summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-05-17 22:34:22 +1000
committerDamien Miller <djm@mindrot.org>2000-05-17 22:34:22 +1000
commitdcb6ecd1b3b25b6909296ff0546ca6b18d0c19d3 (patch)
tree7eb6d184356f6aa00e62c71565568db706f2e960
parent0e65eed58acc0053d163e96463a7c4d0684e55bd (diff)
- OpenBSD CVS update:
- markus@cvs.openbsd.org [ssh.c] fix usage() [ssh2.h] draft-ietf-secsh-architecture-05.txt [ssh.1] document ssh -T -N (ssh2 only) [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] enable nonblocking IO for sshd w/ proto 1, too; split out common code [aux.c] missing include
-rw-r--r--ChangeLog12
-rw-r--r--Makefile.in2
-rw-r--r--aux.c36
-rw-r--r--channels.c19
-rw-r--r--serverloop.c44
-rw-r--r--ssh.110
-rw-r--r--ssh.c3
-rw-r--r--ssh.h8
-rw-r--r--ssh2.h8
-rw-r--r--sshconnect.c17
-rw-r--r--sshd.c17
11 files changed, 102 insertions, 74 deletions
diff --git a/ChangeLog b/ChangeLog
index 4f0c42d6b..e14392af2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,18 @@
13 - Avoid WCOREDUMP complation errors for systems that lack it 13 - Avoid WCOREDUMP complation errors for systems that lack it
14 - Avoid SIGCHLD warnings from entropy commands 14 - Avoid SIGCHLD warnings from entropy commands
15 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk> 15 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
16 - OpenBSD CVS update:
17 - markus@cvs.openbsd.org
18 [ssh.c]
19 fix usage()
20 [ssh2.h]
21 draft-ietf-secsh-architecture-05.txt
22 [ssh.1]
23 document ssh -T -N (ssh2 only)
24 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
25 enable nonblocking IO for sshd w/ proto 1, too; split out common code
26 [aux.c]
27 missing include
16 28
1720000513 2920000513
18 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz 30 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
diff --git a/Makefile.in b/Makefile.in
index 403b75faa..3aeced934 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -34,7 +34,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
34 34
35TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) 35TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
36 36
37LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 37LIBSSH_OBJS=atomicio.o authfd.o authfile.o aux.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
38 38
39LIBOPENBSD_COMPAT_OBJS=bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o fake-getaddrinfo.o fake-getnameinfo.o 39LIBOPENBSD_COMPAT_OBJS=bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o fake-getaddrinfo.o fake-getnameinfo.o
40 40
diff --git a/aux.c b/aux.c
new file mode 100644
index 000000000..899142da7
--- /dev/null
+++ b/aux.c
@@ -0,0 +1,36 @@
1#include "includes.h"
2RCSID("$OpenBSD: aux.c,v 1.2 2000/05/17 09:47:59 markus Exp $");
3
4#include "ssh.h"
5
6char *
7chop(char *s)
8{
9 char *t = s;
10 while (*t) {
11 if(*t == '\n' || *t == '\r') {
12 *t = '\0';
13 return s;
14 }
15 t++;
16 }
17 return s;
18
19}
20
21void
22set_nonblock(int fd)
23{
24 int val;
25 val = fcntl(fd, F_GETFL, 0);
26 if (val < 0) {
27 error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
28 return;
29 }
30 if (val & O_NONBLOCK)
31 return;
32 debug("fd %d setting O_NONBLOCK", fd);
33 val |= O_NONBLOCK;
34 if (fcntl(fd, F_SETFL, val) == -1)
35 error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
36}
diff --git a/channels.c b/channels.c
index a18c7e300..f26b3a65b 100644
--- a/channels.c
+++ b/channels.c
@@ -17,7 +17,7 @@
17 */ 17 */
18 18
19#include "includes.h" 19#include "includes.h"
20RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $"); 20RCSID("$Id: channels.c,v 1.31 2000/05/17 12:34:23 damien Exp $");
21 21
22#include "ssh.h" 22#include "ssh.h"
23#include "packet.h" 23#include "packet.h"
@@ -147,23 +147,6 @@ channel_lookup(int id)
147 return c; 147 return c;
148} 148}
149 149
150void
151set_nonblock(int fd)
152{
153 int val;
