From d3057ca4cf3225dc431e13e2cdb7c3e8a1ee73d5 Mon Sep 17 00:00:00 2001 From: basney Date: Wed, 30 Jul 2008 20:38:28 +0000 Subject: [PATCH] Merged hpn13v5 to trunk. --- openssh/auth2.c | 3 +- openssh/buffer.c | 4 +- openssh/channels.c | 36 +++-- openssh/channels.h | 11 +- openssh/clientloop.c | 18 +-- openssh/packet.c | 4 +- openssh/progressmeter.c | 22 ++- openssh/readconf.c | 14 +- openssh/readconf.h | 4 +- openssh/servconf.c | 28 ++-- openssh/serverloop.c | 5 +- openssh/session.c | 12 +- openssh/sftp.1 | 311 ++++++++++++++++++++++++++++++++++------ openssh/sftp.c | 2 +- openssh/ssh.c | 73 +++++----- openssh/sshconnect.c | 3 + openssh/sshconnect2.c | 5 + openssh/sshd.c | 3 + openssh/sshd_config | 1 - openssh/version.h | 4 +- 20 files changed, 419 insertions(+), 144 deletions(-) diff --git a/openssh/auth2.c b/openssh/auth2.c index a7553ce..9227c63 100644 --- a/openssh/auth2.c +++ b/openssh/auth2.c @@ -252,7 +252,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) user[0] ? user : "", service, method); if (!log_flag) { logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s", - get_remote_ipaddr(), get_remote_port(), user); + get_remote_ipaddr(), get_remote_port(), + user[0] ? user : ""); log_flag = 1; } debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); diff --git a/openssh/buffer.c b/openssh/buffer.c index 1c04cab..cb0b620 100644 --- a/openssh/buffer.c +++ b/openssh/buffer.c @@ -127,9 +127,7 @@ restart: /* Increase the size of the buffer and retry. */ newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ); - /* need it to be slightly larger than the MAX LEN for this */ - /* still investigating *why* but this works for now -cjr */ - if (newlen > (BUFFER_MAX_LEN_HPN + BUFFER_MAX_LEN)) + if (newlen > BUFFER_MAX_LEN_HPN) fatal("buffer_append_space: alloc %u not supported", newlen); buffer->buf = xrealloc(buffer->buf, 1, newlen); diff --git a/openssh/channels.c b/openssh/channels.c index 9806583..9dd954a 100644 --- a/openssh/channels.c +++ b/openssh/channels.c @@ -169,8 +169,14 @@ static void port_open_helper(Channel *c, char *rtype); static int connect_next(struct channel_connect *); static void channel_connect_ctx_free(struct channel_connect *); + +static int hpn_disabled = 0; +static int hpn_buffer_size = 2 * 1024 * 1024; + /* -- channel core */ + + Channel * channel_by_id(int id) { @@ -2442,10 +2448,18 @@ channel_set_af(int af) IPv4or6 = af; } + +void +channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size) +{ + hpn_disabled = external_hpn_disabled; + hpn_buffer_size = external_hpn_buffer_size; + debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size); +} + static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports, - int hpn_disabled, int hpn_buffer_size) + const char *host_to_connect, u_short port_to_connect, int gateway_ports) { Channel *c; int sock, r, success = 0, wildcard = 0, is_client; @@ -2604,22 +2618,20 @@ channel_cancel_rport_listener(const char *host, u_short port) /* protocol local port fwd, used by ssh (and sshd in v1) */ int channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports, - int hpn_disabled, int hpn_buffer_size) + const char *host_to_connect, u_short port_to_connect, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, listen_host, listen_port, host_to_connect, port_to_connect, - gateway_ports, hpn_disabled, hpn_buffer_size); + gateway_ports); } /* protocol v2 remote port fwd, used by sshd */ int channel_setup_remote_fwd_listener(const char *listen_address, - u_short listen_port, int gateway_ports, int hpn_disabled, int hpn_buffer_size) + u_short listen_port, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, - listen_address, listen_port, NULL, 0, gateway_ports, - hpn_disabled, hpn_buffer_size); + listen_address, listen_port, NULL, 0, gateway_ports); } /* @@ -2734,8 +2746,7 @@ channel_request_rforward_cancel(const char *host, u_short port) * message if there was an error). */ int -channel_input_port_forward_request(int is_root, int gateway_ports, - int hpn_disabled, int hpn_buffer_size) +channel_input_port_forward_request(int is_root, int gateway_ports) { u_short port, host_port; int success = 0; @@ -2761,7 +2772,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports, /* Initiate