diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | readconf.c | 4 | ||||
-rw-r--r-- | ssh.1 | 4 | ||||
-rw-r--r-- | ssh.c | 29 | ||||
-rw-r--r-- | sshconnect.c | 56 |
5 files changed, 72 insertions, 27 deletions
@@ -32,6 +32,10 @@ | |||
32 | - markus@cvs.openbsd.org 2001/07/25 11:59:35 | 32 | - markus@cvs.openbsd.org 2001/07/25 11:59:35 |
33 | [scard.c] | 33 | [scard.c] |
34 | typo in comment | 34 | typo in comment |
35 | - markus@cvs.openbsd.org 2001/07/25 14:35:18 | ||
36 | [readconf.c ssh.1 ssh.c sshconnect.c] | ||
37 | cleanup connect(); connection_attempts 4 -> 1; from | ||
38 | eivind@freebsd.org | ||
35 | 39 | ||
36 | 20010803 | 40 | 20010803 |
37 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 41 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
@@ -6142,4 +6146,4 @@ | |||
6142 | - Wrote replacements for strlcpy and mkdtemp | 6146 | - Wrote replacements for strlcpy and mkdtemp |
6143 | - Released 1.0pre1 | 6147 | - Released 1.0pre1 |
6144 | 6148 | ||
6145 | $Id: ChangeLog,v 1.1435 2001/08/06 21:05:05 mouring Exp $ | 6149 | $Id: ChangeLog,v 1.1436 2001/08/06 21:07:11 mouring Exp $ |
diff --git a/readconf.c b/readconf.c index 36700fbd5..6519ec667 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.83 2001/07/22 22:04:19 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -843,7 +843,7 @@ fill_default_options(Options * options) | |||
843 | if (options->port == -1) | 843 | if (options->port == -1) |
844 | options->port = 0; /* Filled in ssh_connect. */ | 844 | options->port = 0; /* Filled in ssh_connect. */ |
845 | if (options->connection_attempts == -1) | 845 | if (options->connection_attempts == -1) |
846 | options->connection_attempts = 4; | 846 | options->connection_attempts = 1; |
847 | if (options->number_of_password_prompts == -1) | 847 | if (options->number_of_password_prompts == -1) |
848 | options->number_of_password_prompts = 3; | 848 | options->number_of_password_prompts = 3; |
849 | /* Selected in ssh_login(). */ | 849 | /* Selected in ssh_login(). */ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.123 2001/07/23 12:47:05 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -732,7 +732,7 @@ Specifies the number of tries (one per second) to make before falling | |||
732 | back to rsh or exiting. | 732 | back to rsh or exiting. |
733 | The argument must be an integer. | 733 | The argument must be an integer. |
734 | This may be useful in scripts if the connection sometimes fails. | 734 | This may be useful in scripts if the connection sometimes fails. |
735 | The default is 4. | 735 | The default is 1. |
736 | .It Cm EscapeChar | 736 | .It Cm EscapeChar |
737 | Sets the escape character (default: | 737 | Sets the escape character (default: |
738 | .Ql ~ ) . | 738 | .Ql ~ ) . |
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.129 2001/07/11 16:29:59 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.130 2001/07/25 14:35:18 markus Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
@@ -252,7 +252,7 @@ static void load_public_identity_files(void); | |||
252 | int | 252 | int |
253 | main(int ac, char **av) | 253 | main(int ac, char **av) |
254 | { | 254 | { |
255 | int i, opt, exit_status, ok; | 255 | int i, opt, exit_status, cerr; |
256 | u_short fwd_port, fwd_host_port; | 256 | u_short fwd_port, fwd_host_port; |
257 | char *p, *cp, buf[256]; | 257 | char *p, *cp, buf[256]; |
258 | struct stat st; | 258 | struct stat st; |
@@ -666,7 +666,7 @@ again: | |||
666 | 666 | ||
667 | /* Open a connection to the remote host. */ | 667 | /* Open a connection to the remote host. */ |
668 | 668 | ||
669 | ok = ssh_connect(host, &hostaddr, options.port, | 669 | cerr = ssh_connect(host, &hostaddr, options.port, |
670 | options.connection_attempts, | 670 | options.connection_attempts, |
671 | original_effective_uid != 0 || !options.use_privileged_port, | 671 | original_effective_uid != 0 || !options.use_privileged_port, |
672 | pw, options.proxy_command); | 672 | pw, options.proxy_command); |
@@ -679,7 +679,7 @@ again: | |||
679 | */ | 679 | */ |
680 | sensitive_data.nkeys = 0; | 680 | sensitive_data.nkeys = 0; |
681 | sensitive_data.keys = NULL; | 681 | sensitive_data.keys = NULL; |
