- stevesk@cvs.openbsd.org 2001/09/19 19:24:19

[readconf.c readconf.h scp.c sftp.c ssh.1] add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
author: Ben Lindstrom <mouring@eviladmin.org> 2001-09-20 00:57:55 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-09-20 00:57:55 +0000
commit: 2b7a0e953e3e85c2d95cfb6b4bed095135c3a2b7 (patch)
tree: a059e0bd658419103c94c154ee12b19ed3da48b2
parent: 309f3d1d9c6a8f480de33a21f61809c14da97bdd (diff)
6 files changed, 61 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index ad4084955..fe725c799 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
   - markus@cvs.openbsd.org 2001/09/19 13:23:29
     [key.c]
     key_read() now returns -1 on type mismatch, too
+   - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
+     [readconf.c readconf.h scp.c sftp.c ssh.1]
+     add ClearAllForwardings ssh option and set it in scp and sftp; ok 
+     markus@
 20010918
 - (djm) Configure support for smartcards. Based on Ben's work.
@@ -6513,4 +6517,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1543 2001/09/20 00:55:53 mouring Exp $
+$Id: ChangeLog,v 1.1544 2001/09/20 00:57:55 mouring Exp $
diff --git a/readconf.c b/readconf.c
index 6a426ae05..83069d3ad 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.89 2001/09/03 20:58:33 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.90 2001/09/19 19:24:18 stevesk Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -114,7 +114,8 @@ typedef enum {
        oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
        oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-        oHostKeyAlgorithms, oBindAddress, oSmartcardDevice
+        oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
+        oClearAllForwardings
 } OpCodes;
 /* Textual representations of the tokens. */
@@ -184,6 +185,7 @@ static struct {
        { "hostkeyalgorithms", oHostKeyAlgorithms },
        { "bindaddress", oBindAddress },
        { "smartcarddevice", oSmartcardDevice },
+        { "clearallforwardings", oClearAllForwardings }, 
        { NULL, 0 }
 };
@@ -229,6 +231,19 @@ add_remote_forward(Options *options, u_short port, const char *host,
        fwd->host_port = host_port;
 }
+static void
+clear_forwardings(Options *options)
+{
+        int i;
+        for (i = 0; i < options->num_local_forwards; i++)
+                xfree(options->local_forwards[i].host);
+        options->num_local_forwards = 0;
+        for (i = 0; i < options->num_remote_forwards; i++)
+                xfree(options->remote_forwards[i].host);
+        options->num_remote_forwards = 0;
+}
 /*
 * Returns the number of the token pointed to by cp or oBadOption.
 */
@@ -621,6 +636,10 @@ parse_int:
                        add_local_forward(options, fwd_port, "socks4", 0);
                break;
+        case oClearAllForwardings:
+                intptr = &options->clear_forwardings;
+                goto parse_flag;
        case oHost:
                *activep = 0;
                while ((arg = strdelim(&s)) != NULL && *arg != '\0')
@@ -769,6 +788,7 @@ initialize_options(Options * options)
        options->user_hostfile2 = NULL;
        options->num_local_forwards = 0;
        options->num_remote_forwards = 0;
+        options->clear_forwardings = -1;
        options->log_level = (LogLevel) - 1;
        options->preferred_authentications = NULL;
        options->bind_address = NULL;
@@ -889,6 +909,8 @@ fill_default_options(Options * options)
                options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
        if (options->log_level == (LogLevel) - 1)
                options->log_level = SYSLOG_LEVEL_INFO;
+        if (options->clear_forwardings == 1)
+                clear_forwardings(options);
        /* options->proxy_command should not be set by default */
        /* options->user will be set in the main program if appropriate */
        /* options->hostname will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index faeef1dbf..bde9eaa1c 100644
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */
-/* RCSID("$OpenBSD: readconf.h,v 1.38 2001/09/03 20:58:33 stevesk Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.39 2001/09/19 19:24:18 stevesk Exp $"); */
 #ifndef READCONF_H
 #define READCONF_H
@@ -100,6 +100,7 @@ typedef struct {
        /* Remote TCP/IP forward requests. */
        int     num_remote_forwards;
        Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
+        int     clear_forwardings;
 }       Options;
diff --git a/scp.c b/scp.c
index 512dfa67a..e603646b6 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.83 2001/09/17 17:57:56 stevesk Exp $");
+RCSID("$OpenBSD: scp.c,v 1.84 2001/09/19 19:24:19 stevesk Exp $");
