From 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 3 Jun 2016 04:09:38 +0000 Subject: [PATCH] upstream commit Allow ExitOnForwardFailure and ClearAllForwardings to be overridden when using ssh -W (but still default to yes in that case). bz#2577, ok djm@. Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4 --- readconf.c | 20 +++++++++++++++----- ssh.1 | 9 ++++++--- ssh.c | 4 +--- 3 files changed, 22 insertions(+), 11 deletions(-) diff --git a/readconf.c b/readconf.c index 66a36a49f..9dcc383da 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.255 2016/06/03 03:14:41 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.256 2016/06/03 04:09:38 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1750,6 +1750,7 @@ initialize_options(Options * options) options->forward_x11_timeout = -1; options->stdio_forward_host = NULL; options->stdio_forward_port = 0; + options->clear_forwardings = -1; options->exit_on_forward_failure = -1; options->xauth_location = NULL; options->fwd_opts.gateway_ports = -1; @@ -1796,7 +1797,6 @@ initialize_options(Options * options) options->num_local_forwards = 0; options->remote_forwards = NULL; options->num_remote_forwards = 0; - options->clear_forwardings = -1; options->log_level = SYSLOG_LEVEL_NOT_SET; options->preferred_authentications = NULL; options->bind_address = NULL; @@ -1870,8 +1870,19 @@ fill_default_options(Options * options) options->forward_x11_trusted = 0; if (options->forward_x11_timeout == -1) options->forward_x11_timeout = 1200; + /* + * stdio forwarding (-W) changes the default for these but we defer + * setting the values so they can be overridden. + */ if (options->exit_on_forward_failure == -1) - options->exit_on_forward_failure = 0; + options->exit_on_forward_failure = + options->stdio_forward_host != NULL ? 1 : 0; + if (options->clear_forwardings == -1) + options->clear_forwardings = + options->stdio_forward_host != NULL ? 1 : 0; + if (options->clear_forwardings == 1) + clear_forwardings(options); + if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; if (options->fwd_opts.gateway_ports == -1) @@ -1962,8 +1973,6 @@ fill_default_options(Options * options) } if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; - if (options->clear_forwardings == 1) - clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; if (options->identities_only == -1) @@ -2424,6 +2433,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oCompression, o->compression); dump_cfg_fmtint(oControlMaster, o->control_master); dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); + dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(oForwardAgent, o->forward_agent); diff --git a/ssh.1 b/ssh.1 index 9ed5a5662..4c5ab2157 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.371 2016/05/04 12:21:53 markus Exp $ -.Dd $Mdocdate: May 4 2016 $ +.\" $OpenBSD: ssh.1,v 1.372 2016/06/03 04:09:39 dtucker Exp $ +.Dd $Mdocdate: June 3 2016 $ .Dt SSH 1 .Os .Sh NAME @@ -709,7 +709,10 @@ Implies .Fl T , .Cm ExitOnForwardFailure and -.Cm ClearAllForwardings . +.Cm ClearAllForwardings +although these can be overridden in the configuration file or +.Fl o +command line options. .Pp .It Fl w Xo .Ar local_tun Ns Op : Ns Ar remote_tun diff --git a/ssh.c b/ssh.c index 702631c76..e7d4fd915 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.441 2016/06/03 03:14:41 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.442 2016/06/03 04:09:39 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -782,8 +782,6 @@ main(int ac, char **av) } options.request_tty = REQUEST_TTY_NO; no_shell_flag = 1; - options.clear_forwardings = 1; - options.exit_on_forward_failure = 1; break; case 'q': options.log_level = SYSLOG_LEVEL_QUIET;