diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
| commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
| tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /scp.c | |
| parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
| parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) | |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'scp.c')
| -rw-r--r-- | scp.c | 21 |
1 files changed, 14 insertions, 7 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: scp.c,v 1.164 2008/10/10 04:55:16 stevesk Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.165 2009/12/20 07:28:36 guenther Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
| 4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
| @@ -252,8 +252,11 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) | |||
| 252 | close(pout[1]); | 252 | close(pout[1]); |
| 253 | 253 | ||
| 254 | replacearg(&args, 0, "%s", ssh_program); | 254 | replacearg(&args, 0, "%s", ssh_program); |
| 255 | if (remuser != NULL) | 255 | if (remuser != NULL) { |
| 256 | addargs(&args, "-l%s", remuser); | 256 | addargs(&args, "-l"); |
| 257 | addargs(&args, "%s", remuser); | ||
| 258 | } | ||
| 259 | addargs(&args, "--"); | ||
| 257 | addargs(&args, "%s", host); | 260 | addargs(&args, "%s", host); |
| 258 | addargs(&args, "%s", cmd); | 261 | addargs(&args, "%s", cmd); |
| 259 | 262 | ||
| @@ -345,10 +348,12 @@ main(int argc, char **argv) | |||
| 345 | case 'c': | 348 | case 'c': |
| 346 | case 'i': | 349 | case 'i': |
| 347 | case 'F': | 350 | case 'F': |
| 348 | addargs(&args, "-%c%s", ch, optarg); | 351 | addargs(&args, "-%c", ch); |
| 352 | addargs(&args, "%s", optarg); | ||
| 349 | break; | 353 | break; |
| 350 | case 'P': | 354 | case 'P': |
| 351 | addargs(&args, "-p%s", optarg); | 355 | addargs(&args, "-p"); |
| 356 | addargs(&args, "%s", optarg); | ||
| 352 | break; | 357 | break; |
| 353 | case 'B': | 358 | case 'B': |
| 354 | addargs(&args, "-oBatchmode yes"); | 359 | addargs(&args, "-oBatchmode yes"); |
| @@ -556,6 +561,7 @@ toremote(char *targ, int argc, char **argv) | |||
| 556 | } else { | 561 | } else { |
| 557 | host = cleanhostname(argv[i]); | 562 | host = cleanhostname(argv[i]); |
| 558 | } | 563 | } |
| 564 | addargs(&alist, "--"); | ||
| 559 | addargs(&alist, "%s", host); | 565 | addargs(&alist, "%s", host); |
| 560 | addargs(&alist, "%s", cmd); | 566 | addargs(&alist, "%s", cmd); |
| 561 | addargs(&alist, "%s", src); | 567 | addargs(&alist, "%s", src); |
| @@ -566,7 +572,7 @@ toremote(char *targ, int argc, char **argv) | |||
| 566 | errs = 1; | 572 | errs = 1; |
| 567 | } else { /* local to remote */ | 573 | } else { /* local to remote */ |
| 568 | if (remin == -1) { | 574 | if (remin == -1) { |
| 569 | xasprintf(&bp, "%s -t %s", cmd, targ); | 575 | xasprintf(&bp, "%s -t -- %s", cmd, targ); |
| 570 | host = cleanhostname(thost); | 576 | host = cleanhostname(thost); |
| 571 | if (do_cmd(host, tuser, bp, &remin, | 577 | if (do_cmd(host, tuser, bp, &remin, |
| 572 | &remout) < 0) | 578 | &remout) < 0) |
| @@ -599,6 +605,7 @@ tolocal(int argc, char **argv) | |||
| 599 | addargs(&alist, "-r"); | 605 | addargs(&alist, "-r"); |
| 600 | if (pflag) | 606 | if (pflag) |
| 601 | addargs(&alist, "-p"); | 607 | addargs(&alist, "-p"); |
| 608 | addargs(&alist, "--"); | ||
| 602 | addargs(&alist, "%s", argv[i]); | 609 | addargs(&alist, "%s", argv[i]); |
| 603 | addargs(&alist, "%s", argv[argc-1]); | 610 | addargs(&alist, "%s", argv[argc-1]); |
| 604 | if (do_local_cmd(&alist)) | 611 | if (do_local_cmd(&alist)) |
| @@ -618,7 +625,7 @@ tolocal(int argc, char **argv) | |||
| 618 | suser = pwd->pw_name; | 625 | suser = pwd->pw_name; |
| 619 | } | 626 | } |
| 620 | host = cleanhostname(host); | 627 | host = cleanhostname(host); |
| 621 | xasprintf(&bp, "%s -f %s", cmd, src); | 628 | xasprintf(&bp, "%s -f -- %s", cmd, src); |
| 622 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { | 629 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { |
| 623 | (void) xfree(bp); | 630 | (void) xfree(bp); |
| 624 | ++errs; | 631 | ++errs; |