125125
126126/* Privilege separation related spawn fds */
127127#ifdef WINDOWS
128- #define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1)
129- #define PRIVSEP_LOG_FD (STDERR_FILENO + 2)
130128#define PRIVSEP_UNAUTH_MIN_FREE_FD (PRIVSEP_LOG_FD + 1)
131129#define PRIVSEP_AUTH_MIN_FREE_FD (PRIVSEP_LOG_FD + 1)
132130#endif /* WINDOWS */
@@ -676,14 +674,50 @@ privsep_preauth(struct ssh *ssh)
676674 fcntl (pmonitor -> m_recvfd , F_SETFD , FD_CLOEXEC );
677675 fcntl (pmonitor -> m_log_sendfd , F_SETFD , FD_CLOEXEC );
678676
679- debug ("REACHED PREAUTH STEP" );
680- /* Arrange for logging to be sent to the monitor */
681- //TODO: implement /*child*/ part of below using sshd-auth
682- //set_log_handler(mm_log_handler, pmonitor);
677+ /*
678+ * Arrange unpriv-preauth child process fds:
679+ * 0, 1 network socket
680+ * 2 optional stderr
681+ * 3 reserved
682+ * 4 monitor message socket
683+ * 5 monitor logging socket
684+ *
685+ * We know that the monitor sockets will have fds > 4 because
686+ * of the reserved fds in main()
687+ */
683688
684- //privsep_preauth_child();
685- //setproctitle("%s", "[net]");
686- return 0 ;
689+ if (ssh_packet_get_connection_in (ssh ) != STDIN_FILENO &&
690+ dup2 (ssh_packet_get_connection_in (ssh ), STDIN_FILENO ) == -1 )
691+ fatal ("dup2 stdin failed: %s" , strerror (errno ));
692+ if (ssh_packet_get_connection_out (ssh ) != STDOUT_FILENO &&
693+ dup2 (ssh_packet_get_connection_out (ssh ),
694+ STDOUT_FILENO ) == -1 )
695+ fatal ("dup2 stdout failed: %s" , strerror (errno ));
696+ /* leave stderr as-is */
697+ log_redirect_stderr_to (NULL ); /* dup can clobber log fd */
698+ if (pmonitor -> m_recvfd != PRIVSEP_MONITOR_FD &&
699+ dup2 (pmonitor -> m_recvfd , PRIVSEP_MONITOR_FD ) == -1 )
700+ fatal ("dup2 monitor fd: %s" , strerror (errno ));
701+ if (pmonitor -> m_log_sendfd != PRIVSEP_LOG_FD &&
702+ dup2 (pmonitor -> m_log_sendfd , PRIVSEP_LOG_FD ) == -1 )
703+ fatal ("dup2 log fd: %s" , strerror (errno ));
704+ closefrom (PRIVSEP_MIN_FREE_FD );
705+
706+ posix_spawn_file_actions_t actions ;
707+ posix_spawnattr_t attributes ;
708+ if (posix_spawn_file_actions_init (& actions ) != 0 ||
709+ posix_spawn_file_actions_adddup2 (& actions , io_sock_in , STDIN_FILENO ) != 0 ||
710+ posix_spawn_file_actions_adddup2 (& actions , io_sock_out , STDOUT_FILENO ) != 0 ||
711+ posix_spawn_file_actions_adddup2 (& actions , pmonitor -> m_recvfd , PRIVSEP_MONITOR_FD ) != 0 ||
712+ posix_spawn_file_actions_adddup2 (& actions , pmonitor -> m_log_sendfd , PRIVSEP_LOG_FD ) != 0 )
713+ fatal ("posix_spawn initialization failed" );
714+ else {
715+ pid_t pid ;
716+ if (posix_spawn (& pid , options .sshd_auth_path , & actions , & attributes , saved_argv , NULL ) != 0 )
717+ error ("%s, posix_spawn failed" , __func__ );
718+ posix_spawn_file_actions_destroy (& actions );
719+ posix_spawnattr_destroy (& attributes );
720+ }
687721 }
688722 else { /* parent */
689723 posix_spawn_file_actions_t actions ;
@@ -695,13 +729,11 @@ privsep_preauth(struct ssh *ssh)
695729 posix_spawn_file_actions_adddup2 (& actions , pmonitor -> m_log_sendfd , PRIVSEP_LOG_FD ) != 0 )
696730 fatal ("posix_spawn initialization failed" );
697731
698- {
699- char * * argv = privsep_child_cmdline (0 );
700- if (__posix_spawn_asuser (& pid , argv [0 ], & actions , NULL , argv , NULL , SSH_PRIVSEP_USER ) != 0 )
701- fatal ("%s, fork of unprivileged child failed" , __func__ );
732+ char * * argv = privsep_child_cmdline (0 );
733+ if (__posix_spawn_asuser (& pid , argv [0 ], & actions , NULL , argv , NULL , SSH_PRIVSEP_USER ) != 0 )
734+ fatal ("%s, fork of unprivileged child failed" , __func__ );
702735
703- posix_spawn_file_actions_destroy (& actions );
704- }
736+ posix_spawn_file_actions_destroy (& actions );
705737
706738 debug2 ("Network child is on pid %ld" , (long )pid );
707739
@@ -1525,12 +1557,12 @@ main(int ac, char **av)
15251557 fatal ("sshbuf_new config buf failed" );
15261558 setproctitle ("%s" , "[rexeced]" );
15271559#ifdef WINDOWS
1528- if (privsep_unauth_child || privsep_auth_child ) {
1529- recv_rexec_state (PRIVSEP_MONITOR_FD , cfg , & timing_secret ); //TODO - should starup_pipe be closed as above ?B
1530- }
1531- else {
1532- recv_rexec_state (REEXEC_CONFIG_PASS_FD , cfg , & timing_secret );
1533- }
1560+ // if (privsep_unauth_child || privsep_auth_child) {
1561+ // recv_rexec_state(PRIVSEP_MONITOR_FD, cfg, &timing_secret); //TODO - should starup_pipe be closed as above ?B
1562+ // }
1563+ // else {
1564+ // recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);
1565+ // }
15341566#else /* WINDOWS */
15351567 recv_rexec_state (REEXEC_CONFIG_PASS_FD , cfg , & timing_secret );
15361568#endif /* WINDOWS */
0 commit comments