|
 |
ca1eb8 |
From 60f868ac16c4678d60f17d62fa3b47534d4d07cb Mon Sep 17 00:00:00 2001
|
|
|
96eb28 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
96eb28 |
Date: Mon, 28 May 2018 21:41:49 +0200
|
|
|
96eb28 |
Subject: [PATCH] SSH: Do not exit abruptly if SSHD closes its end of the pipe
|
|
|
96eb28 |
before reading all the SSH keys
|
|
|
96eb28 |
MIME-Version: 1.0
|
|
|
96eb28 |
Content-Type: text/plain; charset=UTF-8
|
|
|
96eb28 |
Content-Transfer-Encoding: 8bit
|
|
|
96eb28 |
|
|
|
96eb28 |
Resolves:
|
|
|
96eb28 |
https://pagure.io/SSSD/sssd/issue/3747
|
|
|
96eb28 |
|
|
|
96eb28 |
Before writing the keys to sshd, ignore SIGPIPE so that if the pipe
|
|
|
96eb28 |
towards the authorizedkeys helper is closed, the sss_ssh_authorizedkeys
|
|
|
96eb28 |
helper is not terminated with SIGPIPE, but instead proceeds and then the
|
|
|
96eb28 |
write(2) calls would non-terminally fail with EPIPE.
|
|
|
96eb28 |
|
|
|
96eb28 |
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
|
|
|
96eb28 |
(cherry picked from commit cb138d7d060611e891d341db08477e41f9a3d17d)
|
|
|
96eb28 |
---
|
|
|
ca1eb8 |
src/sss_client/ssh/sss_ssh_authorizedkeys.c | 35 ++++++++++++++++++++-
|
|
|
96eb28 |
1 file changed, 34 insertions(+), 1 deletion(-)
|
|
|
96eb28 |
|
|
|
96eb28 |
diff --git a/src/sss_client/ssh/sss_ssh_authorizedkeys.c b/src/sss_client/ssh/sss_ssh_authorizedkeys.c
|
|
|
96eb28 |
index 782a9f44379bff5346c896b3e03570720632c0be..b0280fbf8b0ed0501d792973241b826fc4a7a04d 100644
|
|
|
96eb28 |
--- a/src/sss_client/ssh/sss_ssh_authorizedkeys.c
|
|
|
96eb28 |
+++ b/src/sss_client/ssh/sss_ssh_authorizedkeys.c
|
|
|
96eb28 |
@@ -21,6 +21,7 @@
|
|
|
96eb28 |
#include <stdio.h>
|
|
|
96eb28 |
#include <talloc.h>
|
|
|
96eb28 |
#include <popt.h>
|
|
|
96eb28 |
+#include <signal.h>
|
|
|
96eb28 |
|
|
|
96eb28 |
#include "util/util.h"
|
|
|
96eb28 |
#include "util/crypto/sss_crypto.h"
|
|
|
96eb28 |
@@ -99,8 +100,16 @@ int main(int argc, const char **argv)
|
|
|
96eb28 |
goto fini;
|
|
|
96eb28 |
}
|
|
|
96eb28 |
|
|
|
96eb28 |
+ /* if sshd closes its end of the pipe, we don't want sss_ssh_authorizedkeys
|
|
|
96eb28 |
+ * to exit abruptly, but to finish gracefully instead because the valid
|
|
|
96eb28 |
+ * key can be present in the data already written
|
|
|
96eb28 |
+ */
|
|
|
96eb28 |
+ signal(SIGPIPE, SIG_IGN);
|
|
|
96eb28 |
+
|
|
|
96eb28 |
/* print results */
|
|
|
96eb28 |
for (i = 0; i < ent->num_pubkeys; i++) {
|
|
|
96eb28 |
+ char *repr_break = NULL;
|
|
|
96eb28 |
+
|
|
|
96eb28 |
ret = sss_ssh_format_pubkey(mem_ctx, &ent->pubkeys[i], &repr);
|
|
|
96eb28 |
if (ret != EOK) {
|
|
|
96eb28 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
96eb28 |
@@ -109,7 +118,31 @@ int main(int argc, const char **argv)
|
|
|
96eb28 |
continue;
|
|
|
96eb28 |
}
|
|
|
96eb28 |
|
|
|
96eb28 |
- printf("%s\n", repr);
|
|
|
96eb28 |
+ /* OpenSSH expects a linebreak after each key */
|
|
|
96eb28 |
+ repr_break = talloc_asprintf(mem_ctx, "%s\n", repr);
|
|
|
96eb28 |
+ talloc_zfree(repr);
|
|
|
96eb28 |
+ if (repr_break == NULL) {
|
|
|
96eb28 |
+ ret = ENOMEM;
|
|
|
96eb28 |
+ goto fini;
|
|
|
96eb28 |
+ }
|
|
|
96eb28 |
+
|
|
|
96eb28 |
+ ret = sss_atomic_write_s(STDOUT_FILENO, repr_break, strlen(repr_break));
|
|
|
96eb28 |
+ /* Avoid spiking memory with too many large keys */
|
|
|
96eb28 |
+ talloc_zfree(repr_break);
|
|
|
96eb28 |
+ if (ret < 0) {
|
|
|
96eb28 |
+ ret = errno;
|
|
|
96eb28 |
+ if (ret == EPIPE) {
|
|
|
96eb28 |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
96eb28 |
+ "SSHD closed the pipe before all keys could be written\n");
|
|
|
96eb28 |
+ /* Return 0 so that openssh doesn't abort pubkey auth */
|
|
|
96eb28 |
+ ret = 0;
|
|
|
96eb28 |
+ goto fini;
|
|
|
96eb28 |
+ }
|
|
|
96eb28 |
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
96eb28 |
+ "sss_atomic_write_s() failed (%d): %s\n",
|
|
|
96eb28 |
+ ret, strerror(ret));
|
|
|
96eb28 |
+ goto fini;
|
|
|
96eb28 |
+ }
|
|
|
96eb28 |
}
|
|
|
96eb28 |
|
|
|
96eb28 |
ret = EXIT_SUCCESS;
|
|
|
96eb28 |
--
|
|
|
ca1eb8 |
2.17.1
|
|
|
96eb28 |
|