[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Wed Aug 2 17:46:13 UTC 2017
New commits:
commit 3665392f57b1f11ba56a5e8b5302f23ef218a778
Merge: 2c286b1 a13c158
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Aug 2 10:08:25 2017 -0400
pluto: unify the IKEv1 and IKEv2 XAUTH/PAM threading code
So that they have consistent behaviour when creating and
canceling asynchronous threads:
- for IKEv1, this eliminates the use of SIGINT (which debuggers
like to use), and fixes a problem with creating threads
- for IKEv2, this fixes a race when canceling threads.
Known issues:
- a canceled PAM request likely STILL leaks resources
- IKEv1 password auth requests were moved to the main thread
(followed by a thread shuffle to preserve behaviour) so
that they didn't leak resources
Thanks to Muhammad Tameem Iftikhar of SurfEasy.com for stress
testing the changes; and Hugh for helping with the analysis.
Merge branch 'xauth-cancel'
commit a13c158b60bb02ac7ba1a89c632b7c4d9a51ef2f
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jul 27 16:12:20 2017 -0400
libevent: initialize libevent in pthreads mode before creating "base"
'cos the documentation says so
commit 127b96fe69e0914133692a4eec2e53024e2d5a53
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jul 26 14:05:01 2017 -0400
xauth: restore IKEv2 code suspending ST while pam is running
commit 30953061659e7b90d5af492fb3126281138decc5
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jul 26 11:53:58 2017 -0400
xauth: more logging
commit 026a63e32eb586c86b72721ddd364ba167d7135a
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jul 26 11:53:36 2017 -0400
xauth: fix IKEv2 call to xauth_start_pam_thread()
commit c72b9e250d3ecb7b6b44e00fa01ed3118872310f
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jul 25 18:58:46 2017 -0400
xauth: pthread_cancel(), pthread_cleanup_push(), and the main-thread when cleaning up
Perform the cleanup in an event handler running on the main-thread
(scheduled by the XAUTH thread as it exits).
For file (password) authentication, perform everything on the main-thread
(but then fudge an XAUTH event).
commit ad885ec8f3cbc2146661915eec0a7267b1842661
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Jul 21 17:34:07 2017 -0400
pluto: make xauth/PAM code less hairy
- delete dead code: handling case where st_jbuf_t's ptr field is NULL
- fix alloc_st_jbuf() bug noticed by Andrew
- don't assume that an absolute pointer into st_jbuf_mem survives realloc
(replace pointer with index)
- move setting of st field of st_jbuf_mem element into locked region
commit c613cd687bc257649c62be9b39ba880056eb9301
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Jul 21 13:50:13 2017 -0400
IKEv1: use SIGUSR1, and not SIGINT, to cancel the xauth thread
GDB and pluto end up fighting over SIGUSR1. A useful command is:
(gdb) handle SIGUSR1 nostop print pass
commit 2b0e5c20df24bf2516175adcbf8654d67a75316e
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Jul 21 13:45:27 2017 -0400
IKEv2: put the xauth thread into the cancel-enable state
and not PTHREAD_CANCEL_ASYNCHRONOUS which is really
PTHREAD_CANCEL_DISABLE.
This reduces the odds but doesn't eliminate a race between
the cancel code deleting stuff on the heap and the cancelled
thread dying. It also causes pam resources to be leaked.
More information about the Swan-commit
mailing list