- (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
is terminated if the privsep slave exits during keyboard-interactive
authentication. ok djm@
diff --git a/ChangeLog b/ChangeLog
index 9ce0adb..bc6b40d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,9 +12,9 @@
add prototypes for -Wall; ok djm
- djm@cvs.openbsd.org 2004/05/21 11:33:11
[channels.c channels.h clientloop.c serverloop.c ssh.1]
- bz #756: add support for the cancel-tcpip-forward request for the server and
- the client (through the ~C commandline). reported by z3p AT twistedmatrix.com;
- ok markus@
+ bz #756: add support for the cancel-tcpip-forward request for the server
+ and the client (through the ~C commandline). reported by z3p AT
+ twistedmatrix.com; ok markus@
- djm@cvs.openbsd.org 2004/05/22 06:32:12
[clientloop.c ssh.1]
use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
@@ -22,8 +22,12 @@
[ssh.1]
kill whitespace at eol;
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
- [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
+ [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config
+ sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
+ - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
+ is terminated if the privsep slave exits during keyboard-interactive
+ authentication. ok djm@
20040523
- (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
@@ -1153,4 +1157,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3365 2004/05/24 00:36:23 dtucker Exp $
+$Id: ChangeLog,v 1.3366 2004/05/24 01:55:36 dtucker Exp $
diff --git a/auth-pam.c b/auth-pam.c
index faa0b90..833c850 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,7 +31,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.101 2004/05/13 07:29:35 dtucker Exp $");
+RCSID("$Id: auth-pam.c,v 1.102 2004/05/24 01:55:36 dtucker Exp $");
#ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -93,10 +93,17 @@
static void
sshpam_sigchld_handler(int sig)
{
+ signal(SIGCHLD, SIG_DFL);
if (cleanup_ctxt == NULL)
return; /* handler called after PAM cleanup, shouldn't happen */
- if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1)
- return; /* couldn't wait for process */
+ if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
+ == -1) {
+ /* PAM thread has not exitted, privsep slave must have */
+ kill(cleanup_ctxt->pam_thread, SIGTERM);
+ if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
+ == -1)
+ return; /* could not wait */
+ }
if (WIFSIGNALED(sshpam_thread_status) &&
WTERMSIG(sshpam_thread_status) == SIGTERM)
return; /* terminated by pthread_cancel */