src/usr.bin/ssh/ssh.c - diff

Return to ssh.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh.c between version 1.265.2.2 and 1.266

version 1.265.2.2, 2006/11/08 00:17:14

version 1.266, 2006/03/12 04:23:07

Line 1

/* $OpenBSD$ */

* Author: Tatu Ylonen <ylo@cs.hut.fi>

Line 40

Line 39

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include <sys/types.h>

#include "includes.h"

#include <sys/time.h>

RCSID("$OpenBSD$");

#include <sys/resource.h>

#include <sys/ioctl.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <sys/un.h>

#include <sys/stat.h>

#include <ctype.h>

#include <errno.h>

#include <fcntl.h>

#include <netdb.h>

#include <paths.h>

#include <pwd.h>

#include <signal.h>

#include <stddef.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <openssl/evp.h>

#include <openssl/err.h>

#include "xmalloc.h"

#include "ssh.h"

#include "ssh1.h"

#include "ssh2.h"

#include "compat.h"

#include "cipher.h"

#include "xmalloc.h"

#include "packet.h"

#include "buffer.h"

#include "bufaux.h"

#include "channels.h"

#include "key.h"

#include "authfd.h"

Line 91

Line 82

#include "msg.h"

#include "monitor_fdpass.h"

#include "uidswap.h"

#include "version.h"

#ifdef SMARTCARD

#include "scard.h"

Line 182

Line 172

" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"

" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"

" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"

" [-w local_tun[:remote_tun]] [user@]hostname [command]\n"

" [-w tunnel:tunnel] [user@]hostname [command]\n"

);

exit(255);

}

Line 629

Line 619

if (options.host_key_alias != NULL) {

for (p = options.host_key_alias; *p; p++)

if (isupper(*p))

*p = (char)tolower(*p);

*p = tolower(*p);

}

/* Get default port if port has not been set. */

Line 646

Line 636

options.control_path = NULL;

if (options.control_path != NULL) {

char thishost[NI_MAXHOST];

char me[NI_MAXHOST];

if (gethostname(thishost, sizeof(thishost)) == -1)

if (gethostname(me, sizeof(me)) == -1)

fatal("gethostname: %s", strerror(errno));

snprintf(buf, sizeof(buf), "%d", options.port);

cp = tilde_expand_filename(options.control_path,

original_real_uid);

options.control_path = percent_expand(cp, "p", buf, "h", host,

"r", options.user, "l", thishost, (char *)NULL);

"r", options.user, "l", me, (char *)NULL);

xfree(cp);

}

if (mux_command != 0 && options.control_path == NULL)

Line 683

Line 673

if (options.rhosts_rsa_authentication ||

options.hostbased_authentication) {

sensitive_data.nkeys = 3;

sensitive_data.keys = xcalloc(sensitive_data.nkeys,

sensitive_data.keys = xmalloc(sensitive_data.nkeys *

sizeof(Key));

PRIV_START;

sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,

_PATH_HOST_KEY_FILE, "", NULL, NULL);

_PATH_HOST_KEY_FILE, "", NULL);

sensitive_data.keys[1] = key_load_private_type(KEY_DSA,

_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);

_PATH_HOST_DSA_KEY_FILE, "", NULL);

sensitive_data.keys[2] = key_load_private_type(KEY_RSA,

_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);

_PATH_HOST_RSA_KEY_FILE, "", NULL);

PRIV_END;

if (options.hostbased_authentication == 1 &&

Line 808

Line 798

options.local_forwards[i].connect_port,

options.gateway_ports);

}

if (i > 0 && success != i && options.exit_on_forward_failure)

fatal("Could not request local forwarding.");

if (i > 0 && success == 0)

error("Could not request local forwarding.");

Line 822

Line 810

options.remote_forwards[i].listen_port,

options.remote_forwards[i].connect_host,

options.remote_forwards[i].connect_port);

if (channel_request_remote_forwarding(

channel_request_remote_forwarding(

options.remote_forwards[i].listen_host,

options.remote_forwards[i].listen_port,

options.remote_forwards[i].connect_host,

options.remote_forwards[i].connect_port) < 0) {

options.remote_forwards[i].connect_port);

if (options.exit_on_forward_failure)

fatal("Could not request remote forwarding.");

else

logit("Warning: Could not request remote "

"forwarding.");

}

Line 893

Line 875

/* Store window size in the packet. */

if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)

memset(&ws, 0, sizeof(ws));

packet_put_int((u_int)ws.ws_row);

packet_put_int(ws.ws_row);

packet_put_int((u_int)ws.ws_col);

packet_put_int(ws.ws_col);

packet_put_int((u_int)ws.ws_xpixel);

packet_put_int(ws.ws_xpixel);

packet_put_int((u_int)ws.ws_ypixel);

packet_put_int(ws.ws_ypixel);

/* Store tty modes in the packet. */

tty_make_modes(fileno(stdin), NULL);

Line 1014

Line 996

options.remote_forwards[i].listen_port,

options.remote_forwards[i].connect_host,

options.remote_forwards[i].connect_port);

if (type == SSH2_MSG_REQUEST_FAILURE) {

if (type == SSH2_MSG_REQUEST_FAILURE)

if (options.exit_on_forward_failure)

logit("Warning: remote port forwarding failed for listen "

fatal("Error: remote port forwarding failed for "

"port %d", options.remote_forwards[i].listen_port);

"listen port %d",

options.remote_forwards[i].listen_port);

else

logit("Warning: remote port forwarding failed for "

"listen port %d",

options.remote_forwards[i].listen_port);

}

static void

Line 1051

Line 1026

fatal("%s socket(): %s", __func__, strerror(errno));

old_umask = umask(0177);

if (bind(control_fd, (struct sockaddr *)&addr, addr.sun_len) == -1) {

if (bind(control_fd, (struct sockaddr*)&addr, addr.sun_len) == -1) {

control_fd = -1;

if (errno == EINVAL || errno == EADDRINUSE)

fatal("ControlSocket %s already exists",

Line 1198

Line 1173

static void

load_public_identity_files(void)

{

char *filename, *cp, thishost[NI_MAXHOST];

char *filename;

int i = 0;

Key *public;

struct passwd *pw;

#ifdef SMARTCARD

Key **keys;

if (options.smartcard_device != NULL &&

options.num_identity_files < SSH_MAX_IDENTITY_FILES &&

(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) {

(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {

int count = 0;

for (i = 0; keys[i] != NULL; i++) {

count++;

Line 1225

Line 1199

xfree(keys);

}

#endif /* SMARTCARD */

if ((pw = getpwuid(original_real_uid)) == NULL)

fatal("load_public_identity_files: getpwuid failed");

if (gethostname(thishost, sizeof(thishost)) == -1)

fatal("load_public_identity_files: gethostname: %s",

strerror(errno));

for (; i < options.num_identity_files; i++) {

cp = tilde_expand_filename(options.identity_files[i],

filename = tilde_expand_filename(options.identity_files[i],

original_real_uid);

filename = percent_expand(cp, "d", pw->pw_dir,

"u", pw->pw_name, "l", thishost, "h", host,

"r", options.user, (char *)NULL);

xfree(cp);

public = key_load_public(filename, NULL);

debug("identity file %s type %d", filename,

public ? public->type : -1);

Line 1262

Line 1227

static int

env_permitted(char *env)

{

int i, ret;

int i;

char name[1024], *cp;

if ((cp = strchr(env, '=')) == NULL || cp == env)

strlcpy(name, env, sizeof(name));

if ((cp = strchr(name, '=')) == NULL)

return (0);

ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);

if (ret <= 0 || (size_t)ret >= sizeof(name))

fatal("env_permitted: name '%.100s...' too long", env);

*cp = '\0';

for (i = 0; i < options.num_send_env; i++)

if (match_pattern(name, options.send_env[i]))

return (1);

Line 1314

Line 1279

if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)

fatal("%s socket(): %s", __func__, strerror(errno));

if (connect(sock, (struct sockaddr *)&addr, addr.sun_len) == -1) {

if (connect(sock, (struct sockaddr*)&addr, addr.sun_len) == -1) {

if (mux_command != SSHMUX_COMMAND_OPEN) {

fatal("Control socket connect(%.100s): %s", path,

strerror(errno));

}

if (errno == ENOENT)

debug("Control socket \"%.100s\" does not exist", path);

else {

error("Control socket connect(%.100s): %s", path,

strerror(errno));

}

close(sock);

return;

}

if (stdin_null_flag) {

if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)

fatal("open(/dev/null): %s", strerror(errno));

if (dup2(fd, STDIN_FILENO) == -1)

fatal("dup2: %s", strerror(errno));

if (fd > STDERR_FILENO)

close(fd);

}

term = getenv("TERM");