1 files changed, 71 insertions, 18 deletions
diff --git a/clientloop.c b/clientloop.c
index c7362caa8..b57fda042 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.181 2007/08/15 08:14:46 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -290,19 +290,29 @@ client_x11_get_proto(const char *display, const char *xauth_path,
                                        generated = 1;
                        }
                }
-                snprintf(cmd, sizeof(cmd),
-                    "%s %s%s list %s 2>" _PATH_DEVNULL,
+                /*
-                    xauth_path,
+                 * When in untrusted mode, we read the cookie only if it was
-                    generated ? "-f " : "" ,
+                 * successfully generated as an untrusted one in the step
-                    generated ? xauthfile : "",
+                 * above.
-                    display);
+                 */
-                debug2("x11_get_proto: %s", cmd);
+                if (trusted || generated) {
-                f = popen(cmd, "r");
+                        snprintf(cmd, sizeof(cmd),
-                if (f && fgets(line, sizeof(line), f) &&
+                            "%s %s%s list %s 2>" _PATH_DEVNULL,
-                    sscanf(line, "%*s %511s %511s", proto, data) == 2)
+                            xauth_path,
-                        got_data = 1;
+                            generated ? "-f " : "" ,
-                if (f)
+                            generated ? xauthfile : "",
-                        pclose(f);
+                            display);
+                        debug2("x11_get_proto: %s", cmd);
+                        f = popen(cmd, "r");
+                        if (f && fgets(line, sizeof(line), f) &&
+                            sscanf(line, "%*s %511s %511s", proto, data) == 2)
+                                got_data = 1;
+                        if (f)
+                                pclose(f);
+                } else
+                        error("Warning: untrusted X11 forwarding setup failed: "
+                            "xauth key data not generated");
        }
        if (do_unlink) {
@@ -935,7 +945,7 @@ process_cmdline(void)
        cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
        if (s == NULL)
                goto out;
-        while (*s && isspace(*s))
+        while (isspace(*s))
                s++;
        if (*s == '-')
                s++;    /* Skip cmdline '-', if any */
@@ -982,9 +992,8 @@ process_cmdline(void)
                goto out;
        }
-        s++;
+        while (isspace(*++s))
-        while (*s && isspace(*s))
+                ;
-                s++;
        if (delete) {
                cancel_port = 0;
@@ -1774,6 +1783,50 @@ client_request_agent(const char *request_type, int rchan)
        return c;
 }
+int
+client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
+{
+        Channel *c;
+        int fd;
+        if (tun_mode == SSH_TUNMODE_NO)
+                return 0;
+        if (!compat20) {
+                error("Tunnel forwarding is not support for protocol 1");
+                return -1;
+        }
+        debug("Requesting tun unit %d in mode %d", local_tun, tun_mode);
+        /* Open local tunnel device */
+        if ((fd = tun_open(local_tun, tun_mode)) == -1) {
+                error("Tunnel device open failed.");
+                return -1;
+        }
+        c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+            CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+        c->datagram = 1;
+#if defined(SSH_TUN_FILTER)
+        if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
+                channel_register_filter(c->self, sys_tun_infilter,
+                    sys_tun_outfilter);
+#endif
+        packet_start(SSH2_MSG_CHANNEL_OPEN);
+        packet_put_cstring("tun@openssh.com");
+        packet_put_int(c->self);
+        packet_put_int(c->local_window_max);
+        packet_put_int(c->local_maxpacket);
+        packet_put_int(tun_mode);
+        packet_put_int(remote_tun);
+        packet_send();
+        return 0;
+}
 /* XXXX move to generic input handler */
 static void
 client_input_channel_open(int type, u_int32_t seq, void *ctxt)

diff --git a/clientloop.c b/clientloop.c index c7362caa8..b57fda042 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */	1	/* $OpenBSD: clientloop.c,v 1.181 2007/08/15 08:14:46 markus Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -290,19 +290,29 @@ client_x11_get_proto(const char display, const char xauth_path,
290	generated = 1;	290	generated = 1;
291	}	291	}
292	}	292	}
293	snprintf(cmd, sizeof(cmd),	293
294	"%s %s%s list %s 2>" _PATH_DEVNULL,	294	/*
295	xauth_path,	295	* When in untrusted mode, we read the cookie only if it was
296	generated ? "-f " : "" ,	296	* successfully generated as an untrusted one in the step
297	generated ? xauthfile : "",	297	* above.
