[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Wed Aug 2 17:46:13 UTC 2017

New commits:
commit 3665392f57b1f11ba56a5e8b5302f23ef218a778
Merge: 2c286b1 a13c158
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Aug 2 10:08:25 2017 -0400

    pluto: unify the IKEv1 and IKEv2 XAUTH/PAM threading code
    So that they have consistent behaviour when creating and
    canceling asynchronous threads:
    - for IKEv1, this eliminates the use of SIGINT (which debuggers
      like to use), and fixes a problem with creating threads
    - for IKEv2, this fixes a race when canceling threads.
    Known issues:
    - a canceled PAM request likely STILL leaks resources
    - IKEv1 password auth requests were moved to the main thread
      (followed by a thread shuffle to preserve behaviour) so
      that they didn't leak resources
    Thanks to Muhammad Tameem Iftikhar of SurfEasy.com for stress
    testing the changes; and Hugh for helping with the analysis.
    Merge branch 'xauth-cancel'

commit a13c158b60bb02ac7ba1a89c632b7c4d9a51ef2f
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Jul 27 16:12:20 2017 -0400

    libevent: initialize libevent in pthreads mode before creating "base"
    'cos the documentation says so

commit 127b96fe69e0914133692a4eec2e53024e2d5a53
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Jul 26 14:05:01 2017 -0400

    xauth: restore IKEv2 code suspending ST while pam is running

commit 30953061659e7b90d5af492fb3126281138decc5
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Jul 26 11:53:58 2017 -0400

    xauth: more logging

commit 026a63e32eb586c86b72721ddd364ba167d7135a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Jul 26 11:53:36 2017 -0400

    xauth: fix IKEv2 call to xauth_start_pam_thread()

commit c72b9e250d3ecb7b6b44e00fa01ed3118872310f
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Jul 25 18:58:46 2017 -0400

    xauth: pthread_cancel(), pthread_cleanup_push(), and the main-thread when cleaning up
    Perform the cleanup in an event handler running on the main-thread
    (scheduled by the XAUTH thread as it exits).
    For file (password) authentication, perform everything on the main-thread
    (but then fudge an XAUTH event).

commit ad885ec8f3cbc2146661915eec0a7267b1842661
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Fri Jul 21 17:34:07 2017 -0400

    pluto: make xauth/PAM code less hairy
    - delete dead code: handling case where st_jbuf_t's ptr field is NULL
    - fix alloc_st_jbuf() bug noticed by Andrew
    - don't assume that an absolute pointer into st_jbuf_mem survives realloc
      (replace pointer with index)
    - move setting of st field of st_jbuf_mem element into locked region

commit c613cd687bc257649c62be9b39ba880056eb9301
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Jul 21 13:50:13 2017 -0400

    IKEv1: use SIGUSR1, and not SIGINT, to cancel the xauth thread
    GDB and pluto end up fighting over SIGUSR1.  A useful command is:
      (gdb) handle SIGUSR1 nostop print pass

commit 2b0e5c20df24bf2516175adcbf8654d67a75316e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Jul 21 13:45:27 2017 -0400

    IKEv2: put the xauth thread into the cancel-enable state
    and not PTHREAD_CANCEL_ASYNCHRONOUS which is really
    This reduces the odds but doesn't eliminate a race between
    the cancel code deleting stuff on the heap and the cancelled
    thread dying.  It also causes pam resources to be leaked.

More information about the Swan-commit mailing list