diff options
author | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
commit | b7e40fa9da0b5491534a429dadb321eab5a77558 (patch) | |
tree | bed1da11e9f829925797aa093e379fc0b5868ecd /scp.c | |
parent | 4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff) | |
parent | 086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff) |
* New upstream release (closes: #395507, #397961, #420035). Important
changes not previously backported to 4.3p2:
- 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
+ On portable OpenSSH, fix a GSSAPI authentication abort that could be
used to determine the validity of usernames on some platforms.
+ Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of
post-authentication options are supported and more are expected to
be added in future releases.
+ Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
+ Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
+ Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
+ Add optional logging of transactions to sftp-server(8).
+ ssh(1) will now record port numbers for hosts stored in
~/.ssh/known_hosts when a non-standard port has been requested
(closes: #50612).
+ Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
non-zero exit code) when requested port forwardings could not be
established.
+ Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
+ Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
+ Many manpage fixes and improvements.
+ Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
+ Tokens in configuration files may be double-quoted in order to
contain spaces (closes: #319639).
+ Move a debug() call out of a SIGCHLD handler, fixing a hang when the
session exits very quickly (closes: #307890).
+ Fix some incorrect buffer allocation calculations (closes: #410599).
+ ssh-add doesn't ask for a passphrase if key file permissions are too
liberal (closes: #103677).
+ Likewise, ssh doesn't ask either (closes: #99675).
- 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
+ sshd now allows the enabling and disabling of authentication methods
on a per user, group, host and network basis via the Match directive
in sshd_config.
+ Fixed an inconsistent check for a terminal when displaying scp
progress meter (closes: #257524).
+ Fix "hang on exit" when background processes are running at the time
of exit on a ttyful/login session (closes: #88337).
* Update to current GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
install ChangeLog.gssapi.
Diffstat (limited to 'scp.c')
-rw-r--r-- | scp.c | 86 |
1 files changed, 58 insertions, 28 deletions
@@ -1,3 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.156 2007/01/22 13:06:21 djm Exp $ */ | ||
1 | /* | 2 | /* |
2 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
3 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -71,7 +72,30 @@ | |||
71 | */ | 72 | */ |
72 | 73 | ||
73 | #include "includes.h" | 74 | #include "includes.h" |
74 | RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $"); | 75 | |
76 | #include <sys/types.h> | ||
77 | #include <sys/param.h> | ||
78 | #ifdef HAVE_SYS_STAT_H | ||
79 | # include <sys/stat.h> | ||
80 | #endif | ||
81 | #ifdef HAVE_SYS_TIME_H | ||
82 | # include <sys/time.h> | ||
83 | #endif | ||
84 | #include <sys/wait.h> | ||
85 | #include <sys/uio.h> | ||
86 | |||
87 | #include <ctype.h> | ||
88 | #include <dirent.h> | ||
89 | #include <errno.h> | ||
90 | #include <fcntl.h> | ||
91 | #include <pwd.h> | ||
92 | #include <signal.h> | ||
93 | #include <stdarg.h> | ||
94 | #include <stdio.h> | ||
95 | #include <stdlib.h> | ||
96 | #include <string.h> | ||
97 | #include <time.h> | ||
98 | #include <unistd.h> | ||
75 | 99 | ||
76 | #include "xmalloc.h" | 100 | #include "xmalloc.h" |
77 | #include "atomicio.h" | 101 | #include "atomicio.h" |
@@ -82,6 +106,8 @@ RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $"); | |||
82 | 106 | ||
83 | extern char *__progname; | 107 | extern char *__progname; |
