Bug#490897: tcsh logins

[Daniel Nilsson]

On Sat, Aug 16, 2008 at 07:59:20PM -0700, Vagrant Cascadian wrote:
> >  cmd[i++] = ";";
> > +cmd[i++] = "exec";
> > +cmd[i++] = "sh";
> >  cmd[i++] = "kill";
> >  cmd[i++] = "-1";
> >  cmd[i++] = "$PPID";
> 
> no probably about it, in my tests, it definitely solved the issue.
> 
> because it uses exec, it gets the proper value for $PPID, which should
> be the sshd process used to log in (yes, it's an ugly hack, but that's
> how it works for now). at least on lenny.
> 
> to reproduce: ssh to the server, with a user with the default shell of
> tcsh. run "exec /bin/sh". "echo $PPID". the $PPID is the pid of sshd.

I did more test, and this works as you said:

[EMAIL PROTECTED]:~$ ssh -l labtcsh oden 'exec /bin/sh'
Password:
echo $PPID
9741

However, I've tried various forms of this and I can't get to work:

[EMAIL PROTECTED]:~$ ssh -l labtcsh oden 'exec /bin/sh -c echo \$PPID'
Password:

[EMAIL PROTECTED]:~$ ssh -l labtcsh oden 'exec /bin/sh -c echo $PPID'
Password:
PPID: Undefined variable.

I also tried your complete dpatch as is and it does not solve the
problem in my test setup, logouts fails and I need to kill the sshd
process on the server in order for logout to complete. My only guess
is that it has something to do with the above shell escaping issues.

I have attached a dpatch formatted version of the method I used where
PPID is retrieved using ps. So far this is the only method I've found
that solves the problem together with an etch based server. Are you
testing against a lenny server?

> there's definitely resistance to applying any of these patches upstream:
> 
>   
> http://sourceforge.net/mailarchive/forum.php?thread_name=20080815201358.GF12833%40ryukin.fglan&forum_name=ltsp-developer

Sure, I can understand this. This tends to become a hot topic due to
matter of preferences. I ended up a tcsh user since that was the
standard at the university back in the SunOS 4 days. There are
probably many advantages using bash over tcsh, but that is a different
topic. Since users are able to switch the shell to their preference,
and tcsh is still widely used, I think this bug needs to be handled
somehow since the result for a tcsh user is just a failed login with
no error messages. This will burden the sysadmins a lot trying to
figure out why a particular user can't log in when other can.

> one idea is to actually log in using /bin/sh, so that we can have a
> known login shell, as supporting multiple incompatible shell syntaxes is
> a rather difficult task...

Sounds like a better approach, agreed.

Regards
-- 
Daniel Nilsson
#! /bin/sh /usr/share/dpatch/dpatch-run
## fix_tcsh_logins_daniel.dpatch by  <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad ldm-2.0.6~/src/ldm.c ldm-2.0.6/src/ldm.c
--- ldm-2.0.6~/src/ldm.c2008-05-31 00:41:45.0 +0200
+++ ldm-2.0.6/src/ldm.c 2008-08-17 11:31:38.0 +0200
@@ -258,6 +258,7 @@
 cmd[i++] = "-l";
 cmd[i++] = ldminfo.username;
 cmd[i++] = ldminfo.server;
+cmd[i++] = "env";
 cmd[i++] = ltspclienv;
 
 /*
@@ -315,7 +316,7 @@
 cmd[i++] = ";";
 cmd[i++] = "kill";
 cmd[i++] = "-1";
-cmd[i++] = "$PPID";
+cmd[i++] = "`ps -o ppid -p $$ | tail -1`";
 cmd[i++] = NULL;
 
 xsessionpid = ldm_spawn(cmd);
diff -urNad ldm-2.0.6~/src/sshutils.c ldm-2.0.6/src/sshutils.c
--- ldm-2.0.6~/src/sshutils.c   2008-05-31 00:41:45.0 +0200
+++ ldm-2.0.6/src/sshutils.c2008-08-17 11:30:50.0 +0200
@@ -68,6 +68,7 @@
 sshcmd[i++] = "echo";
 sshcmd[i++] = SENTINEL;
 sshcmd[i++] = ";";
+sshcmd[i++] = "env";
 sshcmd[i++] = "LANG=C";
 sshcmd[i++] = "/bin/sh";
 sshcmd[i++] = "-";

