From 06f2bd8bde688390c34eeedfb3aa7b8e4133542d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 May 2004 16:06:46 +1000 Subject: - deraadt@cvs.openbsd.org 2004/05/08 00:01:37 [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c tildexpand.c], removed: sshtty.h tildexpand.h make two tiny header files go away; djm ok --- clientloop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'clientloop.c') diff --git a/clientloop.c b/clientloop.c index 626b29a5a..adfeeab27 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.118 2004/05/08 00:01:37 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -79,7 +79,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $"); #include "clientloop.h" #include "authfd.h" #include "atomicio.h" -#include "sshtty.h" +#include "sshpty.h" #include "misc.h" #include "readpass.h" -- cgit v1.2.3 From e608ca2965a4afe58477faf1d36ce574416b66a7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 May 2004 16:15:47 +1000 Subject: - djm@cvs.openbsd.org 2004/05/08 00:21:31 [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h kill a tiny header; ok deraadt@ --- ChangeLog | 6 +++++- clientloop.c | 3 +-- misc.h | 14 +++++++++++++- readpass.c | 4 ++-- readpass.h | 19 ------------------- scard.c | 4 ++-- ssh-add.c | 3 +-- ssh-agent.c | 3 +-- ssh-keygen.c | 4 ++-- sshconnect.c | 3 +-- sshconnect1.c | 4 ++-- sshconnect2.c | 4 ++-- 12 files changed, 32 insertions(+), 39 deletions(-) delete mode 100644 readpass.h (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 6f180dd21..b22850184 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c tildexpand.c], removed: sshtty.h tildexpand.h make two tiny header files go away; djm ok + - djm@cvs.openbsd.org 2004/05/08 00:21:31 + [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c + sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h + kill a tiny header; ok deraadt@ 20040502 - (dtucker) OpenBSD CVS Sync @@ -1089,4 +1093,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3345 2004/05/13 06:06:46 dtucker Exp $ +$Id: ChangeLog,v 1.3346 2004/05/13 06:15:47 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index adfeeab27..b76f80890 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.118 2004/05/08 00:01:37 deraadt Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.119 2004/05/08 00:21:31 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -81,7 +81,6 @@ RCSID("$OpenBSD: clientloop.c,v 1.118 2004/05/08 00:01:37 deraadt Exp $"); #include "atomicio.h" #include "sshpty.h" #include "misc.h" -#include "readpass.h" /* import options */ extern Options options; diff --git a/misc.h b/misc.h index 45d1c0a0d..d4a23cba3 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.13 2004/05/08 00:01:37 deraadt Exp $ */ +/* $OpenBSD: misc.h,v 1.14 2004/05/08 00:21:31 djm Exp $ */ /* * Author: Tatu Ylonen @@ -12,6 +12,8 @@ * called by a name other than "ssh" or "Secure Shell". */ +/* misc.c */ + char *chop(char *); char *strdelim(char **); void set_nonblock(int); @@ -32,4 +34,14 @@ struct arglist { }; void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); +/* tildexpand.c */ + char *tilde_expand_filename(const char *, uid_t); + +/* readpass.c */ + +#define RP_ECHO 0x0001 +#define RP_ALLOW_STDIN 0x0002 +#define RP_ALLOW_EOF 0x0004 + +char *read_passphrase(const char *, int); diff --git a/readpass.c b/readpass.c index 95ec5d873..fc7629c37 100644 --- a/readpass.c +++ b/readpass.c @@ -23,10 +23,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.29 2004/05/08 00:21:31 djm Exp $"); #include "xmalloc.h" -#include "readpass.h" +#include "misc.h" #include "pathnames.h" #include "log.h" #include "ssh.h" diff --git a/readpass.h b/readpass.h deleted file mode 100644 index a45d32f2a..000000000 --- a/readpass.h +++ /dev/null @@ -1,19 +0,0 @@ -/* $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#define RP_ECHO 0x0001 -#define RP_ALLOW_STDIN 0x0002 -#define RP_ALLOW_EOF 0x0004 - -char *read_passphrase(const char *, int); diff --git a/scard.c b/scard.c index 906287ba2..b3d25058a 100644 --- a/scard.c +++ b/scard.c @@ -24,7 +24,7 @@ #include "includes.h" #if defined(SMARTCARD) && defined(USE_SECTOK) -RCSID("$OpenBSD: scard.c,v 1.28 2003/06/12 19:12:02 markus Exp $"); +RCSID("$OpenBSD: scard.c,v 1.29 2004/05/08 00:21:31 djm Exp $"); #include #include @@ -32,7 +32,7 @@ RCSID("$OpenBSD: scard.c,v 1.28 2003/06/12 19:12:02 markus Exp $"); #include "key.h" #include "log.h" #include "xmalloc.h" -#include "readpass.h" +#include "misc.h" #include "scard.h" #if OPENSSL_VERSION_NUMBER < 0x00907000L diff --git a/ssh-add.c b/ssh-add.c index e7699c95c..709a36bc1 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.69 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.70 2004/05/08 00:21:31 djm Exp $"); #include @@ -47,7 +47,6 @@ RCSID("$OpenBSD: ssh-add.c,v 1.69 2003/11/21 11:57:03 djm Exp $"); #include "authfd.h" #include "authfile.h" #include "pathnames.h" -#include "readpass.h" #include "misc.h" #ifdef HAVE___PROGNAME diff --git a/ssh-agent.c b/ssh-agent.c index f5fce6b2a..a38322160 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.118 2004/05/08 00:21:31 djm Exp $"); #include #include @@ -50,7 +50,6 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $"); #include "authfd.h" #include "compat.h" #include "log.h" -#include "readpass.h" #include "misc.h" #ifdef SMARTCARD diff --git a/ssh-keygen.c b/ssh-keygen.c index 1156a010a..2dfbb24b3 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.114 2004/05/08 00:21:31 djm Exp $"); #include #include @@ -26,7 +26,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $"); #include "bufaux.h" #include "pathnames.h" #include "log.h" -#include "readpass.h" +#include "misc.h" #include "moduli.h" #ifdef SMARTCARD diff --git a/sshconnect.c b/sshconnect.c index dfeddd39e..95bb527b2 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.156 2004/01/25 03:49:09 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.157 2004/05/08 00:21:31 djm Exp $"); #include @@ -31,7 +31,6 @@ RCSID("$OpenBSD: sshconnect.c,v 1.156 2004/01/25 03:49:09 djm Exp $"); #include "readconf.h" #include "atomicio.h" #include "misc.h" -#include "readpass.h" #include "dns.h" diff --git a/sshconnect1.c b/sshconnect1.c index 2f89964ec..c579b01cc 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.56 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $"); #include #include @@ -32,7 +32,7 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.56 2003/08/28 12:54:34 markus Exp $"); #include "authfd.h" #include "sshconnect.h" #include "authfile.h" -#include "readpass.h" +#include "misc.h" #include "cipher.h" #include "canohost.h" #include "auth.h" diff --git a/sshconnect2.c b/sshconnect2.c index 447642895..06d884285 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.136 2004/04/08 16:08:21 henning Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.137 2004/05/08 00:21:31 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -43,7 +43,7 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.136 2004/04/08 16:08:21 henning Exp $"); #include "authfd.h" #include "log.h" #include "readconf.h" -#include "readpass.h" +#include "misc.h" #include "match.h" #include "dispatch.h" #include "canohost.h" -- cgit v1.2.3 From e16758294783f418cee7713dac031d5aeaf1e76c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 May 2004 10:13:07 +1000 Subject: - dtucker@cvs.openbsd.org 2004/05/20 10:58:05 [clientloop.c] Trivial type fix 0 -> '\0'; ok markus@ --- ChangeLog | 5 ++++- clientloop.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index bc124cc7d..faec11df9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [sftp-client.c sftp.c] gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while waiting for a command; ok markus@ + - dtucker@cvs.openbsd.org 2004/05/20 10:58:05 + [clientloop.c] + Trivial type fix 0 -> '\0'; ok markus@ 20040523 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in @@ -1133,4 +1136,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3359 2004/05/24 00:12:19 dtucker Exp $ +$Id: ChangeLog,v 1.3360 2004/05/24 00:13:07 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index b76f80890..9cbc1b0ce 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.119 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.120 2004/05/20 10:58:05 dtucker Exp $"); #include "ssh.h" #include "ssh1.h" @@ -515,7 +515,7 @@ process_cmdline(void) goto out; while (*s && isspace(*s)) s++; - if (*s == 0) + if (*s == '\0') goto out; if (strlen(s) < 2 || s[0] != '-' || !(s[1] == 'L' || s[1] == 'R')) { logit("Invalid command."); -- cgit v1.2.3 From e7066dfde3d4ac36038050b6027a742356f7b1f1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 May 2004 10:18:05 +1000 Subject: - djm@cvs.openbsd.org 2004/05/21 11:33:11 [channels.c channels.h clientloop.c serverloop.c ssh.1] bz #756: add support for the cancel-tcpip-forward request for the server and the client (through the ~C commandline). reported by z3p AT twistedmatrix.com; ok markus@ --- ChangeLog | 7 ++++- channels.c | 67 +++++++++++++++++++++++++++++++++++++++++++++--- channels.h | 4 ++- clientloop.c | 84 ++++++++++++++++++++++++++++++++++++++++++------------------ serverloop.c | 13 +++++++++- ssh.1 | 13 +++++++--- 6 files changed, 153 insertions(+), 35 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 91c9ce5ec..0e8f4a556 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,11 @@ - markus@cvs.openbsd.org 2004/05/21 08:43:03 [kex.h moduli.c tildexpand.c] add prototypes for -Wall; ok djm + - djm@cvs.openbsd.org 2004/05/21 11:33:11 + [channels.c channels.h clientloop.c serverloop.c ssh.1] + bz #756: add support for the cancel-tcpip-forward request for the server and + the client (through the ~C commandline). reported by z3p AT twistedmatrix.com; + ok markus@ 20040523 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in @@ -1139,4 +1144,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3361 2004/05/24 00:14:24 dtucker Exp $ +$Id: ChangeLog,v 1.3362 2004/05/24 00:18:05 dtucker Exp $ diff --git a/channels.c b/channels.c index 55dc67342..2b1ce0e5c 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.201 2004/05/11 19:01:43 deraadt Exp $"); +RCSID("$OpenBSD: channels.c,v 1.202 2004/05/21 11:33:11 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2228,6 +2228,26 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por return success; } +int +channel_cancel_rport_listener(const char *host, u_short port) +{ + int i, found = 0; + + for(i = 0; i < channels_alloc; i++) { + Channel *c = channels[i]; + + if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && + strncmp(c->path, host, sizeof(c->path)) == 0 && + c->listening_port == port) { + debug2("%s: close clannel %d", __func__, i); + channel_free(c); + found = 1; + } + } + + return (found); +} + /* protocol local port fwd, used by ssh (and sshd in v1) */ int channel_setup_local_fwd_listener(u_short listen_port, @@ -2304,6 +2324,42 @@ channel_request_remote_forwarding(u_short listen_port, } } +/* + * Request cancellation of remote forwarding of connection host:port from + * local side. + */ + +void +channel_request_rforward_cancel(u_short port) +{ + int i; + const char *address_to_bind = "0.0.0.0"; + + if (!compat20) + return; + + for (i = 0; i < num_permitted_opens; i++) { + if (permitted_opens[i].host_to_connect != NULL && + permitted_opens[i].listen_port == port) + break; + } + if (i >= num_permitted_opens) { + debug("%s: requested forward not found", __func__); + return; + } + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("cancel-tcpip-forward"); + packet_put_char(0); + packet_put_cstring(address_to_bind); + packet_put_int(port); + packet_send(); + + permitted_opens[i].listen_port = 0; + permitted_opens[i].port_to_connect = 0; + free(permitted_opens[i].host_to_connect); + permitted_opens[i].host_to_connect = NULL; +} + /* * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates * listening for the port, and sends back a success reply (or disconnect @@ -2373,7 +2429,8 @@ channel_clear_permitted_opens(void) int i; for (i = 0; i < num_permitted_opens; i++) - xfree(permitted_opens[i].host_to_connect); + if (permitted_opens[i].host_to_connect != NULL) + xfree(permitted_opens[i].host_to_connect); num_permitted_opens = 0; } @@ -2441,7 +2498,8 @@ channel_connect_by_listen_address(u_short listen_port) int i; for (i = 0; i < num_permitted_opens; i++) - if (permitted_opens[i].listen_port == listen_port) + if (permitted_opens[i].host_to_connect != NULL && + permitted_opens[i].listen_port == listen_port) return connect_to( permitted_opens[i].host_to_connect, permitted_opens[i].port_to_connect); @@ -2459,7 +2517,8 @@ channel_connect_to(const char *host, u_short port) permit = all_opens_permitted; if (!permit) { for (i = 0; i < num_permitted_opens; i++) - if (permitted_opens[i].port_to_connect == port && + if (permitted_opens[i].host_to_connect != NULL && + permitted_opens[i].port_to_connect == port && strcmp(permitted_opens[i].host_to_connect, host) == 0) permit = 1; diff --git a/channels.h b/channels.h index 7d981479b..0a49c55ea 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.71 2003/09/23 20:41:11 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.72 2004/05/21 11:33:11 djm Exp $ */ /* * Author: Tatu Ylonen @@ -200,8 +200,10 @@ void channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); void channel_request_remote_forwarding(u_short, const char *, u_short); +void channel_request_rforward_cancel(u_short port); int channel_setup_local_fwd_listener(u_short, const char *, u_short, int); int channel_setup_remote_fwd_listener(const char *, u_short, int); +int channel_cancel_rport_listener(const char *, u_short); /* x11 forwarding */ diff --git a/clientloop.c b/clientloop.c index 9cbc1b0ce..ce627e8b8 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.120 2004/05/20 10:58:05 dtucker Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.121 2004/05/21 11:33:11 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -506,6 +506,7 @@ process_cmdline(void) char *s, *cmd; u_short fwd_port, fwd_host_port; char buf[1024], sfwd_port[6], sfwd_host_port[6]; + int delete = 0; int local = 0; leave_raw_mode(); @@ -515,44 +516,77 @@ process_cmdline(void) goto out; while (*s && isspace(*s)) s++; + if (*s == '-') + s++; /* Skip cmdline '-', if any */ if (*s == '\0') goto out; - if (strlen(s) < 2 || s[0] != '-' || !