changeset 1840:5c13e765ddbd

Only redirect stderr after the session login. That lets errors get recorded on the server parent side, rather than being sent over a SSH connection.
author Matt Johnston <matt@ucc.asn.au>
date Mon, 18 Oct 2021 23:20:08 +0800
parents ce17be95a42a
children d757f48ae29f
files svr-chansession.c
diffstat 1 files changed, 12 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/svr-chansession.c	Mon Oct 18 15:17:14 2021 +0800
+++ b/svr-chansession.c	Mon Oct 18 23:20:08 2021 +0800
@@ -841,20 +841,28 @@
 		pty_make_controlling_tty(&chansess->slave, chansess->tty);
 		
 		if ((dup2(chansess->slave, STDIN_FILENO) < 0) ||
-			(dup2(chansess->slave, STDERR_FILENO) < 0) ||
 			(dup2(chansess->slave, STDOUT_FILENO) < 0)) {
 			TRACE(("leave ptycommand: error redirecting filedesc"))
 			return DROPBEAR_FAILURE;
 			}
 
-		close(chansess->slave);
-
 		/* write the utmp/wtmp login record - must be after changing the
-		 * terminal used for stdout with the dup2 above */
+		 * terminal used for stdout with the dup2 above, otherwise
+		 * the wtmp login will not be recorded */
 		li = chansess_login_alloc(chansess);
 		login_login(li);
+		dropbear_log(LOG_WARNING, "bad thing happened");
 		login_free_entry(li);
 
+		/* Can now dup2 stderr. Messages from login_login() have gone
+		to the parent stderr */
+		if (dup2(chansess->slave, STDERR_FILENO) < 0) {
+			TRACE(("leave ptycommand: error redirecting filedesc"))
+			return DROPBEAR_FAILURE;
+		}
+
+		close(chansess->slave);
+
 #if DO_MOTD
 		if (svr_opts.domotd && !chansess->cmd) {
 			/* don't show the motd if ~/.hushlogin exists */