From ce321d8a30a81222d11a4c27fd353804a9afecd3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:11:24 +1000 Subject: - djm@cvs.openbsd.org 2005/09/13 23:40:07 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@ --- misc.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'misc.c') diff --git a/misc.c b/misc.c index 2dd8ae6e3..27b947f0c 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $"); +RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $"); #include "misc.h" #include "log.h" @@ -507,6 +507,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, return -1; } +void +sanitise_stdfd(void) +{ + int nullfd; + + if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); + exit(1); + } + while (nullfd < 2) { + if (dup2(nullfd, nullfd + 1) == -1) { + fprintf(stderr, "dup2: %s", strerror(errno)); + exit(1); + } + nullfd++; + } + if (nullfd > 2) + close(nullfd); +} + char * tohex(const u_char *d, u_int l) { -- cgit v1.2.3 From d27b947178df3689bfb7fdfb62a5f1337ef73481 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:29:02 +1100 Subject: - reyk@cvs.openbsd.org 2005/12/06 22:38:28 [auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others --- ChangeLog | 17 ++++++++++++++++- auth-options.c | 41 ++++++++++++++++++++++++++++++++++++++++- auth-options.h | 3 ++- channels.c | 42 ++++++++++++++++++++++++++++++++++++++++-- channels.h | 4 +++- clientloop.c | 11 ++++++++++- misc.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- misc.h | 4 +++- readconf.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++--- readconf.h | 10 +++++++++- scp.c | 3 ++- servconf.c | 12 ++++++++++-- servconf.h | 5 ++++- serverloop.c | 34 +++++++++++++++++++++++++++++++++- sftp.c | 3 ++- ssh.1 | 20 +++++++++++++++++++- ssh.c | 39 ++++++++++++++++++++++++++++++++++++--- ssh_config | 5 ++++- ssh_config.5 | 38 +++++++++++++++++++++++++++++++++++++- sshconnect.c | 38 +++++++++++++++++++++++++++++++++++++- sshconnect.h | 4 ++-- sshd.8 | 10 +++++++++- sshd_config | 3 ++- sshd_config.5 | 8 +++++++- 24 files changed, 433 insertions(+), 31 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index d187f2aa0..96ed9a05d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,21 @@ [ssh.1] avoid ambiguities in describing TZ; ok djm@ + - reyk@cvs.openbsd.org 2005/12/06 22:38:28 + [auth-options.c auth-options.h channels.c channels.h clientloop.c] + [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] + [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] + [sshconnect.h sshd.8 sshd_config sshd_config.5] + Add support for tun(4) forwarding over OpenSSH, based on an idea and + initial channel code bits by markus@. This is a simple and easy way to + use OpenSSH for ad hoc virtual private network connections, e.g. + administrative tunnels or secure wireless access. It's based on a new + ssh channel and works similar to the existing TCP forwarding support, + except that it depends on the tun(4) network interface on both ends of + the connection for layer 2 or layer 3 tunneling. This diff also adds + support for LocalCommand in the ssh(1) client. + + ok djm@, markus@, jmc@ (manpages), tested and discussed with others 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3399,4 +3414,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4018 2005/12/13 08:25:43 djm Exp $ +$Id: ChangeLog,v 1.4019 2005/12/13 08:29:02 djm Exp $ diff --git a/auth-options.c b/auth-options.c index a85e40835..54798d9ad 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.32 2005/12/06 22:38:27 reyk Exp $"); #include "xmalloc.h" #include "match.h" @@ -35,6 +35,9 @@ char *forced_command = NULL; /* "environment=" options. */ struct envstring *custom_environment = NULL; +/* "tunnel=" option. */ +int forced_tun_device = -1; + extern ServerOptions options; void @@ -54,6 +57,7 @@ auth_clear_options(void) xfree(forced_command); forced_command = NULL; } + forced_tun_device = -1; channel_clear_permitted_opens(); auth_debug_reset(); } @@ -269,6 +273,41 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) xfree(patterns); goto next_option; } + cp = "tunnel=\""; + if (strncasecmp(opts, cp, strlen(cp)) == 0) { + char *tun = NULL; + opts += strlen(cp); + tun = xmalloc(strlen(opts) + 1); + i = 0; + while (*opts) { + if (*opts == '"') + break; + tun[i++] = *opts++; + } + if (!*opts) { + debug("%.100s, line %lu: missing end quote", + file, linenum); + auth_debug_add("%.100s, line %lu: missing end quote", + file, linenum); + xfree(tun); + forced_tun_device = -1; + goto bad_option; + } + tun[i] = 0; + forced_tun_device = a2tun(tun, NULL); + xfree(tun); + if (forced_tun_device < -1) { + debug("%.100s, line %lu: invalid tun device", + file, linenum); + auth_debug_add("%.100s, line %lu: invalid tun device", + file, linenum); + forced_tun_device = -1; + goto bad_option; + } + auth_debug_add("Forced tun device: %d", forced_tun_device); + opts++; + goto next_option; + } next_option: /* * Skip the comma, and move to the next option diff --git a/auth-options.h b/auth-options.h index 15fb21255..3cd02a71f 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $ */ +/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -28,6 +28,7 @@ extern int no_x11_forwarding_flag; extern int no_pty_flag; extern char *forced_command; extern struct envstring *custom_environment; +extern int forced_tun_device; int auth_parse_options(struct passwd *, char *, char *, u_long); void auth_clear_options(void); diff --git a/channels.c b/channels.c index 9607717cc..b4fd89f96 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.227 2005/10/14 02:29:37 stevesk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.228 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1414,6 +1414,8 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) debug2("channel %d: filter stops", c->self); chan_read_failed(c); } + } else if (c->datagram) { + buffer_put_string(&c->input, buf, len); } else { buffer_append(&c->input, buf, len); } @@ -1432,6 +1434,23 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) if (c->wfd != -1 && FD_ISSET(c->wfd, writeset) && buffer_len(&c->output) > 0) { + if (c->datagram) { + data = buffer_get_string(&c->output, &dlen); + /* ignore truncated writes, datagrams might get lost */ + c->local_consumed += dlen + 4; + len = write(c->wfd, data, dlen); + xfree(data); + if (len < 0 && (errno == EINTR || errno == EAGAIN)) + return 1; + if (len <= 0) { + if (c->type != SSH_CHANNEL_OPEN) + chan_mark_dead(c); + else + chan_write_failed(c); + return -1; + } + return 1; + } data = buffer_ptr(&c->output); dlen = buffer_len(&c->output); #ifdef _AIX @@ -1792,6 +1811,22 @@ channel_output_poll(void) if ((c->istate == CHAN_INPUT_OPEN || c->istate == CHAN_INPUT_WAIT_DRAIN) && (len = buffer_len(&c->input)) > 0) { + if (c->datagram) { + if (len > 0) { + u_char *data; + u_int dlen; + + data = buffer_get_string(&c->input, + &dlen); + packet_start(SSH2_MSG_CHANNEL_DATA); + packet_put_int(c->remote_id); + packet_put_string(data, dlen); + packet_send(); + c->remote_window -= dlen + 4; + xfree(data); + } + continue; + } /* * Send some data for the other side over the secure * connection. @@ -1914,7 +1949,10 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) c->local_window -= data_len; } packet_check_eom(); - buffer_append(&c->output, data, data_len); + if (c->datagram) + buffer_put_string(&c->output, data, data_len); + else + buffer_append(&c->output, data, data_len); xfree(data); } diff --git a/channels.h b/channels.h index 7e1cc7c5a..743a2065e 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.80 2005/10/10 10:23:08 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.81 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -112,6 +112,8 @@ struct Channel { /* filter */ channel_filter_fn *input_filter; + + int datagram; /* keep boundaries */ }; #define