*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.222 2004/06/23 14:31:01 dtucker Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
#include "scard.h"
#endif
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else
-char *__progname;
-#endif
/* Flag indicating whether debug mode is on. This can be set on the command line. */
int debug_flag = 0;
usage(void)
{
fprintf(stderr,
-"usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n"
" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n"
-" [-p port] [-R port:host:hostport] [user@]hostname [command]\n"
+" [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n"
);
exit(1);
}
}
break;
case 'M':
- options.control_master = 1;
+ options.control_master =
+ (options.control_master >= 1) ? 2 : 1;
break;
case 'p':
options.port = a2port(optarg);
if (options.control_path != NULL)
free(options.control_path);
options.control_path = xstrdup(optarg);
- if (options.control_master == -1)
- options.control_master = 0;
break;
case 'b':
options.bind_address = optarg;
* for the local connection.
*/
if (!got_data) {
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
logit("Warning: No xauth data; "
"using fake authentication data for X11 forwarding.");
strlcpy(proto, SSH_X11_PROTO, sizeof proto);
for (i = 0; i < 16; i++) {
if (i % 4 == 0)
- rand = arc4random();
+ rnd = arc4random();
snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
- rand & 0xff);
- rand >>= 8;
+ rnd & 0xff);
+ rnd >>= 8;
}
}
}
kill(control_server_pid, signo);
}
+static int
+env_permitted(char *env)
+{
+ int i;
+ char name[1024], *cp;
+
+ strlcpy(name, env, sizeof(name));
+ if ((cp = strchr(name, '=')) == NULL)
+ return (0);
+
+ *cp = '\0';
+
+ for (i = 0; i < options.num_send_env; i++)
+ if (match_pattern(name, options.send_env[i]))
+ return (1);
+
+ return (0);
+}
+
static void
control_client(const char *path)
{
struct sockaddr_un addr;
- int i, r, sock, exitval, addr_len;
+ int i, r, sock, exitval, num_env, addr_len;
Buffer m;
char *cp;
extern char **environ;
if ((cp = getenv("TERM")) == NULL)
cp = "";
- signal(SIGINT, control_client_sighandler);
- signal(SIGTERM, control_client_sighandler);
- signal(SIGWINCH, control_client_sigrelay);
-
buffer_init(&m);
/* Get PID of controlee */
buffer_append(&command, "\0", 1);
buffer_put_cstring(&m, buffer_ptr(&command));
- /* Pass environment */
- for (i = 0; environ != NULL && environ[i] != NULL; i++)
- ;
- buffer_put_int(&m, i);
- for (i = 0; environ != NULL && environ[i] != NULL; i++)
- buffer_put_cstring(&m, environ[i]);
+ if (options.num_send_env == 0 || environ == NULL) {
+ buffer_put_int(&m, 0);
+ } else {
+ /* Pass environment */
+ num_env = 0;
+ for (i = 0; environ[i] != NULL; i++)
+ if (env_permitted(environ[i]))
+ num_env++; /* Count */
+
+ buffer_put_int(&m, num_env);
+
+ for (i = 0; environ[i] != NULL && num_env >= 0; i++)
+ if (env_permitted(environ[i])) {
+ num_env--;
+ buffer_put_cstring(&m, environ[i]);
+ }
+ }
if (ssh_msg_send(sock, /* version */0, &m) == -1)
fatal("%s: msg_send", __func__);
fatal("%s: master returned error", __func__);
buffer_free(&m);
+ signal(SIGINT, control_client_sighandler);
+ signal(SIGTERM, control_client_sighandler);
+ signal(SIGWINCH, control_client_sigrelay);
+
if (tty_flag)
enter_raw_mode();