version 1.234.2.1, 2005/09/04 18:40:10 |
version 1.234.2.2, 2006/02/03 02:53:45 |
|
|
{ |
{ |
fprintf(stderr, |
fprintf(stderr, |
"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" |
"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" |
" [-D port] [-e escape_char] [-F configfile]\n" |
" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" |
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" |
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" |
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
" [user@]hostname [command]\n" |
" [-w tunnel:tunnel] [user@]hostname [command]\n" |
); |
); |
exit(1); |
exit(255); |
} |
} |
|
|
static int ssh_session(void); |
static int ssh_session(void); |
|
|
struct servent *sp; |
struct servent *sp; |
Forward fwd; |
Forward fwd; |
|
|
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
|
sanitise_stdfd(); |
|
|
/* |
/* |
* Save the original real uid. It will be needed later (uid-swapping |
* Save the original real uid. It will be needed later (uid-swapping |
* may clobber the real uid). |
* may clobber the real uid). |
|
|
pw = getpwuid(original_real_uid); |
pw = getpwuid(original_real_uid); |
if (!pw) { |
if (!pw) { |
logit("You don't exist, go away!"); |
logit("You don't exist, go away!"); |
exit(1); |
exit(255); |
} |
} |
/* Take a copy of the returned structure. */ |
/* Take a copy of the returned structure. */ |
pw = pwcopy(pw); |
pw = pwcopy(pw); |
|
|
|
|
again: |
again: |
while ((opt = getopt(ac, av, |
while ((opt = getopt(ac, av, |
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { |
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { |
switch (opt) { |
switch (opt) { |
case '1': |
case '1': |
options.protocol = SSH_PROTO_1; |
options.protocol = SSH_PROTO_1; |
|
|
if (opt == 'V') |
if (opt == 'V') |
exit(0); |
exit(0); |
break; |
break; |
|
case 'w': |
|
if (options.tun_open == -1) |
|
options.tun_open = SSH_TUNMODE_DEFAULT; |
|
options.tun_local = a2tun(optarg, &options.tun_remote); |
|
if (options.tun_local == SSH_TUNID_ERR) { |
|
fprintf(stderr, "Bad tun device '%s'\n", optarg); |
|
exit(255); |
|
} |
|
break; |
case 'q': |
case 'q': |
options.log_level = SYSLOG_LEVEL_QUIET; |
options.log_level = SYSLOG_LEVEL_QUIET; |
break; |
break; |
|
|
else { |
else { |
fprintf(stderr, "Bad escape character '%s'.\n", |
fprintf(stderr, "Bad escape character '%s'.\n", |
optarg); |
optarg); |
exit(1); |
exit(255); |
} |
} |
break; |
break; |
case 'c': |
case 'c': |
|
|
fprintf(stderr, |
fprintf(stderr, |
"Unknown cipher type '%s'\n", |
"Unknown cipher type '%s'\n", |
optarg); |
optarg); |
exit(1); |
exit(255); |
} |
} |
if (options.cipher == SSH_CIPHER_3DES) |
if (options.cipher == SSH_CIPHER_3DES) |
options.ciphers = "3des-cbc"; |
options.ciphers = "3des-cbc"; |
|
|
else { |
else { |
fprintf(stderr, "Unknown mac type '%s'\n", |
fprintf(stderr, "Unknown mac type '%s'\n", |
optarg); |
optarg); |
exit(1); |
exit(255); |
} |
} |
break; |
break; |
case 'M': |
case 'M': |
|
|
options.port = a2port(optarg); |
options.port = a2port(optarg); |
if (options.port == 0) { |
if (options.port == 0) { |
fprintf(stderr, "Bad port '%s'\n", optarg); |
fprintf(stderr, "Bad port '%s'\n", optarg); |
exit(1); |
exit(255); |
} |
} |
break; |
break; |
case 'l': |
case 'l': |
|
|
fprintf(stderr, |
fprintf(stderr, |
"Bad local forwarding specification '%s'\n", |
"Bad local forwarding specification '%s'\n", |
optarg); |
optarg); |
exit(1); |
exit(255); |
} |
} |
break; |
break; |
|
|
|
|
fprintf(stderr, |
fprintf(stderr, |
"Bad remote forwarding specification " |
"Bad remote forwarding specification " |
"'%s'\n", optarg); |
"'%s'\n", optarg); |
exit(1); |
exit(255); |
} |
} |
break; |
break; |
|
|
|
|
if ((fwd.listen_host = hpdelim(&cp)) == NULL) { |
if ((fwd.listen_host = hpdelim(&cp)) == NULL) { |
fprintf(stderr, "Bad dynamic forwarding " |
fprintf(stderr, "Bad dynamic forwarding " |
"specification '%.100s'\n", optarg); |
"specification '%.100s'\n", optarg); |
exit(1); |
exit(255); |
} |
} |
if (cp != NULL) { |
if (cp != NULL) { |
fwd.listen_port = a2port(cp); |
fwd.listen_port = a2port(cp); |
|
|
if (fwd.listen_port == 0) { |
if (fwd.listen_port == 0) { |
fprintf(stderr, "Bad dynamic port '%s'\n", |
fprintf(stderr, "Bad dynamic port '%s'\n", |
optarg); |
optarg); |
exit(1); |
exit(255); |
} |
} |
add_local_forward(&options, &fwd); |
add_local_forward(&options, &fwd); |
xfree(p); |
xfree(p); |
|
|
line = xstrdup(optarg); |
line = xstrdup(optarg); |
if (process_config_line(&options, host ? host : "", |
if (process_config_line(&options, host ? host : "", |
line, "command-line", 0, &dummy) != 0) |