Bug#490897: tcsh logins

[Vagrant Cascadian]

On Sat, Aug 16, 2008 at 11:29:39PM +0200, Daniel Nilsson wrote:
> On Fri, Aug 15, 2008 at 11:13:37AM -0700, Vagrant Cascadian wrote:
> > On Thu, Aug 14, 2008 at 10:48:21PM +0200, Daniel Nilsson wrote:
> > > On Wed, Aug 13, 2008 at 01:46:14PM -0700, Vagrant Cascadian wrote:
> > patch attached. tested and works for bash, tcsh, zsh and dash with
> > gnome, icewm, and xfce4.
> > 
> > if you could please test that patch, i can try and get it into lenny.
> > then i can work on getting it working upstream, too.
> 
> Ok, I did some testing with the patch you had attached. What I found
> though was that starting up a new shell on the server just for killing
> $PPID would probably not solve the issue since that would just kill
> the calling shell and not the ssh process which I believe is what the
> intent is here. I'm referring to this portion of the patch.

>  cmd[i++] = ";";
> +cmd[i++] = "exec";
> +cmd[i++] = "sh";
>  cmd[i++] = "kill";
>  cmd[i++] = "-1";
>  cmd[i++] = "$PPID";

no probably about it, in my tests, it definitely solved the issue.

because it uses exec, it gets the proper value for $PPID, which should
be the sshd process used to log in (yes, it's an ugly hack, but that's
how it works for now). at least on lenny.

to reproduce: ssh to the server, with a user with the default shell of
tcsh. run "exec /bin/sh". "echo $PPID". the $PPID is the pid of sshd.

there's definitely resistance to applying any of these patches upstream:

  
http://sourceforge.net/mailarchive/forum.php?thread_name=20080815201358.GF12833%40ryukin.fglan&forum_name=ltsp-developer

one idea is to actually log in using /bin/sh, so that we can have a
known login shell, as supporting multiple incompatible shell syntaxes is
a rather difficult task...

live well,
  vagrant

p.s. no need to CC me if you're mailing the bug report or any of the
lists.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#490897: tcsh logins

[Daniel Nilsson]

On Fri, Aug 15, 2008 at 11:13:37AM -0700, Vagrant Cascadian wrote:
> On Thu, Aug 14, 2008 at 10:48:21PM +0200, Daniel Nilsson wrote:
> > On Wed, Aug 13, 2008 at 01:46:14PM -0700, Vagrant Cascadian wrote:
> 
> > Please test this patch first
> 
> which patch?

Sorry, I was referring to the 2.0.9 based patch i had been testing and
working on which I felt needed more testing before applying upstream
since it didn't seem to solve the logout problem.

> patch attached. tested and works for bash, tcsh, zsh and dash with
> gnome, icewm, and xfce4.
> 
> if you could please test that patch, i can try and get it into lenny.
> then i can work on getting it working upstream, too.

Ok, I did some testing with the patch you had attached. What I found
though was that starting up a new shell on the server just for killing
$PPID would probably not solve the issue since that would just kill
the calling shell and not the ssh process which I believe is what the
intent is here. I'm referring to this portion of the patch.

 cmd[i++] = ";";
+cmd[i++] = "exec";
+cmd[i++] = "sh";
 cmd[i++] = "kill";
 cmd[i++] = "-1";
 cmd[i++] = "$PPID";

What is needed is a more portable way to find the parent process id in
a manner that is not shell dependent and that will find the process id
of the calling ssh process. I worked on that for a while, and the
following seems to do the trick in a shell portable way:

ps -o ppid -p $$ | tail -1

I put that into a 2.0.6 based patch which looks like this:

--- ldm-2.0.6.orig/src/sshutils.c
+++ ldm-2.0.6/src/sshutils.c
@@ -68,6 +68,7 @@
 sshcmd[i++] = "echo";
 sshcmd[i++] = SENTINEL;
 sshcmd[i++] = ";";
+sshcmd[i++] = "env";
 sshcmd[i++] = "LANG=C";
 sshcmd[i++] = "/bin/sh";
 sshcmd[i++] = "-";
--- ldm-2.0.6.orig/src/ldm.c
+++ ldm-2.0.6/src/ldm.c
@@ -258,6 +258,7 @@
 cmd[i++] = "-l";
 cmd[i++] = ldminfo.username;
 cmd[i++] = ldminfo.server;
+cmd[i++] = "env";
 cmd[i++] = ltspclienv;
 
