From 7ceddc84c146f3a340a37b17fe6e6352f80633f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 8 Jul 2020 12:24:53 +0200
Subject: [PATCH 1/2] sss_ssh_knownhostsproxy: print error when unable to
 connect

This was partial fixed by:
9a7b04690e30fc57dce45c82b918b8d95b978df1

Now we print error also when we are unable to open the socket.

How to test:
```
$ ssh -oProxyCommand="/usr/bin/sss_ssh_knownhostsproxy -p 22 nonexistenthost" -oGlobalKnownHostsFile=/var/lib/sss/pubconf/known_hosts nonexistenthost
$ ssh -oProxyCommand="/usr/bin/sss_ssh_knownhostsproxy -p 22 localhost" -oGlobalKnownHostsFile=/var/lib/sss/pubconf/known_hosts localhost
```

(assuming `localhost` does not run ssh server)

Resolves:
https://github.com/SSSD/sssd/issues/5236
---
 src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
index 051f51c382..f5122333fc 100644
--- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
+++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
@@ -311,20 +311,27 @@ int main(int argc, const char **argv)
         ret = connect_proxy_command(discard_const(pc_args));
     } else if (ai) {
         /* Try all IP addresses before giving up */
+        int socket_descriptor = -1;
         for (struct addrinfo *ti = ai; ti != NULL; ti = ti->ai_next) {
-            int socket_descriptor = -1;
             ret = connect_socket(ti->ai_family, ti->ai_addr, ti->ai_addrlen,
                                  &socket_descriptor);
-            if (ret == 0) {
-                ret = proxy_data(socket_descriptor);
+            if (ret == EOK) {
                 break;
             }
         }
+
+        if (ret == EOK) {
+            ret = proxy_data(socket_descriptor);
+        } else {
+            ERROR("sss_ssh_knownhostsproxy: connect to host %s port %d: "
+                  "%s\n", pc_host, pc_port, strerror(ret));
+        }
     } else {
         ERROR("sss_ssh_knownhostsproxy: Could not resolve hostname %s\n",
               pc_host);
         ret = EFAULT;
     }
+
     ret = (ret == EOK) ? EXIT_SUCCESS : EXIT_FAILURE;
 
 fini:

From 659179b9ef9091087431ea0651bb9d176b23726b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 16 Jul 2020 22:53:21 +0200
Subject: [PATCH 2/2] sss_ssh_knownhostsproxy: print error when unable to proxy
 data

---
 src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
index f5122333fc..ad6af81d88 100644
--- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
+++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
@@ -322,6 +322,10 @@ int main(int argc, const char **argv)
 
         if (ret == EOK) {
             ret = proxy_data(socket_descriptor);
+            if (ret != EOK) {
+                ERROR("sss_ssh_knownhostsproxy: unable to proxy data: "
+                      "%s\n", strerror(ret));
+            }
         } else {
             ERROR("sss_ssh_knownhostsproxy: connect to host %s port %d: "
                   "%s\n", pc_host, pc_port, strerror(ret));