- (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c

[openssh.git] / ssh.c

diff --git a/ssh.c b/ssh.c
index 6f8114d53b063dba464adac309481e4321daa432..f0c284df03ee03eacac32e463ef0872ce91f85b3 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.222 2004/06/23 14:31:01 dtucker Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -76,11 +76,7 @@ RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $");
 #include "scard.h"
 #endif
 
-#ifdef HAVE___PROGNAME
 extern char *__progname;
-#else
-char *__progname;
-#endif
 
 /* Flag indicating whether debug mode is on.  This can be set on the command line. */
 int debug_flag = 0;
@@ -157,10 +153,10 @@ static void
 usage(void)
 {
        fprintf(stderr,
-"usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
 "           [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n"
 "           [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n"
-"           [-p port] [-R port:host:hostport] [user@]hostname [command]\n"
+"           [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n"
        );
        exit(1);
 }
@@ -376,7 +372,8 @@ again:
                        }
                        break;
                case 'M':
-                       options.control_master = 1;
+                       options.control_master =
+                           (options.control_master >= 1) ? 2 : 1;
                        break;
                case 'p':
                        options.port = a2port(optarg);
@@ -450,8 +447,6 @@ again:
                        if (options.control_path != NULL)
                                free(options.control_path);
                        options.control_path = xstrdup(optarg);
-                       if (options.control_master == -1)
-                               options.control_master = 0;
                        break;
                case 'b':
                        options.bind_address = optarg;
@@ -808,17 +803,17 @@ x11_get_proto(char **_proto, char **_data)
         * for the local connection.
         */
        if (!got_data) {
-               u_int32_t rand = 0;
+               u_int32_t rnd = 0;
 
                logit("Warning: No xauth data; "
                    "using fake authentication data for X11 forwarding.");
                strlcpy(proto, SSH_X11_PROTO, sizeof proto);
                for (i = 0; i < 16; i++) {
                        if (i % 4 == 0)
-                               rand = arc4random();
+                               rnd = arc4random();
                        snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
-                           rand & 0xff);
-                       rand >>= 8;
+                           rnd & 0xff);
+                       rnd >>= 8;
                }
        }
 }
@@ -1228,11 +1223,30 @@ control_client_sigrelay(int signo)
                kill(control_server_pid, signo);
 }
 
+static int
+env_permitted(char *env)
+{
+       int i;
+       char name[1024], *cp;
+
+       strlcpy(name, env, sizeof(name));
+       if ((cp = strchr(name, '=')) == NULL)
+               return (0);
+
+       *cp = '\0';
+
+       for (i = 0; i < options.num_send_env; i++)
+               if (match_pattern(name, options.send_env[i]))
+                       return (1);
+
+       return (0);
+}
+
 static void
 control_client(const char *path)
 {
        struct sockaddr_un addr;
-       int i, r, sock, exitval, addr_len;
+       int i, r, sock, exitval, num_env, addr_len;
        Buffer m;
        char *cp;
        extern char **environ;
@@ -1255,10 +1269,6 @@ control_client(const char *path)
        if ((cp = getenv("TERM")) == NULL)
                cp = "";
 
-       signal(SIGINT, control_client_sighandler);
-       signal(SIGTERM, control_client_sighandler);
-       signal(SIGWINCH, control_client_sigrelay);
-
        buffer_init(&m);
 
        /* Get PID of controlee */
@@ -1279,12 +1289,23 @@ control_client(const char *path)
        buffer_append(&command, "\0", 1);
        buffer_put_cstring(&m, buffer_ptr(&command));
 
-       /* Pass environment */
-       for (i = 0; environ != NULL && environ[i] != NULL; i++)
-               ;
-       buffer_put_int(&m, i);
-       for (i = 0; environ != NULL && environ[i] != NULL; i++)
-               buffer_put_cstring(&m, environ[i]);
+       if (options.num_send_env == 0 || environ == NULL) {
+               buffer_put_int(&m, 0);
+       } else {        
+               /* Pass environment */
+               num_env = 0;
+               for (i = 0; environ[i] != NULL; i++)
+                       if (env_permitted(environ[i]))
+                               num_env++; /* Count */
+                       
+               buffer_put_int(&m, num_env);
+
+               for (i = 0; environ[i] != NULL && num_env >= 0; i++)
+                       if (env_permitted(environ[i])) {
+                               num_env--;
+                               buffer_put_cstring(&m, environ[i]);
+                       }
+       }
 
        if (ssh_msg_send(sock, /* version */0, &m) == -1)
                fatal("%s: msg_send", __func__);
@@ -1301,6 +1322,10 @@ control_client(const char *path)
                fatal("%s: master returned error", __func__);
        buffer_free(&m);
 
+       signal(SIGINT, control_client_sighandler);
+       signal(SIGTERM, control_client_sighandler);
+       signal(SIGWINCH, control_client_sigrelay);
+
        if (tty_flag)
                enter_raw_mode();