CHAN_EXTENDED_IGNORE 0 diff --git a/clientloop.c b/clientloop.c index 001c8f119..a97734c3f 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.145 2005/10/30 08:52:17 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.146 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -914,6 +914,15 @@ process_cmdline(void) logit(" -Lport:host:hostport Request local forward"); logit(" -Rport:host:hostport Request remote forward"); logit(" -KRhostport Cancel remote forward"); + if (!options.permit_local_command) + goto out; + logit(" !args Execute local command"); + goto out; + } + + if (*s == '!' && options.permit_local_command) { + s++; + ssh_local_cmd(s); goto out; } diff --git a/misc.c b/misc.c index 27b947f0c..9b23e2c37 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.36 2005/12/06 22:38:27 reyk Exp $"); #include "misc.h" #include "log.h" @@ -194,6 +194,37 @@ a2port(const char *s) return port; } +int +a2tun(const char *s, int *remote) +{ + const char *errstr = NULL; + char *sp, *ep; + int tun; + + if (remote != NULL) { + *remote = -1; + sp = xstrdup(s); + if ((ep = strchr(sp, ':')) == NULL) { + xfree(sp); + return (a2tun(s, NULL)); + } + ep[0] = '\0'; ep++; + *remote = a2tun(ep, NULL); + tun = a2tun(sp, NULL); + xfree(sp); + return (tun); + } + + if (strcasecmp(s, "any") == 0) + return (-1); + + tun = strtonum(s, 0, INT_MAX, &errstr); + if (errstr != NULL || tun < -1) + return (-2); + + return (tun); +} + #define SECONDS 1 #define MINUTES (SECONDS * 60) #define HOURS (MINUTES * 60) @@ -507,6 +538,31 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, return -1; } +int +tun_open(int tun) +{ + char name[100]; + int i, fd; + + if (tun > -1) { + snprintf(name, sizeof(name), "/dev/tun%d", tun); + if ((fd = open(name, O_RDWR)) >= 0) { + debug("%s: %s: %d", __func__, name, fd); + return (fd); + } + } else { + for (i = 100; i >= 0; i--) { + snprintf(name, sizeof(name), "/dev/tun%d", i); + if ((fd = open(name, O_RDWR)) >= 0) { + debug("%s: %s: %d", __func__, name, fd); + return (fd); + } + } + } + debug("%s: %s failed: %s", __func__, name, strerror(errno)); + return (-1); +} + void sanitise_stdfd(void) { diff --git a/misc.h b/misc.h index 51541336c..ff2ba1b5a 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.27 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -20,6 +20,7 @@ int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); +int a2tun(const char *, int *); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); @@ -49,3 +50,4 @@ void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); +int tun_open(int); diff --git a/readconf.c b/readconf.c index cf27a9f41..b6aad9d8d 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.144 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -70,6 +70,10 @@ RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $"); Cipher none PasswordAuthentication no + Host vpn.fake.com + Tunnel yes + TunnelDevice 3 + # Defaults for various options Host * ForwardAgent no @@ -107,6 +111,7 @@ typedef enum { oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, + oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oDeprecated, oUnsupported } OpCodes; @@ -198,6 +203,10 @@ static struct { { "controlpath", oControlPath }, { "controlmaster", oControlMaster }, { "hashknownhosts", oHashKnownHosts }, + { "tunnel", oTunnel }, + { "tunneldevice", oTunnelDevice }, + { "localcommand", oLocalCommand }, + { "permitlocalcommand", oPermitLocalCommand }, { NULL, oBadOption } }; @@ -264,6 +273,7 @@ clear_forwardings(Options *options) xfree(options->remote_forwards[i].connect_host); } options->num_remote_forwards = 0; + options->tun_open = 0; } /* @@ -296,7 +306,7 @@ process_config_line(Options *options, const char *host, int *activep) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; - int opcode, *intptr, value; + int opcode, *intptr, value, value2; size_t len; Forward fwd; @@ -553,9 +563,10 @@ parse_string: goto parse_string; case oProxyCommand: + charptr = &options->proxy_command; +parse_command: if (s == NULL) fatal("%.200s line %d: Missing argument.", filename, linenum); - charptr = &options->proxy_command; len = strspn(s, WHITESPACE "="); if (*activep && *charptr == NULL) *charptr = xstrdup(s + len); @@ -822,6 +833,31 @@ parse_int: intptr = &options->hash_known_hosts; goto parse_flag; + case oTunnel: + intptr = &options->tun_open; + goto parse_flag; + + case oTunnelDevice: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", filename, linenum); + value = a2tun(arg, &value2); + if (value < -1) + fatal("%.200s line %d: Bad tun device.", filename, linenum); + if (*activep) { + options->tun_local = value; + options->tun_remote = value2; + } + break; + + case oLocalCommand: + charptr = &options->local_command; + goto parse_command; + + case oPermitLocalCommand: + intptr = &options->permit_local_command; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -966,6 +1002,11 @@ initialize_options(Options * options) options->control_path = NULL; options->control_master = -1; options->hash_known_hosts = -1; + options->tun_open = -1; + options->tun_local = -1; + options->tun_remote = -1; + options->local_command = NULL; + options->permit_local_command = -1; } /* @@ -1090,6 +1131,11 @@ fill_default_options(Options * options) options->control_master = 0; if (options->hash_known_hosts == -1) options->hash_known_hosts = 0; + if (options->tun_open == -1) + options->tun_open = 0; + if (options->permit_local_command == -1) + options->permit_local_command = 0; + /* options->local_command should not be set by default */ /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index 2b9deb9db..4565b2c2c 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.68 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -114,6 +114,14 @@ typedef struct { int control_master; int hash_known_hosts; + + int tun_open; /* tun(4) */ + int tun_local; /* force tun device (optional) */ + int tun_remote; /* force tun device (optional) */ + + char *local_command; + int permit_local_command; + } Options; #define SSHCTL_MASTER_NO 0 diff --git a/scp.c b/scp.c index a19021f85..5dced6ce4 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.127 2005/11/12 18:38:15 deraadt Exp $"); +RCSID("$OpenBSD: scp.c,v 1.128 2005/12/06 22:38:27 reyk Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -231,6 +231,7 @@ main(int argc, char **argv) addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-x"); addargs(&args, "-oForwardAgent no"); + addargs(&args, "-oPermitLocalCommand no"); addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; diff --git a/servconf.c b/servconf.c index 9e420a527..91a0ced29 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.145 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "log.h" @@ -101,6 +101,7 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; options->num_accept_env = 0; + options->permit_tun = -1; /* Needs to be accessable in many places */ use_privsep = -1; @@ -229,6 +230,8 @@ fill_default_server_options(ServerOptions *options) } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->permit_tun == -1) + options->permit_tun = 0; /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -270,7 +273,7 @@ typedef enum { sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sUsePrivilegeSeparation, sDeprecated, sUnsupported } ServerOpCodes; @@ -373,6 +376,7 @@ static struct { { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, { "acceptenv", sAcceptEnv }, + { "permittunnel", sPermitTunnel }, { NULL, sBadOption } }; @@ -962,6 +966,10 @@ parse_flag: } break; + case sPermitTunnel: + intptr = &options->permit_tun; + goto parse_flag; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); diff --git a/servconf.h b/servconf.h index f7e56d521..ab82c8f57 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.72 