upstream: make failures when establishing "Tunnel" forwarding terminate
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
This commit is contained in:
parent
ed833da176
commit
663e84bb53
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.c,v 1.342 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.343 2020/04/03 02:40:32 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -1645,7 +1645,7 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
|
|||
|
||||
char *
|
||||
client_request_tun_fwd(struct ssh *ssh, int tun_mode,
|
||||
int local_tun, int remote_tun)
|
||||
int local_tun, int remote_tun, channel_open_fn *cb, void *cbctx)
|
||||
{
|
||||
Channel *c;
|
||||
int r, fd;
|
||||
|
@ -1673,6 +1673,9 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
|
|||
sys_tun_outfilter, NULL, NULL);
|
||||
#endif
|
||||
|
||||
if (cb != NULL)
|
||||
channel_register_open_confirm(ssh, c->self, cb, cbctx);
|
||||
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "tun@openssh.com")) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, c->self)) != 0 ||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.h,v 1.36 2018/07/09 21:03:30 markus Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.37 2020/04/03 02:40:32 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -46,7 +46,8 @@ int client_x11_get_proto(struct ssh *, const char *, const char *,
|
|||
void client_global_request_reply_fwd(int, u_int32_t, void *);
|
||||
void client_session2_setup(struct ssh *, int, int, int,
|
||||
const char *, struct termios *, int, struct sshbuf *, char **);
|
||||
char *client_request_tun_fwd(struct ssh *, int, int, int);
|
||||
char *client_request_tun_fwd(struct ssh *, int, int, int,
|
||||
channel_open_fn *, void *);
|
||||
void client_stop_mux(void);
|
||||
|
||||
/* Escape filter for protocol 2 sessions */
|
||||
|
|
62
ssh.c
62
ssh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh.c,v 1.522 2020/04/03 02:27:12 dtucker Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.523 2020/04/03 02:40:32 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -197,7 +197,7 @@ struct sshbuf *command;
|
|||
int subsystem_flag = 0;
|
||||
|
||||
/* # of replies received for global requests */
|
||||
static int remote_forward_confirms_received = 0;
|
||||
static int forward_confirms_pending = -1;
|
||||
|
||||
/* mux.c */
|
||||
extern int muxserver_sock;
|
||||
|
@ -1673,6 +1673,16 @@ fork_postauth(void)
|
|||
fatal("daemon() failed: %.200s", strerror(errno));
|
||||
}
|
||||
|
||||
static void
|
||||
forwarding_success(void)
|
||||
{
|
||||
if (forward_confirms_pending > 0 && --forward_confirms_pending == 0) {
|
||||
debug("All forwarding requests processed");
|
||||
if (fork_after_authentication_flag)
|
||||
fork_postauth();
|
||||
}
|
||||
}
|
||||
|
||||
/* Callback for remote forward global requests */
|
||||
static void
|
||||
ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
|
||||
|
@ -1732,11 +1742,7 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
|
|||
"for listen port %d", rfwd->listen_port);
|
||||
}
|
||||
}
|
||||
if (++remote_forward_confirms_received == options.num_remote_forwards) {
|
||||
debug("All remote forwarding requests processed");
|
||||
if (fork_after_authentication_flag)
|
||||
fork_postauth();
|
||||
}
|
||||
forwarding_success();
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1753,6 +1759,19 @@ ssh_stdio_confirm(struct ssh *ssh, int id, int success, void *arg)
|
|||
fatal("stdio forwarding failed");
|
||||
}
|
||||
|
||||
static void
|
||||
ssh_tun_confirm(struct ssh *ssh, int id, int success, void *arg)
|
||||
{
|
||||
if (!success) {
|
||||
error("Tunnel forwarding failed");
|
||||
if (options.exit_on_forward_failure)
|
||||
cleanup_exit(255);
|
||||
}
|
||||
|
||||
debug("%s: tunnel forward established, id=%d", __func__, id);
|
||||
forwarding_success();
|
||||
}
|
||||
|
||||
static void
|
||||
ssh_init_stdio_forwarding(struct ssh *ssh)
|
||||
{
|
||||
|
@ -1816,32 +1835,29 @@ ssh_init_forwarding(struct ssh *ssh, char **ifname)
|
|||
options.remote_forwards[i].connect_path :
|
||||
options.remote_forwards[i].connect_host,
|
||||
options.remote_forwards[i].connect_port);
|
||||
options.remote_forwards[i].handle =
|
||||
if ((options.remote_forwards[i].handle =
|
||||
channel_request_remote_forwarding(ssh,
|
||||
&options.remote_forwards[i]);
|
||||
if (options.remote_forwards[i].handle < 0) {
|
||||
if (options.exit_on_forward_failure)
|
||||
fatal("Could not request remote forwarding.");
|
||||
else
|
||||
logit("Warning: Could not request remote "
|
||||
"forwarding.");
|
||||
} else {
|
||||
&options.remote_forwards[i])) >= 0) {
|
||||
client_register_global_confirm(
|
||||
ssh_confirm_remote_forward,
|
||||
&options.remote_forwards[i]);
|
||||
}
|
||||
forward_confirms_pending++;
|
||||
} else if (options.exit_on_forward_failure)
|
||||
fatal("Could not request remote forwarding.");
|
||||
else
|
||||
logit("Warning: Could not request remote forwarding.");
|
||||
}
|
||||
|
||||
/* Initiate tunnel forwarding. */
|
||||
if (options.tun_open != SSH_TUNMODE_NO) {
|
||||
if ((*ifname = client_request_tun_fwd(ssh,
|
||||
options.tun_open, options.tun_local,
|
||||
options.tun_remote)) == NULL) {
|
||||
if (options.exit_on_forward_failure)
|
||||
fatal("Could not request tunnel forwarding.");
|
||||
else
|
||||
error("Could not request tunnel forwarding.");
|
||||
}
|
||||
options.tun_remote, ssh_tun_confirm, NULL)) != NULL)
|
||||
forward_confirms_pending++;
|
||||
else if (options.exit_on_forward_failure)
|
||||
fatal("Could not request tunnel forwarding.");
|
||||
else
|
||||
error("Could not request tunnel forwarding.");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue