=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.c,v retrieving revision 1.209.2.2 retrieving revision 1.210 diff -u -r1.209.2.2 -r1.210 --- src/usr.bin/ssh/ssh.c 2005/03/10 17:15:05 1.209.2.2 +++ src/usr.bin/ssh/ssh.c 2004/04/18 23:10:26 1.210 @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.209.2.2 2005/03/10 17:15:05 brad Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.210 2004/04/18 23:10:26 djm Exp $"); #include #include @@ -53,25 +53,21 @@ #include "xmalloc.h" #include "packet.h" #include "buffer.h" -#include "bufaux.h" #include "channels.h" #include "key.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" -#include "dispatch.h" #include "clientloop.h" #include "log.h" #include "readconf.h" #include "sshconnect.h" +#include "tildexpand.h" +#include "dispatch.h" #include "misc.h" #include "kex.h" #include "mac.h" -#include "sshpty.h" -#include "match.h" -#include "msg.h" -#include "monitor_fdpass.h" -#include "uidswap.h" +#include "sshtty.h" #ifdef SMARTCARD #include "scard.h" @@ -141,28 +137,16 @@ /* pid of proxycommand child process */ pid_t proxy_command_pid = 0; -/* fd to control socket */ -int control_fd = -1; - -/* Multiplexing control command */ -static u_int mux_command = SSHMUX_COMMAND_OPEN; - -/* Only used in control client mode */ -volatile sig_atomic_t control_client_terminate = 0; -u_int control_server_pid = 0; - /* Prints a help message to the user. This function never returns. */ static void usage(void) { fprintf(stderr, -"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" -" [-D port] [-e escape_char] [-F configfile]\n" -" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" -" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" -" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [user@]hostname [command]\n" +"usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" +" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n" +" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n" +" [-p port] [-R port:host:hostport] [user@]hostname [command]\n" ); exit(1); } @@ -170,7 +154,6 @@ static int ssh_session(void); static int ssh_session2(void); static void load_public_identity_files(void); -static void control_client(const char *path); /* * Main program for the ssh client. @@ -179,13 +162,14 @@ main(int ac, char **av) { int i, opt, exit_status; + u_short fwd_port, fwd_host_port; + char sfwd_port[6], sfwd_host_port[6]; char *p, *cp, *line, buf[256]; struct stat st; struct passwd *pw; int dummy; extern int optind, optreset; extern char *optarg; - Forward fwd; /* * Save the original real uid. It will be needed later (uid-swapping @@ -235,7 +219,7 @@ again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -269,14 +253,6 @@ case 'g': options.gateway_ports = 1; break; - case 'O': - if (strcmp(optarg, "check") == 0) - mux_command = SSHMUX_COMMAND_ALIVE_CHECK; - else if (strcmp(optarg, "exit") == 0) - mux_command = SSHMUX_COMMAND_TERMINATE; - else - fatal("Invalid multiplex command."); - break; case 'P': /* deprecated */ options.use_privileged_port = 0; break; @@ -292,8 +268,7 @@ case 'i': if (stat(optarg, &st) < 0) { fprintf(stderr, "Warning: Identity file %s " - "not accessible: %s.\n", optarg, - strerror(errno)); + "does not exist.\n", optarg); break; } if (options.num_identity_files >= @@ -324,7 +299,7 @@ options.log_level++; break; } - /* FALLTHROUGH */ + /* fallthrough */ case 'V': fprintf(stderr, "%s, %s\n", SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); @@ -353,7 +328,7 @@ if (ciphers_valid(optarg)) { /* SSH2 only */ options.ciphers = xstrdup(optarg); - options.cipher = SSH_CIPHER_INVALID; + options.cipher = SSH_CIPHER_ILLEGAL; } else { /* SSH1 only */ options.cipher = cipher_number(optarg); @@ -380,10 +355,6 @@ exit(1); } break; - case 'M': - options.control_master = - (options.control_master >= 1) ? 