line, "command-line", 0, &dummy) != 0) |
exit(1); |
exit(255); |
xfree(line); |
xfree(line); |
break; |
break; |
case 's': |
case 's': |
|
|
options.address_family, options.connection_attempts, |
options.address_family, options.connection_attempts, |
original_effective_uid == 0 && options.use_privileged_port, |
original_effective_uid == 0 && options.use_privileged_port, |
options.proxy_command) != 0) |
options.proxy_command) != 0) |
exit(1); |
exit(255); |
|
|
/* |
/* |
* If we successfully made the connection, load the host private key |
* If we successfully made the connection, load the host private key |
|
|
|
|
/* |
/* |
* Now that we are back to our own permissions, create ~/.ssh |
* Now that we are back to our own permissions, create ~/.ssh |
* directory if it doesn\'t already exist. |
* directory if it doesn't already exist. |
*/ |
*/ |
snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |
snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |
if (stat(buf, &st) < 0) |
if (stat(buf, &st) < 0) |
|
|
debug("Remote connections from %.200s:%d forwarded to " |
debug("Remote connections from %.200s:%d forwarded to " |
"local address %.200s:%d", |
"local address %.200s:%d", |
(options.remote_forwards[i].listen_host == NULL) ? |
(options.remote_forwards[i].listen_host == NULL) ? |
(options.gateway_ports ? "*" : "LOCALHOST") : |
"LOCALHOST" : options.remote_forwards[i].listen_host, |
options.remote_forwards[i].listen_host, |
|
options.remote_forwards[i].listen_port, |
options.remote_forwards[i].listen_port, |
options.remote_forwards[i].connect_host, |
options.remote_forwards[i].connect_host, |
options.remote_forwards[i].connect_port); |
options.remote_forwards[i].connect_port); |
|
|
check_agent_present(void) |
check_agent_present(void) |
{ |
{ |
if (options.forward_agent) { |
if (options.forward_agent) { |
/* Clear agent forwarding if we don\'t have an agent. */ |
/* Clear agent forwarding if we don't have an agent. */ |
if (!ssh_agent_present()) |
if (!ssh_agent_present()) |
options.forward_agent = 0; |
options.forward_agent = 0; |
} |
} |
|
|
fatal("ControlPath too long"); |
fatal("ControlPath too long"); |
|
|
if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) |
if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) |
fatal("%s socket(): %s\n", __func__, strerror(errno)); |
fatal("%s socket(): %s", __func__, strerror(errno)); |
|
|
old_umask = umask(0177); |
old_umask = umask(0177); |
if (bind(control_fd, (struct sockaddr*)&addr, addr.sun_len) == -1) { |
if (bind(control_fd, (struct sockaddr*)&addr, addr.sun_len) == -1) { |
|
|
fatal("ControlSocket %s already exists", |
fatal("ControlSocket %s already exists", |
options.control_path); |
options.control_path); |
else |
else |
fatal("%s bind(): %s\n", __func__, strerror(errno)); |
fatal("%s bind(): %s", __func__, strerror(errno)); |
} |
} |
umask(old_umask); |
umask(old_umask); |
|
|
if (listen(control_fd, 64) == -1) |
if (listen(control_fd, 64) == -1) |
fatal("%s listen(): %s\n", __func__, strerror(errno)); |
fatal("%s listen(): %s", __func__, strerror(errno)); |
|
|
set_nonblock(control_fd); |
set_nonblock(control_fd); |
} |
} |
|
|
packet_send(); |
packet_send(); |
} |
} |
|
|
|
if (options.tun_open != SSH_TUNMODE_NO) { |
|
Channel *c; |
|
int fd; |
|
|
|
debug("Requesting tun."); |
|
if ((fd = tun_open(options.tun_local, |
|
options.tun_open)) >= 0) { |
|
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, |
|
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, |
|
0, "tun", 1); |
|
c->datagram = 1; |
|
packet_start(SSH2_MSG_CHANNEL_OPEN); |
|
packet_put_cstring("tun@openssh.com"); |
|
packet_put_int(c->self); |
|
packet_put_int(c->local_window_max); |
|
packet_put_int(c->local_maxpacket); |
|
packet_put_int(options.tun_open); |
|
packet_put_int(options.tun_remote); |
|
packet_send(); |
|
} |
|
} |
|
|
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), |
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), |
NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); |
NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); |
|
|
|
|
|
|
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) |
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) |
id = ssh_session2_open(); |
id = ssh_session2_open(); |
|
|
|
/* Execute a local command */ |
|
if (options.local_command != NULL && |
|
options.permit_local_command) |
|
ssh_local_cmd(options.local_command); |
|
|
/* If requested, let ssh continue in the background. */ |
/* If requested, let ssh continue in the background. */ |
if (fork_after_authentication_flag) |
if (fork_after_authentication_flag) |