From vs@foldr.org  Sun Nov 24 00:36:10 2002
Return-Path: <vs@foldr.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3075937B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 24 Nov 2002 00:36:10 -0800 (PST)
Received: from lambda.foldr.org (lambda.foldr.org [198.78.66.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 61A8343E88
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 24 Nov 2002 00:36:04 -0800 (PST)
	(envelope-from vs@foldr.org)
Received: from theater.foldr.org (pD95099FD.dip.t-dialin.net [217.80.153.253])
	by lambda.foldr.org (8.12.3/8.11.6) with ESMTP id gAO8ZljN028222
	(using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK)
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 24 Nov 2002 09:35:52 +0100 (CET)
	(envelope-from vs@foldr.org)
Received: from monster.theater.foldr.org (monster.theater.foldr.org [IPv6:3ffe:b80:2de:3:2e0:29ff:fe98:abca])
	by theater.foldr.org (8.12.5/8.12.5) with ESMTP id gAO8a2Ba057222
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 24 Nov 2002 09:36:03 +0100 (CET)
	(envelope-from vs@monster.theater.foldr.org)
Received: (from vs@localhost)
	by monster.theater.foldr.org (8.12.6/8.12.6/Submit) id gAO8ZeMs003709;
	Sun, 24 Nov 2002 09:35:40 +0100 (CET)
	(envelope-from vs)
Message-Id: <200211240835.gAO8ZeMs003709@monster.theater.foldr.org>
Date: Sun, 24 Nov 2002 09:35:40 +0100 (CET)
From: Volker Stolz <vs@foldr.org>
Reply-To: Volker Stolz <vs@foldr.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: pam_ssh fails in presence of SIGCHLD handlers
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         45669
>Category:       bin
>Synopsis:       pam_ssh fails in presence of SIGCHLD handlers
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 24 00:40:03 PST 2002
>Closed-Date:    Fri Sep 19 04:33:31 PDT 2003
>Last-Modified:  Fri Sep 19 04:33:31 PDT 2003
>Originator:     Volker Stolz
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Lehrstuhl fr Informatik II
>Environment:
System: FreeBSD monster.theater.foldr.org 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Wed Nov 13 19:42:10 CET 2002 root@monster.ikea.net:/usr/src/sys/i386/compile/MONSTER i386


	
>Description:
The pam_ssh module uses popen() to start an ssh-agent for the user during PAM
authentication. However, pclose() causes the pam-module to return an error if
somebody else already called waitpid(-1,...) because now pclose returns -1
and errno is set to ECHILD (observed with gdm who uses a whole bunch of processes).
>How-To-Repeat:
Install gdm, enable pam_ssh & try to login: You will get a login error an the first
try because the pam_module fails on pclose(). If you try for a second time, now
PAM will reuse the already running ssh-agent and let you in since it doesn't have
to take the popen/pclose path.
>Fix:
Either use signal(SIGCHLD,SIG_DFL) before invoking popen() (tested here, works)
or make the pclose() fail more gracefully when ECHILD is returned. For the latter
case, I'm not sure if this combination of -1/ECHILD can be caused by a real, 
fatal error.

Although the first solution is not bullet proof in cases where other processes are
repeatedly wait()ing, it least provides a viable workaround because as is the case
with gdm they do so in SIGCHLD handlers.

[When debugging/reproducing this, make sure you remove ~/.ssh/agent-* between runs!]
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: johan 
Responsible-Changed-When: Sun Nov 24 04:51:03 PST 2002 
Responsible-Changed-Why:  
Over to PAM maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45669 

From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/45669
Date: Mon, 14 Jul 2003 13:09:34 +0200

 While pam_ssh(8) has been completely rewritten, I believe the new
 version still has a variation on the bug described in the PR.  Please
 test the following patch:
 
 Index: pam_ssh.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/lib/libpam/modules/pam_ssh/pam_ssh.c,v
 retrieving revision 1.38
 diff -u -r1.38 pam_ssh.c
 --- pam_ssh.c   10 Feb 2003 18:59:20 -0000      1.38
 +++ pam_ssh.c   14 Jul 2003 11:09:15 -0000
 @@ -38,6 +38,7 @@
  #include <sys/param.h>
  #include <sys/wait.h>
 
 +#include <errno.h>
  #include <fcntl.h>
  #include <paths.h>
  #include <pwd.h>
 @@ -410,7 +411,7 @@
         }
         openpam_log(PAM_LOG_DEBUG, "killing ssh agent %d", (int)pid);
         if (kill(pid, SIGTERM) =3D=3D -1 ||
 -           waitpid(pid, &status, 0) =3D=3D -1)
 +           (waitpid(pid, &status, 0) =3D=3D -1 && errno !=3D ECHILD))
                 return (PAM_SYSTEM_ERR);
         return (PAM_SUCCESS);
  }
 
 DES
 --=20
 Dag-Erling Sm=F8rgrav - des@des.no
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Fri Sep 19 04:33:30 PDT 2003 
State-Changed-Why:  
Fixed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45669 
>Unformatted:
