bin/134694: gives false-positive when unable to obtain socket
[WAS: sshd(8) - alert user when fails to execute from rc.d]
Glen Barber
glen.j.barber at gmail.com
Wed May 20 14:38:20 UTC 2009
Hi, Eygene
On Wed, May 20, 2009 at 6:19 AM, Eygene Ryabinkin <rea-fbsd at codelabs.ru> wrote:
> Glen, good day.
>
> Mon, May 18, 2009 at 10:49:52PM -0400, Glen Barber wrote:
>> Earlier this evening, I submitted a PR about sshd(8) giving a
>> false-positive when starting on an already occupied socket[1]. I
>> would like to enable some form of console output when the rc.d script
>> is called if the service cannot properly bind to the socket, but I
>> want to make sure I do it "the right way."
>
> Reading through the PR, I can't figure out what do you mean.
> You're saying that
> 1. you spawn the other service on a port N;
> 2. then you're spawning SSH on the same port via rc.d script;
> 3. after this '/etc/rc.d/sshd status' gives you 'sshd is not running'.
>
> But this is completely right: after step 2 there will be no SSH daemon
> listening, because it fails to bind to the port. And the 'status'
> command of an rc.d script is perfectly correct -- no SSH daemon is
> running, really.
>
That is correct. There is no daemon running, but there is no output
on the console that starting sshd failed -- it is only listed in
messages. (And if you don't know it failed, you may never look in
messages to realize this.)
>> I was digging through src/crypto/openssh/sshd.c hoping to submit a
>> patch to enable this, but I'm not certain that is the right place to
>> be looking. After digging through erc/etc/rc.d/sshd, I am failing to
>> understand how the service would check the listening port, so now I
>> feel like I am hitting a wall.
>
> You seem to mix two things: binding to the port and the output from rc.d
> 'status' command. Binding to the port is done by SSH by the bind(2)
> system call and if something is already listening on the given address,
> the socket won't be bound, so SSH daemon terminates.
>
> 'status' (for the case of /etc/rc.d/sshd) deduces the status of the
> service from it's pid file (variable pidfile) with the subroutine
> check_pidfile. Look at /etc/rc.subr: 'status' is handled via
> "run_rc_command status" that evaluates _pidcmd that sets $rc_pid. And
> then $rc_pid it checked for being non-empty, and if emptiness found,
> command
> -----
> echo "${name} is not running."
> -----
> is executed. It produces the result you're seeing.
>
> So, I would say that the PR in question is somewhat false positive.
> --
> Eygene
> _ ___ _.--. #
> \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
> / ' ` , __.--' # to read the on-line manual
> )/' _/ \ `-_, / # while single-stepping the kernel.
> `-'" `"\_ ,_.-;_.-\_ ', fsc/as #
> _.-'_./ {_.' ; / # -- FreeBSD Developers handbook
> {_.-``-' {_/ #
>
--
Glen Barber
More information about the freebsd-hackers
mailing list