682 | if (ok && (options.rhosts_rsa_authentication || | 682 | if (!cerr && (options.rhosts_rsa_authentication || |
683 | options.hostbased_authentication)) { | 683 | options.hostbased_authentication)) { |
684 | sensitive_data.nkeys = 3; | 684 | sensitive_data.nkeys = 3; |
685 | sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); | 685 | sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); |
@@ -717,20 +717,19 @@ again: | |||
717 | error("Could not create directory '%.200s'.", buf); | 717 | error("Could not create directory '%.200s'.", buf); |
718 | 718 | ||
719 | /* Check if the connection failed, and try "rsh" if appropriate. */ | 719 | /* Check if the connection failed, and try "rsh" if appropriate. */ |
720 | if (!ok) { | 720 | if (cerr) { |
721 | if (!options.fallback_to_rsh) | ||
722 | exit(1); | ||
721 | if (options.port != 0) | 723 | if (options.port != 0) |
722 | log("Secure connection to %.100s on port %hu refused%.100s.", | 724 | log("Secure connection to %.100s on port %hu refused; " |
723 | host, options.port, | 725 | "reverting to insecure method", |
724 | options.fallback_to_rsh ? "; reverting to insecure method" : ""); | 726 | host, options.port); |
725 | else | 727 | else |
726 | log("Secure connection to %.100s refused%.100s.", host, | 728 | log("Secure connection to %.100s refused; " |
727 | options.fallback_to_rsh ? "; reverting to insecure method" : ""); | 729 | "reverting to insecure method.", host); |
728 | 730 | ||
729 | if (options.fallback_to_rsh) { | 731 | rsh_connect(host, options.user, &command); |
730 | rsh_connect(host, options.user, &command); | 732 | fatal("rsh_connect returned"); |
731 | fatal("rsh_connect returned"); | ||
732 | } | ||
733 | exit(1); | ||
734 | } | 733 | } |
735 | /* load options.identity_files */ | 734 | /* load options.identity_files */ |
736 | load_public_identity_files(); | 735 | load_public_identity_files(); |
diff --git a/sshconnect.c b/sshconnect.c index 745eeb5c3..27b338719 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.109 2001/06/23 15:12:21 itojun Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.110 2001/07/25 14:35:18 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -41,6 +41,27 @@ extern char *__progname; | |||
41 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | 41 | /* AF_UNSPEC or AF_INET or AF_INET6 */ |
42 | extern int IPv4or6; | 42 | extern int IPv4or6; |
43 | 43 | ||
44 | static const char * | ||
45 | sockaddr_ntop(struct sockaddr *sa) | ||
46 | { | ||
47 | void *addr; | ||
48 | static char addrbuf[INET6_ADDRSTRLEN]; | ||
49 | |||
50 | switch (sa->sa_family) { | ||
51 | case AF_INET: | ||
52 | addr = &((struct sockaddr_in *)sa)->sin_addr; | ||
53 | break; | ||
54 | case AF_INET6: | ||
55 | addr = &((struct sockaddr_in6 *)sa)->sin6_addr; | ||
56 | break; | ||
57 | default: | ||
58 | /* This case should be protected against elsewhere */ | ||
59 | abort(); | ||
60 | } | ||
61 | inet_ntop(sa->sa_family, addr, addrbuf, sizeof(addrbuf)); | ||
62 | return addrbuf; | ||
63 | } | ||
64 | |||
44 | /* | 65 | /* |
45 | * Connect to the given ssh server using a proxy command. | 66 | * Connect to the given ssh server using a proxy command. |
46 | */ | 67 | */ |
@@ -138,7 +159,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw, | |||
138 | /* Set the connection file descriptors. */ | 159 | /* Set the connection file descriptors. */ |
139 | packet_set_connection(pout[0], pin[1]); | 160 | packet_set_connection(pout[0], pin[1]); |
140 | 161 | ||
141 | return 1; | 162 | /* Indicate OK return */ |
163 | return 0; | ||
142 | } | 164 | } |
143 | 165 | ||
144 | /* | 166 | /* |
@@ -208,6 +230,12 @@ ssh_create_socket(struct passwd *pw, int privileged, int family) | |||
208 | * second). If proxy_command is non-NULL, it specifies the command (with %h | 230 | * second). If proxy_command is non-NULL, it specifies the command (with %h |
209 | * and %p substituted for host and port, respectively) to use to contact | 231 | * and %p substituted for host and port, respectively) to use to contact |
210 | * the daemon. | 232 | * the daemon. |
233 | * Return values: | ||
234 | * 0 for OK | ||