forwarding */ success = channel_setup_local_fwd_listener(NULL, port, hostname, - host_port, gateway_ports, hpn_disabled, hpn_buffer_size); + host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); @@ -3017,8 +3028,7 @@ channel_send_window_changes(void) */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, - int single_connection, u_int *display_numberp, int **chanids, - int hpn_disabled, int hpn_buffer_size) + int single_connection, u_int *display_numberp, int **chanids) { Channel *nc = NULL; int display_number, sock; diff --git a/openssh/channels.h b/openssh/channels.h index 776fbc8..419c009 100644 --- a/openssh/channels.h +++ b/openssh/channels.h @@ -243,21 +243,21 @@ int channel_add_adm_permitted_opens(char *, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); -int channel_input_port_forward_request(int, int, int, int); +int channel_input_port_forward_request(int, int); Channel *channel_connect_to(const char *, u_short, char *, char *); Channel *channel_connect_by_listen_address(u_short, char *, char *); int channel_request_remote_forwarding(const char *, u_short, const char *, u_short); int channel_setup_local_fwd_listener(const char *, u_short, - const char *, u_short, int, int, int); + const char *, u_short, int); void channel_request_rforward_cancel(const char *host, u_short port); -int channel_setup_remote_fwd_listener(const char *, u_short, int, int, int); +int channel_setup_remote_fwd_listener(const char *, u_short, int); int channel_cancel_rport_listener(const char *, u_short); /* x11 forwarding */ int x11_connect_display(void); -int x11_create_display_inet(int, int, int, u_int *, int **, int, int); +int x11_create_display_inet(int, int, int, u_int *, int **); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *, const char *); @@ -283,4 +283,7 @@ void chan_rcvd_ieof(Channel *); void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); +/* hpn handler */ +void channel_set_hpn(int, int); + #endif diff --git a/openssh/clientloop.c b/openssh/clientloop.c index 86b1853..d1f2f46 100644 --- a/openssh/clientloop.c +++ b/openssh/clientloop.c @@ -850,8 +850,7 @@ process_cmdline(void) if (local) { if (channel_setup_local_fwd_listener(fwd.listen_host, fwd.listen_port, fwd.connect_host, - fwd.connect_port, options.gateway_ports, - options.hpn_disabled, options.hpn_buffer_size) < 0) { + fwd.connect_port, options.gateway_ports) < 0) { logit("Port forwarding failed."); goto out; } @@ -1711,17 +1710,16 @@ client_request_agent(const char *request_type, int rchan) sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; - /* not sure this is really needed here either */ if (options.hpn_disabled) c = channel_new("authentication agent connection", SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, - "authentication agent connection", 1); - else - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - options.hpn_buffer_size, options.hpn_buffer_size, 0, + CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, "authentication agent connection", 1); + else + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, + options.hpn_buffer_size, options.hpn_buffer_size, 0, + "authentication agent connection", 1); c->force_drain = 1; return c; } @@ -1758,6 +1756,8 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) 0, "tun", 1); c->datagram = 1; + + #if defined(SSH_TUN_FILTER) if (options.tun_open == SSH_TUNMODE_POINTOPOINT) channel_register_filter(c->self, sys_tun_infilter, diff --git a/openssh/packet.c b/openssh/packet.c index 9f1d824..695a0b3 100644 --- a/openssh/packet.c +++ b/openssh/packet.c @@ -1499,7 +1499,7 @@ packet_write_poll(void) if (len == -1) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) - return; + return (0); fatal("Write failed: %.100s", strerror(errno)); } if (len == 0) @@ -1519,9 +1519,9 @@ int packet_write_wait(void) { fd_set *setp; - u_int bytes_sent = 0; int ret, ms_remain; struct timeval start, timeout, *timeoutp = NULL; + u_int bytes_sent = 0; setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), sizeof(fd_mask)); diff --git a/openssh/progressmeter.c b/openssh/progressmeter.c index 0f95222..79d13ba 100644 --- a/openssh/progressmeter.c +++ b/openssh/progressmeter.c @@ -68,6 +68,8 @@ static time_t last_update; /* last progress update */ static char *file; /* name of the file being transferred */ static off_t end_pos; /* ending position of transfer */ static off_t cur_pos; /* transfer position as of last refresh */ +static off_t last_pos; +static off_t max_delta_pos = 0; static volatile off_t *counter; /* progress counter */ static long stalled; /* how long we have been stalled */ static int bytes_per_second; /* current speed in bytes per second */ @@ -128,12 +130,17 @@ refresh_progress_meter(void) int hours, minutes, seconds; int i, len; int file_len; + off_t delta_pos; transferred = *counter - cur_pos; cur_pos = *counter; now = time(NULL); bytes_left = end_pos - cur_pos; + delta_pos = cur_pos - last_pos; + if (delta_pos > max_delta_pos) + max_delta_pos = delta_pos; + if (bytes_left > 0) elapsed = now - last_update; else { @@ -158,7 +165,7 @@ refresh_progress_meter(void) /* filename */ buf[0] = '\0'; - file_len = win_size - 35; + file_len = win_size - 45; if (file_len > 0) { len = snprintf(buf, file_len + 1, "\r%s", file); if (len < 0) @@ -175,7 +182,8 @@ refresh_progress_meter(void) percent = ((float)cur_pos / end_pos) * 100; else percent = 100; - snprintf(buf + strlen(buf), win_size - strlen(buf), + + snprintf(buf + strlen(buf), win_size - strlen(buf-8), " %3d%% ", percent); /* amount transferred */ @@ -188,6 +196,15 @@ refresh_progress_meter(void) (off_t)bytes_per_second); strlcat(buf, "/s ", win_size); + /* instantaneous rate */ + if (bytes_left > 0) + format_rate(buf + strlen(buf), win_size - strlen(buf), + delta_pos); + else + format_rate(buf + strlen(buf), win_size - strlen(buf), + max_delta_pos); + strlcat(buf, "/s ", win_size); + /* ETA */ if (!transferred) stalled += elapsed; @@ -224,6 +241,7 @@ refresh_progress_meter(void) atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1); last_update = now; + last_pos = cur_pos; } /*ARGSUSED*/ diff --git a/openssh/readconf.c b/openssh/readconf.c index 791d9e4..7d248fe 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -132,9 +132,9 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, + oVisualHostKey, oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled, oHPNBufferSize, - oVisualHostKey, oDeprecated, oUnsupported } OpCodes; @@ -242,6 +242,12 @@ static struct { { "hpndisabled", oHPNDisabled }, { "hpnbuffersize", oHPNBufferSize }, { "visualhostkey", oVisualHostKey }, + { "noneenabled", oNoneEnabled }, + { "tcprcvbufpoll", oTcpRcvBufPoll }, + { "tcprcvbuf", oTcpRcvBuf }, + { "noneswitch", oNoneSwitch }, + { "hpndisabled", oHPNDisabled }, + { "hpnbuffersize", oHPNBufferSize }, { NULL, oBadOption } }; @@ -1137,6 +1143,12 @@ initialize_options(Options * options) options->tcp_rcv_buf_poll = -1; options->tcp_rcv_buf = -1; options->visual_host_key = -1; + options->none_switch = -1; + options->none_enabled = -1; + options->hpn_disabled = -1; + options->hpn_buffer_size = -1; + options->tcp_rcv_buf_poll = -1; + options->tcp_rcv_buf = -1; } /* diff --git a/openssh/readconf.h b/openssh/readconf.h index aa6b082..a1fb309 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -110,8 +110,8 @@ typedef struct { int enable_ssh_keysign; int64_t rekey_limit; - int none_switch; /* Use none cipher */ - int none_enabled; /* Allow none to be used */ + int none_switch; /* Use none cipher */ + int none_enabled; /* Allow none to be used */ int no_host_authentication_for_localhost; int identities_only; int server_alive_interval; diff --git a/openssh/servconf.c b/openssh/servconf.c index 3194f85..8b8b995 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -136,15 +136,16 @@ initialize_server_options(ServerOptions *options) options->num_permitted_opens = -1; options->adm_forced_command = NULL; options->chroot_directory = NULL; - options->none_enabled = -1; - options->tcp_rcv_buf_poll = -1; - options->hpn_disabled = -1; - options->hpn_buffer_size = -1; + options->none_enabled = -1; + options->tcp_rcv_buf_poll = -1; + options->hpn_disabled = -1; + options->hpn_buffer_size = -1; } void fill_default_server_options(ServerOptions *options) { + /* needed for hpn socket tests */ int sock; int socksize; int socksizelen = sizeof(int); @@ -307,10 +308,10 @@ fill_default_server_options(ServerOptions *options) } else { /* we have to do this incase the user sets both values in a contradictory */ /* manner. hpn_disabled overrrides hpn_buffer_size*/ - if (options->hpn_disabled <= 0) { - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1; - /* limit the maximum buffer to 64MB */ + if (options->hpn_disabled <= 0) { + if (options->hpn_buffer_size == 0) + options->hpn_buffer_size = 1; + /* limit the maximum buffer to 64MB */ if (options->hpn_buffer_size > 64*1024) { options->hpn_buffer_size = 64*1024*1024; } else { @@ -371,9 +372,8 @@ typedef enum { sGsiAllowLimitedProxy, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sNoneEnabled, sTcpRcvBufPoll, - sHPNDisabled, sHPNBufferSize, sUsePrivilegeSeparation, sAllowAgentForwarding, + sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sDeprecated, sUnsupported } ServerOpCodes; @@ -506,10 +506,10 @@ static struct { { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, - { "noneenabled", sNoneEnabled }, - { "hpndisabled", sHPNDisabled }, - { "hpnbuffersize", sHPNBufferSize }, - { "tcprcvbufpoll", sTcpRcvBufPoll }, + { "noneenabled", sNoneEnabled }, + { "hpndisabled", sHPNDisabled }, + { "hpnbuffersize", sHPNBufferSize }, + { "tcprcvbufpoll", sTcpRcvBufPoll }, { NULL, sBadOption, 0 } }; diff --git a/openssh/serverloop.c b/openssh/serverloop.c index 53d2335..2955e11 100644 --- a/openssh/serverloop.c +++ b/openssh/serverloop.c @@ -1058,7 +1058,7 @@ server_request_session(void) c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); - if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) + if ((options.tcp_rcv_buf_poll) && (!options.hpn_disabled)) c->dynamic_window = 1; if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); @@ -1156,8 +1156,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) } else { /* Start listening on the port */ success = channel_setup_remote_fwd_listener( - listen_address, listen_port, options.gateway_ports, - options.hpn_disabled, options.hpn_buffer_size); + listen_address, listen_port, options.gateway_ports); } xfree(listen_address); } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { diff --git a/openssh/session.c b/openssh/session.c index 8066914..940e722 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -396,8 +396,7 @@ do_authenticated1(Authctxt *authctxt) } debug("Received TCP/IP port forwarding request."); if (channel_input_port_forward_request(s->pw->pw_uid == 0, - options.gateway_ports, options.hpn_disabled, - options.hpn_buffer_size) < 0) { + options.gateway_ports) < 0) { debug("Port forwarding failed."); break; } @@ -2512,10 +2511,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) */ if (s->chanid == -1) fatal("no channel for session %d", s->self); + if (options.hpn_disabled) channel_set_fds(s->chanid, fdout, fdin, fderr, fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, 1, is_tty, CHAN_SES_WINDOW_DEFAULT); + else + channel_set_fds(s->chanid, + fdout, fdin, fderr, + fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + 1, is_tty, options.hpn_buffer_size); } /* @@ -2861,8 +2866,7 @@ session_setup_x11fwd(Session *s) } if (x11_create_display_inet(options.x11_display_offset, options.x11_use_localhost, s->single_connection, - &s->display_number, &s->x11_chanids, - options.hpn_disabled, options.hpn_buffer_size) == -1) { + &s->display_number, &s->x11_chanids) == -1) { debug("x11_create_display_inet failed."); return 0; } diff --git a/openssh/sftp.1 b/openssh/sftp.1 index 0cc4e2b..c574430 100644 --- a/openssh/sftp.1 +++ b/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.26 2001/09/17 20:38:09 stevesk Exp $ +.