2 : 1; - break; case 'p': options.port = a2port(optarg); if (options.port == 0) { @@ -396,51 +367,39 @@ break; case 'L': - if (parse_forward(&fwd, optarg)) - add_local_forward(&options, &fwd); - else { + case 'R': + if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3 && + sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3) { fprintf(stderr, - "Bad local forwarding specification '%s'\n", + "Bad forwarding specification '%s'\n", optarg); - exit(1); + usage(); + /* NOTREACHED */ } - break; - - case 'R': - if (parse_forward(&fwd, optarg)) { - add_remote_forward(&options, &fwd); - } else { + if ((fwd_port = a2port(sfwd_port)) == 0 || + (fwd_host_port = a2port(sfwd_host_port)) == 0) { fprintf(stderr, - "Bad remote forwarding specification " - "'%s'\n", optarg); + "Bad forwarding port(s) '%s'\n", optarg); exit(1); } + if (opt == 'L') + add_local_forward(&options, fwd_port, buf, + fwd_host_port); + else if (opt == 'R') + add_remote_forward(&options, fwd_port, buf, + fwd_host_port); break; case 'D': - cp = p = xstrdup(optarg); - memset(&fwd, '\0', sizeof(fwd)); - fwd.connect_host = "socks"; - if ((fwd.listen_host = hpdelim(&cp)) == NULL) { - fprintf(stderr, "Bad dynamic forwarding " - "specification '%.100s'\n", optarg); - exit(1); - } - if (cp != NULL) { - fwd.listen_port = a2port(cp); - fwd.listen_host = cleanhostname(fwd.listen_host); - } else { - fwd.listen_port = a2port(fwd.listen_host); - fwd.listen_host = ""; - } - - if (fwd.listen_port == 0) { + fwd_port = a2port(optarg); + if (fwd_port == 0) { fprintf(stderr, "Bad dynamic port '%s'\n", optarg); exit(1); } - add_local_forward(&options, &fwd); - xfree(p); + add_local_forward(&options, fwd_port, "socks", 0); break; case 'C': @@ -464,11 +423,6 @@ case 's': subsystem_flag = 1; break; - case 'S': - if (options.control_path != NULL) - free(options.control_path); - options.control_path = xstrdup(optarg); - break; case 'b': options.bind_address = optarg; break; @@ -563,7 +517,7 @@ * file if the user specifies a config file on the command line. */ if (config != NULL) { - if (!read_config_file(config, host, &options, 0)) + if (!read_config_file(config, host, &options, 0), 0) fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); } else { @@ -572,7 +526,7 @@ (void)read_config_file(buf, host, &options, 1); /* Read systemwide configuration file after use config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, + (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options, 0); } @@ -601,13 +555,6 @@ strcmp(options.proxy_command, "none") == 0) options.proxy_command = NULL; - if (options.control_path != NULL) { - options.control_path = tilde_expand_filename( - options.control_path, original_real_uid); - } - if (options.control_path != NULL && options.control_master == 0) - control_client(options.control_path); /* This doesn't return */ - /* Open a connection to the remote host. */ if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, @@ -659,10 +606,8 @@ * user's home directory if it happens to be on a NFS volume where * root is mapped to nobody. */ - if (original_effective_uid == 0) { - PRIV_START; - permanently_set_uid(pw); - } + seteuid(original_real_uid); + setuid(original_real_uid); /* * Now that we are back to our own permissions, create ~/.ssh @@ -718,9 +663,6 @@ exit_status = compat20 ? ssh_session2() : ssh_session(); packet_close(); - if (options.control_path != NULL && control_fd != -1) - unlink(options.control_path); - /* * Send SIGHUP to proxy command if used. We don't wait() in * case it hangs and instead rely on init to