| version 1.186, 2002/09/19 01:58:18 |
version 1.186.2.2, 2003/09/16 21:20:28 |
|
|
| |
|
| extern char *__progname; |
extern char *__progname; |
| |
|
| /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
|
| Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
|
| int IPv4or6 = AF_UNSPEC; |
|
| |
|
| /* Flag indicating whether debug mode is on. This can be set on the command line. */ |
/* Flag indicating whether debug mode is on. This can be set on the command line. */ |
| int debug_flag = 0; |
int debug_flag = 0; |
| |
|
|
|
| _PATH_SSH_USER_CONFFILE); |
_PATH_SSH_USER_CONFFILE); |
| fprintf(stderr, " -A Enable authentication agent forwarding.\n"); |
fprintf(stderr, " -A Enable authentication agent forwarding.\n"); |
| fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); |
fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); |
| #ifdef AFS |
|
| fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); |
|
| #endif /* AFS */ |
|
| fprintf(stderr, " -X Enable X11 connection forwarding.\n"); |
fprintf(stderr, " -X Enable X11 connection forwarding.\n"); |
| fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); |
fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); |
| fprintf(stderr, " -i file Identity for public key authentication " |
fprintf(stderr, " -i file Identity for public key authentication " |
|
|
| /* Get user data. */ |
/* Get user data. */ |
| pw = getpwuid(original_real_uid); |
pw = getpwuid(original_real_uid); |
| if (!pw) { |
if (!pw) { |
| log("You don't exist, go away!"); |
logit("You don't exist, go away!"); |
| exit(1); |
exit(1); |
| } |
} |
| /* Take a copy of the returned structure. */ |
/* Take a copy of the returned structure. */ |
|
|
| options.protocol = SSH_PROTO_2; |
options.protocol = SSH_PROTO_2; |
| break; |
break; |
| case '4': |
case '4': |
| IPv4or6 = AF_INET; |
options.address_family = AF_INET; |
| break; |
break; |
| case '6': |
case '6': |
| IPv4or6 = AF_INET6; |
options.address_family = AF_INET6; |
| break; |
break; |
| case 'n': |
case 'n': |
| stdin_null_flag = 1; |
stdin_null_flag = 1; |
|
|
| case 'A': |
case 'A': |
| options.forward_agent = 1; |
options.forward_agent = 1; |
| break; |
break; |
| #ifdef AFS |
|
| case 'k': |
case 'k': |
| options.kerberos_tgt_passing = 0; |
/* ignored for backward compatibility */ |
| options.afs_token_passing = 0; |
|
| break; |
break; |
| #endif |
|
| case 'i': |
case 'i': |
| if (stat(optarg, &st) < 0) { |
if (stat(optarg, &st) < 0) { |
| fprintf(stderr, "Warning: Identity file %s " |
fprintf(stderr, "Warning: Identity file %s " |
|
|
| tty_flag = 1; |
tty_flag = 1; |
| break; |
break; |
| case 'v': |
case 'v': |
| if (0 == debug_flag) { |
if (debug_flag == 0) { |
| debug_flag = 1; |
debug_flag = 1; |
| options.log_level = SYSLOG_LEVEL_DEBUG1; |
options.log_level = SYSLOG_LEVEL_DEBUG1; |
| } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) { |
} else { |
| options.log_level++; |
if (options.log_level < SYSLOG_LEVEL_DEBUG3) |
| |
options.log_level++; |
| break; |
break; |
| } else |
} |
| fatal("Too high debugging level."); |
|
| /* fallthrough */ |
/* fallthrough */ |
| case 'V': |
case 'V': |
| fprintf(stderr, |
fprintf(stderr, |
| "%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n", |
"%s, SSH protocols %d.%d/%d.%d, %s\n", |
| SSH_VERSION, |
SSH_VERSION, |
| PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1, |
PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1, |
| PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, |
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, |
| SSLeay()); |
SSLeay_version(SSLEAY_VERSION)); |
| if (opt == 'V') |
if (opt == 'V') |
| exit(0); |
exit(0); |
| break; |
break; |
|
|
| optarg); |
optarg); |
| exit(1); |
exit(1); |
| } |
} |