(s[1] == 'L' || s[1] == 'R')) { + + if (*s == '?') { + logit("Commands:"); + logit(" -Lport:host:hostport Request local forward"); + logit(" -Rport:host:hostport Request remote forward"); + logit(" -KRhostport Cancel remote forward"); + goto out; + } + + if (*s == 'K') { + delete = 1; + s++; + } + if (*s != 'L' && *s != 'R') { logit("Invalid command."); goto out; } - if (s[1] == 'L') + if (*s == 'L') local = 1; - if (!local && !compat20) { + if (local && delete) { + logit("Not supported."); + goto out; + } + if ((!local || delete) && !compat20) { logit("Not supported for SSH protocol version 1."); goto out; } - s += 2; + + s++; while (*s && isspace(*s)) s++; - if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]", - sfwd_port, buf, sfwd_host_port) != 3 && - sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]", - sfwd_port, buf, sfwd_host_port) != 3) { - logit("Bad forwarding specification."); - goto out; - } - if ((fwd_port = a2port(sfwd_port)) == 0 || - (fwd_host_port = a2port(sfwd_host_port)) == 0) { - logit("Bad forwarding port(s)."); - goto out; - } - if (local) { - if (channel_setup_local_fwd_listener(fwd_port, buf, - fwd_host_port, options.gateway_ports) < 0) { - logit("Port forwarding failed."); + if (delete) { + if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) { + logit("Bad forwarding specification."); + goto out; + } + if ((fwd_host_port = a2port(sfwd_host_port)) == 0) { + logit("Bad forwarding port(s)."); + goto out; + } + channel_request_rforward_cancel(fwd_host_port); + } else { + if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3 && + sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3) { + logit("Bad forwarding specification."); goto out; } - } else - channel_request_remote_forwarding(fwd_port, buf, - fwd_host_port); - logit("Forwarding port."); + if ((fwd_port = a2port(sfwd_port)) == 0 || + (fwd_host_port = a2port(sfwd_host_port)) == 0) { + logit("Bad forwarding port(s)."); + goto out; + } + if (local) { + if (channel_setup_local_fwd_listener(fwd_port, buf, + fwd_host_port, options.gateway_ports) < 0) { + logit("Port forwarding failed."); + goto out; + } + } else + channel_request_remote_forwarding(fwd_port, buf, + fwd_host_port); + logit("Forwarding port."); + } + out: signal(SIGINT, handler); enter_raw_mode(); diff --git a/serverloop.c b/serverloop.c index a777a048d..8d2642d5b 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.115 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.116 2004/05/21 11:33:11 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -991,6 +991,17 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) listen_address, listen_port, options.gateway_ports); } xfree(listen_address); + } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { + char *cancel_address; + u_short cancel_port; + + cancel_address = packet_get_string(NULL); + cancel_port = (u_short)packet_get_int(); + debug("%s: cancel-tcpip-forward addr %s port %d", __func__, + cancel_address, cancel_port); + + success = channel_cancel_rport_listener(cancel_address, + cancel_port); } if (want_reply) { packet_start(success ? diff --git a/ssh.1 b/ssh.1 index b7b126440..7da143b19 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.185 2004/05/02 11:57:52 dtucker Exp $ +.\" $OpenBSD: ssh.1,v 1.186 2004/05/21 11:33:11 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -302,11 +302,18 @@ Display a list of escape characters. Send a BREAK to the remote system (only useful for SSH protocol version 2 and if the peer supports it). .It Cm ~C -Open command line (only useful for adding port forwardings using the +Open command line. +Currently this allows the addition of port forwardings using the .Fl L and .Fl R -options). +options (see below). +It also allows the cancellation of existing remote port-forwardings +using +.Fl KR Ar hostport . +Basic help is available, using the +.Fl ? +option. .It Cm ~R Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it). -- cgit v1.2.3 From 1973c8889875042977ded9774b4363509f4aa79a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 May 2004 10:34:36 +1000 Subject: - djm@cvs.openbsd.org 2004/05/22 06:32:12 [clientloop.c ssh.1] use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@ --- ChangeLog | 5 ++++- clientloop.c | 4 ++-- ssh.1 | 6 +++--- 3 files changed, 9 insertions(+), 6 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 0e8f4a556..486d4c2ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ bz #756: add support for the cancel-tcpip-forward request for the server and the client (through the ~C commandline). reported by z3p AT twistedmatrix.com; ok markus@ + - djm@cvs.openbsd.org 2004/05/22 06:32:12 + [clientloop.c ssh.1] + use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@ 20040523 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in @@ -1144,4 +1147,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3362 2004/05/24 00:18:05 dtucker Exp $ +$Id: ChangeLog,v 1.3363 2004/05/24 00:34:36 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index ce627e8b8..31e604180 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.121 2004/05/21 11:33:11 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.122 2004/05/22 06:32:12 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -521,7 +521,7 @@ process_cmdline(void) if (*s == '\0') goto out; - if (*s == '?') { + if (*s == 'h' || *s == 'H' || *s == '?') { logit("Commands:"); logit(" -Lport:host:hostport Request local forward"); logit(" -Rport:host:hostport Request remote forward"); diff --git a/ssh.1 b/ssh.1 index 7da143b19..008fdde34 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.186 2004/05/21 11:33:11 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.187 2004/05/22 06:32:12 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -311,8 +311,8 @@ options (see below). It also allows the cancellation of existing remote port-forwardings using .Fl KR Ar hostport . -Basic help is available, using the -.Fl ? +Basic help is available, using the +.Fl h option. .It Cm ~R Request rekeying of the connection -- cgit v1.2.3 From 0e220dbfbcc9fe252e8f1f4890dbfa415aad35db Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 15 Jun 2004 10:34:08 +1000 Subject: - djm@cvs.openbsd.org 2004/06/13 15:03:02 [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] implement session multiplexing in the client (the server has supported this since 2.0); ok markus@ --- ChangeLog | 7 +- channels.c | 76 +++++++++++-- channels.h | 7 +- clientloop.c | 327 ++++++++++++++++++++++++++++++++++++++++++++++++++---- clientloop.h | 4 +- defines.h | 5 +- includes.h | 3 +- readconf.c | 18 ++- readconf.h | 5 +- scp.1 | 4 +- sftp.1 | 4 +- ssh-rand-helper.c | 6 +- ssh.1 | 26 ++++- ssh.c | 276 ++++++++++++++++++++++++++++++--------------- ssh_config.5 | 24 +++- 15 files changed, 650 insertions(+), 142 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 3edf2d19b..36aeb85bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,11 @@ [ssh.1 ssh_config.5 sshd_config.5] List supported ciphers in man pages, tidy up ssh -c; "looks fine" jmc@, ok markus@ + - djm@cvs.openbsd.org 2004/06/13 15:03:02 + [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] + [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] + implement session multiplexing in the client (the server has supported + this since 2.0); ok markus@ 20040603 - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. @@ -1208,4 +1213,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3381 2004/06/15 00:30:39 djm Exp $ +$Id: ChangeLog,v 1.3382 2004/06/15 00:34:08 djm Exp $ diff --git a/channels.c b/channels.c index 437befa34..1fb1092c8 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.203 2004/05/26 23:02:39 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.204 2004/06/13 15:03:02 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -172,6 +172,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, c->rfd = rfd; c->wfd = wfd; c->sock = (rfd == wfd) ? rfd : -1; + c->ctl_fd = -1; /* XXX: set elsewhere */ c->efd = efd; c->extended_usage = extusage; @@ -263,6 +264,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->single_connection = 0; c->detach_user = NULL; c->confirm = NULL; + c->confirm_ctx = NULL; c->input_filter = NULL; debug("channel %d: new [%s]", found, remote_name); return c; @@ -304,10 +306,11 @@ channel_close_fd(int *fdp) static void channel_close_fds(Channel *c) { - debug3("channel %d: close_fds r %d w %d e %d", - c->self, c->rfd, c->wfd, c->efd); + debug3("channel %d: close_fds r %d w %d e %d c %d", + c->self, c->rfd, c->wfd, c->efd, c->ctl_fd); channel_close_fd(&c->sock); + channel_close_fd(&c->ctl_fd); channel_close_fd(&c->rfd); channel_close_fd(&c->wfd); channel_close_fd(&c->efd); @@ -333,6 +336,8 @@ channel_free(Channel *c) if (c->sock != -1) shutdown(c->sock, SHUT_RDWR); + if (c->ctl_fd != -1) + shutdown(c->ctl_fd, SHUT_RDWR); channel_close_fds(c); buffer_free(&c->input); buffer_free(&c->output); @@ -550,12 +555,13 @@ channel_open_message(void) case SSH_CHANNEL_X11_OPEN: case SSH_CHANNEL_INPUT_DRAINING: case SSH_CHANNEL_OUTPUT_DRAINING: - snprintf(buf, sizeof buf, " #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d)\r\n", + snprintf(buf, sizeof buf, + " #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d cfd %d)\r\n", c->self, c->remote_name, c->type, c->remote_id, c->istate, buffer_len(&c->input), c->ostate, buffer_len(&c->output), - c->rfd, c->wfd); + c->rfd, c->wfd, c->ctl_fd); buffer_append(&buffer, buf, strlen(buf)); continue; default: @@ -596,14 +602,14 @@ channel_request_start(int id, char *service, int wantconfirm) logit("channel_request_start: %d: unknown channel id", id); return; } - debug2("channel %d: request %s", id, service) ; + debug2("channel %d: request %s confirm %d", id, service, wantconfirm); packet_start(SSH2_MSG_CHANNEL_REQUEST); packet_put_int(c->remote_id); packet_put_cstring(service); packet_put_char(wantconfirm); } void -channel_register_confirm(int id, channel_callback_fn *fn) +channel_register_confirm(int id, channel_callback_fn *fn, void *ctx) { Channel *c = channel_lookup(id); @@ -612,6 +618,7 @@ channel_register_confirm(int id, channel_callback_fn *fn) return; } c->confirm = fn; + c->confirm_ctx = ctx; } void channel_register_cleanup(int id, channel_callback_fn *fn) @@ -729,6 +736,10 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) buffer_len(&c->extended) < c->remote_window) FD_SET(c->efd, readset); } + /* XXX: What about efd? races? */ + if (compat20 && c->ctl_fd != -1 && + c->istate == CHAN_INPUT_OPEN && c->ostate == CHAN_OUTPUT_OPEN) + FD_SET(c->ctl_fd, readset); } static void @@ -1482,6 +1493,33 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) return 1; } static int +channel_handle_ctl(Channel *c, fd_set * readset, fd_set * writeset) +{ + char buf[16]; + int len; + + /* Monitor control fd to detect if the slave client exits */ + if (c->ctl_fd != -1 && FD_ISSET(c->ctl_fd, readset)) { + len = read(c->ctl_fd, buf, sizeof(buf)); + if (len < 0 && (errno == EINTR || errno == EAGAIN)) + return 1; + if (len <= 0) { + debug2("channel %d: ctl read<=0", c->self); + if (c->type != SSH_CHANNEL_OPEN) { + debug2("channel %d: not open", c->self); + chan_mark_dead(c); + return -1; + } else { + chan_read_failed(c); + chan_write_failed(c); + } + return -1; + } else + fatal("%s: unexpected data on ctl fd", __func__); + } + return 1; +} +static int channel_check_window(Channel *c) { if (c->type == SSH_CHANNEL_OPEN && @@ -1511,6 +1549,7 @@ channel_post_open(Channel *c, fd_set * readset, fd_set * writeset) if (!compat20) return; channel_handle_efd(c, readset, writeset); + channel_handle_ctl(c, readset, writeset); channel_check_window(c); } @@ -2011,7 +2050,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) c->remote_maxpacket = packet_get_int(); if (c->confirm) { debug2("callback start"); - c->confirm(c->self, NULL); + c->confirm(c->self, c->confirm_ctx); debug2("callback done"); } debug2("channel %d: open confirm rwindow %u rmax %u", c->self, @@ -2531,6 +2570,27 @@ channel_connect_to(const char *host, u_short port) return connect_to(host, port); } +void +channel_send_window_changes(void) +{ + int i; + struct winsize ws; + + for (i = 0; i < channels_alloc; i++) { + if (channels[i] == NULL || + channels[i]->type != SSH_CHANNEL_OPEN) + continue; + if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) + continue; + channel_request_start(i, "window-change", 0); + packet_put_int(ws.ws_col); + packet_put_int(ws.ws_row); + packet_put_int(ws.ws_xpixel); + packet_put_int(ws.ws_ypixel); + packet_send(); + } +} + /* -- X11 forwarding */ /* diff --git a/channels.h b/channels.h index 0a49c55ea..41f3cedd3 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.72 2004/05/21 11:33:11 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.73 2004/06/13 15:03:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -76,6 +76,7 @@ struct Channel { int wfd; /* write fd */ int efd; /* extended fd */ int sock; /* sock fd */ + int ctl_fd; /* control fd (client sharing) */ int isatty; /* rfd is a tty */ int wfd_isatty; /* wfd is a tty */ int force_drain; /* force close on iEOF */ @@ -105,6 +106,7 @@ struct Channel { /* callback */ channel_callback_fn *confirm; channel_callback_fn *detach_user; + void *confirm_ctx; /* filter */ channel_filter_fn *input_filter; @@ -161,10 +163,11 @@ void channel_stop_listening(void); void channel_send_open(int); void