\" $OpenBSD: sftp.1,v 1.67 2008/07/15 02:23:14 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,25 +22,37 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd February 4, 2001 +.Dd $Mdocdate: July 15 2008 $ .Dt SFTP 1 .Os .Sh NAME .Nm sftp -.Nd Secure file transfer program +.Nd secure file transfer program .Sh SYNOPSIS .Nm sftp +.Bk -words .Op Fl 1Cv +.Op Fl B Ar buffer_size .Op Fl b Ar batchfile .Op Fl F Ar ssh_config .Op Fl o Ar ssh_option -.Op Fl s Ar subsystem | sftp_server +.Op Fl P Ar sftp_server_path +.Op Fl R Ar num_requests .Op Fl S Ar program +.Op Fl s Ar subsystem | sftp_server .Ar host +.Ek .Nm sftp -.Op [\fIuser\fR@]\fIhost\fR[:\fIfile\fR [\fIfile\fR]] +.Oo Oo Ar user Ns @ Oc Ns +.Ar host Ns Oo : Ns Ar file Oo +.Ar file Oc Oc Oc .Nm sftp -.Op [\fIuser\fR@]\fIhost\fR[:\fIdir\fR[\fI/\fR]] +.Oo Oo Ar user Ns @ Oc Ns +.Ar host Ns Oo : Ns Ar dir Ns +.Oo Ar / Oc Oc Oc +.Nm sftp +.Fl b Ar batchfile +.Oo Ar user Ns @ Oc Ns Ar host .Sh DESCRIPTION .Nm is an interactive file transfer program, similar to @@ -59,12 +71,30 @@ The second usage format will retrieve files automatically if a non-interactive authentication method is used; otherwise it will do so after successful interactive authentication. .Pp -The last usage format allows the sftp client to start in a remote directory. +The third usage format allows +.Nm +to start in a remote directory. .Pp +The final usage format allows for automated sessions using the +.Fl b +option. +In such cases, it is necessary to configure non-interactive authentication +to obviate the need to enter a password at connection time (see +.Xr sshd 8 +and +.Xr ssh-keygen 1 +for details). The options are as follows: .Bl -tag -width Ds .It Fl 1 Specify the use of protocol version 1. +.It Fl B Ar buffer_size +Specify the size of the buffer that +.Nm +uses when transferring files. +Larger buffers require fewer round trips at the cost of higher +memory consumption. +The default is 32768 bytes. .It Fl b Ar batchfile Batch mode reads a series of commands from an input .Ar batchfile @@ -72,12 +102,25 @@ instead of .Em stdin . Since it lacks user interaction it should be used in conjunction with non-interactive authentication. +A +.Ar batchfile +of +.Sq \- +may be used to indicate standard input. .Nm will abort if any of the following commands fail: -.Ic get , put , rename , ln , rm , mkdir , chdir , lchdir +.Ic get , put , rename , ln , +.Ic rm , mkdir , chdir , ls , +.Ic lchdir , chmod , chown , +.Ic chgrp , lpwd , df , and .Ic lmkdir . +Termination on error can be suppressed on a command by command basis by +prefixing the command with a +.Sq \- +character (for example, +.Ic -rm /tmp/blah* ) . .It Fl C Enables compression (via ssh's .Fl C @@ -85,26 +128,84 @@ flag). .It Fl F Ar ssh_config Specifies an alternative per-user configuration file for -.Nm ssh . +.Xr ssh 1 . This option is directly passed to .Xr ssh 1 . .It Fl o Ar ssh_option Can be used to pass options to .Nm ssh -in the format used in the -.Xr ssh 1 -configuration file. This is useful for specifying options +in the format used in +.Xr ssh_config 5 . +This is useful for specifying options for which there is no separate .Nm sftp -command-line flag. For example, to specify an alternate -port use: +command-line flag. +For example, to specify an alternate port use: .Ic sftp -oPort=24 . -.It Fl s Ar subsystem | sftp_server -Specifies the SSH2 subsystem or the path for an sftp server -on the remote host. A path is useful for using sftp over -protocol version 1, or when the remote -.Nm sshd -does not have an sftp subsystem configured. +For full details of the options listed below, and their possible values, see +.Xr ssh_config 5 . +.Pp +.Bl -tag -width Ds -offset indent -compact +.It AddressFamily +.It BatchMode +.It BindAddress +.It ChallengeResponseAuthentication +.It CheckHostIP +.It Cipher +.It Ciphers +.It Compression +.It CompressionLevel +.It ConnectionAttempts +.It ConnectTimeout +.It ControlMaster +.It ControlPath +.It GlobalKnownHostsFile +.It GSSAPIAuthentication +.It GSSAPIDelegateCredentials +.It HashKnownHosts +.It Host +.It HostbasedAuthentication +.It HostKeyAlgorithms +.It HostKeyAlias +.It HostName +.It IdentityFile +.It IdentitiesOnly +.It KbdInteractiveDevices +.It LogLevel +.It MACs +.It NoHostAuthenticationForLocalhost +.It NumberOfPasswordPrompts +.It PasswordAuthentication +.It Port +.It PreferredAuthentications +.It Protocol +.It ProxyCommand +.It PubkeyAuthentication +.It RekeyLimit +.It RhostsRSAAuthentication +.It RSAAuthentication +.It SendEnv +.It ServerAliveInterval +.It ServerAliveCountMax +.It SmartcardDevice +.It StrictHostKeyChecking +.It TCPKeepAlive +.It UsePrivilegedPort +.It User +.It UserKnownHostsFile +.It VerifyHostKeyDNS +.El +.It Fl P Ar sftp_server_path +Connect directly to a local sftp server +(rather than via +.Xr ssh 1 ) . +This option may be useful in debugging the client and server. +.It Fl R Ar num_requests +Specify how many requests may be outstanding at any one time. +Increasing this may slightly improve file transfer speed +but will increase memory usage. +The default is 256 outstanding requests providing for 8MB +of outstanding data with a 32KB buffer. .It Fl S Ar program Name of the .Ar program @@ -112,30 +213,45 @@ to use for the encrypted connection. The program must understand .Xr ssh 1 options. +.It Fl s Ar subsystem | sftp_server +Specifies the SSH2 subsystem or the path for an sftp server +on the remote host. +A path is useful for using +.Nm +over protocol version 1, or when the remote +.Xr sshd 8 +does not have an sftp subsystem configured. .It Fl v -Raise logging level. This option is also passed to ssh. +Raise logging level. +This option is also passed to ssh. .El .Sh INTERACTIVE COMMANDS Once in interactive mode, .Nm understands a set of commands similar to those of .Xr ftp 1 . -Commands are case insensitive and pathnames may be enclosed in quotes if they -contain spaces. +Commands are case insensitive. +Pathnames that contain spaces must be enclosed in quotes. +Any special characters contained within pathnames that are recognized by +.Xr glob 3 +must be escaped with backslashes +.Pq Sq \e . .Bl -tag -width Ds .It Ic bye -Quit sftp. +Quit +.Nm sftp . .It Ic cd Ar path Change remote directory to .Ar path . -.It Ic lcd Ar path -Change local directory to -.Ar path . .It Ic chgrp Ar grp Ar path Change group of file .Ar path to .Ar grp . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Ar grp must be a numeric GID. .It Ic chmod Ar mode Ar path @@ -143,17 +259,44 @@ Change permissions of file .Ar path to .Ar mode . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .It Ic chown Ar own Ar path Change owner of file .Ar path to .Ar own . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Ar own must be a numeric UID. +.It Xo Ic df +.Op Fl hi +.Op Ar path +.Xc +Display usage information for the filesystem holding the current directory +(or +.Ar path +if specified). +If the +.Fl h +flag is specified, the capacity information will be displayed using +"human-readable" suffixes. +The +.Fl i +flag requests display of inode information in addition to capacity information. +This command is only supported on servers that implement the +.Dq statvfs@openssh.com +extension. .It Ic exit -Quit sftp. +Quit +.Nm sftp . .It Xo Ic get -.Op Ar flags +.Op Fl P .Ar remote-path .Op Ar local-path .Xc @@ -162,18 +305,39 @@ Retrieve the and store it on the local machine. If the local path name is not specified, it is given the same name it has on the -remote machine. If the +remote machine. +.Ar remote-path +may contain +.Xr glob 3 +characters and may match multiple files. +If it does and +.Ar local-path +is specified, then +.Ar local-path +must specify a directory. +If the .Fl P -flag is specified, then the file's full permission and access time are +flag is specified, then full file permissions and access times are copied too. .It Ic help Display help text. +.It Ic lcd Ar path +Change local directory to +.Ar path . .It Ic lls Op Ar ls-options Op Ar path Display local directory listing of either .Ar path or current directory if .Ar path is not specified. +.Ar ls-options +may contain any flags supported by the local system's +.Xr ls 1 +command. +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .It Ic lmkdir Ar path Create local directory specified by .Ar path . @@ -184,66 +348,119 @@ to .Ar newpath . .It Ic lpwd Print local working directory. -.It Ic ls Op Ar path -Display remote directory listing of either +.It Xo Ic ls +.Op Fl 1aflnrSt +.Op Ar path +.Xc +Display a remote directory listing of either .Ar path -or current directory if +or the current directory if .Ar path is not specified. +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. +.Pp +The following flags are recognized and alter the behaviour of +.Ic ls +accordingly: +.Bl -tag -width Ds +.It Fl 1 +Produce single columnar output. +.It Fl a +List files beginning with a dot +.Pq Sq \&. . +.It Fl f +Do not sort the