From owner-freebsd-hackers@FreeBSD.ORG Wed May 20 14:38:20 2009 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C3EA106564A for ; Wed, 20 May 2009 14:38:20 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from mail-bw0-f165.google.com (mail-bw0-f165.google.com [209.85.218.165]) by mx1.freebsd.org (Postfix) with ESMTP id EB0F68FC1D for ; Wed, 20 May 2009 14:38:19 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: by bwz9 with SMTP id 9so459077bwz.43 for ; Wed, 20 May 2009 07:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=HMgpJMWhPGx/Fw+dU4eYnlMN2nNA3Ai7hHE0pH1Lga8=; b=RuUv1Ks/OcN8VY6H4BW2TJCjdMW+elXv4mpfzrClShdv8OS9ZNvHTvqlbl3R3DSSfo XNQHgra90zvsUPt8fswgWmgAx2JWhbYv+e/W3XxlHMwwjVCjPRNe0JBJp2prYx3rvvTO UvJUsX18n9Gd2Kw7LI94uPkww1l3gGVygva30= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=IP9qcF7US70DAj8UPmIj9/zNPZJppeNL0ZNqdDl/grkDTEpLOlfgPwzSHf05MFfYX/ cHX/gSYTvfntti1/Qw1Cph4+HbrrRvcdvYztXe0a02Gx8XWPIs3dRZnB+AvQS305QFGp 9twci0snrzjfzphQnmWOl2LP8wJuHJ2txSjIY= MIME-Version: 1.0 Received: by 10.223.103.207 with SMTP id l15mr1035426fao.2.1242830298520; Wed, 20 May 2009 07:38:18 -0700 (PDT) In-Reply-To: References: <4ad871310905181949s2874795eoa5ddf425746310bf@mail.gmail.com> Date: Wed, 20 May 2009 10:38:18 -0400 Message-ID: <4ad871310905200738g79989fb6l58616f16495beccb@mail.gmail.com> From: Glen Barber To: rea-fbsd@codelabs.ru Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: hackers@freebsd.org, bug-followup@freebsd.org Subject: Re: bin/134694: gives false-positive when unable to obtain socket [WAS: sshd(8) - alert user when fails to execute from rc.d] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 14:38:20 -0000 Hi, Eygene On Wed, May 20, 2009 at 6:19 AM, Eygene Ryabinkin wr= ote: > Glen, good day. > > Mon, May 18, 2009 at 10:49:52PM -0400, Glen Barber wrote: >> Earlier this evening, I submitted a PR about sshd(8) giving a >> false-positive when starting on an already occupied socket[1]. =A0I >> would like to enable some form of console output when the rc.d script >> is called if the service cannot properly bind to the socket, but I >> want to make sure I do it "the right way." > > Reading through the PR, I can't figure out what do you mean. > You're saying that > =A01. you spawn the other service on a port N; > =A02. then you're spawning SSH on the same port via rc.d script; > =A03. after this '/etc/rc.d/sshd status' gives you 'sshd is not running'. > > But this is completely right: after step 2 there will be no SSH daemon > listening, because it fails to bind to the port. =A0And the 'status' > command of an rc.d script is perfectly correct -- no SSH daemon is > running, really. > That is correct. There is no daemon running, but there is no output on the console that starting sshd failed -- it is only listed in messages. (And if you don't know it failed, you may never look in messages to realize this.) >> I was digging through src/crypto/openssh/sshd.c hoping to submit a >> patch to enable this, but I'm not certain that is the right place to >> be looking. =A0After digging through erc/etc/rc.d/sshd, I am failing to >> understand how the service would check the listening port, so now I >> feel like I am hitting a wall. > > You seem to mix two things: binding to the port and the output from rc.d > 'status' command. =A0Binding to the port is done by SSH by the bind(2) > system call and if something is already listening on the given address, > the socket won't be bound, so SSH daemon terminates. > > 'status' (for the case of /etc/rc.d/sshd) deduces the status of the > service from it's pid file (variable pidfile) with the subroutine > check_pidfile. =A0Look at /etc/rc.subr: 'status' is handled via > "run_rc_command status" that evaluates _pidcmd that sets $rc_pid. =A0And > then $rc_pid it checked for being non-empty, and if emptiness found, > command > ----- > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0echo "${na= me} is not running." > ----- > is executed. =A0It produces the result you're seeing. > > So, I would say that the PR in question is somewhat false positive. > -- > Eygene > =A0_ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0___ =A0 =A0 =A0 _.--. =A0 # > =A0\`.|\..----...-'` =A0 `-._.-'_.-'` =A0 # =A0Remember that it is hard > =A0/ =A0' ` =A0 =A0 =A0 =A0 , =A0 =A0 =A0 __.--' =A0 =A0 =A0# =A0to read = the on-line manual > =A0)/' _/ =A0 =A0 \ =A0 `-_, =A0 / =A0 =A0 =A0 =A0 =A0 =A0# =A0while sing= le-stepping the kernel. > =A0`-'" `"\_ =A0,_.-;_.-\_ ', =A0fsc/as =A0 # > =A0 =A0 _.-'_./ =A0 {_.' =A0 ; / =A0 =A0 =A0 =A0 =A0 # =A0 =A0-- FreeBSD = Developers handbook > =A0 =A0{_.-``-' =A0 =A0 =A0 =A0 {_/ =A0 =A0 =A0 =A0 =A0 =A0# > --=20 Glen Barber