1 files changed, 160 insertions, 39 deletions
diff --git a/ssh.c b/ssh.c
index 0afeb3b3a..ab3c33d87 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.335 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -79,6 +79,7 @@
 #include "ssh.h"
 #include "ssh1.h"
 #include "ssh2.h"
+#include "canohost.h"
 #include "compat.h"
 #include "cipher.h"
 #include "packet.h"
@@ -127,6 +128,15 @@ int no_shell_flag = 0;
 int stdin_null_flag = 0;
 /*
+ * Flag indicating that the current process should be backgrounded and
+ * a new slave launched in the foreground for ControlPersist.
+ */
+int need_controlpersist_detach = 0;
+/* Copies of flags for ControlPersist foreground slave */
+int ostdin_null_flag, ono_shell_flag, ono_tty_flag, otty_flag;
+/*
 * Flag indicating that ssh should fork after authentication.  This is useful
 * so that the passphrase can be entered manually, and then ssh goes to the
 * background.
@@ -228,6 +238,12 @@ main(int ac, char **av)
        init_rng();
        /*
+         * Discard other fds that are hanging around. These can cause problem
+         * with backgrounded ssh processes started by ControlPersist.
+         */
+        closefrom(STDERR_FILENO + 1);
+        /*
         * Save the original real uid.  It will be needed later (uid-swapping
         * may clobber the real uid).
         */
@@ -327,6 +343,8 @@ main(int ac, char **av)
                                fatal("Multiplexing command already specified");
                        if (strcmp(optarg, "check") == 0)
                                muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK;
+                        else if (strcmp(optarg, "forward") == 0)
+                                muxclient_command = SSHMUX_COMMAND_FORWARD;
                        else if (strcmp(optarg, "exit") == 0)
                                muxclient_command = SSHMUX_COMMAND_TERMINATE;
                        else
@@ -620,7 +638,7 @@ main(int ac, char **av)
                tty_flag = 1;
        /* Force no tty */
-        if (no_tty_flag)
+        if (no_tty_flag || muxclient_command != 0)
                tty_flag = 0;
        /* Do not allocate a tty if stdin is not a tty. */
        if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) {
@@ -676,6 +694,11 @@ main(int ac, char **av)
                options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
        }
+        if (options.hostname != NULL) {
+                host = percent_expand(options.hostname,
+                    "h", host, (char *)NULL);
+        }
        if (options.local_command != NULL) {
                char thishost[NI_MAXHOST];
@@ -685,16 +708,12 @@ main(int ac, char **av)
                debug3("expanding LocalCommand: %s", options.local_command);
                cp = options.local_command;
                options.local_command = percent_expand(cp, "d", pw->pw_dir,
-                    "h", options.hostname? options.hostname : host,
+                    "h", host, "l", thishost, "n", host, "r", options.user,
-                    "l", thishost, "n", host, "r", options.user, "p", buf,
+                    "p", buf, "u", pw->pw_name, (char *)NULL);
-                    "u", pw->pw_name, (char *)NULL);
                debug3("expanded LocalCommand: %s", options.local_command);
                xfree(cp);
        }
-        if (options.hostname != NULL)
-                host = options.hostname;
        /* force lowercase for hostkey matching */
        if (options.host_key_alias != NULL) {
                for (p = options.host_key_alias; *p; p++)
@@ -761,26 +780,34 @@ main(int ac, char **av)
        sensitive_data.external_keysign = 0;
        if (options.rhosts_rsa_authentication ||
            options.hostbased_authentication) {
-                sensitive_data.nkeys = 3;
+                sensitive_data.nkeys = 5;
                sensitive_data.keys = xcalloc(sensitive_data.nkeys,
                    sizeof(Key));
                PRIV_START;
                sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
                    _PATH_HOST_KEY_FILE, "", NULL, NULL);
-                sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
+                sensitive_data.keys[1] = key_load_private_cert(KEY_DSA,
+                    _PATH_HOST_DSA_KEY_FILE, "", NULL);
+                sensitive_data.keys[2] = key_load_private_cert(KEY_RSA,
