[PATCH] close stderr of persistent proxy command if not in debug mode
Steffen Prohaska
prohaska at zib.de
Sun Oct 28 03:19:22 AEDT 2018
Hello,
This is my first patch to OpenSSH. Apologies if the format is not as expected. Let me know if I should submit in a different format.
---
From 48393827a9d335a77c6c9bc96d33cc7aa234bbd3 Mon Sep 17 00:00:00 2001
From: Steffen Prohaska <prohaska at zib.de>
Date: Sat, 27 Oct 2018 16:52:57 +0200
Subject: [PATCH] close stderr of persistent proxy command if not in debug mode
The patch should likely be first applied to upstream.
If the parent becomes a new persistent connection master daemon, stderr
of the proxy command should be detached, too, similar to the master
daemon's stderr, as changed in
openssh-portable at d2d6bf864e52af8491a60dd507f85b74361f5da3,
upstream at 4fb726f0fdcb155ad419913cea10dc4afd409d24 and discussed in
bz#1988.
Signed-off-by: Steffen Prohaska <prohaska at zib.de>
---
You can view a signed commit at GitHub:
https://github.com/sprohaska/openssh-portable/tree/pr/proxy-detach-stderr
https://github.com/sprohaska/openssh-portable/commit/48393827a9d335a77c6c9bc96d33cc7aa234bbd3
or pull with:
git pull https://github.com/sprohaska/openssh-portable.git pr/proxy-detach-stderr
sshconnect.c | 38 ++++++++++++++++++++++++++++++++------
1 file changed, 32 insertions(+), 6 deletions(-)
diff --git a/sshconnect.c b/sshconnect.c
index 52c32811..5266b2af 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -78,6 +78,7 @@ static int matching_host_key_dns = 0;
static pid_t proxy_command_pid = 0;
/* import */
+extern int debug_flag;
extern Options options;
extern char *__progname;
@@ -99,6 +100,33 @@ expand_proxy_command(const char *proxy_command, const char *user,
return ret;
}
+/*
+ * If the parent may become a new master daemon in `control_persist_detach()`,
+ * keep stderr of the proxy command in debug mode, so that error messages get
+ * printed on the user's terminal. But detach stderr in non-debug mode,
+ * because the proxy command will run as a daemon.
+ */
+static void
+prepare_proxy_stderr()
+{
+ int devnull;
+
+ if (!options.control_persist || debug_flag) {
+ return;
+ }
+
+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+ error("%s: open(\"/dev/null\"): %s", __func__,
+ strerror(errno));
+ return;
+ }
+
+ if (dup2(devnull, STDERR_FILENO) == -1)
+ error("%s: dup2: %s", __func__, strerror(errno));
+ if (devnull > STDERR_FILENO)
+ close(devnull);
+}
+
/*
* Connect to the given ssh server using a proxy command that passes a
* a connected fd back to us.
@@ -140,10 +168,8 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
if (sp[0] >= 2)
close(sp[0]);
- /*
- * Stderr is left as it is so that error messages get
- * printed on the user's terminal.
- */
+ prepare_proxy_stderr();
+
argv[0] = shell;
argv[1] = "-c";
argv[2] = command_string;
@@ -219,8 +245,8 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
/* Cannot be 1 because pin allocated two descriptors. */
close(pout[1]);
- /* Stderr is left as it is so that error messages get
- printed on the user's terminal. */
+ prepare_proxy_stderr();
+
argv[0] = shell;
argv[1] = "-c";
argv[2] = command_string;
--
2.19.0.212.gdb50a52598
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20181027/53a12e2d/attachment.asc>
More information about the openssh-unix-dev
mailing list