=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.c,v retrieving revision 1.51 retrieving revision 1.51.2.3 diff -u -r1.51 -r1.51.2.3 --- src/usr.bin/ssh/ssh.c 2000/05/08 17:12:15 1.51 +++ src/usr.bin/ssh/ssh.c 2000/11/08 21:31:24 1.51.2.3 @@ -2,16 +2,44 @@ * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved - * Created: Sat Mar 18 16:36:11 1995 ylo * Ssh client program. This program can be used to log into a remote machine. * The software supports strong authentication, encryption, and forwarding * of X11, TCP/IP, and authentication connections. * - * Modified to work with SSL by Niels Provos in Canada. + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * Copyright (c) 1999 Niels Provos. All rights reserved. + * + * Modified to work with SSL by Niels Provos + * in Canada (German citizen). + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.51.2.3 2000/11/08 21:31:24 jason Exp $"); #include #include @@ -21,7 +49,6 @@ #include "ssh.h" #include "packet.h" #include "buffer.h" -#include "authfd.h" #include "readconf.h" #include "uidswap.h" @@ -29,6 +56,7 @@ #include "compat.h" #include "channels.h" #include "key.h" +#include "authfd.h" #include "authfile.h" extern char *__progname; @@ -108,15 +136,18 @@ fprintf(stderr, "Options:\n"); fprintf(stderr, " -l user Log in using this user name.\n"); fprintf(stderr, " -n Redirect input from /dev/null.\n"); + fprintf(stderr, " -A Enable authentication agent forwarding.\n"); fprintf(stderr, " -a Disable authentication agent forwarding.\n"); #ifdef AFS fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); #endif /* AFS */ + fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding.\n"); fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); fprintf(stderr, " -T Do not allocate a tty.\n"); fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); + fprintf(stderr, " Multiple -v increases verbosity.\n"); fprintf(stderr, " -V Display version number only.\n"); fprintf(stderr, " -P Don't allocate a privileged port.\n"); fprintf(stderr, " -q Quiet; don't display any warning messages.\n"); @@ -241,8 +272,8 @@ cp = strrchr(av0, '/') + 1; else cp = av0; - if (strcmp(cp, "rsh") != 0 && strcmp(cp, "ssh") != 0 && - strcmp(cp, "rlogin") != 0 && strcmp(cp, "slogin") != 0) + if (strcmp(cp, "rsh") && strcmp(cp, "ssh") && strcmp(cp, "rlogin") && + strcmp(cp, "slogin") && strcmp(cp, "remsh")) host = cp; for (optind = 1; optind < ac; optind++) { @@ -306,6 +337,9 @@ case 'a': options.forward_agent = 0; break; + case 'A': + options.forward_agent = 1; + break; #ifdef AFS case 'k': options.kerberos_tgt_passing = 0; @@ -328,6 +362,16 @@ tty_flag = 1; break; case 'v': + if (0 == debug_flag) { + debug_flag = 1; + options.log_level = SYSLOG_LEVEL_DEBUG1; + } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) { + options.log_level++; + break; + } else { + fatal("Too high debugging level.\n"); + } + /* fallthrough */ case 'V': fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n", SSH_VERSION, @@ -336,8 +380,6 @@ fprintf(stderr, "Compiled with SSL (0x%8.8lx).\n", SSLeay()); if (opt == 'V') exit(0); - debug_flag = 1; - options.log_level = SYSLOG_LEVEL_DEBUG; break; case 'q': options.log_level = SYSLOG_LEVEL_QUIET; @@ -362,11 +404,12 @@ options.cipher = SSH_CIPHER_ILLEGAL; } else { /* SSH1 only */ - options.cipher = cipher_number(optarg); - if (options.cipher == -1) { + Cipher *c = cipher_by_name(optarg); + if (c == NULL || c->number < 0) { fprintf(stderr, "Unknown cipher type '%s'\n", optarg); exit(1); } + options.cipher = c->number; } break; case 'p': @@ -422,7 +465,7 @@ if (!host) usage(); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); /* Initialize the command to execute on remote host. */ buffer_init(&command); @@ -446,7 +489,7 @@ } /* Cannot fork to background if no command. */ - if (fork_after_authentication_flag && buffer_len(&command) == 0) + if (fork_after_authentication_flag && buffer_len(&command) == 0 && !no_shell_flag) fatal("Cannot fork into background without a command to execute."); /* Allocate a tty by default if no command specified. */ @@ -475,6 +518,7 @@ pwcopy.pw_passwd = xstrdup(pw->pw_passwd); pwcopy.pw_uid = pw->pw_uid; pwcopy.pw_gid = pw->pw_gid; + pwcopy.pw_class = xstrdup(pw->pw_class); pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); pw = &pwcopy; @@ -516,22 +560,6 @@ if (options.hostname != NULL) host = options.hostname; - /* Find canonic host name. */ - if (strchr(host, '.') == 0) { - struct addrinfo hints; - struct addrinfo *ai = NULL; - int errgai; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = IPv4or6; - hints.ai_flags = AI_CANONNAME; - hints.ai_socktype = SOCK_STREAM; - errgai = getaddrinfo(host, NULL, &hints, &ai); - if (errgai == 0) { - if (ai->ai_canonname != NULL) - host = xstrdup(ai->ai_canonname); - freeaddrinfo(ai); - } - } /* Disable rhosts authentication if not running as root. */ if (original_effective_uid != 0 || !options.use_privileged_port) { options.rhosts_authentication = 0; @@ -607,7 +635,7 @@ */ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR); if (stat(buf, &st) < 0) - if (mkdir(buf, 0755) < 0) + if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); /* Check if the connection failed, and try "rsh" if appropriate. */ @@ -664,17 +692,17 @@ FILE *f; int got_data = 0, i; -#ifdef XAUTH_PATH - /* Try to get Xauthority information for the display. */ - snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null", - XAUTH_PATH, getenv("DISPLAY")); - f = popen(line, "r"); - if (f && fgets(line, sizeof(line), f) && - sscanf(line, "%*s %s %s", proto, data) == 2) - got_data = 1; - if (f) - pclose(f); -#endif /* XAUTH_PATH */ + if (options.xauth_location) { + /* Try to get Xauthority information for the display. */ + snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null", + options.xauth_location, getenv("DISPLAY")); + f = popen(line, "r"); + if (f && fgets(line, sizeof(line), f) && + sscanf(line, "%*s %s %s", proto, data) == 2) + got_data = 1; + if (f) + pclose(f); + } /* * If we didn't get authentication data, just make up some * data. The forwarding code will check the validity of the @@ -856,7 +884,7 @@ } /* Enter the interactive session. */ - return client_loop(have_tty, tty_flag ? options.escape_char : -1); + return client_loop(have_tty, tty_flag ? options.escape_char : -1, 0); } void @@ -939,31 +967,48 @@ ssh_session2(void) { int window, packetmax, id; - int in = dup(STDIN_FILENO); - int out = dup(STDOUT_FILENO); - int err = dup(STDERR_FILENO); + int in, out, err; + if (stdin_null_flag) { + in = open("/dev/null", O_RDONLY); + } else { + in = dup(STDIN_FILENO); + } + out = dup(STDOUT_FILENO); + err = dup(STDERR_FILENO); + if (in < 0 || out < 0 || err < 0) - fatal("dump in/out/err failed"); + fatal("dup() in/out/err failed"); + /* enable nonblocking unless tty */ + if (!isatty(in)) + set_nonblock(in); + if (!isatty(out)) + set_nonblock(out); + if (!isatty(err)) + set_nonblock(err); + /* should be pre-session */ init_local_fwd(); - window = 32*1024; - if (tty_flag) { - packetmax = window/8; - } else { + /* If requested, let ssh continue in the background. */ + if (fork_after_authentication_flag) + if (daemon(1, 1) < 0) + fatal("daemon() failed: %.200s", strerror(errno)); + + window = CHAN_SES_WINDOW_DEFAULT; + packetmax = CHAN_SES_PACKET_DEFAULT; + if (!tty_flag) { window *= 2; - packetmax = window/2; + packetmax *=2; } - id = channel_new( "session", SSH_CHANNEL_OPENING, in, out, err, - window, packetmax, CHAN_EXTENDED_WRITE, xstrdup("client-session")); + window, packetmax, CHAN_EXTENDED_WRITE, + xstrdup("client-session"), /*nonblock*/0); - channel_open(id); channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0); - return client_loop(tty_flag, tty_flag ? options.escape_char : -1); + return client_loop(tty_flag, tty_flag ? options.escape_char : -1, id); }