[log.c log.h sshd.c]
make signal handler termination path shorter; risky code pointed out by
mark dowd; ok djm markus
+ - markus@cvs.openbsd.org 2006/08/18 09:15:20
+ [auth.h session.c sshd.c]
+ delay authentication related cleanups until we're authenticated and
+ all alarms have been cancelled; ok deraadt
20060817
- (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
-/* $OpenBSD: auth.h,v 1.57 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth.h,v 1.58 2006/08/18 09:15:20 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
struct Authctxt {
sig_atomic_t success;
+ int authenticated; /* authenticated and alarms cancelled */
int postponed; /* authentication needs another step */
int valid; /* user exists and is allowed to login */
int attempt;
-/* $OpenBSD: session.c,v 1.217 2006/08/04 20:46:05 stevesk Exp $ */
+/* $OpenBSD: session.c,v 1.218 2006/08/18 09:15:20 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
return;
called = 1;
- if (authctxt == NULL)
+ if (authctxt == NULL || !authctxt->authenticated)
return;
#ifdef KRB5
if (options.kerberos_ticket_cleanup &&
-/* $OpenBSD: sshd.c,v 1.346 2006/08/18 09:13:26 deraadt Exp $ */
+/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
*/
alarm(0);
signal(SIGALRM, SIG_DFL);
+ authctxt->authenticated = 1;
if (startup_pipe != -1) {
close(startup_pipe);
startup_pipe = -1;