X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C8174F.81C9C295@onstor-exch02.onstor.net>; Thu, 25 Oct 2007 13:39:22 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-class: urn:content-classes:message
Subject: RE: PERFORCE change 26045 for review
Date: Thu, 25 Oct 2007 13:39:22 -0800
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E03B1BF29@onstor-exch02.onstor.net>
In-Reply-To: <20071025143615.7ff05447@ripper.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: PERFORCE change 26045 for review
Thread-Index: AcgXTxLyqanhkeBgSFKJaFoH4ii84QAABgjQ
From: "Rendell Fong" <rendell.fong@onstor.com>
To: "Andy Sharp" <andy.sharp@onstor.com>

The signal is disabled in the subsequent call to alarm(0).


-----Original Message-----
From: Andy Sharp=20
Sent: Thursday, October 25, 2007 2:36 PM
To: Rendell Fong; Larry Scheer
Subject: Re: PERFORCE change 26045 for review

On 25 Oct 2007 14:01:25 -0700 Rendell Fong <rendell.fong@onstor.com>
wrote:

> Change 26045 by rendellf@rendellf on 2007/10/25 13:52:26
>=20
> 	Changed sshd to shutdown RMC and disable the SIGALRM used for
> the login grace timeout check after user login authentication is
> completed. Reviewed By: LarryS
>=20
> Affected files ...
>=20
> ... //depot/dev/nfx-tree/code/ssc-sshd-kb5/session.c#4 edit
> ... //depot/dev/nfx-tree/code/ssc-sshd-kb5/sshd.c#4 edit

p4 describe 26045

...

=3D=3D=3D=3D //depot/dev/nfx-tree/code/ssc-sshd-kb5/sshd.c#4 (text) =
=3D=3D=3D=3D

...

1759a1767,1774
> #ifdef NFX
>     /* Shutdown RMC since login authentication is done and it isn't
>      * needed anymore.
>      */
>     rmc_shutdown();
>     signal(SIGALRM, SIG_DFL);
> #endif
>=20

FYI,

That call to signal doesn't disable the signal, it just sets the
signal action to the default, which is to kill the thread when the
signal comes in.  You should definitely remove it.

It is unneeded, as one might guess, as the sshd authors would not have
been missing a bug this glaring for so long.  The signal is disabled in
the immediate function call do_authenticated().  I think what confused
you was the poor design of RMC to use sigalarm in the first place.
However, the setitimers(2) family of system calls might not have been
available on the 1999 version of openbsd the implementers of RMC were
using.  Which is why sshd itself doesn't use them -- it runs on a
zillion different *nix machines, many of which can only dream of having
setitimers(2).

Cheers,

a