 /*
@@ -315,7 +316,7 @@
 cmd[i++] = ";";
 cmd[i++] = "kill";
 cmd[i++] = "-1";
-cmd[i++] = "$PPID";
+cmd[i++] = "`ps -o ppid -p $$ | tail -1`";
 cmd[i++] = NULL;
 
 xsessionpid = ldm_spawn(cmd);

I tried logging in and out with bash, tcsh, dash and zsh using gnome,
xfce4 and icewm sessions on the server. All those combinations worked
well in my case (server running etch). 

I hope that helps!

Regards
-- 
Daniel Nilsson



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#490897: tcsh logins

[Vagrant Cascadian]

On Thu, Aug 14, 2008 at 10:48:21PM +0200, Daniel Nilsson wrote:
> On Wed, Aug 13, 2008 at 01:46:14PM -0700, Vagrant Cascadian wrote:

> Please test this patch first

which patch?

if it's a simple patch based on ldm 2.0.6, i can try and get it into
lenny.

otherwise, without a patch that's tested to work with bash, zsh, dash
and tcsh, multiple x sessions and window managers, i don't really have
the time to do the testing.

> , what I found was that I was able to login as a tcsh user but the
> logout seems to hang after the Xsession has ended (gnome-session in my
> testcase). 

the patch i made to ldm 2.0.6 worked with lenny's gnome and icewm, but
not with xfce (session would hang).

> I think this is due to the
> "kill -1 $PPID" and the end of the ssh command above, the $PPID
> variable is not available in a tcsh as far as I know. 

that would make sense, yes.

might be able to try something like "exec /bin/sh kill -1 $PPID". i
think that's the last thing i'll try and if it doesn't work, will wait
for tested patches.

patch attached. tested and works for bash, tcsh, zsh and dash with
gnome, icewm, and xfce4.

if you could please test that patch, i can try and get it into lenny.
then i can work on getting it working upstream, too.

> I don't know what the correct way to do this is so that it doesn't
> depend on the user shell, there is comment in the code:
 
> 
> /*
>  * FIXME: ditch the kill -1 and use ssh -o exit on the control
> socket 
>  */
> command = g_strjoin(" ", "ssh", "-Y", "-t", "-S", ldm.control_socket,
> "-l", ldm.username, ldm.server, "env" ,client_env,
> lang ? lang : "", display ? display : "", sound ? sound : "",
> ldm.session, localdev ? localdev : "",
> "; kill -1 $PPID", NULL);
> 
> I think that should be ssh -O exit though, but I haven't tested this
> yet.

we tested the "ssh -O exit" approach the recent LTSP developer hackfest,
and i couldn't get it to work, as any lingering X client connections
through the ssh tunnel will prevent the command from completing.

live well,
  vagrant
#! /bin/sh /usr/share/dpatch/dpatch-run
## fix-tcsh-logins.dpatch by Vagrant Cascadian <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad ldm-2.0.6~/src/ldm.c ldm-2.0.6/src/ldm.c
--- ldm-2.0.6~/src/ldm.c2008-08-13 16:01:35.0 -0700
+++ ldm-2.0.6/src/ldm.c 2008-08-15 10:35:43.0 -0700
@@ -258,6 +258,7 @@
 cmd[i++] = "-l";
 cmd[i++] = ldminfo.username;
 cmd[i++] = ldminfo.server;
+cmd[i++] = "env";
 cmd[i++] = ltspclienv;
 
 /*
@@ -313,6 +314,8 @@
 }
 
 cmd[i++] = ";";
+cmd[i++] = "exec";
+cmd[i++] = "sh";
 cmd[i++] = "kill";
 cmd[i++] = "-1";
 cmd[i++] = "$PPID";
diff -urNad ldm-2.0.6~/src/sshutils.c ldm-2.0.6/src/sshutils.c
--- ldm-2.0.6~/src/sshutils.c   2008-08-15 10:34:48.0 -0700
+++ ldm-2.0.6/src/sshutils.c2008-08-15 10:34:48.0 -0700
@@ -68,6 +68,7 @@
 sshcmd[i++] = "echo";
 sshcmd[i++] = SENTINEL;
 sshcmd[i++] = ";";
+sshcmd[i++] = "env";
 sshcmd[i++] = "LANG=C";
 sshcmd[i++] = "/bin/sh";
 sshcmd[i++] = "-";

