1 files changed, 102 insertions, 45 deletions
diff --git a/ssh.c b/ssh.c
index 3940dabfd..cfaa1ff22 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -40,20 +41,46 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $");
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#include <sys/resource.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <netdb.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <pwd.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include "xmalloc.h"
 #include "ssh.h"
 #include "ssh1.h"
 #include "ssh2.h"
 #include "compat.h"
 #include "cipher.h"
-#include "xmalloc.h"
 #include "packet.h"
 #include "buffer.h"
-#include "bufaux.h"
 #include "channels.h"
 #include "key.h"
 #include "authfd.h"
@@ -72,6 +99,7 @@ RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $");
 #include "msg.h"
 #include "monitor_fdpass.h"
 #include "uidswap.h"
+#include "version.h"
 #ifdef SMARTCARD
 #include "scard.h"
@@ -162,7 +190,7 @@ usage(void)
 "           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
 "           [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
-"           [-w tunnel:tunnel] [user@]hostname [command]\n"
+"           [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
        );
        exit(255);
 }
@@ -242,7 +270,7 @@ main(int ac, char **av)
        /* Parse command-line arguments. */
        host = NULL;
-again:
+ again:
        while ((opt = getopt(ac, av,
            "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
                switch (opt) {
@@ -586,7 +614,7 @@ again:
                if (!read_config_file(config, host, &options, 0))
                        fatal("Can't open user config file %.100s: "
                            "%.100s", config, strerror(errno));
-        } else  {
+        } else {
                snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
                    _PATH_SSH_USER_CONFFILE);
                (void)read_config_file(buf, host, &options, 1);
@@ -616,7 +644,7 @@ again:
        if (options.host_key_alias != NULL) {
                for (p = options.host_key_alias; *p; p++)
                        if (isupper(*p))
-                                *p = tolower(*p);
+                                *p = (char)tolower(*p);
        }
        /* Get default port if port has not been set. */
@@ -633,11 +661,15 @@ again:
                options.control_path = NULL;
        if (options.control_path != NULL) {
+                char thishost[NI_MAXHOST];
+                if (gethostname(thishost, sizeof(thishost)) == -1)
+                        fatal("gethostname: %s", strerror(errno));
                snprintf(buf, sizeof(buf), "%d", options.port);
                cp = tilde_expand_filename(options.control_path,
                    original_real_uid);
                options.control_path = percent_expand(cp, "p", buf, "h", host,
-                    "r", options.user, (char *)NULL);
+                    "r", options.user, "l", thishost, (char *)NULL);
                xfree(cp);
        }
        if (mux_command != 0 && options.control_path == NULL)
@@ -670,16 +702,16 @@ again:
        if (options.rhosts_rsa_authentication ||
            options.hostbased_authentication) {
                sensitive_data.nkeys = 3;
-                sensitive_data.keys = xmalloc(sensitive_data.nkeys *
+                sensitive_data.keys = xcalloc(sensitive_data.nkeys,
                    sizeof(Key));
                PRIV_START;
                sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
-                    _PATH_HOST_KEY_FILE, "", NULL);
+                    _PATH_HOST_KEY_FILE, "", NULL, NULL);
                sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
-                    _PATH_HOST_DSA_KEY_FILE, "", NULL);
+                    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
                sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
-                    _PATH_HOST_RSA_KEY_FILE, "", NULL);
+                    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
                PRIV_END;
                if (options.hostbased_authentication == 1 &&
@@ -795,6 +827,8 @@ ssh_init_forwarding(void)
                    options.local_forwards[i].connect_port,
                    options.gateway_ports);
        }
+        if (i > 0 && success != i && options.exit_on_forward_failure)
+                fatal("Could not request local forwarding.");