channel_request_start(int, char *, int); void channel_register_cleanup(int, channel_callback_fn *); -void channel_register_confirm(int, channel_callback_fn *); +void channel_register_confirm(int, channel_callback_fn *, void *); void channel_register_filter(int, channel_filter_fn *); void channel_cancel_cleanup(int); int channel_close_fd(int *); +void channel_send_window_changes(void); /* protocol handler */ diff --git a/clientloop.c b/clientloop.c index 31e604180..6401588a9 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.122 2004/05/22 06:32:12 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.123 2004/06/13 15:03:02 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -81,6 +81,9 @@ RCSID("$OpenBSD: clientloop.c,v 1.122 2004/05/22 06:32:12 djm Exp $"); #include "atomicio.h" #include "sshpty.h" #include "misc.h" +#include "monitor_fdpass.h" +#include "match.h" +#include "msg.h" /* import options */ extern Options options; @@ -91,6 +94,9 @@ extern int stdin_null_flag; /* Flag indicating that no shell has been requested */ extern int no_shell_flag; +/* Control socket */ +extern int control_fd; + /* * Name of the host we are connecting to. This is the name given on the * command line, or the HostName specified for the user-supplied name in a @@ -131,9 +137,19 @@ static int server_alive_timeouts = 0; static void client_init_dispatch(void); int session_ident = -1; +struct confirm_ctx { + int want_tty; + int want_subsys; + Buffer cmd; + char *term; + struct termios tio; +}; + /*XXX*/ extern Kex *xxx_kex; +void ssh_process_session2_setup(int, int, int, Buffer *); + /* Restores stdin to blocking mode. */ static void @@ -291,19 +307,13 @@ client_check_window_change(void) /** XXX race */ received_window_change_signal = 0; - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) - return; - debug2("client_check_window_change: changed"); if (compat20) { - channel_request_start(session_ident, "window-change", 0); - packet_put_int(ws.ws_col); - packet_put_int(ws.ws_row); - packet_put_int(ws.ws_xpixel); - packet_put_int(ws.ws_ypixel); - packet_send(); + channel_send_window_changes(); } else { + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) + return; packet_start(SSH_CMSG_WINDOW_SIZE); packet_put_int(ws.ws_row); packet_put_int(ws.ws_col); @@ -335,7 +345,6 @@ server_alive_check(void) * Waits until the client can do something (some data becomes available on * one of the file descriptors). */ - static void client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int *nallocp, int rekeying) @@ -381,6 +390,9 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, if (packet_have_data_to_write()) FD_SET(connection_out, *writesetp); + if (control_fd != -1) + FD_SET(control_fd, *readsetp); + /* * Wait for something to happen. This will suspend the process until * some selected descriptor can be read, written, or has some other @@ -499,6 +511,176 @@ client_process_net_input(fd_set * readset) } } +static void +client_subsystem_reply(int type, u_int32_t seq, void *ctxt) +{ + int id; + Channel *c; + + id = packet_get_int(); + packet_check_eom(); + + if ((c = channel_lookup(id)) == NULL) { + error("%s: no channel for id %d", __func__, id); + return; + } + + if (type == SSH2_MSG_CHANNEL_SUCCESS) + debug2("Request suceeded on channel %d", id); + else if (type == SSH2_MSG_CHANNEL_FAILURE) { + error("Request failed on channel %d", id); + channel_free(c); + } +} + +static void +client_extra_session2_setup(int id, void *arg) +{ + struct confirm_ctx *cctx = arg; + Channel *c; + + if (cctx == NULL) + fatal("%s: cctx == NULL", __func__); + if ((c = channel_lookup(id)) == NULL) + fatal("%s: no channel for id %d", __func__, id); + + client_session2_setup(id, cctx->want_tty, cctx->want_subsys, + cctx->term, &cctx->tio, c->rfd, &cctx->cmd, + client_subsystem_reply); + + c->confirm_ctx = NULL; + buffer_free(&cctx->cmd); + free(cctx->term); + free(cctx); +} + +static void +client_process_control(fd_set * readset) +{ + Buffer m; + Channel *c; + int client_fd, new_fd[3], ver; + socklen_t addrlen; + struct sockaddr_storage addr; + struct confirm_ctx *cctx; + char *cmd; + u_int len; + uid_t euid; + gid_t egid; + + /* + * Accept connection on control socket + */ + if (control_fd == -1 || !FD_ISSET(control_fd, readset)) + return; + + memset(&addr, 0, sizeof(addr)); + addrlen = sizeof(addr); + if ((client_fd = accept(control_fd, + (struct sockaddr*)&addr, &addrlen)) == -1) { + error("%s accept: %s", __func__, strerror(errno)); + return; + } + + if (getpeereid(client_fd, &euid, &egid) < 0) { + error("%s getpeereid failed: %s", __func__, strerror(errno)); + close(client_fd); + return; + } + if ((euid != 0) && (getuid() != euid)) { + error("control mode uid mismatch: peer euid %u != uid %u", + (u_int) euid, (u_int) getuid()); + close(client_fd); + return; + } + /* XXX: implement use of ssh-askpass to confirm additional channels */ + + unset_nonblock(client_fd); + + buffer_init(&m); + + buffer_put_int(&m, getpid()); + if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { + error("%s: client msg_send failed", __func__); + close(client_fd); + return; + } + buffer_clear(&m); + + if (ssh_msg_recv(client_fd, &m) == -1) { + error("%s: client msg_recv failed", __func__); + close(client_fd); + return; + } + + if ((ver = buffer_get_char(&m)) != 0) { + error("%s: wrong client version %d", __func__, ver); + buffer_free(&m); + close(client_fd); + return; + } + + cctx = xmalloc(sizeof(*cctx)); + memset(cctx, 0, sizeof(*cctx)); + + cctx->want_tty = buffer_get_int(&m); + cctx->want_subsys = buffer_get_int(&m); + cctx->term = buffer_get_string(&m, &len); + + cmd = buffer_get_string(&m, &len); + buffer_init(&cctx->cmd); + buffer_append(&cctx->cmd, cmd, strlen(cmd)); + + debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__, + cctx->want_tty, cctx->want_subsys, cmd); + + /* Gather fds from client */ + new_fd[0] = mm_receive_fd(client_fd); + new_fd[1] = mm_receive_fd(client_fd); + new_fd[2] = mm_receive_fd(client_fd); + + debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__, + new_fd[0], new_fd[1], new_fd[2]); + + /* Try to pick up ttymodes from client before it goes raw */ + if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1) + error("%s: tcgetattr: %s", __func__, strerror(errno)); + + buffer_clear(&m); + if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { + error("%s: client msg_send failed", __func__); + close(client_fd); + close(new_fd[0]); + close(new_fd[1]); + close(new_fd[2]); + return; + } + buffer_free(&m); + + /* enable nonblocking unless tty */ + if (!isatty(new_fd[0])) + set_nonblock(new_fd[0]); + if (!isatty(new_fd[1])) + set_nonblock(new_fd[1]); + if (!isatty(new_fd[2])) + set_nonblock(new_fd[2]); + + set_nonblock(client_fd); + + c = channel_new("session", SSH_CHANNEL_OPENING, + new_fd[0], new_fd[1], new_fd[2], + CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT, + CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); + + /* XXX */ + c->ctl_fd = client_fd; + + debug3("%s: channel_new: %d", __func__, c->self); + + channel_send_open(c->self); + channel_register_confirm(c->self, client_extra_session2_setup, cctx); +} + static void process_cmdline(void) { @@ -901,9 +1083,6 @@ simple_escape_filter(Channel *c, char *buf, int len) static void client_channel_closed(int id, void *arg) { - if (id != session_ident) - error("client_channel_closed: id %d != session_ident %d", - id, session_ident); channel_cancel_cleanup(id); session_closed = 1; leave_raw_mode(); @@ -937,6 +1116,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); max_fd = MAX(connection_in, connection_out); + if (control_fd != -1) + max_fd = MAX(max_fd, control_fd); if (!compat20) { /* enable nonblocking unless tty */ @@ -1054,6 +1235,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) /* Buffer input from the connection. */ client_process_net_input(readset); + /* Accept control connections. */ + client_process_control(readset); + if (quit_pending) break; @@ -1385,7 +1569,7 @@ static void client_input_channel_req(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; - int id, reply, success = 0; + int exitval, id, reply, success = 0; char *rtype; id = packet_get_int(); @@ -1395,18 +1579,21 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) debug("client_input_channel_req: channel %d rtype %s reply %d", id, rtype, reply); - if (session_ident == -1) { - error("client_input_channel_req: no channel %d", session_ident); - } else if (id != session_ident) { - error("client_input_channel_req: channel %d: wrong channel: %d", - session_ident, id); - } c = channel_lookup(id); if (c == NULL) { error("client_input_channel_req: channel %d: unknown channel", id); } else if (strcmp(rtype, "exit-status") == 0) { - success = 1; - exit_status = packet_get_int(); + exitval = packet_get_int(); + if (id == session_ident) { + success = 1; + exit_status = exitval; + } else if (c->ctl_fd == -1) { + error("client_input_channel_req: unexpected channel %d", + session_ident); + } else { + atomicio(vwrite, c->ctl_fd, &exitval, sizeof(exitval)); + success = 1; + } packet_check_eom(); } if (reply) { @@ -1437,6 +1624,98 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) xfree(rtype); } +void +client_session2_setup(int id, int want_tty, int want_subsystem, + const char *term, struct termios *tiop, int in_fd, Buffer *cmd, + dispatch_fn *subsys_repl) +{ + int len; + + debug2("%s: id %d", __func__, id); + + if (want_tty) { + struct winsize ws; + struct termios tio; + + /* Store window size in the packet. */ + if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0) + memset(&ws, 0, sizeof(ws)); + + channel_request_start(id, "pty-req", 0); + packet_put_cstring(term != NULL ? term : ""); + packet_put_int(ws.ws_col); + packet_put_int(ws.ws_row); + packet_put_int(ws.ws_xpixel); + packet_put_int(ws.ws_ypixel); + tio = get_saved_tio(); + tty_make_modes(-1, tiop != NULL ? tiop : &tio); + packet_send(); + /* XXX wait for reply */ + } + + /* Transfer any environment variables from client to server */ + if (options.num_send_env != 0) { + int i, j, matched; + extern char **environ; + char *name, *val; + + debug("Sending environment."); + for (i = 0; environ && environ[i] != NULL; i++) { + /* Split */ + name = xstrdup(environ[i]); + if ((val = strchr(name, '=')) == NULL) { + free(name); + continue; + } + *val++ = '\0'; + + matched = 0; + for (j = 0; j < options.num_send_env; j++) { + if (match_pattern(name, options.send_env[j])) { + matched = 1; + break; + } + } + if (!matched) { + debug3("Ignored env %s", name); + free(name); + continue; + } + + debug("Sending env %s = %s", name, val); + channel_request_start(id, "env", 0); + packet_put_cstring(name); + packet_put_cstring(val); + packet_send(); + free(name); + } + } + + len = buffer_len(cmd); + if (len > 0) { + if (len > 900) + len = 900; + if (want_subsystem) { + debug("Sending subsystem: %.*s", len, (u_char*)buffer_ptr(cmd)); + channel_request_start(id, "subsystem", subsys_repl != NULL); + if (subsys_repl != NULL) { + /* register callback for reply */ + /* XXX we assume that client_loop has already been called */ + dispatch_set(SSH2_MSG_CHANNEL_FAILURE, subsys_repl); + dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, subsys_repl); + } + } else { + debug("Sending command: %.*s", len, (u_char*)buffer_ptr(cmd)); + channel_request_start(id, "exec", 0); + } + packet_put_string(buffer_ptr(cmd), buffer_len(cmd)); + packet_send(); + } else { + channel_request_start(id, "shell", 0); + packet_send(); + } +} + static void client_init_dispatch_20(void) { @@ -1503,5 +1782,7 @@ cleanup_exit(int i) { leave_raw_mode(); leave_non_blocking(); + if (options.control_path != NULL && control_fd != -1) + unlink(options.control_path); _exit(i); } diff --git a/clientloop.h b/clientloop.h index 56af06bc1..f1e13ac3a 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.8 2003/12/16 15:49:51 markus Exp $ */ +/* $OpenBSD: clientloop.h,v 1.9 2004/06/13 15:03:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,3 +38,5 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); void client_global_request_reply_fwd(int, u_int32_t, void *); +void client_session2_setup(int, int, int, const char *, struct termios *, + int, Buffer *, dispatch_fn *); diff --git a/defines.h b/defines.h index 9b72afecb..73a45fe44 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.115 2004/04/14 07:24:30 dtucker Exp $ */ +/* $Id: defines.h,v 1.116 2004/06/15 00:34:08 djm Exp $ */ /* Constants */ @@ -462,6 +462,9 @@ struct winsize { (struct cmsghdr *)NULL) #endif /* CMSG_FIRSTHDR */ +#ifndef offsetof +# define offsetof(type, member) ((size_t) &((type *)0)->member) +#endif /* Function replacement / compatibility hacks */ diff --git a/includes.h b/includes.h index ca943c7e6..99b70502c 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.17 2002/01/26 16:44:22 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.18 2004/06/13 15:03:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -33,6 +33,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include #include #include +#include #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ diff --git a/readconf.c b/readconf.c index 5aa371ed9..2b1d7cc46 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.131 2004/05/27 00:50:13 dtucker Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.132 2004/06/13 15:03:02 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -106,7 +106,7 @@ typedef enum { oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, + oSendEnv, oControlPath, oControlMaster, oDeprecated, oUnsupported } OpCodes; @@ -195,6 +195,8 @@ static struct { { "serveraliveinterval", oServerAliveInterval }, { "serveralivecountmax", oServerAliveCountMax }, { "sendenv", oSendEnv }, + { "controlpath", oControlPath }, + { "controlmaster", oControlMaster }, { NULL, oBadOption } }; @@ -764,6 +766,14 @@ parse_int: } break; + case oControlPath: + charptr = &options->control_path; + goto parse_string; + + case oControlMaster: + intptr = &options->control_master; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -905,6 +915,8 @@ initialize_options(Options * options) options->server_alive_interval = -1; options->server_alive_count_max = -1; options->num_send_env = 0; + options->control_path = NULL; + options->control_master = -1; } /* @@ -1025,6 +1037,8 @@ fill_default_options(Options * options) options->server_alive_interval = 0; if (options->server_alive_count_max == -1) options->server_alive_count_max = 3; + if (options->control_master == -1) + options->control_master = 0; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index 668055943..5e504bece 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.62 2004/04/27 09:46:37 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.63 2004/06/13 15:03:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -108,6 +108,9 @@ typedef struct { int num_send_env; char *send_env[MAX_SEND_ENV]; + + char *control_path; + int control_master; } Options; diff --git a/scp.1 b/scp.1 index 202ebaadb..f346b2ae9 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.35 2004/05/04 18:36:07 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.36 2004/06/13 15:03:02 djm Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -128,6 +128,8 @@ For full details of the options listed below, and their possible values, see .It CompressionLevel .It ConnectionAttempts .It ConnectTimeout +.It ControlMaster +.It ControlPath .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials diff --git a/sftp.1 b/sftp.1 index 795a0342f..7f0ef1121 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.54 2004/05/02 23:02:17 dtucker Exp $ +.\" $OpenBSD: sftp.1,v 1.55 2004/06/13 15:03:02 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -154,6 +154,8 @@ For full details of the options listed below, and their possible values, see .It CompressionLevel .It ConnectionAttempts .It ConnectTimeout +.It ControlMaster +.It ControlPath .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 8a320a71e..471e7295b 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.16 2003/11/21 12:56:47 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.17 2004/06/15 00:34:08 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -69,10 +69,6 @@ extern char *__progname; char *__progname; #endif -#ifndef offsetof -# define offsetof(type, member) ((size_t) &((type *)0)->member) -#endif - #define WHITESPACE " \t\n" #ifndef RUSAGE_SELF diff --git a/ssh.1 b/ssh.1 index 6cef0851d..b70102be5 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.189 2004/06/13 14:01:42 dtucker Exp $ +.\" $OpenBSD: ssh.1,v 1.190 2004/06/13 15:03:02 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -43,7 +43,7 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh -.Op Fl 1246AaCfgkNnqsTtVvXxY +.Op Fl 1246AaCfgkMNnqSsTtVvXxY .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec .Op Fl D Ar port @@ -605,6 +605,17 @@ be specified in order of preference. See the .Cm MACs keyword for more information. +.It Fl M +Places the +.Nm +client into +.Dq master +mode for connection sharing. +Refer to the description of +.Cm ControlMaster +in +.Xr ssh_config 5 +for details. .It Fl N Do not execute a remote command. This is useful for just forwarding ports @@ -649,6 +660,8 @@ For full details of the options listed below, and their possible values, see .It CompressionLevel .It ConnectionAttempts .It ConnectTimeout +.It ControlMaster +.It ControlPath .It DynamicForward .It EscapeChar .It ForwardAgent @@ -724,6 +737,15 @@ IPv6 addresses can be specified with an alternative syntax: .Ar hostport . .Xc .Sm on +.It Fl S +Places the +.Nm +client into slave mode for connection sharing. +Refer to the description of +.Cm ControlMaster +in +.Xr ssh_config 5 +for details. .It Fl s May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use diff --git a/ssh.c b/ssh.c index 3c21fa37d..1c6ec8b6a 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.213 2004/05/08 00:01:37 deraadt Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.214 2004/06/13 15:03:02 djm Exp $"); #include #include @@ -53,21 +53,24 @@ RCSID("$OpenBSD: ssh.c,v 1.213 2004/05/08 00:01:37 deraadt Exp $"); #include "xmalloc.h" #include "packet.h" #include "buffer.h" +#include "bufaux.h" #include "channels.h" #include "key.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" +#include "dispatch.h" #include "clientloop.h" #include "log.h" #include "readconf.h" #include "sshconnect.h" -#include "dispatch.h" #include "misc.h" #include "kex.h" #include "mac.h" #include "sshpty.h" #include "match.h" +#include "msg.h" +#include "monitor_fdpass.h" #ifdef SMARTCARD #include "scard.h" @@ -141,6 +144,13 @@ static int client_global_request_id = 0; /* pid of proxycommand child process */ pid_t proxy_command_pid = 0; +/* fd to control socket */ +int control_fd = -1; + +/* Only used in control client mode */ +volatile sig_atomic_t control_client_terminate = 0; +u_int control_server_pid = 0; + /* Prints a help message to the user. This function never returns. */ static void @@ -158,6 +168,7 @@ usage(void) static int ssh_session(void); static int ssh_session2(void); static void load_public_identity_files(void); +static void control_client(const char *path); /* * Main program for the ssh client. @@ -228,7 +239,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -364,6 +375,9 @@ again: exit(1); } break; + case 'M': + options.control_master = 1; + break; case 'p': options.port = a2port(optarg); if (options.port == 0) { @@ -432,6 +446,13 @@ again: case 's': subsystem_flag = 1; break; + case 'S': + if (options.control_path != NULL) + free(options.control_path); + options.control_path = xstrdup(optarg); + if (options.control_master == -1) + options.control_master = 0; + break; case 'b': options.bind_address = optarg; break; @@ -566,6 +587,13 @@ again: strcmp(options.proxy_command, "none") == 0) options.proxy_command = NULL; + if (options.control_path != NULL) { + options.control_path = tilde_expand_filename( + options.control_path, original_real_uid); + } + if (options.control_path != NULL && options.control_master == 0) + control_client(options.control_path); /* This doesn't return */ + /* Open a connection to the remote host. */ if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, @@ -678,6 +706,9 @@ again: exit_status = compat20 ? ssh_session2() : ssh_session(); packet_close(); + if (options.control_path != NULL && control_fd != -1) + unlink(options.control_path); + /* * Send SIGHUP to proxy command if used. We don't wait() in * case it hangs and instead rely on init to reap the child @@ -974,7 +1005,7 @@ ssh_session(void) } static void -client_subsystem_reply(int type, u_int32_t seq, void *ctxt) +ssh_subsystem_reply(int type, u_int32_t seq, void *ctxt) { int id, len; @@ -1006,40 +1037,50 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) options.remote_forwards[i].port); } -/* request pty/x11/agent/tcpfwd/shell for channel */ static void -ssh_session2_setup(int id, void *arg) +ssh_control_listener(void) { - int len; - int interactive = 0; - struct termios tio; + struct sockaddr_un addr; + mode_t old_umask; + + if (options.control_path == NULL || options.control_master != 1) + return; - debug2("ssh_session2_setup: id %d", id); + memset(&addr, '\0', sizeof(addr)); + addr.sun_family = AF_UNIX; + addr.sun_len = offsetof(struct sockaddr_un, sun_path) + + strlen(options.control_path) + 1; - if (tty_flag) { - struct winsize ws; - char *cp; - cp = getenv("TERM"); - if (!cp) - cp = ""; - /* Store window size in the packet. */ - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) - memset(&ws, 0, sizeof(ws)); + if (strlcpy(addr.sun_path, options.control_path, + sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) + fatal("ControlPath too long"); - channel_request_start(id, "pty-req", 0); - packet_put_cstring(cp); - packet_put_int(ws.ws_col); - packet_put_int(ws.ws_row); - packet_put_int(ws.ws_xpixel); - packet_put_int(ws.ws_ypixel); - tio = get_saved_tio(); - tty_make_modes(/*ignored*/ 0, &tio); - packet_send(); - interactive = 1; - /* XXX wait for reply */ + if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + fatal("%s socket(): %s\n", __func__, strerror(errno)); + + old_umask = umask(0177); + if (bind(control_fd, (struct sockaddr*)&addr, addr.sun_len) == -1) { + control_fd = -1; + if (errno == EINVAL) + fatal("ControlSocket %s already exists", + options.control_path); + else + fatal("%s bind(): %s\n", __func__, strerror(errno)); } - if (options.forward_x11 && - getenv("DISPLAY") != NULL) { + umask(old_umask); + + if (listen(control_fd, 64) == -1) + fatal("%s listen(): %s\n", __func__, strerror(errno)); + + set_nonblock(control_fd); +} + +/* request pty/x11/agent/tcpfwd/shell for channel */ +static void +ssh_session2_setup(int id, void *arg) +{ + int interactive = tty_flag; + if (options.forward_x11 && getenv("DISPLAY") != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ x11_get_proto(&proto, &data); @@ -1057,65 +1098,8 @@ ssh_session2_setup(int id, void *arg) packet_send(); } - /* Transfer any environment variables from client to server */ - if (options.num_send_env != 0) { - int i, j, matched; - extern char **environ; - char *name, *val; - - debug("Sending environment."); - for (i = 0; environ && environ[i] != NULL; i++) { - /* Split */ - name = xstrdup(environ[i]); - if ((val = strchr(name, '=')) == NULL) { - free(name); - continue; - } - *val++ = '\0'; - - matched = 0; - for (j = 0; j < options.num_send_env; j++) { - if (match_pattern(name, options.send_env[j])) { - matched = 1; - break; - } - } - if (!matched) { - debug3("Ignored env %s", name); - free(name); - continue; - } - - debug("Sending env %s = %s", name, val); - channel_request_start(id, "env", 0); - packet_put_cstring(name); - packet_put_cstring(val); - packet_send(); - free(name); - } - } - - len = buffer_len(&command); - if (len > 0) { - if (len > 900) - len = 900; - if (subsystem_flag) { - debug("Sending subsystem: %.*s", len, (u_char *)buffer_ptr(&command)); - channel_request_start(id, "subsystem", /*want reply*/ 1); - /* register callback for reply */ - /* XXX we assume that client_loop has already been called */ - dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &client_subsystem_reply); - dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &client_subsystem_reply); - } else { - debug("Sending command: %.*s", len, (u_char *)buffer_ptr(&command)); - channel_request_start(id, "exec", 0); - } - packet_put_string(buffer_ptr(&command), buffer_len(&command)); - packet_send(); - } else { - channel_request_start(id, "shell", 0); - packet_send(); - } + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), + NULL, fileno(stdin), &command, &ssh_subsystem_reply); packet_set_interactive(interactive); } @@ -1161,7 +1145,7 @@ ssh_session2_open(void) channel_send_open(c->self); if (!no_shell_flag) - channel_register_confirm(c->self, ssh_session2_setup); + channel_register_confirm(c->self, ssh_session2_setup, NULL); return c->self; } @@ -1173,6 +1157,7 @@ ssh_session2(void) /* XXX should be pre-session */ ssh_init_forwarding(); + ssh_control_listener(); if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); @@ -1226,3 +1211,110 @@ load_public_identity_files(void) options.identity_keys[i] = public; } } + +static void +control_client_sighandler(int signo) +{ + control_client_terminate = signo; +} + +static void +control_client_sigrelay(int signo) +{ + if (control_server_pid > 1) + kill(control_server_pid, signo); +} + +static void +control_client(const char *path) +{ + struct sockaddr_un addr; + int r, sock, exitval; + Buffer m; + char *cp; + + memset(&addr, '\0', sizeof(addr)); + addr.sun_family = AF_UNIX; + addr.sun_len = offsetof(struct sockaddr_un, sun_path) + + strlen(path) + 1; + + if (strlcpy(addr.sun_path, path, + sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) + fatal("ControlPath too long"); + + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + fatal("%s socket(): %s", __func__, strerror(errno)); + + if (connect(sock, (struct sockaddr*)&addr, addr.sun_len) == -1) + fatal("Couldn't connect to %s: %s", path, strerror(errno)); + + if ((cp = getenv("TERM")) == NULL) + cp = ""; + + signal(SIGINT, control_client_sighandler); + signal(SIGTERM, control_client_sighandler); + signal(SIGWINCH, control_client_sigrelay); + + buffer_init(&m); + + /* Get PID of controlee */ + if (ssh_msg_recv(sock, &m) == -1) + fatal("%s: msg_recv", __func__); + if (buffer_get_char(&m) != 0) + fatal("%s: wrong version", __func__); + control_server_pid = buffer_get_int(&m); + + /* XXX: env passing */ + + buffer_clear(&m); + buffer_put_int(&m, tty_flag); + buffer_put_int(&m, subsystem_flag); + buffer_put_cstring(&m, cp); + + buffer_append(&command, "\0", 1); + buffer_put_cstring(&m, buffer_ptr(&command)); + + if (ssh_msg_send(sock, /* version */0, &m) == -1) + fatal("%s: msg_send", __func__); + + mm_send_fd(sock, STDIN_FILENO); + mm_send_fd(sock, STDOUT_FILENO); + mm_send_fd(sock, STDERR_FILENO); + + /* Wait for reply, so master has a chance to gather ttymodes */ + buffer_clear(&m); + if (ssh_msg_recv(sock, &m) == -1) + fatal("%s: msg_recv", __func__); + if (buffer_get_char(&m) != 0) + fatal("%s: master returned error", __func__); + buffer_free(&m); + + if (tty_flag) + enter_raw_mode(); + + /* Stick around until the controlee closes the client_fd */ + exitval = 0; + for (;!control_client_terminate;) { + r = read(sock, &exitval, sizeof(exitval)); + if (r == 0) { + debug2("Received EOF from master"); + break; + } + if (r > 0) + debug2("Received exit status from master %d", exitval); + if (r == -1 && errno != EINTR) + fatal("%s: read %s", __func__, strerror(errno)); + } + + if (control_client_terminate) + debug2("Exiting on signal %d", control_client_terminate); + + close(sock); + + leave_raw_mode(); + + if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET) + fprintf(stderr, "Connection to master closed.