reap the child @@ -820,17 +762,17 @@ * for the local connection. */ if (!got_data) { - u_int32_t rnd = 0; + u_int32_t rand = 0; logit("Warning: No xauth data; " "using fake authentication data for X11 forwarding."); strlcpy(proto, SSH_X11_PROTO, sizeof proto); for (i = 0; i < 16; i++) { if (i % 4 == 0) - rnd = arc4random(); + rand = arc4random(); snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", - rnd & 0xff); - rnd >>= 8; + rand & 0xff); + rand >>= 8; } } } @@ -843,19 +785,14 @@ /* Initiate local TCP/IP port forwardings. */ for (i = 0; i < options.num_local_forwards; i++) { - debug("Local connections to %.200s:%d forwarded to remote " - "address %.200s:%d", - (options.local_forwards[i].listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : - options.local_forwards[i].listen_host, - options.local_forwards[i].listen_port, - options.local_forwards[i].connect_host, - options.local_forwards[i].connect_port); + debug("Connections to local port %d forwarded to remote address %.200s:%d", + options.local_forwards[i].port, + options.local_forwards[i].host, + options.local_forwards[i].host_port); success += channel_setup_local_fwd_listener( - options.local_forwards[i].listen_host, - options.local_forwards[i].listen_port, - options.local_forwards[i].connect_host, - options.local_forwards[i].connect_port, + options.local_forwards[i].port, + options.local_forwards[i].host, + options.local_forwards[i].host_port, options.gateway_ports); } if (i > 0 && success == 0) @@ -863,17 +800,14 @@ /* Initiate remote TCP/IP port forwardings. */ for (i = 0; i < options.num_remote_forwards; i++) { - debug("Remote connections from %.200s:%d forwarded to " - "local address %.200s:%d", - options.remote_forwards[i].listen_host, - options.remote_forwards[i].listen_port, - options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port); + debug("Connections to remote port %d forwarded to local address %.200s:%d", + options.remote_forwards[i].port, + options.remote_forwards[i].host, + options.remote_forwards[i].host_port); channel_request_remote_forwarding( - options.remote_forwards[i].listen_host, - options.remote_forwards[i].listen_port, - options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port); + options.remote_forwards[i].port, + options.remote_forwards[i].host, + options.remote_forwards[i].host_port); } } @@ -1025,7 +959,7 @@ } static void -ssh_subsystem_reply(int type, u_int32_t seq, void *ctxt) +client_subsystem_reply(int type, u_int32_t seq, void *ctxt) { int id, len; @@ -1049,60 +983,48 @@ return; debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", - options.remote_forwards[i].listen_port, - options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port); + options.remote_forwards[i].port, + options.remote_forwards[i].host, + options.remote_forwards[i].host_port); if (type == SSH2_MSG_REQUEST_FAILURE) - logit("Warning: remote port forwarding failed for listen " - "port %d", options.remote_forwards[i].listen_port); + logit("Warning: remote port forwarding failed for listen port %d", + options.remote_forwards[i].port); } +/* request pty/x11/agent/tcpfwd/shell for channel */ static void -ssh_control_listener(void) +ssh_session2_setup(int id, void *arg) { - struct sockaddr_un addr; - mode_t old_umask; + int len; + int interactive = 0; + struct termios tio; - if (options.control_path == NULL || options.control_master <= 0) - return; + debug2("ssh_session2_setup: id %d", id); - memset(&addr, '\0', sizeof(addr)); - addr.sun_family = AF_UNIX; - addr.sun_len = offsetof(struct sockaddr_un, sun_path) + - strlen(options.control_path) + 1; + if (tty_flag) { + struct winsize ws; + char *cp; + cp = getenv("TERM"); + if (!cp) + cp = ""; + /* Store window size in the packet. */ + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) + memset(&ws, 0, sizeof(ws)); - if (strlcpy(addr.sun_path, options.control_path, - sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) - fatal("ControlPath too long"); - - if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) - fatal("%s socket(): %s\n", __func__, strerror(errno)); - - old_umask = umask(0177); - if (bind(control_fd, (struct sockaddr*)&addr, addr.sun_len) == -1) { - control_fd = -1; - if (errno == EINVAL) - fatal("ControlSocket %s already exists", - options.control_path); - else - fatal("%s bind(): %s\n", __func__, strerror(errno)); + channel_request_start(id, "pty-req", 0); + packet_put_cstring(cp); + packet_put_int(ws.ws_col); + packet_put_int(ws.ws_row); + packet_put_int(ws.ws_xpixel); + packet_put_int(ws.ws_ypixel); + tio = get_saved_tio(); + tty_make_modes(/*ignored*/ 0, &tio); + packet_send(); + interactive = 1; + /* XXX wait for reply */ } - umask(old_umask); - - if (listen(control_fd, 64) == -1) - fatal("%s listen(): %s\n", __func__, strerror(errno)); - - set_nonblock(control_fd); -} - -/* request pty/x11/agent/tcpfwd/shell for channel */ -static void -ssh_session2_setup(int id, void *arg) -{ - extern char **environ; - - int interactive = tty_flag; - if (options.forward_x11 && getenv("DISPLAY") != NULL) { + if (options.forward_x11 && + getenv("DISPLAY") != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ x11_get_proto(&proto, &data); @@ -1120,8 +1042,27 @@ packet_send(); } - client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), - NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); + len = buffer_len(&command); + if (len > 0) { + if (len > 900) + len = 900; + if (subsystem_flag) { + debug("Sending subsystem: %.*s", len, (u_char *)buffer_ptr(&command)); + channel_request_start(id, "subsystem", /*want reply*/ 1); + /* register callback for reply */ + /* XXX we assume that client_loop has already been called */ + dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &client_subsystem_reply); + dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &client_subsystem_reply); + } else { + debug("Sending command: %.*s", len, (u_char *)buffer_ptr(&command)); + channel_request_start(id, "exec", 0); + } + packet_put_string(buffer_ptr(&command), buffer_len(&command)); + packet_send(); + } else { + channel_request_start(id, "shell", 0); + packet_send(); + } packet_set_interactive(interactive); } @@ -1167,7 +1108,7 @@ channel_send_open(c->self); if (!no_shell_flag) - channel_register_confirm(c->self, ssh_session2_setup, NULL); + channel_register_confirm(c->self, ssh_session2_setup); return c->self; } @@ -1179,7 +1120,6 @@ /* XXX should be pre-session */ ssh_init_forwarding(); - ssh_control_listener(); if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); @@ -1232,187 +1172,4 @@ options.identity_files[i] = filename; options.identity_keys[i] = public; } -} - -static void -control_client_sighandler(int signo) -{ - control_client_terminate = signo; -} - -static void -control_client_sigrelay(int signo) -{ - if (control_server_pid > 1) - kill(control_server_pid, signo); -} - -static int -env_permitted(char *env) -{ - int i; - char name[1024], *cp; - - strlcpy(name, env, sizeof(name)); - if ((cp = strchr(name, '=')) == NULL) - return (0); - - *cp = '\0'; - - for (i = 0; i < options.num_send_env; i++) - if (match_pattern(name, options.send_env[i])) - return (1); - - return (0); -} - -static void -control_client(const char *path) -{ - struct sockaddr_un addr; - int i, r, fd, sock, exitval, num_env; - Buffer m; - char *term; - extern char **environ; - u_int flags; - - if (stdin_null_flag) { - if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) - fatal("open(/dev/null): %s", strerror(errno)); - if (dup2(fd, STDIN_FILENO) == -1) - fatal("dup2: %s", strerror(errno)); - if (fd > STDERR_FILENO) - close(fd); - } - - memset(&addr, '\0', sizeof(addr)); - addr.sun_family = AF_UNIX; - addr.sun_len = offsetof(struct sockaddr_un, sun_path) + - strlen(path) + 1; - - if (strlcpy(addr.sun_path, path, - sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) - fatal("ControlPath too long"); - - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) - fatal("%s socket(): %s", __func__, strerror(errno)); - - if (connect(sock, (struct sockaddr*)&addr, addr.sun_len) == -1) - fatal("Couldn't connect to %s: %s", path, strerror(errno)); - - if ((term = getenv("TERM")) == NULL) - term = ""; - - flags = 0; - if (tty_flag) - flags |= SSHMUX_FLAG_TTY; - if (subsystem_flag) - flags |= SSHMUX_FLAG_SUBSYS; - - buffer_init(&m); - - /* Send our command to server */ - buffer_put_int(&m, mux_command); - buffer_put_int(&m, flags); - if (ssh_msg_send(sock, /* version */1, &m) == -1) - fatal("%s: msg_send", __func__); - buffer_clear(&m); - - /* Get authorisation status and PID of controlee */ - if (ssh_msg_recv(sock, &m) == -1) - fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 1) - fatal("%s: wrong version", __func__); - if (buffer_get_int(&m) != 1) - fatal("Connection to master denied"); - control_server_pid = buffer_get_int(&m); - - buffer_clear(&m); - - switch (mux_command) { - case SSHMUX_COMMAND_ALIVE_CHECK: - fprintf(stderr, "Master running (pid=%d)\r\n", - control_server_pid); - exit(0); - case SSHMUX_COMMAND_TERMINATE: - fprintf(stderr, "Exit request sent.\r\n"); - exit(0); - case SSHMUX_COMMAND_OPEN: - /* continue below */ - break; - default: - fatal("silly mux_command %d", mux_command); - } - - /* SSHMUX_COMMAND_OPEN */ - buffer_put_cstring(&m, term); - buffer_append(&command, "\0", 1); - buffer_put_cstring(&m, buffer_ptr(&command)); - - if (options.num_send_env == 0 || environ == NULL) { - buffer_put_int(&m, 0); - } else { - /* Pass environment */ - num_env = 0; - for (i = 0; environ[i] != NULL; i++) - if (env_permitted(environ[i])) - num_env++; /* Count */ - - buffer_put_int(&m, num_env); - - for (i = 0; environ[i] != NULL && num_env >= 0; i++) - if (env_permitted(environ[i])) { - num_env--; - buffer_put_cstring(&m, environ[i]); - } - } - - if (ssh_msg_send(sock, /* version */1, &m) == -1) - fatal("%s: msg_send", __func__); - - mm_send_fd(sock, STDIN_FILENO); - mm_send_fd(sock, STDOUT_FILENO); - mm_send_fd(sock, STDERR_FILENO); - - /* Wait for reply, so master has a chance to gather ttymodes */ - buffer_clear(&m); - if (ssh_msg_recv(sock, &m) == -1) - fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 1) - fatal("%s: wrong version", __func__); - buffer_free(&m); - - signal(SIGHUP, control_client_sighandler); - signal(SIGINT, control_client_sighandler); - signal(SIGTERM, control_client_sighandler); - signal(SIGWINCH, control_client_sigrelay); - - if (tty_flag) - enter_raw_mode(); - - /* Stick around until the controlee closes the client_fd */ - exitval = 0; - for (;!control_client_terminate;) { - r = read(sock, &exitval, sizeof(exitval)); - if (r == 0) { - debug2("Received EOF from master"); - break; - } - if (r > 0) - debug2("Received exit status from master %d", exitval); - if (r == -1 && errno != EINTR) - fatal("%s: read %s", __func__, strerror(errno)); - } - - if (control_client_terminate) - debug2("Exiting on signal %d", control_client_terminate); - - close(sock); - - leave_raw_mode(); - - if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET) - fprintf(stderr, "Connection to master closed.\r\n"); - - exit(exitval); }