Hello, This is my first patch to OpenSSH. Apologies if the format is not as expected. Let me know if I should submit in a different format. --- From 48393827a9d335a77c6c9bc96d33cc7aa234bbd3 Mon Sep 17 00:00:00 2001 From: Steffen Prohaska <prohaska@xxxxxx> Date: Sat, 27 Oct 2018 16:52:57 +0200 Subject: [PATCH] close stderr of persistent proxy command if not in debug mode The patch should likely be first applied to upstream. If the parent becomes a new persistent connection master daemon, stderr of the proxy command should be detached, too, similar to the master daemon's stderr, as changed in openssh-portable@d2d6bf864e52af8491a60dd507f85b74361f5da3, upstream@4fb726f0fdcb155ad419913cea10dc4afd409d24 and discussed in bz#1988. Signed-off-by: Steffen Prohaska <prohaska@xxxxxx> --- You can view a signed commit at GitHub: https://github.com/sprohaska/openssh-portable/tree/pr/proxy-detach-stderr https://github.com/sprohaska/openssh-portable/commit/48393827a9d335a77c6c9bc96d33cc7aa234bbd3 or pull with: git pull https://github.com/sprohaska/openssh-portable.git pr/proxy-detach-stderr sshconnect.c | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index 52c32811..5266b2af 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -78,6 +78,7 @@ static int matching_host_key_dns = 0; static pid_t proxy_command_pid = 0; /* import */ +extern int debug_flag; extern Options options; extern char *__progname; @@ -99,6 +100,33 @@ expand_proxy_command(const char *proxy_command, const char *user, return ret; } +/* + * If the parent may become a new master daemon in `control_persist_detach()`, + * keep stderr of the proxy command in debug mode, so that error messages get + * printed on the user's terminal. But detach stderr in non-debug mode, + * because the proxy command will run as a daemon. + */ +static void +prepare_proxy_stderr() +{ + int devnull; + + if (!options.control_persist || debug_flag) { + return; + } + + if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { + error("%s: open(\"/dev/null\"): %s", __func__, + strerror(errno)); + return; + } + + if (dup2(devnull, STDERR_FILENO) == -1) + error("%s: dup2: %s", __func__, strerror(errno)); + if (devnull > STDERR_FILENO) + close(devnull); +} + /* * Connect to the given ssh server using a proxy command that passes a * a connected fd back to us. @@ -140,10 +168,8 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, if (sp[0] >= 2) close(sp[0]); - /* - * Stderr is left as it is so that error messages get - * printed on the user's terminal. - */ + prepare_proxy_stderr(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; @@ -219,8 +245,8 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Cannot be 1 because pin allocated two descriptors. */ close(pout[1]); - /* Stderr is left as it is so that error messages get - printed on the user's terminal. */ + prepare_proxy_stderr(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; -- 2.19.0.212.gdb50a52598
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev