From dcb6ecd1b3b25b6909296ff0546ca6b18d0c19d3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 May 2000 22:34:22 +1000 Subject: - OpenBSD CVS update: - markus@cvs.openbsd.org [ssh.c] fix usage() [ssh2.h] draft-ietf-secsh-architecture-05.txt [ssh.1] document ssh -T -N (ssh2 only) [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] enable nonblocking IO for sshd w/ proto 1, too; split out common code [aux.c] missing include --- ChangeLog | 12 ++++++++++++ Makefile.in | 2 +- aux.c | 36 ++++++++++++++++++++++++++++++++++++ channels.c | 19 +------------------ serverloop.c | 44 ++++++++++++++++++++++++++------------------ ssh.1 | 10 ++++++++-- ssh.c | 3 ++- ssh.h | 8 +++++++- ssh2.h | 8 +++++++- sshconnect.c | 17 +---------------- sshd.c | 17 +---------------- 11 files changed, 102 insertions(+), 74 deletions(-) create mode 100644 aux.c diff --git a/ChangeLog b/ChangeLog index 4f0c42d6b..e14392af2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,18 @@ - Avoid WCOREDUMP complation errors for systems that lack it - Avoid SIGCHLD warnings from entropy commands - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson + - OpenBSD CVS update: + - markus@cvs.openbsd.org + [ssh.c] + fix usage() + [ssh2.h] + draft-ietf-secsh-architecture-05.txt + [ssh.1] + document ssh -T -N (ssh2 only) + [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] + enable nonblocking IO for sshd w/ proto 1, too; split out common code + [aux.c] + missing include 20000513 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz diff --git a/Makefile.in b/Makefile.in index 403b75faa..3aeced934 100644 --- a/Makefile.in +++ b/Makefile.in @@ -34,7 +34,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) -LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o +LIBSSH_OBJS=atomicio.o authfd.o authfile.o aux.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o LIBOPENBSD_COMPAT_OBJS=bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o fake-getaddrinfo.o fake-getnameinfo.o diff --git a/aux.c b/aux.c new file mode 100644 index 000000000..899142da7 --- /dev/null +++ b/aux.c @@ -0,0 +1,36 @@ +#include "includes.h" +RCSID("$OpenBSD: aux.c,v 1.2 2000/05/17 09:47:59 markus Exp $"); + +#include "ssh.h" + +char * +chop(char *s) +{ + char *t = s; + while (*t) { + if(*t == '\n' || *t == '\r') { + *t = '\0'; + return s; + } + t++; + } + return s; + +} + +void +set_nonblock(int fd) +{ + int val; + val = fcntl(fd, F_GETFL, 0); + if (val < 0) { + error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); + return; + } + if (val & O_NONBLOCK) + return; + debug("fd %d setting O_NONBLOCK", fd); + val |= O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) + error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno)); +} diff --git a/channels.c b/channels.c index a18c7e300..f26b3a65b 100644 --- a/channels.c +++ b/channels.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $"); +RCSID("$Id: channels.c,v 1.31 2000/05/17 12:34:23 damien Exp $"); #include "ssh.h" #include "packet.h" @@ -147,23 +147,6 @@ channel_lookup(int id) return c; } -void -set_nonblock(int fd) -{ - int val; - val = fcntl(fd, F_GETFL, 0); - if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; - } - if (val & O_NONBLOCK) - return; - debug("fd %d setting O_NONBLOCK", fd); - val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno)); -} - /* * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd diff --git a/serverloop.c b/serverloop.c index 1bc5d8b75..79bdf77ba 100644 --- a/serverloop.c +++ b/serverloop.c @@ -259,20 +259,15 @@ process_input(fd_set * readset) if (len == 0) { verbose("Connection closed by remote host."); fatal_cleanup(); + } else if (len < 0) { + if (errno != EINTR && errno != EAGAIN) { + verbose("Read error from remote host: %.100s", strerror(errno)); + fatal_cleanup(); + } + } else { + /* Buffer any received data. */ + packet_process_incoming(buf, len); } - /* - * There is a kernel bug on Solaris that causes select to - * sometimes wake up even though there is no data available. - */ - if (len < 0 && errno == EAGAIN) - len = 0; - - if (len < 0) { - verbose("Read error from remote host: %.100s", strerror(errno)); - fatal_cleanup(); - } - /* Buffer any received data. */ - packet_process_incoming(buf, len); } if (compat20) return; @@ -280,9 +275,11 @@ process_input(fd_set * readset) /* Read and buffer any available stdout data from the program. */ if (!fdout_eof && FD_ISSET(fdout, readset)) { len = read(fdout, buf, sizeof(buf)); - if (len <= 0) + if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + /* do nothing */ + } else if (len <= 0) { fdout_eof = 1; - else { + } else { buffer_append(&stdout_buffer, buf, len); fdout_bytes += len; } @@ -290,10 +287,13 @@ process_input(fd_set * readset) /* Read and buffer any available stderr data from the program. */ if (!fderr_eof && FD_ISSET(fderr, readset)) { len = read(fderr, buf, sizeof(buf)); - if (len <= 