mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-11-24 02:02:10 +08:00
- djm@cvs.openbsd.org 2008/07/02 13:47:39
[ssh.1 ssh.c] When forking after authentication ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until after replies for any -R forwards have been seen. Allows for robust detection of -R forward failure when using -f (similar to bz#92); ok dtucker@
This commit is contained in:
parent
7c99b1ceda
commit
9a2a60986b
@ -3,6 +3,12 @@
|
||||
- djm@cvs.openbsd.org 2008/07/02 13:30:34
|
||||
[auth2.c]
|
||||
really really remove the freebie "none" auth try for protocol 2
|
||||
- djm@cvs.openbsd.org 2008/07/02 13:47:39
|
||||
[ssh.1 ssh.c]
|
||||
When forking after authentication ("ssh -f") with ExitOnForwardFailure
|
||||
enabled, delay the fork until after replies for any -R forwards have
|
||||
been seen. Allows for robust detection of -R forward failure when
|
||||
using -f (similar to bz#92); ok dtucker@
|
||||
|
||||
20080702
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
@ -4538,4 +4544,4 @@
|
||||
OpenServer 6 and add osr5bigcrypt support so when someone migrates
|
||||
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
||||
|
||||
$Id: ChangeLog,v 1.5049 2008/07/04 02:53:23 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.5050 2008/07/04 02:53:50 dtucker Exp $
|
||||
|
13
ssh.1
13
ssh.1
@ -34,8 +34,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.276 2008/06/26 21:11:46 jmc Exp $
|
||||
.Dd $Mdocdate: June 26 2008 $
|
||||
.\" $OpenBSD: ssh.1,v 1.277 2008/07/02 13:47:39 djm Exp $
|
||||
.Dd $Mdocdate: July 2 2008 $
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -290,6 +290,15 @@ This implies
|
||||
The recommended way to start X11 programs at a remote site is with
|
||||
something like
|
||||
.Ic ssh -f host xterm .
|
||||
.Pp
|
||||
If the
|
||||
.Cm ExitOnForwardFailure
|
||||
configuration option is set to
|
||||
.Dq yes ,
|
||||
then a client started with
|
||||
.Fl f
|
||||
will wait for all remote port forwards to be successfully established
|
||||
before placing itself in the background.
|
||||
.It Fl g
|
||||
Allows remote hosts to connect to local forwarded ports.
|
||||
.It Fl I Ar smartcard_device
|
||||
|
27
ssh.c
27
ssh.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh.c,v 1.317 2008/06/12 16:35:31 dtucker Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -860,9 +860,15 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
|
||||
logit("Warning: remote port forwarding failed for "
|
||||
"listen port %d", rfwd->listen_port);
|
||||
}
|
||||
if (++remote_forward_confirms_received == options.num_remote_forwards)
|
||||
if (++remote_forward_confirms_received == options.num_remote_forwards) {
|
||||
debug("All remote forwarding requests processed");
|
||||
/* XXX fork-after-authentication */
|
||||
if (fork_after_authentication_flag) {
|
||||
fork_after_authentication_flag = 0;
|
||||
if (daemon(1, 1) < 0)
|
||||
fatal("daemon() failed: %.200s",
|
||||
strerror(errno));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
@ -1062,10 +1068,17 @@ ssh_session(void)
|
||||
options.permit_local_command)
|
||||
ssh_local_cmd(options.local_command);
|
||||
|
||||
/* If requested, let ssh continue in the background. */
|
||||
if (fork_after_authentication_flag)
|
||||
/*
|
||||
* If requested and we are not interested in replies to remote
|
||||
* forwarding requests, then let ssh continue in the background.
|
||||
*/
|
||||
if (fork_after_authentication_flag &&
|
||||
(!options.exit_on_forward_failure ||
|
||||
options.num_remote_forwards == 0)) {
|
||||
fork_after_authentication_flag = 0;
|
||||
if (daemon(1, 1) < 0)
|
||||
fatal("daemon() failed: %.200s", strerror(errno));
|
||||
}
|
||||
|
||||
/*
|
||||
* If a command was specified on the command line, execute the
|
||||
@ -1204,9 +1217,11 @@ ssh_session2(void)
|
||||
muxserver_listen();
|
||||
|
||||
/* If requested, let ssh continue in the background. */
|
||||
if (fork_after_authentication_flag)
|
||||
if (fork_after_authentication_flag) {
|
||||
fork_after_authentication_flag = 0;
|
||||
if (daemon(1, 1) < 0)
|
||||
fatal("daemon() failed: %.200s", strerror(errno));
|
||||
}
|
||||
|
||||
return client_loop(tty_flag, tty_flag ?
|
||||
options.escape_char : SSH_ESCAPECHAR_NONE, id);
|
||||
|
Loading…
Reference in New Issue
Block a user