        if (i > 0 && success == 0)
                error("Could not request local forwarding.");
@@ -807,11 +841,17 @@ ssh_init_forwarding(void)
                    options.remote_forwards[i].listen_port,
                    options.remote_forwards[i].connect_host,
                    options.remote_forwards[i].connect_port);
-                channel_request_remote_forwarding(
+                if (channel_request_remote_forwarding(
                    options.remote_forwards[i].listen_host,
                    options.remote_forwards[i].listen_port,
                    options.remote_forwards[i].connect_host,
-                    options.remote_forwards[i].connect_port);
+                    options.remote_forwards[i].connect_port) < 0) {
+                        if (options.exit_on_forward_failure)
+                                fatal("Could not request remote forwarding.");
+                        else
+                                logit("Warning: Could not request remote "
+                                    "forwarding.");
+                }
        }
 }
@@ -872,10 +912,10 @@ ssh_session(void)
                /* Store window size in the packet. */
                if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
                        memset(&ws, 0, sizeof(ws));
-                packet_put_int(ws.ws_row);
+                packet_put_int((u_int)ws.ws_row);
-                packet_put_int(ws.ws_col);
+                packet_put_int((u_int)ws.ws_col);
-                packet_put_int(ws.ws_xpixel);
+                packet_put_int((u_int)ws.ws_xpixel);
-                packet_put_int(ws.ws_ypixel);
+                packet_put_int((u_int)ws.ws_ypixel);
                /* Store tty modes in the packet. */
                tty_make_modes(fileno(stdin), NULL);
@@ -993,9 +1033,16 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
            options.remote_forwards[i].listen_port,
            options.remote_forwards[i].connect_host,
            options.remote_forwards[i].connect_port);
-        if (type == SSH2_MSG_REQUEST_FAILURE)
+        if (type == SSH2_MSG_REQUEST_FAILURE) {
-                logit("Warning: remote port forwarding failed for listen "
+                if (options.exit_on_forward_failure)
-                    "port %d", options.remote_forwards[i].listen_port);
+                        fatal("Error: remote port forwarding failed for "
+                            "listen port %d",
+                            options.remote_forwards[i].listen_port);
+                else
+                        logit("Warning: remote port forwarding failed for "
+                            "listen port %d",
+                            options.remote_forwards[i].listen_port);
+        }
 }
 static void
@@ -1024,7 +1071,7 @@ ssh_control_listener(void)
                fatal("%s socket(): %s", __func__, strerror(errno));
        old_umask = umask(0177);
-        if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {
+        if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) {
                control_fd = -1;
                if (errno == EINVAL || errno == EADDRINUSE)
                        fatal("ControlSocket %s already exists",
@@ -1176,15 +1223,16 @@ ssh_session2(void)
 static void
 load_public_identity_files(void)
 {
-        char *filename;
+        char *filename, *cp, thishost[NI_MAXHOST];
        int i = 0;
        Key *public;
+        struct passwd *pw;
 #ifdef SMARTCARD
        Key **keys;
        if (options.smartcard_device != NULL &&
            options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
-            (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
+            (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) {
                int count = 0;
                for (i = 0; keys[i] != NULL; i++) {
                        count++;
@@ -1202,9 +1250,18 @@ load_public_identity_files(void)
                xfree(keys);
        }
 #endif /* SMARTCARD */
+        if ((pw = getpwuid(original_real_uid)) == NULL)
+                fatal("load_public_identity_files: getpwuid failed");
+        if (gethostname(thishost, sizeof(thishost)) == -1)
+                fatal("load_public_identity_files: gethostname: %s",
+                    strerror(errno));
        for (; i < options.num_identity_files; i++) {
-                filename = tilde_expand_filename(options.identity_files[i],