154 val = fcntl(fd, F_GETFL, 0);
155 if (val < 0) {
156 error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
157 return;
158 }
159 if (val & O_NONBLOCK)
160 return;
161 debug("fd %d setting O_NONBLOCK", fd);
162 val |= O_NONBLOCK;
163 if (fcntl(fd, F_SETFL, val) == -1)
164 error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
165}
166
167/* 150/*
168 * Register filedescriptors for a channel, used when allocating a channel or 151 * Register filedescriptors for a channel, used when allocating a channel or
169 * when the channel consumer/producer is ready, e.g. shell exec'd 152 * when the channel consumer/producer is ready, e.g. shell exec'd
diff --git a/serverloop.c b/serverloop.c
index 1bc5d8b75..79bdf77ba 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -259,20 +259,15 @@ process_input(fd_set * readset)
259 if (len == 0) { 259 if (len == 0) {
260 verbose("Connection closed by remote host."); 260 verbose("Connection closed by remote host.");
261 fatal_cleanup(); 261 fatal_cleanup();
262 } else if (len < 0) {
263 if (errno != EINTR && errno != EAGAIN) {
264 verbose("Read error from remote host: %.100s", strerror(errno));
265 fatal_cleanup();
266 }
267 } else {
268 /* Buffer any received data. */
269 packet_process_incoming(buf, len);
262 } 270 }
263 /*
264 * There is a kernel bug on Solaris that causes select to
265 * sometimes wake up even though there is no data available.
266 */
267 if (len < 0 && errno == EAGAIN)
268 len = 0;
269
270 if (len < 0) {
271 verbose("Read error from remote host: %.100s", strerror(errno));
272 fatal_cleanup();
273 }
274 /* Buffer any received data. */
275 packet_process_incoming(buf, len);
276 } 271 }
277 if (compat20) 272 if (compat20)
278 return; 273 return;
@@ -280,9 +275,11 @@ process_input(fd_set * readset)
280 /* Read and buffer any available stdout data from the program. */ 275 /* Read and buffer any available stdout data from the program. */
281 if (!fdout_eof && FD_ISSET(fdout, readset)) { 276 if (!fdout_eof && FD_ISSET(fdout, readset)) {
282 len = read(fdout, buf, sizeof(buf)); 277 len = read(fdout, buf, sizeof(buf));
283 if (len <= 0) 278 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
279 /* do nothing */
280 } else if (len <= 0) {
284 fdout_eof = 1; 281 fdout_eof = 1;
285 else { 282 } else {
286 buffer_append(&stdout_buffer, buf, len); 283 buffer_append(&stdout_buffer, buf, len);
287 fdout_bytes += len; 284 fdout_bytes += len;
288 } 285 }
@@ -290,10 +287,13 @@ process_input(fd_set * readset)
290 /* Read and buffer any available stderr data from the program. */ 287 /* Read and buffer any available stderr data from the program. */
291 if (!fderr_eof && FD_ISSET(fderr, readset)) { 288 if (!fderr_eof && FD_ISSET(fderr, readset)) {
292 len = read(fderr, buf, sizeof(buf)); 289 len = read(fderr, buf, sizeof(buf));
293 if (len <= 0) 290 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
291 /* do nothing */
292 } else if (len <= 0) {
294 fderr_eof = 1; 293 fderr_eof = 1;
295 else 294 } else {
296 buffer_append(&stderr_buffer, buf, len); 295 buffer_append(&stderr_buffer, buf, len);
296 }
297 } 297 }
298} 298}
299 299
@@ -309,7 +309,9 @@ process_output(fd_set * writeset)
309 if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { 309 if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
310 len = write(fdin, buffer_ptr(&stdin_buffer), 310 len = write(fdin, buffer_ptr(&stdin_buffer),
311 buffer_len(&stdin_buffer)); 311 buffer_len(&stdin_buffer));
312 if (len <= 0) { 312 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
313 /* do nothing */
314 } else if (len <= 0) {
313#ifdef USE_PIPES 315#ifdef USE_PIPES
314 close(fdin); 316 close(fdin);
315#else 317#else
@@ -396,6 +398,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
396 fdin = fdin_arg; 398 fdin = fdin_arg;
397 fdout = fdout_arg; 399 fdout = fdout_arg;
398 fderr = fderr_arg; 400 fderr = fderr_arg;