+                    _PATH_HOST_RSA_KEY_FILE, "", NULL);
+                sensitive_data.keys[3] = key_load_private_type(KEY_DSA,
                    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
-                sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
+                sensitive_data.keys[4] = key_load_private_type(KEY_RSA,
                    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
                PRIV_END;
                if (options.hostbased_authentication == 1 &&
                    sensitive_data.keys[0] == NULL &&
-                    sensitive_data.keys[1] == NULL &&
+                    sensitive_data.keys[3] == NULL &&
-                    sensitive_data.keys[2] == NULL) {
+                    sensitive_data.keys[4] == NULL) {
-                        sensitive_data.keys[1] = key_load_public(
+                        sensitive_data.keys[1] = key_load_cert(
+                            _PATH_HOST_DSA_KEY_FILE);
+                        sensitive_data.keys[2] = key_load_cert(
+                            _PATH_HOST_RSA_KEY_FILE);
+                        sensitive_data.keys[3] = key_load_public(
                            _PATH_HOST_DSA_KEY_FILE, NULL);
-                        sensitive_data.keys[2] = key_load_public(
+                        sensitive_data.keys[4] = key_load_public(
                            _PATH_HOST_RSA_KEY_FILE, NULL);
                        sensitive_data.external_keysign = 1;
                }
@@ -827,6 +854,13 @@ main(int ac, char **av)
        ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
            pw, timeout_ms);
+        if (packet_connection_is_on_socket()) {
+                verbose("Authenticated to %s ([%s]:%d).", host,
+                    get_remote_ipaddr(), get_remote_port());
+        } else {
+                verbose("Authenticated to %s (via proxy).", host);
+        }
        /* We no longer need the private host keys.  Clear them now. */
        if (sensitive_data.nkeys != 0) {
                for (i = 0; i < sensitive_data.nkeys; i++) {
@@ -866,6 +900,61 @@ main(int ac, char **av)
        return exit_status;
 }
+static void
+control_persist_detach(void)
+{
+        pid_t pid;
+        int devnull;
+        debug("%s: backgrounding master process", __func__);
+        /*
+         * master (current process) into the background, and make the
+         * foreground process a client of the backgrounded master.
+         */
+        switch ((pid = fork())) {
+        case -1:
+                fatal("%s: fork: %s", __func__, strerror(errno));
+        case 0:
+                /* Child: master process continues mainloop */
+                break;
+        default:
+                /* Parent: set up mux slave to connect to backgrounded master */
+                debug2("%s: background process is %ld", __func__, (long)pid);
+                stdin_null_flag = ostdin_null_flag;
+                no_shell_flag = ono_shell_flag;
+                no_tty_flag = ono_tty_flag;
+                tty_flag = otty_flag;
+                close(muxserver_sock);
+                muxserver_sock = -1;
+                muxclient(options.control_path);
+                /* muxclient() doesn't return on success. */
+                fatal("Failed to connect to new control master");
+        }
+        if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+                error("%s: open(\"/dev/null\"): %s", __func__,
+                    strerror(errno));
+        } else {
+                if (dup2(devnull, STDIN_FILENO) == -1 ||
+                    dup2(devnull, STDOUT_FILENO) == -1)
+                        error("%s: dup2: %s", __func__, strerror(errno));
+                if (devnull > STDERR_FILENO)
+                        close(devnull);
+        }
+}
+/* Do fork() after authentication. Used by "ssh -f" */
+static void
+fork_postauth(void)
+{
+        if (need_controlpersist_detach)
+                control_persist_detach();
+        debug("forking to background");
+        fork_after_authentication_flag = 0;
+        if (daemon(1, 1) < 0)
+                fatal("daemon() failed: %.200s", strerror(errno));
+}
 /* Callback for remote forward global requests */
 static void
 ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
@@ -877,9 +966,10 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
            type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
            rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
        if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) {
+                rfwd->allocated_port = packet_get_int();
                logit("Allocated port %u for remote forward to %s:%d",
-                        packet_get_int(),
+                    rfwd->allocated_port,
-                        rfwd->connect_host, rfwd->connect_port);
+                    rfwd->connect_host, rfwd->connect_port);
        }
        
        if (type == SSH2_MSG_REQUEST_FAILURE) {
@@ -892,12 +982,8 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
        }
        if (++remote_forward_confirms_received == options.num_remote_forwards) {
                debug("All remote forwarding requests processed");
-                if (fork_after_authentication_flag) {
+                if (fork_after_authentication_flag)
-                        fork_after_authentication_flag = 0;
+                        fork_postauth();
-                        if (daemon(1, 1) < 0)
-                                fatal("daemon() failed: %.200s",
-                                    strerror(errno));
-                }
        }
 }
@@ -1093,7 +1179,9 @@ ssh_session(void)
                char *proto, *data;
                /* Get reasonable local authentication information. */
                client_x11_get_proto(display, options.xauth_location,
-                    options.forward_x11_trusted, &proto, &data);
+                    options.forward_x11_trusted, 
+                    options.forward_x11_timeout,
+                    &proto, &data);
                /* Request forwarding with authentication spoofing. */
                debug("Requesting X11 forwarding with authentication "
                    "spoofing.");
@@ -1139,12 +1227,13 @@ ssh_session(void)
         * If requested and we are not interested in replies to remote
         * forwarding requests, then let ssh continue in the background.
         */
-        if (fork_after_authentication_flag &&
+        if (fork_after_authentication_flag) {
-            (!options.exit_on_forward_failure ||
+                if (options.exit_on_forward_failure &&
-            options.num_remote_forwards == 0)) {
+                    options.num_remote_forwards > 0) {
-                fork_after_authentication_flag = 0;
+                        debug("deferring postauth fork until remote forward "
-                if (daemon(1, 1) < 0)
+                            "confirmation received");
-                        fatal("daemon() failed: %.200s", strerror(errno));
+                } else
+                        fork_postauth();
        }
        /*
@@ -1175,18 +1264,22 @@ ssh_session(void)
 /* request pty/x11/agent/tcpfwd/shell for channel */
 static void
-ssh_session2_setup(int id, void *arg)
+ssh_session2_setup(int id, int success, void *arg)
 {
        extern char **environ;
        const char *display;
        int interactive = tty_flag;
+        if (!success)
+                return; /* No need for error message, channels code sens one */
        display = getenv("DISPLAY");
        if (options.forward_x11 && display != NULL) {
                char *proto, *data;
                /* Get reasonable local authentication information. */
                client_x11_get_proto(display, options.xauth_location,
-                    options.forward_x11_trusted, &proto, &data);
+                    options.forward_x11_trusted,
+                    options.forward_x11_timeout, &proto, &data);
                /* Request forwarding with authentication spoofing. */
                debug("Requesting X11 forwarding with authentication "
                    "spoofing.");
@@ -1263,6 +1356,31 @@ ssh_session2(void)
        /* XXX should be pre-session */
        ssh_init_forwarding();
+        /* Start listening for multiplex clients */
+        muxserver_listen();
+        /*
+         * If we are in control persist mode, then prepare to background
+         * ourselves and have a foreground client attach as a control
+         * slave. NB. we must save copies of the flags that we override for
+         * the backgrounding, since we defer attachment of the slave until
+         * after the connection is fully established (in particular,
+         * async rfwd replies have been received for ExitOnForwardFailure).