+                cp = tilde_expand_filename(options.identity_files[i],
                    original_real_uid);
+                filename = percent_expand(cp, "d", pw->pw_dir,
+                    "u", pw->pw_name, "l", thishost, "h", host,
+                    "r", options.user, (char *)NULL);
+                xfree(cp);
                public = key_load_public(filename, NULL);
                debug("identity file %s type %d", filename,
                    public ? public->type : -1);
@@ -1230,14 +1287,14 @@ control_client_sigrelay(int signo)
 static int
 env_permitted(char *env)
 {
-        int i;
+        int i, ret;
        char name[1024], *cp;
-        strlcpy(name, env, sizeof(name));
+        if ((cp = strchr(env, '=')) == NULL || cp == env)
-        if ((cp = strchr(name, '=')) == NULL)
                return (0);
+        ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
-        *cp = '\0';
+        if (ret <= 0 || (size_t)ret >= sizeof(name))
+                fatal("env_permitted: name '%.100s...' too long", env);
        for (i = 0; i < options.num_send_env; i++)
                if (match_pattern(name, options.send_env[i]))
@@ -1282,29 +1339,29 @@ control_client(const char *path)
        if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
                fatal("%s socket(): %s", __func__, strerror(errno));
-        if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) {
+        if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) {
                if (mux_command != SSHMUX_COMMAND_OPEN) {
                        fatal("Control socket connect(%.100s): %s", path,
                            strerror(errno));
                }
                if (errno == ENOENT)
-                        debug("Control socket \"%.100s\" does not exist", path);
+                        debug("Control socket \"%.100s\" does not exist", path);
                else {
-                        error("Control socket connect(%.100s): %s", path,
+                        error("Control socket connect(%.100s): %s", path,
                            strerror(errno));
                }
-                close(sock);
+                close(sock);
-                return;
+                return;
-        }
+        }
-        if (stdin_null_flag) {
+        if (stdin_null_flag) {
-                if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)
+                if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)
-                        fatal("open(/dev/null): %s", strerror(errno));
+                        fatal("open(/dev/null): %s", strerror(errno));
-                if (dup2(fd, STDIN_FILENO) == -1)
+                if (dup2(fd, STDIN_FILENO) == -1)
-                        fatal("dup2: %s", strerror(errno));
+                        fatal("dup2: %s", strerror(errno));
-                if (fd > STDERR_FILENO)
+                if (fd > STDERR_FILENO)
-                        close(fd);
+                        close(fd);
-        }
+        }
        term = getenv("TERM");

diff --git a/ssh.c b/ssh.c index 3940dabfd..cfaa1ff22 100644 --- a/ssh.c +++ b/ssh.c
@@ -1,3 +1,4 @@
		1	/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */
1	/*	2	/*
2	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -40,20 +41,46 @@
40	*/	41	*/
41		42
42	#include "includes.h"	43	#include "includes.h"
43	RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $");	44
		45	#include <sys/types.h>
		46	#ifdef HAVE_SYS_STAT_H
		47	# include <sys/stat.h>
		48	#endif
		49	#include <sys/resource.h>
		50	#include <sys/ioctl.h>
		51	#include <sys/socket.h>
		52	#include <sys/un.h>
		53
		54	#include <ctype.h>
		55	#include <errno.h>
		56	#include <fcntl.h>
		57	#include <netdb.h>
		58	#ifdef HAVE_PATHS_H
		59	#include <paths.h>
		60	#endif
		61	#include <pwd.h>
		62	#include <signal.h>
		63	#include <stdarg.h>
		64	#include <stddef.h>
		65	#include <stdio.h>
		66	#include <stdlib.h>
		67	#include <string.h>
		68	#include <unistd.h>
		69
		70	#include <netinet/in.h>
		71	#include <arpa/inet.h>
44		72
45	#include <openssl/evp.h>	73	#include <openssl/evp.h>
46	#include <openssl/err.h>	74	#include <openssl/err.h>
47		75
		76	#include "xmalloc.h"
48	#include "ssh.h"	77	#include "ssh.h"
49	#include "ssh1.h"	78	#include "ssh1.h"
50	#include "ssh2.h"	79	#include "ssh2.h"
51	#include "compat.h"	80	#include "compat.h"
52	#include "cipher.h"	81	#include "cipher.h"
