cipher-bf1.o cipher-ctr.o cipher-ctr-mt.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
- readpass.o rsa.o ttymodes.o xmalloc.o \
+ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
entropy.o scard-opensc.o gss-genr.o umac.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
- sshconnect.o sshconnect1.o sshconnect2.o
+ sshconnect.o sshconnect1.o sshconnect2.o mux.o
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
sshpty.o sshlogin.o servconf.o serverloop.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o
-MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
+ -e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
-e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
-e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+ $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
TEST_SSH_PLINK="plink"; \
TEST_SSH_PUTTYGEN="puttygen"; \
+ TEST_SSH_CONCH="conch"; \
+ TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
cd $(srcdir)/regress || exit $$?; \
$(MAKE) \
.OBJDIR="$${BUILDDIR}/regress" \
TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
+ TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
+ TEST_SSH_IPV6="@TEST_SSH_IPV6@" \
EXEEXT="$(EXEEXT)" \
- $@
+ $@ && echo all tests passed
compat-tests: $(LIBCOMPAT)
(cd openbsd-compat/regress && $(MAKE))
+++ /dev/null
-.\" -*- nroff -*-
-.\"
-.\" $OpenBSD: RFC.nroff,v 1.2 2000/10/16 09:38:44 djm Exp $
-.\"
-.pl 10.0i
-.po 0
-.ll 7.2i
-.lt 7.2i
-.nr LL 7.2i
-.nr LT 7.2i
-.ds LF Ylonen
-.ds RF FORMFEED[Page %]
-.ds CF
-.ds LH Internet-Draft
-.ds RH 15 November 1995
-.ds CH SSH (Secure Shell) Remote Login Protocol
-.na
-.hy 0
-.in 0
-Network Working Group T. Ylonen
-Internet-Draft Helsinki University of Technology
-draft-ylonen-ssh-protocol-00.txt 15 November 1995
-Expires: 15 May 1996
-
-.in 3
-
-.ce
-The SSH (Secure Shell) Remote Login Protocol
-
-.ti 0
-Status of This Memo
-
-This document is an Internet-Draft. Internet-Drafts are working
-documents of the Internet Engineering Task Force (IETF), its areas,
-and its working groups. Note that other groups may also distribute
-working documents as Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six
-months and may be updated, replaced, or obsoleted by other docu-
-ments at any time. It is inappropriate to use Internet-Drafts as
-reference material or to cite them other than as ``work in pro-
-gress.''
-
-To learn the current status of any Internet-Draft, please check the
-``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow
-Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
-munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
-ftp.isi.edu (US West Coast).
-
-The distribution of this memo is unlimited.
-
-.ti 0
-Introduction
-
-SSH (Secure Shell) is a program to log into another computer over a
-network, to execute commands in a remote machine, and to move files
-from one machine to another. It provides strong authentication and
-secure communications over insecure networks. Its features include
-the following:
-.IP o
-Closes several security holes (e.g., IP, routing, and DNS spoofing).
-New authentication methods: .rhosts together with RSA [RSA] based host
-authentication, and pure RSA authentication.
-.IP o
-All communications are automatically and transparently encrypted.
-Encryption is also used to protect integrity.
-.IP o
-X11 connection forwarding provides secure X11 sessions.
-.IP o
-Arbitrary TCP/IP ports can be redirected over the encrypted channel
-in both directions.
-.IP o
-Client RSA-authenticates the server machine in the beginning of every
-connection to prevent trojan horses (by routing or DNS spoofing) and
-man-in-the-middle attacks, and the server RSA-authenticates the client
-machine before accepting .rhosts or /etc/hosts.equiv authentication
-(to prevent DNS, routing, or IP spoofing).
-.IP o
-An authentication agent, running in the user's local workstation or
-laptop, can be used to hold the user's RSA authentication keys.
-.RT
-
-The goal has been to make the software as easy to use as possible for
-ordinary users. The protocol has been designed to be as secure as
-possible while making it possible to create implementations that
-are easy to use and install. The sample implementation has a number
-of convenient features that are not described in this document as they
-are not relevant for the protocol.
-
-
-.ti 0
-Overview of the Protocol
-
-The software consists of a server program running on a server machine,
-and a client program running on a client machine (plus a few auxiliary
-programs). The machines are connected by an insecure IP [RFC0791]
-network (that can be monitored, tampered with, and spoofed by hostile
-parties).
-
-A connection is always initiated by the client side. The server
-listens on a specific port waiting for connections. Many clients may
-connect to the same server machine.
-
-The client and the server are connected via a TCP/IP [RFC0793] socket
-that is used for bidirectional communication. Other types of
-transport can be used but are currently not defined.
-
-When the client connects the server, the server accepts the connection
-and responds by sending back its version identification string. The
-client parses the server's identification, and sends its own
-identification. The purpose of the identification strings is to
-validate that the connection was to the correct port, declare the
-protocol version number used, and to declare the software version used
-on each side (for debugging purposes). The identification strings are
-human-readable. If either side fails to understand or support the
-other side's version, it closes the connection.
-
-After the protocol identification phase, both sides switch to a packet
-based binary protocol. The server starts by sending its host key
-(every host has an RSA key used to authenticate the host), server key
-(an RSA key regenerated every hour), and other information to the
-client. The client then generates a 256 bit session key, encrypts it
-using both RSA keys (see below for details), and sends the encrypted
-session key and selected cipher type to the server. Both sides then
-turn on encryption using the selected algorithm and key. The server
-sends an encrypted confirmation message to the client.
-
-The client then authenticates itself using any of a number of
-authentication methods. The currently supported authentication
-methods are .rhosts or /etc/hosts.equiv authentication (disabled by
-default), the same with RSA-based host authentication, RSA
-authentication, and password authentication.
-
-After successful authentication, the client makes a number of requests
-to prepare for the session. Typical requests include allocating a
-pseudo tty, starting X11 [X11] or TCP/IP port forwarding, starting
-authentication agent forwarding, and executing the shell or a command.
-
-When a shell or command is executed, the connection enters interactive
-session mode. In this mode, data is passed in both directions,
-new forwarded connections may be opened, etc. The interactive session
-normally terminates when the server sends the exit status of the
-program to the client.
-
-
-The protocol makes several reservations for future extensibility.
-First of all, the initial protocol identification messages include the
-protocol version number. Second, the first packet by both sides
-includes a protocol flags field, which can be used to agree on
-extensions in a compatible manner. Third, the authentication and
-session preparation phases work so that the client sends requests to
-the server, and the server responds with success or failure. If the
-client sends a request that the server does not support, the server
-simply returns failure for it. This permits compatible addition of
-new authentication methods and preparation operations. The
-interactive session phase, on the other hand, works asynchronously and
-does not permit the use of any extensions (because there is no easy
-and reliable way to signal rejection to the other side and problems
-would be hard to debug). Any compatible extensions to this phase must
-be agreed upon during any of the earlier phases.
-
-.ti 0
-The Binary Packet Protocol
-
-After the protocol identification strings, both sides only send
-specially formatted packets. The packet layout is as follows:
-.IP o
-Packet length: 32 bit unsigned integer, coded as four 8-bit bytes, msb
-first. Gives the length of the packet, not including the length field
-and padding. The maximum length of a packet (not including the length
-field and padding) is 262144 bytes.
-.IP o
-Padding: 1-8 bytes of random data (or zeroes if not encrypting). The
-amount of padding is (8 - (length % 8)) bytes (where % stands for the
-modulo operator). The rationale for always having some random padding
-at the beginning of each packet is to make known plaintext attacks
-more difficult.
-.IP o
-Packet type: 8-bit unsigned byte. The value 255 is reserved for
-future extension.
-.IP o
-Data: binary data bytes, depending on the packet type. The number of
-data bytes is the "length" field minus 5.
-.IP o
-Check bytes: 32-bit crc, four 8-bit bytes, msb first. The crc is the
-Cyclic Redundancy Check, with the polynomial 0xedb88320, of the
-Padding, Packet type, and Data fields. The crc is computed before
-any encryption.
-.RT
-
-The packet, except for the length field, may be encrypted using any of
-a number of algorithms. The length of the encrypted part (Padding +
-Type + Data + Check) is always a multiple of 8 bytes. Typically the
-cipher is used in a chained mode, with all packets chained together as
-if it was a single data stream (the length field is never included in
-the encryption process). Details of encryption are described below.
-
-When the session starts, encryption is turned off. Encryption is
-enabled after the client has sent the session key. The encryption
-algorithm to use is selected by the client.
-
-
-.ti 0
-Packet Compression
-
-If compression is supported (it is an optional feature, see
-SSH_CMSG_REQUEST_COMPRESSION below), the packet type and data fields
-of the packet are compressed using the gzip deflate algorithm [GZIP].
-If compression is in effect, the packet length field indicates the
-length of the compressed data, plus 4 for the crc. The amount of
-padding is computed from the compressed data, so that the amount of
-data to be encrypted becomes a multiple of 8 bytes.
-
-When compressing, the packets (type + data portions) in each direction
-are compressed as if they formed a continuous data stream, with only the
-current compression block flushed between packets. This corresponds
-to the GNU ZLIB library Z_PARTIAL_FLUSH option. The compression
-dictionary is not flushed between packets. The two directions are
-compressed independently of each other.
-
-
-.ti 0
-Packet Encryption
-
-The protocol supports several encryption methods. During session
-initialization, the server sends a bitmask of all encryption methods
-that it supports, and the client selects one of these methods. The
-client also generates a 256-bit random session key (32 8-bit bytes) and
-sends it to the server.
-
-The encryption methods supported by the current implementation, and
-their codes are:
-.TS
-center;
-l r l.
-SSH_CIPHER_NONE 0 No encryption
-SSH_CIPHER_IDEA 1 IDEA in CFB mode
-SSH_CIPHER_DES 2 DES in CBC mode
-SSH_CIPHER_3DES 3 Triple-DES in CBC mode
-SSH_CIPHER_TSS 4 An experimental stream cipher
-SSH_CIPHER_RC4 5 RC4
-.TE
-
-All implementations are required to support SSH_CIPHER_DES and
-SSH_CIPHER_3DES. Supporting SSH_CIPHER_IDEA, SSH_CIPHER_RC4, and
-SSH_CIPHER_NONE is recommended. Support for SSH_CIPHER_TSS is
-optional (and it is not described in this document). Other ciphers
-may be added at a later time; support for them is optional.
-
-For encryption, the encrypted portion of the packet is considered a
-linear byte stream. The length of the stream is always a multiple of
-8. The encrypted portions of consecutive packets (in the same
-direction) are encrypted as if they were a continuous buffer (that is,
-any initialization vectors are passed from the previous packet to the
-next packet). Data in each direction is encrypted independently.
-.IP SSH_CIPHER_DES
-The key is taken from the first 8 bytes of the session key. The least
-significant bit of each byte is ignored. This results in 56 bits of
-key data. DES [DES] is used in CBC mode. The iv (initialization vector) is
-initialized to all zeroes.
-.IP SSH_CIPHER_3DES
-The variant of triple-DES used here works as follows: there are three
-independent DES-CBC ciphers, with independent initialization vectors.
-The data (the whole encrypted data stream) is first encrypted with the
-first cipher, then decrypted with the second cipher, and finally
-encrypted with the third cipher. All these operations are performed
-in CBC mode.
-
-The key for the first cipher is taken from the first 8 bytes of the
-session key; the key for the next cipher from the next 8 bytes, and
-the key for the third cipher from the following 8 bytes. All three
-initialization vectors are initialized to zero.
-
-(Note: the variant of 3DES used here differs from some other
-descriptions.)
-.IP SSH_CIPHER_IDEA
-The key is taken from the first 16 bytes of the session key. IDEA
-[IDEA] is used in CFB mode. The initialization vector is initialized
-to all zeroes.
-.IP SSH_CIPHER_TSS
-All 32 bytes of the session key are used as the key.
-
-There is no reference available for the TSS algorithm; it is currently
-only documented in the sample implementation source code. The
-security of this cipher is unknown (but it is quite fast). The cipher
-is basically a stream cipher that uses MD5 as a random number
-generator and takes feedback from the data.
-.IP SSH_CIPHER_RC4
-The first 16 bytes of the session key are used as the key for the
-server to client direction. The remaining 16 bytes are used as the
-key for the client to server direction. This gives independent
-128-bit keys for each direction.
-
-This algorithm is the alleged RC4 cipher posted to the Usenet in 1995.
-It is widely believed to be equivalent with the original RSADSI RC4
-cipher. This is a very fast algorithm.
-.RT
-
-
-.ti 0
-Data Type Encodings
-
-The Data field of each packet contains data encoded as described in
-this section. There may be several data items; each item is coded as
-described here, and their representations are concatenated together
-(without any alignment or padding).
-
-Each data type is stored as follows:
-.IP "8-bit byte"
-The byte is stored directly as a single byte.
-.IP "32-bit unsigned integer"
-Stored in 4 bytes, msb first.
-.IP "Arbitrary length binary string"
-First 4 bytes are the length of the string, msb first (not including
-the length itself). The following "length" bytes are the string
-value. There are no terminating null characters.
-.IP "Multiple-precision integer"
-First 2 bytes are the number of bits in the integer, msb first (for
-example, the value 0x00012345 would have 17 bits). The value zero has
-zero bits. It is permissible that the number of bits be larger than the
-real number of bits.
-
-The number of bits is followed by (bits + 7) / 8 bytes of binary data,
-msb first, giving the value of the integer.
-.RT
-
-
-.ti 0
-TCP/IP Port Number and Other Options
-
-The server listens for connections on TCP/IP port 22.
-
-The client may connect the server from any port. However, if the
-client wishes to use any form of .rhosts or /etc/hosts.equiv
-authentication, it must connect from a privileged port (less than
-1024).
-
-For the IP Type of Service field [RFC0791], it is recommended that
-interactive sessions (those having a user terminal or forwarding X11
-connections) use the IPTOS_LOWDELAY, and non-interactive connections
-use IPTOS_THROUGHPUT.
-
-It is recommended that keepalives are used, because otherwise programs
-on the server may never notice if the other end of the connection is
-rebooted.
-
-
-.ti 0
-Protocol Version Identification
-
-After the socket is opened, the server sends an identification string,
-which is of the form
-"SSH-<protocolmajor>.<protocolminor>-<version>\\n", where
-<protocolmajor> and <protocolminor> are integers and specify the
-protocol version number (not software distribution version).
-<version> is server side software version string (max 40 characters);
-it is not interpreted by the remote side but may be useful for
-debugging.
-
-The client parses the server's string, and sends a corresponding
-string with its own information in response. If the server has lower
-version number, and the client contains special code to emulate it,
-the client responds with the lower number; otherwise it responds with
-its own number. The server then compares the version number the
-client sent with its own, and determines whether they can work
-together. The server either disconnects, or sends the first packet
-using the binary packet protocol and both sides start working
-according to the lower of the protocol versions.
-
-By convention, changes which keep the protocol compatible with
-previous versions keep the same major protocol version; changes that
-are not compatible increment the major version (which will hopefully
-never happen). The version described in this document is 1.3.
-
-The client will
-
-.ti 0
-Key Exchange and Server Host Authentication
-
-The first message sent by the server using the packet protocol is
-SSH_SMSG_PUBLIC_KEY. It declares the server's host key, server public
-key, supported ciphers, supported authentication methods, and flags
-for protocol extensions. It also contains a 64-bit random number
-(cookie) that must be returned in the client's reply (to make IP
-spoofing more difficult). No encryption is used for this message.
-
-Both sides compute a session id as follows. The modulus of the server
-key is interpreted as a byte string (without explicit length field,
-with minimum length able to hold the whole value), most significant
-byte first. This string is concatenated with the server host key
-interpreted the same way. Additionally, the cookie is concatenated
-with this. Both sides compute MD5 of the resulting string. The
-resulting 16 bytes (128 bits) are stored by both parties and are
-called the session id.
-
-The client responds with a SSH_CMSG_SESSION_KEY message, which
-contains the selected cipher type, a copy of the 64-bit cookie sent by
-the server, client's protocol flags, and a session key encrypted
-with both the server's host key and server key. No encryption is used
-for this message.
-
-The session key is 32 8-bit bytes (a total of 256 random bits
-generated by the client). The client first xors the 16 bytes of the
-session id with the first 16 bytes of the session key. The resulting
-string is then encrypted using the smaller key (one with smaller
-modulus), and the result is then encrypted using the other key. The
-number of bits in the public modulus of the two keys must differ by at
-least 128 bits.
-
-At each encryption step, a multiple-precision integer is constructed
-from the data to be encrypted as follows (the integer is here
-interpreted as a sequence of bytes, msb first; the number of bytes is
-the number of bytes needed to represent the modulus).
-
-The most significant byte (which is only partial as the value must be
-less than the public modulus, which is never a power of two) is zero.
-
-The next byte contains the value 2 (which stands for public-key
-encrypted data in the PKCS standard [PKCS#1]). Then, there are
-non-zero random bytes to fill any unused space, a zero byte, and the
-data to be encrypted in the least significant bytes, the last byte of
-the data in the least significant byte.
-
-This algorithm is used twice. First, it is used to encrypt the 32
-random bytes generated by the client to be used as the session key
-(xored by the session id). This value is converted to an integer as
-described above, and encrypted with RSA using the key with the smaller
-modulus. The resulting integer is converted to a byte stream, msb
-first. This byte stream is padded and encrypted identically using the
-key with the larger modulus.
-
-After the client has sent the session key, it starts to use the
-selected algorithm and key for decrypting any received packets, and
-for encrypting any sent packets. Separate ciphers are used for
-different directions (that is, both directions have separate
-initialization vectors or other state for the ciphers).
-
-When the server has received the session key message, and has turned
-on encryption, it sends a SSH_SMSG_SUCCESS message to the client.
-
-The recommended size of the host key is 1024 bits, and 768 bits for
-the server key. The minimum size is 512 bits for the smaller key.
-
-
-.ti 0
-Declaring the User Name
-
-The client then sends a SSH_CMSG_USER message to the server. This
-message specifies the user name to log in as.
-
-The server validates that such a user exists, checks whether
-authentication is needed, and responds with either SSH_SMSG_SUCCESS or
-SSH_SMSG_FAILURE. SSH_SMSG_SUCCESS indicates that no authentication
-is needed for this user (no password), and authentication phase has
-now been completed. SSH_SMSG_FAILURE indicates that authentication is
-needed (or the user does not exist).
-
-If the user does not exist, it is recommended that this returns
-failure, but the server keeps reading messages from the client, and
-responds to any messages (except SSH_MSG_DISCONNECT, SSH_MSG_IGNORE,
-and SSH_MSG_DEBUG) with SSH_SMSG_FAILURE. This way the client cannot
-be certain whether the user exists.
-
-
-.ti 0
-Authentication Phase
-
-Provided the server didn't immediately accept the login, an
-authentication exchange begins. The client sends messages to the
-server requesting different types of authentication in arbitrary order as
-many times as desired (however, the server may close the connection
-after a timeout). The server always responds with SSH_SMSG_SUCCESS if
-it has accepted the authentication, and with SSH_SMSG_FAILURE if it has
-denied authentication with the requested method or it does not
-recognize the message. Some authentication methods cause an exchange
-of further messages before the final result is sent. The
-authentication phase ends when the server responds with success.
-
-The recommended value for the authentication timeout (timeout before
-disconnecting if no successful authentication has been made) is 5
-minutes.
-
-The following authentication methods are currently supported:
-.TS
-center;
-l r l.
-SSH_AUTH_RHOSTS 1 .rhosts or /etc/hosts.equiv
-SSH_AUTH_RSA 2 pure RSA authentication
-SSH_AUTH_PASSWORD 3 password authentication
-SSH_AUTH_RHOSTS_RSA 4 .rhosts with RSA host authentication
-.TE
-.IP SSH_AUTH_RHOSTS
-
-This is the authentication method used by rlogin and rsh [RFC1282].
-
-The client sends SSH_CMSG_AUTH_RHOSTS with the client-side user name
-as an argument.
-
-The server checks whether to permit authentication. On UNIX systems,
-this is usually done by checking /etc/hosts.equiv, and .rhosts in the
-user's home directory. The connection must come from a privileged
-port.
-
-It is recommended that the server checks that there are no IP options
-(such as source routing) specified for the socket before accepting
-this type of authentication. The client host name should be
-reverse-mapped and then forward mapped to ensure that it has the
-proper IP-address.
-
-This authentication method trusts the remote host (root on the remote
-host can pretend to be any other user on that host), the name
-services, and partially the network: anyone who can see packets coming
-out from the server machine can do IP-spoofing and pretend to be any
-machine; however, the protocol prevents blind IP-spoofing (which used
-to be possible with rlogin).
-
-Many sites probably want to disable this authentication method because
-of the fundamental insecurity of conventional .rhosts or
-/etc/hosts.equiv authentication when faced with spoofing. It is
-recommended that this method not be supported by the server by
-default.
-.IP SSH_AUTH_RHOSTS_RSA
-
-In addition to conventional .rhosts and hosts.equiv authentication,
-this method additionally requires that the client host be
-authenticated using RSA.
-
-The client sends SSH_CMSG_AUTH_RHOSTS_RSA specifying the client-side
-user name, and the public host key of the client host.
-
-The server first checks if normal .rhosts or /etc/hosts.equiv
-authentication would be accepted, and if not, responds with
-SSH_SMSG_FAILURE. Otherwise, it checks whether it knows the host key
-for the client machine (using the same name for the host that was used
-for checking the .rhosts and /etc/hosts.equiv files). If it does not
-know the RSA key for the client, access is denied and SSH_SMSG_FAILURE
-is sent.
-
-If the server knows the host key of the client machine, it verifies
-that the given host key matches that known for the client. If not,
-access is denied and SSH_SMSG_FAILURE is sent.
-
-The server then sends a SSH_SMSG_AUTH_RSA_CHALLENGE message containing
-an encrypted challenge for the client. The challenge is 32 8-bit
-random bytes (256 bits). When encrypted, the highest (partial) byte
-is left as zero, the next byte contains the value 2, the following are
-non-zero random bytes, followed by a zero byte, and the challenge put
-in the remaining bytes. This is then encrypted using RSA with the
-client host's public key. (The padding and encryption algorithm is
-the same as that used for the session key.)
-
-The client decrypts the challenge using its private host key,
-concatenates this with the session id, and computes an MD5 checksum
-of the resulting 48 bytes. The MD5 output is returned as 16 bytes in
-a SSH_CMSG_AUTH_RSA_RESPONSE message. (MD5 is used to deter chosen
-plaintext attacks against RSA; the session id binds it to a specific
-session).
-
-The server verifies that the MD5 of the decrypted challenge returned by
-the client matches that of the original value, and sends SSH_SMSG_SUCCESS if
-so. Otherwise it sends SSH_SMSG_FAILURE and refuses the
-authentication attempt.
-
-This authentication method trusts the client side machine in that root
-on that machine can pretend to be any user on that machine.
-Additionally, it trusts the client host key. The name and/or IP
-address of the client host is only used to select the public host key.
-The same host name is used when scanning .rhosts or /etc/hosts.equiv
-and when selecting the host key. It would in principle be possible to
-eliminate the host name entirely and substitute it directly by the
-host key. IP and/or DNS [RFC1034] spoofing can only be used
-to pretend to be a host for which the attacker has the private host
-key.
-.IP SSH_AUTH_RSA
-
-The idea behind RSA authentication is that the server recognizes the
-public key offered by the client, generates a random challenge, and
-encrypts the challenge with the public key. The client must then
-prove that it has the corresponding private key by decrypting the
-challenge.
-
-The client sends SSH_CMSG_AUTH_RSA with public key modulus (n) as an
-argument.
-
-The server may respond immediately with SSH_SMSG_FAILURE if it does
-not permit authentication with this key. Otherwise it generates a
-challenge, encrypts it using the user's public key (stored on the
-server and identified using the modulus), and sends
-SSH_SMSG_AUTH_RSA_CHALLENGE with the challenge (mp-int) as an
-argument.
-
-The challenge is 32 8-bit random bytes (256 bits). When encrypted,
-the highest (partial) byte is left as zero, the next byte contains the
-value 2, the following are non-zero random bytes, followed by a zero
-byte, and the challenge put in the remaining bytes. This is then
-encrypted with the public key. (The padding and encryption algorithm
-is the same as that used for the session key.)
-
-The client decrypts the challenge using its private key, concatenates
-it with the session id, and computes an MD5 checksum of the resulting
-48 bytes. The MD5 output is returned as 16 bytes in a
-SSH_CMSG_AUTH_RSA_RESPONSE message. (Note that the MD5 is necessary
-to avoid chosen plaintext attacks against RSA; the session id binds it
-to a specific session.)
-
-The server verifies that the MD5 of the decrypted challenge returned
-by the client matches that of the original value, and sends
-SSH_SMSG_SUCCESS if so. Otherwise it sends SSH_SMSG_FAILURE and
-refuses the authentication attempt.
-
-This authentication method does not trust the remote host, the
-network, name services, or anything else. Authentication is based
-solely on the possession of the private identification keys. Anyone
-in possession of the private keys can log in, but nobody else.
-
-The server may have additional requirements for a successful
-authentiation. For example, to limit damage due to a compromised RSA
-key, a server might restrict access to a limited set of hosts.
-.IP SSH_AUTH_PASSWORD
-
-The client sends a SSH_CMSG_AUTH_PASSWORD message with the plain text
-password. (Note that even though the password is plain text inside
-the message, it is normally encrypted by the packet mechanism.)
-
-The server verifies the password, and sends SSH_SMSG_SUCCESS if
-authentication was accepted and SSH_SMSG_FAILURE otherwise.
-
-Note that the password is read from the user by the client; the user
-never interacts with a login program.
-
-This authentication method does not trust the remote host, the
-network, name services or anything else. Authentication is based
-solely on the possession of the password. Anyone in possession of the
-password can log in, but nobody else.
-.RT
-
-.ti 0
-Preparatory Operations
-
-After successful authentication, the server waits for a request from
-the client, processes the request, and responds with SSH_SMSG_SUCCESS
-whenever a request has been successfully processed. If it receives a
-message that it does not recognize or it fails to honor a request, it
-returns SSH_SMSG_FAILURE. It is expected that new message types might
-be added to this phase in future.
-
-The following messages are currently defined for this phase.
-.IP SSH_CMSG_REQUEST_COMPRESSION
-Requests that compression be enabled for this session. A
-gzip-compatible compression level (1-9) is passed as an argument.
-.IP SSH_CMSG_REQUEST_PTY
-Requests that a pseudo terminal device be allocated for this session.
-The user terminal type and terminal modes are supplied as arguments.
-.IP SSH_CMSG_X11_REQUEST_FORWARDING
-Requests forwarding of X11 connections from the remote machine to the
-local machine over the secure channel. Causes an internet-domain
-socket to be allocated and the DISPLAY variable to be set on the server.
-X11 authentication data is automatically passed to the server, and the
-client may implement spoofing of authentication data for added
-security. The authentication data is passed as arguments.
-.IP SSH_CMSG_PORT_FORWARD_REQUEST
-Requests forwarding of a TCP/IP port on the server host over the
-secure channel. What happens is that whenever a connection is made to
-the port on the server, a connection will be made from the client end
-to the specified host/port. Any user can forward unprivileged ports;
-only the root can forward privileged ports (as determined by
-authentication done earlier).
-.IP SSH_CMSG_AGENT_REQUEST_FORWARDING
-Requests forwarding of the connection to the authentication agent.
-.IP SSH_CMSG_EXEC_SHELL
-Starts a shell (command interpreter) for the user, and moves into
-interactive session mode.
-.IP SSH_CMSG_EXEC_CMD
-Executes the given command (actually "<shell> -c <command>" or
-equivalent) for the user, and moves into interactive session mode.
-.RT
-
-
-.ti 0
-Interactive Session and Exchange of Data
-
-During the interactive session, any data written by the shell or
-command running on the server machine is forwarded to stdin or
-stderr on the client machine, and any input available from stdin on
-the client machine is forwarded to the program on the server machine.
-
-All exchange is asynchronous; either side can send at any time, and
-there are no acknowledgements (TCP/IP already provides reliable
-transport, and the packet protocol protects against tampering or IP
-spoofing).
-
-When the client receives EOF from its standard input, it will send
-SSH_CMSG_EOF; however, this in no way terminates the exchange. The
-exchange terminates and interactive mode is left when the server sends
-SSH_SMSG_EXITSTATUS to indicate that the client program has
-terminated. Alternatively, either side may disconnect at any time by
-sending SSH_MSG_DISCONNECT or closing the connection.
-
-The server may send any of the following messages:
-.IP SSH_SMSG_STDOUT_DATA
-Data written to stdout by the program running on the server. The data
-is passed as a string argument. The client writes this data to
-stdout.
-.IP SSH_SMSG_STDERR_DATA
-Data written to stderr by the program running on the server. The data
-is passed as a string argument. The client writes this data to
-stderr. (Note that if the program is running on a tty, it is not
-possible to separate stdout and stderr data, and all data will be sent
-as stdout data.)
-.IP SSH_SMSG_EXITSTATUS
-Indicates that the shell or command has exited. Exit status is passed
-as an integer argument. This message causes termination of the
-interactive session.
-.IP SSH_SMSG_AGENT_OPEN
-Indicates that someone on the server side is requesting a connection
-to the authentication agent. The server-side channel number is passed
-as an argument. The client must respond with either
-SSH_CHANNEL_OPEN_CONFIRMATION or SSH_CHANNEL_OPEN_FAILURE.
-.IP SSH_SMSG_X11_OPEN
-Indicates that a connection has been made to the X11 socket on the
-server side and should be forwarded to the real X server. An integer
-argument indicates the channel number allocated for this connection on
-the server side. The client should send back either
-SSH_MSG_CHANNEL_OPEN_CONFIRMATION or SSH_MSG_CHANNEL_OPEN_FAILURE with
-the same server side channel number.
-.IP SSH_MSG_PORT_OPEN
-Indicates that a connection has been made to a port on the server side
-for which forwarding has been requested. Arguments are server side
-channel number, host name to connect to, and port to connect to. The
-client should send back either
-SSH_MSG_CHANNEL_OPEN_CONFIRMATION or SSH_MSG_CHANNEL_OPEN_FAILURE with
-the same server side channel number.
-.IP SSH_MSG_CHANNEL_OPEN_CONFIRMATION
-This is sent by the server to indicate that it has opened a connection
-as requested in a previous message. The first argument indicates the
-client side channel number, and the second argument is the channel number
-that the server has allocated for this connection.
-.IP SSH_MSG_CHANNEL_OPEN_FAILURE
-This is sent by the server to indicate that it failed to open a
-connection as requested in a previous message. The client-side
-channel number is passed as an argument. The client will close the
-descriptor associated with the channel and free the channel.
-.IP SSH_MSG_CHANNEL_DATA
-This packet contains data for a channel from the server. The first
-argument is the client-side channel number, and the second argument (a
-string) is the data.
-.IP SSH_MSG_CHANNEL_CLOSE
-This is sent by the server to indicate that whoever was in the other
-end of the channel has closed it. The argument is the client side channel
-number. The client will let all buffered data in the channel to
-drain, and when ready, will close the socket, free the channel, and
-send the server a SSH_MSG_CHANNEL_CLOSE_CONFIRMATION message for the
-channel.
-.IP SSH_MSG_CHANNEL_CLOSE_CONFIRMATION
-This is send by the server to indicate that a channel previously
-closed by the client has now been closed on the server side as well.
-The argument indicates the client channel number. The client frees
-the channel.
-.RT
-
-The client may send any of the following messages:
-.IP SSH_CMSG_STDIN_DATA
-This is data to be sent as input to the program running on the server.
-The data is passed as a string.
-.IP SSH_CMSG_EOF
-Indicates that the client has encountered EOF while reading standard
-input. The server will allow any buffered input data to drain, and
-will then close the input to the program.
-.IP SSH_CMSG_WINDOW_SIZE
-Indicates that window size on the client has been changed. The server
-updates the window size of the tty and causes SIGWINCH to be sent to
-the program. The new window size is passed as four integer arguments:
-row, col, xpixel, ypixel.
-.IP SSH_MSG_PORT_OPEN
-Indicates that a connection has been made to a port on the client side
-for which forwarding has been requested. Arguments are client side
-channel number, host name to connect to, and port to connect to. The
-server should send back either SSH_MSG_CHANNEL_OPEN_CONFIRMATION or
-SSH_MSG_CHANNEL_OPEN_FAILURE with the same client side channel number.
-.IP SSH_MSG_CHANNEL_OPEN_CONFIRMATION
-This is sent by the client to indicate that it has opened a connection
-as requested in a previous message. The first argument indicates the
-server side channel number, and the second argument is the channel
-number that the client has allocated for this connection.
-.IP SSH_MSG_CHANNEL_OPEN_FAILURE
-This is sent by the client to indicate that it failed to open a
-connection as requested in a previous message. The server side
-channel number is passed as an argument. The server will close the
-descriptor associated with the channel and free the channel.
-.IP SSH_MSG_CHANNEL_DATA
-This packet contains data for a channel from the client. The first
-argument is the server side channel number, and the second argument (a
-string) is the data.
-.IP SSH_MSG_CHANNEL_CLOSE
-This is sent by the client to indicate that whoever was in the other
-end of the channel has closed it. The argument is the server channel
-number. The server will allow buffered data to drain, and when ready,
-will close the socket, free the channel, and send the client a
-SSH_MSG_CHANNEL_CLOSE_CONFIRMATION message for the channel.
-.IP SSH_MSG_CHANNEL_CLOSE_CONFIRMATION
-This is send by the client to indicate that a channel previously
-closed by the server has now been closed on the client side as well.
-The argument indicates the server channel number. The server frees
-the channel.
-.RT
-
-Any unsupported messages during interactive mode cause the connection
-to be terminated with SSH_MSG_DISCONNECT and an error message.
-Compatible protocol upgrades should agree about any extensions during
-the preparation phase or earlier.
-
-
-.ti 0
-Termination of the Connection
-
-Normal termination of the connection is always initiated by the server
-by sending SSH_SMSG_EXITSTATUS after the program has exited. The
-client responds to this message by sending SSH_CMSG_EXIT_CONFIRMATION
-and closes the socket; the server then closes the socket. There are
-two purposes for the confirmation: some systems may lose previously
-sent data when the socket is closed, and closing the client side first
-causes any TCP/IP TIME_WAIT [RFC0793] waits to occur on the client side, not
-consuming server resources.
-
-If the program terminates due to a signal, the server will send
-SSH_MSG_DISCONNECT with an appropriate message. If the connection is
-closed, all file descriptors to the program will be closed and the
-server will exit. If the program runs on a tty, the kernel sends it
-the SIGHUP signal when the pty master side is closed.
-
-.ti 0
-Protocol Flags
-
-Both the server and the client pass 32 bits of protocol flags to the
-other side. The flags are intended for compatible protocol extension;
-the server first announces which added capabilities it supports, and
-the client then sends the capabilities that it supports.
-
-The following flags are currently defined (the values are bit masks):
-.IP "1 SSH_PROTOFLAG_SCREEN_NUMBER"
-This flag can only be sent by the client. It indicates that the X11
-forwarding requests it sends will include the screen number.
-.IP "2 SSH_PROTOFLAG_HOST_IN_FWD_OPEN"
-If both sides specify this flag, SSH_SMSG_X11_OPEN and
-SSH_MSG_PORT_OPEN messages will contain an additional field containing
-a description of the host at the other end of the connection.
-.RT
-
-.ti 0
-Detailed Description of Packet Types and Formats
-
-The supported packet types and the corresponding message numbers are
-given in the following table. Messages with _MSG_ in their name may
-be sent by either side. Messages with _CMSG_ are only sent by the
-client, and messages with _SMSG_ only by the server.
-
-A packet may contain additional data after the arguments specified
-below. Any such data should be ignored by the receiver. However, it
-is recommended that no such data be stored without good reason. (This
-helps build compatible extensions.)
-.IP "0 SSH_MSG_NONE"
-This code is reserved. This message type is never sent.
-.IP "1 SSH_MSG_DISCONNECT"
-.TS
-;
-l l.
-string Cause of disconnection
-.TE
-This message may be sent by either party at any time. It causes the
-immediate disconnection of the connection. The message is intended to
-be displayed to a human, and describes the reason for disconnection.
-.IP "2 SSH_SMSG_PUBLIC_KEY"
-.TS
-;
-l l.
-8 bytes anti_spoofing_cookie
-32-bit int server_key_bits
-mp-int server_key_public_exponent
-mp-int server_key_public_modulus
-32-bit int host_key_bits
-mp-int host_key_public_exponent
-mp-int host_key_public_modulus
-32-bit int protocol_flags
-32-bit int supported_ciphers_mask
-32-bit int supported_authentications_mask
-.TE
-Sent as the first message by the server. This message gives the
-server's host key, server key, protocol flags (intended for compatible
-protocol extension), supported_ciphers_mask (which is the
-bitwise or of (1 << cipher_number), where << is the left shift
-operator, for all supported ciphers), and
-supported_authentications_mask (which is the bitwise or of (1 <<
-authentication_type) for all supported authentication types). The
-anti_spoofing_cookie is 64 random bytes, and must be sent back
-verbatim by the client in its reply. It is used to make IP-spoofing
-more difficult (encryption and host keys are the real defense against
-spoofing).
-.IP "3 SSH_CMSG_SESSION_KEY"
-.TS
-;
-l l.
-1 byte cipher_type (must be one of the supported values)
-8 bytes anti_spoofing_cookie (must match data sent by the server)
-mp-int double-encrypted session key
-32-bit int protocol_flags
-.TE
-Sent by the client as the first message in the session. Selects the
-cipher to use, and sends the encrypted session key to the server. The
-anti_spoofing_cookie must be the same bytes that were sent by the
-server. Protocol_flags is intended for negotiating compatible
-protocol extensions.
-.IP "4 SSH_CMSG_USER"
-.TS
-;
-l l.
-string user login name on server
-.TE
-Sent by the client to begin authentication. Specifies the user name
-on the server to log in as. The server responds with SSH_SMSG_SUCCESS
-if no authentication is needed for this user, or SSH_SMSG_FAILURE if
-authentication is needed (or the user does not exist). [Note to the
-implementator: the user name is of arbitrary size. The implementation
-must be careful not to overflow internal buffers.]
-.IP "5 SSH_CMSG_AUTH_RHOSTS"
-.TS
-;
-l l.
-string client-side user name
-.TE
-Requests authentication using /etc/hosts.equiv and .rhosts (or
-equivalent mechanisms). This authentication method is normally
-disabled in the server because it is not secure (but this is the
-method used by rsh and rlogin). The server responds with
-SSH_SMSG_SUCCESS if authentication was successful, and
-SSH_SMSG_FAILURE if access was not granted. The server should check
-that the client side port number is less than 1024 (a privileged
-port), and immediately reject authentication if it is not. Supporting
-this authentication method is optional. This method should normally
-not be enabled in the server because it is not safe. (However, not
-enabling this only helps if rlogind and rshd are disabled.)
-.IP "6 SSH_CMSG_AUTH_RSA"
-.TS
-;
-l l.
-mp-int identity_public_modulus
-.TE
-Requests authentication using pure RSA authentication. The server
-checks if the given key is permitted to log in, and if so, responds
-with SSH_SMSG_AUTH_RSA_CHALLENGE. Otherwise, it responds with
-SSH_SMSG_FAILURE. The client often tries several different keys in
-sequence until one supported by the server is found. Authentication
-is accepted if the client gives the correct response to the challenge.
-The server is free to add other criteria for authentication, such as a
-requirement that the connection must come from a certain host. Such
-additions are not visible at the protocol level. Supporting this
-authentication method is optional but recommended.
-.IP "7 SSH_SMSG_AUTH_RSA_CHALLENGE"
-.TS
-;
-l l.
-mp-int encrypted challenge
-.TE
-Presents an RSA authentication challenge to the client. The challenge
-is a 256-bit random value encrypted as described elsewhere in this
-document. The client must decrypt the challenge using the RSA private
-key, compute MD5 of the challenge plus session id, and send back the
-resulting 16 bytes using SSH_CMSG_AUTH_RSA_RESPONSE.
-.IP "8 SSH_CMSG_AUTH_RSA_RESPONSE"
-.TS
-;
-l l.
-16 bytes MD5 of decrypted challenge
-.TE
-This message is sent by the client in response to an RSA challenge.
-The MD5 checksum is returned instead of the decrypted challenge to
-deter known-plaintext attacks against the RSA key. The server
-responds to this message with either SSH_SMSG_SUCCESS or
-SSH_SMSG_FAILURE.
-.IP "9 SSH_CMSG_AUTH_PASSWORD"
-.TS
-;
-l l.
-string plain text password
-.TE
-Requests password authentication using the given password. Note that
-even though the password is plain text inside the packet, the whole
-packet is normally encrypted by the packet layer. It would not be
-possible for the client to perform password encryption/hashing,
-because it cannot know which kind of encryption/hashing, if any, the
-server uses. The server responds to this message with
-SSH_SMSG_SUCCESS or SSH_SMSG_FAILURE.
-.IP "10 SSH_CMSG_REQUEST_PTY"
-.TS
-;
-l l.
-string TERM environment variable value (e.g. vt100)
-32-bit int terminal height, rows (e.g., 24)
-32-bit int terminal width, columns (e.g., 80)
-32-bit int terminal width, pixels (0 if no graphics) (e.g., 480)
-32-bit int terminal height, pixels (0 if no graphics) (e.g., 640)
-n bytes tty modes encoded in binary
-.TE
-Requests a pseudo-terminal to be allocated for this command. This
-message can be used regardless of whether the session will later
-execute the shell or a command. If a pty has been requested with this
-message, the shell or command will run on a pty. Otherwise it will
-communicate with the server using pipes, sockets or some other similar
-mechanism.
-
-The terminal type gives the type of the user's terminal. In the UNIX
-environment it is passed to the shell or command in the TERM
-environment variable.
-
-The width and height values give the initial size of the user's
-terminal or window. All values can be zero if not supported by the
-operating system. The server will pass these values to the kernel if
-supported.
-
-Terminal modes are encoded into a byte stream in a portable format.
-The exact format is described later in this document.
-
-The server responds to the request with either SSH_SMSG_SUCCESS or
-SSH_SMSG_FAILURE. If the server does not have the concept of pseudo
-terminals, it should return success if it is possible to execute a
-shell or a command so that it looks to the client as if it was running
-on a pseudo terminal.
-.IP "11 SSH_CMSG_WINDOW_SIZE"
-.TS
-;
-l l.
-32-bit int terminal height, rows
-32-bit int terminal width, columns
-32-bit int terminal width, pixels
-32-bit int terminal height, pixels
-.TE
-This message can only be sent by the client during the interactive
-session. This indicates that the size of the user's window has
-changed, and provides the new size. The server will update the
-kernel's notion of the window size, and a SIGWINCH signal or
-equivalent will be sent to the shell or command (if supported by the
-operating system).
-.IP "12 SSH_CMSG_EXEC_SHELL"
-
-(no arguments)
-
-Starts a shell (command interpreter), and enters interactive session
-mode.
-.IP "13 SSH_CMSG_EXEC_CMD"
-.TS
-;
-l l.
-string command to execute
-.TE
-Starts executing the given command, and enters interactive session
-mode. On UNIX, the command is run as "<shell> -c <command>", where
-<shell> is the user's login shell.
-.IP "14 SSH_SMSG_SUCCESS"
-
-(no arguments)
-
-This message is sent by the server in response to the session key, a
-successful authentication request, and a successfully completed
-preparatory operation.
-.IP "15 SSH_SMSG_FAILURE"
-
-(no arguments)
-
-This message is sent by the server in response to a failed
-authentication operation to indicate that the user has not yet been
-successfully authenticated, and in response to a failed preparatory
-operation. This is also sent in response to an authentication or
-preparatory operation request that is not recognized or supported.
-.IP "16 SSH_CMSG_STDIN_DATA"
-.TS
-;
-l l.
-string data
-.TE
-Delivers data from the client to be supplied as input to the shell or
-program running on the server side. This message can only be used in
-the interactive session mode. No acknowledgement is sent for this
-message.
-.IP "17 SSH_SMSG_STDOUT_DATA"
-.TS
-;
-l l.
-string data
-.TE
-Delivers data from the server that was read from the standard output of
-the shell or program running on the server side. This message can
-only be used in the interactive session mode. No acknowledgement is
-sent for this message.
-.IP "18 SSH_SMSG_STDERR_DATA"
-.TS
-;
-l l.
-string data
-.TE
-Delivers data from the server that was read from the standard error of
-the shell or program running on the server side. This message can
-only be used in the interactive session mode. No acknowledgement is
-sent for this message.
-.IP "19 SSH_CMSG_EOF"
-
-(no arguments)
-
-This message is sent by the client to indicate that EOF has been
-reached on the input. Upon receiving this message, and after all
-buffered input data has been sent to the shell or program, the server
-will close the input file descriptor to the program. This message can
-only be used in the interactive session mode. No acknowledgement is
-sent for this message.
-.IP "20 SSH_SMSG_EXITSTATUS"
-.TS
-;
-l l.
-32-bit int exit status of the command
-.TE
-Returns the exit status of the shell or program after it has exited.
-The client should respond with SSH_CMSG_EXIT_CONFIRMATION when it has
-received this message. This will be the last message sent by the
-server. If the program being executed dies with a signal instead of
-exiting normally, the server should terminate the session with
-SSH_MSG_DISCONNECT (which can be used to pass a human-readable string
-indicating that the program died due to a signal) instead of using
-this message.
-.IP "21 SSH_MSG_CHANNEL_OPEN_CONFIRMATION"
-.TS
-;
-l l.
-32-bit int remote_channel
-32-bit int local_channel
-.TE
-This is sent in response to any channel open request if the channel
-has been successfully opened. Remote_channel is the channel number
-received in the initial open request; local_channel is the channel
-number the side sending this message has allocated for the channel.
-Data can be transmitted on the channel after this message.
-.IP "22 SSH_MSG_CHANNEL_OPEN_FAILURE"
-.TS
-;
-l l.
-32-bit int remote_channel
-.TE
-This message indicates that an earlier channel open request by the
-other side has failed or has been denied. Remote_channel is the
-channel number given in the original request.
-.IP "23 SSH_MSG_CHANNEL_DATA"
-.TS
-;
-l l.
-32-bit int remote_channel
-string data
-.TE
-Data is transmitted in a channel in these messages. A channel is
-bidirectional, and both sides can send these messages. There is no
-acknowledgement for these messages. It is possible that either side
-receives these messages after it has sent SSH_MSG_CHANNEL_CLOSE for
-the channel. These messages cannot be received after the party has
-sent or received SSH_MSG_CHANNEL_CLOSE_CONFIRMATION.
-.IP "24 SSH_MSG_CHANNEL_CLOSE"
-.TS
-;
-l l.
-32-bit int remote_channel
-.TE
-When a channel is closed at one end of the connection, that side sends
-this message. Upon receiving this message, the channel should be
-closed. When this message is received, if the channel is already
-closed (the receiving side has sent this message for the same channel
-earlier), the channel is freed and no further action is taken;
-otherwise the channel is freed and SSH_MSG_CHANNEL_CLOSE_CONFIRMATION
-is sent in response. (It is possible that the channel is closed
-simultaneously at both ends.)
-.IP "25 SSH_MSG_CHANNEL_CLOSE_CONFIRMATION"
-.TS
-;
-l l.
-32-bit int remote_channel
-.TE
-This message is sent in response to SSH_MSG_CHANNEL_CLOSE unless the
-channel was already closed. When this message is sent or received,
-the channel is freed.
-.IP "26 (OBSOLETED; was unix-domain X11 forwarding)
-.IP "27 SSH_SMSG_X11_OPEN"
-.TS
-;
-l l.
-32-bit int local_channel
-string originator_string (see below)
-.TE
-This message can be sent by the server during the interactive session
-mode to indicate that a client has connected the fake X server.
-Local_channel is the channel number that the server has allocated for
-the connection. The client should try to open a connection to the
-real X server, and respond with SSH_MSG_CHANNEL_OPEN_CONFIRMATION or
-SSH_MSG_CHANNEL_OPEN_FAILURE.
-
-The field originator_string is present if both sides
-specified SSH_PROTOFLAG_HOST_IN_FWD_OPEN in the protocol flags. It
-contains a description of the host originating the connection.
-.IP "28 SSH_CMSG_PORT_FORWARD_REQUEST"
-.TS
-;
-l l.
-32-bit int server_port
-string host_to_connect
-32-bit int port_to_connect
-.TE
-Sent by the client in the preparatory phase, this message requests
-that server_port on the server machine be forwarded over the secure
-channel to the client machine, and from there to the specified host
-and port. The server should start listening on the port, and send
-SSH_MSG_PORT_OPEN whenever a connection is made to it. Supporting
-this message is optional, and the server is free to reject any forward
-request. For example, it is highly recommended that unless the user
-has been authenticated as root, forwarding any privileged port numbers
-(below 1024) is denied.
-.IP "29 SSH_MSG_PORT_OPEN"
-.TS
-;
-l l.
-32-bit int local_channel
-string host_name
-32-bit int port
-string originator_string (see below)
-.TE
-Sent by either party in interactive session mode, this message
-indicates that a connection has been opened to a forwarded TCP/IP
-port. Local_channel is the channel number that the sending party has
-allocated for the connection. Host_name is the host the connection
-should be be forwarded to, and the port is the port on that host to
-connect. The receiving party should open the connection, and respond
-with SSH_MSG_CHANNEL_OPEN_CONFIRMATION or
-SSH_MSG_CHANNEL_OPEN_FAILURE. It is recommended that the receiving
-side check the host_name and port for validity to avoid compromising
-local security by compromised remote side software. Particularly, it
-is recommended that the client permit connections only to those ports
-for which it has requested forwarding with SSH_CMSG_PORT_FORWARD_REQUEST.
-
-The field originator_string is present if both sides
-specified SSH_PROTOFLAG_HOST_IN_FWD_OPEN in the protocol flags. It
-contains a description of the host originating the connection.
-.IP "30 SSH_CMSG_AGENT_REQUEST_FORWARDING"
-
-(no arguments)
-
-Requests that the connection to the authentication agent be forwarded
-over the secure channel. The method used by clients to contact the
-authentication agent within each machine is implementation and machine
-dependent. If the server accepts this request, it should arrange that
-any clients run from this session will actually contact the server
-program when they try to contact the authentication agent. The server
-should then send a SSH_SMSG_AGENT_OPEN to open a channel to the agent,
-and the client should forward the connection to the real
-authentication agent. Supporting this message is optional.
-.IP "31 SSH_SMSG_AGENT_OPEN"
-.TS
-;
-l l.
-32-bit int local_channel
-.TE
-Sent by the server in interactive session mode, this message requests
-opening a channel to the authentication agent. The client should open
-a channel, and respond with either SSH_MSG_CHANNEL_OPEN_CONFIRMATION
-or SSH_MSG_CHANNEL_OPEN_FAILURE.
-.IP "32 SSH_MSG_IGNORE"
-.TS
-;
-l l.
-string data
-.TE
-Either party may send this message at any time. This message, and the
-argument string, is silently ignored. This message might be used in
-some implementations to make traffic analysis more difficult. This
-message is not currently sent by the implementation, but all
-implementations are required to recognize and ignore it.
-.IP "33 SSH_CMSG_EXIT_CONFIRMATION"
-
-(no arguments)
-
-Sent by the client in response to SSH_SMSG_EXITSTATUS. This is the
-last message sent by the client.
-.IP "34 SSH_CMSG_X11_REQUEST_FORWARDING"
-.TS
-;
-l l.
-string x11_authentication_protocol
-string x11_authentication_data
-32-bit int screen number (if SSH_PROTOFLAG_SCREEN_NUMBER)
-.TE
-Sent by the client during the preparatory phase, this message requests
-that the server create a fake X11 display and set the DISPLAY
-environment variable accordingly. An internet-domain display is
-preferable. The given authentication protocol and the associated data
-should be recorded by the server so that it is used as authentication
-on connections (e.g., in .Xauthority). The authentication protocol
-must be one of the supported X11 authentication protocols, e.g.,
-"MIT-MAGIC-COOKIE-1". Authentication data must be a lowercase hex
-string of even length. Its interpretation is protocol dependent.
-The data is in a format that can be used with e.g. the xauth program.
-Supporting this message is optional.
-
-The client is permitted (and recommended) to generate fake
-authentication information and send fake information to the server.
-This way, a corrupt server will not have access to the user's terminal
-after the connection has terminated. The correct authorization codes
-will also not be left hanging around in files on the server (many
-users keep the same X session for months, thus protecting the
-authorization data becomes important).
-
-X11 authentication spoofing works by initially sending fake (random)
-authentication data to the server, and interpreting the first packet
-sent by the X11 client after the connection has been opened. The
-first packet contains the client's authentication. If the packet
-contains the correct fake data, it is replaced by the client by the
-correct authentication data, and then sent to the X server.
-.IP "35 SSH_CMSG_AUTH_RHOSTS_RSA"
-.TS
-;
-l l.
-string clint-side user name
-32-bit int client_host_key_bits
-mp-int client_host_key_public_exponent
-mp-int client_host_key_public_modulus
-.TE
-Requests authentication using /etc/hosts.equiv and .rhosts (or
-equivalent) together with RSA host authentication. The server should
-check that the client side port number is less than 1024 (a privileged
-port), and immediately reject authentication if it is not. The server
-responds with SSH_SMSG_FAILURE or SSH_SMSG_AUTH_RSA_CHALLENGE. The
-client must respond to the challenge with the proper
-SSH_CMSG_AUTH_RSA_RESPONSE. The server then responds with success if
-access was granted, or failure if the client gave a wrong response.
-Supporting this authentication method is optional but recommended in
-most environments.
-.IP "36 SSH_MSG_DEBUG"
-.TS
-;
-l l.
-string debugging message sent to the other side
-.TE
-This message may be sent by either party at any time. It is used to
-send debugging messages that may be informative to the user in
-solving various problems. For example, if authentication fails
-because of some configuration error (e.g., incorrect permissions for
-some file), it can be very helpful for the user to make the cause of
-failure available. On the other hand, one should not make too much
-information available for security reasons. It is recommended that
-the client provides an option to display the debugging information
-sent by the sender (the user probably does not want to see it by default).
-The server can log debugging data sent by the client (if any). Either
-party is free to ignore any received debugging data. Every
-implementation must be able to receive this message, but no
-implementation is required to send these.
-.IP "37 SSH_CMSG_REQUEST_COMPRESSION"
-.TS
-;
-l l.
-32-bit int gzip compression level (1-9)
-.TE
-This message can be sent by the client in the preparatory operations
-phase. The server responds with SSH_SMSG_FAILURE if it does not
-support compression or does not want to compress; it responds with
-SSH_SMSG_SUCCESS if it accepted the compression request. In the
-latter case the response to this packet will still be uncompressed,
-but all further packets in either direction will be compressed by gzip.
-.RT
-
-
-.ti 0
-Encoding of Terminal Modes
-
-Terminal modes (as passed in SSH_CMSG_REQUEST_PTY) are encoded into a
-byte stream. It is intended that the coding be portable across
-different environments.
-
-The tty mode description is a stream of bytes. The stream consists of
-opcode-argument pairs. It is terminated by opcode TTY_OP_END (0).
-Opcodes 1-127 have one-byte arguments. Opcodes 128-159 have 32-bit
-integer arguments (stored msb first). Opcodes 160-255 are not yet
-defined, and cause parsing to stop (they should only be used after any
-other data).
-
-The client puts in the stream any modes it knows about, and the server
-ignores any modes it does not know about. This allows some degree of
-machine-independence, at least between systems that use a POSIX-like
-[POSIX] tty interface. The protocol can support other systems as
-well, but the client may need to fill reasonable values for a number
-of parameters so the server pty gets set to a reasonable mode (the
-server leaves all unspecified mode bits in their default values, and
-only some combinations make sense).
-
-The following opcodes have been defined. The naming of opcodes mostly
-follows the POSIX terminal mode flags.
-.IP "0 TTY_OP_END"
-Indicates end of options.
-.IP "1 VINTR"
-Interrupt character; 255 if none. Similarly for the other characters.
-Not all of these characters are supported on all systems.
-.IP "2 VQUIT"
-The quit character (sends SIGQUIT signal on UNIX systems).
-.IP "3 VERASE"
-Erase the character to left of the cursor.
-.IP "4 VKILL"
-Kill the current input line.
-.IP "5 VEOF "
-End-of-file character (sends EOF from the terminal).
-.IP "6 VEOL "
-End-of-line character in addition to carriage return and/or linefeed.
-.IP "7 VEOL2"
-Additional end-of-line character.
-.IP "8 VSTART"
-Continues paused output (normally ^Q).
-.IP "9 VSTOP"
-Pauses output (^S).
-.IP "10 VSUSP"
-Suspends the current program.
-.IP "11 VDSUSP"
-Another suspend character.
-.IP "12 VREPRINT"
-Reprints the current input line.
-.IP "13 VWERASE"
-Erases a word left of cursor.
-.IP "14 VLNEXT"
-More special input characters; these are probably not supported on
-most systems.
-.IP "15 VFLUSH"
-.IP "16 VSWTCH"
-.IP "17 VSTATUS"
-.IP "18 VDISCARD"
-
-.IP "30 IGNPAR"
-The ignore parity flag. The next byte should be 0 if this flag is not
-set, and 1 if it is set.
-.IP "31 PARMRK"
-More flags. The exact definitions can be found in the POSIX standard.
-.IP "32 INPCK"
-.IP "33 ISTRIP"
-.IP "34 INLCR"
-.IP "35 IGNCR"
-.IP "36 ICRNL"
-.IP "37 IUCLC"
-.IP "38 IXON"
-.IP "39 IXANY"
-.IP "40 IXOFF"
-.IP "41 IMAXBEL"
-
-.IP "50 ISIG"
-.IP "51 ICANON"
-.IP "52 XCASE"
-.IP "53 ECHO"
-.IP "54 ECHOE"
-.IP "55 ECHOK"
-.IP "56 ECHONL"
-.IP "57 NOFLSH"
-.IP "58 TOSTOP"
-.IP "59 IEXTEN"
-.IP "60 ECHOCTL"
-.IP "61 ECHOKE"
-.IP "62 PENDIN"
-
-.IP "70 OPOST"
-.IP "71 OLCUC"
-.IP "72 ONLCR"
-.IP "73 OCRNL"
-.IP "74 ONOCR"
-.IP "75 ONLRET"
-
-.IP "90 CS7"
-.IP "91 CS8"
-.IP "92 PARENB"
-.IP "93 PARODD"
-
-.IP "192 TTY_OP_ISPEED"
-Specifies the input baud rate in bits per second.
-.IP "193 TTY_OP_OSPEED"
-Specifies the output baud rate in bits per second.
-.RT
-
-
-.ti 0
-The Authentication Agent Protocol
-
-The authentication agent is a program that can be used to hold RSA
-authentication keys for the user (in future, it might hold data for
-other authentication types as well). An authorized program can send
-requests to the agent to generate a proper response to an RSA
-challenge. How the connection is made to the agent (or its
-representative) inside a host and how access control is done inside a
-host is implementation-dependent; however, how it is forwarded and how
-one interacts with it is specified in this protocol. The connection
-to the agent is normally automatically forwarded over the secure
-channel.
-
-A program that wishes to use the agent first opens a connection to its
-local representative (typically, the agent itself or an SSH server).
-It then writes a request to the connection, and waits for response.
-It is recommended that at least five minutes of timeout are provided
-waiting for the agent to respond to an authentication challenge (this
-gives sufficient time for the user to cut-and-paste the challenge to a
-separate machine, perform the computation there, and cut-and-paste the
-result back if so desired).
-
-Messages sent to and by the agent are in the following format:
-.TS
-;
-l l.
-4 bytes Length, msb first. Does not include length itself.
-1 byte Packet type. The value 255 is reserved for future extensions.
-data Any data, depending on packet type. Encoding as in the ssh packet
-protocol.
-.TE
-
-The following message types are currently defined:
-.IP "1 SSH_AGENTC_REQUEST_RSA_IDENTITIES"
-
-(no arguments)
-
-Requests the agent to send a list of all RSA keys for which it can
-answer a challenge.
-.IP "2 SSH_AGENT_RSA_IDENTITIES_ANSWER"
-.TS
-;
-l l.
-32-bit int howmany
-howmany times:
-32-bit int bits
-mp-int public exponent
-mp-int public modulus
-string comment
-.TE
-The agent sends this message in response to the to
-SSH_AGENTC_REQUEST_RSA_IDENTITIES. The answer lists all RSA keys for
-which the agent can answer a challenge. The comment field is intended
-to help identify each key; it may be printed by an application to
-indicate which key is being used. If the agent is not holding any
-keys, howmany will be zero.
-.IP "3 SSH_AGENTC_RSA_CHALLENGE
-.TS
-;
-l l.
-32-bit int bits
-mp-int public exponent
-mp-int public modulus
-mp-int challenge
-16 bytes session_id
-32-bit int response_type
-.TE
-Requests RSA decryption of random challenge to authenticate the other
-side. The challenge will be decrypted with the RSA private key
-corresponding to the given public key.
-
-The decrypted challenge must contain a zero in the highest (partial)
-byte, 2 in the next byte, followed by non-zero random bytes, a zero
-byte, and then the real challenge value in the lowermost bytes. The
-real challenge must be 32 8-bit bytes (256 bits).
-
-Response_type indicates the format of the response to be returned.
-Currently the only supported value is 1, which means to compute MD5 of
-the real challenge plus session id, and return the resulting 16 bytes
-in a SSH_AGENT_RSA_RESPONSE message.
-.IP "4 SSH_AGENT_RSA_RESPONSE"
-.TS
-;
-l l.
-16 bytes MD5 of decrypted challenge
-.TE
-Answers an RSA authentication challenge. The response is 16 bytes:
-the MD5 checksum of the 32-byte challenge.
-.IP "5 SSH_AGENT_FAILURE"
-
-(no arguments)
-
-This message is sent whenever the agent fails to answer a request
-properly. For example, if the agent cannot answer a challenge (e.g.,
-no longer has the proper key), it can respond with this. The agent
-also responds with this message if it receives a message it does not
-recognize.
-.IP "6 SSH_AGENT_SUCCESS"
-
-(no arguments)
-
-This message is sent by the agent as a response to certain requests
-that do not otherwise cause a message be sent. Currently, this is
-only sent in response to SSH_AGENTC_ADD_RSA_IDENTITY and
-SSH_AGENTC_REMOVE_RSA_IDENTITY.
-.IP "7 SSH_AGENTC_ADD_RSA_IDENTITY"
-.TS
-;
-l l.
-32-bit int bits
-mp-int public modulus
-mp-int public exponent
-mp-int private exponent
-mp-int multiplicative inverse of p mod q
-mp-int p
-mp-int q
-string comment
-.TE
-Registers an RSA key with the agent. After this request, the agent can
-use this RSA key to answer requests. The agent responds with
-SSH_AGENT_SUCCESS or SSH_AGENT_FAILURE.
-.IP "8 SSH_AGENT_REMOVE_RSA_IDENTITY"
-.TS
-;
-l l.
-32-bit int bits
-mp-int public exponent
-mp-int public modulus
-.TE
-Removes an RSA key from the agent. The agent will no longer accept
-challenges for this key and will not list it as a supported identity.
-The agent responds with SSH_AGENT_SUCCESS or SSH_AGENT_FAILURE.
-.RT
-
-If the agent receives a message that it does not understand, it
-responds with SSH_AGENT_FAILURE. This permits compatible future
-extensions.
-
-It is possible that several clients have a connection open to the
-authentication agent simultaneously. Each client will use a separate
-connection (thus, any SSH connection can have multiple agent
-connections active simultaneously).
-
-
-.ti 0
-References
-
-.IP "[DES] "
-FIPS PUB 46-1: Data Encryption Standard. National Bureau of
-Standards, January 1988. FIPS PUB 81: DES Modes of Operation.
-National Bureau of Standards, December 1980. Bruce Schneier: Applied
-Cryptography. John Wiley & Sons, 1994. J. Seberry and J. Pieprzyk:
-Cryptography: An Introduction to Computer Security. Prentice-Hall,
-1989.
-.IP "[GZIP] "
-The GNU GZIP program; available for anonymous ftp at prep.ai.mit.edu.
-Please let me know if you know a paper describing the algorithm.
-.IP "[IDEA] "
-Xuejia Lai: On the Design and Security of Block Ciphers, ETH Series in
-Information Processing, vol. 1, Hartung-Gorre Verlag, Konstanz,
-Switzerland, 1992. Bruce Schneier: Applied Cryptography, John Wiley &
-Sons, 1994. See also the following patents: PCT/CH91/00117, EP 0 482
-154 B1, US Pat. 5,214,703.
-.IP [PKCS#1]
-PKCS #1: RSA Encryption Standard. Version 1.5, RSA Laboratories,
-November 1993. Available for anonymous ftp at ftp.rsa.com.
-.IP [POSIX]
-Portable Operating System Interface (POSIX) - Part 1: Application
-Program Interface (API) [C language], ISO/IEC 9945-1, IEEE Std 1003.1,
-1990.
-.IP [RFC0791]
-J. Postel: Internet Protocol, RFC 791, USC/ISI, September 1981.
-.IP [RFC0793]
-J. Postel: Transmission Control Protocol, RFC 793, USC/ISI, September
-1981.
-.IP [RFC1034]
-P. Mockapetris: Domain Names - Concepts and Facilities, RFC 1034,
-USC/ISI, November 1987.
-.IP [RFC1282]
-B. Kantor: BSD Rlogin, RFC 1258, UCSD, December 1991.
-.IP "[RSA] "
-Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. See
-also R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic
-Communications System and Method. US Patent 4,405,829, 1983.
-.IP "[X11] "
-R. Scheifler: X Window System Protocol, X Consortium Standard, Version
-11, Release 6. Massachusetts Institute of Technology, Laboratory of
-Computer Science, 1994.
-.RT
-
-
-.ti 0
-Security Considerations
-
-This protocol deals with the very issue of user authentication and
-security.
-
-First of all, as an implementation issue, the server program will have
-to run as root (or equivalent) on the server machine. This is because
-the server program will need be able to change to an arbitrary user
-id. The server must also be able to create a privileged TCP/IP port.
-
-The client program will need to run as root if any variant of .rhosts
-authentication is to be used. This is because the client program will
-need to create a privileged port. The client host key is also usually
-stored in a file which is readable by root only. The client needs the
-host key in .rhosts authentication only. Root privileges can be
-dropped as soon as the privileged port has been created and the host
-key has been read.
-
-The SSH protocol offers major security advantages over existing telnet
-and rlogin protocols.
-.IP o
-IP spoofing is restricted to closing a connection (by encryption, host
-keys, and the special random cookie). If encryption is not used, IP
-spoofing is possible for those who can hear packets going out from the
-server.
-.IP o
-DNS spoofing is made ineffective (by host keys).
-.IP o
-Routing spoofing is made ineffective (by host keys).
-.IP o
-All data is encrypted with strong algorithms to make eavesdropping as
-difficult as possible. This includes encrypting any authentication
-information such as passwords. The information for decrypting session
-keys is destroyed every hour.
-.IP o
-Strong authentication methods: .rhosts combined with RSA host
-authentication, and pure RSA authentication.
-.IP o
-X11 connections and arbitrary TCP/IP ports can be forwarded securely.
-.IP o
-Man-in-the-middle attacks are deterred by using the server host key to
-encrypt the session key.
-.IP o
-Trojan horses to catch a password by routing manipulation are deterred
-by checking that the host key of the server machine matches that
-stored on the client host.
-.RT
-
-The security of SSH against man-in-the-middle attacks and the security
-of the new form of .rhosts authentication, as well as server host
-validation, depends on the integrity of the host key and the files
-containing known host keys.
-
-The host key is normally stored in a root-readable file. If the host
-key is compromised, it permits attackers to use IP, DNS and routing
-spoofing as with current rlogin and rsh. It should never be any worse
-than the current situation.
-
-The files containing known host keys are not sensitive. However, if an
-attacker gets to modify the known host key files, it has the same
-consequences as a compromised host key, because the attacker can then
-change the recorded host key.
-
-The security improvements obtained by this protocol for X11 are of
-particular significance. Previously, there has been no way to protect
-data communicated between an X server and a client running on a remote
-machine. By creating a fake display on the server, and forwarding all
-X11 requests over the secure channel, SSH can be used to run any X11
-applications securely without any cooperation with the vendors of the
-X server or the application.
-
-Finally, the security of this program relies on the strength of the
-underlying cryptographic algorithms. The RSA algorithm is used for
-authentication key exchange. It is widely believed to be secure. Of
-the algorithms used to encrypt the session, DES has a rather small key
-these days, probably permitting governments and organized criminals to
-break it in very short time with specialized hardware. 3DES is
-probably safe (but slower). IDEA is widely believed to be secure.
-People have varying degrees of confidence in the other algorithms.
-This program is not secure if used with no encryption at all.
-
-
-.ti 0
-Additional Information
-
-Additional information (especially on the implementation and mailing
-lists) is available via WWW at http://www.cs.hut.fi/ssh.
-
-Comments should be sent to Tatu Ylonen <ylo@cs.hut.fi> or the SSH
-Mailing List <ssh@clinet.fi>.
-
-.ti 0
-Author's Address
-
-.TS
-;
-l.
-Tatu Ylonen
-Helsinki University of Technology
-Otakaari 1
-FIN-02150 Espoo, Finland
-
-Phone: +358-0-451-3374
-Fax: +358-0-451-3293
-EMail: ylo@cs.hut.fi
-.TE
case -1:
if (errno == EINTR)
continue;
-#ifdef EWOULDBLOCK
if (errno == EAGAIN || errno == EWOULDBLOCK) {
-#else
- if (errno == EAGAIN) {
-#endif
(void)poll(&pfd, 1, -1);
continue;
}
/* Make a copy of the iov array because we may modify it below */
memcpy(iov, _iov, iovcnt * sizeof(*_iov));
+#ifndef BROKEN_READV_COMPARISON
pfd.fd = fd;
pfd.events = f == readv ? POLLIN : POLLOUT;
+#endif
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
res = (f) (fd, iov, iovcnt);
switch (res) {
case -1:
if (errno == EINTR)
continue;
-#ifdef EWOULDBLOCK
if (errno == EAGAIN || errno == EWOULDBLOCK) {
-#else
- if (errno == EAGAIN) {
-#endif
+#ifndef BROKEN_READV_COMPARISON
(void)poll(&pfd, 1, -1);
+#endif
continue;
}
return 0;
-/* $OpenBSD: auth.c,v 1.78 2007/09/21 08:15:29 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.79 2008/07/02 12:03:51 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include <netinet/in.h>
#include <errno.h>
+#include <fcntl.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
#include "xmalloc.h"
#include "match.h"
#endif /* USE_SHADOW */
/* grab passwd field for locked account check */
+ passwd = pw->pw_passwd;
#ifdef USE_SHADOW
if (spw != NULL)
#ifdef USE_LIBIAF
#else
passwd = spw->sp_pwdp;
#endif /* USE_LIBIAF */
-#else
- passwd = pw->pw_passwd;
#endif
/* check for locked account */
*
* Returns 0 on success and -1 on failure
*/
-int
+static int
secure_filename(FILE *f, const char *file, struct passwd *pw,
char *err, size_t errlen)
{
return 0;
}
+FILE *
+auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
+{
+ char line[1024];
+ struct stat st;
+ int fd;
+ FILE *f;
+
+ /*
+ * Open the file containing the authorized keys
+ * Fail quietly if file does not exist
+ */
+ if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1)
+ return NULL;
+
+ if (fstat(fd, &st) < 0) {
+ close(fd);
+ return NULL;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logit("User %s authorized keys %s is not a regular file",
+ pw->pw_name, file);
+ close(fd);
+ return NULL;
+ }
+ unset_nonblock(fd);
+ if ((f = fdopen(fd, "r")) == NULL) {
+ close(fd);
+ return NULL;
+ }
+ if (options.strict_modes &&
+ secure_filename(f, file, pw, line, sizeof(line)) != 0) {
+ fclose(f);
+ logit("Authentication refused: %s", line);
+ return NULL;
+ }
+
+ return f;
+}
+
struct passwd *
getpwnamallow(const char *user)
{
-/* $OpenBSD: auth.h,v 1.60 2007/09/21 08:15:29 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.61 2008/07/02 12:03:51 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *);
-int
-secure_filename(FILE *, const char *, struct passwd *, char *, size_t);
+FILE *auth_openkeyfile(const char *, struct passwd *, int);
HostStatus
check_key_in_hostfiles(struct passwd *, Key *, const char *,
-/* $OpenBSD: auth1.c,v 1.71 2007/09/21 08:15:29 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include <unistd.h>
#include <pwd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
type != SSH_CMSG_AUTH_TIS_RESPONSE)
abandon_challenge_response(authctxt);
+ if (authctxt->failures >= options.max_authtries)
+ goto skip;
if ((meth = lookup_authmethod1(type)) == NULL) {
logit("Unknown message during authentication: "
"type %d", type);
msg[len] = '\0';
else
msg = "Access denied.";
- packet_disconnect(msg);
+ packet_disconnect("%s", msg);
}
#endif
if (authenticated)
return;
- if (authctxt->failures++ > options.max_authtries) {
+ if (++authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
-/* $OpenBSD: auth2-hostbased.c,v 1.11 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.12 2008/07/17 08:51:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
chost, resolvedname, ipaddr);
+ if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+ debug2("stripping trailing dot from chost %s", chost);
+ chost[len - 1] = '\0';
+ }
+
if (options.hostbased_uses_name_from_packet_only) {
if (auth_rhosts2(pw, cuser, chost, chost) == 0)
return 0;
lookup = chost;
} else {
- if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
- debug2("stripping trailing dot from chost %s", chost);
- chost[len - 1] = '\0';
- }
if (strcasecmp(resolvedname, chost) != 0)
logit("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s",
-/* $OpenBSD: auth2-none.c,v 1.14 2007/08/23 03:22:16 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.15 2008/07/02 12:36:39 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include <fcntl.h>
#include <stdarg.h>
-#include <unistd.h>
#include <string.h>
+#include <unistd.h>
+#include "atomicio.h"
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
#include "log.h"
#include "buffer.h"
#include "servconf.h"
-#include "atomicio.h"
#include "compat.h"
#include "ssh2.h"
#ifdef GSSAPI
/* "none" is allowed only one time */
static int none_enabled = 1;
-char *
-auth2_read_banner(void)
-{
- struct stat st;
- char *banner = NULL;
- size_t len, n;
- int fd;
-
- if ((fd = open(options.banner, O_RDONLY)) == -1)
- return (NULL);
- if (fstat(fd, &st) == -1) {
- close(fd);
- return (NULL);
- }
- if (st.st_size > 1*1024*1024) {
- close(fd);
- return (NULL);
- }
-
- len = (size_t)st.st_size; /* truncate */
- banner = xmalloc(len + 1);
- n = atomicio(read, fd, banner, len);
- close(fd);
-
- if (n != len) {
- xfree(banner);
- return (NULL);
- }
- banner[n] = '\0';
-
- return (banner);
-}
-
-void
-userauth_send_banner(const char *msg)
-{
- if (datafellows & SSH_BUG_BANNER)
- return;
-
- packet_start(SSH2_MSG_USERAUTH_BANNER);
- packet_put_cstring(msg);
- packet_put_cstring(""); /* language, unused */
- packet_send();
- debug("%s: sent", __func__);
-}
-
-static void
-userauth_banner(void)
-{
- char *banner = NULL;
-
- if (options.banner == NULL ||
- strcasecmp(options.banner, "none") == 0 ||
- (datafellows & SSH_BUG_BANNER) != 0)
- return;
-
- if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
- goto done;
- userauth_send_banner(banner);
-
-done:
- if (banner)
- xfree(banner);
-}
-
static int
userauth_none(Authctxt *authctxt)
{
none_enabled = 0;
packet_check_eom();
- userauth_banner();
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return (0);
-/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.19 2008/07/03 21:46:58 otto Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdarg.h>
+#include <unistd.h>
#include "xmalloc.h"
#include "ssh.h"
int found_key = 0;
FILE *f;
u_long linenum = 0;
- struct stat st;
Key *found;
char *fp;
temporarily_use_uid(pw);
debug("trying public key file %s", file);
+ f = auth_openkeyfile(file, pw, options.strict_modes);
- /* Fail quietly if file does not exist */
- if (stat(file, &st) < 0) {
- /* Restore the privileged uid. */
- restore_uid();
- return 0;
- }
- /* Open the file containing the authorized keys. */
- f = fopen(file, "r");
if (!f) {
- /* Restore the privileged uid. */
- restore_uid();
- return 0;
- }
- if (options.strict_modes &&
- secure_filename(f, file, pw, line, sizeof(line)) != 0) {
- fclose(f);
- logit("Authentication refused: %s", line);
restore_uid();
return 0;
}
-/* $OpenBSD: auth2.c,v 1.116 2007/09/29 00:25:51 dtucker Exp $ */
+/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "includes.h"
#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+#include <fcntl.h>
#include <pwd.h>
#include <stdarg.h>
#include <string.h>
+#include <unistd.h>
#include "xmalloc.h"
+#include "atomicio.h"
#include "ssh2.h"
#include "packet.h"
#include "log.h"
static Authmethod *authmethod_lookup(const char *);
static char *authmethods_get(void);
+char *
+auth2_read_banner(void)
+{
+ struct stat st;
+ char *banner = NULL;
+ size_t len, n;
+ int fd;
+
+ if ((fd = open(options.banner, O_RDONLY)) == -1)
+ return (NULL);
+ if (fstat(fd, &st) == -1) {
+ close(fd);
+ return (NULL);
+ }
+ if (st.st_size > 1*1024*1024) {
+ close(fd);
+ return (NULL);
+ }
+
+ len = (size_t)st.st_size; /* truncate */
+ banner = xmalloc(len + 1);
+ n = atomicio(read, fd, banner, len);
+ close(fd);
+
+ if (n != len) {
+ xfree(banner);
+ return (NULL);
+ }
+ banner[n] = '\0';
+
+ return (banner);
+}
+
+void
+userauth_send_banner(const char *msg)
+{
+ if (datafellows & SSH_BUG_BANNER)
+ return;
+
+ packet_start(SSH2_MSG_USERAUTH_BANNER);
+ packet_put_cstring(msg);
+ packet_put_cstring(""); /* language, unused */
+ packet_send();
+ debug("%s: sent", __func__);
+}
+
+static void
+userauth_banner(void)
+{
+ char *banner = NULL;
+
+ if (options.banner == NULL ||
+ strcasecmp(options.banner, "none") == 0 ||
+ (datafellows & SSH_BUG_BANNER) != 0)
+ return;
+
+ if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
+ goto done;
+ userauth_send_banner(banner);
+
+done:
+ if (banner)
+ xfree(banner);
+}
+
/*
* loop until authctxt->success == TRUE
*/
-
void
do_authentication2(Authctxt *authctxt)
{
authctxt->style = style ? xstrdup(style) : NULL;
if (use_privsep)
mm_inform_authserv(service, style);
+ userauth_banner();
}
}
if (strcmp(service, authctxt->service) != 0) {
/* try to authenticate user */
m = authmethod_lookup(method);
- if (m != NULL) {
+ if (m != NULL && authctxt->failures < options.max_authtries) {
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
authctxt->success = 1;
} else {
/* Dont count server configuration issues against the client */
- if (!authctxt->server_caused_failure &&
- authctxt->failures++ > options.max_authtries) {
+ /* Allow initial try of "none" auth without failure penalty */
+ if (!authctxt->server_caused_failure &&
+ (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ authctxt->failures++;
+ if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
name ? name : "NULL");
return NULL;
}
+
-/* $OpenBSD: buffer.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: buffer.h,v 1.17 2008/05/08 06:59:01 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
void buffer_put_char(Buffer *, int);
void *buffer_get_string(Buffer *, u_int *);
+void *buffer_get_string_ptr(Buffer *, u_int *);
void buffer_put_string(Buffer *, const void *, u_int);
void buffer_put_cstring(Buffer *, const char *);
-/* $OpenBSD: canohost.c,v 1.62 2007/12/27 14:22:08 dtucker Exp $ */
+/* $OpenBSD: canohost.c,v 1.63 2008/06/12 00:03:49 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
hints.ai_flags = AI_NUMERICHOST;
- if (getaddrinfo(name, "0", &hints, &ai) == 0) {
+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
name, ntop);
freeaddrinfo(ai);
-/* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
+/* $OpenBSD: channels.c,v 1.286 2008/07/16 11:52:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include <unistd.h>
#include <stdarg.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
/* helper */
static void port_open_helper(Channel *c, char *rtype);
+/* non-blocking connect helpers */
+static int connect_next(struct channel_connect *);
+static void channel_connect_ctx_free(struct channel_connect *);
+
/* -- channel core */
Channel *
*/
static void
channel_register_fds(Channel *c, int rfd, int wfd, int efd,
- int extusage, int nonblock)
+ int extusage, int nonblock, int is_tty)
{
/* Update the maximum file descriptor value. */
channel_max_fd = MAX(channel_max_fd, rfd);
c->efd = efd;
c->extended_usage = extusage;
- /* XXX ugly hack: nonblock is only set by the server */
- if (nonblock && isatty(c->rfd)) {
+ if ((c->isatty = is_tty) != 0)
debug2("channel %d: rfd %d isatty", c->self, c->rfd);
- c->isatty = 1;
- if (!isatty(c->wfd)) {
- error("channel %d: wfd %d is not a tty?",
- c->self, c->wfd);
- }
- } else {
- c->isatty = 0;
- }
- c->wfd_isatty = isatty(c->wfd);
+ c->wfd_isatty = is_tty || isatty(c->wfd);
/* enable nonblocking mode */
if (nonblock) {
c->ostate = CHAN_OUTPUT_OPEN;
c->istate = CHAN_INPUT_OPEN;
c->flags = 0;
- channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
+ channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0);
c->self = found;
c->type = type;
c->ctype = ctype;
c->single_connection = 0;
c->detach_user = NULL;
c->detach_close = 0;
- c->confirm = NULL;
- c->confirm_ctx = NULL;
+ c->open_confirm = NULL;
+ c->open_confirm_ctx = NULL;
c->input_filter = NULL;
c->output_filter = NULL;
+ c->filter_ctx = NULL;
+ c->filter_cleanup = NULL;
+ TAILQ_INIT(&c->status_confirms);
debug("channel %d: new [%s]", found, remote_name);
return c;
}
{
char *s;
u_int i, n;
+ struct channel_confirm *cc;
for (n = 0, i = 0; i < channels_alloc; i++)
if (channels[i])
xfree(c->remote_name);
c->remote_name = NULL;
}
+ while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
+ if (cc->abandon_cb != NULL)
+ cc->abandon_cb(c, cc->ctx);
+ TAILQ_REMOVE(&c->status_confirms, cc, entry);
+ bzero(cc, sizeof(*cc));
+ xfree(cc);
+ }
+ if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
+ c->filter_cleanup(c->self, c->filter_ctx);
channels[c->self] = NULL;
xfree(c);
}
}
void
-channel_register_confirm(int id, channel_callback_fn *fn, void *ctx)
+channel_register_status_confirm(int id, channel_confirm_cb *cb,
+ channel_confirm_abandon_cb *abandon_cb, void *ctx)
+{
+ struct channel_confirm *cc;
+ Channel *c;
+
+ if ((c = channel_lookup(id)) == NULL)
+ fatal("channel_register_expect: %d: bad id", id);
+
+ cc = xmalloc(sizeof(*cc));
+ cc->cb = cb;
+ cc->abandon_cb = abandon_cb;
+ cc->ctx = ctx;
+ TAILQ_INSERT_TAIL(&c->status_confirms, cc, entry);
+}
+
+void
+channel_register_open_confirm(int id, channel_callback_fn *fn, void *ctx)
{
Channel *c = channel_lookup(id);
if (c == NULL) {
- logit("channel_register_comfirm: %d: bad id", id);
+ logit("channel_register_open_comfirm: %d: bad id", id);
return;
}
- c->confirm = fn;
- c->confirm_ctx = ctx;
+ c->open_confirm = fn;
+ c->open_confirm_ctx = ctx;
}
void
void
channel_register_filter(int id, channel_infilter_fn *ifn,
- channel_outfilter_fn *ofn)
+ channel_outfilter_fn *ofn, channel_filter_cleanup_fn *cfn, void *ctx)
{
Channel *c = channel_lookup(id);
}
c->input_filter = ifn;
c->output_filter = ofn;
+ c->filter_ctx = ctx;
+ c->filter_cleanup = cfn;
}
void
channel_set_fds(int id, int rfd, int wfd, int efd,
- int extusage, int nonblock, u_int window_max)
+ int extusage, int nonblock, int is_tty, u_int window_max)
{
Channel *c = channel_lookup(id);
if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
fatal("channel_activate for non-larval channel %d.", id);
- channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
+ channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, is_tty);
c->type = SSH_CHANNEL_OPEN;
c->local_window = c->local_window_max = window_max;
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
}
}
/** XXX check close conditions, too */
- if (compat20 && c->efd != -1) {
+ if (compat20 && c->efd != -1 &&
+ !(c->istate == CHAN_INPUT_CLOSED && c->ostate == CHAN_OUTPUT_CLOSED)) {
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
buffer_len(&c->extended) > 0)
FD_SET(c->efd, writeset);
channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
Channel *nc;
- struct sockaddr addr;
+ struct sockaddr_storage addr;
int newsock;
socklen_t addrlen;
char buf[16384], *remote_ipaddr;
if (FD_ISSET(c->sock, readset)) {
debug("X11 connection requested.");
addrlen = sizeof(addr);
- newsock = accept(c->sock, &addr, &addrlen);
+ newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (c->single_connection) {
debug2("single_connection: closing X11 listener.");
channel_close_fd(&c->sock);
channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
Channel *nc;
- struct sockaddr addr;
+ struct sockaddr_storage addr;
int newsock, nextstate;
socklen_t addrlen;
char *rtype;
}
addrlen = sizeof(addr);
- newsock = accept(c->sock, &addr, &addrlen);
+ newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (newsock < 0) {
error("accept: %.100s", strerror(errno));
return;
{
Channel *nc;
int newsock;
- struct sockaddr addr;
+ struct sockaddr_storage addr;
socklen_t addrlen;
if (FD_ISSET(c->sock, readset)) {
addrlen = sizeof(addr);
- newsock = accept(c->sock, &addr, &addrlen);
+ newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (newsock < 0) {
error("accept from auth socket: %.100s", strerror(errno));
return;
static void
channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset)
{
- int err = 0;
+ int err = 0, sock;
socklen_t sz = sizeof(err);
if (FD_ISSET(c->sock, writeset)) {
error("getsockopt SO_ERROR failed");
}
if (err == 0) {
- debug("channel %d: connected", c->self);
+ debug("channel %d: connected to %s port %d",
+ c->self, c->connect_ctx.host, c->connect_ctx.port);
+ channel_connect_ctx_free(&c->connect_ctx);
c->type = SSH_CHANNEL_OPEN;
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
packet_put_int(c->self);
}
} else {
- debug("channel %d: not connected: %s",
+ debug("channel %d: connection failed: %s",
c->self, strerror(err));
+ /* Try next address, if any */
+ if ((sock = connect_next(&c->connect_ctx)) > 0) {
+ close(c->sock);
+ c->sock = c->rfd = c->wfd = sock;
+ channel_max_fd = channel_find_maxfd();
+ return;
+ }
+ /* Exhausted all addresses */
+ error("connect_to %.100s port %d: failed.",
+ c->connect_ctx.host, c->connect_ctx.port);
+ channel_connect_ctx_free(&c->connect_ctx);
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(c->remote_id);
if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) {
errno = 0;
len = read(c->rfd, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR || (errno == EAGAIN && !force)))
+ if (len < 0 && (errno == EINTR ||
+ ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
return 1;
#ifndef PTY_ZEROREAD
if (len <= 0) {
c->local_consumed += dlen + 4;
len = write(c->wfd, buf, dlen);
xfree(data);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN)
#endif
len = write(c->wfd, buf, dlen);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN) {
buffer_len(&c->extended));
debug2("channel %d: written %d to efd %d",
c->self, len, c->efd);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
debug2("channel %d: closing write-efd %d",
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
c->self, len, c->efd);
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !c->detach_close)))
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !c->detach_close)))
return 1;
if (len <= 0) {
debug2("channel %d: closing read-efd %d",
/* Monitor control fd to detect if the slave client exits */
if (c->ctl_fd != -1 && FD_ISSET(c->ctl_fd, readset)) {
len = read(c->ctl_fd, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
debug2("channel %d: ctl read<=0", c->self);
return;
/* Get the data. */
- data = packet_get_string(&data_len);
+ data = packet_get_string_ptr(&data_len);
/*
* Ignore data for protocol > 1.3 if output end is no longer open.
c->local_window -= data_len;
c->local_consumed += data_len;
}
- xfree(data);
return;
}
if (data_len > c->local_window) {
logit("channel %d: rcvd too much data %d, win %d",
c->self, data_len, c->local_window);
- xfree(data);
return;
}
c->local_window -= data_len;
}
- packet_check_eom();
if (c->datagram)
buffer_put_string(&c->output, data, data_len);
else
buffer_append(&c->output, data, data_len);
- xfree(data);
+ packet_check_eom();
}
/* ARGSUSED */
if (compat20) {
c->remote_window = packet_get_int();
c->remote_maxpacket = packet_get_int();
- if (c->confirm) {
+ if (c->open_confirm) {
debug2("callback start");
- c->confirm(c->self, c->confirm_ctx);
+ c->open_confirm(c->self, c->open_confirm_ctx);
debug2("callback done");
}
debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
Channel *c = NULL;
u_short host_port;
char *host, *originator_string;
- int remote_id, sock = -1;
+ int remote_id;
remote_id = packet_get_int();
host = packet_get_string(NULL);
originator_string = xstrdup("unknown (remote did not supply name)");
}
packet_check_eom();
- sock = channel_connect_to(host, host_port);
- if (sock != -1) {
- c = channel_new("connected socket",
- SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0,
- originator_string, 1);
- c->remote_id = remote_id;
- }
+ c = channel_connect_to(host, host_port,
+ "connected socket", originator_string);
xfree(originator_string);
+ xfree(host);
if (c == NULL) {
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
packet_send();
- }
- xfree(host);
+ } else
+ c->remote_id = remote_id;
}
+/* ARGSUSED */
+void
+channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
+{
+ Channel *c;
+ struct channel_confirm *cc;
+ int remote_id;
+
+ /* Reset keepalive timeout */
+ keep_alive_timeouts = 0;
+
+ remote_id = packet_get_int();
+ packet_check_eom();
+
+ debug2("channel_input_confirm: type %d id %d", type, remote_id);
+
+ if ((c = channel_lookup(remote_id)) == NULL) {
+ logit("channel_input_success_failure: %d: unknown", remote_id);
+ return;
+ }
+ ;
+ if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL)
+ return;
+ cc->cb(type, c, cc->ctx);
+ TAILQ_REMOVE(&c->status_confirms, cc, entry);
+ bzero(cc, sizeof(*cc));
+ xfree(cc);
+}
/* -- tcp forwarding */
num_adm_permitted_opens = 0;
}
-/* return socket to remote host, port */
+void
+channel_print_adm_permitted_opens(void)
+{
+ int i;
+
+ for (i = 0; i < num_adm_permitted_opens; i++)
+ if (permitted_adm_opens[i].host_to_connect != NULL)
+ printf(" %s:%d", permitted_adm_opens[i].host_to_connect,
+ permitted_adm_opens[i].port_to_connect);
+}
+
+/* Try to start non-blocking connect to next host in cctx list */
static int
-connect_to(const char *host, u_short port)
+connect_next(struct channel_connect *cctx)
{
- struct addrinfo hints, *ai, *aitop;
+ int sock, saved_errno;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
- int gaierr;
- int sock = -1;
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = IPv4or6;
- hints.ai_socktype = SOCK_STREAM;
- snprintf(strport, sizeof strport, "%d", port);
- if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
- error("connect_to %.100s: unknown host (%s)", host,
- ssh_gai_strerror(gaierr));
- return -1;
- }
- for (ai = aitop; ai; ai = ai->ai_next) {
- if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ for (; cctx->ai; cctx->ai = cctx->ai->ai_next) {
+ if (cctx->ai->ai_family != AF_INET &&
+ cctx->ai->ai_family != AF_INET6)
continue;
- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
- strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
- error("connect_to: getnameinfo failed");
+ if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen,
+ ntop, sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+ error("connect_next: getnameinfo failed");
continue;
}
- sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
- if (sock < 0) {
- if (ai->ai_next == NULL)
+ if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
+ cctx->ai->ai_protocol)) == -1) {
+ if (cctx->ai->ai_next == NULL)
error("socket: %.100s", strerror(errno));
else
verbose("socket: %.100s", strerror(errno));
}
if (set_nonblock(sock) == -1)
fatal("%s: set_nonblock(%d)", __func__, sock);
- if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 &&
- errno != EINPROGRESS) {
- error("connect_to %.100s port %s: %.100s", ntop, strport,
+ if (connect(sock, cctx->ai->ai_addr,
+ cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) {
+ debug("connect_next: host %.100s ([%.100s]:%s): "
+ "%.100s", cctx->host, ntop, strport,
strerror(errno));
+ saved_errno = errno;
close(sock);
+ errno = saved_errno;
continue; /* fail -- try next */
}
- break; /* success */
+ debug("connect_next: host %.100s ([%.100s]:%s) "
+ "in progress, fd=%d", cctx->host, ntop, strport, sock);
+ cctx->ai = cctx->ai->ai_next;
+ set_nodelay(sock);
+ return sock;
+ }
+ return -1;
+}
+
+static void
+channel_connect_ctx_free(struct channel_connect *cctx)
+{
+ xfree(cctx->host);
+ if (cctx->aitop)
+ freeaddrinfo(cctx->aitop);
+ bzero(cctx, sizeof(*cctx));
+ cctx->host = NULL;
+ cctx->ai = cctx->aitop = NULL;
+}
+
+/* Return CONNECTING channel to remote host, port */
+static Channel *
+connect_to(const char *host, u_short port, char *ctype, char *rname)
+{
+ struct addrinfo hints;
+ int gaierr;
+ int sock = -1;
+ char strport[NI_MAXSERV];
+ struct channel_connect cctx;
+ Channel *c;
+ memset(&cctx, 0, sizeof(cctx));
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+ hints.ai_socktype = SOCK_STREAM;
+ snprintf(strport, sizeof strport, "%d", port);
+ if ((gaierr = getaddrinfo(host, strport, &hints, &cctx.aitop)) != 0) {
+ error("connect_to %.100s: unknown host (%s)", host,
+ ssh_gai_strerror(gaierr));
+ return NULL;
}
- freeaddrinfo(aitop);
- if (!ai) {
- error("connect_to %.100s port %d: failed.", host, port);
- return -1;
+
+ cctx.host = xstrdup(host);
+ cctx.port = port;
+ cctx.ai = cctx.aitop;
+
+ if ((sock = connect_next(&cctx)) == -1) {
+ error("connect to %.100s port %d failed: %s",
+ host, port, strerror(errno));
+ channel_connect_ctx_free(&cctx);
+ return NULL;
}
- /* success */
- set_nodelay(sock);
- return sock;
+ c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1);
+ c->connect_ctx = cctx;
+ return c;
}
-int
-channel_connect_by_listen_address(u_short listen_port)
+Channel *
+channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname)
{
int i;
- for (i = 0; i < num_permitted_opens; i++)
+ for (i = 0; i < num_permitted_opens; i++) {
if (permitted_opens[i].host_to_connect != NULL &&
- permitted_opens[i].listen_port == listen_port)
+ permitted_opens[i].listen_port == listen_port) {
return connect_to(
permitted_opens[i].host_to_connect,
- permitted_opens[i].port_to_connect);
+ permitted_opens[i].port_to_connect, ctype, rname);
+ }
+ }
error("WARNING: Server requests forwarding for unknown listen_port %d",
listen_port);
- return -1;
+ return NULL;
}
/* Check if connecting to that port is permitted and connect. */
-int
-channel_connect_to(const char *host, u_short port)
+Channel *
+channel_connect_to(const char *host, u_short port, char *ctype, char *rname)
{
int i, permit, permit_adm = 1;
if (!permit || !permit_adm) {
logit("Received request to connect to host %.100s port %d, "
"but the request was denied.", host, port);
- return -1;
+ return NULL;
}
- return connect_to(host, port);
+ return connect_to(host, port, ctype, rname);
}
void
error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
}
#endif
- channel_set_reuseaddr(sock);
+ if (x11_use_localhost)
+ channel_set_reuseaddr(sock);
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
debug2("bind port %d: %.100s", port, strerror(errno));
close(sock);
break;
}
socks[num_socks++] = sock;
-#ifndef DONT_TRY_OTHER_AF
if (num_socks == NUM_SOCKS)
break;
-#else
- if (x11_use_localhost) {
- if (num_socks == NUM_SOCKS)
- break;
- } else {
- break;
- }
-#endif
}
freeaddrinfo(aitop);
if (num_socks > 0)
-/* $OpenBSD: channels.h,v 1.89 2007/06/11 09:14:00 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.96 2008/06/15 20:06:26 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
typedef void channel_callback_fn(int, void *);
typedef int channel_infilter_fn(struct Channel *, char *, int);
+typedef void channel_filter_cleanup_fn(int, void *);
typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *);
+/* Channel success/failure callbacks */
+typedef void channel_confirm_cb(int, struct Channel *, void *);
+typedef void channel_confirm_abandon_cb(struct Channel *, void *);
+struct channel_confirm {
+ TAILQ_ENTRY(channel_confirm) entry;
+ channel_confirm_cb *cb;
+ channel_confirm_abandon_cb *abandon_cb;
+ void *ctx;
+};
+TAILQ_HEAD(channel_confirms, channel_confirm);
+
+/* Context for non-blocking connects */
+struct channel_connect {
+ char *host;
+ int port;
+ struct addrinfo *ai, *aitop;
+};
+
struct Channel {
int type; /* channel type/state */
int self; /* my own channel identifier */
char *ctype; /* type */
/* callback */
- channel_callback_fn *confirm;
- void *confirm_ctx;
+ channel_callback_fn *open_confirm;
+ void *open_confirm_ctx;
channel_callback_fn *detach_user;
int detach_close;
+ struct channel_confirms status_confirms;
/* filter */
channel_infilter_fn *input_filter;
channel_outfilter_fn *output_filter;
+ void *filter_ctx;
+ channel_filter_cleanup_fn *filter_cleanup;
+
+ /* keep boundaries */
+ int datagram;
- int datagram; /* keep boundaries */
+ /* non-blocking connect */
+ struct channel_connect connect_ctx;
};
#define CHAN_EXTENDED_IGNORE 0
Channel *channel_by_id(int);
Channel *channel_lookup(int);
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
-void channel_set_fds(int, int, int, int, int, int, u_int);
+void channel_set_fds(int, int, int, int, int, int, int, u_int);
void channel_free(Channel *);
void channel_free_all(void);
void channel_stop_listening(void);
void channel_send_open(int);
void channel_request_start(int, char *, int);
void channel_register_cleanup(int, channel_callback_fn *, int);
-void channel_register_confirm(int, channel_callback_fn *, void *);
-void channel_register_filter(int, channel_infilter_fn *, channel_outfilter_fn *);
+void channel_register_open_confirm(int, channel_callback_fn *, void *);
+void channel_register_filter(int, channel_infilter_fn *,
+ channel_outfilter_fn *, channel_filter_cleanup_fn *, void *);
+void channel_register_status_confirm(int, channel_confirm_cb *,
+ channel_confirm_abandon_cb *, void *);
void channel_cancel_cleanup(int);
int channel_close_fd(int *);
void channel_send_window_changes(void);
void channel_input_open_failure(int, u_int32_t, void *);
void channel_input_port_open(int, u_int32_t, void *);
void channel_input_window_adjust(int, u_int32_t, void *);
+void channel_input_status_confirm(int, u_int32_t, void *);
/* file descriptor handling (read/write) */
int channel_add_adm_permitted_opens(char *, int);
void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void);
+void channel_print_adm_permitted_opens(void);
int channel_input_port_forward_request(int, int, int, int);
-int channel_connect_to(const char *, u_short);
-int channel_connect_by_listen_address(u_short);
+Channel *channel_connect_to(const char *, u_short, char *, char *);
+Channel *channel_connect_by_listen_address(u_short, char *, char *);
int channel_request_remote_forwarding(const char *, u_short,
const char *, u_short);
int channel_setup_local_fwd_listener(const char *, u_short,
int x11_create_display_inet(int, int, int, u_int *, int **, int, int);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *,
- const char *);
+ const char *);
void deny_input_open(int, u_int32_t, void *);
/* agent forwarding */
/* channel events */
void chan_rcvd_oclose(Channel *);
+void chan_rcvd_eow(Channel *); /* SSH2-only */
void chan_read_failed(Channel *);
void chan_ibuf_empty(Channel *);
-/* $OpenBSD: clientloop.c,v 1.188 2008/02/22 20:44:02 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.201 2008/07/16 11:51:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include <pwd.h>
#include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
extern int no_shell_flag;
/* Control socket */
-extern int control_fd;
+extern int muxserver_sock;
/*
* Name of the host we are connecting to. This is the name given on the
/* Common data for the client loop code. */
static volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
-static int escape_char; /* Escape character. */
-static int escape_pending; /* Last character was the escape character */
+static int escape_char1; /* Escape character. (proto1 only) */
+static int escape_pending1; /* Last character was an escape (proto1 only) */
static int last_was_cr; /* Last character was a newline. */
-static int exit_status; /* Used to store the exit status of the command. */
-static int stdin_eof; /* EOF has been encountered on standard error. */
+static int exit_status; /* Used to store the command exit status. */
+static int stdin_eof; /* EOF has been encountered on stderr. */
static Buffer stdin_buffer; /* Buffer for stdin data. */
static Buffer stdout_buffer; /* Buffer for stdout data. */
static Buffer stderr_buffer; /* Buffer for stderr data. */
-static u_long stdin_bytes, stdout_bytes, stderr_bytes;
static u_int buffer_high;/* Soft max buffer size. */
static int connection_in; /* Connection to server (input). */
static int connection_out; /* Connection to server (output). */
static void client_init_dispatch(void);
int session_ident = -1;
-struct confirm_ctx {
- int want_tty;
- int want_subsys;
- int want_x_fwd;
- int want_agent_fwd;
- Buffer cmd;
- char *term;
- struct termios tio;
- char **env;
+/* Track escape per proto2 channel */
+struct escape_filter_ctx {
+ int escape_pending;
+ int escape_char;
};
+/* Context for channel confirmation replies */
+struct channel_reply_ctx {
+ const char *request_type;
+ int id, do_close;
+};
+
+/* Global request success/failure callbacks */
+struct global_confirm {
+ TAILQ_ENTRY(global_confirm) entry;
+ global_confirm_cb *cb;
+ void *ctx;
+ int ref_count;
+};
+TAILQ_HEAD(global_confirms, global_confirm);
+static struct global_confirms global_confirms =
+ TAILQ_HEAD_INITIALIZER(global_confirms);
+
/*XXX*/
extern Kex *xxx_kex;
/* Check for immediate EOF on stdin. */
len = read(fileno(stdin), buf, 1);
if (len == 0) {
- /* EOF. Record that we have seen it and send EOF to server. */
+ /*
+ * EOF. Record that we have seen it and send
+ * EOF to server.
+ */
debug("Sending eof.");
stdin_eof = 1;
packet_start(SSH_CMSG_EOF);
* and also process it as an escape character if
* appropriate.
*/
- if ((u_char) buf[0] == escape_char)
- escape_pending = 1;
+ if ((u_char) buf[0] == escape_char1)
+ escape_pending1 = 1;
else
buffer_append(&stdin_buffer, buf, 1);
}
packet_put_string(buffer_ptr(&stdin_buffer), len);
packet_send();
buffer_consume(&stdin_buffer, len);
- stdin_bytes += len;
/* If we have a pending EOF, send it now. */
if (stdin_eof && buffer_len(&stdin_buffer) == 0) {
packet_start(SSH_CMSG_EOF);
static void
client_global_request_reply(int type, u_int32_t seq, void *ctxt)
{
+ struct global_confirm *gc;
+
+ if ((gc = TAILQ_FIRST(&global_confirms)) == NULL)
+ return;
+ if (gc->cb != NULL)
+ gc->cb(type, seq, gc->ctx);
+ if (--gc->ref_count <= 0) {
+ TAILQ_REMOVE(&global_confirms, gc, entry);
+ bzero(gc, sizeof(*gc));
+ xfree(gc);
+ }
+
keep_alive_timeouts = 0;
- client_global_request_reply_fwd(type, seq, ctxt);
}
static void
packet_put_cstring("keepalive@openssh.com");
packet_put_char(1); /* boolean: want reply */
packet_send();
+ /* Insert an empty placeholder to maintain ordering */
+ client_register_global_confirm(NULL, NULL);
}
/*
if (packet_have_data_to_write())
FD_SET(connection_out, *writesetp);
- if (control_fd != -1)
- FD_SET(control_fd, *readsetp);
+ if (muxserver_sock != -1)
+ FD_SET(muxserver_sock, *readsetp);
/*
* Wait for something to happen. This will suspend the process until
{
/* Flush stdout and stderr buffers. */
if (buffer_len(bout) > 0)
- atomicio(vwrite, fileno(stdout), buffer_ptr(bout), buffer_len(bout));
+ atomicio(vwrite, fileno(stdout), buffer_ptr(bout),
+ buffer_len(bout));
if (buffer_len(berr) > 0)
- atomicio(vwrite, fileno(stderr), buffer_ptr(berr), buffer_len(berr));
+ atomicio(vwrite, fileno(stderr), buffer_ptr(berr),
+ buffer_len(berr));
leave_raw_mode();
/* Read as much as possible. */
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
- /* Received EOF. The remote host has closed the connection. */
- snprintf(buf, sizeof buf, "Connection to %.300s closed by remote host.\r\n",
- host);
+ /*
+ * Received EOF. The remote host has closed the
+ * connection.
+ */
+ snprintf(buf, sizeof buf,
+ "Connection to %.300s closed by remote host.\r\n",
+ host);
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
return;
* There is a kernel bug on Solaris that causes select to
* sometimes wake up even though there is no data available.
*/
- if (len < 0 && (errno == EAGAIN || errno == EINTR))
+ if (len < 0 &&
+ (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
len = 0;
if (len < 0) {
- /* An error has encountered. Perhaps there is a network problem. */
- snprintf(buf, sizeof buf, "Read from remote host %.300s: %.100s\r\n",
- host, strerror(errno));
+ /*
+ * An error has encountered. Perhaps there is a
+ * network problem.
+ */
+ snprintf(buf, sizeof buf,
+ "Read from remote host %.300s: %.100s\r\n",
+ host, strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
return;
}
static void
-client_subsystem_reply(int type, u_int32_t seq, void *ctxt)
+client_status_confirm(int type, Channel *c, void *ctx)
{
- int id;
- Channel *c;
-
- id = packet_get_int();
- packet_check_eom();
-
- if ((c = channel_lookup(id)) == NULL) {
- error("%s: no channel for id %d", __func__, id);
- return;
- }
-
- if (type == SSH2_MSG_CHANNEL_SUCCESS)
- debug2("Request suceeded on channel %d", id);
- else if (type == SSH2_MSG_CHANNEL_FAILURE) {
- error("Request failed on channel %d", id);
- channel_free(c);
+ struct channel_reply_ctx *cr = (struct channel_reply_ctx *)ctx;
+ char errmsg[256];
+ int tochan;
+
+ /* XXX supress on mux _client_ quietmode */
+ tochan = options.log_level >= SYSLOG_LEVEL_ERROR &&
+ c->ctl_fd != -1 && c->extended_usage == CHAN_EXTENDED_WRITE;
+
+ if (type == SSH2_MSG_CHANNEL_SUCCESS) {
+ debug2("%s request accepted on channel %d",
+ cr->request_type, c->self);
+ } else if (type == SSH2_MSG_CHANNEL_FAILURE) {
+ if (tochan) {
+ snprintf(errmsg, sizeof(errmsg),
+ "%s request failed\r\n", cr->request_type);
+ } else {
+ snprintf(errmsg, sizeof(errmsg),
+ "%s request failed on channel %d",
+ cr->request_type, c->self);
+ }
+ /* If error occurred on primary session channel, then exit */
+ if (cr->do_close && c->self == session_ident)
+ fatal("%s", errmsg);
+ /* If error occurred on mux client, append to their stderr */
+ if (tochan)
+ buffer_append(&c->extended, errmsg, strlen(errmsg));
+ else
+ error("%s", errmsg);
+ if (cr->do_close) {
+ chan_read_failed(c);
+ chan_write_failed(c);
+ }
}
+ xfree(cr);
}
static void
-client_extra_session2_setup(int id, void *arg)
+client_abandon_status_confirm(Channel *c, void *ctx)
{
- struct confirm_ctx *cctx = arg;
- const char *display;
- Channel *c;
- int i;
-
- if (cctx == NULL)
- fatal("%s: cctx == NULL", __func__);
- if ((c = channel_lookup(id)) == NULL)
- fatal("%s: no channel for id %d", __func__, id);
-
- display = getenv("DISPLAY");
- if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
- char *proto, *data;
- /* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted, &proto, &data);
- /* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication spoofing.");
- x11_request_forwarding_with_spoofing(id, display, proto, data);
- /* XXX wait for reply */
- }
-
- if (cctx->want_agent_fwd && options.forward_agent) {
- debug("Requesting authentication agent forwarding.");
- channel_request_start(id, "auth-agent-req@openssh.com", 0);
- packet_send();
- }
-
- client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
- cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
- client_subsystem_reply);
-
- c->confirm_ctx = NULL;
- buffer_free(&cctx->cmd);
- xfree(cctx->term);
- if (cctx->env != NULL) {
- for (i = 0; cctx->env[i] != NULL; i++)
- xfree(cctx->env[i]);
- xfree(cctx->env);
- }
- xfree(cctx);
+ xfree(ctx);
}
static void
-client_process_control(fd_set *readset)
+client_expect_confirm(int id, const char *request, int do_close)
{
- Buffer m;
- Channel *c;
- int client_fd, new_fd[3], ver, allowed, window, packetmax;
- socklen_t addrlen;
- struct sockaddr_storage addr;
- struct confirm_ctx *cctx;
- char *cmd;
- u_int i, j, len, env_len, command, flags;
- uid_t euid;
- gid_t egid;
-
- /*
- * Accept connection on control socket
- */
- if (control_fd == -1 || !FD_ISSET(control_fd, readset))
- return;
-
- memset(&addr, 0, sizeof(addr));
- addrlen = sizeof(addr);
- if ((client_fd = accept(control_fd,
- (struct sockaddr*)&addr, &addrlen)) == -1) {
- error("%s accept: %s", __func__, strerror(errno));
- return;
- }
-
- if (getpeereid(client_fd, &euid, &egid) < 0) {
- error("%s getpeereid failed: %s", __func__, strerror(errno));
- close(client_fd);
- return;
- }
- if ((euid != 0) && (getuid() != euid)) {
- error("control mode uid mismatch: peer euid %u != uid %u",
- (u_int) euid, (u_int) getuid());
- close(client_fd);
- return;
- }
-
- unset_nonblock(client_fd);
-
- /* Read command */
- buffer_init(&m);
- if (ssh_msg_recv(client_fd, &m) == -1) {
- error("%s: client msg_recv failed", __func__);
- close(client_fd);
- buffer_free(&m);
- return;
- }
- if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
- error("%s: wrong client version %d", __func__, ver);
- buffer_free(&m);
- close(client_fd);
- return;
- }
-
- allowed = 1;
- command = buffer_get_int(&m);
- flags = buffer_get_int(&m);
-
- buffer_clear(&m);
-
- switch (command) {
- case SSHMUX_COMMAND_OPEN:
- if (options.control_master == SSHCTL_MASTER_ASK ||
- options.control_master == SSHCTL_MASTER_AUTO_ASK)
- allowed = ask_permission("Allow shared connection "
- "to %s? ", host);
- /* continue below */
- break;
- case SSHMUX_COMMAND_TERMINATE:
- if (options.control_master == SSHCTL_MASTER_ASK ||
- options.control_master == SSHCTL_MASTER_AUTO_ASK)
- allowed = ask_permission("Terminate shared connection "
- "to %s? ", host);
- if (allowed)
- quit_pending = 1;
- /* FALLTHROUGH */
- case SSHMUX_COMMAND_ALIVE_CHECK:
- /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
- buffer_clear(&m);
- buffer_put_int(&m, allowed);
- buffer_put_int(&m, getpid());
- if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
- error("%s: client msg_send failed", __func__);
- close(client_fd);
- buffer_free(&m);
- return;
- }
- buffer_free(&m);
- close(client_fd);
- return;
- default:
- error("Unsupported command %d", command);
- buffer_free(&m);
- close(client_fd);
- return;
- }
-
- /* Reply for SSHMUX_COMMAND_OPEN */
- buffer_clear(&m);
- buffer_put_int(&m, allowed);
- buffer_put_int(&m, getpid());
- if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
- error("%s: client msg_send failed", __func__);
- close(client_fd);
- buffer_free(&m);
- return;
- }
-
- if (!allowed) {
- error("Refused control connection");
- close(client_fd);
- buffer_free(&m);
- return;
- }
-
- buffer_clear(&m);
- if (ssh_msg_recv(client_fd, &m) == -1) {
- error("%s: client msg_recv failed", __func__);
- close(client_fd);
- buffer_free(&m);
- return;
- }
- if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
- error("%s: wrong client version %d", __func__, ver);
- buffer_free(&m);
- close(client_fd);
- return;
- }
+ struct channel_reply_ctx *cr = xmalloc(sizeof(*cr));
- cctx = xcalloc(1, sizeof(*cctx));
- cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
- cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
- cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
- cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
- cctx->term = buffer_get_string(&m, &len);
-
- cmd = buffer_get_string(&m, &len);
- buffer_init(&cctx->cmd);
- buffer_append(&cctx->cmd, cmd, strlen(cmd));
-
- env_len = buffer_get_int(&m);
- env_len = MIN(env_len, 4096);
- debug3("%s: receiving %d env vars", __func__, env_len);
- if (env_len != 0) {
- cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env));
- for (i = 0; i < env_len; i++)
- cctx->env[i] = buffer_get_string(&m, &len);
- cctx->env[i] = NULL;
- }
+ cr->request_type = request;
+ cr->do_close = do_close;
- debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
- cctx->want_tty, cctx->want_subsys, cmd);
- xfree(cmd);
-
- /* Gather fds from client */
- for(i = 0; i < 3; i++) {
- if ((new_fd[i] = mm_receive_fd(client_fd)) == -1) {
- error("%s: failed to receive fd %d from slave",
- __func__, i);
- for (j = 0; j < i; j++)
- close(new_fd[j]);
- for (j = 0; j < env_len; j++)
- xfree(cctx->env[j]);
- if (env_len > 0)
- xfree(cctx->env);
- xfree(cctx->term);
- buffer_free(&cctx->cmd);
- close(client_fd);
- xfree(cctx);
- return;
- }
- }
+ channel_register_status_confirm(id, client_status_confirm,
+ client_abandon_status_confirm, cr);
+}
- debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
- new_fd[0], new_fd[1], new_fd[2]);
-
- /* Try to pick up ttymodes from client before it goes raw */
- if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
- error("%s: tcgetattr: %s", __func__, strerror(errno));
-
- /* This roundtrip is just for synchronisation of ttymodes */
- buffer_clear(&m);
- if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
- error("%s: client msg_send failed", __func__);
- close(client_fd);
- close(new_fd[0]);
- close(new_fd[1]);
- close(new_fd[2]);
- buffer_free(&m);
- xfree(cctx->term);
- if (env_len != 0) {
- for (i = 0; i < env_len; i++)
- xfree(cctx->env[i]);
- xfree(cctx->env);
- }
+void
+client_register_global_confirm(global_confirm_cb *cb, void *ctx)
+{
+ struct global_confirm *gc, *last_gc;
+
+ /* Coalesce identical callbacks */
+ last_gc = TAILQ_LAST(&global_confirms, global_confirms);
+ if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) {
+ if (++last_gc->ref_count >= INT_MAX)
+ fatal("%s: last_gc->ref_count = %d",
+ __func__, last_gc->ref_count);
return;
}
- buffer_free(&m);
-
- /* enable nonblocking unless tty */
- if (!isatty(new_fd[0]))
- set_nonblock(new_fd[0]);
- if (!isatty(new_fd[1]))
- set_nonblock(new_fd[1]);
- if (!isatty(new_fd[2]))
- set_nonblock(new_fd[2]);
-
- set_nonblock(client_fd);
-
- if (options.hpn_disabled)
- window = CHAN_SES_WINDOW_DEFAULT;
- else
- window = options.hpn_buffer_size;
-
- packetmax = CHAN_SES_PACKET_DEFAULT;
- if (cctx->want_tty) {
- window >>= 1;
- packetmax >>= 1;
- }
-
- c = channel_new("session", SSH_CHANNEL_OPENING,
- new_fd[0], new_fd[1], new_fd[2], window, packetmax,
- CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
-
- /* XXX */
- c->ctl_fd = client_fd;
- debug3("%s: channel_new: %d", __func__, c->self);
-
- channel_send_open(c->self);
- channel_register_confirm(c->self, client_extra_session2_setup, cctx);
+ gc = xmalloc(sizeof(*gc));
+ gc->cb = cb;
+ gc->ctx = ctx;
+ gc->ref_count = 1;
+ TAILQ_INSERT_TAIL(&global_confirms, gc, entry);
}
static void
xfree(fwd.connect_host);
}
-/* process the characters one by one */
+/*
+ * Process the characters one by one, call with c==NULL for proto1 case.
+ */
static int
-process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
+process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
+ char *buf, int len)
{
char string[1024];
pid_t pid;
u_int i;
u_char ch;
char *s;
+ int *escape_pendingp, escape_char;
+ struct escape_filter_ctx *efc;
+ if (c == NULL) {
+ escape_pendingp = &escape_pending1;
+ escape_char = escape_char1;
+ } else {
+ if (c->filter_ctx == NULL)
+ return 0;
+ efc = (struct escape_filter_ctx *)c->filter_ctx;
+ escape_pendingp = &efc->escape_pending;
+ escape_char = efc->escape_char;
+ }
+
if (len <= 0)
return (0);
/* Get one character at a time. */
ch = buf[i];
- if (escape_pending) {
+ if (*escape_pendingp) {
/* We have previously seen an escape character. */
/* Clear the flag now. */
- escape_pending = 0;
+ *escape_pendingp = 0;
/* Process the escaped character. */
switch (ch) {
case '.':
/* Terminate the connection. */
- snprintf(string, sizeof string, "%c.\r\n", escape_char);
+ snprintf(string, sizeof string, "%c.\r\n",
+ escape_char);
buffer_append(berr, string, strlen(string));
- quit_pending = 1;
+ if (c && c->ctl_fd != -1) {
+ chan_read_failed(c);
+ chan_write_failed(c);
+ return 0;
+ } else
+ quit_pending = 1;
return -1;
case 'Z' - 64:
- /* Suspend the program. */
- /* Print a message to that effect to the user. */
- snprintf(string, sizeof string, "%c^Z [suspend ssh]\r\n", escape_char);
+ /* XXX support this for mux clients */
+ if (c && c->ctl_fd != -1) {
+ noescape:
+ snprintf(string, sizeof string,
+ "%c%c escape not available to "
+ "multiplexed sessions\r\n",
+ escape_char, ch);
+ buffer_append(berr, string,
+ strlen(string));
+ continue;
+ }
+ /* Suspend the program. Inform the user */
+ snprintf(string, sizeof string,
+ "%c^Z [suspend ssh]\r\n", escape_char);
buffer_append(berr, string, strlen(string));
/* Restore terminal modes and suspend. */
case 'R':
if (compat20) {
if (datafellows & SSH_BUG_NOREKEY)
- logit("Server does not support re-keying");
+ logit("Server does not "
+ "support re-keying");
else
need_rekeying = 1;
}
continue;
case '&':
+ if (c && c->ctl_fd != -1)
+ goto noescape;
/*
- * Detach the program (continue to serve connections,
- * but put in background and no more new connections).
+ * Detach the program (continue to serve
+ * connections, but put in background and no
+ * more new connections).
*/
/* Restore tty modes. */
leave_raw_mode();
return -1;
} else if (!stdin_eof) {
/*
- * Sending SSH_CMSG_EOF alone does not always appear
- * to be enough. So we try to send an EOF character
- * first.
+ * Sending SSH_CMSG_EOF alone does not
+ * always appear to be enough. So we
+ * try to send an EOF character first.
*/
packet_start(SSH_CMSG_STDIN_DATA);
packet_put_string("\004", 1);
continue;
case '?':
- snprintf(string, sizeof string,
+ if (c && c->ctl_fd != -1) {
+ snprintf(string, sizeof string,
"%c?\r\n\
Supported escape sequences:\r\n\
-%c. - terminate connection\r\n\
-%cB - send a BREAK to the remote system\r\n\
-%cC - open a command line\r\n\
-%cR - Request rekey (SSH protocol 2 only)\r\n\
-%c^Z - suspend ssh\r\n\
-%c# - list forwarded connections\r\n\
-%c& - background ssh (when waiting for connections to terminate)\r\n\
-%c? - this message\r\n\
-%c%c - send the escape character by typing it twice\r\n\
+ %c. - terminate session\r\n\
+ %cB - send a BREAK to the remote system\r\n\
+ %cC - open a command line\r\n\
+ %cR - Request rekey (SSH protocol 2 only)\r\n\
+ %c# - list forwarded connections\r\n\
+ %c? - this message\r\n\
+ %c%c - send the escape character by typing it twice\r\n\
(Note that escapes are only recognized immediately after newline.)\r\n",
- escape_char, escape_char, escape_char, escape_char,
- escape_char, escape_char, escape_char, escape_char,
- escape_char, escape_char, escape_char);
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char);
+ } else {
+ snprintf(string, sizeof string,
+"%c?\r\n\
+Supported escape sequences:\r\n\
+ %c. - terminate connection (and any multiplexed sessions)\r\n\
+ %cB - send a BREAK to the remote system\r\n\
+ %cC - open a command line\r\n\
+ %cR - Request rekey (SSH protocol 2 only)\r\n\
+ %c^Z - suspend ssh\r\n\
+ %c# - list forwarded connections\r\n\
+ %c& - background ssh (when waiting for connections to terminate)\r\n\
+ %c? - this message\r\n\
+ %c%c - send the escape character by typing it twice\r\n\
+(Note that escapes are only recognized immediately after newline.)\r\n",
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char);
+ }
buffer_append(berr, string, strlen(string));
continue;
case '#':
- snprintf(string, sizeof string, "%c#\r\n", escape_char);
+ snprintf(string, sizeof string, "%c#\r\n",
+ escape_char);
buffer_append(berr, string, strlen(string));
s = channel_open_message();
buffer_append(berr, s, strlen(s));
}
} else {
/*
- * The previous character was not an escape char. Check if this
- * is an escape.
+ * The previous character was not an escape char.
+ * Check if this is an escape.
*/
if (last_was_cr && ch == escape_char) {
- /* It is. Set the flag and continue to next character. */
- escape_pending = 1;
+ /*
+ * It is. Set the flag and continue to
+ * next character.
+ */
+ *escape_pendingp = 1;
continue;
}
}
if (FD_ISSET(fileno(stdin), readset)) {
/* Read as much as possible. */
len = read(fileno(stdin), buf, sizeof(buf));
- if (len < 0 && (errno == EAGAIN || errno == EINTR))
+ if (len < 0 &&
+ (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
return; /* we'll try again later */
if (len <= 0) {
/*
* if it was an error condition.
*/
if (len < 0) {
- snprintf(buf, sizeof buf, "read: %.100s\r\n", strerror(errno));
+ snprintf(buf, sizeof buf, "read: %.100s\r\n",
+ strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
}
/* Mark that we have seen EOF. */
packet_start(SSH_CMSG_EOF);
packet_send();
}
- } else if (escape_char == SSH_ESCAPECHAR_NONE) {
+ } else if (escape_char1 == SSH_ESCAPECHAR_NONE) {
/*
* Normal successful read, and no escape character.
* Just append the data to buffer.
buffer_append(&stdin_buffer, buf, len);
} else {
/*
- * Normal, successful read. But we have an escape character
- * and have to process the characters one by one.
+ * Normal, successful read. But we have an escape
+ * character and have to process the characters one
+ * by one.
*/
- if (process_escapes(&stdin_buffer, &stdout_buffer,
- &stderr_buffer, buf, len) == -1)
+ if (process_escapes(NULL, &stdin_buffer,
+ &stdout_buffer, &stderr_buffer, buf, len) == -1)
return;
}
}
len = write(fileno(stdout), buffer_ptr(&stdout_buffer),
buffer_len(&stdout_buffer));
if (len <= 0) {
- if (errno == EINTR || errno == EAGAIN)
+ if (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK)
len = 0;
else {
/*
* An error or EOF was encountered. Put an
* error message to stderr buffer.
*/
- snprintf(buf, sizeof buf, "write stdout: %.50s\r\n", strerror(errno));
+ snprintf(buf, sizeof buf,
+ "write stdout: %.50s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
return;
}
/* Consume printed data from the buffer. */
buffer_consume(&stdout_buffer, len);
- stdout_bytes += len;
}
/* Write buffered output to stderr. */
if (FD_ISSET(fileno(stderr), writeset)) {
len = write(fileno(stderr), buffer_ptr(&stderr_buffer),
buffer_len(&stderr_buffer));
if (len <= 0) {
- if (errno == EINTR || errno == EAGAIN)
+ if (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK)
len = 0;
else {
- /* EOF or error, but can't even print error message. */
+ /*
+ * EOF or error, but can't even print
+ * error message.
+ */
quit_pending = 1;
return;
}
}
/* Consume printed characters from the buffer. */
buffer_consume(&stderr_buffer, len);
- stderr_bytes += len;
}
}
static void
client_process_buffered_input_packets(void)
{
- dispatch_run(DISPATCH_NONBLOCK, &quit_pending, compat20 ? xxx_kex : NULL);
+ dispatch_run(DISPATCH_NONBLOCK, &quit_pending,
+ compat20 ? xxx_kex : NULL);
}
/* scan buf[] for '~' before sending data to the peer */
-static int
-simple_escape_filter(Channel *c, char *buf, int len)
+/* Helper: allocate a new escape_filter_ctx and fill in its escape char */
+void *
+client_new_escape_filter_ctx(int escape_char)
+{
+ struct escape_filter_ctx *ret;
+
+ ret = xmalloc(sizeof(*ret));
+ ret->escape_pending = 0;
+ ret->escape_char = escape_char;
+ return (void *)ret;
+}
+
+/* Free the escape filter context on channel free */
+void
+client_filter_cleanup(int cid, void *ctx)
{
- /* XXX we assume c->extended is writeable */
- return process_escapes(&c->input, &c->output, &c->extended, buf, len);
+ xfree(ctx);
+}
+
+int
+client_simple_escape_filter(Channel *c, char *buf, int len)
+{
+ if (c->extended_usage != CHAN_EXTENDED_WRITE)
+ return 0;
+
+ return process_escapes(c, &c->input, &c->output, &c->extended,
+ buf, len);
}
static void
fd_set *readset = NULL, *writeset = NULL;
double start_time, total_time;
int max_fd = 0, max_fd2 = 0, len, rekeying = 0;
+ u_int64_t ibytes, obytes;
u_int nalloc = 0;
char buf[100];
start_time = get_current_time();
/* Initialize variables. */
- escape_pending = 0;
+ escape_pending1 = 0;
last_was_cr = 1;
exit_status = -1;
stdin_eof = 0;
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
max_fd = MAX(connection_in, connection_out);
- if (control_fd != -1)
- max_fd = MAX(max_fd, control_fd);
+ if (muxserver_sock != -1)
+ max_fd = MAX(max_fd, muxserver_sock);
if (!compat20) {
/* enable nonblocking unless tty */
max_fd = MAX(max_fd, fileno(stdout));
max_fd = MAX(max_fd, fileno(stderr));
}
- stdin_bytes = 0;
- stdout_bytes = 0;
- stderr_bytes = 0;
quit_pending = 0;
- escape_char = escape_char_arg;
+ escape_char1 = escape_char_arg;
/* Initialize buffers. */
buffer_init(&stdin_buffer);
if (compat20) {
session_ident = ssh2_chan_id;
- if (escape_char != SSH_ESCAPECHAR_NONE)
+ if (escape_char_arg != SSH_ESCAPECHAR_NONE)
channel_register_filter(session_ident,
- simple_escape_filter, NULL);
+ client_simple_escape_filter, NULL,
+ client_filter_cleanup,
+ client_new_escape_filter_ctx(escape_char_arg));
if (session_ident != -1)
channel_register_cleanup(session_ident,
client_channel_closed, 0);
client_process_net_input(readset);
/* Accept control connections. */
- client_process_control(readset);
+ if (muxserver_sock != -1 &&FD_ISSET(muxserver_sock, readset)) {
+ if (muxserver_accept_control())
+ quit_pending = 1;
+ }
if (quit_pending)
break;
client_process_output(writeset);
}
- /* Send as much buffered packet data as possible to the sender. */
+ /*
+ * Send as much buffered packet data as possible to the
+ * sender.
+ */
if (FD_ISSET(connection_out, writeset))
packet_write_poll();
}
* that the connection has been closed.
*/
if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) {
- snprintf(buf, sizeof buf, "Connection to %.64s closed.\r\n", host);
+ snprintf(buf, sizeof buf,
+ "Connection to %.64s closed.\r\n", host);
buffer_append(&stderr_buffer, buf, strlen(buf));
}
break;
}
buffer_consume(&stdout_buffer, len);
- stdout_bytes += len;
}
/* Output any buffered data for stderr. */
break;
}
buffer_consume(&stderr_buffer, len);
- stderr_bytes += len;
}
/* Clear and free any buffers. */
/* Report bytes transferred, and transfer rates. */
total_time = get_current_time() - start_time;
- debug("Transferred: stdin %lu, stdout %lu, stderr %lu bytes in %.1f seconds",
- stdin_bytes, stdout_bytes, stderr_bytes, total_time);
+ packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
+ packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
+ verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds",
+ obytes, ibytes, total_time);
if (total_time > 0)
- debug("Bytes per second: stdin %.1f, stdout %.1f, stderr %.1f",
- stdin_bytes / total_time, stdout_bytes / total_time,
- stderr_bytes / total_time);
-
+ verbose("Bytes per second: sent %.1f, received %.1f",
+ obytes / total_time, ibytes / total_time);
/* Return the exit status of the program. */
debug("Exit status %d", exit_status);
return exit_status;
Channel *c = NULL;
char *listen_address, *originator_address;
int listen_port, originator_port;
- int sock;
/* Get rest of the packet */
listen_address = packet_get_string(NULL);
originator_port = packet_get_int();
packet_check_eom();
- debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
- listen_address, listen_port, originator_address, originator_port);
+ debug("client_request_forwarded_tcpip: listen %s port %d, "
+ "originator %s port %d", listen_address, listen_port,
+ originator_address, originator_port);
+
+ c = channel_connect_by_listen_address(listen_port,
+ "forwarded-tcpip", originator_address);
- sock = channel_connect_by_listen_address(listen_port);
- if (sock < 0) {
- xfree(originator_address);
- xfree(listen_address);
- return NULL;
- }
- if (options.hpn_disabled)
- c = channel_new("forwarded-tcpip",
- SSH_CHANNEL_CONNECTING, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
- originator_address, 1);
- else
- c = channel_new("forwarded-tcpip",
- SSH_CHANNEL_CONNECTING, sock, sock, -1,
- options.hpn_buffer_size, options.hpn_buffer_size, 0,
- originator_address, 1);
xfree(originator_address);
xfree(listen_address);
return c;
if (!options.forward_x11) {
error("Warning: ssh server tried X11 forwarding.");
- error("Warning: this is probably a break-in attempt by a malicious server.");
+ error("Warning: this is probably a break-in attempt by a "
+ "malicious server.");
return NULL;
}
originator = packet_get_string(NULL);
if (!options.forward_agent) {
error("Warning: ssh server tried agent forwarding.");
- error("Warning: this is probably a break-in attempt by a malicious server.");
+ error("Warning: this is probably a break-in attempt by a "
+ "malicious server.");
return NULL;
}
sock = ssh_get_authentication_socket();
#if defined(SSH_TUN_FILTER)
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
- sys_tun_outfilter);
+ sys_tun_outfilter, NULL, NULL);
#endif
packet_start(SSH2_MSG_CHANNEL_OPEN);
if (id == -1) {
error("client_input_channel_req: request for channel -1");
} else if ((c = channel_lookup(id)) == NULL) {
- error("client_input_channel_req: channel %d: unknown channel", id);
+ error("client_input_channel_req: channel %d: "
+ "unknown channel", id);
+ } else if (strcmp(rtype, "eow@openssh.com") == 0) {
+ packet_check_eom();
+ chan_rcvd_eow(c);
} else if (strcmp(rtype, "exit-status") == 0) {
exitval = packet_get_int();
if (id == session_ident) {
void
client_session2_setup(int id, int want_tty, int want_subsystem,
- const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env,
- dispatch_fn *subsys_repl)
+ const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env)
{
int len;
Channel *c = NULL;
if (want_tty) {
struct winsize ws;
- struct termios tio;
/* Store window size in the packet. */
if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0)
memset(&ws, 0, sizeof(ws));
- channel_request_start(id, "pty-req", 0);
+ channel_request_start(id, "pty-req", 1);
+ client_expect_confirm(id, "PTY allocation", 0);
packet_put_cstring(term != NULL ? term : "");
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_row);
packet_put_int((u_int)ws.ws_xpixel);
packet_put_int((u_int)ws.ws_ypixel);
- tio = get_saved_tio();
- tty_make_modes(-1, tiop != NULL ? tiop : &tio);
+ if (tiop == NULL)
+ tiop = get_saved_tio();
+ tty_make_modes(-1, tiop);
packet_send();
/* XXX wait for reply */
c->client_tty = 1;
if (len > 900)
len = 900;
if (want_subsystem) {
- debug("Sending subsystem: %.*s", len, (u_char*)buffer_ptr(cmd));
- channel_request_start(id, "subsystem", subsys_repl != NULL);
- if (subsys_repl != NULL) {
- /* register callback for reply */
- /* XXX we assume that client_loop has already been called */
- dispatch_set(SSH2_MSG_CHANNEL_FAILURE, subsys_repl);
- dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, subsys_repl);
- }
+ debug("Sending subsystem: %.*s",
+ len, (u_char*)buffer_ptr(cmd));
+ channel_request_start(id, "subsystem", 1);
+ client_expect_confirm(id, "subsystem", 1);
} else {
- debug("Sending command: %.*s", len, (u_char*)buffer_ptr(cmd));
- channel_request_start(id, "exec", 0);
+ debug("Sending command: %.*s",
+ len, (u_char*)buffer_ptr(cmd));
+ channel_request_start(id, "exec", 1);
+ client_expect_confirm(id, "exec", 1);
}
packet_put_string(buffer_ptr(cmd), buffer_len(cmd));
packet_send();
} else {
- channel_request_start(id, "shell", 0);
+ channel_request_start(id, "shell", 1);
+ client_expect_confirm(id, "shell", 1);
packet_send();
}
}
dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
+ dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
+ dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request);
/* rekeying */
dispatch_set(SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply);
dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply);
}
+
static void
client_init_dispatch_13(void)
{
dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
&x11_input_open : &deny_input_open);
}
+
static void
client_init_dispatch_15(void)
{
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose);
}
+
static void
client_init_dispatch(void)
{
{
leave_raw_mode();
leave_non_blocking();
- if (options.control_path != NULL && control_fd != -1)
+ if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
_exit(i);
}
-/* $OpenBSD: clientloop.h,v 1.17 2007/08/07 07:32:53 djm Exp $ */
+/* $OpenBSD: clientloop.h,v 1.22 2008/06/12 15:19:17 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
- int, Buffer *, char **, dispatch_fn *);
+ int, Buffer *, char **);
int client_request_tun_fwd(int, int, int);
+/* Escape filter for protocol 2 sessions */
+void *client_new_escape_filter_ctx(int);
+void client_filter_cleanup(int, void *);
+int client_simple_escape_filter(Channel *, char *, int);
+
+/* Global request confirmation callbacks */
+typedef void global_confirm_cb(int, u_int32_t seq, void *);
+void client_register_global_confirm(global_confirm_cb *, void *);
+
/* Multiplexing protocol version */
-#define SSHMUX_VER 1
+#define SSHMUX_VER 2
/* Multiplexing control protocol flags */
#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */
#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */
#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */
+
+void muxserver_listen(void);
+int muxserver_accept_control(void);
+void muxclient(const char *);
AC_MSG_ERROR(globus-makefile-header failed)
fi
+ AC_MSG_RESULT($GLOBUS_LOCATION)
AC_DEFINE(HAVE_GSSAPI_H)
CC="$GLOBUS_CC"
AC_TRY_LINK(
[],
[],
- [
- AC_MSG_RESULT(yes)
- ],
+ [],
[
AC_MSG_ERROR(link with Globus libraries failed)
]
no_attrib_nonnull=1
;;
2.*) no_attrib_nonnull=1 ;;
- 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
- 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
*) ;;
esac
+ AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ AC_LINK_IFELSE( [AC_LANG_SOURCE([[
+#include <string.h>
+int main(void){char b[10]; memset(b, 0, sizeof(b));}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CFLAGS="$saved_CFLAGS" ]
+)
+
# -fstack-protector-all doesn't always work for some GCC versions
# and/or platforms, so we test if we can. If it's not supported
# on a give platform gcc will emit a warning so we use -Werror.
sys/cdefs.h \
sys/dir.h \
sys/mman.h \
+ sys/mount.h \
sys/ndir.h \
sys/poll.h \
sys/prctl.h \
sys/stream.h \
sys/stropts.h \
sys/strtio.h \
+ sys/statvfs.h \
sys/sysmacros.h \
sys/time.h \
sys/timers.h \
no_dev_ptmx=1
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
- AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
AC_DEFINE(PAM_TTY_KLUDGE, 1,
[Work around problematic Linux PAM modules handling of PAM_TTY])
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
;;
*-*-nto-qnx*)
AC_CHECK_HEADERS(libutil.h)
AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
[Define if your libraries define login()])])
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
+AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
AC_FUNC_STRFTIME
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
+ arc4random_buf \
+ arc4random_uniform \
asprintf \
b64_ntop \
__b64_ntop \
fchmod \
fchown \
freeaddrinfo \
+ fstatvfs \
futimes \
getaddrinfo \
getcwd \
sigvec \
snprintf \
socketpair \
+ statfs \
+ statvfs \
strdup \
strerror \
strlcat \
TYPE_SOCKLEN_T
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+])
AC_CHECK_TYPES(in_addr_t,,,
[#include <sys/types.h>
file descriptor passing])
fi
+AC_MSG_CHECKING(if f_fsid has val members)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+[struct fsid_t t; t.val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
+ [ AC_MSG_RESULT(no) ]
+)
+
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
AC_COMPILE_IFELSE(
)
AC_SEARCH_LIBS(dn_expand, resolv)
- AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi $K5LIBS" ],
- [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ K5LIBS="-lgssapi $K5LIBS" ],
AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
$K5LIBS)
],
]
)
+# strip causes problems with GSI libraries...
+if test -z "$GLOBUS_LDFLAGS" ; then
STRIP_OPT=-s
+fi
AC_ARG_ENABLE(strip,
[ --disable-strip Disable calling strip(1) on install],
[
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
+if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
+ test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ AC_SUBST(TEST_SSH_IPV6, no)
+else
+ AC_SUBST(TEST_SSH_IPV6, yes)
+fi
+
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
openbsd-compat/Makefile openbsd-compat/regress/Makefile \
cygdocdir=$(docdir)/Cygwin
sysconfdir=/etc
defaultsdir=$(sysconfdir)/defaults/etc
+inetdefdir=$(defaultsdir)/inetd.d
PRIVSEP_PATH=/var/empty
INSTALL=/usr/bin/install -c
remove-empty-dir:
rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+install-inetd-config:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(inetdefdir)
+ $(INSTALL) -m 644 sshd-inetd $(DESTDIR)$(inetdefdir)/sshd-inetd
+
install-sshdoc:
$(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
$(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
$(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
-cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts
+cygwin-postinstall: move-config-files remove-empty-dir install-inetd-config install-doc install-scripts
@echo "Cygwin specific configuration finished."
# define __attribute__(x)
#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
-#ifndef __dead
-# define __dead __attribute__((noreturn))
-#endif
-
#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
# define __sentinel__
#endif
# define SSH_SYSFDMAX 10000
#endif
+#ifdef FSID_HAS_VAL
+/* encode f_fsid into a 64 bit value */
+#define FSID_TO_ULONG(f) \
+ ((((u_int64_t)(f).val[0] & 0xffffffffUL) << 32) | \
+ ((f).val[1] & 0xffffffffUL))
+#else
+# define FSID_TO_ULONG(f) ((f))
+#endif
+
#if defined(__Lynx__)
/*
* LynxOS defines these in param.h which we do not want to include since
# endif
#endif
+#ifndef EWOULDBLOCK
+# define EWOULDBLOCK EAGAIN
+#endif
+
#endif /* _DEFINES_H */
-/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */
+/* $OpenBSD: dns.c,v 1.25 2008/06/12 00:03:49 dtucker Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
{
struct addrinfo hints, *ai;
+ /*
+ * We shouldn't ever get a null host but if we do then log an error
+ * and return -1 which stops DNS key fingerprint processing.
+ */
+ if (hostname == NULL) {
+ error("is_numeric_hostname called with NULL hostname");
+ return -1;
+ }
+
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_NUMERICHOST;
- if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
+ if (getaddrinfo(hostname, NULL, &hints, &ai) == 0) {
freeaddrinfo(ai);
return -1;
}
-/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
/*
* Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
#include <string.h>
#include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"
# include <sys/syslog.h>
#endif
+#include <errno.h>
+
/*
* On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations
* of getspnam when _INCLUDE__STDC__ is defined, so we unset it here.
-/* $OpenBSD: key.c,v 1.69 2007/07/12 05:48:05 ray Exp $ */
+/* $OpenBSD: key.c,v 1.78 2008/07/07 23:32:51 stevesk Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
*
*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
+ * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#include "includes.h"
+#include <sys/param.h>
#include <sys/types.h>
#include <openssl/evp.h>
default:
fatal("key_equal: bad key type %d", a->type);
}
+ /* NOTREACHED */
}
u_char*
return retval;
}
+/*
+ * Draw an ASCII-Art representing the fingerprint so human brain can
+ * profit from its built-in pattern recognition ability.
+ * This technique is called "random art" and can be found in some
+ * scientific publications like this original paper:
+ *
+ * "Hash Visualization: a New Technique to improve Real-World Security",
+ * Perrig A. and Song D., 1999, International Workshop on Cryptographic
+ * Techniques and E-Commerce (CrypTEC '99)
+ * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
+ *
+ * The subject came up in a talk by Dan Kaminsky, too.
+ *
+ * If you see the picture is different, the key is different.
+ * If the picture looks the same, you still know nothing.
+ *
+ * The algorithm used here is a worm crawling over a discrete plane,
+ * leaving a trace (augmenting the field) everywhere it goes.
+ * Movement is taken from dgst_raw 2bit-wise. Bumping into walls
+ * makes the respective movement vector be ignored for this turn.
+ * Graphs are not unambiguous, because circles in graphs can be
+ * walked in either direction.
+ */
+
+/*
+ * Field sizes for the random art. Have to be odd, so the starting point
+ * can be in the exact middle of the picture, and FLDBASE should be >=8 .
+ * Else pictures would be too dense, and drawing the frame would
+ * fail, too, because the key type would not fit in anymore.
+ */
+#define FLDBASE 8
+#define FLDSIZE_Y (FLDBASE + 1)
+#define FLDSIZE_X (FLDBASE * 2 + 1)
+static char *
+key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
+{
+ /*
+ * Chars to be used after each other every time the worm
+ * intersects with itself. Matter of taste.
+ */
+ char *augmentation_string = " .o+=*BOX@%&#/^SE";
+ char *retval, *p;
+ u_char field[FLDSIZE_X][FLDSIZE_Y];
+ u_int i, b;
+ int x, y;
+ size_t len = strlen(augmentation_string) - 1;
+
+ retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2));
+
+ /* initialize field */
+ memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
+ x = FLDSIZE_X / 2;
+ y = FLDSIZE_Y / 2;
+
+ /* process raw key */
+ for (i = 0; i < dgst_raw_len; i++) {
+ int input;
+ /* each byte conveys four 2-bit move commands */
+ input = dgst_raw[i];
+ for (b = 0; b < 4; b++) {
+ /* evaluate 2 bit, rest is shifted later */
+ x += (input & 0x1) ? 1 : -1;
+ y += (input & 0x2) ? 1 : -1;
+
+ /* assure we are still in bounds */
+ x = MAX(x, 0);
+ y = MAX(y, 0);
+ x = MIN(x, FLDSIZE_X - 1);
+ y = MIN(y, FLDSIZE_Y - 1);
+
+ /* augment the field */
+ field[x][y]++;
+ input = input >> 2;
+ }
+ }
+
+ /* mark starting point and end point*/
+ field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
+ field[x][y] = len;
+
+ /* fill in retval */
+ snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k));
+ p = strchr(retval, '\0');
+
+ /* output upper border */
+ for (i = p - retval - 1; i < FLDSIZE_X; i++)
+ *p++ = '-';
+ *p++ = '+';
+ *p++ = '\n';
+
+ /* output content */
+ for (y = 0; y < FLDSIZE_Y; y++) {
+ *p++ = '|';
+ for (x = 0; x < FLDSIZE_X; x++)
+ *p++ = augmentation_string[MIN(field[x][y], len)];
+ *p++ = '|';
+ *p++ = '\n';
+ }
+
+ /* output lower border */
+ *p++ = '+';
+ for (i = 0; i < FLDSIZE_X; i++)
+ *p++ = '-';
+ *p++ = '+';
+
+ return retval;
+}
+
char *
key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
{
case SSH_FP_BUBBLEBABBLE:
retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
break;
+ case SSH_FP_RANDOMART:
+ retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
+ break;
default:
fatal("key_fingerprint_ex: bad digest representation %d",
dgst_rep);
-/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: key.h,v 1.27 2008/06/11 21:01:35 grunk Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
};
enum fp_rep {
SSH_FP_HEX,
- SSH_FP_BUBBLEBABBLE
+ SSH_FP_BUBBLEBABBLE,
+ SSH_FP_RANDOMART
};
/* key is stored in external hardware */
-/* $OpenBSD: log.c,v 1.40 2007/05/17 07:50:31 djm Exp $ */
+/* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
return SYSLOG_FACILITY_NOT_SET;
}
+const char *
+log_facility_name(SyslogFacility facility)
+{
+ u_int i;
+
+ for (i = 0; log_facilities[i].name; i++)
+ if (log_facilities[i].val == facility)
+ return log_facilities[i].name;
+ return NULL;
+}
+
LogLevel
log_level_number(char *name)
{
return SYSLOG_LEVEL_NOT_SET;
}
+const char *
+log_level_name(LogLevel level)
+{
+ u_int i;
+
+ for (i = 0; log_levels[i].name != NULL; i++)
+ if (log_levels[i].val == level)
+ return log_levels[i].name;
+ return NULL;
+}
+
/* Error messages that should be logged. */
void
-/* $OpenBSD: misc.c,v 1.67 2008/01/01 08:47:04 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.69 2008/06/13 01:38:23 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
if ((pw = getpwnam(user)) == NULL)
fatal("tilde_expand_filename: No such user %s", user);
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
- fatal("tilde_expand_filename: No such uid %d", uid);
+ fatal("tilde_expand_filename: No such uid %ld", (long)uid);
if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
fatal("tilde_expand_filename: Path too long");
p[0] = (u_char)(v >> 8) & 0xff;
p[1] = (u_char)v & 0xff;
}
+
+void
+ms_subtract_diff(struct timeval *start, int *ms)
+{
+ struct timeval diff, finish;
+
+ gettimeofday(&finish, NULL);
+ timersub(&finish, start, &diff);
+ *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000);
+}
+
+void
+ms_to_timeval(struct timeval *tv, int ms)
+{
+ if (ms < 0)
+ ms = 0;
+ tv->tv_sec = ms / 1000;
+ tv->tv_usec = (ms % 1000) * 1000;
+}
+
-/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */
+/* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
#include <sys/types.h>
#include <openssl/bn.h>
+#include <openssl/dh.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include "xmalloc.h"
+#include "dh.h"
#include "log.h"
/*
/* need line long enough for largest moduli plus headers */
#define QLINESIZE (100+8192)
-/* Type: decimal.
- * Specifies the internal structure of the prime modulus.
- */
-#define QTYPE_UNKNOWN (0)
-#define QTYPE_UNSTRUCTURED (1)
-#define QTYPE_SAFE (2)
-#define QTYPE_SCHNORR (3)
-#define QTYPE_SOPHIE_GERMAIN (4)
-#define QTYPE_STRONG (5)
-
-/* Tests: decimal (bit field).
- * Specifies the methods used in checking for primality.
- * Usually, more than one test is used.
- */
-#define QTEST_UNTESTED (0x00)
-#define QTEST_COMPOSITE (0x01)
-#define QTEST_SIEVE (0x02)
-#define QTEST_MILLER_RABIN (0x04)
-#define QTEST_JACOBI (0x08)
-#define QTEST_ELLIPTIC (0x10)
-
/*
* Size: decimal.
* Specifies the number of the most significant bit (0 to M).
fatal("BN_set_word failed");
if (BN_add(q, q, largebase) == 0)
fatal("BN_add failed");
- if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
- largetries, (power - 1) /* MSB */, (0), q) == -1) {
+ if (qfileout(out, MODULI_TYPE_SOPHIE_GERMAIN,
+ MODULI_TESTS_SIEVE, largetries,
+ (power - 1) /* MSB */, (0), q) == -1) {
ret = -1;
break;
}
/* tests */
in_tests = strtoul(cp, &cp, 10);
- if (in_tests & QTEST_COMPOSITE) {
+ if (in_tests & MODULI_TESTS_COMPOSITE) {
debug2("%10u: known composite", count_in);
continue;
}
/* modulus (hex) */
switch (in_type) {
- case QTYPE_SOPHIE_GERMAIN:
+ case MODULI_TYPE_SOPHIE_GERMAIN:
debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
a = q;
if (BN_hex2bn(&a, cp) == 0)
in_size += 1;
generator_known = 0;
break;
- case QTYPE_UNSTRUCTURED:
- case QTYPE_SAFE:
- case QTYPE_SCHNORR:
- case QTYPE_STRONG:
- case QTYPE_UNKNOWN:
+ case MODULI_TYPE_UNSTRUCTURED:
+ case MODULI_TYPE_SAFE:
+ case MODULI_TYPE_SCHNORR:
+ case MODULI_TYPE_STRONG:
+ case MODULI_TYPE_UNKNOWN:
debug2("%10u: (%u)", count_in, in_type);
a = p;
if (BN_hex2bn(&a, cp) == 0)
continue;
}
- if (in_tests & QTEST_MILLER_RABIN)
+ if (in_tests & MODULI_TESTS_MILLER_RABIN)
in_tries += trials;
else
in_tries = trials;
}
debug("%10u: q is almost certainly prime", count_in);
- if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN),
+ if (qfileout(out, MODULI_TYPE_SAFE,
+ in_tests | MODULI_TESTS_MILLER_RABIN,
in_tries, in_size, generator_known, p)) {
res = -1;
break;
-/* $OpenBSD: monitor.c,v 1.94 2007/10/29 04:08:08 dtucker Exp $ */
+/* $OpenBSD: monitor.c,v 1.99 2008/07/10 18:08:11 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#include <openssl/dh.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "key.h"
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
auth_method = "publickey";
+ if (options.pubkey_authentication && allowed != 1)
+ auth_clear_options();
break;
case MM_HOSTKEY:
allowed = options.hostbased_authentication &&
allowed = options.rhosts_rsa_authentication &&
auth_rhosts_rsa_key_allowed(authctxt->pw,
cuser, chost, key);
+ if (options.rhosts_rsa_authentication && allowed != 1)
+ auth_clear_options();
auth_method = "rsa";
break;
default:
}
debug3("%s: key %p is %s",
- __func__, key, allowed ? "allowed" : "disallowed");
+ __func__, key, allowed ? "allowed" : "not allowed");
buffer_clear(m);
buffer_put_int(m, allowed);
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
session_pty_cleanup2(s);
}
- s->used = 0;
+ session_unused(s->self);
}
int
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
- u_int64_t blocks;
+ u_int64_t blocks, bytes;
debug3("%s: Waiting for new keys", __func__);
seqnr = buffer_get_int(&m);
blocks = buffer_get_int64(&m);
packets = buffer_get_int(&m);
- packet_set_state(MODE_OUT, seqnr, blocks, packets);
+ bytes = buffer_get_int64(&m);
+ packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes);
seqnr = buffer_get_int(&m);
blocks = buffer_get_int64(&m);
packets = buffer_get_int(&m);
- packet_set_state(MODE_IN, seqnr, blocks, packets);
+ bytes = buffer_get_int64(&m);
+ packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
skip:
/* Get the key context */
-/* $OpenBSD: monitor_mm.h,v 1.4 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: monitor_mm.h,v 1.5 2008/04/29 11:20:31 otto Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
size_t size;
struct mm_master *mmalloc; /* Used to completely share */
-
- int write; /* used to writing to other party */
- int read; /* used for reading from other party */
};
RB_PROTOTYPE(mmtree, mm_share, next, mm_compare)
-/* $OpenBSD: monitor_wrap.c,v 1.60 2007/10/29 04:08:08 dtucker Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.63 2008/07/10 18:08:11 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#include <openssl/bn.h>
#include <openssl/dh.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "dh.h"
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
- u_int64_t blocks;
+ u_int64_t blocks, bytes;
buffer_init(&m);
buffer_put_string(&m, blob, bloblen);
xfree(blob);
- packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
+ packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
- packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
+ buffer_put_int64(&m, bytes);
+ packet_get_state(MODE_IN, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
+ buffer_put_int64(&m, bytes);
debug3("%s: New keys have been sent", __func__);
skip:
{
Buffer m;
char *p, *msg;
- int success = 0;
+ int success = 0, tmp1 = -1, tmp2 = -1;
+
+ /* Kludge: ensure there are fds free to receive the pty/tty */
+ if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
+ (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
+ error("%s: cannot allocate fds for pty", __func__);
+ if (tmp1 > 0)
+ close(tmp1);
+ if (tmp2 > 0)
+ close(tmp2);
+ return 0;
+ }
+ close(tmp1);
+ close(tmp2);
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
buffer_free(&m);
/* closed dup'ed master */
- if (close(s->ptymaster) < 0)
- error("close(s->ptymaster): %s", strerror(errno));
+ if (s->ptymaster != -1 && close(s->ptymaster) < 0)
+ error("close(s->ptymaster/%d): %s",
+ s->ptymaster, strerror(errno));
/* unlink pty from session */
s->ttyfd = -1;
extern Options options;
extern int stdin_null_flag;
extern char *host;
-int subsystem_flag;
+extern int subsystem_flag;
extern Buffer command;
/* Context for session open confirmation callback */
set_nonblock(client_fd);
- window = CHAN_SES_WINDOW_DEFAULT;
+ if (options.hpn_disabled)
+ window = CHAN_SES_WINDOW_DEFAULT;
+ else
+ window = options.hpn_buffer_size;
packetmax = CHAN_SES_PACKET_DEFAULT;
if (cctx->want_tty) {
window >>= 1;
struct hostent *hp;
char tmpserv[16];
+ if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET)
+ return (EAI_FAMILY);
if (serv != NULL) {
snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
if (strlcpy(serv, tmpserv, servlen) >= servlen)
return ("memory allocation failure.");
case EAI_NONAME:
return ("nodename nor servname provided, or not known");
+ case EAI_FAMILY:
+ return ("ai_family not supported");
default:
return ("unknown/invalid error.");
}
u_long addr;
port = 0;
+ if (hints && hints->ai_family != AF_UNSPEC &&
+ hints->ai_family != AF_INET)
+ return (EAI_FAMILY);
if (servname != NULL) {
char *cp;
u_int16_t sin6_port;
u_int32_t sin6_flowinfo;
struct in6_addr sin6_addr;
+ u_int32_t sin6_scope_id;
};
#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */
#ifndef EAI_SYSTEM
# define EAI_SYSTEM (INT_MAX - 4)
#endif
+#ifndef EAI_FAMILY
+# define EAI_FAMILY (INT_MAX - 5)
+#endif
#ifndef HAVE_STRUCT_ADDRINFO
struct addrinfo {
-/* $OpenBSD: packet.c,v 1.151 2008/02/22 20:44:02 dtucker Exp $ */
+/* $OpenBSD: packet.c,v 1.157 2008/07/10 18:08:11 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
int keep_alive_timeouts = 0;
+/* Set to the maximum time that we will wait to send or receive a packet */
+static int packet_timeout_ms = -1;
+
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
static struct packet_state {
u_int32_t seqnr;
u_int32_t packets;
u_int64_t blocks;
+ u_int64_t bytes;
} p_read, p_send;
static u_int64_t max_blocks_in, max_blocks_out;
buffer_init(&outgoing_packet);
buffer_init(&incoming_packet);
TAILQ_INIT(&outgoing);
+ p_send.packets = p_read.packets = 0;
+ }
+}
+
+void
+packet_set_timeout(int timeout, int count)
+{
+ if (timeout == 0 || count == 0) {
+ packet_timeout_ms = -1;
+ return;
}
+ if ((INT_MAX / 1000) / count < timeout)
+ packet_timeout_ms = INT_MAX;
+ else
+ packet_timeout_ms = timeout * count * 1000;
}
/* Returns 1 if remote host is connected via socket, 0 if not. */
}
void
-packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets)
+packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets,
+ u_int64_t *bytes)
{
struct packet_state *state;
state = (mode == MODE_IN) ? &p_read : &p_send;
- *seqnr = state->seqnr;
- *blocks = state->blocks;
- *packets = state->packets;
+ if (seqnr)
+ *seqnr = state->seqnr;
+ if (blocks)
+ *blocks = state->blocks;
+ if (packets)
+ *packets = state->packets;
+ if (bytes)
+ *bytes = state->bytes;
}
void
-packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets)
+packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets,
+ u_int64_t bytes)
{
struct packet_state *state;
state->seqnr = seqnr;
state->blocks = blocks;
state->packets = packets;
+ state->bytes = bytes;
}
/* returns 1 if connection is via ipv4 */
fprintf(stderr, "encrypted: ");
buffer_dump(&output);
#endif
-
+ p_send.packets++;
+ p_send.bytes += len + buffer_len(&outgoing_packet);
buffer_clear(&outgoing_packet);
/*
if (!(datafellows & SSH_BUG_NOREKEY))
fatal("XXX too many packets with same key");
p_send.blocks += (packet_length + 4) / block_size;
+ p_send.bytes += packet_length + 4;
buffer_clear(&outgoing_packet);
if (type == SSH2_MSG_NEWKEYS)
int
packet_read_seqnr(u_int32_t *seqnr_p)
{
- int type, len;
+ int type, len, ret, ms_remain;
fd_set *setp;
char buf[8192];
+ struct timeval timeout, start, *timeoutp = NULL;
+
DBG(debug("packet_read()"));
setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
sizeof(fd_mask));
FD_SET(connection_in, setp);
+ if (packet_timeout_ms > 0) {
+ ms_remain = packet_timeout_ms;
+ timeoutp = &timeout;
+ }
/* Wait for some data to arrive. */
- while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 &&
- (errno == EAGAIN || errno == EINTR))
- ;
-
+ for (;;) {
+ if (packet_timeout_ms != -1) {
+ ms_to_timeval(&timeout, ms_remain);
+ gettimeofday(&start, NULL);
+ }
+ if ((ret = select(connection_in + 1, setp, NULL,
+ NULL, timeoutp)) >= 0)
+ break;
+ if (errno != EAGAIN && errno != EINTR &&
+ errno != EWOULDBLOCK)
+ break;
+ if (packet_timeout_ms == -1)
+ continue;
+ ms_subtract_diff(&start, &ms_remain);
+ if (ms_remain <= 0) {
+ ret = 0;
+ break;
+ }
+ }
+ if (ret == 0) {
+ logit("Connection to %.200s timed out while "
+ "waiting to read", get_remote_ipaddr());
+ cleanup_exit(255);
+ }
/* Read data from the socket. */
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
buffer_len(&compression_buffer));
}
+ p_read.packets++;
+ p_read.bytes += padded_len + 4;
type = buffer_get_char(&incoming_packet);
if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
packet_disconnect("Invalid ssh1 packet type: %d", type);
if (!(datafellows & SSH_BUG_NOREKEY))
fatal("XXX too many packets with same key");
p_read.blocks += (packet_length + 4) / block_size;
+ p_read.bytes += packet_length + 4;
/* get padlen */
cp = buffer_ptr(&incoming_packet);
for (;;) {
if (compat20) {
type = packet_read_poll2(seqnr_p);
- keep_alive_timeouts = 0;
- if (type)
+ if (type) {
+ keep_alive_timeouts = 0;
DBG(debug("received packet type %d", type));
+ }
switch (type) {
case SSH2_MSG_IGNORE:
debug3("Received SSH2_MSG_IGNORE");
return buffer_get_string(&incoming_packet, length_ptr);
}
+void *
+packet_get_string_ptr(u_int *length_ptr)
+{
+ return buffer_get_string_ptr(&incoming_packet, length_ptr);
+}
+
/*
* Sends a diagnostic message from the server to the client. This message
* can be sent at any time (but not while constructing another message). The
if (len > 0) {
len = write(connection_out, buffer_ptr(&output), len);
- if (len <= 0) {
- if (errno == EAGAIN)
- return (0);
- else
- fatal("Write failed: %.100s", strerror(errno));
+ if (len == -1) {
+ if (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK)
+ return;
+ fatal("Write failed: %.100s", strerror(errno));
}
+ if (len == 0)
+ fatal("Write connection closed");
buffer_consume(&output, len);
}
return(len);
}
+
/*
* Calls packet_write_poll repeatedly until all pending output data has been
* written.
{
fd_set *setp;
u_int bytes_sent = 0;
+ int ret, ms_remain;
+ struct timeval start, timeout, *timeoutp = NULL;
setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
sizeof(fd_mask));
memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
sizeof(fd_mask));
FD_SET(connection_out, setp);
- while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&
- (errno == EAGAIN || errno == EINTR))
- ;
+
+ if (packet_timeout_ms > 0) {
+ ms_remain = packet_timeout_ms;
+ timeoutp = &timeout;
+ }
+ for (;;) {
+ if (packet_timeout_ms != -1) {
+ ms_to_timeval(&timeout, ms_remain);
+ gettimeofday(&start, NULL);
+ }
+ if ((ret = select(connection_out + 1, NULL, setp,
+ NULL, timeoutp)) >= 0)
+ break;
+ if (errno != EAGAIN && errno != EINTR &&
+ errno != EWOULDBLOCK)
+ break;
+ if (packet_timeout_ms == -1)
+ continue;
+ ms_subtract_diff(&start, &ms_remain);
+ if (ms_remain <= 0) {
+ ret = 0;
+ break;
+ }
+ }
+ if (ret == 0) {
+ logit("Connection to %.200s timed out while "
+ "waiting to write", get_remote_ipaddr());
+ cleanup_exit(255);
+ }
bytes_sent += packet_write_poll();
}
xfree(setp);
-/* $OpenBSD: packet.h,v 1.46 2008/02/22 20:44:02 dtucker Exp $ */
+/* $OpenBSD: packet.h,v 1.49 2008/07/10 18:08:11 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
packet_request_rekeying(void);
void packet_set_connection(int, int);
+void packet_set_timeout(int, int);
void packet_set_nonblocking(void);
int packet_get_connection_in(void);
int packet_get_connection_out(void);
void packet_get_bignum2(BIGNUM * value);
void *packet_get_raw(u_int *length_ptr);
void *packet_get_string(u_int *length_ptr);
+void *packet_get_string_ptr(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_get_keyiv(int, u_char *, u_int);
int packet_get_keycontext(int, u_char *);
void packet_set_keycontext(int, u_char *);
-void packet_get_state(int, u_int32_t *, u_int64_t *, u_int32_t *);
-void packet_set_state(int, u_int32_t, u_int64_t, u_int32_t);
+void packet_get_state(int, u_int32_t *, u_int64_t *, u_int32_t *, u_int64_t *);
+void packet_set_state(int, u_int32_t, u_int64_t, u_int32_t, u_int64_t);
int packet_get_ssh1_cipher(void);
void packet_set_iv(int, u_char *);
-/* $OpenBSD: readconf.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
oHPNBufferSize,
+ oVisualHostKey,
oDeprecated, oUnsupported
} OpCodes;
{ "noneswitch", oNoneSwitch },
{ "hpndisabled", oHPNDisabled },
{ "hpnbuffersize", oHPNBufferSize },
+ { "visualhostkey", oVisualHostKey },
{ NULL, oBadOption }
};
intptr = &options->permit_local_command;
goto parse_flag;
+ case oVisualHostKey:
+ intptr = &options->visual_host_key;
+ goto parse_flag;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
options->hpn_buffer_size = -1;
options->tcp_rcv_buf_poll = -1;
options->tcp_rcv_buf = -1;
+ options->visual_host_key = -1;
}
/*
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
+ if (options->visual_host_key == -1)
+ options->visual_host_key = 0;
/* options->local_command should not be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
-/* $OpenBSD: readconf.h,v 1.72 2008/01/19 23:09:49 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.74 2008/06/26 11:46:31 grunk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
char *local_command;
int permit_local_command;
+ int visual_host_key;
} Options;
-/* $OpenBSD: scp.c,v 1.162 2008/01/01 09:06:39 dtucker Exp $ */
+/* $OpenBSD: scp.c,v 1.163 2008/06/13 18:55:22 dtucker Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
if (r < 0) {
if (errno == EINTR)
continue;
- if (errno == EAGAIN) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
(void)poll(&pfd, 1, -1); /* Ignore errors */
continue;
}
struct stat stb;
static BUF buffer;
BUF *bp;
- off_t i, amt, statbytes;
+ off_t i, statbytes;
+ size_t amt;
int fd = -1, haderr, indx;
char *last, *name, buf[16384], encname[MAXPATHLEN];
int len;
syserr: run_err("%s: %s", name, strerror(errno));
goto next;
}
+ if (stb.st_size < 0) {
+ run_err("%s: %s", name, "Negative file size");
+ goto next;
+ }
unset_nonblock(fd);
switch (stb.st_mode & S_IFMT) {
case S_IFREG:
set_nonblock(remout);
for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
amt = bp->cnt;
- if (i + amt > stb.st_size)
+ if (i + (off_t)amt > stb.st_size)
amt = stb.st_size - i;
if (!haderr) {
if (atomicio(read, fd, bp->buf, amt) != amt)
-/* $OpenBSD: servconf.c,v 1.177 2008/02/10 10:54:28 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.186 2008/07/04 03:44:59 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include <signal.h>
#include <unistd.h>
#include <stdarg.h>
+#include <errno.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
options->use_login = -1;
options->compression = -1;
options->allow_tcp_forwarding = -1;
+ options->allow_agent_forwarding = -1;
options->num_allow_users = 0;
options->num_deny_users = 0;
options->num_allow_groups = 0;
options->max_startups_rate = -1;
options->max_startups = -1;
options->max_authtries = -1;
+ options->max_sessions = -1;
options->banner = NULL;
options->use_dns = -1;
options->client_alive_interval = -1;
if (options->pid_file == NULL)
options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
if (options->server_key_bits == -1)
- options->server_key_bits = 768;
+ options->server_key_bits = 1024;
if (options->login_grace_time == -1)
options->login_grace_time = 120;
if (options->key_regeneration_time == -1)
options->compression = COMP_DELAYED;
if (options->allow_tcp_forwarding == -1)
options->allow_tcp_forwarding = 1;
+ if (options->allow_agent_forwarding == -1)
+ options->allow_agent_forwarding = 1;
if (options->gateway_ports == -1)
options->gateway_ports = 0;
if (options->max_startups == -1)
options->max_startups_begin = options->max_startups;
if (options->max_authtries == -1)
options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
+ if (options->max_sessions == -1)
+ options->max_sessions = DEFAULT_SESSIONS_MAX;
if (options->use_dns == -1)
options->use_dns = 1;
if (options->client_alive_interval == -1)
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
- sMaxStartups, sMaxAuthTries,
+ sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGsiAllowLimitedProxy,
sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sUsePrivilegeSeparation, sNoneEnabled, sTcpRcvBufPoll,
+ sNoneEnabled, sTcpRcvBufPoll,
sHPNDisabled, sHPNBufferSize,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
sDeprecated, sUnsupported
} ServerOpCodes;
{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
+ { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
{ "allowusers", sAllowUsers, SSHCFG_GLOBAL },
{ "denyusers", sDenyUsers, SSHCFG_GLOBAL },
{ "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
- { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
+ { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
+ { "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ NULL, sBadOption, 0 }
};
+static struct {
+ int val;
+ char *text;
+} tunmode_desc[] = {
+ { SSH_TUNMODE_NO, "no" },
+ { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
+ { SSH_TUNMODE_ETHERNET, "ethernet" },
+ { SSH_TUNMODE_YES, "yes" },
+ { -1, NULL }
+};
+
/*
* Returns the number of the token pointed to by cp or sBadOption.
*/
match_cfg_line_group(const char *grps, int line, const char *user)
{
int result = 0;
- u_int ngrps = 0;
- char *arg, *p, *cp, *grplist[MAX_MATCH_GROUPS];
struct passwd *pw;
- /*
- * Even if we do not have a user yet, we still need to check for
- * valid syntax.
- */
- arg = cp = xstrdup(grps);
- while ((p = strsep(&cp, ",")) != NULL && *p != '\0') {
- if (ngrps >= MAX_MATCH_GROUPS) {
- error("line %d: too many groups in Match Group", line);
- result = -1;
- goto out;
- }
- grplist[ngrps++] = p;
- }
-
if (user == NULL)
goto out;
} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
debug("Can't Match group because user %.100s not in any group "
"at line %d", user, line);
- } else if (ga_match(grplist, ngrps) != 1) {
- debug("user %.100s does not match group %.100s at line %d",
- user, arg, line);
+ } else if (ga_match_pattern_list(grps) != 1) {
+ debug("user %.100s does not match group list %.100s at line %d",
+ user, grps, line);
} else {
- debug("user %.100s matched group %.100s at line %d", user,
- arg, line);
+ debug("user %.100s matched group list %.100s at line %d", user,
+ grps, line);
result = 1;
}
out:
ga_free();
- xfree(arg);
return result;
}
debug("connection from %.100s matched 'Host "
"%.100s' at line %d", host, arg, line);
} else if (strcasecmp(attrib, "address") == 0) {
- if (!address) {
- result = 0;
- continue;
- }
- if (match_hostname(address, arg, len) != 1)
- result = 0;
- else
+ switch (addr_match_list(address, arg)) {
+ case 1:
debug("connection from %.100s matched 'Address "
"%.100s' at line %d", address, arg, line);
+ break;
+ case 0:
+ case -1:
+ result = 0;
+ break;
+ case -2:
+ return -1;
+ }
} else {
error("Unsupported Match attribute %s", attrib);
return -1;
case sServerKeyBits:
intptr = &options->server_key_bits;
-parse_int:
+ parse_int:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing integer value.",
case sLoginGraceTime:
intptr = &options->login_grace_time;
-parse_time:
+ parse_time:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing time value.",
fatal("%s line %d: too many host keys specified (max %d).",
filename, linenum, MAX_HOSTKEYS);
charptr = &options->host_key_files[*intptr];
-parse_filename:
+ parse_filename:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing file name.",
case sIgnoreRhosts:
intptr = &options->ignore_rhosts;
-parse_flag:
+ parse_flag:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing yes/no argument.",
intptr = &options->allow_tcp_forwarding;
goto parse_flag;
+ case sAllowAgentForwarding:
+ intptr = &options->allow_agent_forwarding;
+ goto parse_flag;
+
case sUsePrivilegeSeparation:
intptr = &use_privsep;
goto parse_flag;
intptr = &options->max_authtries;
goto parse_int;
+ case sMaxSessions:
+ intptr = &options->max_sessions;
+ goto parse_int;
+
case sBanner:
charptr = &options->banner;
goto parse_filename;
if (!arg || *arg == '\0')
fatal("%s line %d: Missing yes/point-to-point/"
"ethernet/no argument.", filename, linenum);
- value = 0; /* silence compiler */
- if (strcasecmp(arg, "ethernet") == 0)
- value = SSH_TUNMODE_ETHERNET;
- else if (strcasecmp(arg, "point-to-point") == 0)
- value = SSH_TUNMODE_POINTOPOINT;
- else if (strcasecmp(arg, "yes") == 0)
- value = SSH_TUNMODE_YES;
- else if (strcasecmp(arg, "no") == 0)
- value = SSH_TUNMODE_NO;
- else
+ value = -1;
+ for (i = 0; tunmode_desc[i].val != -1; i++)
+ if (strcmp(tunmode_desc[i].text, arg) == 0) {
+ value = tunmode_desc[i].val;
+ break;
+ }
+ if (value == -1)
fatal("%s line %d: Bad yes/point-to-point/ethernet/"
"no argument: %s", filename, linenum, arg);
if (*intptr == -1)
M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(allow_tcp_forwarding);
+ M_CP_INTOPT(allow_agent_forwarding);
M_CP_INTOPT(gateway_ports);
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
M_CP_INTOPT(x11_use_localhost);
+ M_CP_INTOPT(max_sessions);
+ M_CP_INTOPT(max_authtries);
M_CP_STROPT(banner);
if (preauth)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
}
+
+static const char *
+fmt_intarg(ServerOpCodes code, int val)
+{
+ if (code == sAddressFamily) {
+ switch (val) {
+ case AF_INET:
+ return "inet";
+ case AF_INET6:
+ return "inet6";
+ case AF_UNSPEC:
+ return "any";
+ default:
+ return "UNKNOWN";
+ }
+ }
+ if (code == sPermitRootLogin) {
+ switch (val) {
+ case PERMIT_NO_PASSWD:
+ return "without-passord";
+ case PERMIT_FORCED_ONLY:
+ return "forced-commands-only";
+ case PERMIT_YES:
+ return "yes";
+ }
+ }
+ if (code == sProtocol) {
+ switch (val) {
+ case SSH_PROTO_1:
+ return "1";
+ case SSH_PROTO_2:
+ return "2";
+ case (SSH_PROTO_1|SSH_PROTO_2):
+ return "2,1";
+ default:
+ return "UNKNOWN";
+ }
+ }
+ if (code == sGatewayPorts && val == 2)
+ return "clientspecified";
+ if (code == sCompression && val == COMP_DELAYED)
+ return "delayed";
+ switch (val) {
+ case -1:
+ return "unset";
+ case 0:
+ return "no";
+ case 1:
+ return "yes";
+ }
+ return "UNKNOWN";
+}
+
+static const char *
+lookup_opcode_name(ServerOpCodes code)
+{
+ u_int i;
+
+ for (i = 0; keywords[i].name != NULL; i++)
+ if (keywords[i].opcode == code)
+ return(keywords[i].name);
+ return "UNKNOWN";
+}
+
+static void
+dump_cfg_int(ServerOpCodes code, int val)
+{
+ printf("%s %d\n", lookup_opcode_name(code), val);
+}
+
+static void
+dump_cfg_fmtint(ServerOpCodes code, int val)
+{
+ printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
+}
+
+static void
+dump_cfg_string(ServerOpCodes code, const char *val)
+{
+ if (val == NULL)
+ return;
+ printf("%s %s\n", lookup_opcode_name(code), val);
+}
+
+static void
+dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
+{
+ u_int i;
+
+ for (i = 0; i < count; i++)
+ printf("%s %s\n", lookup_opcode_name(code), vals[i]);
+}
+
+void
+dump_config(ServerOptions *o)
+{
+ u_int i;
+ int ret;
+ struct addrinfo *ai;
+ char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;
+
+ /* these are usually at the top of the config */
+ for (i = 0; i < o->num_ports; i++)
+ printf("port %d\n", o->ports[i]);
+ dump_cfg_fmtint(sProtocol, o->protocol);
+ dump_cfg_fmtint(sAddressFamily, o->address_family);
+
+ /* ListenAddress must be after Port */
+ for (ai = o->listen_addrs; ai; ai = ai->ai_next) {
+ if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
+ sizeof(addr), port, sizeof(port),
+ NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
+ error("getnameinfo failed: %.100s",
+ (ret != EAI_SYSTEM) ? gai_strerror(ret) :
+ strerror(errno));
+ } else {
+ if (ai->ai_family == AF_INET6)
+ printf("listenaddress [%s]:%s\n", addr, port);
+ else
+ printf("listenaddress %s:%s\n", addr, port);
+ }
+ }
+
+ /* integer arguments */
+ dump_cfg_int(sServerKeyBits, o->server_key_bits);
+ dump_cfg_int(sLoginGraceTime, o->login_grace_time);
+ dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
+ dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
+ dump_cfg_int(sMaxAuthTries, o->max_authtries);
+ dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
+ dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
+
+ /* formatted integer arguments */
+ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
+ dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
+ dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
+ dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
+ dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
+ dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
+ o->hostbased_uses_name_from_packet_only);
+ dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
+ dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
+ dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
+ dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
+ dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
+ dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
+ dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
+ dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
+ dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ dump_cfg_fmtint(sKbdInteractiveAuthentication,
+ o->kbd_interactive_authentication);
+ dump_cfg_fmtint(sChallengeResponseAuthentication,
+ o->challenge_response_authentication);
+ dump_cfg_fmtint(sPrintMotd, o->print_motd);
+ dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
+ dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
+ dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+ dump_cfg_fmtint(sStrictModes, o->strict_modes);
+ dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
+ dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
+ dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
+ dump_cfg_fmtint(sUseLogin, o->use_login);
+ dump_cfg_fmtint(sCompression, o->compression);
+ dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
+ dump_cfg_fmtint(sUseDNS, o->use_dns);
+ dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
+ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+
+ /* string arguments */
+ dump_cfg_string(sPidFile, o->pid_file);
+ dump_cfg_string(sXAuthLocation, o->xauth_location);
+ dump_cfg_string(sCiphers, o->ciphers);
+ dump_cfg_string(sMacs, o->macs);
+ dump_cfg_string(sBanner, o->banner);
+ dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
+ dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
+ dump_cfg_string(sForceCommand, o->adm_forced_command);
+
+ /* string arguments requiring a lookup */
+ dump_cfg_string(sLogLevel, log_level_name(o->log_level));
+ dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
+
+ /* string array arguments */
+ dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
+ o->host_key_files);
+ dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
+ dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
+ dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
+ dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
+ dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
+
+ /* other arguments */
+ for (i = 0; i < o->num_subsystems; i++)
+ printf("subsystem %s %s\n", o->subsystem_name[i],
+ o->subsystem_args[i]);
+
+ printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
+ o->max_startups_rate, o->max_startups);
+
+ for (i = 0; tunmode_desc[i].val != -1; i++)
+ if (tunmode_desc[i].val == o->permit_tun) {
+ s = tunmode_desc[i].text;
+ break;
+ }
+ dump_cfg_string(sPermitTunnel, s);
+
+ printf("permitopen");
+ channel_print_adm_permitted_opens();
+ printf("\n");
+}
-/* $OpenBSD: servconf.h,v 1.82 2008/02/13 22:38:17 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.85 2008/06/10 04:50:25 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
#define PERMIT_YES 3
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
+#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
/* Magic name for internal sftp-server */
#define INTERNAL_SFTP_NAME "internal-sftp"
int use_login; /* If true, login(1) is used */
int compression; /* If true, compression is allowed */
int allow_tcp_forwarding;
+ int allow_agent_forwarding;
u_int num_allow_users;
char *allow_users[MAX_ALLOW_USERS];
u_int num_deny_users;
int max_startups_rate;
int max_startups;
int max_authtries;
+ int max_sessions;
char *banner; /* SSH-2 banner message */
int use_dns;
int client_alive_interval; /*
void parse_server_match_config(ServerOptions *, const char *, const char *,
const char *);
void copy_set_server_options(ServerOptions *, ServerOptions *, int);
+void dump_config(ServerOptions *);
#endif /* SERVCONF_H */
-/* $OpenBSD: serverloop.c,v 1.148 2008/02/22 20:44:02 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.153 2008/06/30 12:15:39 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include <unistd.h>
#include <stdarg.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
static int connection_out; /* Connection to client (output). */
static int connection_closed = 0; /* Connection to client closed. */
static u_int buffer_high; /* "Soft" max buffer size. */
+static int no_more_sessions = 0; /* Disallow further sessions. */
/*
* This SIGCHLD kludge is used to detect when the child exits. The server
return;
cleanup_exit(255);
} else if (len < 0) {
- if (errno != EINTR && errno != EAGAIN) {
+ if (errno != EINTR && errno != EAGAIN &&
+ errno != EWOULDBLOCK) {
verbose("Read error from remote host "
"%.100s: %.100s",
get_remote_ipaddr(), strerror(errno));
if (!fdout_eof && FD_ISSET(fdout, readset)) {
errno = 0;
len = read(fdout, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !child_terminated))) {
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
if (!fderr_eof && FD_ISSET(fderr, readset)) {
errno = 0;
len = read(fderr, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !child_terminated))) {
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
data = buffer_ptr(&stdin_buffer);
dlen = buffer_len(&stdin_buffer);
len = write(fdin, data, dlen);
- if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ if (len < 0 &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) {
/* do nothing */
} else if (len <= 0) {
if (fdin != fdout)
server_request_direct_tcpip(void)
{
Channel *c;
- int sock;
char *target, *originator;
int target_port, originator_port;
originator_port = packet_get_int();
packet_check_eom();
- debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
- originator, originator_port, target, target_port);
+ debug("server_request_direct_tcpip: originator %s port %d, target %s "
+ "port %d", originator, originator_port, target, target_port);
/* XXX check permission */
- sock = channel_connect_to(target, target_port);
- xfree(target);
+ c = channel_connect_to(target, target_port,
+ "direct-tcpip", "direct-tcpip");
+
xfree(originator);
- if (sock < 0)
- return NULL;
- if (options.hpn_disabled)
- c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
- sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
- CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
- else
- c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
- sock, sock, -1, options.hpn_buffer_size,
- CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
+ xfree(target);
+
return c;
}
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
- sys_tun_outfilter);
+ sys_tun_outfilter, NULL, NULL);
#endif
done:
debug("input_session_request");
packet_check_eom();
+
+ if (no_more_sessions) {
+ packet_disconnect("Possible attack: attempt to open a session "
+ "after additional sessions disabled");
+ }
+
/*
* A server session has no fd to read or write until a
* CHANNEL_REQUEST for a shell is made, so we set the type to
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
xfree(cancel_address);
+ } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
+ no_more_sessions = 1;
+ success = 1;
}
if (want_reply) {
packet_start(success ?
if ((c = channel_lookup(id)) == NULL)
packet_disconnect("server_input_channel_req: "
"unknown channel %d", id);
- if (c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN)
+ if (!strcmp(rtype, "eow@openssh.com")) {
+ packet_check_eom();
+ chan_rcvd_eow(c);
+ } else if ((c->type == SSH_CHANNEL_LARVAL ||
+ c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
success = session_input_channel_req(c, rtype);
if (reply) {
packet_start(success ?
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
+ dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
+ dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
/* client_alive */
- dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
/* rekeying */
-/* $OpenBSD: session.c,v 1.233 2008/03/26 21:28:14 djm Exp $ */
+/* $OpenBSD: session.c,v 1.241 2008/06/16 13:22:53 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include <string.h>
#include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
/* func */
Session *session_new(void);
-void session_set_fds(Session *, int, int, int);
+void session_set_fds(Session *, int, int, int, int);
void session_pty_cleanup(Session *);
void session_proctitle(Session *);
int session_setup_x11fwd(Session *);
-void do_exec_pty(Session *, const char *);
-void do_exec_no_pty(Session *, const char *);
-void do_exec(Session *, const char *);
+int do_exec_pty(Session *, const char *);
+int do_exec_no_pty(Session *, const char *);
+int do_exec(Session *, const char *);
void do_login(Session *, const char *);
#ifdef LOGIN_NEEDS_UTMPX
static void do_pre_login(Session *s);
const char *original_command = NULL;
/* data */
-#define MAX_SESSIONS 20
-Session sessions[MAX_SESSIONS];
+static int sessions_first_unused = -1;
+static int sessions_nalloc = 0;
+static Session *sessions = NULL;
#define SUBSYSTEM_NONE 0
#define SUBSYSTEM_EXT 1
auth_input_request_forwarding(struct passwd * pw)
{
Channel *nc;
- int sock;
+ int sock = -1;
struct sockaddr_un sunaddr;
if (auth_sock_name != NULL) {
temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
- auth_sock_name = xmalloc(MAXPATHLEN);
- auth_sock_dir = xmalloc(MAXPATHLEN);
- strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
+ auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
/* Create private directory for socket */
if (mkdtemp(auth_sock_dir) == NULL) {
packet_send_debug("Agent forwarding disabled: "
"mkdtemp() failed: %.100s", strerror(errno));
restore_uid();
- xfree(auth_sock_name);
xfree(auth_sock_dir);
- auth_sock_name = NULL;
auth_sock_dir = NULL;
- return 0;
+ goto authsock_err;
}
- snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld",
- auth_sock_dir, (long) getpid());
+
+ xasprintf(&auth_sock_name, "%s/agent.%ld",
+ auth_sock_dir, (long) getpid());
/* Create the socket. */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0)
- packet_disconnect("socket: %.100s", strerror(errno));
+ if (sock < 0) {
+ error("socket: %.100s", strerror(errno));
+ restore_uid();
+ goto authsock_err;
+ }
/* Bind it to the name. */
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
- if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
- packet_disconnect("bind: %.100s", strerror(errno));
+ if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
+ error("bind: %.100s", strerror(errno));
+ restore_uid();
+ goto authsock_err;
+ }
/* Restore the privileged uid. */
restore_uid();
/* Start listening on the socket. */
- if (listen(sock, SSH_LISTEN_BACKLOG) < 0)
- packet_disconnect("listen: %.100s", strerror(errno));
+ if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
+ error("listen: %.100s", strerror(errno));
+ goto authsock_err;
+ }
/* Allocate a channel for the authentication agent socket. */
/* this shouldn't matter if its hpn or not - cjr */
0, "auth socket", 1);
strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
return 1;
+
+ authsock_err:
+ if (auth_sock_name != NULL)
+ xfree(auth_sock_name);
+ if (auth_sock_dir != NULL) {
+ rmdir(auth_sock_dir);
+ xfree(auth_sock_dir);
+ }
+ if (sock != -1)
+ close(sock);
+ auth_sock_name = NULL;
+ auth_sock_dir = NULL;
+ return 0;
}
static void
break;
case SSH_CMSG_AGENT_REQUEST_FORWARDING:
- if (no_agent_forwarding_flag || compat13) {
+ if (!options.allow_agent_forwarding ||
+ no_agent_forwarding_flag || compat13) {
debug("Authentication agent forwarding not permitted for this authentication.");
break;
}
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
- do_exec(s, command);
+ if (do_exec(s, command) != 0)
+ packet_disconnect(
+ "command execution failed");
xfree(command);
} else {
- do_exec(s, NULL);
+ if (do_exec(s, NULL) != 0)
+ packet_disconnect(
+ "shell execution failed");
}
packet_check_eom();
session_close(s);
}
}
+#define USE_PIPES
/*
* This is called to fork and execute a command when we have no tty. This
* will call do_child from the child, and server_loop from the parent after
* setting up file descriptors and such.
*/
-void
+int
do_exec_no_pty(Session *s, const char *command)
{
pid_t pid;
#ifdef USE_PIPES
int pin[2], pout[2], perr[2];
+
/* Allocate pipes for communicating with the program. */
- if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
- packet_disconnect("Could not create pipes: %.100s",
- strerror(errno));
-#else /* USE_PIPES */
+ if (pipe(pin) < 0) {
+ error("%s: pipe in: %.100s", __func__, strerror(errno));
+ return -1;
+ }
+ if (pipe(pout) < 0) {
+ error("%s: pipe out: %.100s", __func__, strerror(errno));
+ close(pin[0]);
+ close(pin[1]);
+ return -1;
+ }
+ if (pipe(perr) < 0) {
+ error("%s: pipe err: %.100s", __func__, strerror(errno));
+ close(pin[0]);
+ close(pin[1]);
+ close(pout[0]);
+ close(pout[1]);
+ return -1;
+ }
+#else
int inout[2], err[2];
+
/* Uses socket pairs to communicate with the program. */
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
- socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
- packet_disconnect("Could not create socket pairs: %.100s",
- strerror(errno));
-#endif /* USE_PIPES */
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
+ error("%s: socketpair #1: %.100s", __func__, strerror(errno));
+ return -1;
+ }
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
+ error("%s: socketpair #2: %.100s", __func__, strerror(errno));
+ close(inout[0]);
+ close(inout[1]);
+ return -1;
+ }
+#endif
+
if (s == NULL)
fatal("do_exec_no_pty: no session");
session_proctitle(s);
/* Fork the child. */
- if ((pid = fork()) == 0) {
+ switch ((pid = fork())) {
+ case -1:
+ error("%s: fork: %.100s", __func__, strerror(errno));
+#ifdef USE_PIPES
+ close(pin[0]);
+ close(pin[1]);
+ close(pout[0]);
+ close(pout[1]);
+ close(perr[0]);
+ close(perr[1]);
+#else
+ close(inout[0]);
+ close(inout[1]);
+ close(err[0]);
+ close(err[1]);
+#endif
+ return -1;
+ case 0:
is_child = 1;
/* Child. Reinitialize the log since the pid has changed. */
- log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ log_init(__progname, options.log_level,
+ options.log_facility, log_stderr);
/*
* Create a new session and process group since the 4.4BSD
if (dup2(perr[1], 2) < 0)
perror("dup2 stderr");
close(perr[1]);
-#else /* USE_PIPES */
+#else
/*
* Redirect stdin, stdout, and stderr. Stdin and stdout will
* use the same socket, as some programs (particularly rdist)
close(err[1]);
if (dup2(inout[0], 0) < 0) /* stdin */
perror("dup2 stdin");
- if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */
+ if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */
perror("dup2 stdout");
+ close(inout[0]);
if (dup2(err[0], 2) < 0) /* stderr */
perror("dup2 stderr");
-#endif /* USE_PIPES */
+ close(err[0]);
+#endif
+
#ifdef _UNICOS
cray_init_job(s->pw); /* set up cray jid and tmpdir */
/* Do processing for the child (exec command etc). */
do_child(s, command);
/* NOTREACHED */
+ default:
+ break;
}
+
#ifdef _UNICOS
signal(WJSIGNAL, cray_job_termination_handler);
#endif /* _UNICOS */
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
- if (pid < 0)
- packet_disconnect("fork failed: %.100s", strerror(errno));
+
s->pid = pid;
/* Set interactive/non-interactive mode. */
packet_set_interactive(s->display != NULL);
+
+ /*
+ * Clear loginmsg, since it's the child's responsibility to display
+ * it to the user, otherwise multiple sessions may accumulate
+ * multiple copies of the login messages.
+ */
+ buffer_clear(&loginmsg);
+
#ifdef USE_PIPES
/* We are the parent. Close the child sides of the pipes. */
close(pin[0]);
close(perr[0]);
perr[0] = -1;
}
- session_set_fds(s, pin[1], pout[0], perr[0]);
+ session_set_fds(s, pin[1], pout[0], perr[0], 0);
} else {
/* Enter the interactive session. */
server_loop(pid, pin[1], pout[0], perr[0]);
/* server_loop has closed pin[1], pout[0], and perr[0]. */
}
-#else /* USE_PIPES */
+#else
/* We are the parent. Close the child sides of the socket pairs. */
close(inout[0]);
close(err[0]);
- /*
- * Clear loginmsg, since it's the child's responsibility to display
- * it to the user, otherwise multiple sessions may accumulate
- * multiple copies of the login messages.
- */
- buffer_clear(&loginmsg);
-
/*
* Enter the interactive session. Note: server_loop must be able to
* handle the case that fdin and fdout are the same.
*/
if (compat20) {
- session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]);
+ session_set_fds(s, inout[1], inout[1],
+ s->is_subsystem ? -1 : err[1], 0);
+ if (s->is_subsystem)
+ close(err[1]);
} else {
server_loop(pid, inout[1], inout[1], err[1]);
/* server_loop has closed inout[1] and err[1]. */
}
-#endif /* USE_PIPES */
+#endif
+ return 0;
}
/*
* setting up file descriptors, controlling tty, updating wtmp, utmp,
* lastlog, and other such operations.
*/
-void
+int
do_exec_pty(Session *s, const char *command)
{
int fdout, ptyfd, ttyfd, ptymaster;
ptyfd = s->ptyfd;
ttyfd = s->ttyfd;
+ /*
+ * Create another descriptor of the pty master side for use as the
+ * standard input. We could use the original descriptor, but this
+ * simplifies code in server_loop. The descriptor is bidirectional.
+ * Do this before forking (and cleanup in the child) so as to
+ * detect and gracefully fail out-of-fd conditions.
+ */
+ if ((fdout = dup(ptyfd)) < 0) {
+ error("%s: dup #1: %s", __func__, strerror(errno));
+ close(ttyfd);
+ close(ptyfd);
+ return -1;
+ }
+ /* we keep a reference to the pty master */
+ if ((ptymaster = dup(ptyfd)) < 0) {
+ error("%s: dup #2: %s", __func__, strerror(errno));
+ close(ttyfd);
+ close(ptyfd);
+ close(fdout);
+ return -1;
+ }
+
/* Fork the child. */
- if ((pid = fork()) == 0) {
+ switch ((pid = fork())) {
+ case -1:
+ error("%s: fork: %.100s", __func__, strerror(errno));
+ close(fdout);
+ close(ptymaster);
+ close(ttyfd);
+ close(ptyfd);
+ return -1;
+ case 0:
is_child = 1;
+ close(fdout);
+ close(ptymaster);
+
/* Child. Reinitialize the log because the pid has changed. */
- log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ log_init(__progname, options.log_level,
+ options.log_facility, log_stderr);
/* Close the master side of the pseudo tty. */
close(ptyfd);
do_pre_login(s);
# endif
#endif
-
- /* Do common processing for the child, such as execing the command. */
- do_child(s, command);
- /* NOTREACHED */
+ /*
+ * Do common processing for the child, such as execing
+ * the command.
+ */
+ do_child(s, command);
+ /* NOTREACHED */
+ default:
+ break;
}
+
#ifdef _UNICOS
signal(WJSIGNAL, cray_job_termination_handler);
#endif /* _UNICOS */
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
- if (pid < 0)
- packet_disconnect("fork failed: %.100s", strerror(errno));
+
s->pid = pid;
/* Parent. Close the slave side of the pseudo tty. */
close(ttyfd);
- /*
- * Create another descriptor of the pty master side for use as the
- * standard input. We could use the original descriptor, but this
- * simplifies code in server_loop. The descriptor is bidirectional.
- */
- fdout = dup(ptyfd);
- if (fdout < 0)
- packet_disconnect("dup #1 failed: %.100s", strerror(errno));
-
- /* we keep a reference to the pty master */
- ptymaster = dup(ptyfd);
- if (ptymaster < 0)
- packet_disconnect("dup #2 failed: %.100s", strerror(errno));
- s->ptymaster = ptymaster;
-
/* Enter interactive session. */
+ s->ptymaster = ptymaster;
packet_set_interactive(1);
if (compat20) {
- session_set_fds(s, ptyfd, fdout, -1);
+ session_set_fds(s, ptyfd, fdout, -1, 1);
} else {
server_loop(pid, ptyfd, fdout, -1);
/* server_loop _has_ closed ptyfd and fdout. */
}
+ return 0;
}
#ifdef LOGIN_NEEDS_UTMPX
* This is called to fork and execute a command. If another command is
* to be forced, execute that instead.
*/
-void
+int
do_exec(Session *s, const char *command)
{
+ int ret;
+
if (options.adm_forced_command) {
original_command = command;
command = options.adm_forced_command;
}
#endif
if (s->ttyfd != -1)
- do_exec_pty(s, command);
+ ret = do_exec_pty(s, command);
else
- do_exec_no_pty(s, command);
+ ret = do_exec_no_pty(s, command);
original_command = NULL;
* multiple copies of the login messages.
*/
buffer_clear(&loginmsg);
+
+ return ret;
}
/* administrative, login(1)-like work */
/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
if (!s->is_subsystem && options.adm_forced_command == NULL &&
- !no_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ !no_user_rc && stat(_PATH_SSH_USER_RC, &st) >= 0) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
char *argv[ARGV_MAX];
const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw;
+ int r = 0;
#ifdef AFS_KRB5
/* Default place to look for aklog. */
/* Change current directory to the user's home directory. */
if (chdir(pw->pw_dir) < 0) {
- fprintf(stderr, "Could not chdir to home directory %s: %s\n",
- pw->pw_dir, strerror(errno));
+ /* Suppress missing homedir warning for chroot case */
#ifdef HAVE_LOGIN_CAP
- if (login_getcapbool(lc, "requirehome", 0))
- exit(1);
+ r = login_getcapbool(lc, "requirehome", 0);
#endif
+ if (r || options.chroot_directory == NULL)
+ fprintf(stderr, "Could not chdir to home "
+ "directory %s: %s\n", pw->pw_dir,
+ strerror(errno));
+ if (r)
+ exit(1);
}
closefrom(STDERR_FILENO + 1);
exit(1);
}
+void
+session_unused(int id)
+{
+ debug3("%s: session id %d unused", __func__, id);
+ if (id >= options.max_sessions ||
+ id >= sessions_nalloc) {
+ fatal("%s: insane session id %d (max %d nalloc %d)",
+ __func__, id, options.max_sessions, sessions_nalloc);
+ }
+ bzero(&sessions[id], sizeof(*sessions));
+ sessions[id].self = id;
+ sessions[id].used = 0;
+ sessions[id].chanid = -1;
+ sessions[id].ptyfd = -1;
+ sessions[id].ttyfd = -1;
+ sessions[id].ptymaster = -1;
+ sessions[id].x11_chanids = NULL;
+ sessions[id].next_unused = sessions_first_unused;
+ sessions_first_unused = id;
+}
+
Session *
session_new(void)
{
- int i;
- static int did_init = 0;
- if (!did_init) {
- debug("session_new: init");
- for (i = 0; i < MAX_SESSIONS; i++) {
- sessions[i].used = 0;
+ Session *s, *tmp;
+
+ if (sessions_first_unused == -1) {
+ if (sessions_nalloc >= options.max_sessions)
+ return NULL;
+ debug2("%s: allocate (allocated %d max %d)",
+ __func__, sessions_nalloc, options.max_sessions);
+ tmp = xrealloc(sessions, sessions_nalloc + 1,
+ sizeof(*sessions));
+ if (tmp == NULL) {
+ error("%s: cannot allocate %d sessions",
+ __func__, sessions_nalloc + 1);
+ return NULL;
}
- did_init = 1;
+ sessions = tmp;
+ session_unused(sessions_nalloc++);
}
- for (i = 0; i < MAX_SESSIONS; i++) {
- Session *s = &sessions[i];
- if (! s->used) {
- memset(s, 0, sizeof(*s));
- s->chanid = -1;
- s->ptyfd = -1;
- s->ttyfd = -1;
- s->used = 1;
- s->self = i;
- s->x11_chanids = NULL;
- debug("session_new: session %d", i);
- return s;
- }
+
+ if (sessions_first_unused >= sessions_nalloc ||
+ sessions_first_unused < 0) {
+ fatal("%s: insane first_unused %d max %d nalloc %d",
+ __func__, sessions_first_unused, options.max_sessions,
+ sessions_nalloc);
}
- return NULL;
+
+ s = &sessions[sessions_first_unused];
+ if (s->used) {
+ fatal("%s: session %d already used",
+ __func__, sessions_first_unused);
+ }
+ sessions_first_unused = s->next_unused;
+ s->used = 1;
+ s->next_unused = -1;
+ debug("session_new: session %d", s->self);
+
+ return s;
}
static void
session_dump(void)
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
- debug("dump: used %d session %d %p channel %d pid %ld",
+
+ debug("dump: used %d next_unused %d session %d %p "
+ "channel %d pid %ld",
s->used,
+ s->next_unused,
s->self,
s,
s->chanid,
session_by_tty(char *tty)
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
debug("session_by_tty: session %d tty %s", i, tty);
session_by_channel(int id)
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->chanid == id) {
- debug("session_by_channel: session %d channel %d", i, id);
+ debug("session_by_channel: session %d channel %d",
+ i, id);
return s;
}
}
{
int i, j;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->x11_chanids == NULL || !s->used)
{
int i;
debug("session_by_pid: pid %ld", (long)pid);
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->pid == pid)
return s;
/* Allocate a pty and open it. */
debug("Allocating pty.");
- if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)))) {
+ if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
+ sizeof(s->tty)))) {
if (s->term)
xfree(s->term);
s->term = NULL;
s->is_subsystem = SUBSYSTEM_EXT;
}
debug("subsystem: exec() %s", cmd);
- do_exec(s, cmd);
- success = 1;
+ success = do_exec(s, cmd) == 0;
break;
}
}
session_shell_req(Session *s)
{
packet_check_eom();
- do_exec(s, NULL);
- return 1;
+ return do_exec(s, NULL) == 0;
}
static int
session_exec_req(Session *s)
{
- u_int len;
+ u_int len, success;
+
char *command = packet_get_string(&len);
packet_check_eom();
- do_exec(s, command);
+ success = do_exec(s, command) == 0;
xfree(command);
- return 1;
+ return success;
}
static int
packet_get_int(); /* ignored */
packet_check_eom();
- if (s->ttyfd == -1 ||
- tcsendbreak(s->ttyfd, 0) < 0)
+ if (s->ttyfd == -1 || tcsendbreak(s->ttyfd, 0) < 0)
return 0;
return 1;
}
{
static int called = 0;
packet_check_eom();
- if (no_agent_forwarding_flag) {
+ if (no_agent_forwarding_flag || !options.allow_agent_forwarding) {
debug("session_auth_agent_req: no_agent_forwarding_flag");
return 0;
}
}
void
-session_set_fds(Session *s, int fdin, int fdout, int fderr)
+session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty)
{
if (!compat20)
fatal("session_set_fds: called for proto != 2.0");
*/
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
- if(options.hpn_disabled)
channel_set_fds(s->chanid,
fdout, fdin, fderr,
fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
- 1,
- CHAN_SES_WINDOW_DEFAULT);
- else
- channel_set_fds(s->chanid,
- fdout, fdin, fderr,
- fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
- 1,
- options.hpn_buffer_size);
+ 1, is_tty, CHAN_SES_WINDOW_DEFAULT);
}
/*
* the pty cleanup, so that another process doesn't get this pty
* while we're still cleaning up.
*/
- if (close(s->ptymaster) < 0)
- error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno));
+ if (s->ptymaster != -1 && close(s->ptymaster) < 0)
+ error("close(s->ptymaster/%d): %s",
+ s->ptymaster, strerror(errno));
/* unlink pty from session */
s->ttyfd = -1;
xfree(s->auth_data);
if (s->auth_proto)
xfree(s->auth_proto);
- s->used = 0;
if (s->env != NULL) {
for (i = 0; i < s->num_env; i++) {
xfree(s->env[i].name);
xfree(s->env);
}
session_proctitle(s);
+ session_unused(s->self);
}
void
session_destroy_all(void (*closefunc)(Session *))
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used) {
if (closefunc != NULL)
char *cp;
buf[0] = '\0';
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1) {
-/* $OpenBSD: session.h,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
struct Session {
int used;
int self;
+ int next_unused;
struct passwd *pw;
Authctxt *authctxt;
pid_t pid;
void do_cleanup(Authctxt *);
int session_open(Authctxt *, int);
+void session_unused(int);
int session_input_channel_req(Channel *, const char *);
void session_close_by_pid(pid_t, int);
void session_close_by_channel(int, void *);
-/* $OpenBSD: sftp.c,v 1.99 2008/01/20 00:38:30 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.103 2008/07/13 22:16:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/wait.h>
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
#include <ctype.h>
#include <errno.h>
#include <unistd.h>
#include <stdarg.h>
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+# include <libutil.h>
+#endif
+
#include "xmalloc.h"
#include "log.h"
#include "pathnames.h"
size_t copy_buffer_len = 32768;
/* Number of concurrent outstanding requests */
-size_t num_requests = 16;
+size_t num_requests = 64;
/* PID of ssh transport process */
static pid_t sshpid = -1;
#define I_CHGRP 2
#define I_CHMOD 3
#define I_CHOWN 4
+#define I_DF 24
#define I_GET 5
#define I_HELP 6
#define I_LCHDIR 7
{ "chgrp", I_CHGRP },
{ "chmod", I_CHMOD },
{ "chown", I_CHOWN },
+ { "df", I_DF },
{ "dir", I_LS },
{ "exit", I_QUIT },
{ "get", I_GET },
printf("chgrp grp path Change group of file 'path' to 'grp'\n");
printf("chmod mode path Change permissions of file 'path' to 'mode'\n");
printf("chown own path Change owner of file 'path' to 'own'\n");
+ printf("df [path] Display statistics for current directory or\n");
+ printf(" filesystem containing 'path'\n");
printf("help Display this help text\n");
printf("get remote-path [local-path] Download file\n");
printf("lls [ls-options [path]] Display local directory listing\n");
static int
parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag)
{
- extern int optind, optreset, opterr;
+ extern int opterr, optind, optopt, optreset;
int ch;
optind = optreset = 1;
*pflag = 1;
break;
default:
- error("%s: Invalid flag -%c", cmd, ch);
+ error("%s: Invalid flag -%c", cmd, optopt);
return -1;
}
}
static int
parse_ls_flags(char **argv, int argc, int *lflag)
{
- extern int optind, optreset, opterr;
+ extern int opterr, optind, optopt, optreset;
int ch;
optind = optreset = 1;
*lflag |= LS_TIME_SORT;
break;
default:
- error("ls: Invalid flag -%c", ch);
+ error("ls: Invalid flag -%c", optopt);
+ return -1;
+ }
+ }
+
+ return optind;
+}
+
+static int
+parse_df_flags(const char *cmd, char **argv, int argc, int *hflag, int *iflag)
+{
+ extern int opterr, optind, optopt, optreset;
+ int ch;
+
+ optind = optreset = 1;
+ opterr = 0;
+
+ *hflag = *iflag = 0;
+ while ((ch = getopt(argc, argv, "hi")) != -1) {
+ switch (ch) {
+ case 'h':
+ *hflag = 1;
+ break;
+ case 'i':
+ *iflag = 1;
+ break;
+ default:
+ error("%s: Invalid flag -%c", cmd, optopt);
return -1;
}
}
return (0);
}
+static int
+do_df(struct sftp_conn *conn, char *path, int hflag, int iflag)
+{
+ struct sftp_statvfs st;
+ char s_used[FMT_SCALED_STRSIZE];
+ char s_avail[FMT_SCALED_STRSIZE];
+ char s_root[FMT_SCALED_STRSIZE];
+ char s_total[FMT_SCALED_STRSIZE];
+
+ if (do_statvfs(conn, path, &st, 1) == -1)
+ return -1;
+ if (iflag) {
+ printf(" Inodes Used Avail "
+ "(root) %%Capacity\n");
+ printf("%11llu %11llu %11llu %11llu %3llu%%\n",
+ (unsigned long long)st.f_files,
+ (unsigned long long)(st.f_files - st.f_ffree),
+ (unsigned long long)st.f_favail,
+ (unsigned long long)st.f_ffree,
+ (unsigned long long)(100 * (st.f_files - st.f_ffree) /
+ st.f_files));
+ } else if (hflag) {
+ strlcpy(s_used, "error", sizeof(s_used));
+ strlcpy(s_avail, "error", sizeof(s_avail));
+ strlcpy(s_root, "error", sizeof(s_root));
+ strlcpy(s_total, "error", sizeof(s_total));
+ fmt_scaled((st.f_blocks - st.f_bfree) * st.f_frsize, s_used);
+ fmt_scaled(st.f_bavail * st.f_frsize, s_avail);
+ fmt_scaled(st.f_bfree * st.f_frsize, s_root);
+ fmt_scaled(st.f_blocks * st.f_frsize, s_total);
+ printf(" Size Used Avail (root) %%Capacity\n");
+ printf("%7sB %7sB %7sB %7sB %3llu%%\n",
+ s_total, s_used, s_avail, s_root,
+ (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
+ st.f_blocks));
+ } else {
+ printf(" Size Used Avail "
+ "(root) %%Capacity\n");
+ printf("%12llu %12llu %12llu %12llu %3llu%%\n",
+ (unsigned long long)(st.f_frsize * st.f_blocks / 1024),
+ (unsigned long long)(st.f_frsize *
+ (st.f_blocks - st.f_bfree) / 1024),
+ (unsigned long long)(st.f_frsize * st.f_bavail / 1024),
+ (unsigned long long)(st.f_frsize * st.f_bfree / 1024),
+ (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
+ st.f_blocks));
+ }
+ return 0;
+}
+
/*
* Undo escaping of glob sequences in place. Used to undo extra escaping
* applied in makeargv() when the string is destined for a function that
}
static int
-parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
+parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, int *hflag,
unsigned long *n_arg, char **path1, char **path2)
{
const char *cmd, *cp = *cpp;
}
/* Get arguments and parse flags */
- *lflag = *pflag = *n_arg = 0;
+ *lflag = *pflag = *hflag = *n_arg = 0;
*path1 = *path2 = NULL;
optidx = 1;
switch (cmdnum) {
if (cmdnum != I_RM)
undo_glob_escape(*path1);
break;
+ case I_DF:
+ if ((optidx = parse_df_flags(cmd, argv, argc, hflag,
+ iflag)) == -1)
+ return -1;
+ /* Default to current directory if no path specified */
+ if (argc - optidx < 1)
+ *path1 = NULL;
+ else {
+ *path1 = xstrdup(argv[optidx]);
+ undo_glob_escape(*path1);
+ }
+ break;
case I_LS:
if ((optidx = parse_ls_flags(argv, argc, lflag)) == -1)
return(-1);
int err_abort)
{
char *path1, *path2, *tmp;
- int pflag, lflag, iflag, cmdnum, i;
+ int pflag, lflag, iflag, hflag, cmdnum, i;
unsigned long n_arg;
Attrib a, *aa;
char path_buf[MAXPATHLEN];
glob_t g;
path1 = path2 = NULL;
- cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg,
+ cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &hflag, &n_arg,
&path1, &path2);
if (iflag != 0)
path1 = make_absolute(path1, *pwd);
err = do_globbed_ls(conn, path1, tmp, lflag);
break;
+ case I_DF:
+ /* Default to current directory if no path specified */
+ if (path1 == NULL)
+ path1 = xstrdup(*pwd);
+ path1 = make_absolute(path1, *pwd);
+ err = do_df(conn, path1, hflag, iflag);
+ break;
case I_LCHDIR:
if (chdir(path1) == -1) {
error("Couldn't change local directory to "
-/* $OpenBSD: ssh-agent.c,v 1.157 2007/09/25 23:48:57 canacar Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
u_char *blob, *data, *signature = NULL;
u_int blen, dlen, slen = 0;
extern int datafellows;
+ int odatafellows;
int ok = -1, flags;
Buffer msg;
Key *key;
data = buffer_get_string(&e->request, &dlen);
flags = buffer_get_int(&e->request);
+ odatafellows = datafellows;
if (flags & SSH_AGENT_OLD_SIGNATURE)
datafellows = SSH_BUG_SIGBLOB;
xfree(blob);
if (signature != NULL)
xfree(signature);
+ datafellows = odatafellows;
}
/* shared */
xfree(comment);
goto send;
}
- success = 1;
while (buffer_len(&e->request)) {
- switch (buffer_get_char(&e->request)) {
+ switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
confirm = 1;
break;
default:
- break;
+ error("process_add_identity: "
+ "Unknown constraint type %d", type);
+ xfree(comment);
+ key_free(k);
+ goto send;
}
}
+ success = 1;
if (lifetime && !death)
death = time(NULL) + lifetime;
if ((id = lookup_identity(k, version)) == NULL) {
#ifdef SMARTCARD
static void
-process_add_smartcard_key (SocketEntry *e)
+process_add_smartcard_key(SocketEntry *e)
{
char *sc_reader_id = NULL, *pin;
- int i, version, success = 0, death = 0, confirm = 0;
+ int i, type, version, success = 0, death = 0, confirm = 0;
Key **keys, *k;
Identity *id;
Idtab *tab;
pin = buffer_get_string(&e->request, NULL);
while (buffer_len(&e->request)) {
- switch (buffer_get_char(&e->request)) {
+ switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
confirm = 1;
break;
default:
- break;
+ error("process_add_smartcard_key: "
+ "Unknown constraint type %d", type);
+ xfree(sc_reader_id);
+ xfree(pin);
+ goto send;
}
}
if (lifetime && !death)
buffer_ptr(&sockets[i].output),
buffer_len(&sockets[i].output));
if (len == -1 && (errno == EAGAIN ||
- errno == EINTR))
+ errno == EINTR ||
+ errno == EWOULDBLOCK))
continue;
break;
} while (1);
do {
len = read(sockets[i].fd, buf, sizeof(buf));
if (len == -1 && (errno == EAGAIN ||
- errno == EINTR))
+ errno == EINTR ||
+ errno == EWOULDBLOCK))
continue;
break;
} while (1);
-/* $OpenBSD: ssh-keyscan.c,v 1.75 2007/12/27 14:22:08 dtucker Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.76 2008/04/30 10:14:03 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
#define KT_DSA 2
#define KT_RSA 4
-int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */
+int get_keytypes = KT_RSA; /* Get only RSA keys by default */
int hash_hosts = 0; /* Hash hostname on output */
memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask));
while (select(maxfd, r, NULL, e, &seltime) == -1 &&
- (errno == EAGAIN || errno == EINTR))
+ (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
;
for (i = 0; i < maxfd; i++) {
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 5 2007 $
+.Dd $Mdocdate: May 31 2007 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.273 2008/02/11 07:58:28 jmc Exp $
-.Dd $Mdocdate: March 26 2008 $
+.\" $OpenBSD: ssh.1,v 1.277 2008/07/02 13:47:39 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSH 1
.Os
.Sh NAME
The recommended way to start X11 programs at a remote site is with
something like
.Ic ssh -f host xterm .
+.Pp
+If the
+.Cm ExitOnForwardFailure
+configuration option is set to
+.Dq yes ,
+then a client started with
+.Fl f
+will wait for all remote port forwards to be successfully established
+before placing itself in the background.
.It Fl g
Allows remote hosts to connect to local forwarded ports.
.It Fl I Ar smartcard_device
.It User
.It UserKnownHostsFile
.It VerifyHostKeyDNS
+.It VisualHostKey
.It XAuthLocation
.El
.It Fl p Ar port
.Pp
.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
.Pp
-If the fingerprint is already known,
-it can be matched and verified,
-and the key can be accepted.
+If the fingerprint is already known, it can be matched
+and the key can be accepted or rejected.
+Because of the difficulty of comparing host keys
+just by looking at hex strings,
+there is also support to compare host keys visually,
+using
+.Em random art .
+By setting the
+.Cm VisualHostKey
+option to
+.Dq yes ,
+a small ASCII graphic gets displayed on every login to a server, no matter
+if the session itself is interactive or not.
+By learning the pattern a known server produces, a user can easily
+find out that the host key has changed when a completely different pattern
+is displayed.
+Because these patterns are not unambiguous however, a pattern that looks
+similar to the pattern remembered only gives a good probability that the
+host key is the same, not guaranteed proof.
+.Pp
+To get a listing of the fingerprints along with their random art for
+all known hosts, the following command line can be used:
+.Pp
+.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
+.Pp
If the fingerprint is unknown,
an alternative method of verification is available:
SSH fingerprints verified by DNS.
.%T "The Secure Shell (SSH) Public Key File Format"
.%D 2006
.Re
+.Rs
+.%T "Hash Visualization: a New Technique to improve Real-World Security"
+.%A A. Perrig
+.%A D. Song
+.%D 1999
+.%O "International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)"
+.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
-/* $OpenBSD: ssh.c,v 1.309 2008/01/19 20:51:26 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include <sys/resource.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
-#include <sys/un.h>
#include <ctype.h>
#include <errno.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include "openbsd-compat/openssl-compat.h"
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "sshpty.h"
#include "match.h"
#include "msg.h"
-#include "monitor_fdpass.h"
#include "uidswap.h"
#include "version.h"
extern char *__progname;
-/* Flag indicating whether debug mode is on. This can be set on the command line. */
+/* Flag indicating whether debug mode is on. May be set on the command line. */
int debug_flag = 0;
/* Flag indicating whether a tty should be allocated */
int subsystem_flag = 0;
/* # of replies received for global requests */
-static int client_global_request_id = 0;
+static int remote_forward_confirms_received = 0;
/* pid of proxycommand child process */
pid_t proxy_command_pid = 0;
-/* fd to control socket */
-int control_fd = -1;
-
-/* Multiplexing control command */
-static u_int mux_command = 0;
-
-/* Only used in control client mode */
-volatile sig_atomic_t control_client_terminate = 0;
-u_int control_server_pid = 0;
+/* mux.c */
+extern int muxserver_sock;
+extern u_int muxclient_command;
/* Prints a help message to the user. This function never returns. */
static int ssh_session(void);
static int ssh_session2(void);
static void load_public_identity_files(void);
-static void control_client(const char *path);
+
+/* from muxclient.c */
+void muxclient(const char *);
+void muxserver_listen(void);
/*
* Main program for the ssh client.
*/
umask(022);
- /* Initialize option structure to indicate that no values have been set. */
+ /*
+ * Initialize option structure to indicate that no values have been
+ * set.
+ */
initialize_options(&options);
/* Parse command-line arguments. */
host = NULL;
again:
- while ((opt = getopt(ac, av,
- "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+ "ACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
break;
case 'O':
if (strcmp(optarg, "check") == 0)
- mux_command = SSHMUX_COMMAND_ALIVE_CHECK;
+ muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK;
else if (strcmp(optarg, "exit") == 0)
- mux_command = SSHMUX_COMMAND_TERMINATE;
+ muxclient_command = SSHMUX_COMMAND_TERMINATE;
else
fatal("Invalid multiplex command.");
break;
options.tun_open = SSH_TUNMODE_DEFAULT;
options.tun_local = a2tun(optarg, &options.tun_remote);
if (options.tun_local == SSH_TUNID_ERR) {
- fprintf(stderr, "Bad tun device '%s'\n", optarg);
+ fprintf(stderr,
+ "Bad tun device '%s'\n", optarg);
exit(255);
}
break;
}
if (cp != NULL) {
fwd.listen_port = a2port(cp);
- fwd.listen_host = cleanhostname(fwd.listen_host);
+ fwd.listen_host =
+ cleanhostname(fwd.listen_host);
} else {
fwd.listen_port = a2port(fwd.listen_host);
fwd.listen_host = NULL;
}
/* Cannot fork to background if no command. */
- if (fork_after_authentication_flag && buffer_len(&command) == 0 && !no_shell_flag)
- fatal("Cannot fork into background without a command to execute.");
+ if (fork_after_authentication_flag && buffer_len(&command) == 0 &&
+ !no_shell_flag)
+ fatal("Cannot fork into background without a command "
+ "to execute.");
/* Allocate a tty by default if no command specified. */
if (buffer_len(&command) == 0)
/* Do not allocate a tty if stdin is not a tty. */
if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) {
if (tty_flag)
- logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
+ logit("Pseudo-terminal will not be allocated because "
+ "stdin is not a terminal.");
tty_flag = 0;
}
* Initialize "log" output. Since we are the client all output
* actually goes to stderr.
*/
- log_init(av[0], options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
+ log_init(av[0],
+ options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
SYSLOG_FACILITY_USER, 1);
/*
}
else options.implicit = 0;
+ /* Get default port if port has not been set. */
+ if (options.port == 0) {
+ sp = getservbyname(SSH_SERVICE_NAME, "tcp");
+ options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
+ }
+
+ if (options.local_command != NULL) {
+ char thishost[NI_MAXHOST];
+
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("gethostname: %s", strerror(errno));
+ snprintf(buf, sizeof(buf), "%d", options.port);
+ debug3("expanding LocalCommand: %s", options.local_command);
+ cp = options.local_command;
+ options.local_command = percent_expand(cp, "d", pw->pw_dir,
+ "h", options.hostname? options.hostname : host,
+ "l", thishost, "n", host, "r", options.user, "p", buf,
+ "u", pw->pw_name, (char *)NULL);
+ debug3("expanded LocalCommand: %s", options.local_command);
+ xfree(cp);
+ }
+
if (options.hostname != NULL)
host = options.hostname;
*p = (char)tolower(*p);
}
- /* Get default port if port has not been set. */
- if (options.port == 0) {
- sp = getservbyname(SSH_SERVICE_NAME, "tcp");
- options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
- }
-
if (options.proxy_command != NULL &&
strcmp(options.proxy_command, "none") == 0) {
xfree(options.proxy_command);
"r", options.user, "l", thishost, (char *)NULL);
xfree(cp);
}
- if (mux_command != 0 && options.control_path == NULL)
+ if (muxclient_command != 0 && options.control_path == NULL)
fatal("No ControlPath specified for \"-O\" command");
if (options.control_path != NULL)
- control_client(options.control_path);
+ muxclient(options.control_path);
timeout_ms = options.connection_timeout * 1000;
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn't already exist.
*/
- snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+ snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
+ strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (stat(buf, &st) < 0)
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
- /* Log into the remote system. This never returns if the login fails. */
+ /* Log into the remote system. Never returns if the login fails. */
ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
pw, timeout_ms);
exit_status = compat20 ? ssh_session2() : ssh_session();
packet_close();
- if (options.control_path != NULL && control_fd != -1)
+ if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
/*
return exit_status;
}
+/* Callback for remote forward global requests */
+static void
+ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
+{
+ Forward *rfwd = (Forward *)ctxt;
+
+ debug("remote forward %s for: listen %d, connect %s:%d",
+ type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
+ rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
+ if (type == SSH2_MSG_REQUEST_FAILURE) {
+ if (options.exit_on_forward_failure)
+ fatal("Error: remote port forwarding failed for "
+ "listen port %d", rfwd->listen_port);
+ else
+ logit("Warning: remote port forwarding failed for "
+ "listen port %d", rfwd->listen_port);
+ }
+ if (++remote_forward_confirms_received == options.num_remote_forwards) {
+ debug("All remote forwarding requests processed");
+ if (fork_after_authentication_flag) {
+ fork_after_authentication_flag = 0;
+ if (daemon(1, 1) < 0)
+ fatal("daemon() failed: %.200s",
+ strerror(errno));
+ }
+ }
+}
+
static void
ssh_init_forwarding(void)
{
logit("Warning: Could not request remote "
"forwarding.");
}
+ client_register_global_confirm(ssh_confirm_remote_forward,
+ &options.remote_forwards[i]);
}
/* Initiate tunnel forwarding. */
/* Enable compression if requested. */
if (options.compression) {
- debug("Requesting compression at level %d.", options.compression_level);
+ debug("Requesting compression at level %d.",
+ options.compression_level);
- if (options.compression_level < 1 || options.compression_level > 9)
- fatal("Compression level must be from 1 (fast) to 9 (slow, best).");
+ if (options.compression_level < 1 ||
+ options.compression_level > 9)
+ fatal("Compression level must be from 1 (fast) to "
+ "9 (slow, best).");
/* Send the request. */
packet_start(SSH_CMSG_REQUEST_COMPRESSION);
else if (type == SSH_SMSG_FAILURE)
logit("Warning: Remote host refused compression.");
else
- packet_disconnect("Protocol error waiting for compression response.");
+ packet_disconnect("Protocol error waiting for "
+ "compression response.");
}
/* Allocate a pseudo tty if appropriate. */
if (tty_flag) {
interactive = 1;
have_tty = 1;
} else if (type == SSH_SMSG_FAILURE)
- logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
+ logit("Warning: Remote host failed or refused to "
+ "allocate a pseudo tty.");
else
- packet_disconnect("Protocol error waiting for pty request response.");
+ packet_disconnect("Protocol error waiting for pty "
+ "request response.");
}
/* Request X11 forwarding if enabled and DISPLAY is set. */
display = getenv("DISPLAY");
client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted, &proto, &data);
/* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication spoofing.");
+ debug("Requesting X11 forwarding with authentication "
+ "spoofing.");
x11_request_forwarding_with_spoofing(0, display, proto, data);
/* Read response from the server. */
} else if (type == SSH_SMSG_FAILURE) {
logit("Warning: Remote host denied X11 forwarding.");
} else {
- packet_disconnect("Protocol error waiting for X11 forwarding");
+ packet_disconnect("Protocol error waiting for X11 "
+ "forwarding");
}
}
/* Tell the packet module whether this is an interactive session. */
options.permit_local_command)
ssh_local_cmd(options.local_command);
- /* If requested, let ssh continue in the background. */
- if (fork_after_authentication_flag)
+ /*
+ * If requested and we are not interested in replies to remote
+ * forwarding requests, then let ssh continue in the background.
+ */
+ if (fork_after_authentication_flag &&
+ (!options.exit_on_forward_failure ||
+ options.num_remote_forwards == 0)) {
+ fork_after_authentication_flag = 0;
if (daemon(1, 1) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
+ }
/*
* If a command was specified on the command line, execute the
int len = buffer_len(&command);
if (len > 900)
len = 900;
- debug("Sending command: %.*s", len, (u_char *)buffer_ptr(&command));
+ debug("Sending command: %.*s", len,
+ (u_char *)buffer_ptr(&command));
packet_start(SSH_CMSG_EXEC_CMD);
packet_put_string(buffer_ptr(&command), buffer_len(&command));
packet_send();
options.escape_char : SSH_ESCAPECHAR_NONE, 0);
}
-static void
-ssh_subsystem_reply(int type, u_int32_t seq, void *ctxt)
-{
- int id, len;
-
- id = packet_get_int();
- len = buffer_len(&command);
- if (len > 900)
- len = 900;
- packet_check_eom();
- if (type == SSH2_MSG_CHANNEL_FAILURE)
- fatal("Request for subsystem '%.*s' failed on channel %d",
- len, (u_char *)buffer_ptr(&command), id);
-}
-
-void
-client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
-{
- int i;
-
- i = client_global_request_id++;
- if (i >= options.num_remote_forwards)
- return;
- debug("remote forward %s for: listen %d, connect %s:%d",
- type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
- options.remote_forwards[i].listen_port,
- options.remote_forwards[i].connect_host,
- options.remote_forwards[i].connect_port);
- if (type == SSH2_MSG_REQUEST_FAILURE) {
- if (options.exit_on_forward_failure)
- fatal("Error: remote port forwarding failed for "
- "listen port %d",
- options.remote_forwards[i].listen_port);
- else
- logit("Warning: remote port forwarding failed for "
- "listen port %d",
- options.remote_forwards[i].listen_port);
- }
-}
-
-static void
-ssh_control_listener(void)
-{
- struct sockaddr_un addr;
- mode_t old_umask;
- int addr_len;
-
- if (options.control_path == NULL ||
- options.control_master == SSHCTL_MASTER_NO)
- return;
-
- debug("setting up multiplex master socket");
-
- memset(&addr, '\0', sizeof(addr));
- addr.sun_family = AF_UNIX;
- addr_len = offsetof(struct sockaddr_un, sun_path) +
- strlen(options.control_path) + 1;
-
- if (strlcpy(addr.sun_path, options.control_path,
- sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
- fatal("ControlPath too long");
-
- if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
- fatal("%s socket(): %s", __func__, strerror(errno));
-
- old_umask = umask(0177);
- if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) {
- control_fd = -1;
- if (errno == EINVAL || errno == EADDRINUSE)
- fatal("ControlSocket %s already exists",
- options.control_path);
- else
- fatal("%s bind(): %s", __func__, strerror(errno));
- }
- umask(old_umask);
-
- if (listen(control_fd, 64) == -1)
- fatal("%s listen(): %s", __func__, strerror(errno));
-
- set_nonblock(control_fd);
-}
-
/* request pty/x11/agent/tcpfwd/shell for channel */
static void
ssh_session2_setup(int id, void *arg)
client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted, &proto, &data);
/* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication spoofing.");
+ debug("Requesting X11 forwarding with authentication "
+ "spoofing.");
x11_request_forwarding_with_spoofing(id, display, proto, data);
interactive = 1;
/* XXX wait for reply */
}
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
- NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply);
+ NULL, fileno(stdin), &command, environ);
packet_set_interactive(interactive);
}
channel_send_open(c->self);
if (!no_shell_flag)
- channel_register_confirm(c->self, ssh_session2_setup, NULL);
+ channel_register_open_confirm(c->self,
+ ssh_session2_setup, NULL);
return c->self;
}
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
id = ssh_session2_open();
+ /* If we don't expect to open a new session, then disallow it */
+ if (options.control_master == SSHCTL_MASTER_NO) {
+ debug("Requesting no-more-sessions@openssh.com");
+ packet_start(SSH2_MSG_GLOBAL_REQUEST);
+ packet_put_cstring("no-more-sessions@openssh.com");
+ packet_put_char(0);
+ packet_send();
+ }
+
/* Execute a local command */
if (options.local_command != NULL &&
options.permit_local_command)
ssh_local_cmd(options.local_command);
/* Start listening for multiplex clients */
- ssh_control_listener();
+ muxserver_listen();
/* If requested, let ssh continue in the background. */
- if (fork_after_authentication_flag)
+ if (fork_after_authentication_flag) {
+ fork_after_authentication_flag = 0;
if (daemon(1, 1) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
+ }
return client_loop(tty_flag, tty_flag ?
options.escape_char : SSH_ESCAPECHAR_NONE, id);
int count = 0;
for (i = 0; keys[i] != NULL; i++) {
count++;
- memmove(&options.identity_files[1], &options.identity_files[0],
+ memmove(&options.identity_files[1],
+ &options.identity_files[0],
sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1));
- memmove(&options.identity_keys[1], &options.identity_keys[0],
+ memmove(&options.identity_keys[1],
+ &options.identity_keys[0],
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
options.num_identity_files++;
options.identity_keys[0] = keys[i];
bzero(pwdir, strlen(pwdir));
xfree(pwdir);
}
-
-static void
-control_client_sighandler(int signo)
-{
- control_client_terminate = signo;
-}
-
-static void
-control_client_sigrelay(int signo)
-{
- int save_errno = errno;
-
- if (control_server_pid > 1)
- kill(control_server_pid, signo);
-
- errno = save_errno;
-}
-
-static int
-env_permitted(char *env)
-{
- int i, ret;
- char name[1024], *cp;
-
- if ((cp = strchr(env, '=')) == NULL || cp == env)
- return (0);
- ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
- if (ret <= 0 || (size_t)ret >= sizeof(name))
- fatal("env_permitted: name '%.100s...' too long", env);
-
- for (i = 0; i < options.num_send_env; i++)
- if (match_pattern(name, options.send_env[i]))
- return (1);
-
- return (0);
-}
-
-static void
-control_client(const char *path)
-{
- struct sockaddr_un addr;
- int i, r, fd, sock, exitval[2], num_env, addr_len;
- Buffer m;
- char *term;
- extern char **environ;
- u_int flags;
-
- if (mux_command == 0)
- mux_command = SSHMUX_COMMAND_OPEN;
-
- switch (options.control_master) {
- case SSHCTL_MASTER_AUTO:
- case SSHCTL_MASTER_AUTO_ASK:
- debug("auto-mux: Trying existing master");
- /* FALLTHROUGH */
- case SSHCTL_MASTER_NO:
- break;
- default:
- return;
- }
-
- memset(&addr, '\0', sizeof(addr));
- addr.sun_family = AF_UNIX;
- addr_len = offsetof(struct sockaddr_un, sun_path) +
- strlen(path) + 1;
-
- if (strlcpy(addr.sun_path, path,
- sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
- fatal("ControlPath too long");
-
- if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
- fatal("%s socket(): %s", __func__, strerror(errno));
-
- if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) {
- if (mux_command != SSHMUX_COMMAND_OPEN) {
- fatal("Control socket connect(%.100s): %s", path,
- strerror(errno));
- }
- if (errno == ENOENT)
- debug("Control socket \"%.100s\" does not exist", path);
- else {
- error("Control socket connect(%.100s): %s", path,
- strerror(errno));
- }
- close(sock);
- return;
- }
-
- if (stdin_null_flag) {
- if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)
- fatal("open(/dev/null): %s", strerror(errno));
- if (dup2(fd, STDIN_FILENO) == -1)
- fatal("dup2: %s", strerror(errno));
- if (fd > STDERR_FILENO)
- close(fd);
- }
-
- term = getenv("TERM");
-
- flags = 0;
- if (tty_flag)
- flags |= SSHMUX_FLAG_TTY;
- if (subsystem_flag)
- flags |= SSHMUX_FLAG_SUBSYS;
- if (options.forward_x11)
- flags |= SSHMUX_FLAG_X11_FWD;
- if (options.forward_agent)
- flags |= SSHMUX_FLAG_AGENT_FWD;
-
- signal(SIGPIPE, SIG_IGN);
-
- buffer_init(&m);
-
- /* Send our command to server */
- buffer_put_int(&m, mux_command);
- buffer_put_int(&m, flags);
- if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
- fatal("%s: msg_send", __func__);
- buffer_clear(&m);
-
- /* Get authorisation status and PID of controlee */
- if (ssh_msg_recv(sock, &m) == -1)
- fatal("%s: msg_recv", __func__);
- if (buffer_get_char(&m) != SSHMUX_VER)
- fatal("%s: wrong version", __func__);
- if (buffer_get_int(&m) != 1)
- fatal("Connection to master denied");
- control_server_pid = buffer_get_int(&m);
-
- buffer_clear(&m);
-
- switch (mux_command) {
- case SSHMUX_COMMAND_ALIVE_CHECK:
- fprintf(stderr, "Master running (pid=%d)\r\n",
- control_server_pid);
- exit(0);
- case SSHMUX_COMMAND_TERMINATE:
- fprintf(stderr, "Exit request sent.\r\n");
- exit(0);
- case SSHMUX_COMMAND_OPEN:
- /* continue below */
- break;
- default:
- fatal("silly mux_command %d", mux_command);
- }
-
- /* SSHMUX_COMMAND_OPEN */
- buffer_put_cstring(&m, term ? term : "");
- buffer_append(&command, "\0", 1);
- buffer_put_cstring(&m, buffer_ptr(&command));
-
- if (options.num_send_env == 0 || environ == NULL) {
- buffer_put_int(&m, 0);
- } else {
- /* Pass environment */
- num_env = 0;
- for (i = 0; environ[i] != NULL; i++)
- if (env_permitted(environ[i]))
- num_env++; /* Count */
-
- buffer_put_int(&m, num_env);
-
- for (i = 0; environ[i] != NULL && num_env >= 0; i++)
- if (env_permitted(environ[i])) {
- num_env--;
- buffer_put_cstring(&m, environ[i]);
- }
- }
-
- if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
- fatal("%s: msg_send", __func__);
-
- if (mm_send_fd(sock, STDIN_FILENO) == -1 ||
- mm_send_fd(sock, STDOUT_FILENO) == -1 ||
- mm_send_fd(sock, STDERR_FILENO) == -1)
- fatal("%s: send fds failed", __func__);
-
- /* Wait for reply, so master has a chance to gather ttymodes */
- buffer_clear(&m);
- if (ssh_msg_recv(sock, &m) == -1)
- fatal("%s: msg_recv", __func__);
- if (buffer_get_char(&m) != SSHMUX_VER)
- fatal("%s: wrong version", __func__);
- buffer_free(&m);
-
- signal(SIGHUP, control_client_sighandler);
- signal(SIGINT, control_client_sighandler);
- signal(SIGTERM, control_client_sighandler);
- signal(SIGWINCH, control_client_sigrelay);
-
- if (tty_flag)
- enter_raw_mode();
-
- /*
- * Stick around until the controlee closes the client_fd.
- * Before it does, it is expected to write this process' exit
- * value (one int). This process must read the value and wait for
- * the closure of the client_fd; if this one closes early, the
- * multiplex master will terminate early too (possibly losing data).
- */
- exitval[0] = 0;
- for (i = 0; !control_client_terminate && i < (int)sizeof(exitval);) {
- r = read(sock, (char *)exitval + i, sizeof(exitval) - i);
- if (r == 0) {
- debug2("Received EOF from master");
- break;
- }
- if (r == -1) {
- if (errno == EINTR)
- continue;
- fatal("%s: read %s", __func__, strerror(errno));
- }
- i += r;
- }
-
- close(sock);
- leave_raw_mode();
- if (i > (int)sizeof(int))
- fatal("%s: master returned too much data (%d > %lu)",
- __func__, i, sizeof(int));
- if (control_client_terminate) {
- debug2("Exiting on signal %d", control_client_terminate);
- exitval[0] = 255;
- } else if (i < (int)sizeof(int)) {
- debug2("Control master terminated unexpectedly");
- exitval[0] = 255;
- } else
- debug2("Received exit status from master %d", exitval[0]);
-
- if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
- fprintf(stderr, "Shared connection to %s closed.\r\n", host);
-
- exit(exitval[0]);
-}
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.105 2007/10/29 07:48:19 jmc Exp $
-.Dd $Mdocdate: December 2 2007 $
+.\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $
+.Dd $Mdocdate: June 26 2008 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
.Cm Host
keyword) to be only for those hosts that match one of the patterns
given after the keyword.
+If more than one pattern is provided, they should be separated by whitepsace.
A single
.Ql *
as a pattern can be used to provide global
connecting to the server.
The command string extends to the end of the line, and is executed with
the user's shell.
+The following escape character substitutions will be performed:
+.Ql %d
+(local user's home directory),
+.Ql %h
+(remote host name),
+.Ql %l
+(local host name),
+.Ql %n
+(host name as provided on the command line),
+.Ql %p
+(remote port),
+.Ql %r
+(remote user name) or
+.Ql %u
+(local user name).
This directive is ignored unless
.Cm PermitLocalCommand
has been enabled.
.Sx VERIFYING HOST KEYS
in
.Xr ssh 1 .
+.It Cm VisualHostKey
+If this flag is set to
+.Dq yes ,
+an ASCII art representation of the remote host key fingerprint is
+printed additionally to the hex fingerprint string.
+If this flag is set to
+.Dq no ,
+only the hex fingerprint string will be printed.
+The default is
+.Dq no .
.It Cm XAuthLocation
Specifies the full pathname of the
.Xr xauth 1
-/* $OpenBSD: sshconnect.c,v 1.203 2007/12/27 14:22:08 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.211 2008/07/01 07:24:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
static int show_other_keys(const char *, Key *);
static void warn_changed_key(Key *);
-static void
-ms_subtract_diff(struct timeval *start, int *ms)
-{
- struct timeval diff, finish;
-
- gettimeofday(&finish, NULL);
- timersub(&finish, start, &diff);
- *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000);
-}
-
-static void
-ms_to_timeval(struct timeval *tv, int ms)
-{
- tv->tv_sec = ms / 1000;
- tv->tv_usec = (ms % 1000) * 1000;
-}
-
/*
* Connect to the given ssh server using a proxy command.
*/
/* Set the connection file descriptors. */
packet_set_connection(pout[0], pin[1]);
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
/* Indicate OK return */
return 0;
hints.ai_socktype = ai->ai_socktype;
hints.ai_protocol = ai->ai_protocol;
hints.ai_flags = AI_PASSIVE;
- gaierr = getaddrinfo(options.bind_address, "0", &hints, &res);
+ gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
if (gaierr) {
error("getaddrinfo: %s: %s", options.bind_address,
ssh_gai_strerror(gaierr));
/* Set the connection. */
packet_set_connection(sock, sock);
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
return 0;
}
(options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
remote_major);
/* Send our own protocol version identification. */
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
compat20 ? PROTOCOL_MINOR_2 : minor1,
- SSH_RELEASE);
+ SSH_RELEASE, compat20 ? "\r\n" : "\n");
if (atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf))
fatal("write: %.100s", strerror(errno));
client_version_string = xstrdup(buf);
Key *file_key;
const char *type = key_type(host_key);
char *ip = NULL, *host = NULL;
- char hostline[1000], *hostp, *fp;
+ char hostline[1000], *hostp, *fp, *ra;
HostStatus host_status;
HostStatus ip_status;
int r, local = 0, host_ip_differ = 0;
int salen;
char ntop[NI_MAXHOST];
char msg[1024];
- int len, host_line, ip_line;
+ int len, host_line, ip_line, cancelled_forwarding = 0;
const char *host_file = NULL, *ip_file = NULL;
/*
} else {
ip = xstrdup("<no hostip for proxy command>");
}
+
/*
* Turn off check_host_ip if the connection is to localhost, via proxy
* command or if we don't have a hostname to compare with
logit("Warning: Permanently added the %s host "
"key for IP address '%.128s' to the list "
"of known hosts.", type, ip);
+ } else if (options.visual_host_key) {
+ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(host_key, SSH_FP_MD5,
+ SSH_FP_RANDOMART);
+ logit("Host key fingerprint is %s\n%s\n", fp, ra);
+ xfree(ra);
+ xfree(fp);
}
break;
case HOST_NEW:
snprintf(msg1, sizeof(msg1), ".");
/* The default */
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(host_key, SSH_FP_MD5,
+ SSH_FP_RANDOMART);
msg2[0] = '\0';
if (options.verify_host_key_dns) {
if (matching_host_key_dns)
snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be "
"established%s\n"
- "%s key fingerprint is %s.\n%s"
+ "%s key fingerprint is %s.%s%s\n%s"
"Are you sure you want to continue connecting "
"(yes/no)? ",
- host, ip, msg1, type, fp, msg2);
+ host, ip, msg1, type, fp,
+ options.visual_host_key ? "\n" : "",
+ options.visual_host_key ? ra : "",
+ msg2);
+ xfree(ra);
xfree(fp);
if (!confirm(msg))
goto fail;
error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("The %s host key for %s has changed,", type, host);
- error("and the key for the according IP address %s", ip);
+ error("and the key for the corresponding IP address %s", ip);
error("%s. This could either mean that", key_msg);
error("DNS SPOOFING is happening or the IP address for the host");
error("and its host key have changed at the same time.");
error("Password authentication is disabled to avoid "
"man-in-the-middle attacks.");
options.password_authentication = 0;
+ cancelled_forwarding = 1;
}
if (options.kbd_interactive_authentication) {
error("Keyboard-interactive authentication is disabled"
" to avoid man-in-the-middle attacks.");
options.kbd_interactive_authentication = 0;
options.challenge_response_authentication = 0;
+ cancelled_forwarding = 1;
}
if (options.challenge_response_authentication) {
error("Challenge/response authentication is disabled"
" to avoid man-in-the-middle attacks.");
options.challenge_response_authentication = 0;
+ cancelled_forwarding = 1;
}
if (options.forward_agent) {
error("Agent forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.forward_agent = 0;
+ cancelled_forwarding = 1;
}
if (options.forward_x11) {
error("X11 forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.forward_x11 = 0;
+ cancelled_forwarding = 1;
}
if (options.num_local_forwards > 0 ||
options.num_remote_forwards > 0) {
"man-in-the-middle attacks.");
options.num_local_forwards =
options.num_remote_forwards = 0;
+ cancelled_forwarding = 1;
}
if (options.tun_open != SSH_TUNMODE_NO) {
error("Tunnel forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.tun_open = SSH_TUNMODE_NO;
+ cancelled_forwarding = 1;
}
+ if (options.exit_on_forward_failure && cancelled_forwarding)
+ fatal("Error: forwarding disabled due to host key "
+ "check failure");
+
/*
* XXX Should permit the user to change to use the new id.
* This could be done by converting the host key to an
show_key_from_file(const char *file, const char *host, int keytype)
{
Key *found;
- char *fp;
+ char *fp, *ra;
int line, ret;
found = key_new(keytype);
if ((ret = lookup_key_in_hostfile_by_type(file, host,
keytype, found, &line))) {
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(found, SSH_FP_MD5, SSH_FP_RANDOMART);
logit("WARNING: %s key found for host %s\n"
"in %s:%d\n"
- "%s key fingerprint %s.",
+ "%s key fingerprint %s.\n%s\n",
key_type(found), host, file, line,
- key_type(found), fp);
+ key_type(found), fp, ra);
+ xfree(ra);
xfree(fp);
}
key_free(found);
-/* $OpenBSD: sshconnect2.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+#include <vis.h>
+#endif
#include "openbsd-compat/sys-queue.h"
void
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
- char *msg, *lang;
+ char *msg, *raw, *lang;
+ u_int len;
debug3("input_userauth_banner");
- msg = packet_get_string(NULL);
+ raw = packet_get_string(&len);
lang = packet_get_string(NULL);
- if (options.log_level >= SYSLOG_LEVEL_INFO)
+ if (options.log_level >= SYSLOG_LEVEL_INFO) {
+ if (len > 65536)
+ len = 65536;
+ msg = xmalloc(len * 4); /* max expansion from strnvis() */
+ strnvis(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL);
fprintf(stderr, "%s", msg);
- xfree(msg);
+ xfree(msg);
+ }
+ xfree(raw);
xfree(lang);
}
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.241 2008/03/27 22:37:57 jmc Exp $
-.Dd $Mdocdate: April 3 2008 $
+.\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSHD 8
.Os
.Sh NAME
.Sh SYNOPSIS
.Nm sshd
.Bk -words
-.Op Fl 46Ddeiqt
+.Op Fl 46DdeiqTt
.Op Fl b Ar bits
+.Op Fl C Ar connection_spec
.Op Fl f Ar config_file
.Op Fl g Ar login_grace_time
.Op Fl h Ar host_key_file
to use IPv6 addresses only.
.It Fl b Ar bits
Specifies the number of bits in the ephemeral protocol version 1
-server key (default 768).
+server key (default 1024).
+.It Fl C Ar connection_spec
+Specify the connection parameters to use for the
+.Fl T
+extended test mode.
+If provided, any
+.Cm Match
+directives in the configuration file
+that would apply to the specified user, host, and address will be set before
+the configuration is written to standard output.
+The connection parameters are supplied as keyword=value pairs.
+The keywords are
+.Dq user ,
+.Dq host ,
+and
+.Dq addr .
+All are required and may be supplied in any order, either with multiple
+.Fl C
+options or as a comma-separated list.
.It Fl D
When this option is specified,
.Nm
Nothing is sent to the system log.
Normally the beginning,
authentication, and termination of each connection is logged.
+.It Fl T
+Extended test mode.
+Check the validity of the configuration file, output the effective configuration
+to stdout and then exit.
+Optionally,
+.Cm Match
+rules may be applied by specifying the connection parameters using one or more
+.Fl C
+options.
.It Fl t
Test mode.
Only check the validity of the configuration file and sanity of the keys.
.Cm UseLogin
is enabled.
.It Cm from="pattern-list"
-Specifies that in addition to public key authentication, the canonical name
-of the remote host must be present in the comma-separated list of
-patterns.
-The purpose
-of this option is to optionally increase security: public key authentication
-by itself does not trust the network or name servers or anything (but
-the key); however, if somebody somehow steals the key, the key
-permits an intruder to log in from anywhere in the world.
-This additional option makes using a stolen key more difficult (name
-servers and/or routers would have to be compromised in addition to
-just the key).
-.Pp
+Specifies that in addition to public key authentication, either the canonical
+name of the remote host or its IP address must be present in the
+comma-separated list of patterns.
See
.Sx PATTERNS
in
.Xr ssh_config 5
for more information on patterns.
+.Pp
+In addition to the wildcard matching that may be applied to hostnames or
+addresses, a
+.Cm from
+stanza may match IP addressess using CIDR address/masklen notation.
+.Pp
+The purpose of this option is to optionally increase security: public key
+authentication by itself does not trust the network or name servers or
+anything (but the key); however, if somebody somehow steals the key, the key
+permits an intruder to log in from anywhere in the world.
+This additional option makes using a stolen key more difficult (name
+servers and/or routers would have to be compromised in addition to
+just the key).
.It Cm no-agent-forwarding
Forbids authentication agent forwarding when this key is used for
authentication.
-/* $OpenBSD: sshd.c,v 1.355 2008/02/14 13:10:31 mbalmer Exp $ */
+/* $OpenBSD: sshd.c,v 1.364 2008/07/10 18:08:11 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
# include <sys/time.h>
#endif
#include "openbsd-compat/sys-tree.h"
+#include "openbsd-compat/sys-queue.h"
#include <sys/wait.h>
#include <errno.h>
static void
generate_ephemeral_server_key(void)
{
- u_int32_t rnd = 0;
- int i;
-
verbose("Generating %s%d bit RSA key.",
sensitive_data.server_key ? "new " : "", options.server_key_bits);
if (sensitive_data.server_key != NULL)
options.server_key_bits);
verbose("RSA key generation complete.");
- for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- sensitive_data.ssh1_cookie[i] = rnd & 0xff;
- rnd >>= 8;
- }
+ arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
arc4random_stir();
}
int mismatch;
int remote_major, remote_minor;
int major, minor;
- char *s;
+ char *s, *newline = "\n";
char buf[256]; /* Must not be larger than remote_version. */
char remote_version[256]; /* Must be at least as big as buf. */
} else if (options.protocol & SSH_PROTO_2) {
major = PROTOCOL_MAJOR_2;
minor = PROTOCOL_MINOR_2;
+ newline = "\r\n";
} else {
major = PROTOCOL_MAJOR_1;
minor = PROTOCOL_MINOR_1;
}
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE);
+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
+ SSH_RELEASE, newline);
server_version_string = xstrdup(buf);
/* Send our protocol version identification. */
static void
privsep_preauth_child(void)
{
- u_int32_t rnd[256];
+ u_int32_t rnd[256];
gid_t gidset[1];
- u_int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
arc4random_stir();
- for (i = 0; i < 256; i++)
- rnd[i] = arc4random();
+ arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */
privsep_postauth(Authctxt *authctxt)
{
u_int32_t rnd[256];
- u_int i;
#ifdef DISABLE_FD_PASSING
if (1) {
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
- debug2("User child is on pid %ld", (long)pmonitor->m_pid);
+ verbose("User child is on pid %ld", (long)pmonitor->m_pid);
close(pmonitor->m_recvfd);
buffer_clear(&loginmsg);
monitor_child_postauth(pmonitor);
demote_sensitive_data();
arc4random_stir();
- for (i = 0; i < 256; i++)
- rnd[i] = arc4random();
+ arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
/* Drop privileges */
p *= startups - options.max_startups_begin;
p /= options.max_startups - options.max_startups_begin;
p += options.max_startups_rate;
- r = arc4random() % 100;
+ r = arc4random_uniform(100);
debug("drop_connection: p %d, r %d", p, r);
return (r < p) ? 1 : 0;
fprintf(stderr, "%s, %s\n",
SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
fprintf(stderr,
-"usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n"
-" [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n"
+"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file]\n"
+" [-g login_grace_time] [-h host_key_file] [-k key_gen_time]\n"
+" [-o option] [-p port] [-u len]\n"
);
exit(1);
}
*newsock = accept(listen_socks[i],
(struct sockaddr *)&from, &fromlen);
if (*newsock < 0) {
- if (errno != EINTR && errno != EWOULDBLOCK)
+ if (errno != EINTR && errno != EAGAIN &&
+ errno != EWOULDBLOCK)
error("accept: %.100s", strerror(errno));
continue;
}
int opt, i, on = 1;
int sock_in = -1, sock_out = -1, newsock = -1;
const char *remote_ip;
+ char *test_user = NULL, *test_host = NULL, *test_addr = NULL;
int remote_port;
- char *line;
+ char *line, *p, *cp;
int config_s[2] = { -1 , -1 };
+ u_int64_t ibytes, obytes;
+ mode_t new_umask;
Key *key;
Authctxt *authctxt;
initialize_server_options(&options);
/* Parse command-line arguments. */
- while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {
+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) {
switch (opt) {
case '4':
options.address_family = AF_INET;
case 't':
test_flag = 1;
break;
+ case 'T':
+ test_flag = 2;
+ break;
+ case 'C':
+ cp = optarg;
+ while ((p = strsep(&cp, ",")) && *p != '\0') {
+ if (strncmp(p, "addr=", 5) == 0)
+ test_addr = xstrdup(p + 5);
+ else if (strncmp(p, "host=", 5) == 0)
+ test_host = xstrdup(p + 5);
+ else if (strncmp(p, "user=", 5) == 0)
+ test_user = xstrdup(p + 5);
+ else {
+ fprintf(stderr, "Invalid test "
+ "mode specification %s\n", p);
+ exit(1);
+ }
+ }
+ break;
case 'u':
utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
if (utmp_len > MAXHOSTNAMELEN) {
sensitive_data.have_ssh1_key = 0;
sensitive_data.have_ssh2_key = 0;
+ /*
+ * If we're doing an extended config test, make sure we have all of
+ * the parameters we need. If we're not doing an extended test,
+ * do not silently ignore connection test params.
+ */
+ if (test_flag >= 2 &&
+ (test_user != NULL || test_host != NULL || test_addr != NULL)
+ && (test_user == NULL || test_host == NULL || test_addr == NULL))
+ fatal("user, host and addr are all required when testing "
+ "Match configs");
+ if (test_flag < 2 && (test_user != NULL || test_host != NULL ||
+ test_addr != NULL))
+ fatal("Config test connection parameter (-C) provided without "
+ "test mode (-T)");
+
/* Fetch our configuration */
buffer_init(&cfg);
if (rexeced_flag)
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
}
+ if (test_flag > 1) {
+ if (test_user != NULL && test_addr != NULL && test_host != NULL)
+ parse_server_match_config(&options, test_user,
+ test_host, test_addr);
+ dump_config(&options);
+ }
+
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
rexec_argv[rexec_argc + 1] = NULL;
}
+ /* Ensure that umask disallows at least group and world write */
+ new_umask = umask(0077) | 0022;
+ (void) umask(new_umask);
+
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && (!inetd_flag || rexeced_flag))
log_stderr = 1;
destroy_sensitive_data();
}
+ packet_set_timeout(options.client_alive_interval,
+ options.client_alive_count_max);
+
/* Start session. */
do_authenticated(authctxt);
/* The connection has been terminated. */
- verbose("Closing connection to %.100s", remote_ip);
+ packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
+ packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
+ verbose("Transferred: sent %llu, received %llu bytes", obytes, ibytes);
+
+ verbose("Closing connection to %.500s port %d", remote_ip, remote_port);
#ifdef USE_PAM
if (options.use_pam)
u_char session_key[SSH_SESSION_KEY_LENGTH];
u_char cookie[8];
u_int cipher_type, auth_mask, protocol_flags;
- u_int32_t rnd = 0;
/*
* Generate check bytes that the client must send back in the user
* cookie. This only affects rhosts authentication, and this is one
* of the reasons why it is inherently insecure.
*/
- for (i = 0; i < 8; i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- cookie[i] = rnd & 0xff;
- rnd >>= 8;
- }
+ arc4random_buf(cookie, sizeof(cookie));
/*
* Send our public key. We include in the packet 64 bits of random
-# $OpenBSD: sshd_config,v 1.77 2008/02/08 23:24:07 djm Exp $
+# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
-#ServerKeyBits 768
+#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
+#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
+#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $
-.Dd $Mdocdate: March 27 2008 $
+.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
(use IPv6 only).
The default is
.Dq any .
+.It Cm AllowAgentForwarding
+Specifies whether
+.Xr ssh-agent 1
+forwarding is permitted.
+The default is
+.Dq yes .
+Note that disabling agent forwarding does not improve security
+unless users are also denied shell access, as they can always install
+their own forwarders.
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.
set in the global section of the config file, until either another
.Cm Match
line or the end of the file.
+.Pp
The arguments to
.Cm Match
are one or more criteria-pattern pairs.
.Cm Host ,
and
.Cm Address .
+The match patterns may consist of single entries or comma-separated
+lists and may use the wildcard and negation operators described in the
+.Sx PATTERNS
+section of
+.Xr ssh_config 5 .
+.Pp
+The patterns in an
+.Cm Address
+criteria may additionally contain addresses to match in CIDR
+address/masklen format, e.g.\&
+.Dq 192.0.2.0/24
+or
+.Dq 3ffe:ffff::/32 .
+Note that the mask length provided must be consistent with the address -
+it is an error to specify a mask length that is too long for the address
+or one with bits set in this host portion of the address.
+For example,
+.Dq 192.0.2.0/33
+and
+.Dq 192.0.2.0/8
+respectively.
+.Pp
Only a subset of keywords may be used on the lines following a
.Cm Match
keyword.
Available keywords are
.Cm AllowTcpForwarding ,
.Cm Banner ,
+.Cm ChrootDirectory ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
-.Cm GSSApiAuthentication ,
+.Cm GSSAPIAuthentication ,
+.Cm HostbasedAuthentication ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
+.Cm MaxAuthTries ,
+.Cm MaxSessions ,
.Cm PasswordAuthentication ,
.Cm PermitOpen ,
.Cm PermitRootLogin ,
Once the number of failures reaches half this value,
additional failures are logged.
The default is 6.
+.It Cm MaxSessions
+Specifies the maximum number of open sessions permitted per network connection.
+The default is 10.
.It Cm MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the
SSH daemon.
This option applies to protocol version 1 only.
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
-The minimum value is 512, and the default is 768.
+The minimum value is 512, and the default is 1024.
.It Cm StrictModes
Specifies whether
.Xr sshd 8
-/* $OpenBSD: version.h,v 1.53 2008/04/03 09:50:14 djm Exp $ */
+/* $OpenBSD: version.h,v 1.54 2008/07/21 08:19:07 djm Exp $ */
#ifdef GSI
#define GSI_VERSION " GSI"
#define MGLUE_VERSION ""
#endif
-#define NCSA_VERSION " NCSA_GSSAPI_20080701"
+#define NCSA_VERSION " NCSA_GSSAPI_20080727"
-#define SSH_VERSION "OpenSSH_5.0"
+#define SSH_VERSION "OpenSSH_5.1"
#define SSH_PORTABLE "p1"
#define SSH_HPN "-hpn13v1"