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -239,6 +239,7 @@ main(argc, argv)
        addargs(&args, "-x");
        addargs(&args, "-oForwardAgent no");
        addargs(&args, "-oFallBackToRsh no");
+        addargs(&args, "-oClearAllForwardings yes");
        fflag = tflag = 0;
        while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1)
@@ -371,13 +372,17 @@ toremote(targ, argc, argv)
        for (i = 0; i < argc - 1; i++) {
                src = colon(argv[i]);
                if (src) {      /* remote to remote */
+                        static char *ssh_options =
+                            "-x -o'FallBackToRsh no' "
+                            "-o'ClearAllForwardings yes'";
                        *src++ = 0;
                        if (*src == 0)
                                src = ".";
                        host = strchr(argv[i], '@');
                        len = strlen(ssh_program) + strlen(argv[i]) +
                            strlen(src) + (tuser ? strlen(tuser) : 0) +
-                            strlen(thost) + strlen(targ) + CMDNEEDS + 32;
+                            strlen(thost) + strlen(targ) +
+                            strlen(ssh_options) + CMDNEEDS + 20;
                        bp = xmalloc(len);
                        if (host) {
                                *host++ = 0;
@@ -388,19 +393,19 @@ toremote(targ, argc, argv)
                                else if (!okname(suser))
                                        continue;
                                snprintf(bp, len,
-                                    "%s%s -x -o'FallBackToRsh no' -n "
+                                    "%s%s %s -n "
                                    "-l %s %s %s %s '%s%s%s:%s'",
                                    ssh_program, verbose_mode ? " -v" : "",
-                                    suser, host, cmd, src,
+                                    ssh_options, suser, host, cmd, src,
                                    tuser ? tuser : "", tuser ? "@" : "",
                                    thost, targ);
                        } else {
                                host = cleanhostname(argv[i]);
                                snprintf(bp, len,
-                                    "exec %s%s -x -o'FallBackToRsh no' -n %s "
+                                    "exec %s%s %s -n %s "
                                    "%s %s '%s%s%s:%s'",
                                    ssh_program, verbose_mode ? " -v" : "",
-                                    host, cmd, src,
+                                    ssh_options, host, cmd, src,
                                    tuser ? tuser : "", tuser ? "@" : "",
                                    thost, targ);
                        }
diff --git a/sftp.c b/sftp.c
index 519ee6969..06110f9af 100644
--- a/sftp.c
+++ b/sftp.c
@@ -24,7 +24,7 @@
 #include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.20 2001/09/17 20:38:09 stevesk Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.21 2001/09/19 19:24:19 stevesk Exp $");
 /* XXX: commandline mode */
 /* XXX: short-form remote directory listings (like 'ls -C') */
@@ -118,6 +118,7 @@ main(int argc, char **argv)
        addargs(&args, "-oFallBackToRsh no");
        addargs(&args, "-oForwardX11 no");
        addargs(&args, "-oForwardAgent no");
+        addargs(&args, "-oClearAllForwardings yes");
        ll = SYSLOG_LEVEL_INFO;
        infile = stdin;         /* Read from STDIN unless changed by -b */
diff --git a/ssh.1 b/ssh.1
index c7a19e3b4..e3dc75069 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.137 2001/09/05 06:23:07 deraadt Exp $
+.\" $OpenBSD: ssh.1,v 1.138 2001/09/19 19:24:19 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -767,6 +767,22 @@ The default is
  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
    aes192-cbc,aes256-cbc''
 .Ed
+.It Cm ClearAllForwardings
+Specifies that all local, remote and dynamic port forwardings
+specified in the configuration files or on the command line be
+cleared.  This option is primarily useful when used from the
+.Nm
+command line to clear port forwardings set in
+configuration files, and is automatically set by
+.Xr scp 1
+and
+.Xr sftp 1 .
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
 .It Cm Compression
 Specifies whether to use compression.
 The argument must be
author	Ben Lindstrom <mouring@eviladmin.org>	2001-09-20 00:57:55 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-09-20 00:57:55 +0000
commit	2b7a0e953e3e85c2d95cfb6b4bed095135c3a2b7 (patch)
tree	a059e0bd658419103c94c154ee12b19ed3da48b2
parent	309f3d1d9c6a8f480de33a21f61809c14da97bdd (diff)