53	#include "xmalloc.h"
54	#include "packet.h"	82	#include "packet.h"
55	#include "buffer.h"	83	#include "buffer.h"
56	#include "bufaux.h"
57	#include "channels.h"	84	#include "channels.h"
58	#include "key.h"	85	#include "key.h"
59	#include "authfd.h"	86	#include "authfd.h"
@@ -72,6 +99,7 @@ RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $");
72	#include "msg.h"	99	#include "msg.h"
73	#include "monitor_fdpass.h"	100	#include "monitor_fdpass.h"
74	#include "uidswap.h"	101	#include "uidswap.h"
		102	#include "version.h"
75		103
76	#ifdef SMARTCARD	104	#ifdef SMARTCARD
77	#include "scard.h"	105	#include "scard.h"
@@ -162,7 +190,7 @@ usage(void)
162	" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"	190	" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
163	" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"	191	" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
164	" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"	192	" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
165	" [-w tunnel:tunnel] [user@]hostname [command]\n"	193	" [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
166	);	194	);
167	exit(255);	195	exit(255);
168	}	196	}
@@ -242,7 +270,7 @@ main(int ac, char **av)
242	/* Parse command-line arguments. */	270	/* Parse command-line arguments. */
243	host = NULL;	271	host = NULL;
244		272
245	again:	273	again:
246	while ((opt = getopt(ac, av,	274	while ((opt = getopt(ac, av,
247	"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {	275	"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
248	switch (opt) {	276	switch (opt) {
@@ -586,7 +614,7 @@ again:
586	if (!read_config_file(config, host, &options, 0))	614	if (!read_config_file(config, host, &options, 0))
587	fatal("Can't open user config file %.100s: "	615	fatal("Can't open user config file %.100s: "
588	"%.100s", config, strerror(errno));	616	"%.100s", config, strerror(errno));
589	} else {	617	} else {
590	snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,	618	snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
591	_PATH_SSH_USER_CONFFILE);	619	_PATH_SSH_USER_CONFFILE);
592	(void)read_config_file(buf, host, &options, 1);	620	(void)read_config_file(buf, host, &options, 1);
@@ -616,7 +644,7 @@ again:
616	if (options.host_key_alias != NULL) {	644	if (options.host_key_alias != NULL) {
617	for (p = options.host_key_alias; *p; p++)	645	for (p = options.host_key_alias; *p; p++)
618	if (isupper(*p))	646	if (isupper(*p))
619	p = tolower(p);	647	p = (char)tolower(p);
620	}	648	}
621		649
622	/* Get default port if port has not been set. */	650	/* Get default port if port has not been set. */
@@ -633,11 +661,15 @@ again:
633	options.control_path = NULL;	661	options.control_path = NULL;
634		662
635	if (options.control_path != NULL) {	663	if (options.control_path != NULL) {
		664	char thishost[NI_MAXHOST];
		665
		666	if (gethostname(thishost, sizeof(thishost)) == -1)
		667	fatal("gethostname: %s", strerror(errno));
636	snprintf(buf, sizeof(buf), "%d", options.port);	668	snprintf(buf, sizeof(buf), "%d", options.port);
637	cp = tilde_expand_filename(options.control_path,	669	cp = tilde_expand_filename(options.control_path,
638	original_real_uid);	670	original_real_uid);
639	options.control_path = percent_expand(cp, "p", buf, "h", host,	671	options.control_path = percent_expand(cp, "p", buf, "h", host,
640	"r", options.user, (char *)NULL);	672	"r", options.user, "l", thishost, (char *)NULL);
641	xfree(cp);	673	xfree(cp);
642	}	674	}
643	if (mux_command != 0 && options.control_path == NULL)	675	if (mux_command != 0 && options.control_path == NULL)
@@ -670,16 +702,16 @@ again:
670	if (options.rhosts_rsa_authentication \|\|	702	if (options.rhosts_rsa_authentication \|\|
671	options.hostbased_authentication) {	703	options.hostbased_authentication) {
672	sensitive_data.nkeys = 3;	704	sensitive_data.nkeys = 3;
673	sensitive_data.keys = xmalloc(sensitive_data.nkeys *	705	sensitive_data.keys = xcalloc(sensitive_data.nkeys,
674	sizeof(Key));	706	sizeof(Key));
675		707
676	PRIV_START;	708	PRIV_START;
677	sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,	709	sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
678	_PATH_HOST_KEY_FILE, "", NULL);	710	_PATH_HOST_KEY_FILE, "", NULL, NULL);
679	sensitive_data.keys[1] = key_load_private_type(KEY_DSA,	711	sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
