summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c77
1 files changed, 50 insertions, 27 deletions
diff --git a/ssh.c b/ssh.c
index 22d4f53c4..77dbde058 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.356 2011/01/06 22:23:53 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -183,9 +183,6 @@ int subsystem_flag = 0;
183/* # of replies received for global requests */ 183/* # of replies received for global requests */
184static int remote_forward_confirms_received = 0; 184static int remote_forward_confirms_received = 0;
185 185
186/* pid of proxycommand child process */
187pid_t proxy_command_pid = 0;
188
189/* mux.c */ 186/* mux.c */
190extern int muxserver_sock; 187extern int muxserver_sock;
191extern u_int muxclient_command; 188extern u_int muxclient_command;
@@ -224,7 +221,7 @@ int
224main(int ac, char **av) 221main(int ac, char **av)
225{ 222{
226 int i, r, opt, exit_status, use_syslog; 223 int i, r, opt, exit_status, use_syslog;
227 char *p, *cp, *line, *argv0, buf[MAXPATHLEN]; 224 char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg;
228 struct stat st; 225 struct stat st;
229 struct passwd *pw; 226 struct passwd *pw;
230 int dummy, timeout_ms; 227 int dummy, timeout_ms;
@@ -601,7 +598,7 @@ main(int ac, char **av)
601 if (!host) 598 if (!host)
602 usage(); 599 usage();
603 600
604 SSLeay_add_all_algorithms(); 601 OpenSSL_add_all_algorithms();
605 ERR_load_crypto_strings(); 602 ERR_load_crypto_strings();
606 603
607 /* Initialize the command to execute on remote host. */ 604 /* Initialize the command to execute on remote host. */
@@ -696,6 +693,8 @@ main(int ac, char **av)
696 options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; 693 options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
697 } 694 }
698 695
696 /* preserve host name given on command line for %n expansion */
697 host_arg = host;
699 if (options.hostname != NULL) { 698 if (options.hostname != NULL) {
700 host = percent_expand(options.hostname, 699 host = percent_expand(options.hostname,
701 "h", host, (char *)NULL); 700 "h", host, (char *)NULL);
@@ -710,7 +709,7 @@ main(int ac, char **av)
710 debug3("expanding LocalCommand: %s", options.local_command); 709 debug3("expanding LocalCommand: %s", options.local_command);
711 cp = options.local_command; 710 cp = options.local_command;
712 options.local_command = percent_expand(cp, "d", pw->pw_dir, 711 options.local_command = percent_expand(cp, "d", pw->pw_dir,
713 "h", host, "l", thishost, "n", host, "r", options.user, 712 "h", host, "l", thishost, "n", host_arg, "r", options.user,
714 "p", buf, "u", pw->pw_name, (char *)NULL); 713 "p", buf, "u", pw->pw_name, (char *)NULL);
715 debug3("expanded LocalCommand: %s", options.local_command); 714 debug3("expanded LocalCommand: %s", options.local_command);
716 xfree(cp); 715 xfree(cp);
@@ -782,34 +781,53 @@ main(int ac, char **av)
782 sensitive_data.external_keysign = 0; 781 sensitive_data.external_keysign = 0;
783 if (options.rhosts_rsa_authentication || 782 if (options.rhosts_rsa_authentication ||
784 options.hostbased_authentication) { 783 options.hostbased_authentication) {
785 sensitive_data.nkeys = 5; 784 sensitive_data.nkeys = 7;
786 sensitive_data.keys = xcalloc(sensitive_data.nkeys, 785 sensitive_data.keys = xcalloc(sensitive_data.nkeys,
787 sizeof(Key)); 786 sizeof(Key));
787 for (i = 0; i < sensitive_data.nkeys; i++)
788 sensitive_data.keys[i] = NULL;
788 789
789 PRIV_START; 790 PRIV_START;
790 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, 791 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
791 _PATH_HOST_KEY_FILE, "", NULL, NULL); 792 _PATH_HOST_KEY_FILE, "", NULL, NULL);
792 sensitive_data.keys[1] = key_load_private_cert(KEY_DSA, 793 sensitive_data.keys[1] = key_load_private_cert(KEY_DSA,
793 _PATH_HOST_DSA_KEY_FILE, "", NULL); 794 _PATH_HOST_DSA_KEY_FILE, "", NULL);
794 sensitive_data.keys[2] = key_load_private_cert(KEY_RSA, 795#ifdef OPENSSL_HAS_ECC
796 sensitive_data.keys[2] = key_load_private_cert(KEY_ECDSA,
797 _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
798#endif
799 sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
795 _PATH_HOST_RSA_KEY_FILE, "", NULL); 800 _PATH_HOST_RSA_KEY_FILE, "", NULL);
796 sensitive_data.keys[3] = key_load_private_type(KEY_DSA, 801 sensitive_data.keys[4] = key_load_private_type(KEY_DSA,
797 _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); 802 _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
798 sensitive_data.keys[4] = key_load_private_type(KEY_RSA, 803#ifdef OPENSSL_HAS_ECC
804 sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
805 _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
806#endif
807 sensitive_data.keys[6] = key_load_private_type(KEY_RSA,
799 _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); 808 _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
800 PRIV_END; 809 PRIV_END;
801 810
802 if (options.hostbased_authentication == 1 && 811 if (options.hostbased_authentication == 1 &&