| add_local_forward(&options, fwd_port, "socks4", 0); |
add_local_forward(&options, fwd_port, "socks", 0); |
| break; |
break; |
| |
|
| case 'C': |
case 'C': |
|
|
| av += optind; |
av += optind; |
| |
|
| if (ac > 0 && !host && **av != '-') { |
if (ac > 0 && !host && **av != '-') { |
| if (strchr(*av, '@')) { |
if (strrchr(*av, '@')) { |
| p = xstrdup(*av); |
p = xstrdup(*av); |
| cp = strchr(p, '@'); |
cp = strrchr(p, '@'); |
| if (cp == NULL || cp == p) |
if (cp == NULL || cp == p) |
| usage(); |
usage(); |
| options.user = p; |
options.user = p; |
|
|
| host = ++cp; |
host = ++cp; |
| } else |
} else |
| host = *av; |
host = *av; |
| ac--, av++; |
if (ac > 1) { |
| if (ac > 0) { |
optind = optreset = 1; |
| optind = 0; |
|
| optreset = 1; |
|
| goto again; |
goto again; |
| } |
} |
| |
ac--, av++; |
| } |
} |
| |
|
| /* Check that we got a host name. */ |
/* Check that we got a host name. */ |
|
|
| |
|
| SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
| ERR_load_crypto_strings(); |
ERR_load_crypto_strings(); |
| channel_set_af(IPv4or6); |
|
| |
|
| /* Initialize the command to execute on remote host. */ |
/* Initialize the command to execute on remote host. */ |
| buffer_init(&command); |
buffer_init(&command); |
|
|
| /* Do not allocate a tty if stdin is not a tty. */ |
/* Do not allocate a tty if stdin is not a tty. */ |
| if (!isatty(fileno(stdin)) && !force_tty_flag) { |
if (!isatty(fileno(stdin)) && !force_tty_flag) { |
| if (tty_flag) |
if (tty_flag) |
| log("Pseudo-terminal will not be allocated because stdin is not a terminal."); |
logit("Pseudo-terminal will not be allocated because stdin is not a terminal."); |
| tty_flag = 0; |
tty_flag = 0; |
| } |
} |
| |
|
|
|
| /* Fill configuration defaults. */ |
/* Fill configuration defaults. */ |
| fill_default_options(&options); |
fill_default_options(&options); |
| |
|
| |
channel_set_af(options.address_family); |
| |
|
| /* reinit */ |
/* reinit */ |
| log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); |
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); |
| |
|
|
|
| if (options.hostname != NULL) |
if (options.hostname != NULL) |
| host = options.hostname; |
host = options.hostname; |
| |
|
| /* Disable rhosts authentication if not running as root. */ |
/* force lowercase for hostkey matching */ |
| if (original_effective_uid != 0 || !options.use_privileged_port) { |
if (options.host_key_alias != NULL) { |
| debug("Rhosts Authentication disabled, " |
for (p = options.host_key_alias; *p; p++) |
| "originating port will not be trusted."); |
if (isupper(*p)) |
| options.rhosts_authentication = 0; |
*p = tolower(*p); |
| } |
} |
| /* Open a connection to the remote host. */ |
|
| |
|
| if (ssh_connect(host, &hostaddr, options.port, IPv4or6, |
if (options.proxy_command != NULL && |
| options.connection_attempts, |
strcmp(options.proxy_command, "none") == 0) |
| |
options.proxy_command = NULL; |
| |
|
| |
/* Open a connection to the remote host. */ |
| |
if (ssh_connect(host, &hostaddr, options.port, |
| |
options.address_family, options.connection_attempts, |
| original_effective_uid == 0 && options.use_privileged_port, |
original_effective_uid == 0 && options.use_privileged_port, |
| options.proxy_command) != 0) |
options.proxy_command) != 0) |
| exit(1); |
exit(1); |
|
|
| if (!got_data) { |
if (!got_data) { |
| u_int32_t rand = 0; |
u_int32_t rand = 0; |
| |
|
| log("Warning: No xauth data; using fake authentication data for X11 forwarding."); |
logit("Warning: No xauth data; using fake authentication data for X11 forwarding."); |
| strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); |
strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); |
| for (i = 0; i < 16; i++) { |
for (i = 0; i < 16; i++) { |
| if (i % 4 == 0) |
if (i % 4 == 0) |