+         */
+        if (options.control_persist && muxserver_sock != -1) {
+                ostdin_null_flag = stdin_null_flag;
+                ono_shell_flag = no_shell_flag;
+                ono_tty_flag = no_tty_flag;
+                otty_flag = tty_flag;
+                stdin_null_flag = 1;
+                no_shell_flag = 1;
+                no_tty_flag = 1;
+                tty_flag = 0;
+                if (!fork_after_authentication_flag)
+                        need_controlpersist_detach = 1;
+                fork_after_authentication_flag = 1;
+        }
        if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
                id = ssh_session2_open();
@@ -1281,14 +1399,17 @@ ssh_session2(void)
            options.permit_local_command)
                ssh_local_cmd(options.local_command);
-        /* Start listening for multiplex clients */
+        /*
-        muxserver_listen();
+         * If requested and we are not interested in replies to remote
+         * forwarding requests, then let ssh continue in the background.
-        /* If requested, let ssh continue in the background. */
+         */
        if (fork_after_authentication_flag) {
-                fork_after_authentication_flag = 0;
+                if (options.exit_on_forward_failure &&
-                if (daemon(1, 1) < 0)
+                    options.num_remote_forwards > 0) {
-                        fatal("daemon() failed: %.200s", strerror(errno));
+                        debug("deferring postauth fork until remote forward "
+                            "confirmation received");
+                } else
+                        fork_postauth();
        }
        if (options.use_roaming)

diff --git a/ssh.c b/ssh.c index 0afeb3b3a..ab3c33d87 100644 --- a/ssh.c +++ b/ssh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.c,v 1.335 2010/02/26 20:29:54 djm Exp $ */	1	/* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -79,6 +79,7 @@
79	#include "ssh.h"	79	#include "ssh.h"
80	#include "ssh1.h"	80	#include "ssh1.h"
81	#include "ssh2.h"	81	#include "ssh2.h"
		82	#include "canohost.h"
82	#include "compat.h"	83	#include "compat.h"
83	#include "cipher.h"	84	#include "cipher.h"
84	#include "packet.h"	85	#include "packet.h"
@@ -127,6 +128,15 @@ int no_shell_flag = 0;
127	int stdin_null_flag = 0;	128	int stdin_null_flag = 0;
128		129
129	/*	130	/*
		131	* Flag indicating that the current process should be backgrounded and
		132	* a new slave launched in the foreground for ControlPersist.
		133	*/
		134	int need_controlpersist_detach = 0;
		135
		136	/* Copies of flags for ControlPersist foreground slave */
		137	int ostdin_null_flag, ono_shell_flag, ono_tty_flag, otty_flag;
		138
		139	/*
130	* Flag indicating that ssh should fork after authentication. This is useful	140	* Flag indicating that ssh should fork after authentication. This is useful
131	* so that the passphrase can be entered manually, and then ssh goes to the	141	* so that the passphrase can be entered manually, and then ssh goes to the
132	* background.	142	* background.
@@ -228,6 +238,12 @@ main(int ac, char **av)
228	init_rng();	238	init_rng();
229		239
230	/*	240	/*
		241	* Discard other fds that are hanging around. These can cause problem
		242	* with backgrounded ssh processes started by ControlPersist.
		243	*/
		244	closefrom(STDERR_FILENO + 1);
		245
		246	/*
231	* Save the original real uid. It will be needed later (uid-swapping	247	* Save the original real uid. It will be needed later (uid-swapping
232	* may clobber the real uid).	248	* may clobber the real uid).
