version 1.186.2.2, 2003/09/16 21:20:28 |
version 1.187, 2002/11/21 23:04:33 |
|
|
|
|
extern char *__progname; |
extern char *__progname; |
|
|
|
/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
|
Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
|
int IPv4or6 = AF_UNSPEC; |
|
|
/* Flag indicating whether debug mode is on. This can be set on the command line. */ |
/* Flag indicating whether debug mode is on. This can be set on the command line. */ |
int debug_flag = 0; |
int debug_flag = 0; |
|
|
|
|
_PATH_SSH_USER_CONFFILE); |
_PATH_SSH_USER_CONFFILE); |
fprintf(stderr, " -A Enable authentication agent forwarding.\n"); |
fprintf(stderr, " -A Enable authentication agent forwarding.\n"); |
fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); |
fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); |
|
#ifdef AFS |
|
fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); |
|
#endif /* AFS */ |
fprintf(stderr, " -X Enable X11 connection forwarding.\n"); |
fprintf(stderr, " -X Enable X11 connection forwarding.\n"); |
fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); |
fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); |
fprintf(stderr, " -i file Identity for public key authentication " |
fprintf(stderr, " -i file Identity for public key authentication " |
|
|
/* Get user data. */ |
/* Get user data. */ |
pw = getpwuid(original_real_uid); |
pw = getpwuid(original_real_uid); |
if (!pw) { |
if (!pw) { |
logit("You don't exist, go away!"); |
log("You don't exist, go away!"); |
exit(1); |
exit(1); |
} |
} |
/* Take a copy of the returned structure. */ |
/* Take a copy of the returned structure. */ |
|
|
options.protocol = SSH_PROTO_2; |
options.protocol = SSH_PROTO_2; |
break; |
break; |
case '4': |
case '4': |
options.address_family = AF_INET; |
IPv4or6 = AF_INET; |
break; |
break; |
case '6': |
case '6': |
options.address_family = AF_INET6; |
IPv4or6 = AF_INET6; |
break; |
break; |
case 'n': |
case 'n': |
stdin_null_flag = 1; |
stdin_null_flag = 1; |
|
|
case 'A': |
case 'A': |
options.forward_agent = 1; |
options.forward_agent = 1; |
break; |
break; |
|
#ifdef AFS |
case 'k': |
case 'k': |
/* ignored for backward compatibility */ |
options.kerberos_tgt_passing = 0; |
|
options.afs_token_passing = 0; |
break; |
break; |
|
#endif |
case 'i': |
case 'i': |
if (stat(optarg, &st) < 0) { |
if (stat(optarg, &st) < 0) { |
fprintf(stderr, "Warning: Identity file %s " |
fprintf(stderr, "Warning: Identity file %s " |
|
|
tty_flag = 1; |
tty_flag = 1; |
break; |
break; |
case 'v': |
case 'v': |
if (debug_flag == 0) { |
if (0 == debug_flag) { |
debug_flag = 1; |
debug_flag = 1; |
options.log_level = SYSLOG_LEVEL_DEBUG1; |
options.log_level = SYSLOG_LEVEL_DEBUG1; |
} else { |
} else if (options.log_level < SYSLOG_LEVEL_DEBUG3) { |
if (options.log_level < SYSLOG_LEVEL_DEBUG3) |
options.log_level++; |
options.log_level++; |
|
break; |
break; |
} |
} else |
|
fatal("Too high debugging level."); |
/* fallthrough */ |
/* fallthrough */ |
case 'V': |
case 'V': |
fprintf(stderr, |
fprintf(stderr, |
"%s, SSH protocols %d.%d/%d.%d, %s\n", |
"%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n", |
SSH_VERSION, |
SSH_VERSION, |
PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1, |
PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1, |
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, |
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, |
SSLeay_version(SSLEAY_VERSION)); |
SSLeay()); |
if (opt == 'V') |
if (opt == 'V') |
exit(0); |
exit(0); |
break; |
break; |
|
|
optarg); |
optarg); |
exit(1); |
exit(1); |
} |
} |
add_local_forward(&options, fwd_port, "socks", 0); |
add_local_forward(&options, fwd_port, "socks4", 0); |
break; |
break; |
|
|
case 'C': |
case 'C': |
|
|
av += optind; |
av += optind; |
|
|
if (ac > 0 && !host && **av != '-') { |
if (ac > 0 && !host && **av != '-') { |
if (strrchr(*av, '@')) { |
if (strchr(*av, '@')) { |
p = xstrdup(*av); |
p = xstrdup(*av); |
cp = strrchr(p, '@'); |
cp = strchr(p, '@'); |
if (cp == NULL || cp == p) |
if (cp == NULL || cp == p) |
usage(); |
usage(); |
options.user = p; |
options.user = p; |
|
|
host = ++cp; |
host = ++cp; |
} else |
} else |
host = *av; |
host = *av; |
if (ac > 1) { |
ac--, av++; |
optind = optreset = 1; |
if (ac > 0) { |
|
optind = 0; |
|
optreset = 1; |
goto again; |
goto again; |
} |
} |
ac--, av++; |
|
} |
} |
|
|
/* Check that we got a host name. */ |
/* Check that we got a host name. */ |
|
|
|
|
SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
ERR_load_crypto_strings(); |
ERR_load_crypto_strings(); |
|
channel_set_af(IPv4or6); |
|
|
/* Initialize the command to execute on remote host. */ |
/* Initialize the command to execute on remote host. */ |
buffer_init(&command); |
buffer_init(&command); |
|
|
/* Do not allocate a tty if stdin is not a tty. */ |
/* Do not allocate a tty if stdin is not a tty. */ |
if (!isatty(fileno(stdin)) && !force_tty_flag) { |
if (!isatty(fileno(stdin)) && !force_tty_flag) { |
if (tty_flag) |
if (tty_flag) |
logit("Pseudo-terminal will not be allocated because stdin is not a terminal."); |
log("Pseudo-terminal will not be allocated because stdin is not a terminal."); |
tty_flag = 0; |
tty_flag = 0; |
} |
} |
|
|
|
|
/* Fill configuration defaults. */ |
/* Fill configuration defaults. */ |
fill_default_options(&options); |
fill_default_options(&options); |
|
|
channel_set_af(options.address_family); |
|
|
|
/* reinit */ |
/* reinit */ |
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); |
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); |
|
|
|
|
if (options.hostname != NULL) |
if (options.hostname != NULL) |
host = options.hostname; |
host = options.hostname; |
|
|
/* force lowercase for hostkey matching */ |
/* Disable rhosts authentication if not running as root. */ |
if (options.host_key_alias != NULL) { |
if (original_effective_uid != 0 || !options.use_privileged_port) { |
for (p = options.host_key_alias; *p; p++) |
debug("Rhosts Authentication disabled, " |
if (isupper(*p)) |
"originating port will not be trusted."); |
*p = tolower(*p); |
options.rhosts_authentication = 0; |
} |
} |
|
|
if (options.proxy_command != NULL && |
|
strcmp(options.proxy_command, "none") == 0) |
|
options.proxy_command = NULL; |
|
|
|
/* Open a connection to the remote host. */ |
/* Open a connection to the remote host. */ |
if (ssh_connect(host, &hostaddr, options.port, |
|
options.address_family, options.connection_attempts, |
if (ssh_connect(host, &hostaddr, options.port, IPv4or6, |
|
options.connection_attempts, |
original_effective_uid == 0 && options.use_privileged_port, |
original_effective_uid == 0 && options.use_privileged_port, |
options.proxy_command) != 0) |
options.proxy_command) != 0) |
exit(1); |
exit(1); |
|
|
if (!got_data) { |
if (!got_data) { |
u_int32_t rand = 0; |
u_int32_t rand = 0; |
|
|
logit("Warning: No xauth data; using fake authentication data for X11 forwarding."); |
log("Warning: No xauth data; using fake authentication data for X11 forwarding."); |
strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); |
strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); |
for (i = 0; i < 16; i++) { |
for (i = 0; i < 16; i++) { |
if (i % 4 == 0) |
if (i % 4 == 0) |
|
|
if (type == SSH_SMSG_SUCCESS) |
if (type == SSH_SMSG_SUCCESS) |
packet_start_compression(options.compression_level); |
packet_start_compression(options.compression_level); |
else if (type == SSH_SMSG_FAILURE) |
else if (type == SSH_SMSG_FAILURE) |
logit("Warning: Remote host refused compression."); |
log("Warning: Remote host refused compression."); |
else |
else |
packet_disconnect("Protocol error waiting for compression response."); |
packet_disconnect("Protocol error waiting for compression response."); |
} |
} |
|
|
interactive = 1; |
interactive = 1; |
have_tty = 1; |
have_tty = 1; |
} else if (type == SSH_SMSG_FAILURE) |
} else if (type == SSH_SMSG_FAILURE) |
logit("Warning: Remote host failed or refused to allocate a pseudo tty."); |
log("Warning: Remote host failed or refused to allocate a pseudo tty."); |
else |
else |
packet_disconnect("Protocol error waiting for pty request response."); |
packet_disconnect("Protocol error waiting for pty request response."); |
} |
} |
|
|
if (type == SSH_SMSG_SUCCESS) { |
if (type == SSH_SMSG_SUCCESS) { |
interactive = 1; |
interactive = 1; |
} else if (type == SSH_SMSG_FAILURE) { |
} else if (type == SSH_SMSG_FAILURE) { |
logit("Warning: Remote host denied X11 forwarding."); |
log("Warning: Remote host denied X11 forwarding."); |
} else { |
} else { |
packet_disconnect("Protocol error waiting for X11 forwarding"); |
packet_disconnect("Protocol error waiting for X11 forwarding"); |
} |
} |
|
|
type = packet_read(); |
type = packet_read(); |
packet_check_eom(); |
packet_check_eom(); |
if (type != SSH_SMSG_SUCCESS) |
if (type != SSH_SMSG_SUCCESS) |
logit("Warning: Remote host denied authentication agent forwarding."); |
log("Warning: Remote host denied authentication agent forwarding."); |
} |
} |
|
|
/* Initiate port forwardings. */ |
/* Initiate port forwardings. */ |
|
|
options.remote_forwards[i].host, |
options.remote_forwards[i].host, |
options.remote_forwards[i].host_port); |
options.remote_forwards[i].host_port); |
if (type == SSH2_MSG_REQUEST_FAILURE) |
if (type == SSH2_MSG_REQUEST_FAILURE) |
logit("Warning: remote port forwarding failed for listen port %d", |
log("Warning: remote port forwarding failed for listen port %d", |
options.remote_forwards[i].port); |
options.remote_forwards[i].port); |
} |
} |
|
|
|
|
c = channel_new( |
c = channel_new( |
"session", SSH_CHANNEL_OPENING, in, out, err, |
"session", SSH_CHANNEL_OPENING, in, out, err, |
window, packetmax, CHAN_EXTENDED_WRITE, |
window, packetmax, CHAN_EXTENDED_WRITE, |
"client-session", /*nonblock*/0); |
xstrdup("client-session"), /*nonblock*/0); |
|
|
debug3("ssh_session2_open: channel_new: %d", c->self); |
debug3("ssh_session2_open: channel_new: %d", c->self); |
|
|
|
|
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); |
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); |
options.num_identity_files++; |
options.num_identity_files++; |
options.identity_keys[0] = keys[i]; |
options.identity_keys[0] = keys[i]; |
options.identity_files[0] = sc_get_key_label(keys[i]); |
options.identity_files[0] = xstrdup("smartcard key");; |
} |
} |
if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) |
if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) |
options.num_identity_files = SSH_MAX_IDENTITY_FILES; |
options.num_identity_files = SSH_MAX_IDENTITY_FILES; |