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -133,7 +133,10 @@ typedef struct { char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; + int use_pam; /* Enable auth via PAM */ + + int permit_tun; } ServerOptions; void initialize_server_options(ServerOptions *); diff --git a/serverloop.c b/serverloop.c index 03376bacf..199f7696d 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.121 2005/10/31 11:48:29 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $"); #include "xmalloc.h" #include "packet.h" @@ -913,6 +913,36 @@ server_request_direct_tcpip(void) return c; } +static Channel * +server_request_tun(void) +{ + Channel *c = NULL; + int sock, tun; + + if (!options.permit_tun) { + packet_send_debug("Server has disabled tunnel device forwarding."); + return NULL; + } + + tun = packet_get_int(); + if (forced_tun_device != -1) { + if (tun != -1 && forced_tun_device != tun) + goto done; + tun = forced_tun_device; + } + sock = tun_open(tun); + if (sock < 0) + goto done; + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + c->datagram = 1; + + done: + if (c == NULL) + packet_send_debug("Failed to open the tunnel device."); + return c; +} + static Channel * server_request_session(void) { @@ -958,6 +988,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { c = server_request_direct_tcpip(); + } else if (strcmp(ctype, "tun@openssh.com") == 0) { + c = server_request_tun(); } if (c != NULL) { debug("server_input_channel_open: confirm %s", ctype); diff --git a/sftp.c b/sftp.c index ff3223ad2..24f6dc538 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.68 2005/10/31 06:15:04 dtucker Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.69 2005/12/06 22:38:27 reyk Exp $"); #ifdef USE_LIBEDIT #include @@ -1457,6 +1457,7 @@ main(int argc, char **argv) addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); + addargs(&args, "-oPermitLocalCommand no"); addargs(&args, "-oClearAllForwardings yes"); ll = SYSLOG_LEVEL_INFO; diff --git a/ssh.1 b/ssh.1 index dd97a8995..8a55c2f64 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.214 2005/11/30 11:45:20 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.215 2005/12/06 22:38:27 reyk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -77,6 +77,7 @@ .Sm on .Oc .Op Fl S Ar ctl_path +.Op Fl w Ar tunnel : tunnel .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command .Sh DESCRIPTION @@ -301,6 +302,12 @@ options (see below). It also allows the cancellation of existing remote port-forwardings using .Fl KR Ar hostport . +The +.Ic ! Ar command +allows the user to execute a local command if the +.Ic PermitLocalCommand +option is enabled in +.Xr ssh_config 5 . Basic help is available, using the .Fl h option. @@ -747,12 +754,14 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It KbdInteractiveDevices +.It LocalCommand .It LocalForward .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost .It NumberOfPasswordPrompts .It PasswordAuthentication +.It PermitLocalCommand .It Port .It PreferredAuthentications .It Protocol @@ -767,6 +776,8 @@ For full details of the options listed below, and their possible values, see .It SmartcardDevice .It StrictHostKeyChecking .It TCPKeepAlive +.It Tunnel +.It TunnelDevice .It UsePrivilegedPort .It User .It UserKnownHostsFile @@ -866,6 +877,13 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. +.It Fl w +Requests a +.Xr tun 4 +device on the client and server like the +.Cm Tunnel +directive in +.Xr ssh_config 5 . .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. diff --git a/ssh.c b/ssh.c index 2227755cd..8a4a0e4c9 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.254 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.255 2005/12/06 22:38:27 reyk Exp $"); #include #include @@ -162,7 +162,7 @@ usage(void) " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [user@]hostname [command]\n" +" [-w tunnel:tunnel] [user@]hostname [command]\n" ); exit(1); } @@ -244,7 +244,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -340,6 +340,14 @@ again: if (opt == 'V') exit(0); break; + case 'w': + options.tun_open = 1; + options.tun_local = a2tun(optarg, &options.tun_remote); + if (options.tun_local < -1) { + fprintf(stderr, "Bad tun device '%s'\n", optarg); + exit(1); + } + break; case 'q': options.log_level = SYSLOG_LEVEL_QUIET; break; @@ -1059,6 +1067,26 @@ ssh_session2_setup(int id, void *arg) packet_send(); } + if (options.tun_open) { + Channel *c; + int fd; + + debug("Requesting tun."); + if ((fd = tun_open(options.tun_local)) >= 0) { + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "tun", 1); + c->datagram = 1; + packet_start(SSH2_MSG_CHANNEL_OPEN); + packet_put_cstring("tun@openssh.com"); + packet_put_int(c->self); + packet_put_int(c->local_window_max); + packet_put_int(c->local_maxpacket); + packet_put_int(options.tun_remote); + packet_send(); + } + } + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); @@ -1123,6 +1151,11 @@ ssh_session2(void) if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); + /* Execute a local command */ + if (options.local_command != NULL && + options.permit_local_command) + ssh_local_cmd(options.local_command); + /* If requested, let ssh continue in the background. */ if (fork_after_authentication_flag) if (daemon(1, 1) < 0) diff --git a/ssh_config b/ssh_config index f41bee0a2..7bc8762d6 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -37,3 +37,6 @@ # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no diff --git a/ssh_config.5 b/ssh_config.5 index 13cdee88b..d1930baab 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.64 2005/10/30 08:43:47 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.65 2005/12/06 22:38:27 reyk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -556,6 +556,14 @@ The default is Specifies the list of methods to use in keyboard-interactive authentication. Multiple method names must be comma-separated. The default is to use the server specified list. +.It Cm LocalCommand +Specifies a command to execute on the local machine after successfully +connecting to the server. +The command string extends to the end of the line, and is executed with +.Pa /bin/sh . +This directive is ignored unless +.Cm PermitLocalCommand +has been enabled. .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. @@ -628,6 +636,19 @@ The default is .It Cm Port Specifies the port number to connect on the remote host. Default is 22. +.It Cm PermitLocalCommand +Allow local command execution via the +.Ic LocalCommand +option or using the +.Ic ! Ar command +escape sequence in +.Xr ssh 1 . +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm PreferredAuthentications Specifies the order in which the client should try protocol 2 authentication methods. @@ -887,6 +908,21 @@ Note that this option must be set to for .Cm RhostsRSAAuthentication with older servers. +.It Cm Tunnel +Request starting +.Xr tun 4 +device forwarding between the client and the server. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . +.It Cm TunnelDevice +Force a specified +.Xr tun 4 +device on the client. +Without this option, the next available device will be used. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. diff --git a/sshconnect.c b/sshconnect.c index 2245a8af6..64ffec240 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.170 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $"); #include @@ -1034,3 +1034,39 @@ warn_changed_key(Key *host_key) xfree(fp); } + +/* + * Execute a local command + */ +int +ssh_local_cmd(const char *args) +{ + char *shell; + pid_t pid; + int status; + + if (!options.permit_local_command || + args == NULL || !*args) + return (1); + + if ((shell = getenv("SHELL")) == NULL) + shell = _PATH_BSHELL; + + pid = fork(); + if (pid == 0) { + debug3("Executing %s -c \"%s\"", shell, args); + execl(shell, shell, "-c", args, (char *)NULL); + error("Couldn't execute %s -c \"%s\": %s", + shell, args, strerror(errno)); + _exit(1); + } else if (pid == -1) + fatal("fork failed: %.100s", strerror(errno)); + while (waitpid(pid, &status, 0) == -1) + if (errno != EINTR) + fatal("Couldn't wait for child: %s", strerror(errno)); + + if (!WIFEXITED(status)) + return (1); + + return (WEXITSTATUS(status)); +} diff --git a/sshconnect.h b/sshconnect.h index 0be30fe69..e7c7a2b34 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.17 2002/06/19 00:27:55 deraadt Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.18 2005/12/06 22:38:28 reyk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -49,7 +49,7 @@ void ssh_userauth1(const char *, const char *, char *, Sensitive *); void ssh_userauth2(const char *, const char *, char *, Sensitive *); void ssh_put_password(char *); - +int ssh_local_cmd(const char *); /* * Macros to raise/lower permissions. diff --git a/sshd.8 b/sshd.8 index c610f47b8..53eddcdfb 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.209 2005/12/06 22:38:28 reyk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -518,6 +518,12 @@ Multiple options may be applied separated by commas. No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. +.It Cm tunnel="n" +Force a +.Xr tun 4 +device on the server. +Without this option, the next available device will be used if +the client requests a tunnel. .El .Ss Examples 1024 33 12121...312314325 ylo@foo.bar @@ -527,6 +533,8 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi .Pp permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 +.Pp +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh/ssh_known_hosts diff --git a/sshd_config b/sshd_config index 1440c05ff..4957dd1a6 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $ +# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -96,6 +96,7 @@ #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 +#PermitTunnel no # no default banner path #Banner /some/path diff --git a/sshd_config.5 b/sshd_config.5 index 45c1c0131..3835fcd62 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.45 2005/09/21 23:36:54 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.46 2005/12/06 22:38:28 reyk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -502,6 +502,12 @@ All other authentication methods are disabled for root. If this option is set to .Dq no root is not allowed to log in. +.It Cm PermitTunnel +Specifies whether +.Xr tun 4 +device forwarding is allowed. +The default is +.Dq no . .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment -- cgit v1.2.3 From 7b58e800364870d05630514945687d2f26e3c065 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:33:19 +1100 Subject: - reyk@cvs.openbsd.org 2005/12/08 18:34:11 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@ --- ChangeLog | 14 ++++++++++- auth-options.c | 4 ++-- configure.ac | 3 ++- includes.h | 5 +++- misc.c | 75 ++++++++++++++++++++++++++++++++++++++++++---------------- misc.h | 16 +++++++++++-- readconf.c | 32 +++++++++++++++++++++---- servconf.c | 24 ++++++++++++++++--- serverloop.c | 25 ++++++++++++++------ ssh.c | 13 ++++++---- ssh_config.5 | 10 +++++--- sshd_config.5 | 8 ++++++- 12 files changed, 177 insertions(+), 52 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index c71d8531d..508745b89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,18 @@ - jmc@cvs.openbsd.org 2005/12/08 15:06:29 [ssh_config.5] keep options in order; + - reyk@cvs.openbsd.org 2005/12/08 18:34:11 + [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] + [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] + two changes to the new ssh tunnel support. this breaks compatibility + with the initial commit but is required for a portable approach. + - make the tunnel id u_int and platform friendly, use predefined types. + - support configuration of layer 2 (ethernet) or layer 3 + (point-to-point, default) modes. configuration is done using the + Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and + restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option + in sshd_config(5). + ok djm@, man page bits by jmc@ 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3428,4 +3440,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4023 2005/12/13 08:30:45 djm Exp $ +$Id: ChangeLog,v 1.4024 2005/12/13 08:33:19 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 54798d9ad..ad97e6129 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.32 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $"); #include "xmalloc.h" #include "match.h" @@ -296,7 +296,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) tun[i] = 0; forced_tun_device = a2tun(tun, NULL); xfree(tun); - if (forced_tun_device < -1) { + if (forced_tun_device == SSH_TUNID_ERR) { debug("%.100s, line %lu: invalid tun device", file, linenum); auth_debug_add("%.100s, line %lu: invalid tun device", diff --git a/configure.ac b/configure.ac index 0afb48716..b24d37178 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.312 2005/11/29 02:40:34 tim Exp $ +# $Id: configure.ac,v 1.313 2005/12/13 08:33:20 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -654,6 +654,7 @@ AC_CHECK_HEADERS( \ login_cap.h \ maillock.h \ ndir.h \ + net/if.h \ netdb.h \ netgroup.h \ netinet/in_systm.h \ diff --git a/includes.h b/includes.h index 12d948b6f..cf2d6c699 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.20 2005/11/15 11:59:54 millert Exp $ */ +/* $OpenBSD: includes.h,v 1.21 2005/12/08 18:34:11 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -148,6 +148,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include /* For IPv6 macros */ #include /* For IPTOS macros */ #include +#ifdef HAVE_NET_IF_H +# include +#endif #include #if defined(HAVE_NETDB_H) # include diff --git a/misc.c b/misc.c index 9b23e2c37..4f41332f9 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.36 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.37 2005/12/08 18:34:11 reyk Exp $"); #include "misc.h" #include "log.h" @@ -202,7 +202,7 @@ a2tun(const char *s, int *remote) int tun; if (remote != NULL) { - *remote = -1; + *remote = SSH_TUNID_ANY; sp = xstrdup(s); if ((ep = strchr(sp, ':')) == NULL) { xfree(sp); @@ -212,15 +212,15 @@ a2tun(const char *s, int *remote) *remote = a2tun(ep, NULL); tun = a2tun(sp, NULL); xfree(sp); - return (tun); + return (*remote == SSH_TUNID_ERR ? *remote : tun); } if (strcasecmp(s, "any") == 0) - return (-1); + return (SSH_TUNID_ANY); - tun = strtonum(s, 0, INT_MAX, &errstr); - if (errstr != NULL || tun < -1) - return (-2); + tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr); + if (errstr != NULL) + return (SSH_TUNID_ERR); return (tun); } @@ -539,27 +539,60 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, } int -tun_open(int tun) +tun_open(int tun, int mode) { + struct ifreq ifr; char name[100]; - int i, fd; + int fd = -1, sock; - if (tun > -1) { + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { snprintf(name, sizeof(name), "/dev/tun%d", tun); - if ((fd = open(name, O_RDWR)) >= 0) { - debug("%s: %s: %d", __func__, name, fd); - return (fd); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/tun%d", tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; } } else { - for (i = 100; i >= 0; i--) { - snprintf(name, sizeof(name), "/dev/tun%d", i); - if ((fd = open(name, O_RDWR)) >= 0) { - debug("%s: %s: %d", __func__, name, fd); - return (fd); - } - } + debug("%s: invalid tunnel %u\n", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, strerror(errno)); + return (-1); + } + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + if (mode == SSH_TUNMODE_ETHERNET) { + ifr.ifr_flags |= IFF_LINK0; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; } - debug("%s: %s failed: %s", __func__, name, strerror(errno)); + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); return (-1); } diff --git a/misc.h b/misc.h index ff2ba1b5a..415910686 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.27 2005/12/06 22:38:27 reyk Exp $ */ +/* $OpenBSD: misc.h,v 1.28 2005/12/08 18:34:11 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -50,4 +50,16 @@ void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); -int tun_open(int); + +int tun_open(int, int); + +/* Common definitions for ssh tunnel device forwarding */ +#define SSH_TUNMODE_NO 0x00 +#define SSH_TUNMODE_POINTOPOINT 0x01 +#define SSH_TUNMODE_ETHERNET 0x02 +#define SSH_TUNMODE_DEFAULT SSH_TUNMODE_POINTOPOINT +#define SSH_TUNMODE_YES (SSH_TUNMODE_POINTOPOINT|SSH_TUNMODE_ETHERNET) + +#define SSH_TUNID_ANY 0x7fffffff +#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1) +#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2) diff --git a/readconf.c b/readconf.c index b6aad9d8d..1fbf59793 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.144 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -273,7 +273,7 @@ clear_forwardings(Options *options) xfree(options->remote_forwards[i].connect_host); } options->num_remote_forwards = 0; - options->tun_open = 0; + options->tun_open = SSH_TUNMODE_NO; } /* @@ -835,14 +835,32 @@ parse_int: case oTunnel: intptr = &options->tun_open; - goto parse_flag; + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing yes/point-to-point/" + "ethernet/no argument.", filename, linenum); + value = 0; /* silence compiler */ + if (strcasecmp(arg, "ethernet") == 0) + value = SSH_TUNMODE_ETHERNET; + else if (strcasecmp(arg, "point-to-point") == 0) + value = SSH_TUNMODE_POINTOPOINT; + else if (strcasecmp(arg, "yes") == 0) + value = SSH_TUNMODE_DEFAULT; + else if (strcasecmp(arg, "no") == 0) + value = SSH_TUNMODE_NO; + else + fatal("%s line %d: Bad yes/point-to-point/ethernet/" + "no argument: %s", filename, linenum, arg); + if (*activep) + *intptr = value; + break; case oTunnelDevice: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); value = a2tun(arg, &value2); - if (value < -1) + if (value == SSH_TUNID_ERR) fatal("%.200s line %d: Bad tun device.", filename, linenum); if (*activep) { options->tun_local = value; @@ -1132,7 +1150,11 @@ fill_default_options(Options * options) if (options->hash_known_hosts == -1) options->hash_known_hosts = 0; if (options->tun_open == -1) - options->tun_open = 0; + options->tun_open = SSH_TUNMODE_NO; + if (options->tun_local == -1) + options->tun_local = SSH_TUNID_ANY; + if (options->tun_remote == -1) + options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; /* options->local_command should not be set by default */ diff --git a/servconf.c b/servconf.c index 91a0ced29..81953bb80 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.145 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.146 2005/12/08 18:34:11 reyk Exp $"); #include "ssh.h" #include "log.h" @@ -231,7 +231,7 @@ fill_default_server_options(ServerOptions *options) if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; if (options->permit_tun == -1) - options->permit_tun = 0; + options->permit_tun = SSH_TUNMODE_NO; /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -968,7 +968,25 @@ parse_flag: case sPermitTunnel: intptr = &options->permit_tun; - goto parse_flag; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing yes/point-to-point/" + "ethernet/no argument.", filename, linenum); + value = 0; /* silence compiler */ + if (strcasecmp(arg, "ethernet") == 0) + value = SSH_TUNMODE_ETHERNET; + else if (strcasecmp(arg, "point-to-point") == 0) + value = SSH_TUNMODE_POINTOPOINT; + else if (strcasecmp(arg, "yes") == 0) + value = SSH_TUNMODE_YES; + else if (strcasecmp(arg, "no") == 0) + value = SSH_TUNMODE_NO; + else + fatal("%s line %d: Bad yes/point-to-point/ethernet/" + "no argument: %s", filename, linenum, arg); + if (*intptr == -1) + *intptr = value; + break; case sDeprecated: logit("%s line %d: Deprecated option %s", diff --git a/serverloop.c b/serverloop.c index 199f7696d..eff27d9d6 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.123 2005/12/08 18:34:11 reyk Exp $"); #include "xmalloc.h" #include "packet.h" @@ -917,20 +917,31 @@ static Channel * server_request_tun(void) { Channel *c = NULL; - int sock, tun; + int mode, tun; + int sock; - if (!options.permit_tun) { - packet_send_debug("Server has disabled tunnel device forwarding."); + mode = packet_get_int(); + switch (mode) { + case SSH_TUNMODE_POINTOPOINT: + case SSH_TUNMODE_ETHERNET: + break; + default: + packet_send_debug("Unsupported tunnel device mode."); + return NULL; + } + if ((options.permit_tun & mode) == 0) { + packet_send_debug("Server has rejected tunnel device " + "forwarding"); return NULL; } tun = packet_get_int(); - if (forced_tun_device != -1) { - if (tun != -1 && forced_tun_device != tun) + if (forced_tun_device != SSH_TUNID_ANY) { + if (tun != SSH_TUNID_ANY && forced_tun_device != tun) goto done; tun = forced_tun_device; } - sock = tun_open(tun); + sock = tun_open(tun, mode); if (sock < 0) goto done; c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, diff --git a/ssh.c b/ssh.c index 8a4a0e4c9..dd627ce2e 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.255 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.256 2005/12/08 18:34:11 reyk Exp $"); #include #include @@ -341,9 +341,10 @@ again: exit(0); break; case 'w': - options.tun_open = 1; + if (options.tun_open == -1) + options.tun_open = SSH_TUNMODE_DEFAULT; options.tun_local = a2tun(optarg, &options.tun_remote); - if (options.tun_local < -1) { + if (options.tun_local == SSH_TUNID_ERR) { fprintf(stderr, "Bad tun device '%s'\n", optarg); exit(1); } @@ -1067,12 +1068,13 @@ ssh_session2_setup(int id, void *arg) packet_send(); } - if (options.tun_open) { + if (options.tun_open != SSH_TUNMODE_NO) { Channel *c; int fd; debug("Requesting tun."); - if ((fd = tun_open(options.tun_local)) >= 0) { + if ((fd = tun_open(options.tun_local, + options.tun_open)) >= 0) { c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); @@ -1082,6 +1084,7 @@ ssh_session2_setup(int id, void *arg) packet_put_int(c->self); packet_put_int(c->local_window_max); packet_put_int(c->local_maxpacket); + packet_put_int(options.tun_open); packet_put_int(options.tun_remote); packet_send(); } diff --git a/ssh_config.5 b/ssh_config.5 index 281b4046b..68061182c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.67 2005/12/08 15:06:29 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.68 2005/12/08 18:34:11 reyk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -911,9 +911,13 @@ with older servers. .It Cm Tunnel Request starting .Xr tun 4 -device forwarding between the client and the server. +device forwarding between the client and the server. This option also +allows requesting layer 2 (ethernet) instead of layer 3 +(point-to-point) tunneling from the server. The argument must be -.Dq yes +.Dq yes , +.Dq point-to-point , +.Dq ethernet or .Dq no . The default is diff --git a/sshd_config.5 b/sshd_config.5 index 3835fcd62..a10b365d3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.46 2005/12/06 22:38:28 reyk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.47 2005/12/08 18:34:11 reyk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -506,6 +506,12 @@ root is not allowed to log in. Specifies whether .Xr tun 4 device forwarding is allowed. +The argument must be +.Dq yes , +.Dq point-to-point , +.Dq ethernet +or +.Dq no . The default is .Dq no . .It Cm PermitUserEnvironment -- cgit v1.2.3 From 62a31c9fd06506ab976a4dc2050882f29ab24693 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 20:44:13 +1100 Subject: - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable again by providing a sys_tun_open() function for your platform and setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match OpenBSD's tunnel protocol, which prepends the address family to the packet --- ChangeLog | 7 ++++++- configure.ac | 3 ++- misc.c | 7 +++++++ 3 files changed, 15 insertions(+), 2 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index 00791e326..e1418db82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,11 @@ [channels.c channels.h session.c] make sure protocol messages for internal channels are ignored. allow adjust messages for non-open channels; with and ok djm@ + - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable + again by providing a sys_tun_open() function for your platform and + setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match + OpenBSD's tunnel protocol, which prepends the address family to the + packet 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3447,4 +3452,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4026 2005/12/13 08:33:57 djm Exp $ +$Id: ChangeLog,v 1.4027 2005/12/13 09:44:13 djm Exp $ diff --git a/configure.ac b/configure.ac index b24d37178..80daa0c23 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.313 2005/12/13 08:33:20 djm Exp $ +# $Id: configure.ac,v 1.314 2005/12/13 09:44:13 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -359,6 +359,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-openbsd*) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) + AC_DEFINE(SSH_TUN_BSD, 1, [Open tunnel devices the BSD way]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then diff --git a/misc.c b/misc.c index 4f41332f9..4141e6c48 100644 --- a/misc.c +++ b/misc.c @@ -541,6 +541,9 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, int tun_open(int tun, int mode) { +#if defined(CUSTOM_SYS_TUN_OPEN) + return (sys_tun_open(tun, mode)); +#elif defined(SSH_TUN_BSD) struct ifreq ifr; char name[100]; int fd = -1, sock; @@ -594,6 +597,10 @@ tun_open(int tun, int mode) debug("%s: failed to set %s mode %d: %s", __func__, name, mode, strerror(errno)); return (-1); +#else + error("Tunnel interfaces are not supported on this platform"); + return (-1); +#endif } void -- cgit v1.2.3 From 2dcddbfaf6b68bd58b5b1422ebeef7767c0c2633 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 1 Jan 2006 19:47:05 +1100 Subject: - (djm) [Makefile.in configure.ac includes.h misc.c] [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is limited to IPv4 tunnels only, and most versions don't support the tap(4) device at all. --- ChangeLog | 9 ++++- Makefile.in | 4 +- configure.ac | 12 +++++- includes.h | 3 -- misc.c | 2 +- openbsd-compat/port-tun.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++- openbsd-compat/port-tun.h | 2 +- 7 files changed, 119 insertions(+), 11 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index c8a23a2fe..de0835431 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060101 + - (djm) [Makefile.in configure.ac includes.h misc.c] + [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support + for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is + limited to IPv4 tunnels only, and most versions don't support the + tap(4) device at all. + 20051229 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 @@ -3578,4 +3585,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4059 2005/12/31 06:05:58 djm Exp $ +$Id: ChangeLog,v 1.4060 2006/01/01 08:47:05 djm Exp $ diff --git a/Makefile.in b/Makefile.in index fcbc522f2..af881c521 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $ +# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -139,7 +139,7 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o - $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index 26ed218d5..2f5906667 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.319 2005/12/31 06:05:58 djm Exp $ +# $Id: configure.ac,v 1.320 2006/01/01 08:47:05 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -346,10 +346,18 @@ mips-sony-bsd|mips-sony-newsos4) if test "x$withval" != "xno" ; then need_dash_r=1 fi + AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) + AC_DEFINE(SSH_TUN_PREPEND_AF, 1, + [Prepend the address family to IP tunnel traffic]) ;; *-*-freebsd*) check_for_libcrypt_later=1 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)]) + AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) ;; *-*-bsdi*) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -369,7 +377,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-openbsd*) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) - AC_DEFINE(SSH_TUN_BSD, 1, [Open tunnel devices the BSD way]) + AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then diff --git a/includes.h b/includes.h index cf2d6c699..808d5dc9a 100644 --- a/includes.h +++ b/includes.h @@ -148,9 +148,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include /* For IPv6 macros */ #include /* For IPTOS macros */ #include -#ifdef HAVE_NET_IF_H -# include -#endif #include #if defined(HAVE_NETDB_H) # include diff --git a/misc.c b/misc.c index 4141e6c48..76dbf40ea 100644 --- a/misc.c +++ b/misc.c @@ -543,7 +543,7 @@ tun_open(int tun, int mode) { #if defined(CUSTOM_SYS_TUN_OPEN) return (sys_tun_open(tun, mode)); -#elif defined(SSH_TUN_BSD) +#elif defined(SSH_TUN_OPENBSD) struct ifreq ifr; char name[100]; int fd = -1, sock; diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 479b46b7a..00a0442b1 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -89,6 +89,88 @@ sys_tun_open(int tun, int mode) } #endif /* SSH_TUN_LINUX */ +#ifdef SSH_TUN_FREEBSD +#include +#include +#include + +int +sys_tun_open(int tun, int mode) +{ + struct ifreq ifr; + char name[100]; + int fd = -1, sock, flag; + const char *tunbase = "tun"; + + if (mode == SSH_TUNMODE_ETHERNET) { +#ifdef SSH_TUN_NO_L2 + debug("%s: no layer 2 tunnelling support", __func__); + return (-1); +#else + tunbase = "tap"; +#endif + } + + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { + snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/%s%d", + tunbase, tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; + } + } else { + debug("%s: invalid tunnel %u\n", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, + strerror(errno)); + return (-1); + } + + /* Turn on tunnel headers */ + flag = 1; +#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF) + if (mode != SSH_TUNMODE_ETHERNET && + ioctl(fd, TUNSIFHEAD, &flag) == -1) { + debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, + strerror(errno)); + close(fd); + } +#endif + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); +} +#endif /* SSH_TUN_FREEBSD */ + /* * System-specific channel filters */ @@ -102,16 +184,29 @@ sys_tun_infilter(struct Channel *c, char *buf, int len) { #if defined(SSH_TUN_PREPEND_AF) char rbuf[CHAN_RBUF]; + struct ip *iph; #endif u_int32_t *af; char *ptr = buf; #if defined(SSH_TUN_PREPEND_AF) - if (len > (int)(sizeof(rbuf) - sizeof(*af))) + if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af))) return (-1); ptr = (char *)&rbuf[0]; bcopy(buf, ptr + sizeof(u_int32_t), len); len += sizeof(u_int32_t); + af = (u_int32_t *)ptr; + + iph = (struct ip *)(ptr + sizeof(u_int32_t)); + switch (iph->ip_v) { + case 6: + *af = AF_INET6; + break; + case 4: + default: + *af = AF_INET; + break; + } #endif #if defined(SSH_TUN_COMPAT_AF) @@ -124,6 +219,7 @@ sys_tun_infilter(struct Channel *c, char *buf, int len) else *af = htonl(OPENBSD_AF_INET); #endif + buffer_put_string(&c->input, ptr, len); return (0); } diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h index 942610c6d..86d9272b4 100644 --- a/openbsd-compat/port-tun.h +++ b/openbsd-compat/port-tun.h @@ -19,7 +19,7 @@ #include "channels.h" -#if defined(SSH_TUN_LINUX) +#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) # define CUSTOM_SYS_TUN_OPEN int sys_tun_open(int, int); #endif -- cgit v1.2.3 From 3beb852e09a1de1b6db0103b1c39e56f9dfeff09 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:40:10 +1100 Subject: - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 [includes.h misc.c] move ; ok djm@ --- ChangeLog | 5 ++++- includes.h | 2 +- misc.c | 6 +++++- 3 files changed, 10 insertions(+), 3 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index a1f0b7842..73203f24f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ - jmc@cvs.openbsd.org 2005/12/31 13:45:19 [ssh.1] .Nm does not require an argument; + - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 + [includes.h misc.c] + move ; ok djm@ 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3604,4 +3607,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4066 2006/01/02 12:38:37 djm Exp $ +$Id: ChangeLog,v 1.4067 2006/01/02 12:40:10 djm Exp $ diff --git a/includes.h b/includes.h index 808d5dc9a..520817400 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.21 2005/12/08 18:34:11 reyk Exp $ */ +/* $OpenBSD: includes.h,v 1.22 2006/01/01 08:59:27 stevesk Exp $ */ /* * Author: Tatu Ylonen diff --git a/misc.c b/misc.c index 76dbf40ea..ac939af7e 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.37 2005/12/08 18:34:11 reyk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.38 2006/01/01 08:59:27 stevesk Exp $"); + +#ifdef SSH_TUN_OPENBSD +#include +#endif #include "misc.h" #include "log.h" -- cgit v1.2.3 From a210d522355b9dfacfc4691f483ee18896bfe4b8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:40:30 +1100 Subject: - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 [misc.c] no trailing "\n" for debug() --- ChangeLog | 5 ++++- misc.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index 73203f24f..b5a9c9bc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,9 @@ - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 [includes.h misc.c] move ; ok djm@ + - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 + [misc.c] + no trailing "\n" for debug() 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3607,4 +3610,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4067 2006/01/02 12:40:10 djm Exp $ +$Id: ChangeLog,v 1.4068 2006/01/02 12:40:30 djm Exp $ diff --git a/misc.c b/misc.c index ac939af7e..26d7cad2c 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.38 2006/01/01 08:59:27 stevesk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.39 2006/01/01 10:08:48 stevesk Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -563,7 +563,7 @@ tun_open(int tun, int mode) break; } } else { - debug("%s: invalid tunnel %u\n", __func__, tun); + debug("%s: invalid tunnel %u", __func__, tun); return (-1); } -- cgit v1.2.3 From a1d9a18e142d05cb8cfe10dc7abf253f1e2c6a5b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:41:21 +1100 Subject: - reyk@cvs.openbsd.org 2006/01/02 07:53:44 [misc.c] clarify tun(4) opening - set the mode and bring the interface up. also (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. suggested and ok by djm@ --- ChangeLog | 7 ++++++- misc.c | 16 +++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index 7e8839305..577123925 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,11 @@ - djm@cvs.openbsd.org 2006/01/02 01:20:31 [sftp-client.c sftp-common.h sftp-server.c] use a common max. packet length, no binary change + - reyk@cvs.openbsd.org 2006/01/02 07:53:44 + [misc.c] + clarify tun(4) opening - set the mode and bring the interface up. also + (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. + suggested and ok by djm@ 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3613,4 +3618,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4069 2006/01/02 12:40:50 djm Exp $ +$Id: ChangeLog,v 1.4070 2006/01/02 12:41:21 djm Exp $ diff --git a/misc.c b/misc.c index 26d7cad2c..0339cede4 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.39 2006/01/01 10:08:48 stevesk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.40 2006/01/02 07:53:44 reyk Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -581,11 +581,17 @@ tun_open(int tun, int mode) if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) goto failed; - if (mode == SSH_TUNMODE_ETHERNET) { + + /* Set interface mode */ + ifr.ifr_flags &= ~IFF_UP; + if (mode == SSH_TUNMODE_ETHERNET) ifr.ifr_flags |= IFF_LINK0; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; - } + else + ifr.ifr_flags &= ~IFF_LINK0; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + /* Bring interface up */ ifr.ifr_flags |= IFF_UP; if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) goto failed; -- cgit v1.2.3 From 72c5b7d85d06d6f71960ff00e780b87ca9d33d78 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:50:44 +1100 Subject: - djm@cvs.openbsd.org 2006/01/05 23:43:53 [misc.c] check that stdio file descriptors are actually closed before clobbering them in sanitise_stdfd(). problems occurred when a lower numbered fd was closed, but higher ones weren't. spotted by, and patch tested by Frédéric Olivié MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ChangeLog | 8 +++++++- misc.c | 14 ++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index 08c2183d8..a994dcb07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,12 @@ - jmc@cvs.openbsd.org 2006/01/04 19:50:09 [ssh.1] -.Xr gzip 1 , + - djm@cvs.openbsd.org 2006/01/05 23:43:53 + [misc.c] + check that stdio file descriptors are actually closed before clobbering + them in sanitise_stdfd(). problems occurred when a lower numbered fd was + closed, but higher ones weren't. spotted by, and patch tested by + Frédéric Olivié 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3663,4 +3669,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4081 2006/01/06 03:50:26 djm Exp $ +$Id: ChangeLog,v 1.4082 2006/01/06 03:50:44 djm Exp $ diff --git a/misc.c b/misc.c index 0339cede4..b876c0030 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.40 2006/01/02 07:53:44 reyk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.41 2006/01/05 23:43:53 djm Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -616,18 +616,20 @@ tun_open(int tun, int mode) void sanitise_stdfd(void) { - int nullfd; + int nullfd, dupfd; - if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); exit(1); } - while (nullfd < 2) { - if (dup2(nullfd, nullfd + 1) == -1) { + while (++dupfd <= 2) { + /* Only clobber closed fds */ + if (fcntl(dupfd, F_GETFL, 0) >= 0) + continue; + if (dup2(nullfd, dupfd) == -1) { fprintf(stderr, "dup2: %s", strerror(errno)); exit(1); } - nullfd++; } if (nullfd > 2) close(nullfd); -- cgit v1.2.3 From 3eec6b73a2c446225fce546d61d83cfc695fbaa0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:49:27 +1100 Subject: - djm@cvs.openbsd.org 2006/01/31 10:19:02 [misc.c misc.h scp.c sftp.c] fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ --- ChangeLog | 7 +++- misc.c | 45 +++++++++++++++++++-- misc.h | 8 +++- scp.c | 132 +++++++++++++++++++++++++++++++++++++++++--------------------- sftp.c | 8 ++-- 5 files changed, 145 insertions(+), 55 deletions(-) (limited to 'misc.c') diff --git a/ChangeLog b/ChangeLog index 51c272248..b98fc9115 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,11 @@ remove an incorrect sentence; reported by roumen petrov; ok djm markus + - djm@cvs.openbsd.org 2006/01/31 10:19:02 + [misc.c misc.h scp.c sftp.c] + fix local arbitrary command execution vulnerability on local/local and + remote/remote copies (CVE-2006-0225, bz #1094), patch by + t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3753,4 +3758,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4100 2006/01/31 10:47:58 djm Exp $ +$Id: ChangeLog,v 1.4101 2006/01/31 10:49:27 djm Exp $ diff --git a/misc.c b/misc.c index b876c0030..29e928886 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.41 2006/01/05 23:43:53 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -391,12 +391,15 @@ void addargs(arglist *args, char *fmt, ...) { va_list