233	*/	249	*/
@@ -327,6 +343,8 @@ main(int ac, char **av)
327	fatal("Multiplexing command already specified");	343	fatal("Multiplexing command already specified");
328	if (strcmp(optarg, "check") == 0)	344	if (strcmp(optarg, "check") == 0)
329	muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK;	345	muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK;
		346	else if (strcmp(optarg, "forward") == 0)
		347	muxclient_command = SSHMUX_COMMAND_FORWARD;
330	else if (strcmp(optarg, "exit") == 0)	348	else if (strcmp(optarg, "exit") == 0)
331	muxclient_command = SSHMUX_COMMAND_TERMINATE;	349	muxclient_command = SSHMUX_COMMAND_TERMINATE;
332	else	350	else
@@ -620,7 +638,7 @@ main(int ac, char **av)
620	tty_flag = 1;	638	tty_flag = 1;
621		639
622	/* Force no tty */	640	/* Force no tty */
623	if (no_tty_flag)	641	if (no_tty_flag \|\| muxclient_command != 0)
624	tty_flag = 0;	642	tty_flag = 0;
625	/* Do not allocate a tty if stdin is not a tty. */	643	/* Do not allocate a tty if stdin is not a tty. */
626	if ((!isatty(fileno(stdin)) \|\| stdin_null_flag) && !force_tty_flag) {	644	if ((!isatty(fileno(stdin)) \|\| stdin_null_flag) && !force_tty_flag) {
@@ -676,6 +694,11 @@ main(int ac, char **av)
676	options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;	694	options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
677	}	695	}
678		696
		697	if (options.hostname != NULL) {
		698	host = percent_expand(options.hostname,
		699	"h", host, (char *)NULL);
		700	}
		701
679	if (options.local_command != NULL) {	702	if (options.local_command != NULL) {
680	char thishost[NI_MAXHOST];	703	char thishost[NI_MAXHOST];
681		704
@@ -685,16 +708,12 @@ main(int ac, char **av)
685	debug3("expanding LocalCommand: %s", options.local_command);	708	debug3("expanding LocalCommand: %s", options.local_command);
686	cp = options.local_command;	709	cp = options.local_command;
687	options.local_command = percent_expand(cp, "d", pw->pw_dir,	710	options.local_command = percent_expand(cp, "d", pw->pw_dir,
688	"h", options.hostname? options.hostname : host,	711	"h", host, "l", thishost, "n", host, "r", options.user,
689	"l", thishost, "n", host, "r", options.user, "p", buf,	712	"p", buf, "u", pw->pw_name, (char *)NULL);
690	"u", pw->pw_name, (char *)NULL);
691	debug3("expanded LocalCommand: %s", options.local_command);	713	debug3("expanded LocalCommand: %s", options.local_command);
692	xfree(cp);	714	xfree(cp);
693	}	715	}
694		716
695	if (options.hostname != NULL)
696	host = options.hostname;
697
698	/* force lowercase for hostkey matching */	717	/* force lowercase for hostkey matching */
699	if (options.host_key_alias != NULL) {	718	if (options.host_key_alias != NULL) {
700	for (p = options.host_key_alias; *p; p++)	719	for (p = options.host_key_alias; *p; p++)
@@ -761,26 +780,34 @@ main(int ac, char **av)
761	sensitive_data.external_keysign = 0;	780	sensitive_data.external_keysign = 0;
762	if (options.rhosts_rsa_authentication \|\|	781	if (options.rhosts_rsa_authentication \|\|
763	options.hostbased_authentication) {	782	options.hostbased_authentication) {
764	sensitive_data.nkeys = 3;	783	sensitive_data.nkeys = 5;
765	sensitive_data.keys = xcalloc(sensitive_data.nkeys,	784	sensitive_data.keys = xcalloc(sensitive_data.nkeys,
766	sizeof(Key));	785	sizeof(Key));
767		786
768	PRIV_START;	787	PRIV_START;
769	sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,	788	sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
770	_PATH_HOST_KEY_FILE, "", NULL, NULL);	789	_PATH_HOST_KEY_FILE, "", NULL, NULL);
