From 034fbaa00ca3fb936b71831af96943681cda83ce Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Jul 2008 13:47:40 +0000 Subject: When forking after authentication ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until after replies for any -R forwards have been seen. Allows for robust detection of -R forward failure when using -f (similar to bz#92); ok dtucker@ --- usr.bin/ssh/ssh.1 | 13 +++++++++++-- usr.bin/ssh/ssh.c | 27 +++++++++++++++++++++------ 2 files changed, 32 insertions(+), 8 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index a58f5a02ace..1883578f226 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.276 2008/06/26 21:11:46 jmc Exp $ -.Dd $Mdocdate: June 26 2008 $ +.\" $OpenBSD: ssh.1,v 1.277 2008/07/02 13:47:39 djm Exp $ +.Dd $Mdocdate: July 2 2008 $ .Dt SSH 1 .Os .Sh NAME @@ -290,6 +290,15 @@ This implies The recommended way to start X11 programs at a remote site is with something like .Ic ssh -f host xterm . +.Pp +If the +.Cm ExitOnForwardFailure +configuration option is set to +.Dq yes , +then a client started with +.Fl f +will wait for all remote port forwards to be successfully established +before placing itself in the background. .It Fl g Allows remote hosts to connect to local forwarded ports. .It Fl I Ar smartcard_device diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 85221074b63..403eb69b71e 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.317 2008/06/12 16:35:31 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -841,9 +841,15 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) logit("Warning: remote port forwarding failed for " "listen port %d", rfwd->listen_port); } - if (++remote_forward_confirms_received == options.num_remote_forwards) + if (++remote_forward_confirms_received == options.num_remote_forwards) { debug("All remote forwarding requests processed"); - /* XXX fork-after-authentication */ + if (fork_after_authentication_flag) { + fork_after_authentication_flag = 0; + if (daemon(1, 1) < 0) + fatal("daemon() failed: %.200s", + strerror(errno)); + } + } } static void @@ -1043,10 +1049,17 @@ ssh_session(void) options.permit_local_command) ssh_local_cmd(options.local_command); - /* If requested, let ssh continue in the background. */ - if (fork_after_authentication_flag) + /* + * If requested and we are not interested in replies to remote + * forwarding requests, then let ssh continue in the background. + */ + if (fork_after_authentication_flag && + (!options.exit_on_forward_failure || + options.num_remote_forwards == 0)) { + fork_after_authentication_flag = 0; if (daemon(1, 1) < 0) fatal("daemon() failed: %.200s", strerror(errno)); + } /* * If a command was specified on the command line, execute the @@ -1185,9 +1198,11 @@ ssh_session2(void) muxserver_listen(); /* If requested, let ssh continue in the background. */ - if (fork_after_authentication_flag) + if (fork_after_authentication_flag) { + fork_after_authentication_flag = 0; if (daemon(1, 1) < 0) fatal("daemon() failed: %.200s", strerror(errno)); + } return client_loop(tty_flag, tty_flag ? options.escape_char : SSH_ESCAPECHAR_NONE, id); -- cgit v1.2.3