401
402 /* nonblocking IO */
403 set_nonblock(fdin);
404 set_nonblock(fdout);
405 set_nonblock(fderr);
406
399 connection_in = packet_get_connection_in(); 407 connection_in = packet_get_connection_in();
400 connection_out = packet_get_connection_out(); 408 connection_out = packet_get_connection_out();
401 409
diff --git a/ssh.1 b/ssh.1
index 48040c439..d8e9eb0b9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sat Apr 22 21:55:14 1995 ylo 10.\" Created: Sat Apr 22 21:55:14 1995 ylo
11.\" 11.\"
12.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $ 12.\" $Id: ssh.1,v 1.26 2000/05/17 12:34:24 damien Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SSH 1 15.Dt SSH 1
@@ -24,7 +24,7 @@
24.Op Ar command 24.Op Ar command
25.Pp 25.Pp
26.Nm ssh 26.Nm ssh
27.Op Fl afgknqtvxCPX246 27.Op Fl afgknqtvxCNPTX246
28.Op Fl c Ar cipher_spec 28.Op Fl c Ar cipher_spec
29.Op Fl e Ar escape_char 29.Op Fl e Ar escape_char
30.Op Fl i Ar identity_file 30.Op Fl i Ar identity_file
@@ -416,6 +416,10 @@ program will be put in the background.
416needs to ask for a password or passphrase; see also the 416needs to ask for a password or passphrase; see also the
417.Fl f 417.Fl f
418option.) 418option.)
419.It Fl N
420Do not execute a remote command.
421This is usefull if you just want to forward ports
422(protocol version 2 only).
419.It Fl o Ar option 423.It Fl o Ar option
420Can be used to give options in the format used in the config file. 424Can be used to give options in the format used in the config file.
421This is useful for specifying options for which there is no separate 425This is useful for specifying options for which there is no separate
@@ -442,6 +446,8 @@ Force pseudo-tty allocation.
442This can be used to execute arbitrary 446This can be used to execute arbitrary
443screen-based programs on a remote machine, which can be very useful, 447screen-based programs on a remote machine, which can be very useful,
444e.g., when implementing menu services. 448e.g., when implementing menu services.
449.It Fl T
450Disable pseudo-tty allocation (protocol version 2 only).
445.It Fl v 451.It Fl v
446Verbose mode. 452Verbose mode.
447Causes 453Causes
diff --git a/ssh.c b/ssh.c
index 2dfc2b02f..bf4f8b1c6 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$Id: ssh.c,v 1.30 2000/05/09 01:03:02 damien Exp $"); 14RCSID("$Id: ssh.c,v 1.31 2000/05/17 12:34:24 damien Exp $");
15 15
16#include <openssl/evp.h> 16#include <openssl/evp.h>
17#include <openssl/dsa.h> 17#include <openssl/dsa.h>
@@ -120,6 +120,7 @@ usage()
120#ifdef AFS 120#ifdef AFS
121 fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); 121 fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
122#endif /* AFS */ 122#endif /* AFS */
123 fprintf(stderr, " -X Enable X11 connection forwarding.\n");
123 fprintf(stderr, " -x Disable X11 connection forwarding.\n"); 124 fprintf(stderr, " -x Disable X11 connection forwarding.\n");
124 fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); 125 fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
125 fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); 126 fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
diff --git a/ssh.h b/ssh.h
index 42a710088..ed124cece 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
13 * 13 *
14 */ 14 */
15 15
16/* RCSID("$Id: ssh.h,v 1.39 2000/05/09 01:03:02 damien Exp $"); */ 16/* RCSID("$Id: ssh.h,v 1.40 2000/05/17 12:34:24 damien Exp $"); */
17 17
18#ifndef SSH_H 18#ifndef SSH_H
19#define SSH_H 19#define SSH_H
@@ -486,6 +486,12 @@ void fatal_remove_cleanup(void (*proc) (void *context), void *context);
486 */ 486 */
487char *tilde_expand_filename(const char *filename, uid_t my_uid); 487char *tilde_expand_filename(const char *filename, uid_t my_uid);
488 488
489/* remove newline at end of string */
490char *chop(char *s);
491
492/* set filedescriptor to non-blocking */