\r\n"); + + exit(exitval); +} diff --git a/ssh_config.5 b/ssh_config.5 index 46d3012c8..bab11d313 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.35 2004/06/13 14:01:42 dtucker Exp $ +.\" $OpenBSD: ssh_config.5,v 1.36 2004/06/13 15:03:02 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -256,6 +256,28 @@ will act as a SOCKS server. Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.It Cm ControlMaster +Enables the sharing of multiple sessions over a single network connection. +When set to +.Dq yes +.Nm ssh +will listen for connections on a control socket specified using the +.Cm ControlPath +argument. +Additional sessions can connect to this socket using the same +.Cm ControlPath +with +.Cm ControlMaster +set to +.Dq no +(the default.) +These sessions will reuse the master instance's network connection rather +than initiating new ones. +.It Cm ControlPath +Specify a the path to the control socket used for connection sharing. +See +.Cm ControlMaster +above. .It Cm EnableSSHKeysign Setting this option to .Dq yes -- cgit v1.2.3 From 232711f6dbc107711b3957bfa2fd798aec702241 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 15 Jun 2004 10:35:30 +1000 Subject: - djm@cvs.openbsd.org 2004/06/14 01:44:39 [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] [sshd.c] set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ --- ChangeLog | 6 +++++- channels.c | 6 +++--- clientloop.c | 4 ++-- misc.c | 34 ++++++++++++++++++++-------------- misc.h | 6 +++--- packet.c | 11 ++++------- ssh-agent.c | 5 ++--- ssh-keyscan.c | 6 +++--- sshd.c | 8 +++----- 9 files changed, 45 insertions(+), 41 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 36aeb85bb..d1d45db79 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,10 @@ [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] implement session multiplexing in the client (the server has supported this since 2.0); ok markus@ + - djm@cvs.openbsd.org 2004/06/14 01:44:39 + [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] + [sshd.c] + set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ 20040603 - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. @@ -1213,4 +1217,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3382 2004/06/15 00:34:08 djm Exp $ +$Id: ChangeLog,v 1.3383 2004/06/15 00:35:30 djm Exp $ diff --git a/channels.c b/channels.c index 1fb1092c8..97c1fd31b 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.204 2004/06/13 15:03:02 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.205 2004/06/14 01:44:38 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2509,8 +2509,8 @@ connect_to(const char *host, u_short port) verbose("socket: %.100s", strerror(errno)); continue; } - if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) - fatal("connect_to: F_SETFL: %s", strerror(errno)); + if (set_nonblock(sock) == -1) + fatal("%s: set_nonblock(%d)", __func__, sock); if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 && errno != EINPROGRESS) { error("connect_to %.100s port %s: %.100s", ntop, strport, diff --git a/clientloop.c b/clientloop.c index 6401588a9..eada56033 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.123 2004/06/13 15:03:02 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.124 2004/06/14 01:44:38 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -167,7 +167,7 @@ static void enter_non_blocking(void) { in_non_blocking_mode = 1; - (void) fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); + set_nonblock(fileno(stdin)); } /* diff --git a/misc.c b/misc.c index 1f320353e..1c43bc007 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.23 2003/10/28 09:08:06 markus Exp $"); +RCSID("$OpenBSD: misc.c,v 1.24 2004/06/14 01:44:39 djm Exp $"); #include "misc.h" #include "log.h" @@ -46,7 +46,7 @@ chop(char *s) } /* set/unset filedescriptor to non-blocking */ -void +int set_nonblock(int fd) { int val; @@ -54,20 +54,23 @@ set_nonblock(int fd) val = fcntl(fd, F_GETFL, 0); if (val < 0) { error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; + return (-1); } if (val & O_NONBLOCK) { - debug2("fd %d is O_NONBLOCK", fd); - return; + debug3("fd %d is O_NONBLOCK", fd); + return (0); } debug2("fd %d setting O_NONBLOCK", fd); val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", - fd, strerror(errno)); + if (fcntl(fd, F_SETFL, val) == -1) { + debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, + strerror(errno)); + return (-1); + } + return (0); } -void +int unset_nonblock(int fd) { int val; @@ -75,17 +78,20 @@ unset_nonblock(int fd) val = fcntl(fd, F_GETFL, 0); if (val < 0) { error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; + return (-1); } if (!(val & O_NONBLOCK)) { - debug2("fd %d is not O_NONBLOCK", fd); - return; + debug3("fd %d is not O_NONBLOCK", fd); + return (0); } debug("fd %d clearing O_NONBLOCK", fd); val &= ~O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", + if (fcntl(fd, F_SETFL, val) == -1) { + debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", fd, strerror(errno)); + return (-1); + } + return (0); } /* disable nagle on socket */ diff --git a/misc.h b/misc.h index d4a23cba3..6a4eff136 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.14 2004/05/08 00:21:31 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.15 2004/06/14 01:44:39 djm Exp $ */ /* * Author: Tatu Ylonen @@ -16,8 +16,8 @@ char *chop(char *); char *strdelim(char **); -void set_nonblock(int); -void unset_nonblock(int); +int set_nonblock(int); +int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); char *cleanhostname(char *); diff --git a/packet.c b/packet.c index fe3eea094..fca0075e7 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.113 2004/05/11 19:01:43 deraadt Exp $"); +RCSID("$OpenBSD: packet.c,v 1.114 2004/06/14 01:44:39 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -319,13 +319,10 @@ void packet_set_nonblocking(void) { /* Set the socket into non-blocking mode. */ - if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0) - error("fcntl O_NONBLOCK: %.100s", strerror(errno)); + set_nonblock(connection_in); - if (connection_out != connection_in) { - if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0) - error("fcntl O_NONBLOCK: %.100s", strerror(errno)); - } + if (connection_out != connection_in) + set_nonblock(connection_out); } /* Returns the socket used for reading. */ diff --git a/ssh-agent.c b/ssh-agent.c index a38322160..ea84f2196 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.118 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.119 2004/06/14 01:44:39 djm Exp $"); #include #include @@ -789,8 +789,7 @@ new_socket(sock_type type, int fd) { u_int i, old_alloc, new_alloc; - if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) - error("fcntl O_NONBLOCK: %s", strerror(errno)); + set_nonblock(fd); if (fd > max_fd) max_fd = fd; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c4a2414b1..01615b5c3 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.48 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.49 2004/06/14 01:44:39 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -397,8 +397,8 @@ tcpconnect(char *host) error("socket: %s", strerror(errno)); continue; } - if (fcntl(s, F_SETFL, O_NONBLOCK) < 0) - fatal("F_SETFL: %s", strerror(errno)); + if (set_nonblock(s) == -1) + fatal("%s: set_nonblock(%d)", __func__, s); if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 && errno != EINPROGRESS) error("connect (`%s'): %s", host, strerror(errno)); diff --git a/sshd.c b/sshd.c index 5f3878119..34379172f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.292 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.293 2004/06/14 01:44:39 djm Exp $"); #include #include @@ -1140,8 +1140,7 @@ main(int ac, char **av) verbose("socket: %.100s", strerror(errno)); continue; } - if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) < 0) { - error("listen_sock O_NONBLOCK: %s", strerror(errno)); + if (set_nonblock(listen_sock) == -1) { close(listen_sock); continue; } @@ -1284,8 +1283,7 @@ main(int ac, char **av) error("accept: %.100s", strerror(errno)); continue; } - if (fcntl(newsock, F_SETFL, 0) < 0) { - error("newsock del O_NONBLOCK: %s", strerror(errno)); + if (unset_nonblock(newsock) == -1) { close(newsock); continue; } -- cgit v1.2.3 From 03e66f650c63cac36adf26ba49500320d9d24b86 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 15 Jun 2004 15:47:51 +1000 Subject: - djm@cvs.openbsd.org 2004/06/15 05:45:04 [clientloop.c] missed one unset_nonblock; spotted by Tim Rice --- ChangeLog | 7 +++++-- clientloop.c | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 6f5022e02..f28a8ff43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,7 +32,10 @@ - djm@cvs.openbsd.org 2004/06/14 01:44:39 [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] [sshd.c] - set_nonblock() instead of fcntl(...,O_NONBLOCK); "looks sane" deraadt@ + set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ + - djm@cvs.openbsd.org 2004/06/15 05:45:04 + [clientloop.c] + missed one unset_nonblock; spotted by Tim Rice - (djm) Fix Makefile.in for connection sharing changes - (djm) [ssh.c] Use separate var for address length @@ -1219,4 +1222,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3386 2004/06/15 04:25:33 tim Exp $ +$Id: ChangeLog,v 1.3387 2004/06/15 05:47:51 djm Exp $ diff --git a/clientloop.c b/clientloop.c index eada56033..6b849a91a 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.124 2004/06/14 01:44:38 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.125 2004/06/15 05:45:04 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -156,7 +156,7 @@ static void leave_non_blocking(void) { if (in_non_blocking_mode) { - (void) fcntl(fileno(stdin), F_SETFL, 0); + unset_nonblock(fileno(stdin)); in_non_blocking_mode = 0; } } -- cgit v1.2.3 From 3756dcee244f47c20a6590129d99e625169836c6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 18 Jun 2004 01:17:29 +1000 Subject: - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2004/06/17 14:52:48 [clientloop.c clientloop.h ssh.c] support environment passing over shared connections; ok markus@ --- ChangeLog | 8 +++++++- clientloop.c | 38 +++++++++++++++++++++++++++----------- clientloop.h | 4 ++-- ssh.c | 18 +++++++++++++----- 4 files changed, 49 insertions(+), 19 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 95b583e3c..ae4897e6d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20040618 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/06/17 14:52:48 + [clientloop.c clientloop.h ssh.c] + support environment passing over shared connections; ok markus@ + 20040617 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some platforms), so test if diff understands it. Pointed out by tim@, ok djm@ @@ -1270,4 +1276,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3404 2004/06/17 07:01:21 dtucker Exp $ +$Id: ChangeLog,v 1.3405 2004/06/17 15:17:29 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 6b849a91a..eb3200331 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.125 2004/06/15 05:45:04 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -143,6 +143,7 @@ struct confirm_ctx { Buffer cmd; char *term; struct termios tio; + char **env; }; /*XXX*/ @@ -538,6 +539,7 @@ client_extra_session2_setup(int id, void *arg) { struct confirm_ctx *cctx = arg; Channel *c; + int i; if (cctx == NULL) fatal("%s: cctx == NULL", __func__); @@ -545,13 +547,18 @@ client_extra_session2_setup(int id, void *arg) fatal("%s: no channel for id %d", __func__, id); client_session2_setup(id, cctx->want_tty, cctx->want_subsys, - cctx->term, &cctx->tio, c->rfd, &cctx->cmd, + cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); c->confirm_ctx = NULL; buffer_free(&cctx->cmd); - free(cctx->term); - free(cctx); + xfree(cctx->term); + if (cctx->env != NULL) { + for (i = 0; cctx->env[i] != NULL; i++) + xfree(cctx->env[i]); + xfree(cctx->env); + } + xfree(cctx); } static void @@ -559,12 +566,12 @@ client_process_control(fd_set * readset) { Buffer m; Channel *c; - int client_fd, new_fd[3], ver; + int client_fd, new_fd[3], ver, i; socklen_t addrlen; struct sockaddr_storage addr; struct confirm_ctx *cctx; char *cmd; - u_int len; + u_int len, env_len; uid_t euid; gid_t egid; @@ -631,6 +638,16 @@ client_process_control(fd_set * readset) buffer_init(&cctx->cmd); buffer_append(&cctx->cmd, cmd, strlen(cmd)); + env_len = buffer_get_int(&m); + env_len = MIN(env_len, 4096); + debug3("%s: receiving %d env vars", __func__, env_len); + if (env_len != 0) { + cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1)); + for (i = 0; i < env_len; i++) + cctx->env[i] = buffer_get_string(&m, &len); + cctx->env[i] = NULL; + } + debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__, cctx->want_tty, cctx->want_subsys, cmd); @@ -1626,7 +1643,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) void client_session2_setup(int id, int want_tty, int want_subsystem, - const char *term, struct termios *tiop, int in_fd, Buffer *cmd, + const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env, dispatch_fn *subsys_repl) { int len; @@ -1654,15 +1671,14 @@ client_session2_setup(int id, int want_tty, int want_subsystem, } /* Transfer any environment variables from client to server */ - if (options.num_send_env != 0) { + if (options.num_send_env != 0 && env != NULL) { int i, j, matched; - extern char **environ; char *name, *val; debug("Sending environment."); - for (i = 0; environ && environ[i] != NULL; i++) { + for (i = 0; env[i] != NULL; i++) { /* Split */ - name = xstrdup(environ[i]); + name = xstrdup(env[i]); if ((val = strchr(name, '=')) == NULL) { free(name); continue; diff --git a/clientloop.h b/clientloop.h index f1e13ac3a..c34d6674d 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.9 2004/06/13 