From f66d4df5749551380a8c4ae642347675a0b6a2e9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Jun 2024 11:33:09 +1000 Subject: [PATCH] delay lookup of privsep user until config loaded sshd-session attempting to use options.kerberos_authentication to decide whether it needed to lookup the privsep user before the configuration was loaded. This caused it to get a placeholder value that caused it always to try to lookup the privsep user, breaking at least one test environment. --- sshd-session.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/sshd-session.c b/sshd-session.c index 02e469e057d..dbc3074fa72 100644 --- a/sshd-session.c +++ b/sshd-session.c @@ -1036,6 +1036,17 @@ main(int ac, char **av) debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION); + /* Fetch our configuration */ + if ((cfg = sshbuf_new()) == NULL) + fatal("sshbuf_new config buf failed"); + setproctitle("%s", "[rexeced]"); + recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret); + close(REEXEC_CONFIG_PASS_FD); + parse_server_config(&options, "rexec", cfg, &includes, NULL, 1); + /* Fill in default values for those options not explicitly set. */ + fill_default_server_options(&options); + options.timing_secret = timing_secret; + /* Store privilege separation user for later use if required. */ privsep_chroot = (getuid() == 0 || geteuid() == 0); if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { @@ -1049,17 +1060,6 @@ main(int ac, char **av) } endpwent(); - /* Fetch our configuration */ - if ((cfg = sshbuf_new()) == NULL) - fatal("sshbuf_new config buf failed"); - setproctitle("%s", "[rexeced]"); - recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret); - close(REEXEC_CONFIG_PASS_FD); - parse_server_config(&options, "rexec", cfg, &includes, NULL, 1); - /* Fill in default values for those options not explicitly set. */ - fill_default_server_options(&options); - options.timing_secret = timing_secret; - if (!debug_flag) { startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); close(REEXEC_STARTUP_PIPE_FD);