diff options
| author |   djm <djm@openbsd.org> | 2008-07-02 13:47:39 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2008-07-02 13:47:39 +0000 |
| commit | 0d96162d3a5c14f3ac0633b028c064dafc77660f (patch) | |
| tree | f010909b49286abfefa9bc26ee89308e916bfe70 /usr.bin/ssh/ssh.c | |
| parent | really really remove the freebie "none" auth try for protocol 2 (diff) | |
| download | wireguard-openbsd-0d96162d3a5c14f3ac0633b028c064dafc77660f.tar.xz wireguard-openbsd-0d96162d3a5c14f3ac0633b028c064dafc77660f.zip | |
When forking after authentication ("ssh -f") with ExitOnForwardFailure
enabled, delay the fork until after replies for any -R forwards have
been seen. Allows for robust detection of -R forward failure when
using -f (similar to bz#92); ok dtucker@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 85221074b63..403eb69b71e 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.317 2008/06/12 16:35:31 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -841,9 +841,15 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) logit("Warning: remote port forwarding failed for " "listen port %d", rfwd->listen_port); } - if (++remote_forward_confirms_received == options.num_remote_forwards) + if (++remote_forward_confirms_received == options.num_remote_forwards) { debug("All remote forwarding requests processed"); - /* XXX fork-after-authentication */ + if (fork_after_authentication_flag) { + fork_after_authentication_flag = 0; + if (daemon(1, 1) < 0) + fatal("daemon() failed: %.200s", + strerror(errno)); + } + } } static void @@ -1043,10 +1049,17 @@ ssh_session(void) options.permit_local_command) ssh_local_cmd(options.local_command); - /* If requested, let ssh continue in the background. */ - if (fork_after_authentication_flag) + /* + * If requested and we are not interested in replies to remote + * forwarding requests, then let ssh continue in the background. + */ + if (fork_after_authentication_flag && + (!options.exit_on_forward_failure || + options.num_remote_forwards == 0)) { + fork_after_authentication_flag = 0; if (daemon(1, 1) < 0) fatal("daemon() failed: %.200s", strerror(errno)); + } /* * If a command was specified on the command line, execute the @@ -1185,9 +1198,11 @@ ssh_session2(void) muxserver_listen(); /* If requested, let ssh continue in the background. */ - if (fork_after_authentication_flag) + if (fork_after_authentication_flag) { + fork_after_authentication_flag = 0; if (daemon(1, 1) < 0) fatal("daemon() failed: %.200s", strerror(errno)); + } return client_loop(tty_flag, tty_flag ? options.escape_char : SSH_ESCAPECHAR_NONE, id); |