ap; - char buf[1024]; + char *cp; u_int nalloc; + int r; va_start(ap, fmt); - vsnprintf(buf, sizeof(buf), fmt, ap); + r = vasprintf(&cp, fmt, ap); va_end(ap); + if (r == -1) + fatal("addargs: argument too long"); nalloc = args->nalloc; if (args->list == NULL) { @@ -407,10 +410,44 @@ addargs(arglist *args, char *fmt, ...) args->list = xrealloc(args->list, nalloc * sizeof(char *)); args->nalloc = nalloc; - args->list[args->num++] = xstrdup(buf); + args->list[args->num++] = cp; args->list[args->num] = NULL; } +void +replacearg(arglist *args, u_int which, char *fmt, ...) +{ + va_list ap; + char *cp; + int r; + + va_start(ap, fmt); + r = vasprintf(&cp, fmt, ap); + va_end(ap); + if (r == -1) + fatal("replacearg: argument too long"); + + if (which >= args->num) + fatal("replacearg: tried to replace invalid arg %d >= %d", + which, args->num); + xfree(args->list[which]); + args->list[which] = cp; +} + +void +freeargs(arglist *args) +{ + u_int i; + + if (args->list != NULL) { + for (i = 0; i < args->num; i++) + xfree(args->list[i]); + xfree(args->list); + args->nalloc = args->num = 0; + args->list = NULL; + } +} + /* * Expands tildes in the file name. Returns data allocated by xmalloc. * Warning: this calls getpw*. diff --git a/misc.h b/misc.h index 415910686..0a1a09a68 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.28 2005/12/08 18:34:11 reyk Exp $ */ +/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,7 +38,11 @@ struct arglist { u_int num; u_int nalloc; }; -void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); +void addargs(arglist *, char *, ...) + __attribute__((format(printf, 2, 3))); +void replacearg(arglist *, u_int, char *, ...) + __attribute__((format(printf, 3, 4))); +void freeargs(arglist *); /* readpass.c */ diff --git a/scp.c b/scp.c index 5dced6ce4..2467dcb5c 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.128 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: scp.c,v 1.129 2006/01/31 10:19:02 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -118,6 +118,48 @@ killchild(int signo) exit(1); } +static int +do_local_cmd(arglist *a) +{ + u_int i; + int status; + pid_t pid; + + if (a->num == 0) + fatal("do_local_cmd: no arguments"); + + if (verbose_mode) { + fprintf(stderr, "Executing:"); + for (i = 0; i < a->num; i++) + fprintf(stderr, " %s", a->list[i]); + fprintf(stderr, "\n"); + } + if ((pid = fork()) == -1) + fatal("do_local_cmd: fork: %s", strerror(errno)); + + if (pid == 0) { + execvp(a->list[0], a->list); + perror(a->list[0]); + exit(1); + } + + do_cmd_pid = pid; + signal(SIGTERM, killchild); + signal(SIGINT, killchild); + signal(SIGHUP, killchild); + + while (waitpid(pid, &status, 0) == -1) + if (errno != EINTR) + fatal("do_local_cmd: waitpid: %s", strerror(errno)); + + do_cmd_pid = -1; + + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) + return (-1); + + return (0); +} + /* * This function executes the given command as the specified user on the * given host. This returns < 0 if execution fails, and >= 0 otherwise. This @@ -162,7 +204,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) close(pin[0]); close(pout[1]); - args.list[0] = ssh_program; + replacearg(&args, 0, "%s", ssh_program); if (remuser != NULL) addargs(&args, "-l%s", remuser); addargs(&args, "%s", host); @@ -227,8 +269,9 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); + memset(&args, '\0', sizeof(args)); args.list = NULL; - addargs(&args, "ssh"); /* overwritten with ssh_program */ + addargs(&args, "%s", ssh_program); addargs(&args, "-x"); addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); @@ -368,6 +411,10 @@ toremote(char *targ, int argc, char **argv) { int i, len; char *bp, *host, *src, *suser, *thost, *tuser, *arg; + arglist alist; + + memset(&alist, '\0', sizeof(alist)); + alist.list = NULL; *targ++ = 0; if (*targ == 0) @@ -385,56 +432,48 @@ toremote(char *targ, int argc, char **argv) tuser = NULL; } + if (tuser != NULL && !okname(tuser)) { + xfree(arg); + return; + } + for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); if (src) { /* remote to remote */ - static char *ssh_options = - "-x -o'ClearAllForwardings yes'"; + freeargs(&alist); + addargs(&alist, "%s", ssh_program); + if (verbose_mode) + addargs(&alist, "-v"); + addargs(&alist, "-x"); + addargs(&alist, "-oClearAllForwardings yes"); + addargs(&alist, "-n"); + *src++ = 0; if (*src == 0) src = "."; host = strrchr(argv[i], '@'); - len = strlen(ssh_program) + strlen(argv[i]) + - strlen(src) + (tuser ? strlen(tuser) : 0) + - strlen(thost) + strlen(targ) + - strlen(ssh_options) + CMDNEEDS + 20; - bp = xmalloc(len); + if (host) { *host++ = 0; host = cleanhostname(host); suser = argv[i]; if (*suser == '\0') suser = pwd->pw_name; - else if (!okname(suser)) { - xfree(bp); + else if (!okname(suser)) continue; - } - if (tuser && !okname(tuser)) { - xfree(bp); - continue; - } - snprintf(bp, len, - "%s%s %s -n " - "-l %s %s %s %s '%s%s%s:%s'", - ssh_program, verbose_mode ? " -v" : "", - ssh_options, suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); + addargs(&alist, "-l"); + addargs(&alist, "%s", suser); } else { host = cleanhostname(argv[i]); - snprintf(bp, len, - "exec %s%s %s -n %s " - "%s %s '%s%s%s:%s'", - ssh_program, verbose_mode ? " -v" : "", - ssh_options, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); } - if (verbose_mode) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp) != 0) + addargs(&alist, "%s", host); + addargs(&alist, "%s", cmd); + addargs(&alist, "%s", src); + addargs(&alist, "%s%s%s:%s", + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); + if (do_local_cmd(&alist) != 0) errs = 1; - (void) xfree(bp); } else { /* local to remote */ if (remin == -1) { len = strlen(targ) + CMDNEEDS + 20; @@ -458,20 +497,23 @@ tolocal(int argc, char **argv) { int i, len; char *bp, *host, *src, *suser; + arglist alist; + + memset(&alist, '\0', sizeof(alist)); + alist.list = NULL; for (i = 0; i < argc - 1; i++) { if (!(src = colon(argv[i]))) { /* Local to local. */ - len = strlen(_PATH_CP) + strlen(argv[i]) + - strlen(argv[argc - 1]) + 20; - bp = xmalloc(len); - (void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, - iamrecursive ? " -r" : "", pflag ? " -p" : "", - argv[i], argv[argc - 1]); - if (verbose_mode) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) + freeargs(&alist); + addargs(&alist, "%s", _PATH_CP); + if (iamrecursive) + addargs(&alist, "-r"); + if (pflag) + addargs(&alist, "-p"); + addargs(&alist, "%s", argv[i]); + addargs(&alist, "%s", argv[argc-1]); + if (do_local_cmd(&alist)) ++errs; - (void) xfree(bp); continue; } *src++ = 0; diff --git a/sftp.c b/sftp.c index 24f6dc538..a2e3f6aad 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.69 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.70 2006/01/31 10:19:02 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -1453,8 +1453,9 @@ main(int argc, char **argv) sanitise_stdfd(); __progname = ssh_get_progname(argv[0]); + memset(&args, '\0', sizeof(args)); args.list = NULL; - addargs(&args, "ssh"); /* overwritten with ssh_program */ + addargs(&args, ssh_program); addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); @@ -1489,6 +1490,7 @@ main(int argc, char **argv) break; case 'S': ssh_program = optarg; + replacearg(&args, 0, "%s", ssh_program); break; case 'b': if (batchmode) @@ -1565,7 +1567,6 @@ main(int argc, char **argv) addargs(&args, "%s", host); addargs(&args, "%s", (sftp_server != NULL ? sftp_server : "sftp")); - args.list[0] = ssh_program; if (!batchmode) fprintf(stderr, "Connecting to %s...\n", host); @@ -1578,6 +1579,7 @@ main(int argc, char **argv) fprintf(stderr, "Attaching to %s...\n", sftp_direct); connect_to_server(sftp_direct, args.list, &in, &out); } + freeargs(&args); err = interactive_loop(in, out, file1, file2); -- cgit v1.2.3