84 | 108 | ||
109 | int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); | ||
110 | |||
85 | void bwlimit(int); | 111 | void bwlimit(int); |
86 | 112 | ||
87 | /* Struct for addargs */ | 113 | /* Struct for addargs */ |
@@ -167,7 +193,7 @@ do_local_cmd(arglist *a) | |||
167 | */ | 193 | */ |
168 | 194 | ||
169 | int | 195 | int |
170 | do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) | 196 | do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) |
171 | { | 197 | { |
172 | int pin[2], pout[2], reserved[2]; | 198 | int pin[2], pout[2], reserved[2]; |
173 | 199 | ||
@@ -181,7 +207,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) | |||
181 | * Reserve two descriptors so that the real pipes won't get | 207 | * Reserve two descriptors so that the real pipes won't get |
182 | * descriptors 0 and 1 because that will screw up dup2 below. | 208 | * descriptors 0 and 1 because that will screw up dup2 below. |
183 | */ | 209 | */ |
184 | pipe(reserved); | 210 | if (pipe(reserved) < 0) |
211 | fatal("pipe: %s", strerror(errno)); | ||
185 | 212 | ||
186 | /* Create a socket pair for communicating with ssh. */ | 213 | /* Create a socket pair for communicating with ssh. */ |
187 | if (pipe(pin) < 0) | 214 | if (pipe(pin) < 0) |
@@ -234,7 +261,6 @@ typedef struct { | |||
234 | 261 | ||
235 | BUF *allocbuf(BUF *, int, int); | 262 | BUF *allocbuf(BUF *, int, int); |
236 | void lostconn(int); | 263 | void lostconn(int); |
237 | void nospace(void); | ||
238 | int okname(char *); | 264 | int okname(char *); |
239 | void run_err(const char *,...); | 265 | void run_err(const char *,...); |
240 | void verifydir(char *); | 266 | void verifydir(char *); |
@@ -258,15 +284,21 @@ void usage(void); | |||
258 | int | 284 | int |
259 | main(int argc, char **argv) | 285 | main(int argc, char **argv) |
260 | { | 286 | { |
261 | int ch, fflag, tflag, status; | 287 | int ch, fflag, tflag, status, n; |
262 | double speed; | 288 | double speed; |
263 | char *targ, *endp; | 289 | char *targ, *endp, **newargv; |
264 | extern char *optarg; | 290 | extern char *optarg; |
265 | extern int optind; | 291 | extern int optind; |
266 | 292 | ||
267 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 293 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
268 | sanitise_stdfd(); | 294 | sanitise_stdfd(); |
269 | 295 | ||
296 | /* Copy argv, because we modify it */ | ||
297 | newargv = xcalloc(MAX(argc + 1, 1), sizeof(*newargv)); | ||
298 | for (n = 0; n < argc; n++) | ||
299 | newargv[n] = xstrdup(argv[n]); | ||
300 | argv = newargv; | ||
301 | |||
270 | __progname = ssh_get_progname(argv[0]); | 302 | __progname = ssh_get_progname(argv[0]); |
271 | 303 | ||
272 | memset(&args, '\0', sizeof(args)); | 304 | memset(&args, '\0', sizeof(args)); |
@@ -348,7 +380,7 @@ main(int argc, char **argv) | |||
348 | if ((pwd = getpwuid(userid = getuid())) == NULL) | 380 | if ((pwd = getpwuid(userid = getuid())) == NULL) |
349 | fatal("unknown user %u", (u_int) userid); | 381 | fatal("unknown user %u", (u_int) userid); |
350 | 382 | ||
351 | if (!isatty(STDERR_FILENO)) | 383 | if (!isatty(STDOUT_FILENO)) |
352 | showprogress = 0; | 384 | showprogress = 0; |
353 | 385 | ||
354 | remin = STDIN_FILENO; | 386 | remin = STDIN_FILENO; |
@@ -409,9 +441,9 @@ main(int argc, char **argv) | |||
409 | void | 441 | void |
410 | toremote(char *targ, int argc, char **argv) | 442 | toremote(char *targ, int argc, char **argv) |
411 | { | 443 | { |
412 | int i, len; | ||
413 | char *bp, *host, *src, *suser, *thost, *tuser, *arg; | 444 | char *bp, *host, *src, *suser, *thost, *tuser, *arg; |
414 | arglist alist; | 445 | arglist alist; |
446 | int i; | ||
415 | 447 | ||
416 | memset(&alist, '\0', sizeof(alist)); | 448 | memset(&alist, '\0', sizeof(alist)); |
417 | alist.list = NULL; | 449 | alist.list = NULL; |
@@ -476,12 +508,10 @@ toremote(char *targ, int argc, char **argv) | |||
476 | errs = 1; | 508 | errs = 1; |