listing. +The default sort order is lexicographical. +.It Fl l +Display additional details including permissions +and ownership information. +.It Fl n +Produce a long listing with user and group information presented +numerically. +.It Fl r +Reverse the sort order of the listing. +.It Fl S +Sort the listing by file size. +.It Fl t +Sort the listing by last modification time. +.El .It Ic lumask Ar umask Set local umask to .Ar umask . .It Ic mkdir Ar path Create remote directory specified by .Ar path . +.It Ic progress +Toggle display of progress meter. .It Xo Ic put -.Op Ar flags +.Op Fl P .Ar local-path -.Op Ar local-path +.Op Ar remote-path .Xc Upload .Ar local-path -and store it on the remote machine. If the remote path name is not -specified, it is given the same name it has on the local machine. If the +and store it on the remote machine. +If the remote path name is not specified, it is given the same name it has +on the local machine. +.Ar local-path +may contain +.Xr glob 3 +characters and may match multiple files. +If it does and +.Ar remote-path +is specified, then +.Ar remote-path +must specify a directory. +If the .Fl P flag is specified, then the file's full permission and access time are copied too. .It Ic pwd Display remote working directory. .It Ic quit -Quit sftp. +Quit +.Nm sftp . .It Ic rename Ar oldpath Ar newpath Rename remote file from .Ar oldpath to .Ar newpath . -.It Ic rmdir Ar path -Remove remote directory specified by -.Ar path . .It Ic rm Ar path Delete remote file specified by .Ar path . +.It Ic rmdir Ar path +Remove remote directory specified by +.Ar path . .It Ic symlink Ar oldpath Ar newpath Create a symbolic link from .Ar oldpath to .Ar newpath . -.It Ic ! Ar command +.It Ic version +Display the +.Nm +protocol version. +.It Ic \&! Ar command Execute .Ar command in local shell. -.It Ic ! +.It Ic \&! Escape to local shell. -.It Ic ? +.It Ic \&? Synonym for help. .El -.Sh AUTHORS -Damien Miller .Sh SEE ALSO +.Xr ftp 1 , +.Xr ls 1 , .Xr scp 1 , .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-keygen 1 , +.Xr glob 3 , +.Xr ssh_config 5 , .Xr sftp-server 8 , .Xr sshd 8 .Rs diff --git a/openssh/sftp.c b/openssh/sftp.c index e1aa49d..e7cb9cf 100644 --- a/openssh/sftp.c +++ b/openssh/sftp.c @@ -75,7 +75,7 @@ int batchmode = 0; size_t copy_buffer_len = 32768; /* Number of concurrent outstanding requests */ -size_t num_requests = 64; +size_t num_requests = 256; /* PID of ssh transport process */ static pid_t sshpid = -1; diff --git a/openssh/ssh.c b/openssh/ssh.c index 346f16b..3fed774 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -504,13 +504,6 @@ main(int ac, char **av) no_shell_flag = 1; no_tty_flag = 1; break; - case 'T': - no_tty_flag = 1; - /* ensure that the user doesn't try to backdoor a */ - /* null cipher switch on an interactive session */ - /* so explicitly disable it no matter what */ - options.none_switch=0; - break; case 'o': dummy = 1; line = xstrdup(optarg); @@ -519,6 +512,13 @@ main(int ac, char **av) exit(255); xfree(line); break; + case 'T': + no_tty_flag = 1; + /* ensure that the user doesn't try to backdoor a */ + /* null cipher switch on an interactive session */ + /* so explicitly disable it no matter what */ + options.none_switch=0; + break; case 's': subsystem_flag = 1; break; @@ -922,8 +922,7 @@ ssh_init_forwarding(void) options.local_forwards[i].listen_port, options.local_forwards[i].connect_host, options.local_forwards[i].connect_port, - options.gateway_ports, options.hpn_disabled, - options.hpn_buffer_size); + options.gateway_ports); } if (i > 0 && success != i && options.exit_on_forward_failure) fatal("Could not request local forwarding."); @@ -1217,43 +1216,46 @@ ssh_session2_open(void) /* to no. In which case we *can* just set the window to the */ /* minimum of the hpn buffer size and tcp receive buffer size */ - if(options.hpn_disabled) - { + if (tty_flag) options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; - } - else if (datafellows & SSH_BUG_LARGEWINDOW) + else + options.hpn_buffer_size = 2*1024*1024; + + if (datafellows & SSH_BUG_LARGEWINDOW) { debug("HPN to Non-HPN Connection"); - if (options.hpn_buffer_size < 0) - options.hpn_buffer_size = 