summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c90
1 files changed, 36 insertions, 54 deletions
diff --git a/ssh.c b/ssh.c
index d9611848d..ca279fbb8 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $"); 43RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $");
44 44
45#include <openssl/evp.h> 45#include <openssl/evp.h>
46#include <openssl/err.h> 46#include <openssl/err.h>
@@ -79,14 +79,6 @@ extern char *__progname;
79char *__progname; 79char *__progname;
80#endif 80#endif
81 81
82/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
83 Default value is AF_UNSPEC means both IPv4 and IPv6. */
84#ifdef IPV4_DEFAULT
85int IPv4or6 = AF_INET;
86#else
87int IPv4or6 = AF_UNSPEC;
88#endif
89
90/* Flag indicating whether debug mode is on. This can be set on the command line. */ 82/* Flag indicating whether debug mode is on. This can be set on the command line. */
91int debug_flag = 0; 83int debug_flag = 0;
92 84
@@ -162,9 +154,6 @@ usage(void)
162 _PATH_SSH_USER_CONFFILE); 154 _PATH_SSH_USER_CONFFILE);
163 fprintf(stderr, " -A Enable authentication agent forwarding.\n"); 155 fprintf(stderr, " -A Enable authentication agent forwarding.\n");
164 fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); 156 fprintf(stderr, " -a Disable authentication agent forwarding (default).\n");
165#ifdef AFS
166 fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
167#endif /* AFS */
168 fprintf(stderr, " -X Enable X11 connection forwarding.\n"); 157 fprintf(stderr, " -X Enable X11 connection forwarding.\n");
169 fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); 158 fprintf(stderr, " -x Disable X11 connection forwarding (default).\n");
170 fprintf(stderr, " -i file Identity for public key authentication " 159 fprintf(stderr, " -i file Identity for public key authentication "
@@ -222,7 +211,7 @@ main(int ac, char **av)
222 extern int optind, optreset; 211 extern int optind, optreset;
223 extern char *optarg; 212 extern char *optarg;
224 213
225 __progname = get_progname(av[0]); 214 __progname = ssh_get_progname(av[0]);
226 init_rng(); 215 init_rng();
227 216
228 /* 217 /*
@@ -253,7 +242,7 @@ main(int ac, char **av)
253 /* Get user data. */ 242 /* Get user data. */
254 pw = getpwuid(original_real_uid); 243 pw = getpwuid(original_real_uid);
255 if (!pw) { 244 if (!pw) {
256 log("You don't exist, go away!"); 245 logit("You don't exist, go away!");
257 exit(1); 246 exit(1);
258 } 247 }
259 /* Take a copy of the returned structure. */ 248 /* Take a copy of the returned structure. */
@@ -284,10 +273,10 @@ again:
284 options.protocol = SSH_PROTO_2; 273 options.protocol = SSH_PROTO_2;
285 break; 274 break;
286 case '4': 275 case '4':
287 IPv4or6 = AF_INET; 276 options.address_family = AF_INET;
288 break; 277 break;
289 case '6': 278 case '6':
290 IPv4or6 = AF_INET6; 279 options.address_family = AF_INET6;
291 break; 280 break;
292 case 'n': 281 case 'n':
293 stdin_null_flag = 1; 282 stdin_null_flag = 1;
@@ -314,12 +303,9 @@ again:
314 case 'A': 303 case 'A':
315 options.forward_agent = 1; 304 options.forward_agent = 1;
316 break; 305 break;
317#ifdef AFS
318 case 'k': 306 case 'k':
319 options.kerberos_tgt_passing = 0; 307 /* ignored for backward compatibility */
320 options.afs_token_passing = 0;
321 break; 308 break;
322#endif
323 case 'i': 309 case 'i':
324 if (stat(optarg, &st) < 0) { 310 if (stat(optarg, &st) < 0) {
325 fprintf(stderr, "Warning: Identity file %s " 311 fprintf(stderr, "Warning: Identity file %s "
@@ -346,22 +332,22 @@ again:
346 tty_flag = 1; 332 tty_flag = 1;
347 break; 333 break;
348 case 'v': 334 case 'v':
349 if (0 == debug_flag) { 335 if (debug_flag == 0) {
350 debug_flag = 1; 336 debug_flag = 1;
351 options.log_level = SYSLOG_LEVEL_DEBUG1; 337 options.log_level = SYSLOG_LEVEL_DEBUG1;
352 } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) { 338 } else {
353 options.log_level++; 339 if (options.log_level < SYSLOG_LEVEL_DEBUG3)
340 options.log_level++;
354 break; 341 break;
355 } else 342 }
356 fatal("Too high debugging level.");
357 /* fallthrough */ 343 /* fallthrough */
358 case 'V': 344 case 'V':
359 fprintf(stderr, 345 fprintf(stderr,
360 "%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n", 346 "%s, SSH protocols %d.%d/%d.%d, %s\n",