|
|
| if (type == SSH_SMSG_SUCCESS) |
if (type == SSH_SMSG_SUCCESS) |
| packet_start_compression(options.compression_level); |
packet_start_compression(options.compression_level); |
| else if (type == SSH_SMSG_FAILURE) |
else if (type == SSH_SMSG_FAILURE) |
| log("Warning: Remote host refused compression."); |
logit("Warning: Remote host refused compression."); |
| else |
else |
| packet_disconnect("Protocol error waiting for compression response."); |
packet_disconnect("Protocol error waiting for compression response."); |
| } |
} |
|
|
| interactive = 1; |
interactive = 1; |
| have_tty = 1; |
have_tty = 1; |
| } else if (type == SSH_SMSG_FAILURE) |
} else if (type == SSH_SMSG_FAILURE) |
| log("Warning: Remote host failed or refused to allocate a pseudo tty."); |
logit("Warning: Remote host failed or refused to allocate a pseudo tty."); |
| else |
else |
| packet_disconnect("Protocol error waiting for pty request response."); |
packet_disconnect("Protocol error waiting for pty request response."); |
| } |
} |
|
|
| if (type == SSH_SMSG_SUCCESS) { |
if (type == SSH_SMSG_SUCCESS) { |
| interactive = 1; |
interactive = 1; |
| } else if (type == SSH_SMSG_FAILURE) { |
} else if (type == SSH_SMSG_FAILURE) { |
| log("Warning: Remote host denied X11 forwarding."); |
logit("Warning: Remote host denied X11 forwarding."); |
| } else { |
} else { |
| packet_disconnect("Protocol error waiting for X11 forwarding"); |
packet_disconnect("Protocol error waiting for X11 forwarding"); |
| } |
} |
|
|
| type = packet_read(); |
type = packet_read(); |
| packet_check_eom(); |
packet_check_eom(); |
| if (type != SSH_SMSG_SUCCESS) |
if (type != SSH_SMSG_SUCCESS) |
| log("Warning: Remote host denied authentication agent forwarding."); |
logit("Warning: Remote host denied authentication agent forwarding."); |
| } |
} |
| |
|
| /* Initiate port forwardings. */ |
/* Initiate port forwardings. */ |
|
|
| options.remote_forwards[i].host, |
options.remote_forwards[i].host, |
| options.remote_forwards[i].host_port); |
options.remote_forwards[i].host_port); |
| if (type == SSH2_MSG_REQUEST_FAILURE) |
if (type == SSH2_MSG_REQUEST_FAILURE) |
| log("Warning: remote port forwarding failed for listen port %d", |
logit("Warning: remote port forwarding failed for listen port %d", |
| options.remote_forwards[i].port); |
options.remote_forwards[i].port); |
| } |
} |
| |
|
|
|
| int interactive = 0; |
int interactive = 0; |
| struct termios tio; |
struct termios tio; |
| |
|
| debug("ssh_session2_setup: id %d", id); |
debug2("ssh_session2_setup: id %d", id); |
| |
|
| if (tty_flag) { |
if (tty_flag) { |
| struct winsize ws; |
struct winsize ws; |
|
|
| c = channel_new( |
c = channel_new( |
| "session", SSH_CHANNEL_OPENING, in, out, err, |
"session", SSH_CHANNEL_OPENING, in, out, err, |
| window, packetmax, CHAN_EXTENDED_WRITE, |
window, packetmax, CHAN_EXTENDED_WRITE, |
| xstrdup("client-session"), /*nonblock*/0); |
"client-session", /*nonblock*/0); |
| |
|
| debug3("ssh_session2_open: channel_new: %d", c->self); |
debug3("ssh_session2_open: channel_new: %d", c->self); |
| |
|
|
|
| sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); |
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); |
| options.num_identity_files++; |
options.num_identity_files++; |
| options.identity_keys[0] = keys[i]; |
options.identity_keys[0] = keys[i]; |
| options.identity_files[0] = xstrdup("smartcard key");; |
options.identity_files[0] = sc_get_key_label(keys[i]); |
| } |
} |
| if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) |
if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) |
| options.num_identity_files = SSH_MAX_IDENTITY_FILES; |
options.num_identity_files = SSH_MAX_IDENTITY_FILES; |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh