X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/5156b1a1fca465f5acd9a09f208d610a64ec2ab3..b5afdff53b51d529e596da3b4c2aa5ee14cc8b08:/openssh/ssh.c

diff --git a/openssh/ssh.c b/openssh/ssh.c
index 346f16b..21f4c84 100644
--- a/openssh/ssh.c
+++ b/openssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.326 2009/07/02 02:11:47 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -48,6 +48,7 @@
 #endif
 #include <sys/resource.h>
 #include <sys/ioctl.h>
+#include <sys/param.h>
 #include <sys/socket.h>
 
 #include <ctype.h>
@@ -179,7 +180,7 @@ static void
 usage(void)
 {
 	fprintf(stderr,
-"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
 "           [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
 "           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
@@ -203,8 +204,8 @@ void muxserver_listen(void);
 int
 main(int ac, char **av)
 {
-	int i, opt, exit_status;
-	char *p, *cp, *line, buf[256];
+	int i, r, opt, exit_status, use_syslog;
+	char *p, *cp, *line, *argv0, buf[MAXPATHLEN];
 	struct stat st;
 	struct passwd *pw;
 	int dummy, timeout_ms;
@@ -269,10 +270,12 @@ main(int ac, char **av)
 
 	/* Parse command-line arguments. */
 	host = NULL;
+	use_syslog = 0;
+	argv0 = av[0];
 
  again:
 	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-	    "ACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
+	    "ACD:F:I:KL:MNO:PR:S:TVw:XYy")) != -1) {
 		switch (opt) {
 		case '1':
 			options.protocol = SSH_PROTO_1;
@@ -299,6 +302,9 @@ main(int ac, char **av)
 		case 'X':
 			options.forward_x11 = 1;
 			break;
+		case 'y':
+			use_syslog = 1;
+			break;
 		case 'Y':
 			options.forward_x11 = 1;
 			options.forward_x11_trusted = 1;
@@ -439,7 +445,7 @@ main(int ac, char **av)
 			break;
 		case 'p':
 			options.port = a2port(optarg);
-			if (options.port == 0) {
+			if (options.port <= 0) {
 				fprintf(stderr, "Bad port '%s'\n", optarg);
 				exit(255);
 			}
@@ -449,7 +455,7 @@ main(int ac, char **av)
 			break;
 
 		case 'L':
-			if (parse_forward(&fwd, optarg))
+			if (parse_forward(&fwd, optarg, 0, 0))
 				add_local_forward(&options, &fwd);
 			else {
 				fprintf(stderr,
@@ -460,7 +466,7 @@ main(int ac, char **av)
 			break;
 
 		case 'R':
-			if (parse_forward(&fwd, optarg)) {
+			if (parse_forward(&fwd, optarg, 0, 1)) {
 				add_remote_forward(&options, &fwd);
 			} else {
 				fprintf(stderr,
@@ -471,30 +477,14 @@ main(int ac, char **av)
 			break;
 
 		case 'D':
-			cp = p = xstrdup(optarg);
-			memset(&fwd, '\0', sizeof(fwd));
-			fwd.connect_host = "socks";
-			if ((fwd.listen_host = hpdelim(&cp)) == NULL) {
-				fprintf(stderr, "Bad dynamic forwarding "
-				    "specification '%.100s'\n", optarg);
-				exit(255);
-			}
-			if (cp != NULL) {
-				fwd.listen_port = a2port(cp);
-				fwd.listen_host =
-				    cleanhostname(fwd.listen_host);
+			if (parse_forward(&fwd, optarg, 1, 0)) {
+				add_local_forward(&options, &fwd);
 			} else {
-				fwd.listen_port = a2port(fwd.listen_host);
-				fwd.listen_host = NULL;
-			}
-
-			if (fwd.listen_port == 0) {
-				fprintf(stderr, "Bad dynamic port '%s'\n",
-				    optarg);
+				fprintf(stderr,
+				    "Bad dynamic forwarding specification "
+				    "'%s'\n", optarg);
 				exit(255);
 			}
-			add_local_forward(&options, &fwd);
-			xfree(p);
 			break;
 
 		case 'C':
@@ -504,13 +494,6 @@ main(int ac, char **av)
 			no_shell_flag = 1;
 			no_tty_flag = 1;
 			break;
-		case 'T':
-			no_tty_flag = 1;
-			/* ensure that the user doesn't try to backdoor a */
-			/* null cipher switch on an interactive session */
-			/* so explicitly disable it no matter what */
-			options.none_switch=0;
-			break;
 		case 'o':
 			dummy = 1;
 			line = xstrdup(optarg);
@@ -519,6 +502,13 @@ main(int ac, char **av)
 				exit(255);
 			xfree(line);
 			break;
+		case 'T':
+			no_tty_flag = 1;
+			/* ensure that the user doesn't try to backdoor a */
+			/* null cipher switch on an interactive session */
+			/* so explicitly disable it no matter what */
+			options.none_switch=0;
+			break;
 		case 's':
 			subsystem_flag = 1;
 			break;
@@ -616,9 +606,9 @@ main(int ac, char **av)
 	 * Initialize "log" output.  Since we are the client all output
 	 * actually goes to stderr.
 	 */
-	log_init(av[0],
+	log_init(argv0,
 	    options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
-	    SYSLOG_FACILITY_USER, 1);
+	    SYSLOG_FACILITY_USER, !use_syslog);
 
 	/*
 	 * Read per-user configuration file.  Ignore the system wide config
@@ -638,23 +628,27 @@ main(int ac, char **av)
 	     * options.
 	     */
 #ifdef GSSAPI
-		snprintf(buf, sizeof buf, "%.100s/%.100s.gssapi", pw->pw_dir,
+		r = snprintf(buf, sizeof buf, "%s/%s.gssapi", pw->pw_dir,
 		    _PATH_SSH_USER_CONFFILE);
-		(void)read_config_file(buf, host, &options, 1);
+		if (r > 0 && (size_t)r < sizeof(buf))
+			(void)read_config_file(buf, host, &options, 1);
 #ifdef GSI
-		snprintf(buf, sizeof buf, "%.100s/%.100s.gsi", pw->pw_dir,
+		r = snprintf(buf, sizeof buf, "%s/%s.gsi", pw->pw_dir,
 		    _PATH_SSH_USER_CONFFILE);
-		(void)read_config_file(buf, host, &options, 1);
+		if (r > 0 && (size_t)r < sizeof(buf))
+			(void)read_config_file(buf, host, &options, 1);
 #endif
 #if defined(KRB5)
-		snprintf(buf, sizeof buf, "%.100s/%.100s.krb", pw->pw_dir,
+		r = snprintf(buf, sizeof buf, "%s/%s.krb", pw->pw_dir,
 		    _PATH_SSH_USER_CONFFILE);
-		(void)read_config_file(buf, host, &options, 1);
+		if (r > 0 && (size_t)r < sizeof(buf))
+			(void)read_config_file(buf, host, &options, 1);
 #endif
 #endif
-		snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
+		r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
 		    _PATH_SSH_USER_CONFFILE);
-		(void)read_config_file(buf, host, &options, 1);
+		if (r > 0 && (size_t)r < sizeof(buf))
+			(void)read_config_file(buf, host, &options, 1);
 
 		/* Read systemwide configuration file after use config. */
 		(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
@@ -667,7 +661,7 @@ main(int ac, char **av)
 	channel_set_af(options.address_family);
 
 	/* reinit */
-	log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
+	log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
 
 	seed_rng();
 
@@ -808,9 +802,9 @@ main(int ac, char **av)
 	 * Now that we are back to our own permissions, create ~/.ssh
 	 * directory if it doesn't already exist.
 	 */
-	snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
+	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-	if (stat(buf, &st) < 0)
+	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
 
@@ -879,9 +873,16 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
 {
 	Forward *rfwd = (Forward *)ctxt;
 
+	/* XXX verbose() on failure? */
 	debug("remote forward %s for: listen %d, connect %s:%d",
 	    type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
 	    rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
+	if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) {
+		logit("Allocated port %u for remote forward to %s:%d",
+			packet_get_int(),
+			rfwd->connect_host, rfwd->connect_port);
+	}
+	
 	if (type == SSH2_MSG_REQUEST_FAILURE) {
 		if (options.exit_on_forward_failure)
 			fatal("Error: remote port forwarding failed for "
@@ -922,8 +923,7 @@ ssh_init_forwarding(void)
 		    options.local_forwards[i].listen_port,
 		    options.local_forwards[i].connect_host,
 		    options.local_forwards[i].connect_port,
-		    options.gateway_ports, options.hpn_disabled,
-		    options.hpn_buffer_size);
+		    options.gateway_ports);
 	}
 	if (i > 0 && success != i && options.exit_on_forward_failure)
 		fatal("Could not request local forwarding.");
@@ -1217,43 +1217,46 @@ ssh_session2_open(void)
 	/* to no. In which case we *can* just set the window to the */
 	/* minimum of the hpn buffer size and tcp receive buffer size */
 	
-	if(options.hpn_disabled)
-	{
+	if (tty_flag)
 		options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-	}
-	else if (datafellows & SSH_BUG_LARGEWINDOW) 
+	else
+		options.hpn_buffer_size = 2*1024*1024;
+
+	if (datafellows & SSH_BUG_LARGEWINDOW) 
 	{
 		debug("HPN to Non-HPN Connection");
-		if (options.hpn_buffer_size < 0)
-			options.hpn_buffer_size = 2*1024*1024;
 	} 
 	else 
 	{
-		if (options.hpn_buffer_size < 0)
-			options.hpn_buffer_size = BUFFER_MAX_LEN_HPN;
-
-		/*create a socket but don't connect it */
-		/* we use that the get the rcv socket size */
-		sock = socket(AF_INET, SOCK_STREAM, 0);
-		/* if they are using the tcp_rcv_buf option */
-		/* attempt to set the buffer size to that */
-		if (options.tcp_rcv_buf) 
-			setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, 
-				   sizeof(options.tcp_rcv_buf));
-		getsockopt(sock, SOL_SOCKET, SO_RCVBUF, 
-			   &socksize, &socksizelen);
-		close(sock);
-		debug("socksize %d", socksize);
 		if (options.tcp_rcv_buf_poll <= 0) 
 		{
-			options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size);
-			debug ("MIN of TCP RWIN and HPNBufferSize: %d", options.hpn_buffer_size);
+			sock = socket(AF_INET, SOCK_STREAM, 0);
+			getsockopt(sock, SOL_SOCKET, SO_RCVBUF, 
+				   &socksize, &socksizelen);
+			close(sock);
+			debug("socksize %d", socksize);
+			options.hpn_buffer_size = socksize;
+			debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size);
 		} 
 		else
 		{
 			if (options.tcp_rcv_buf > 0) 
-				options.hpn_buffer_size = MIN(options.tcp_rcv_buf, options.hpn_buffer_size);
-				debug ("MIN of TCPRcvBuf and HPNBufferSize: %d", options.hpn_buffer_size);
+			{
+				/*create a socket but don't connect it */
+				/* we use that the get the rcv socket size */
+				sock = socket(AF_INET, SOCK_STREAM, 0);
+				/* if they are using the tcp_rcv_buf option */
+				/* attempt to set the buffer size to that */
+				if (options.tcp_rcv_buf) 
+					setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, 
+						   sizeof(options.tcp_rcv_buf));
+				getsockopt(sock, SOL_SOCKET, SO_RCVBUF, 
+					   &socksize, &socksizelen);
+				close(sock);
+				debug("socksize %d", socksize);
+				options.hpn_buffer_size = socksize;
+				debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size);
+			}
  		}
 		
 	}
@@ -1262,6 +1265,8 @@ ssh_session2_open(void)
 
 	window = options.hpn_buffer_size;
 
+	channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+
 	packetmax = CHAN_SES_PACKET_DEFAULT;
 	if (tty_flag) {
 		window = 4*CHAN_SES_PACKET_DEFAULT;
@@ -1272,7 +1277,6 @@ ssh_session2_open(void)
 	    "session", SSH_CHANNEL_OPENING, in, out, err,
 	    window, packetmax, CHAN_EXTENDED_WRITE,
 	    "client-session", /*nonblock*/0);
-
 	if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) {
 		c->dynamic_window = 1;
 		debug ("Enabled Dynamic Window Scaling\n");
@@ -1299,7 +1303,8 @@ ssh_session2(void)
 		id = ssh_session2_open();
 
 	/* If we don't expect to open a new session, then disallow it */
-	if (options.control_master == SSHCTL_MASTER_NO) {
+	if (options.control_master == SSHCTL_MASTER_NO &&
+	    (datafellows & SSH_NEW_OPENSSH)) {
 		debug("Requesting no-more-sessions@openssh.com");
 		packet_start(SSH2_MSG_GLOBAL_REQUEST);
 		packet_put_cstring("no-more-sessions@openssh.com");