0) + if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + /* do nothing */ + } else if (len <= 0) { fderr_eof = 1; - else + } else { buffer_append(&stderr_buffer, buf, len); + } } } @@ -309,7 +309,9 @@ process_output(fd_set * writeset) if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { len = write(fdin, buffer_ptr(&stdin_buffer), buffer_len(&stdin_buffer)); - if (len <= 0) { + if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + /* do nothing */ + } else if (len <= 0) { #ifdef USE_PIPES close(fdin); #else @@ -396,6 +398,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) fdin = fdin_arg; fdout = fdout_arg; fderr = fderr_arg; + + /* nonblocking IO */ + set_nonblock(fdin); + set_nonblock(fdout); + set_nonblock(fderr); + connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); diff --git a/ssh.1 b/ssh.1 index 48040c439..d8e9eb0b9 100644 --- a/ssh.1 +++ b/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $ +.\" $Id: ssh.1,v 1.26 2000/05/17 12:34:24 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -24,7 +24,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqtvxCPX246 +.Op Fl afgknqtvxCNPTX246 .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file @@ -416,6 +416,10 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl N +Do not execute a remote command. +This is usefull if you just want to forward ports +(protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the config file. This is useful for specifying options for which there is no separate @@ -442,6 +446,8 @@ Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. +.It Fl T +Disable pseudo-tty allocation (protocol version 2 only). .It Fl v Verbose mode. Causes diff --git a/ssh.c b/ssh.c index 2dfc2b02f..bf4f8b1c6 100644 --- a/ssh.c +++ b/ssh.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.30 2000/05/09 01:03:02 damien Exp $"); +RCSID("$Id: ssh.c,v 1.31 2000/05/17 12:34:24 damien Exp $"); #include #include @@ -120,6 +120,7 @@ usage() #ifdef AFS fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); #endif /* AFS */ + fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding.\n"); fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); diff --git a/ssh.h b/ssh.h index 42a710088..ed124cece 100644 --- a/ssh.h +++ b/ssh.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: ssh.h,v 1.39 2000/05/09 01:03:02 damien Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.40 2000/05/17 12:34:24 damien Exp $"); */ #ifndef SSH_H #define SSH_H @@ -486,6 +486,12 @@ void fatal_remove_cleanup(void (*proc) (void *context), void *context); */ char *tilde_expand_filename(const char *filename, uid_t my_uid); +/* remove newline at end of string */ +char *chop(char *s); + +/* set filedescriptor to non-blocking */ +void set_nonblock(int fd); + /* * Performs the interactive session. This handles data transmission between * the client and the program. Note that the notion of stdin, stdout, and diff --git a/ssh2.h b/ssh2.h index cf684bacf..1fa4c0a0d 100644 --- a/ssh2.h +++ b/ssh2.h @@ -1,5 +1,5 @@ /* - * draft-ietf-secsh-architecture-04.txt + * draft-ietf-secsh-architecture-05.txt * * Transport layer protocol: * @@ -28,6 +28,7 @@ * * 192-255 Local extensions */ +/* RCSID("$OpenBSD: ssh2.h,v 1.3 2000/05/15 07:03:12 markus Exp $"); */ /* transport layer: generic */ @@ -88,6 +89,7 @@ #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 +#define SSH2_DISCONNECT_RESERVED 4 #define SSH2_DISCONNECT_MAC_ERROR 5 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 @@ -95,6 +97,10 @@ #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 #define SSH2_DISCONNECT_CONNECTION_LOST 10 #define SSH2_DISCONNECT_BY_APPLICATION 11 +#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 +#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 +#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 +#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* misc */ diff --git a/sshconnect.c b/sshconnect.c index d74658c96..40e359ceb 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.72 2000/05/04 09:50:22 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.73 2000/05/17 08:20:15 markus Exp $"); #include #include @@ -301,21 +301,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, return 1; } -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if(*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - /* * Waits for the server identification string, and sends our own * identification string. diff --git a/sshd.c b/sshd.c index d1ed1506e..a13332cbd 100644 --- a/sshd.c +++ b/sshd.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.116 2000/05/17 08:20:16 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -262,21 +262,6 @@ key_regeneration_alarm(int sig) errno = save_errno; } -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if(*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - void sshd_exchange_identification(int sock_in, int sock_out) { -- cgit v1.2.3