361 SSH_VERSION, 347 SSH_VERSION,
362 PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1, 348 PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
363 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, 349 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
364 SSLeay()); 350 SSLeay_version(SSLEAY_VERSION));
365 if (opt == 'V') 351 if (opt == 'V')
366 exit(0); 352 exit(0);
367 break; 353 break;
@@ -432,9 +418,9 @@ again:
432 418
433 case 'L': 419 case 'L':
434 case 'R': 420 case 'R':
435 if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]", 421 if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",
436 sfwd_port, buf, sfwd_host_port) != 3 && 422 sfwd_port, buf, sfwd_host_port) != 3 &&
437 sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]", 423 sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",
438 sfwd_port, buf, sfwd_host_port) != 3) { 424 sfwd_port, buf, sfwd_host_port) != 3) {
439 fprintf(stderr, 425 fprintf(stderr,
440 "Bad forwarding specification '%s'\n", 426 "Bad forwarding specification '%s'\n",
@@ -463,7 +449,7 @@ again:
463 optarg); 449 optarg);
464 exit(1); 450 exit(1);
465 } 451 }
466 add_local_forward(&options, fwd_port, "socks4", 0); 452 add_local_forward(&options, fwd_port, "socks", 0);
467 break; 453 break;
468 454
469 case 'C': 455 case 'C':
@@ -523,7 +509,6 @@ again:
523 509
524 SSLeay_add_all_algorithms(); 510 SSLeay_add_all_algorithms();
525 ERR_load_crypto_strings(); 511 ERR_load_crypto_strings();
526 channel_set_af(IPv4or6);
527 512
528 /* Initialize the command to execute on remote host. */ 513 /* Initialize the command to execute on remote host. */
529 buffer_init(&command); 514 buffer_init(&command);
@@ -564,7 +549,7 @@ again:
564 /* Do not allocate a tty if stdin is not a tty. */ 549 /* Do not allocate a tty if stdin is not a tty. */
565 if (!isatty(fileno(stdin)) && !force_tty_flag) { 550 if (!isatty(fileno(stdin)) && !force_tty_flag) {
566 if (tty_flag) 551 if (tty_flag)
567 log("Pseudo-terminal will not be allocated because stdin is not a terminal."); 552 logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
568 tty_flag = 0; 553 tty_flag = 0;
569 } 554 }
570 555
@@ -595,6 +580,8 @@ again:
595 /* Fill configuration defaults. */ 580 /* Fill configuration defaults. */
596 fill_default_options(&options); 581 fill_default_options(&options);
597 582
583 channel_set_af(options.address_family);
584
598 /* reinit */ 585 /* reinit */
599 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); 586 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
600 587
@@ -606,25 +593,20 @@ again:
606 if (options.hostname != NULL) 593 if (options.hostname != NULL)
607 host = options.hostname; 594 host = options.hostname;
608 595
596 /* force lowercase for hostkey matching */
597 if (options.host_key_alias != NULL) {
598 for (p = options.host_key_alias; *p; p++)
599 if (isupper(*p))
600 *p = tolower(*p);
601 }
602
609 if (options.proxy_command != NULL && 603 if (options.proxy_command != NULL &&
610 strcmp(options.proxy_command, "none") == 0) 604 strcmp(options.proxy_command, "none") == 0)
611 options.proxy_command = NULL; 605 options.proxy_command = NULL;
612 606
613 /* Disable rhosts authentication if not running as root. */
614#ifdef HAVE_CYGWIN
615 /* Ignore uid if running under Windows */
616 if (!options.use_privileged_port) {
617#else
618 if (original_effective_uid != 0 || !options.use_privileged_port) {
619#endif
620 debug("Rhosts Authentication disabled, "
621 "originating port will not be trusted.");
622 options.rhosts_authentication = 0;
623 }
624 /* Open a connection to the remote host. */ 607 /* Open a connection to the remote host. */
625 608 if (ssh_connect(host, &hostaddr, options.port,
626 if (ssh_connect(host, &hostaddr, options.port, IPv4or6, 609 options.address_family, options.connection_attempts,
627 options.connection_attempts,
628#ifdef HAVE_CYGWIN 610#ifdef HAVE_CYGWIN
629 options.use_privileged_port, 611 options.use_privileged_port,
630#else 612#else
@@ -798,7 +780,7 @@ x11_get_proto(char **_proto, char **_data)
798 if (!got_data) { 780 if (!got_data) {
799 u_int32_t rand = 0; 781 u_int32_t rand = 0;
800 782