680	_PATH_HOST_DSA_KEY_FILE, "", NULL);	712	_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
681	sensitive_data.keys[2] = key_load_private_type(KEY_RSA,	713	sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
682	_PATH_HOST_RSA_KEY_FILE, "", NULL);	714	_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
683	PRIV_END;	715	PRIV_END;
684		716
685	if (options.hostbased_authentication == 1 &&	717	if (options.hostbased_authentication == 1 &&
@@ -795,6 +827,8 @@ ssh_init_forwarding(void)
795	options.local_forwards[i].connect_port,	827	options.local_forwards[i].connect_port,
796	options.gateway_ports);	828	options.gateway_ports);
797	}	829	}
		830	if (i > 0 && success != i && options.exit_on_forward_failure)
		831	fatal("Could not request local forwarding.");
798	if (i > 0 && success == 0)	832	if (i > 0 && success == 0)
799	error("Could not request local forwarding.");	833	error("Could not request local forwarding.");
800		834
@@ -807,11 +841,17 @@ ssh_init_forwarding(void)
807	options.remote_forwards[i].listen_port,	841	options.remote_forwards[i].listen_port,
808	options.remote_forwards[i].connect_host,	842	options.remote_forwards[i].connect_host,
809	options.remote_forwards[i].connect_port);	843	options.remote_forwards[i].connect_port);
810	channel_request_remote_forwarding(	844	if (channel_request_remote_forwarding(
811	options.remote_forwards[i].listen_host,	845	options.remote_forwards[i].listen_host,
812	options.remote_forwards[i].listen_port,	846	options.remote_forwards[i].listen_port,
813	options.remote_forwards[i].connect_host,	847	options.remote_forwards[i].connect_host,
814	options.remote_forwards[i].connect_port);	848	options.remote_forwards[i].connect_port) < 0) {
		849	if (options.exit_on_forward_failure)
		850	fatal("Could not request remote forwarding.");
		851	else
		852	logit("Warning: Could not request remote "
		853	"forwarding.");
		854	}
815	}	855	}
816	}	856	}
817		857
@@ -872,10 +912,10 @@ ssh_session(void)
872	/* Store window size in the packet. */	912	/* Store window size in the packet. */
873	if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)	913	if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
874	memset(&ws, 0, sizeof(ws));	914	memset(&ws, 0, sizeof(ws));
875	packet_put_int(ws.ws_row);	915	packet_put_int((u_int)ws.ws_row);
876	packet_put_int(ws.ws_col);	916	packet_put_int((u_int)ws.ws_col);
877	packet_put_int(ws.ws_xpixel);	917	packet_put_int((u_int)ws.ws_xpixel);
878	packet_put_int(ws.ws_ypixel);	918	packet_put_int((u_int)ws.ws_ypixel);
879		919
880	/* Store tty modes in the packet. */	920	/* Store tty modes in the packet. */
881	tty_make_modes(fileno(stdin), NULL);	921	tty_make_modes(fileno(stdin), NULL);
@@ -993,9 +1033,16 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
993	options.remote_forwards[i].listen_port,	1033	options.remote_forwards[i].listen_port,
994	options.remote_forwards[i].connect_host,	1034	options.remote_forwards[i].connect_host,
995	options.remote_forwards[i].connect_port);	1035	options.remote_forwards[i].connect_port);
996	if (type == SSH2_MSG_REQUEST_FAILURE)	1036	if (type == SSH2_MSG_REQUEST_FAILURE) {
997	logit("Warning: remote port forwarding failed for listen "	1037	if (options.exit_on_forward_failure)
998	"port %d", options.remote_forwards[i].listen_port);	1038	fatal("Error: remote port forwarding failed for "
		1039	"listen port %d",
		1040	options.remote_forwards[i].listen_port);
		1041	else
		1042	logit("Warning: remote port forwarding failed for "
		1043	"listen port %d",
		1044	options.remote_forwards[i].listen_port);
		1045	}
999	}	1046	}
1000		1047
1001	static void	1048	static void
@@ -1024,7 +1071,7 @@ ssh_control_listener(void)
1024	fatal("%s socket(): %s", __func__, strerror(errno));	1071	fatal("%s socket(): %s", __func__, strerror(errno));
1025		1072
1026	old_umask = umask(0177);	1073	old_umask = umask(0177);
1027	if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {	1074	if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) {
1028	control_fd = -1;	1075	control_fd = -1;
1029	if (errno == EINVAL \|\| errno == EADDRINUSE)	1076	if (errno == EINVAL \|\| errno == EADDRINUSE)
1030	fatal("ControlSocket %s already exists",	1077	fatal("ControlSocket %s already exists",
@@ -1176,15 +1223,16 @@ ssh_session2(void)
1176	static void	1223	static void
1177	load_public_identity_files(void)	1224	load_public_identity_files(void)
1178	{	1225	{
1179	char *filename;	1226	char filename, cp, thishost[NI_MAXHOST];
