	}
 
 #ifdef HAVE_ACCRIGHTS_IN_MSGHDR
-	if (msg.msg_accrightslen != sizeof(fd))
-		fatal("%s: no fd", __func__);
+	if (msg.msg_accrightslen != sizeof(fd)) {
+		error("%s: no fd", __func__);
+		return -1;
+	}
 #else
 	cmsg = CMSG_FIRSTHDR(&msg);
-	if (cmsg == NULL)
-		fatal("%s: no message header", __func__);
+	if (cmsg == NULL) {
+		error("%s: no message header", __func__);
+		return -1;
+	}
 #ifndef BROKEN_CMSG_TYPE
-	if (cmsg->cmsg_type != SCM_RIGHTS)
-		fatal("%s: expected type %d got %d", __func__,
+	if (cmsg->cmsg_type != SCM_RIGHTS) {
+		error("%s: expected type %d got %d", __func__,
 		    SCM_RIGHTS, cmsg->cmsg_type);
+		return -1;
+	}
 #endif
 	fd = (*(int *)CMSG_DATA(cmsg));
 #endif
 	return fd;
 #else
-	fatal("%s: UsePrivilegeSeparation=yes not supported",
-	    __func__);
+	error("%s: file descriptor passing not supported", __func__);
+	return -1;
 #endif
 }