235 | * ECONNREFUSED if we got a "Connection Refused" by the peer on any address | ||
236 | * ECONNABORTED if we failed without a "Connection refused" | ||
237 | * Suitable error messages for the connection failure will already have been | ||
238 | * printed. | ||
211 | */ | 239 | */ |
212 | int | 240 | int |
213 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | 241 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, |
@@ -222,6 +250,12 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
222 | struct addrinfo hints, *ai, *aitop; | 250 | struct addrinfo hints, *ai, *aitop; |
223 | struct linger linger; | 251 | struct linger linger; |
224 | struct servent *sp; | 252 | struct servent *sp; |
253 | /* | ||
254 | * Did we get only other errors than "Connection refused" (which | ||
255 | * should block fallback to rsh and similar), or did we get at least | ||
256 | * one "Connection refused"? | ||
257 | */ | ||
258 | int full_failure = 1; | ||
225 | 259 | ||
226 | debug("ssh_connect: getuid %u geteuid %u anon %d", | 260 | debug("ssh_connect: getuid %u geteuid %u anon %d", |
227 | (u_int) getuid(), (u_int) geteuid(), anonymous); | 261 | (u_int) getuid(), (u_int) geteuid(), anonymous); |
@@ -252,8 +286,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
252 | * Try to connect several times. On some machines, the first time | 286 | * Try to connect several times. On some machines, the first time |
253 | * will sometimes fail. In general socket code appears to behave | 287 | * will sometimes fail. In general socket code appears to behave |
254 | * quite magically on many machines. | 288 | * quite magically on many machines. |
255 | */ | 289 | */ |
256 | for (attempt = 0; attempt < connection_attempts; attempt++) { | 290 | for (attempt = 0; ;) { |
257 | if (attempt > 0) | 291 | if (attempt > 0) |
258 | debug("Trying again..."); | 292 | debug("Trying again..."); |
259 | 293 | ||
@@ -280,6 +314,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
280 | #endif | 314 | #endif |
281 | ai->ai_family); | 315 | ai->ai_family); |
282 | if (sock < 0) | 316 | if (sock < 0) |
317 | /* Any error is already output */ | ||
283 | continue; | 318 | continue; |
284 | 319 | ||
285 | /* Connect to the host. We use the user's uid in the | 320 | /* Connect to the host. We use the user's uid in the |
@@ -293,7 +328,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
293 | restore_uid(); | 328 | restore_uid(); |
294 | break; | 329 | break; |
295 | } else { | 330 | } else { |
296 | debug("connect: %.100s", strerror(errno)); | 331 | if (errno == ECONNREFUSED) |
332 | full_failure = 0; | ||
333 | log("ssh: connect to address %s port %s: %s", | ||
334 | sockaddr_ntop(ai->ai_addr), strport, | ||
335 | strerror(errno)); | ||
297 | restore_uid(); | 336 | restore_uid(); |
298 | /* | 337 | /* |
299 | * Close the failed socket; there appear to | 338 | * Close the failed socket; there appear to |
@@ -308,6 +347,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
308 | if (ai) | 347 | if (ai) |
309 | break; /* Successful connection. */ | 348 | break; /* Successful connection. */ |
310 | 349 | ||
350 | attempt++; | ||
351 | if (attempt >= connection_attempts) | ||
352 | break; | ||
311 | /* Sleep a moment before retrying. */ | 353 | /* Sleep a moment before retrying. */ |
312 | sleep(1); | 354 | sleep(1); |
313 | } | 355 | } |
@@ -316,7 +358,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
316 | 358 | ||
317 | /* Return failure if we didn't get a successful connection. */ | 359 | /* Return failure if we didn't get a successful connection. */ |
318 | if (attempt >= connection_attempts) | 360 | if (attempt >= connection_attempts) |
319 | return 0; | 361 | return full_failure ? ECONNABORTED : ECONNREFUSED; |
320 | 362 | ||
321 | debug("Connection established."); | 363 | debug("Connection established."); |
322 | 364 | ||
@@ -338,7 +380,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
338 | /* Set the connection. */ | 380 | /* Set the connection. */ |
339 | packet_set_connection(sock, sock); | 381 | packet_set_connection(sock, sock); |
340 | 382 | ||
341 | return 1; | 383 | return 0; |
342 | } | 384 | } |
343 | 385 | ||
344 | /* | 386 | /* |