2*1024*1024; } else { - if (options.hpn_buffer_size < 0) - options.hpn_buffer_size = BUFFER_MAX_LEN_HPN; - - /*create a socket but don't connect it */ - /* we use that the get the rcv socket size */ - sock = socket(AF_INET, SOCK_STREAM, 0); - /* if they are using the tcp_rcv_buf option */ - /* attempt to set the buffer size to that */ - if (options.tcp_rcv_buf) - setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, - sizeof(options.tcp_rcv_buf)); - getsockopt(sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen); - close(sock); - debug("socksize %d", socksize); if (options.tcp_rcv_buf_poll <= 0) { - options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size); - debug ("MIN of TCP RWIN and HPNBufferSize: %d", options.hpn_buffer_size); + sock = socket(AF_INET, SOCK_STREAM, 0); + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, + &socksize, &socksizelen); + close(sock); + debug("socksize %d", socksize); + options.hpn_buffer_size = socksize; + debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size); } else { if (options.tcp_rcv_buf > 0) - options.hpn_buffer_size = MIN(options.tcp_rcv_buf, options.hpn_buffer_size); - debug ("MIN of TCPRcvBuf and HPNBufferSize: %d", options.hpn_buffer_size); + { + /*create a socket but don't connect it */ + /* we use that the get the rcv socket size */ + sock = socket(AF_INET, SOCK_STREAM, 0); + /* if they are using the tcp_rcv_buf option */ + /* attempt to set the buffer size to that */ + if (options.tcp_rcv_buf) + setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, + sizeof(options.tcp_rcv_buf)); + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, + &socksize, &socksizelen); + close(sock); + debug("socksize %d", socksize); + options.hpn_buffer_size = socksize; + debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size); + } } } @@ -1262,6 +1264,8 @@ ssh_session2_open(void) window = options.hpn_buffer_size; + channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); + packetmax = CHAN_SES_PACKET_DEFAULT; if (tty_flag) { window = 4*CHAN_SES_PACKET_DEFAULT; @@ -1272,7 +1276,6 @@ ssh_session2_open(void) "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); - if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) { c->dynamic_window = 1; debug ("Enabled Dynamic Window Scaling\n"); diff --git a/openssh/sshconnect.c b/openssh/sshconnect.c index a818a08..2a7766f 100644 --- a/openssh/sshconnect.c +++ b/openssh/sshconnect.c @@ -229,6 +229,9 @@ ssh_create_socket(int privileged, struct addrinfo *ai) if (options.tcp_rcv_buf > 0) ssh_set_socket_recvbuf(sock); + if (options.tcp_rcv_buf > 0) + ssh_set_socket_recvbuf(sock); + /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL) return sock; diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index faa1d94..a61b99c 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -82,6 +82,11 @@ extern Options options; extern int tty_flag; +/* tty_flag is set in ssh.c. use this in ssh_userauth2 */ +/* if it is set then prevent the switch to the null cipher */ + +extern int tty_flag; + /* * SSH2 key exchange */ diff --git a/openssh/sshd.c b/openssh/sshd.c index 7ca1ab1..ac1d469 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -1892,6 +1892,9 @@ main(int ac, char **av) } #endif + /* set the HPN options for the child */ + channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); + /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is diff --git a/openssh/sshd_config b/openssh/sshd_config index a5dc326..cf5d1d0 100644 --- a/openssh/sshd_config +++ b/openssh/sshd_config @@ -120,7 +120,6 @@ Protocol 2 # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server - # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes diff --git a/openssh/version.h b/openssh/version.h index c9027d5..dd04635 100644 --- a/openssh/version.h +++ b/openssh/version.h @@ -18,11 +18,11 @@ #define MGLUE_VERSION "" #endif -#define NCSA_VERSION " NCSA_GSSAPI_20080727" +#define NCSA_VERSION " GLOBUS_GSSAPI_20080730" #define SSH_VERSION "OpenSSH_5.1" #define SSH_PORTABLE "p1" -#define SSH_HPN "-hpn13v1" +#define SSH_HPN "-hpn13v5" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN \ NCSA_VERSION GSI_VERSION KRB5_VERSION MGLUE_VERSION -- 2.45.1