15:03:02 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.10 2004/06/17 14:52:48 djm Exp $ */ /* * Author: Tatu Ylonen @@ -39,4 +39,4 @@ int client_loop(int, int, int); void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, - int, Buffer *, dispatch_fn *); + int, Buffer *, char **, dispatch_fn *); diff --git a/ssh.c b/ssh.c index 4badd2961..9b434b93e 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.214 2004/06/13 15:03:02 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.215 2004/06/17 14:52:48 djm Exp $"); #include #include @@ -1080,6 +1080,8 @@ ssh_control_listener(void) static void ssh_session2_setup(int id, void *arg) { + extern char **environ; + int interactive = tty_flag; if (options.forward_x11 && getenv("DISPLAY") != NULL) { char *proto, *data; @@ -1100,7 +1102,7 @@ ssh_session2_setup(int id, void *arg) } client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), - NULL, fileno(stdin), &command, &ssh_subsystem_reply); + NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); packet_set_interactive(interactive); } @@ -1230,9 +1232,10 @@ static void control_client(const char *path) { struct sockaddr_un addr; - int r, sock, exitval, addr_len; + int i, r, sock, exitval, addr_len; Buffer m; char *cp; + extern char **environ; memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; @@ -1265,8 +1268,6 @@ control_client(const char *path) fatal("%s: wrong version", __func__); control_server_pid = buffer_get_int(&m); - /* XXX: env passing */ - buffer_clear(&m); buffer_put_int(&m, tty_flag); buffer_put_int(&m, subsystem_flag); @@ -1275,6 +1276,13 @@ control_client(const char *path) buffer_append(&command, "\0", 1); buffer_put_cstring(&m, buffer_ptr(&command)); + /* Pass environment */ + for (i = 0; environ != NULL && environ[i] != NULL; i++) + ; + buffer_put_int(&m, i); + for (i = 0; environ != NULL && environ[i] != NULL; i++) + buffer_put_cstring(&m, environ[i]); + if (ssh_msg_send(sock, /* version */0, &m) == -1) fatal("%s: msg_send", __func__); -- cgit v1.2.3 From 23f0770a1bf8b0a1aa7c8d4bd78699fa0e9358d0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 18 Jun 2004 01:19:03 +1000 Subject: - djm@cvs.openbsd.org 2004/06/17 15:10:14 [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@ --- ChangeLog | 6 +++++- clientloop.c | 38 ++++++++++++++++++++++++++++++++++---- misc.h | 3 ++- readconf.c | 4 ++-- readpass.c | 9 +++++++-- ssh.c | 7 +++++-- ssh_config.5 | 11 ++++++++++- 7 files changed, 65 insertions(+), 13 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index ae4897e6d..7b74a0bf7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - djm@cvs.openbsd.org 2004/06/17 14:52:48 [clientloop.c clientloop.h ssh.c] support environment passing over shared connections; ok markus@ + - djm@cvs.openbsd.org 2004/06/17 15:10:14 + [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] + Add option for confirmation (ControlMaster=ask) via ssh-askpass before + opening shared connections; ok markus@ 20040617 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some @@ -1276,4 +1280,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3405 2004/06/17 15:17:29 djm Exp $ +$Id: ChangeLog,v 1.3406 2004/06/17 15:19:03 djm Exp $ diff --git a/clientloop.c b/clientloop.c index eb3200331..8f2f270d7 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -549,7 +549,7 @@ client_extra_session2_setup(int id, void *arg) client_session2_setup(id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); - + c->confirm_ctx = NULL; buffer_free(&cctx->cmd); xfree(cctx->term); @@ -566,7 +566,7 @@ client_process_control(fd_set * readset) { Buffer m; Channel *c; - int client_fd, new_fd[3], ver, i; + int client_fd, new_fd[3], ver, i, allowed; socklen_t addrlen; struct sockaddr_storage addr; struct confirm_ctx *cctx; @@ -600,23 +600,52 @@ client_process_control(fd_set * readset) close(client_fd); return; } - /* XXX: implement use of ssh-askpass to confirm additional channels */ + + allowed = 1; + if (options.control_master == 2) { + char *p, prompt[1024]; + + allowed = 0; + snprintf(prompt, sizeof(prompt), + "Allow shared connection to %s? ", host); + p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); + if (p != NULL) { + /* + * Accept empty responses and responses consisting + * of the word "yes" as affirmative. + */ + if (*p == '\0' || *p == '\n' || + strcasecmp(p, "yes") == 0) + allowed = 1; + xfree(p); + } + } unset_nonblock(client_fd); buffer_init(&m); + buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); + buffer_free(&m); return; } buffer_clear(&m); + if (!allowed) { + error("Refused control connection"); + close(client_fd); + buffer_free(&m); + return; + } + if (ssh_msg_recv(client_fd, &m) == -1) { error("%s: client msg_recv failed", __func__); close(client_fd); + buffer_free(&m); return; } @@ -670,6 +699,7 @@ client_process_control(fd_set * readset) close(new_fd[0]); close(new_fd[1]); close(new_fd[2]); + buffer_free(&m); return; } buffer_free(&m); diff --git a/misc.h b/misc.h index 6a4eff136..ffa8d8f27 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.15 2004/06/14 01:44:39 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.16 2004/06/17 15:10:14 djm Exp $ */ /* * Author: Tatu Ylonen @@ -43,5 +43,6 @@ char *tilde_expand_filename(const char *, uid_t); #define RP_ECHO 0x0001 #define RP_ALLOW_STDIN 0x0002 #define RP_ALLOW_EOF 0x0004 +#define RP_USE_ASKPASS 0x0008 char *read_passphrase(const char *, int); diff --git a/readconf.c b/readconf.c index 2b1d7cc46..429f69129 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.132 2004/06/13 15:03:02 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -772,7 +772,7 @@ parse_int: case oControlMaster: intptr = &options->control_master; - goto parse_flag; + goto parse_yesnoask; case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", diff --git a/readpass.c b/readpass.c index fc7629c37..eb4f6fdb6 100644 --- a/readpass.c +++ b/readpass.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.29 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $"); #include "xmalloc.h" #include "misc.h" @@ -103,7 +103,9 @@ read_passphrase(const char *prompt, int flags) int rppflags, use_askpass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; - if (flags & RP_ALLOW_STDIN) { + if (flags & RP_USE_ASKPASS) + use_askpass = 1; + else if (flags & RP_ALLOW_STDIN) { if (!isatty(STDIN_FILENO)) use_askpass = 1; } else { @@ -115,6 +117,9 @@ read_passphrase(const char *prompt, int flags) use_askpass = 1; } + if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) + return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); + if (use_askpass && getenv("DISPLAY")) { if (getenv(SSH_ASKPASS_ENV)) askpass = getenv(SSH_ASKPASS_ENV); diff --git a/ssh.c b/ssh.c index 9b434b93e..6f8114d53 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.215 2004/06/17 14:52:48 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $"); #include #include @@ -1044,7 +1044,7 @@ ssh_control_listener(void) mode_t old_umask; int addr_len; - if (options.control_path == NULL || options.control_master != 1) + if (options.control_path == NULL || options.control_master <= 0) return; memset(&addr, '\0', sizeof(addr)); @@ -1266,6 +1266,9 @@ control_client(const char *path) fatal("%s: msg_recv", __func__); if (buffer_get_char(&m) != 0) fatal("%s: wrong version", __func__); + /* Connection allowed? */ + if (buffer_get_int(&m) != 1) + fatal("Connection to master denied"); control_server_pid = buffer_get_int(&m); buffer_clear(&m); diff --git a/ssh_config.5 b/ssh_config.5 index bab11d313..3e8c1db06 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.36 2004/06/13 15:03:02 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.37 2004/06/17 15:10:14 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -273,6 +273,15 @@ set to (the default.) These sessions will reuse the master instance's network connection rather than initiating new ones. +Setting this to +.Dq ask +will cause +.Nm ssh +to listen for control connections, but require confirmation using the +.Ev SSH_ASKPASS +program before they are accepted (see +.Xr ssh-add 1 +for details) .It Cm ControlPath Specify a the path to the control socket used for connection sharing. See -- cgit v1.2.3 From 3bbd878c2ec2b337b9e5b9455e0a2bd1902a0824 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 18 Jun 2004 22:23:22 +1000 Subject: - djm@cvs.openbsd.org 2004/06/18 11:11:54 [channels.c clientloop.c] Don't explode in clientloop when we receive a bogus channel id, but also don't generate them to begin with; ok markus@ --- ChangeLog | 6 +++++- channels.c | 4 ++-- clientloop.c | 9 +++++---- 3 files changed, 12 insertions(+), 7 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index adbb925ec..57dc1693a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,10 @@ [ssh.1 ssh.c] trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; ok djm + - djm@cvs.openbsd.org 2004/06/18 11:11:54 + [channels.c clientloop.c] + Don't explode in clientloop when we receive a bogus channel id, but + also don't generate them to begin with; ok markus@ 20040617 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some @@ -1305,4 +1309,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3413 2004/06/18 12:21:55 djm Exp $ +$Id: ChangeLog,v 1.3414 2004/06/18 12:23:22 djm Exp $ diff --git a/channels.c b/channels.c index 97c1fd31b..68d854388 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.205 2004/06/14 01:44:38 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.206 2004/06/18 11:11:54 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -487,7 +487,7 @@ channel_find_open(void) for (i = 0; i < channels_alloc; i++) { c = channels[i]; - if (c == NULL) + if (c == NULL || c->remote_id < 0) continue; switch (c->type) { case SSH_CHANNEL_CLOSED: diff --git a/clientloop.c b/clientloop.c index 8f2f270d7..79aabbe06 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.128 2004/06/18 11:11:54 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1626,8 +1626,9 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) debug("client_input_channel_req: channel %d rtype %s reply %d", id, rtype, reply); - c = channel_lookup(id); - if (c == NULL) { + if (id == -1) { + error("client_input_channel_req: request for channel -1"); + } else if ((c = channel_lookup(id)) == NULL) { error("client_input_channel_req: channel %d: unknown channel", id); } else if (strcmp(rtype, "exit-status") == 0) { exitval = packet_get_int(); @@ -1646,7 +1647,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) if (reply) { packet_start(success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); - packet_put_int(c->remote_id); + packet_put_int(id); packet_send(); } xfree(rtype); -- cgit v1.2.3 From fc9597034b819b295966f61d8dc797b53fda45c7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Jul 2004 16:12:08 +1000 Subject: - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces --- ChangeLog | 9 ++++++++- channels.c | 11 +++++------ cipher.c | 32 ++++++++++++++++---------------- clientloop.c | 18 +++++++++--------- clientloop.h | 4 ++-- compat.h | 4 ++-- moduli.c | 48 ++++++++++++++++++++++++------------------------ nchan.c | 16 ++++++++-------- pathnames.h | 4 ++-- progressmeter.c | 18 +++++++++--------- readconf.c | 6 +++--- readconf.h | 4 ++-- servconf.c | 4 ++-- session.c | 6 +++--- sftp-client.c | 8 ++++---- sftp.c | 8 ++++---- ssh-agent.1 | 4 ++-- ssh-keygen.c | 4 ++-- ssh.c | 10 +++++----- ssh1.h | 8 ++++---- sshd.c | 6 +++--- ttymodes.h | 18 +++++++++--------- 22 files changed, 128 insertions(+), 122 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index a36c1dd22..e09a0fc83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,13 @@ ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces diff vs OpenBSD; ok mouring@, tested by tim@ too. + - (dtucker) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 + [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c + readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c + session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h + sshd.c ttymodes.h] + spaces 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows @@ -1509,4 +1516,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3474 2004/07/17 04:07:42 dtucker Exp $ +$Id: ChangeLog,v 1.3475 2004/07/17 06:12:08 dtucker Exp $ diff --git a/channels.c b/channels.c index a72d9b93d..cf46ce09f 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.207 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.208 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -737,7 +737,7 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) FD_SET(c->efd, readset); } /* XXX: What about efd? races? */ - if (compat20 && c->ctl_fd != -1 && + if (compat20 && c->ctl_fd != -1 && c->istate == CHAN_INPUT_OPEN && c->ostate == CHAN_OUTPUT_OPEN) FD_SET(c->ctl_fd, readset); } @@ -2277,7 +2277,7 @@ channel_cancel_rport_listener(const char *host, u_short port) if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && strncmp(c->path, host, sizeof(c->path)) == 0 && - c->listening_port == port) { + c->listening_port == port) { debug2("%s: close clannel %d", __func__, i); channel_free(c); found = 1; @@ -2364,10 +2364,9 @@ channel_request_remote_forwarding(u_short listen_port, } /* - * Request cancellation of remote forwarding of connection host:port from + * Request cancellation of remote forwarding of connection host:port from * local side. */ - void channel_request_rforward_cancel(u_short port) { @@ -2378,7 +2377,7 @@ channel_request_rforward_cancel(u_short port) return; for (i = 0; i < num_permitted_opens; i++) { - if (permitted_opens[i].host_to_connect != NULL && + if (permitted_opens[i].host_to_connect != NULL && permitted_opens[i].listen_port == port) break; } diff --git a/cipher.c b/cipher.c index 64bd744b8..93f96be6d 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.69 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.70 