rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

- sftp works in deviceless chroot again (broken from 5.5p1-3)

Browse Source
This commit is contained in:
Jan F. Chadima 2010-06-23 13:53:38 +00:00
parent 59d42d3dc6
commit 411b917379
2 changed files with 113 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
openssh-5.5p1-stderr.patch
View File

@ -1,6 +1,45 @@
diff -up openssh-5.5p1/channels.c.stderr openssh-5.5p1/channels.c
--- openssh-5.5p1/channels.c.stderr 2010-06-23 15:20:30.000000000 +0200
+++ openssh-5.5p1/channels.c 2010-06-23 15:23:06.000000000 +0200
@@ -838,8 +838,9 @@ channel_pre_open(Channel *c, fd_set *rea
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
buffer_len(&c->extended) > 0)
FD_SET(c->efd, writeset);
- else if (!(c->flags & CHAN_EOF_SENT) &&
- c->extended_usage == CHAN_EXTENDED_READ &&
+ else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) &&
+ (c->extended_usage == CHAN_EXTENDED_READ ||
+ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
buffer_len(&c->extended) < c->remote_window)
FD_SET(c->efd, readset);
}
@@ -1759,7 +1760,9 @@ channel_handle_efd(Channel *c, fd_set *r
buffer_consume(&c->extended, len);
c->local_consumed += len;
}
- } else if (c->extended_usage == CHAN_EXTENDED_READ &&
+ } else if (c->efd != -1 &&
+ (c->extended_usage == CHAN_EXTENDED_READ ||
+ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
(c->detach_close || FD_ISSET(c->efd, readset))) {
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
@@ -1772,7 +1775,11 @@ channel_handle_efd(Channel *c, fd_set *r
c->self, c->efd);
channel_close_fd(&c->efd);
} else {
- buffer_append(&c->extended, buf, len);
+ if (c->extended_usage == CHAN_EXTENDED_IGNORE) {
+ debug3("channel %d: discard efd",
+ c->self);
+ } else
+ buffer_append(&c->extended, buf, len);
}
}
}
diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
--- openssh-5.5p1/session.c.stderr 2010-04-26 10:35:35.000000000 +0200 --- openssh-5.5p1/session.c.stderr 2010-06-23 15:20:29.000000000 +0200
+++ openssh-5.5p1/session.c 2010-04-26 10:41:11.000000000 +0200 +++ openssh-5.5p1/session.c 2010-06-23 15:23:55.000000000 +0200
@@ -47,6 +47,7 @@ @@ -47,6 +47,7 @@
#include <arpa/inet.h> #include <arpa/inet.h>
@ -9,7 +48,21 @@ diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
#include <grp.h> #include <grp.h>
#ifdef HAVE_PATHS_H #ifdef HAVE_PATHS_H
#include <paths.h> #include <paths.h>
@@ -447,6 +448,9 @@ do_exec_no_pty(Session *s, const char *c @@ -104,7 +105,7 @@
/* func */
Session *session_new(void);
-void session_set_fds(Session *, int, int, int, int);
+void session_set_fds(Session *, int, int, int, int, int);
void session_pty_cleanup(Session *);
void session_proctitle(Session *);
int session_setup_x11fwd(Session *);
@@ -443,10 +444,14 @@ int
do_exec_no_pty(Session *s, const char *command)
{
pid_t pid;
+ int ignore_fderr = 0;
#ifdef USE_PIPES #ifdef USE_PIPES
int pin[2], pout[2], perr[2]; int pin[2], pout[2], perr[2];
@ -19,39 +72,21 @@ diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
/* Allocate pipes for communicating with the program. */ /* Allocate pipes for communicating with the program. */
if (pipe(pin) < 0) { if (pipe(pin) < 0) {
error("%s: pipe in: %.100s", __func__, strerror(errno)); error("%s: pipe in: %.100s", __func__, strerror(errno));
@@ -458,33 +462,59 @@ do_exec_no_pty(Session *s, const char *c @@ -459,32 +464,38 @@ do_exec_no_pty(Session *s, const char *c
close(pin[1]);
return -1; return -1;
} }
- if (pipe(perr) < 0) { if (pipe(perr) < 0) {
- error("%s: pipe err: %.100s", __func__, strerror(errno)); - error("%s: pipe err: %.100s", __func__, strerror(errno));
- close(pin[0]);
- close(pin[1]);
- close(pout[0]);
- close(pout[1]);
- return -1;
+ if (s->is_subsystem) {
+ if ((perr[1] = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
+ error("%s: open(%s): %s", __func__, _PATH_DEVNULL,
+ strerror(errno));
+ close(pin[0]);
+ close(pin[1]);
+ close(pout[0]);
+ close(pout[1]);
+ return -1;
+ }
+ perr[0] = -1;
+ } else {
+ if (pipe(perr) < 0) {
+ error("%s: pipe err: %.100s", __func__, + error("%s: pipe err: %.100s", __func__,
+ strerror(errno)); + strerror(errno));
+ close(pin[0]); close(pin[0]);
+ close(pin[1]); close(pin[1]);
+ close(pout[0]); close(pout[0]);
+ close(pout[1]); close(pout[1]);
+ return -1; return -1;
+ }
} }
+ if (s->is_subsystem)
+ ignore_fderr = 1;
#else #else
int inout[2], err[2]; int inout[2], err[2];
@ -63,29 +98,16 @@ diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
error("%s: socketpair #1: %.100s", __func__, strerror(errno)); error("%s: socketpair #1: %.100s", __func__, strerror(errno));
return -1; return -1;
} }
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
- error("%s: socketpair #2: %.100s", __func__, strerror(errno)); - error("%s: socketpair #2: %.100s", __func__, strerror(errno));