1180	int i = 0;	1227	int i = 0;
1181	Key *public;	1228	Key *public;
		1229	struct passwd *pw;
1182	#ifdef SMARTCARD	1230	#ifdef SMARTCARD
1183	Key **keys;	1231	Key **keys;
1184		1232
1185	if (options.smartcard_device != NULL &&	1233	if (options.smartcard_device != NULL &&
1186	options.num_identity_files < SSH_MAX_IDENTITY_FILES &&	1234	options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
1187	(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {	1235	(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) {
1188	int count = 0;	1236	int count = 0;
1189	for (i = 0; keys[i] != NULL; i++) {	1237	for (i = 0; keys[i] != NULL; i++) {
1190	count++;	1238	count++;
@@ -1202,9 +1250,18 @@ load_public_identity_files(void)
1202	xfree(keys);	1250	xfree(keys);
1203	}	1251	}
1204	#endif /* SMARTCARD */	1252	#endif /* SMARTCARD */
		1253	if ((pw = getpwuid(original_real_uid)) == NULL)
		1254	fatal("load_public_identity_files: getpwuid failed");
		1255	if (gethostname(thishost, sizeof(thishost)) == -1)
		1256	fatal("load_public_identity_files: gethostname: %s",
		1257	strerror(errno));
1205	for (; i < options.num_identity_files; i++) {	1258	for (; i < options.num_identity_files; i++) {
1206	filename = tilde_expand_filename(options.identity_files[i],	1259	cp = tilde_expand_filename(options.identity_files[i],
1207	original_real_uid);	1260	original_real_uid);
		1261	filename = percent_expand(cp, "d", pw->pw_dir,
		1262	"u", pw->pw_name, "l", thishost, "h", host,
		1263	"r", options.user, (char *)NULL);
		1264	xfree(cp);
1208	public = key_load_public(filename, NULL);	1265	public = key_load_public(filename, NULL);
1209	debug("identity file %s type %d", filename,	1266	debug("identity file %s type %d", filename,
1210	public ? public->type : -1);	1267	public ? public->type : -1);
@@ -1230,14 +1287,14 @@ control_client_sigrelay(int signo)
1230	static int	1287	static int
1231	env_permitted(char *env)	1288	env_permitted(char *env)
1232	{	1289	{
1233	int i;	1290	int i, ret;
1234	char name[1024], *cp;	1291	char name[1024], *cp;
1235		1292
1236	strlcpy(name, env, sizeof(name));	1293	if ((cp = strchr(env, '=')) == NULL \|\| cp == env)
1237	if ((cp = strchr(name, '=')) == NULL)
1238	return (0);	1294	return (0);
1239		1295	ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
1240	*cp = '\0';	1296	if (ret <= 0 \|\| (size_t)ret >= sizeof(name))
		1297	fatal("env_permitted: name '%.100s...' too long", env);
1241		1298
1242	for (i = 0; i < options.num_send_env; i++)	1299	for (i = 0; i < options.num_send_env; i++)
1243	if (match_pattern(name, options.send_env[i]))	1300	if (match_pattern(name, options.send_env[i]))
@@ -1282,29 +1339,29 @@ control_client(const char *path)
1282	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)	1339	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1283	fatal("%s socket(): %s", __func__, strerror(errno));	1340	fatal("%s socket(): %s", __func__, strerror(errno));
1284		1341
1285	if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) {	1342	if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) {
1286	if (mux_command != SSHMUX_COMMAND_OPEN) {	1343	if (mux_command != SSHMUX_COMMAND_OPEN) {
1287	fatal("Control socket connect(%.100s): %s", path,	1344	fatal("Control socket connect(%.100s): %s", path,
1288	strerror(errno));	1345	strerror(errno));
1289	}	1346	}
1290	if (errno == ENOENT)	1347	if (errno == ENOENT)
1291	debug("Control socket \"%.100s\" does not exist", path);	1348	debug("Control socket \"%.100s\" does not exist", path);
1292	else {	1349	else {
1293	error("Control socket connect(%.100s): %s", path,	1350	error("Control socket connect(%.100s): %s", path,
1294	strerror(errno));	1351	strerror(errno));
1295	}	1352	}
1296	close(sock);	1353	close(sock);
1297	return;	1354	return;
1298	}	1355	}
1299		1356
1300	if (stdin_null_flag) {	1357	if (stdin_null_flag) {
1301	if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)	1358	if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1302	fatal("open(/dev/null): %s", strerror(errno));	1359	fatal("open(/dev/null): %s", strerror(errno));
1303	if (dup2(fd, STDIN_FILENO) == -1)	1360	if (dup2(fd, STDIN_FILENO) == -1)
1304	fatal("dup2: %s", strerror(errno));	1361	fatal("dup2: %s", strerror(errno));
1305	if (fd > STDERR_FILENO)	1362	if (fd > STDERR_FILENO)
1306	close(fd);	1363	close(fd);
1307	}	1364	}
1308		1365
1309	term = getenv("TERM");	1366	term = getenv("TERM");
1310		1367