801 log("Warning: No xauth data; using fake authentication data for X11 forwarding."); 783 logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");
802 strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); 784 strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
803 for (i = 0; i < 16; i++) { 785 for (i = 0; i < 16; i++) {
804 if (i % 4 == 0) 786 if (i % 4 == 0)
@@ -878,7 +860,7 @@ ssh_session(void)
878 if (type == SSH_SMSG_SUCCESS) 860 if (type == SSH_SMSG_SUCCESS)
879 packet_start_compression(options.compression_level); 861 packet_start_compression(options.compression_level);
880 else if (type == SSH_SMSG_FAILURE) 862 else if (type == SSH_SMSG_FAILURE)
881 log("Warning: Remote host refused compression."); 863 logit("Warning: Remote host refused compression.");
882 else 864 else
883 packet_disconnect("Protocol error waiting for compression response."); 865 packet_disconnect("Protocol error waiting for compression response.");
884 } 866 }
@@ -917,7 +899,7 @@ ssh_session(void)
917 interactive = 1; 899 interactive = 1;
918 have_tty = 1; 900 have_tty = 1;
919 } else if (type == SSH_SMSG_FAILURE) 901 } else if (type == SSH_SMSG_FAILURE)
920 log("Warning: Remote host failed or refused to allocate a pseudo tty."); 902 logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
921 else 903 else
922 packet_disconnect("Protocol error waiting for pty request response."); 904 packet_disconnect("Protocol error waiting for pty request response.");
923 } 905 }
@@ -935,7 +917,7 @@ ssh_session(void)
935 if (type == SSH_SMSG_SUCCESS) { 917 if (type == SSH_SMSG_SUCCESS) {
936 interactive = 1; 918 interactive = 1;
937 } else if (type == SSH_SMSG_FAILURE) { 919 } else if (type == SSH_SMSG_FAILURE) {
938 log("Warning: Remote host denied X11 forwarding."); 920 logit("Warning: Remote host denied X11 forwarding.");
939 } else { 921 } else {
940 packet_disconnect("Protocol error waiting for X11 forwarding"); 922 packet_disconnect("Protocol error waiting for X11 forwarding");
941 } 923 }
@@ -954,7 +936,7 @@ ssh_session(void)
954 type = packet_read(); 936 type = packet_read();
955 packet_check_eom(); 937 packet_check_eom();
956 if (type != SSH_SMSG_SUCCESS) 938 if (type != SSH_SMSG_SUCCESS)
957 log("Warning: Remote host denied authentication agent forwarding."); 939 logit("Warning: Remote host denied authentication agent forwarding.");
958 } 940 }
959 941
960 /* Initiate port forwardings. */ 942 /* Initiate port forwardings. */
@@ -1022,7 +1004,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
1022 options.remote_forwards[i].host, 1004 options.remote_forwards[i].host,
1023 options.remote_forwards[i].host_port); 1005 options.remote_forwards[i].host_port);
1024 if (type == SSH2_MSG_REQUEST_FAILURE) 1006 if (type == SSH2_MSG_REQUEST_FAILURE)
1025 log("Warning: remote port forwarding failed for listen port %d", 1007 logit("Warning: remote port forwarding failed for listen port %d",
1026 options.remote_forwards[i].port); 1008 options.remote_forwards[i].port);
1027} 1009}
1028 1010
@@ -1137,7 +1119,7 @@ ssh_session2_open(void)
1137 c = channel_new( 1119 c = channel_new(
1138 "session", SSH_CHANNEL_OPENING, in, out, err, 1120 "session", SSH_CHANNEL_OPENING, in, out, err,
1139 window, packetmax, CHAN_EXTENDED_WRITE, 1121 window, packetmax, CHAN_EXTENDED_WRITE,
1140 xstrdup("client-session"), /*nonblock*/0); 1122 "client-session", /*nonblock*/0);
1141 1123
1142 debug3("ssh_session2_open: channel_new: %d", c->self); 1124 debug3("ssh_session2_open: channel_new: %d", c->self);
1143 1125
@@ -1189,7 +1171,7 @@ load_public_identity_files(void)
1189 sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); 1171 sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
1190 options.num_identity_files++; 1172 options.num_identity_files++;
1191 options.identity_keys[0] = keys[i]; 1173 options.identity_keys[0] = keys[i];
1192 options.identity_files[0] = xstrdup("smartcard key");; 1174 options.identity_files[0] = sc_get_key_label(keys[i]);
1193 } 1175 }
1194 if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) 1176 if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
1195 options.num_identity_files = SSH_MAX_IDENTITY_FILES; 1177 options.num_identity_files = SSH_MAX_IDENTITY_FILES;