298	display);	298	*/
299	debug2("x11_get_proto: %s", cmd);	299	if (trusted \|\| generated) {
300	f = popen(cmd, "r");	300	snprintf(cmd, sizeof(cmd),
301	if (f && fgets(line, sizeof(line), f) &&	301	"%s %s%s list %s 2>" _PATH_DEVNULL,
302	sscanf(line, "%*s %511s %511s", proto, data) == 2)	302	xauth_path,
303	got_data = 1;	303	generated ? "-f " : "" ,
304	if (f)	304	generated ? xauthfile : "",
305	pclose(f);	305	display);
		306	debug2("x11_get_proto: %s", cmd);
		307	f = popen(cmd, "r");
		308	if (f && fgets(line, sizeof(line), f) &&
		309	sscanf(line, "%*s %511s %511s", proto, data) == 2)
		310	got_data = 1;
		311	if (f)
		312	pclose(f);
		313	} else
		314	error("Warning: untrusted X11 forwarding setup failed: "
		315	"xauth key data not generated");
306	}	316	}
307		317
308	if (do_unlink) {	318	if (do_unlink) {
@@ -935,7 +945,7 @@ process_cmdline(void)
935	cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);	945	cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
936	if (s == NULL)	946	if (s == NULL)
937	goto out;	947	goto out;
938	while (s && isspace(s))	948	while (isspace(*s))
939	s++;	949	s++;
940	if (*s == '-')	950	if (*s == '-')
941	s++; /* Skip cmdline '-', if any */	951	s++; /* Skip cmdline '-', if any */
@@ -982,9 +992,8 @@ process_cmdline(void)
982	goto out;	992	goto out;
983	}	993	}
984		994
985	s++;	995	while (isspace(*++s))
986	while (s && isspace(s))	996	;
987	s++;
988		997
989	if (delete) {	998	if (delete) {
990	cancel_port = 0;	999	cancel_port = 0;
@@ -1774,6 +1783,50 @@ client_request_agent(const char *request_type, int rchan)
1774	return c;	1783	return c;
1775	}	1784	}
1776		1785
		1786	int
		1787	client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
		1788	{
		1789	Channel *c;
		1790	int fd;
		1791
		1792	if (tun_mode == SSH_TUNMODE_NO)
		1793	return 0;
		1794
		1795	if (!compat20) {
		1796	error("Tunnel forwarding is not support for protocol 1");
		1797	return -1;
		1798	}
		1799
		1800	debug("Requesting tun unit %d in mode %d", local_tun, tun_mode);
		1801
		1802	/* Open local tunnel device */
		1803	if ((fd = tun_open(local_tun, tun_mode)) == -1) {
		1804	error("Tunnel device open failed.");
		1805	return -1;
		1806	}
		1807
		1808	c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
		1809	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
		1810	c->datagram = 1;
		1811
		1812	#if defined(SSH_TUN_FILTER)
		1813	if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
		1814	channel_register_filter(c->self, sys_tun_infilter,
		1815	sys_tun_outfilter);
		1816	#endif
		1817
		1818	packet_start(SSH2_MSG_CHANNEL_OPEN);
		1819	packet_put_cstring("tun@openssh.com");
		1820	packet_put_int(c->self);
		1821	packet_put_int(c->local_window_max);
		1822	packet_put_int(c->local_maxpacket);
		1823	packet_put_int(tun_mode);
		1824	packet_put_int(remote_tun);
		1825	packet_send();
		1826
		1827	return 0;
		1828	}
		1829
1777	/* XXXX move to generic input handler */	1830	/* XXXX move to generic input handler */
1778	static void	1831	static void
1779	client_input_channel_open(int type, u_int32_t seq, void *ctxt)	1832	client_input_channel_open(int type, u_int32_t seq, void *ctxt)