771	sensitive_data.keys[1] = key_load_private_type(KEY_DSA,	790	sensitive_data.keys[1] = key_load_private_cert(KEY_DSA,
		791	_PATH_HOST_DSA_KEY_FILE, "", NULL);
		792	sensitive_data.keys[2] = key_load_private_cert(KEY_RSA,
		793	_PATH_HOST_RSA_KEY_FILE, "", NULL);
		794	sensitive_data.keys[3] = key_load_private_type(KEY_DSA,
772	_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);	795	_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
773	sensitive_data.keys[2] = key_load_private_type(KEY_RSA,	796	sensitive_data.keys[4] = key_load_private_type(KEY_RSA,
774	_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);	797	_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
775	PRIV_END;	798	PRIV_END;
776		799
777	if (options.hostbased_authentication == 1 &&	800	if (options.hostbased_authentication == 1 &&
778	sensitive_data.keys[0] == NULL &&	801	sensitive_data.keys[0] == NULL &&
779	sensitive_data.keys[1] == NULL &&	802	sensitive_data.keys[3] == NULL &&
780	sensitive_data.keys[2] == NULL) {	803	sensitive_data.keys[4] == NULL) {
781	sensitive_data.keys[1] = key_load_public(	804	sensitive_data.keys[1] = key_load_cert(
		805	_PATH_HOST_DSA_KEY_FILE);
		806	sensitive_data.keys[2] = key_load_cert(
		807	_PATH_HOST_RSA_KEY_FILE);
		808	sensitive_data.keys[3] = key_load_public(
782	_PATH_HOST_DSA_KEY_FILE, NULL);	809	_PATH_HOST_DSA_KEY_FILE, NULL);
783	sensitive_data.keys[2] = key_load_public(	810	sensitive_data.keys[4] = key_load_public(
784	_PATH_HOST_RSA_KEY_FILE, NULL);	811	_PATH_HOST_RSA_KEY_FILE, NULL);
785	sensitive_data.external_keysign = 1;	812	sensitive_data.external_keysign = 1;
786	}	813	}
@@ -827,6 +854,13 @@ main(int ac, char **av)
827	ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,	854	ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
828	pw, timeout_ms);	855	pw, timeout_ms);
829		856
		857	if (packet_connection_is_on_socket()) {
		858	verbose("Authenticated to %s ([%s]:%d).", host,
		859	get_remote_ipaddr(), get_remote_port());
		860	} else {
		861	verbose("Authenticated to %s (via proxy).", host);
		862	}
		863
830	/* We no longer need the private host keys. Clear them now. */	864	/* We no longer need the private host keys. Clear them now. */
831	if (sensitive_data.nkeys != 0) {	865	if (sensitive_data.nkeys != 0) {
832	for (i = 0; i < sensitive_data.nkeys; i++) {	866	for (i = 0; i < sensitive_data.nkeys; i++) {
@@ -866,6 +900,61 @@ main(int ac, char **av)
866	return exit_status;	900	return exit_status;
867	}	901	}
868		902
		903	static void
		904	control_persist_detach(void)
		905	{
		906	pid_t pid;
		907	int devnull;
		908
		909	debug("%s: backgrounding master process", __func__);
		910
		911	/*
		912	* master (current process) into the background, and make the
		913	* foreground process a client of the backgrounded master.
		914	*/
		915	switch ((pid = fork())) {
		916	case -1:
		917	fatal("%s: fork: %s", __func__, strerror(errno));
		918	case 0:
		919	/* Child: master process continues mainloop */
		920	break;
		921	default:
		922	/* Parent: set up mux slave to connect to backgrounded master */
		923	debug2("%s: background process is %ld", __func__, (long)pid);
		924	stdin_null_flag = ostdin_null_flag;
		925	no_shell_flag = ono_shell_flag;
		926	no_tty_flag = ono_tty_flag;
		927	tty_flag = otty_flag;
		928	close(muxserver_sock);
		929	muxserver_sock = -1;
		930	muxclient(options.control_path);
		931	/* muxclient() doesn't return on success. */
		932	fatal("Failed to connect to new control master");
		933	}