477 | } else { /* local to remote */ | 509 | } else { /* local to remote */ |
478 | if (remin == -1) { | 510 | if (remin == -1) { |
479 | len = strlen(targ) + CMDNEEDS + 20; | 511 | xasprintf(&bp, "%s -t %s", cmd, targ); |
480 | bp = xmalloc(len); | ||
481 | (void) snprintf(bp, len, "%s -t %s", cmd, targ); | ||
482 | host = cleanhostname(thost); | 512 | host = cleanhostname(thost); |
483 | if (do_cmd(host, tuser, bp, &remin, | 513 | if (do_cmd(host, tuser, bp, &remin, |
484 | &remout, argc) < 0) | 514 | &remout) < 0) |
485 | exit(1); | 515 | exit(1); |
486 | if (response() < 0) | 516 | if (response() < 0) |
487 | exit(1); | 517 | exit(1); |
@@ -490,14 +520,15 @@ toremote(char *targ, int argc, char **argv) | |||
490 | source(1, argv + i); | 520 | source(1, argv + i); |
491 | } | 521 | } |
492 | } | 522 | } |
523 | xfree(arg); | ||
493 | } | 524 | } |
494 | 525 | ||
495 | void | 526 | void |
496 | tolocal(int argc, char **argv) | 527 | tolocal(int argc, char **argv) |
497 | { | 528 | { |
498 | int i, len; | ||
499 | char *bp, *host, *src, *suser; | 529 | char *bp, *host, *src, *suser; |
500 | arglist alist; | 530 | arglist alist; |
531 | int i; | ||
501 | 532 | ||
502 | memset(&alist, '\0', sizeof(alist)); | 533 | memset(&alist, '\0', sizeof(alist)); |
503 | alist.list = NULL; | 534 | alist.list = NULL; |
@@ -529,10 +560,8 @@ tolocal(int argc, char **argv) | |||
529 | suser = pwd->pw_name; | 560 | suser = pwd->pw_name; |
530 | } | 561 | } |
531 | host = cleanhostname(host); | 562 | host = cleanhostname(host); |
532 | len = strlen(src) + CMDNEEDS + 20; | 563 | xasprintf(&bp, "%s -f %s", cmd, src); |
533 | bp = xmalloc(len); | 564 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { |
534 | (void) snprintf(bp, len, "%s -f %s", cmd, src); | ||
535 | if (do_cmd(host, suser, bp, &remin, &remout, argc) < 0) { | ||
536 | (void) xfree(bp); | 565 | (void) xfree(bp); |
537 | ++errs; | 566 | ++errs; |
538 | continue; | 567 | continue; |
@@ -777,7 +806,8 @@ sink(int argc, char **argv) | |||
777 | BUF *bp; | 806 | BUF *bp; |
778 | off_t i; | 807 | off_t i; |
779 | size_t j, count; | 808 | size_t j, count; |
780 | int amt, exists, first, mask, mode, ofd, omode; | 809 | int amt, exists, first, ofd; |
810 | mode_t mode, omode, mask; | ||
781 | off_t size, statbytes; | 811 | off_t size, statbytes; |
782 | int setimes, targisdir, wrerrno = 0; | 812 | int setimes, targisdir, wrerrno = 0; |
783 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; | 813 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; |
@@ -1097,15 +1127,15 @@ run_err(const char *fmt,...) | |||
1097 | va_list ap; | 1127 | va_list ap; |
1098 | 1128 | ||
1099 | ++errs; | 1129 | ++errs; |
1100 | if (fp == NULL && !(fp = fdopen(remout, "w"))) | 1130 | if (fp != NULL || (remout != -1 && (fp = fdopen(remout, "w")))) { |
1101 | return; | 1131 | (void) fprintf(fp, "%c", 0x01); |
1102 | (void) fprintf(fp, "%c", 0x01); | 1132 | (void) fprintf(fp, "scp: "); |
1103 | (void) fprintf(fp, "scp: "); | 1133 | va_start(ap, fmt); |
1104 | va_start(ap, fmt); | 1134 | (void) vfprintf(fp, fmt, ap); |
1105 | (void) vfprintf(fp, fmt, ap); | 1135 | va_end(ap); |
1106 | va_end(ap); | 1136 | (void) fprintf(fp, "\n"); |
1107 | (void) fprintf(fp, "\n"); | 1137 | (void) fflush(fp); |
1108 | (void) fflush(fp); | 1138 | } |
1109 | 1139 | ||
1110 | if (!iamremote) { | 1140 | if (!iamremote) { |
1111 | va_start(ap, fmt); | 1141 | va_start(ap, fmt); |
@@ -1181,7 +1211,7 @@ allocbuf(BUF *bp, int fd, int blksize) | |||
1181 | if (bp->buf == NULL) | 1211 | if (bp->buf == NULL) |
1182 | bp->buf = xmalloc(size); | 1212 | bp->buf = xmalloc(size); |
1183 | else | 1213 | else |
1184 | bp->buf = xrealloc(bp->buf, size); | 1214 | bp->buf = xrealloc(bp->buf, 1, size); |
1185 | memset(bp->buf, 0, size); | 1215 | memset(bp->buf, 0, size); |
1186 | bp->cnt = size; | 1216 | bp->cnt = size; |
1187 | return (bp); | 1217 | return (bp); |