803 sensitive_data.keys[0] == NULL && 812 sensitive_data.keys[0] == NULL &&
804 sensitive_data.keys[3] == NULL && 813 sensitive_data.keys[4] == NULL &&
805 sensitive_data.keys[4] == NULL) { 814 sensitive_data.keys[5] == NULL &&
815 sensitive_data.keys[6] == NULL) {
806 sensitive_data.keys[1] = key_load_cert( 816 sensitive_data.keys[1] = key_load_cert(
807 _PATH_HOST_DSA_KEY_FILE); 817 _PATH_HOST_DSA_KEY_FILE);
818#ifdef OPENSSL_HAS_ECC
808 sensitive_data.keys[2] = key_load_cert( 819 sensitive_data.keys[2] = key_load_cert(
820 _PATH_HOST_ECDSA_KEY_FILE);
821#endif
822 sensitive_data.keys[3] = key_load_cert(
809 _PATH_HOST_RSA_KEY_FILE); 823 _PATH_HOST_RSA_KEY_FILE);
810 sensitive_data.keys[3] = key_load_public(
811 _PATH_HOST_DSA_KEY_FILE, NULL);
812 sensitive_data.keys[4] = key_load_public( 824 sensitive_data.keys[4] = key_load_public(
825 _PATH_HOST_DSA_KEY_FILE, NULL);
826#ifdef OPENSSL_HAS_ECC
827 sensitive_data.keys[5] = key_load_public(
828 _PATH_HOST_ECDSA_KEY_FILE, NULL);
829#endif
830 sensitive_data.keys[6] = key_load_public(
813 _PATH_HOST_RSA_KEY_FILE, NULL); 831 _PATH_HOST_RSA_KEY_FILE, NULL);
814 sensitive_data.external_keysign = 1; 832 sensitive_data.external_keysign = 1;
815 } 833 }
@@ -832,10 +850,19 @@ main(int ac, char **av)
832 */ 850 */
833 r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, 851 r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
834 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); 852 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
835 if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) 853 if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
854#ifdef WITH_SELINUX
855 char *scon;
856
857 matchpathcon(buf, 0700, &scon);
858 setfscreatecon(scon);
859#endif
836 if (mkdir(buf, 0700) < 0) 860 if (mkdir(buf, 0700) < 0)
837 error("Could not create directory '%.200s'.", buf); 861 error("Could not create directory '%.200s'.", buf);
838 862#ifdef WITH_SELINUX
863 setfscreatecon(NULL);
864#endif
865 }
839 /* load options.identity_files */ 866 /* load options.identity_files */
840 load_public_identity_files(); 867 load_public_identity_files();
841 868
@@ -855,7 +882,7 @@ main(int ac, char **av)
855 882
856 /* Log into the remote system. Never returns if the login fails. */ 883 /* Log into the remote system. Never returns if the login fails. */
857 ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, 884 ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
858 pw, timeout_ms); 885 options.port, pw, timeout_ms);
859 886
860 if (packet_connection_is_on_socket()) { 887 if (packet_connection_is_on_socket()) {
861 verbose("Authenticated to %s ([%s]:%d).", host, 888 verbose("Authenticated to %s ([%s]:%d).", host,
@@ -893,12 +920,8 @@ main(int ac, char **av)
893 if (options.control_path != NULL && muxserver_sock != -1) 920 if (options.control_path != NULL && muxserver_sock != -1)
894 unlink(options.control_path); 921 unlink(options.control_path);
895 922
896 /* 923 /* Kill ProxyCommand if it is running. */
897 * Send SIGHUP to proxy command if used. We don't wait() in 924 ssh_kill_proxy_command();
898 * case it hangs and instead rely on init to reap the child
899 */
900 if (proxy_command_pid > 1)
901 kill(proxy_command_pid, SIGHUP);
902 925
903 return exit_status; 926 return exit_status;
904} 927}
@@ -930,6 +953,7 @@ control_persist_detach(void)
930 tty_flag = otty_flag; 953 tty_flag = otty_flag;
931 close(muxserver_sock); 954 close(muxserver_sock);
932 muxserver_sock = -1; 955 muxserver_sock = -1;
956 options.control_master = SSHCTL_MASTER_NO;
933 muxclient(options.control_path); 957 muxclient(options.control_path);
934 /* muxclient() doesn't return on success. */ 958 /* muxclient() doesn't return on success. */
935 fatal("Failed to connect to new control master"); 959 fatal("Failed to connect to new control master");
@@ -1202,7 +1226,8 @@ ssh_session(void)
1202 } 1226 }
1203 } 1227 }
1204 /* Tell the packet module whether this is an interactive session. */ 1228 /* Tell the packet module whether this is an interactive session. */
1205 packet_set_interactive(interactive); 1229 packet_set_interactive(interactive,
1230 options.ip_qos_interactive, options.ip_qos_bulk);
1206 1231
1207 /* Request authentication agent forwarding if appropriate. */ 1232 /* Request authentication agent forwarding if appropriate. */
1208 check_agent_present(); 1233 check_agent_present();
@@ -1300,8 +1325,6 @@ ssh_session2_setup(int id, int success, void *arg)
1300 1325
1301 client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), 1326 client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
1302 NULL, fileno(stdin), &command, environ); 1327 NULL, fileno(stdin), &command, environ);
1303
1304 packet_set_interactive(interactive);
1305} 1328}
1306 1329
1307/* open new channel for a session */ 1330/* open new channel for a session */
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 06:27:58 +0000