2004/07/11 17:48:47 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -76,19 +76,19 @@ struct Cipher { u_int key_len; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, - - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, - { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, - { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, - { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, + { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, + { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, + + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, + { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, + { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, + { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, #if OPENSSL_VERSION_NUMBER < 0x00907000L - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, #else @@ -99,9 +99,9 @@ struct Cipher { SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, #endif #if OPENSSL_VERSION_NUMBER >= 0x00905000L - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, #endif #if defined(EVP_CTRL_SET_ACSS_MODE) { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, diff --git a/clientloop.c b/clientloop.c index 79aabbe06..def4d8a7b 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.128 2004/06/18 11:11:54 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.129 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -402,7 +402,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, if (options.server_alive_interval == 0 || !compat20) tvp = NULL; - else { + else { tv.tv_sec = options.server_alive_interval; tv.tv_usec = 0; tvp = &tv; @@ -517,7 +517,7 @@ client_subsystem_reply(int type, u_int32_t seq, void *ctxt) { int id; Channel *c; - + id = packet_get_int(); packet_check_eom(); @@ -540,13 +540,13 @@ client_extra_session2_setup(int id, void *arg) struct confirm_ctx *cctx = arg; Channel *c; int i; - + if (cctx == NULL) fatal("%s: cctx == NULL", __func__); if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); - client_session2_setup(id, cctx->want_tty, cctx->want_subsys, + client_session2_setup(id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); @@ -557,7 +557,7 @@ client_extra_session2_setup(int id, void *arg) for (i = 0; cctx->env[i] != NULL; i++) xfree(cctx->env[i]); xfree(cctx->env); - } + } xfree(cctx); } @@ -614,7 +614,7 @@ client_process_control(fd_set * readset) * Accept empty responses and responses consisting * of the word "yes" as affirmative. */ - if (*p == '\0' || *p == '\n' || + if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) allowed = 1; xfree(p); @@ -714,7 +714,7 @@ client_process_control(fd_set * readset) set_nonblock(client_fd); - c = channel_new("session", SSH_CHANNEL_OPENING, + c = channel_new("session", SSH_CHANNEL_OPENING, new_fd[0], new_fd[1], new_fd[2], CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); @@ -1673,7 +1673,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) } void -client_session2_setup(int id, int want_tty, int want_subsystem, +client_session2_setup(int id, int want_tty, int want_subsystem, const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env, dispatch_fn *subsys_repl) { diff --git a/clientloop.h b/clientloop.h index c34d6674d..9992d5938 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.10 2004/06/17 14:52:48 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -38,5 +38,5 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); void client_global_request_reply_fwd(int, u_int32_t, void *); -void client_session2_setup(int, int, int, const char *, struct termios *, +void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); diff --git a/compat.h b/compat.h index efa0f081e..5efb5c29e 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.37 2003/11/02 11:01:03 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.38 2004/07/11 17:48:47 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -27,7 +27,7 @@ #ifndef COMPAT_H #define COMPAT_H -#define SSH_PROTO_UNKNOWN 0x00 +#define SSH_PROTO_UNKNOWN 0x00 #define SSH_PROTO_1 0x01 #define SSH_PROTO_1_PREFERRED 0x02 #define SSH_PROTO_2 0x04 diff --git a/moduli.c b/moduli.c index c8769c0aa..581b03503 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.8 2004/05/21 08:43:03 markus Exp $ */ +/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -48,68 +48,68 @@ */ /* need line long enough for largest moduli plus headers */ -#define QLINESIZE (100+8192) +#define QLINESIZE (100+8192) /* Type: decimal. * Specifies the internal structure of the prime modulus. */ -#define QTYPE_UNKNOWN (0) -#define QTYPE_UNSTRUCTURED (1) -#define QTYPE_SAFE (2) -#define QTYPE_SCHNOOR (3) -#define QTYPE_SOPHIE_GERMAIN (4) -#define QTYPE_STRONG (5) +#define QTYPE_UNKNOWN (0) +#define QTYPE_UNSTRUCTURED (1) +#define QTYPE_SAFE (2) +#define QTYPE_SCHNOOR (3) +#define QTYPE_SOPHIE_GERMAIN (4) +#define QTYPE_STRONG (5) /* Tests: decimal (bit field). * Specifies the methods used in checking for primality. * Usually, more than one test is used. */ -#define QTEST_UNTESTED (0x00) -#define QTEST_COMPOSITE (0x01) -#define QTEST_SIEVE (0x02) -#define QTEST_MILLER_RABIN (0x04) -#define QTEST_JACOBI (0x08) -#define QTEST_ELLIPTIC (0x10) +#define QTEST_UNTESTED (0x00) +#define QTEST_COMPOSITE (0x01) +#define QTEST_SIEVE (0x02) +#define QTEST_MILLER_RABIN (0x04) +#define QTEST_JACOBI (0x08) +#define QTEST_ELLIPTIC (0x10) /* * Size: decimal. * Specifies the number of the most significant bit (0 to M). * WARNING: internally, usually 1 to N. */ -#define QSIZE_MINIMUM (511) +#define QSIZE_MINIMUM (511) /* * Prime sieving defines */ /* Constant: assuming 8 bit bytes and 32 bit words */ -#define SHIFT_BIT (3) -#define SHIFT_BYTE (2) -#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) -#define SHIFT_MEGABYTE (20) -#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) +#define SHIFT_BIT (3) +#define SHIFT_BYTE (2) +#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) +#define SHIFT_MEGABYTE (20) +#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) /* * Using virtual memory can cause thrashing. This should be the largest * number that is supported without a large amount of disk activity -- * that would increase the run time from hours to days or weeks! */ -#define LARGE_MINIMUM (8UL) /* megabytes */ +#define LARGE_MINIMUM (8UL) /* megabytes */ /* * Do not increase this number beyond the unsigned integer bit size. * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits). */ -#define LARGE_MAXIMUM (127UL) /* megabytes */ +#define LARGE_MAXIMUM (127UL) /* megabytes */ /* * Constant: when used with 32-bit integers, the largest sieve prime * has to be less than 2**32. */ -#define SMALL_MAXIMUM (0xffffffffUL) +#define SMALL_MAXIMUM (0xffffffffUL) /* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */ -#define TINY_NUMBER (1UL<<16) +#define TINY_NUMBER (1UL<<16) /* Ensure enough bit space for testing 2*q. */ #define TEST_MAXIMUM (1UL<<16) diff --git a/nchan.c b/nchan.c index ecf59c5db..aee3f37b0 100644 --- a/nchan.c +++ b/nchan.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.50 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh1.h" #include "ssh2.h" @@ -42,15 +42,15 @@ RCSID("$OpenBSD: nchan.c,v 1.50 2004/06/21 17:36:31 avsm Exp $"); * tear down of channels: * * 1.3: strict request-ack-protocol: - * CLOSE -> - * <- CLOSE_CONFIRM + * CLOSE -> + * <- CLOSE_CONFIRM * * 1.5: uses variations of: - * IEOF -> - * <- OCLOSE - * <- IEOF - * OCLOSE -> - * i.e. both sides have to close the channel + * IEOF -> + * <- OCLOSE + * <- IEOF + * OCLOSE -> + * i.e. both sides have to close the channel * * 2.0: the EOF messages are optional * diff --git a/pathnames.h b/pathnames.h index 53208cf58..cf42625a4 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.14 2004/01/30 09:48:57 markus Exp $ */ +/* $OpenBSD: pathnames.h,v 1.15 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -122,7 +122,7 @@ /* Location of ssh-keysign for hostbased authentication */ #ifndef _PATH_SSH_KEY_SIGN -#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" +#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" #endif /* xauth for X11 forwarding */ diff --git a/progressmeter.c b/progressmeter.c index 629a536b2..93f5a3e62 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.21 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $"); #include "progressmeter.h" #include "atomicio.h" @@ -48,15 +48,15 @@ void refresh_progress_meter(void); /* signal handler for updating the progress meter */ static void update_progress_meter(int); -static time_t start; /* start progress */ -static time_t last_update; /* last progress update */ -static char *file; /* name of the file being transferred */ -static off_t end_pos; /* ending position of transfer */ -static off_t cur_pos; /* transfer position as of last refresh */ +static time_t start; /* start progress */ +static time_t last_update; /* last progress update */ +static char *file; /* name of the file being transferred */ +static off_t end_pos; /* ending position of transfer */ +static off_t cur_pos; /* transfer position as of last refresh */ static volatile off_t *counter; /* progress counter */ -static long stalled; /* how long we have been stalled */ -static int bytes_per_second; /* current speed in bytes per second */ -static int win_size; /* terminal window size */ +static long stalled; /* how long we have been stalled */ +static int bytes_per_second; /* current speed in bytes per second */ +static int win_size; /* terminal window size */ /* units for format_size */ static const char unit[] = " KMGT"; diff --git a/readconf.c b/readconf.c index 429f69129..a4fe1fe02 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -804,7 +804,7 @@ parse_int: */ int -read_config_file(const char *filename, const char *host, Options *options, +read_config_file(const char *filename, const char *host, Options *options, int checkperm) { FILE *f; @@ -818,7 +818,7 @@ read_config_file(const char *filename, const char *host, Options *options, if (checkperm) { struct stat sb; - + if (fstat(fileno(f), &sb) == -1) fatal("fstat %s: %s", filename, strerror(errno)); if (((sb.st_uid != 0 && sb.st_uid != getuid()) || diff --git a/readconf.h b/readconf.h index 5e504bece..ded422585 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.63 2004/06/13 15:03:02 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.64 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -103,7 +103,7 @@ typedef struct { int rekey_limit; int no_host_authentication_for_localhost; int identities_only; - int server_alive_interval; + int server_alive_interval; int server_alive_count_max; int num_send_env; diff --git a/servconf.c b/servconf.c index ea67f6288..02fae0fbe 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.134 2004/06/24 19:30:54 djm Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.135 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "log.h" @@ -956,7 +956,7 @@ load_server_config(const char *filename, Buffer *conf) while (fgets(line, sizeof(line), f)) { /* * Trim out comments and strip whitespace - * NB - preserve newlines, they are needed to reproduce + * NB - preserve newlines, they are needed to reproduce * line numbers later for error messages */ if ((cp = strchr(line, '#')) != NULL) diff --git a/session.c b/session.c index a3a7ee784..7c8fe5faf 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.177 2004/06/30 08:36:59 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1001,7 +1001,7 @@ do_setup_env(Session *s, const char *shell) if (!options.use_login) { /* Set basic environment. */ for (i = 0; i < s->num_env; i++) - child_set_env(&env, &envsize, s->env[i].name, + child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); child_set_env(&env, &envsize, "USER", pw->pw_name); @@ -1320,7 +1320,7 @@ do_pwchange(Session *s) { fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { - fprintf(stderr, + fprintf(stderr, "You must change your password now and login again!