- close(inout[0]);
- close(inout[1]);
- return -1;
+ if (s->is_subsystem) {
+ if ((err[0] = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
+ error("%s: open(%s): %s", __func__, _PATH_DEVNULL,
+ strerror(errno));
+ close(inout[0]);
+ close(inout[1]);
+ return -1;
+ }
+ err[1] = -1;
+ } else {
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
+ error("%s: socketpair #2: %.100s", __func__, + error("%s: socketpair #2: %.100s", __func__,
+ strerror(errno)); + strerror(errno));
+ close(inout[0]); close(inout[0]);
+ close(inout[1]); close(inout[1]);
+ return -1; return -1;
+ }
} }
+ if (s->is_subsystem)
+ ignore_fderr = 1;
#endif #endif
- if (s == NULL) - if (s == NULL)
@ -94,45 +116,7 @@ diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
session_proctitle(s); session_proctitle(s);
/* Fork the child. */ /* Fork the child. */
@@ -496,13 +526,15 @@ do_exec_no_pty(Session *s, const char *c @@ -595,11 +606,7 @@ do_exec_no_pty(Session *s, const char *c
close(pin[1]);
close(pout[0]);
close(pout[1]);
- close(perr[0]);
+ if (perr[0] != -1)
+ close(perr[0]);
close(perr[1]);
#else
close(inout[0]);
close(inout[1]);
close(err[0]);
- close(err[1]);
+ if (err[1] != -1)
+ close(err[1]);
#endif
return -1;
case 0:
@@ -536,7 +568,8 @@ do_exec_no_pty(Session *s, const char *c
close(pout[1]);
/* Redirect stderr. */
- close(perr[0]);
+ if (perr[0] != -1)
+ close(perr[0]);
if (dup2(perr[1], 2) < 0)
perror("dup2 stderr");
close(perr[1]);
@@ -547,7 +580,8 @@ do_exec_no_pty(Session *s, const char *c
* seem to depend on it.
*/
close(inout[1]);
- close(err[1]);
+ if (err[1] != -1)
+ close(err[1]);
if (dup2(inout[0], 0) < 0) /* stdin */
perror("dup2 stdin");
if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */
@@ -595,10 +629,6 @@ do_exec_no_pty(Session *s, const char *c
close(perr[1]); close(perr[1]);
if (compat20) { if (compat20) {
@ -140,10 +124,12 @@ diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
- close(perr[0]); - close(perr[0]);
- perr[0] = -1; - perr[0] = -1;
- } - }
session_set_fds(s, pin[1], pout[0], perr[0], 0); - session_set_fds(s, pin[1], pout[0], perr[0], 0);
+ session_set_fds(s, pin[1], pout[0], perr[0], ignore_fderr, 0);
} else { } else {
/* Enter the interactive session. */ /* Enter the interactive session. */
@@ -615,10 +645,7 @@ do_exec_no_pty(Session *s, const char *c server_loop(pid, pin[1], pout[0], perr[0]);
@@ -615,10 +622,7 @@ do_exec_no_pty(Session *s, const char *c
* handle the case that fdin and fdout are the same. * handle the case that fdin and fdout are the same.
*/ */
if (compat20) { if (compat20) {
@ -151,7 +137,35 @@ diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
- s->is_subsystem ? -1 : err[1], 0); - s->is_subsystem ? -1 : err[1], 0);
- if (s->is_subsystem) - if (s->is_subsystem)
- close(err[1]); - close(err[1]);
+ session_set_fds(s, inout[1], inout[1], err[1], 0); + session_set_fds(s, inout[1], inout[1], err[1], ignore_fderr, 0);
} else { } else {
server_loop(pid, inout[1], inout[1], err[1]); server_loop(pid, inout[1], inout[1], err[1]);
/* server_loop has closed inout[1] and err[1]. */ /* server_loop has closed inout[1] and err[1]. */
@@ -740,7 +744,7 @@ do_exec_pty(Session *s, const char *comm
s->ptymaster = ptymaster;
packet_set_interactive(1);
if (compat20) {
- session_set_fds(s, ptyfd, fdout, -1, 1);
+ session_set_fds(s, ptyfd, fdout, -1, 1, 1);
} else {
server_loop(pid, ptyfd, fdout, -1);
/* server_loop _has_ closed ptyfd and fdout. */
@@ -2321,7 +2325,8 @@ session_input_channel_req(Channel *c, co
}
void
-session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty)
+session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
+ int is_tty)
{
if (!compat20)
fatal("session_set_fds: called for proto != 2.0");
@@ -2333,7 +2338,7 @@ session_set_fds(Session *s, int fdin, in
fatal("no channel for session %d", s->self);
channel_set_fds(s->chanid,
fdout, fdin, fderr,
- fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
}

5
openssh.spec
View File

@ -70,7 +70,7 @@
%endif %endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_rel 13 %define openssh_rel 14
%define openssh_ver 5.5p1 %define openssh_ver 5.5p1
%define pam_ssh_agent_rel 26 %define pam_ssh_agent_rel 26
%define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_ver 0.9.2
@ -584,6 +584,9 @@ fi
%endif %endif
%changelog %changelog
* Wed Jun 23 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-14 + 0.9.2-26
- sftp works in deviceless chroot again (broken from 5.5p1-3)
* Tue Jun 8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-13 + 0.9.2-26 * Tue Jun 8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-13 + 0.9.2-26
- add option to switch out krb5_kuserok - add option to switch out krb5_kuserok