493void set_nonblock(int fd);
494
489/* 495/*
490 * Performs the interactive session. This handles data transmission between 496 * Performs the interactive session. This handles data transmission between
491 * the client and the program. Note that the notion of stdin, stdout, and 497 * the client and the program. Note that the notion of stdin, stdout, and
diff --git a/ssh2.h b/ssh2.h
index cf684bacf..1fa4c0a0d 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,5 +1,5 @@
1/* 1/*
2 * draft-ietf-secsh-architecture-04.txt 2 * draft-ietf-secsh-architecture-05.txt
3 * 3 *
4 * Transport layer protocol: 4 * Transport layer protocol:
5 * 5 *
@@ -28,6 +28,7 @@
28 * 28 *
29 * 192-255 Local extensions 29 * 192-255 Local extensions
30 */ 30 */
31/* RCSID("$OpenBSD: ssh2.h,v 1.3 2000/05/15 07:03:12 markus Exp $"); */
31 32
32/* transport layer: generic */ 33/* transport layer: generic */
33 34
@@ -88,6 +89,7 @@
88#define SSH2_DISCONNECT_PROTOCOL_ERROR 2 89#define SSH2_DISCONNECT_PROTOCOL_ERROR 2
89#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 90#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3
90#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 91#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4
92#define SSH2_DISCONNECT_RESERVED 4
91#define SSH2_DISCONNECT_MAC_ERROR 5 93#define SSH2_DISCONNECT_MAC_ERROR 5
92#define SSH2_DISCONNECT_COMPRESSION_ERROR 6 94#define SSH2_DISCONNECT_COMPRESSION_ERROR 6
93#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 95#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7
@@ -95,6 +97,10 @@
95#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 97#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9
96#define SSH2_DISCONNECT_CONNECTION_LOST 10 98#define SSH2_DISCONNECT_CONNECTION_LOST 10
97#define SSH2_DISCONNECT_BY_APPLICATION 11 99#define SSH2_DISCONNECT_BY_APPLICATION 11
100#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12
101#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13
102#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14
103#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15
98 104
99/* misc */ 105/* misc */
100 106
diff --git a/sshconnect.c b/sshconnect.c
index d74658c96..40e359ceb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -8,7 +8,7 @@
8 */ 8 */
9 9
10#include "includes.h" 10#include "includes.h"
11RCSID("$OpenBSD: sshconnect.c,v 1.72 2000/05/04 09:50:22 markus Exp $"); 11RCSID("$OpenBSD: sshconnect.c,v 1.73 2000/05/17 08:20:15 markus Exp $");
12 12
13#include <openssl/bn.h> 13#include <openssl/bn.h>
14#include <openssl/dsa.h> 14#include <openssl/dsa.h>
@@ -301,21 +301,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
301 return 1; 301 return 1;
302} 302}
303 303
304char *
305chop(char *s)
306{
307 char *t = s;
308 while (*t) {
309 if(*t == '\n' || *t == '\r') {
310 *t = '\0';
311 return s;
312 }
313 t++;
314 }
315 return s;
316
317}
318
319/* 304/*
320 * Waits for the server identification string, and sends our own 305 * Waits for the server identification string, and sends our own
321 * identification string. 306 * identification string.
diff --git a/sshd.c b/sshd.c
index d1ed1506e..a13332cbd 100644
--- a/sshd.c
+++ b/sshd.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $"); 17RCSID("$OpenBSD: sshd.c,v 1.116 2000/05/17 08:20:16 markus Exp $");
18 18
19#include "xmalloc.h" 19#include "xmalloc.h"
20#include "rsa.h" 20#include "rsa.h"
@@ -262,21 +262,6 @@ key_regeneration_alarm(int sig)
262 errno = save_errno; 262 errno = save_errno;
263} 263}
264 264
265char *
266chop(char *s)
267{
268 char *t = s;
269 while (*t) {
270 if(*t == '\n' || *t == '\r') {
271 *t = '\0';
272 return s;
273 }
274 t++;
275 }
276 return s;
277
278}
279
280void 265void
281sshd_exchange_identification(int sock_in, int sock_out) 266sshd_exchange_identification(int sock_in, int sock_out)
282{ 267{