		934	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
		935	error("%s: open(\"/dev/null\"): %s", __func__,
		936	strerror(errno));
		937	} else {
		938	if (dup2(devnull, STDIN_FILENO) == -1 \|\|
		939	dup2(devnull, STDOUT_FILENO) == -1)
		940	error("%s: dup2: %s", __func__, strerror(errno));
		941	if (devnull > STDERR_FILENO)
		942	close(devnull);
		943	}
		944	}
		945
		946	/* Do fork() after authentication. Used by "ssh -f" */
		947	static void
		948	fork_postauth(void)
		949	{
		950	if (need_controlpersist_detach)
		951	control_persist_detach();
		952	debug("forking to background");
		953	fork_after_authentication_flag = 0;
		954	if (daemon(1, 1) < 0)
		955	fatal("daemon() failed: %.200s", strerror(errno));
		956	}
		957
869	/* Callback for remote forward global requests */	958	/* Callback for remote forward global requests */
870	static void	959	static void
871	ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)	960	ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
@@ -877,9 +966,10 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
877	type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",	966	type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
878	rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);	967	rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
879	if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) {	968	if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) {
		969	rfwd->allocated_port = packet_get_int();
880	logit("Allocated port %u for remote forward to %s:%d",	970	logit("Allocated port %u for remote forward to %s:%d",
881	packet_get_int(),	971	rfwd->allocated_port,
882	rfwd->connect_host, rfwd->connect_port);	972	rfwd->connect_host, rfwd->connect_port);
883	}	973	}
884		974
885	if (type == SSH2_MSG_REQUEST_FAILURE) {	975	if (type == SSH2_MSG_REQUEST_FAILURE) {
@@ -892,12 +982,8 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
892	}	982	}
893	if (++remote_forward_confirms_received == options.num_remote_forwards) {	983	if (++remote_forward_confirms_received == options.num_remote_forwards) {
894	debug("All remote forwarding requests processed");	984	debug("All remote forwarding requests processed");
895	if (fork_after_authentication_flag) {	985	if (fork_after_authentication_flag)
896	fork_after_authentication_flag = 0;	986	fork_postauth();
897	if (daemon(1, 1) < 0)
898	fatal("daemon() failed: %.200s",
899	strerror(errno));
900	}
901	}	987	}
902	}	988	}
903		989
@@ -1093,7 +1179,9 @@ ssh_session(void)
1093	char proto, data;	1179	char proto, data;
1094	/* Get reasonable local authentication information. */	1180	/* Get reasonable local authentication information. */
1095	client_x11_get_proto(display, options.xauth_location,	1181	client_x11_get_proto(display, options.xauth_location,
1096	options.forward_x11_trusted, &proto, &data);	1182	options.forward_x11_trusted,
		1183	options.forward_x11_timeout,
		1184	&proto, &data);
1097	/* Request forwarding with authentication spoofing. */	1185	/* Request forwarding with authentication spoofing. */
1098	debug("Requesting X11 forwarding with authentication "	1186	debug("Requesting X11 forwarding with authentication "
1099	"spoofing.");	1187	"spoofing.");
@@ -1139,12 +1227,13 @@ ssh_session(void)
1139	* If requested and we are not interested in replies to remote	1227	* If requested and we are not interested in replies to remote
1140	* forwarding requests, then let ssh continue in the background.	1228	* forwarding requests, then let ssh continue in the background.
