Authpf doesn't remove user when session is ended with Ctrl-\

Sun, 06 Aug 2006 22:44:37 -0700 

Hello,

it seems that authpf does not remove the user when a session is
ended with Ctrl-\. This behaviour only occurs when I actually press
Ctrl-\ on the client side; it does not occur when I send SIGQUIT
to the client ssh process.

All other methods of terminating the client session (Ctrl-C,
pulling the network cable) work as expected, i.e. the user
is removed.

Since the client address stays authenticated when the user thinks
he ended the session, I'm curious to know what causes this behaviour
and if someone can reproduce it.


Gateway:  WRAP, OpenBSD 3.9 standard install (base.tgz, etc.tgz, bsd)
Client:   PC, seen with Knoppix and OpenBSD


Steps to reproduce:
====================


/etc/pf.conf:
-------------

internal_if="sis2"
gateway_addr="10.0.0.10"
nat-anchor "authpf/*"
rdr-anchor "authpf/*"
binat-anchor "authpf/*"
block in on $internal_if from any to any
pass in quick on $internal_if proto tcp from any to $gateway_addr \
port = ssh
anchor "authpf/*"


/etc/authpf/authpf.rules:
--------------------------

ext_if   = "sis1"
ext_addr = 10.0.0.10
wlan_if  = "sis2"
# nat and tag connections...
nat on $ext_if from $user_ip to any tag $user_ip -> $ext_addr
# redirect to real name server
rdr pass on $wlan_if inet proto udp from $user_ip to $wlan_if port 53 \
        -> 194.151.228.2 port 53
pass in quick on $wlan_if from $user_ip to any
pass out log quick on $ext_if tagged $user_ip keep state


/etc/authpf/authpf.conf is empty.


Here's the dialog on the client and on the WRAP:

client:> ssh -l joe 10.0.0.10
[cut]
Hello joe. You are authenticated from host "192.168.101.32"


WRAP:> tail /var/log/daemon
[cut]
Aug  6 22:29:18 WRAP authpf[3663]: allowing 192.168.101.32, user joe

WRAP:> ps -U joe
  PID TT   STAT      TIME COMMAND
 5653 ??  I       0:00.05 sshd: [EMAIL PROTECTED] (sshd)
 3663 p1  Is+     0:00.05 -authpf: [EMAIL PROTECTED] (authpf)


client:> <Ctrl><\>
^\Connection to 10.0.0.10 closed.


WRAP:> ps -U joe 
  PID TT   STAT      TIME COMMAND

WRAP:> tail /var/log/daemon (user is NOT removed, nothing new here:)
Aug  6 22:29:18 WRAP authpf[3663]: allowing 192.168.101.32, user joe

WRAP:> pfctl  -a "authpf/joe(3663)" -s rules
pass in quick on sis2 inet from 192.168.101.32 to any
pass out log quick on sis1 all keep state tagged 192.168.101.32


Stefan Krah

Reply via email to