bin/134694: gives false-positive when unable to obtain socket [WAS: sshd(8) - alert user when fails to execute from rc.d]

[Glen Barber]

Hi, Eygene

On Wed, May 20, 2009 at 6:19 AM, Eygene Ryabinkin <rea-fbsd at codelabs.ru> wrote:
> Glen, good day.
>
> Mon, May 18, 2009 at 10:49:52PM -0400, Glen Barber wrote:
>> Earlier this evening, I submitted a PR about sshd(8) giving a
>> false-positive when starting on an already occupied socket[1].  I
>> would like to enable some form of console output when the rc.d script
>> is called if the service cannot properly bind to the socket, but I
>> want to make sure I do it "the right way."
>
> Reading through the PR, I can't figure out what do you mean.
> You're saying that
>  1. you spawn the other service on a port N;
>  2. then you're spawning SSH on the same port via rc.d script;
>  3. after this '/etc/rc.d/sshd status' gives you 'sshd is not running'.
>
> But this is completely right: after step 2 there will be no SSH daemon
> listening, because it fails to bind to the port.  And the 'status'
> command of an rc.d script is perfectly correct -- no SSH daemon is
> running, really.
>

That is correct.  There is no daemon running, but there is no output
on the console that starting sshd failed -- it is only listed in
messages.  (And if you don't know it failed, you may never look in
messages to realize this.)

>> I was digging through src/crypto/openssh/sshd.c hoping to submit a
>> patch to enable this, but I'm not certain that is the right place to
>> be looking.  After digging through erc/etc/rc.d/sshd, I am failing to
>> understand how the service would check the listening port, so now I
>> feel like I am hitting a wall.
>
> You seem to mix two things: binding to the port and the output from rc.d
> 'status' command.  Binding to the port is done by SSH by the bind(2)
> system call and if something is already listening on the given address,
> the socket won't be bound, so SSH daemon terminates.
>
> 'status' (for the case of /etc/rc.d/sshd) deduces the status of the
> service from it's pid file (variable pidfile) with the subroutine
> check_pidfile.  Look at /etc/rc.subr: 'status' is handled via
> "run_rc_command status" that evaluates _pidcmd that sets $rc_pid.  And
> then $rc_pid it checked for being non-empty, and if emptiness found,
> command
> -----
>                                echo "${name} is not running."
> -----
> is executed.  It produces the result you're seeing.
>
> So, I would say that the PR in question is somewhat false positive.
> --
> Eygene
>  _                ___       _.--.   #
>  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
>  /  ' `         ,       __.--'      #  to read the on-line manual
>  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
>  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
>     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
>    {_.-``-'         {_/            #
>



-- 
Glen Barber