Bug#490897: tcsh logins

[Daniel Nilsson]

On Wed, Aug 13, 2008 at 01:46:14PM -0700, Vagrant Cascadian wrote:

> > --- ldm-2.0.9.orig/src/ldm.c
> > +++ ldm-2.0.9/src/ldm.c
> > @@ -268,7 +268,7 @@
> >   * FIXME: ditch the kill -1 and use ssh -o exit on the
> > control socket
> >   */
> >  command = g_strjoin(" ", "ssh", "-Y", "-t", "-S",
> > ldm.control_socket,
> > -"-l", ldm.username, ldm.server, client_env,
> > +"-l", ldm.username, ldm.server, "env" ,client_env,
> >  lang ? lang : "", display ? display : "", sound ?
> > sound : "",
> >  ldm.session, localdev ? localdev : "",
> >  "; kill -1 $PPID", NULL);
> > 

> i set a user's default shell to tcsh and was able to log in using
> ldm 2.0.9-1. today, i'm not able to do so using 2.0.11-1. *sigh* i don't
> know what happened.
> 
> i'll test your patch and if it works well, will get it upstream and
> hopefully into the version of ldm in lenny, as it seems simple.

Hi,

Please test this patch first, what I found was that I was able to
login as a tcsh user but the logout seems to hang after the Xsession
has ended (gnome-session in my testcase). I think this is due to the
"kill -1 $PPID" and the end of the ssh command above, the $PPID
variable is not available in a tcsh as far as I know. I don't know
what the correct way to do this is so that it doesn't depend on the
user shell, there is comment in the code:


/*
 * FIXME: ditch the kill -1 and use ssh -o exit on the control
socket 
 */
command = g_strjoin(" ", "ssh", "-Y", "-t", "-S", ldm.control_socket,
"-l", ldm.username, ldm.server, "env" ,client_env,
lang ? lang : "", display ? display : "", sound ? sound : "",
ldm.session, localdev ? localdev : "",
"; kill -1 $PPID", NULL);

I think that should be ssh -O exit though, but I haven't tested this
yet.

-- 
Daniel Nilsson



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#490897: tcsh logins

[Vagrant Cascadian]

found 490897 2:2.0.11-1
thanks

On Wed, Aug 13, 2008 at 09:34:03PM +0200, Daniel Nilsson wrote:
> On Fri, Aug 08, 2008 at 02:59:57PM -0700, Vagrant Cascadian wrote:
> --- ldm-2.0.9.orig/src/ldm.c
> +++ ldm-2.0.9/src/ldm.c
> @@ -268,7 +268,7 @@
>   * FIXME: ditch the kill -1 and use ssh -o exit on the control socket
>   */
>  command = g_strjoin(" ", "ssh", "-Y", "-t", "-S", ldm.control_socket,
> -"-l", ldm.username, ldm.server, client_env,
> +"-l", ldm.username, ldm.server, "env" ,client_env,
>  lang ? lang : "", display ? display : "", sound ? sound : "",
>  ldm.session, localdev ? localdev : "",
>  "; kill -1 $PPID", NULL);
> 
> But you are saying that you were able to login using ldm-2.0.9 without
> the above patch? 

i set a user's default shell to tcsh and was able to log in using ldm
2.0.9-1. today, i'm not able to do so using 2.0.11-1. *sigh* i don't
know what happened.

i'll test your patch and if it works well, will get it upstream and
hopefully into the version of ldm in lenny, as it seems simple.

> This issue seems clear to me (and can be seen in the
> ldm.log file as well), ldm issues a command of the form
> LTSP_CLIENT=192.168.1.1 DISPLAY=192.168.1.5 /etc/X11/Xsession to the
> LTSP server as the user who is trying to login in. This is fine for
> bash, but will fail on tcsh.

in previous ldm versions, the initial login was done with LANG=C so we
could scrape the login text. we stopped doing that in 2.0.9+, and i
thought the next call was actually done with "bash -c 'LTSP_CLIENT=
...'" explicitly, but that doesn't appear to be the case.

live well,
  vagrant



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]