1141	*/	1229	*/
1142	if (fork_after_authentication_flag &&	1230	if (fork_after_authentication_flag) {
1143	(!options.exit_on_forward_failure \|\|	1231	if (options.exit_on_forward_failure &&
1144	options.num_remote_forwards == 0)) {	1232	options.num_remote_forwards > 0) {
1145	fork_after_authentication_flag = 0;	1233	debug("deferring postauth fork until remote forward "
1146	if (daemon(1, 1) < 0)	1234	"confirmation received");
1147	fatal("daemon() failed: %.200s", strerror(errno));	1235	} else
		1236	fork_postauth();
1148	}	1237	}
1149		1238
1150	/*	1239	/*
@@ -1175,18 +1264,22 @@ ssh_session(void)
1175		1264
1176	/* request pty/x11/agent/tcpfwd/shell for channel */	1265	/* request pty/x11/agent/tcpfwd/shell for channel */
1177	static void	1266	static void
1178	ssh_session2_setup(int id, void *arg)	1267	ssh_session2_setup(int id, int success, void *arg)
1179	{	1268	{
1180	extern char **environ;	1269	extern char **environ;
1181	const char *display;	1270	const char *display;
1182	int interactive = tty_flag;	1271	int interactive = tty_flag;
1183		1272
		1273	if (!success)
		1274	return; /* No need for error message, channels code sens one */
		1275
1184	display = getenv("DISPLAY");	1276	display = getenv("DISPLAY");
1185	if (options.forward_x11 && display != NULL) {	1277	if (options.forward_x11 && display != NULL) {
1186	char proto, data;	1278	char proto, data;
1187	/* Get reasonable local authentication information. */	1279	/* Get reasonable local authentication information. */
1188	client_x11_get_proto(display, options.xauth_location,	1280	client_x11_get_proto(display, options.xauth_location,
1189	options.forward_x11_trusted, &proto, &data);	1281	options.forward_x11_trusted,
		1282	options.forward_x11_timeout, &proto, &data);
1190	/* Request forwarding with authentication spoofing. */	1283	/* Request forwarding with authentication spoofing. */
1191	debug("Requesting X11 forwarding with authentication "	1284	debug("Requesting X11 forwarding with authentication "
1192	"spoofing.");	1285	"spoofing.");
@@ -1263,6 +1356,31 @@ ssh_session2(void)
1263	/* XXX should be pre-session */	1356	/* XXX should be pre-session */
1264	ssh_init_forwarding();	1357	ssh_init_forwarding();
1265		1358
		1359	/* Start listening for multiplex clients */
		1360	muxserver_listen();
		1361
		1362	/*
		1363	* If we are in control persist mode, then prepare to background
		1364	* ourselves and have a foreground client attach as a control
		1365	* slave. NB. we must save copies of the flags that we override for
		1366	* the backgrounding, since we defer attachment of the slave until
		1367	* after the connection is fully established (in particular,
		1368	* async rfwd replies have been received for ExitOnForwardFailure).
		1369	*/
		1370	if (options.control_persist && muxserver_sock != -1) {
		1371	ostdin_null_flag = stdin_null_flag;
		1372	ono_shell_flag = no_shell_flag;
		1373	ono_tty_flag = no_tty_flag;
		1374	otty_flag = tty_flag;
		1375	stdin_null_flag = 1;
		1376	no_shell_flag = 1;
		1377	no_tty_flag = 1;
		1378	tty_flag = 0;
		1379	if (!fork_after_authentication_flag)
		1380	need_controlpersist_detach = 1;
		1381	fork_after_authentication_flag = 1;
		1382	}
		1383
1266	if (!no_shell_flag \|\| (datafellows & SSH_BUG_DUMMYCHAN))	1384	if (!no_shell_flag \|\| (datafellows & SSH_BUG_DUMMYCHAN))
1267	id = ssh_session2_open();	1385	id = ssh_session2_open();
1268		1386
@@ -1281,14 +1399,17 @@ ssh_session2(void)
1281	options.permit_local_command)	1399	options.permit_local_command)
1282	ssh_local_cmd(options.local_command);	1400	ssh_local_cmd(options.local_command);
1283		1401
1284	/* Start listening for multiplex clients */	1402	/*
1285	muxserver_listen();	1403	* If requested and we are not interested in replies to remote
1286		1404	* forwarding requests, then let ssh continue in the background.
1287	/* If requested, let ssh continue in the background. */	1405	*/
1288	if (fork_after_authentication_flag) {	1406	if (fork_after_authentication_flag) {
1289	fork_after_authentication_flag = 0;	1407	if (options.exit_on_forward_failure &&
1290	if (daemon(1, 1) < 0)	1408	options.num_remote_forwards > 0) {
1291	fatal("daemon() failed: %.200s", strerror(errno));	1409	debug("deferring postauth fork until remote forward "
		1410	"confirmation received");
		1411	} else
		1412	fork_postauth();
1292	}	1413	}
1293		1414
1294	if (options.use_roaming)	1415	if (options.use_roaming)