\n"); execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); perror("passwd"); diff --git a/sftp-client.c b/sftp-client.c index 88276cd4a..0ffacbccc 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.50 2004/06/03 12:22:20 pedro Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); #include "openbsd-compat/sys-queue.h" @@ -821,7 +821,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, u_int len; /* - * Simulate EOF on interrupt: stop sending new requests and + * Simulate EOF on interrupt: stop sending new requests and * allow outstanding requests to drain gracefully */ if (interrupted) { @@ -1053,9 +1053,9 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, int len; /* - * Can't use atomicio here because it returns 0 on EOF, + * Can't use atomicio here because it returns 0 on EOF, * thus losing the last block of the file. - * Simulate an EOF on interrupt, allowing ACKs from the + * Simulate an EOF on interrupt, allowing ACKs from the * server to drain. */ if (interrupted) diff --git a/sftp.c b/sftp.c index 4002304ec..f01c9194c 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.55 2004/06/25 23:21:38 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -1328,8 +1328,8 @@ connect_to_server(char *path, char **args, int *in, int *out) /* * The underlying ssh is in the same process group, so we must - * ignore SIGINT if we want to gracefully abort commands, - * otherwise the signal will make it to the ssh process and + * ignore SIGINT if we want to gracefully abort commands, + * otherwise the signal will make it to the ssh process and * kill it too */ signal(SIGINT, SIG_IGN); @@ -1415,7 +1415,7 @@ main(int argc, char **argv) fatal("Batch file already specified."); /* Allow "-" as stdin */ - if (strcmp(optarg, "-") != 0 && + if (strcmp(optarg, "-") != 0 && (infile = fopen(optarg, "r")) == NULL) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; diff --git a/ssh-agent.1 b/ssh-agent.1 index cfefd34e9..226804e5f 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.40 2004/05/13 02:47:50 dtucker Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -148,7 +148,7 @@ for Bourne-type shells such as or .Xr ksh 1 and -.Cm eval `ssh-agent -c` +.Cm eval `ssh-agent -c` for .Xr csh 1 and derivatives. diff --git a/ssh-keygen.c b/ssh-keygen.c index e8e579b5d..d39e7d881 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.116 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -895,7 +895,7 @@ main(int ac, char **av) if (log_level == SYSLOG_LEVEL_INFO) log_level = SYSLOG_LEVEL_DEBUG1; else { - if (log_level >= SYSLOG_LEVEL_DEBUG1 && + if (log_level >= SYSLOG_LEVEL_DEBUG1 && log_level < SYSLOG_LEVEL_DEBUG3) log_level++; } diff --git a/ssh.c b/ssh.c index f0c284df0..6dff591f1 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.222 2004/06/23 14:31:01 dtucker Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.223 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -551,7 +551,7 @@ again: (void)read_config_file(buf, host, &options, 1); /* Read systemwide configuration file after use config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, + (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options, 0); } @@ -1250,7 +1250,7 @@ control_client(const char *path) Buffer m; char *cp; extern char **environ; - + memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; addr_len = offsetof(struct sockaddr_un, sun_path) + @@ -1291,13 +1291,13 @@ control_client(const char *path) if (options.num_send_env == 0 || environ == NULL) { buffer_put_int(&m, 0); - } else { + } else { /* Pass environment */ num_env = 0; for (i = 0; environ[i] != NULL; i++) if (env_permitted(environ[i])) num_env++; /* Count */ - + buffer_put_int(&m, num_env); for (i = 0; environ[i] != NULL && num_env >= 0; i++) diff --git a/ssh1.h b/ssh1.h index 98d1dc930..cc7fbc8b0 100644 --- a/ssh1.h +++ b/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.3 2001/05/30 12:55:13 markus Exp $ */ +/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -29,8 +29,8 @@ #define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ #define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ #define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ -#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ -#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ +#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ +#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ #define SSH_CMSG_EXEC_SHELL 12 /* */ #define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ #define SSH_SMSG_SUCCESS 14 /* */ @@ -45,7 +45,7 @@ #define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ #define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ #define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ -/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ +/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ #define SSH_SMSG_X11_OPEN 27 /* channel (int) */ #define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ #define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ diff --git a/sshd.c b/sshd.c index 6df8f252a..ac62cb506 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.297 2004/06/26 20:07:16 avsm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -803,7 +803,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); - if (sensitive_data.server_key != NULL && + if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { buffer_put_int(&m, 1); buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); @@ -1896,7 +1896,7 @@ do_ssh1_kex(void) session_key + sizeof(session_key) - len); derive_ssh1_session_id( - sensitive_data.ssh1_host_key->rsa->n, + sensitive_data.ssh1_host_key->rsa->n, sensitive_data.server_key->rsa->n, cookie, session_id); /* diff --git a/ttymodes.h b/ttymodes.h index 7de4b8362..481282cd7 100644 --- a/ttymodes.h +++ b/ttymodes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: ttymodes.h,v 1.13 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -113,17 +113,17 @@ TTYCHAR(VDISCARD, 18) /* name, field, op */ TTYMODE(IGNPAR, c_iflag, 30) TTYMODE(PARMRK, c_iflag, 31) -TTYMODE(INPCK, c_iflag, 32) +TTYMODE(INPCK, c_iflag, 32) TTYMODE(ISTRIP, c_iflag, 33) -TTYMODE(INLCR, c_iflag, 34) -TTYMODE(IGNCR, c_iflag, 35) -TTYMODE(ICRNL, c_iflag, 36) +TTYMODE(INLCR, c_iflag, 34) +TTYMODE(IGNCR, c_iflag, 35) +TTYMODE(ICRNL, c_iflag, 36) #if defined(IUCLC) -TTYMODE(IUCLC, c_iflag, 37) +TTYMODE(IUCLC, c_iflag, 37) #endif -TTYMODE(IXON, c_iflag, 38) -TTYMODE(IXANY, c_iflag, 39) -TTYMODE(IXOFF, c_iflag, 40) +TTYMODE(IXON, c_iflag, 38) +TTYMODE(IXANY, c_iflag, 39) +TTYMODE(IXOFF, c_iflag, 40) #ifdef IMAXBEL TTYMODE(IMAXBEL,c_iflag, 41) #endif /* IMAXBEL */ -- cgit v1.2.3 From c7a6fc41bfdcd73469b153437a8e75e0b1057894 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Aug 2004 21:18:00 +1000 Subject: - avsm@cvs.openbsd.org 2004/08/11 21:43:05 [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] some signed/unsigned int comparison cleanups; markus@ ok --- ChangeLog | 6 +++++- channels.c | 47 ++++++++++++++++++++++++----------------------- channels.h | 4 ++-- clientloop.c | 7 ++++--- misc.c | 4 ++-- misc.h | 6 +++--- serverloop.c | 7 ++++--- ssh-agent.c | 7 ++++--- 8 files changed, 48 insertions(+), 40 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index fe0ff0099..6c5722e4d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20040813 - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at redhat.com +- (dtucker) OpenBSD CVS Sync + - avsm@cvs.openbsd.org 2004/08/11 21:43:05 + [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] + some signed/unsigned int comparison cleanups; markus@ ok 20040812 - (dtucker) [sshd.c] Remove duplicate variable imported during sync. @@ -1598,4 +1602,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3498 2004/08/13 08:37:21 dtucker Exp $ +$Id: ChangeLog,v 1.3499 2004/08/13 11:18:00 dtucker Exp $ diff --git a/channels.c b/channels.c index cf46ce09f..1f6984aa7 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.208 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: channels.c,v 1.209 2004/08/11 21:43:04 avsm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -68,7 +68,7 @@ static Channel **channels = NULL; * Size of the channel array. All slots of the array must always be * initialized (at least the type field); unused slots set to NULL */ -static int channels_alloc = 0; +static u_int channels_alloc = 0; /* * Maximum file descriptor value used in any of the channels. This is @@ -141,7 +141,7 @@ channel_lookup(int id) { Channel *c; - if (id < 0 || id >= channels_alloc) { + if (id < 0 || (u_int)id >= channels_alloc) { logit("channel_lookup: %d: bad id", id); return NULL; } @@ -209,7 +209,8 @@ Channel * channel_new(char *ctype, int type, int rfd, int wfd, int efd, u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) { - int i, found; + int found; + u_int i; Channel *c; /* Do initial allocation if this is the first call. */ @@ -223,10 +224,10 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, for (found = -1, i = 0; i < channels_alloc; i++) if (channels[i] == NULL) { /* Found a free slot. */ - found = i; + found = (int)i; break; } - if (found == -1) { + if (found < 0) { /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; if (channels_alloc > 10000) @@ -273,7 +274,8 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, static int channel_find_maxfd(void) { - int i, max = 0; + u_int i; + int max = 0; Channel *c; for (i = 0; i < channels_alloc; i++) { @@ -322,12 +324,12 @@ void channel_free(Channel *c) { char *s; - int i, n; + u_int i, n; for (n = 0, i = 0; i < channels_alloc; i++) if (channels[i]) n++; - debug("channel %d: free: %s, nchannels %d", c->self, + debug("channel %d: free: %s, nchannels %u", c->self, c->remote_name ? c->remote_name : "???", n); s = channel_open_message(); @@ -353,7 +355,7 @@ channel_free(Channel *c) void channel_free_all(void) { - int i; + u_int i; for (i = 0; i < channels_alloc; i++) if (channels[i] != NULL) @@ -368,7 +370,7 @@ channel_free_all(void) void channel_close_all(void) { - int i; + u_int i; for (i = 0; i < channels_alloc; i++) if (channels[i] != NULL) @@ -382,7 +384,7 @@ channel_close_all(void) void channel_stop_listening(void) { - int i; + u_int i; Channel *c; for (i = 0; i < channels_alloc; i++) { @@ -439,7 +441,7 @@ channel_not_very_much_buffered_data(void) int channel_still_open(void) { - int i; + u_int i; Channel *c; for (i = 0; i < channels_alloc; i++) { @@ -482,7 +484,7 @@ channel_still_open(void) int channel_find_open(void) { - int i; + u_int i; Channel *c; for (i = 0; i < channels_alloc; i++) { @@ -530,7 +532,7 @@ channel_open_message(void) Buffer buffer; Channel *c; char buf[1024], *cp; - int i; + u_int i; buffer_init(&buffer); snprintf(buf, sizeof buf, "The following connections are open:\r\n"); @@ -1674,7 +1676,7 @@ static void channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset) { static int did_init = 0; - int i; + u_int i; Channel *c; if (!did_init) { @@ -1697,10 +1699,9 @@ channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset) */ void channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - int *nallocp, int rekeying) + u_int *nallocp, int rekeying) { - int n; - u_int sz; + u_int n, sz; n = MAX(*maxfdp, channel_max_fd); @@ -1736,8 +1737,7 @@ void channel_output_poll(void) { Channel *c; - int i; - u_int len; + u_int i, len; for (i = 0; i < channels_alloc; i++) { c = channels[i]; @@ -2270,7 +2270,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por int channel_cancel_rport_listener(const char *host, u_short port) { - int i, found = 0; + u_int i; + int found = 0; for(i = 0; i < channels_alloc; i++) { Channel *c = channels[i]; @@ -2572,7 +2573,7 @@ channel_connect_to(const char *host, u_short port) void channel_send_window_changes(void) { - int i; + u_int i; struct winsize ws; for (i = 0; i < channels_alloc; i++) { diff --git a/channels.h b/channels.h index 41f3cedd3..f8dc8249c 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.73 2004/06/13 15:03:02 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.74 2004/08/11 21:43:04 avsm Exp $ */ /* * Author: Tatu Ylonen @@ -184,7 +184,7 @@ void channel_input_window_adjust(int, u_int32_t, void *); /* file descriptor handling (read/write) */ -void channel_prepare_select(fd_set **, fd_set **, int *, int*, int); +void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); void channel_after_select(fd_set *, fd_set *); void channel_output_poll(void); diff --git a/clientloop.c b/clientloop.c index def4d8a7b..0b9a0fb29 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.129 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.130 2004/08/11 21:43:04 avsm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -348,7 +348,7 @@ server_alive_check(void) */ static void client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, - int *maxfdp, int *nallocp, int rekeying) + int *maxfdp, u_int *nallocp, int rekeying) { struct timeval tv, *tvp; int ret; @@ -1147,7 +1147,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) { fd_set *readset = NULL, *writeset = NULL; double start_time, total_time; - int max_fd = 0, max_fd2 = 0, len, rekeying = 0, nalloc = 0; + int max_fd = 0, max_fd2 = 0, len, rekeying = 0; + u_int nalloc = 0; char buf[100]; debug("Entering interactive session."); diff --git a/misc.c b/misc.c index 1c43bc007..8cb411ccc 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.24 2004/06/14 01:44:39 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $"); #include "misc.h" #include "log.h" @@ -314,7 +314,7 @@ addargs(arglist *args, char *fmt, ...) { va_list ap; char buf[1024]; - int nalloc; + u_int nalloc; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); diff --git a/misc.h b/misc.h index ffa8d8f27..ec47a611d 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.16 2004/06/17 15:10:14 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.17 2004/08/11 21:43:05 avsm Exp $ */ /* * Author: Tatu Ylonen @@ -29,8 +29,8 @@ struct passwd *pwcopy(struct passwd *); typedef struct arglist arglist; struct arglist { char **list; - int num; - int nalloc; + u_int num; + u_int nalloc; }; void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); diff --git a/serverloop.c b/serverloop.c index 8d2642d5b..eee1e7959 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.116 2004/05/21 11:33:11 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.117 2004/08/11 21:43:05 avsm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -240,7 +240,7 @@ client_alive_check(void) */ static void wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - int *nallocp, u_int max_time_milliseconds) + u_int *nallocp, u_int max_time_milliseconds) { struct timeval tv, *tvp; int ret; @@ -486,7 +486,8 @@ void server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) { fd_set *readset = NULL, *writeset = NULL; - int max_fd = 0, nalloc = 0; + int max_fd = 0; + u_int nalloc = 0; int wait_status; /* Status returned by wait(). */ pid_t wait_pid; /* pid returned by wait(). */ int waiting_termination = 0; /* Have displayed waiting close message. */ diff --git a/ssh-agent.c b/ssh-agent.c index 54ab4d7a2..bc4d8d33a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.119 2004/06/14 01:44:39 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.120 2004/08/11 21:43:05 avsm Exp $"); #include #include @@ -816,7 +816,7 @@ new_socket(sock_type type, int fd) } static int -prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp) +prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp) { u_int i, sz; int n = 0; @@ -1002,7 +1002,8 @@ int main(int ac, char **av) { int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; - int sock, fd, ch, nalloc; + int sock, fd, ch; + u_int nalloc; char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; struct sockaddr_un sunaddr; -- cgit v1.2.3