*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.138 2005/06/16 03:38:36 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.155 2006/02/22 00:04:44 stevesk Exp $");
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#include <sys/ioctl.h>
+
+#include <ctype.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <signal.h>
+#include <termios.h>
#include "ssh.h"
#include "ssh1.h"
#include "log.h"
#include "readconf.h"
#include "clientloop.h"
+#include "sshconnect.h"
#include "authfd.h"
#include "atomicio.h"
#include "sshpty.h"
static volatile sig_atomic_t received_window_change_signal = 0;
static volatile sig_atomic_t received_signal = 0;
-/* Flag indicating whether the user\'s terminal is in non-blocking mode. */
+/* Flag indicating whether the user's terminal is in non-blocking mode. */
static int in_non_blocking_mode = 0;
/* Common data for the client loop code. */
struct confirm_ctx {
int want_tty;
int want_subsys;
+ int want_x_fwd;
+ int want_agent_fwd;
Buffer cmd;
char *term;
struct termios tio;
}
}
snprintf(cmd, sizeof(cmd),
- "%s %s%s list %s . 2>" _PATH_DEVNULL,
+ "%s %s%s list %s 2>" _PATH_DEVNULL,
xauth_path,
generated ? "-f " : "" ,
generated ? xauthfile : "",
client_extra_session2_setup(int id, void *arg)
{
struct confirm_ctx *cctx = arg;
+ const char *display;
Channel *c;
int i;
if ((c = channel_lookup(id)) == NULL)
fatal("%s: no channel for id %d", __func__, id);
+ display = getenv("DISPLAY");
+ if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
+ char *proto, *data;
+ /* Get reasonable local authentication information. */
+ client_x11_get_proto(display, options.xauth_location,
+ options.forward_x11_trusted, &proto, &data);
+ /* Request forwarding with authentication spoofing. */
+ debug("Requesting X11 forwarding with authentication spoofing.");
+ x11_request_forwarding_with_spoofing(id, display, proto, data);
+ /* XXX wait for reply */
+ }
+
+ if (cctx->want_agent_fwd && options.forward_agent) {
+ debug("Requesting authentication agent forwarding.");
+ channel_request_start(id, "auth-agent-req@openssh.com", 0);
+ packet_send();
+ }
+
client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
client_subsystem_reply);
{
Buffer m;
Channel *c;
- int client_fd, new_fd[3], ver, i, allowed;
+ int client_fd, new_fd[3], ver, allowed;
socklen_t addrlen;
struct sockaddr_storage addr;
struct confirm_ctx *cctx;
char *cmd;
- u_int len, env_len, command, flags;
+ u_int i, len, env_len, command, flags;
uid_t euid;
gid_t egid;
buffer_free(&m);
return;
}
- if ((ver = buffer_get_char(&m)) != 1) {
+ if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
error("%s: wrong client version %d", __func__, ver);
buffer_free(&m);
close(client_fd);
buffer_clear(&m);
buffer_put_int(&m, allowed);
buffer_put_int(&m, getpid());
- if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
+ if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
buffer_free(&m);
buffer_clear(&m);
buffer_put_int(&m, allowed);
buffer_put_int(&m, getpid());
- if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
+ if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
buffer_free(&m);
buffer_free(&m);
return;
}
- if ((ver = buffer_get_char(&m)) != 1) {
+ if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
error("%s: wrong client version %d", __func__, ver);
buffer_free(&m);
close(client_fd);
memset(cctx, 0, sizeof(*cctx));
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
+ cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
+ cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
cctx->term = buffer_get_string(&m, &len);
cmd = buffer_get_string(&m, &len);
/* This roundtrip is just for synchronisation of ttymodes */
buffer_clear(&m);
- if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
+ if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
close(new_fd[0]);
logit(" -Lport:host:hostport Request local forward");
logit(" -Rport:host:hostport Request remote forward");
logit(" -KRhostport Cancel remote forward");
+ if (!options.permit_local_command)
+ goto out;
+ logit(" !args Execute local command");
+ goto out;
+ }
+
+ if (*s == '!' && options.permit_local_command) {
+ s++;
+ ssh_local_cmd(s);
goto out;
}
u_char ch;
char *s;
- for (i = 0; i < len; i++) {
+ if (len <= 0)
+ return (0);
+
+ for (i = 0; i < (u_int)len; i++) {
/* Get one character at a time. */
ch = buf[i];
session_ident = ssh2_chan_id;
if (escape_char != SSH_ESCAPECHAR_NONE)
channel_register_filter(session_ident,
- simple_escape_filter);
+ simple_escape_filter, NULL);
if (session_ident != -1)
channel_register_cleanup(session_ident,
- client_channel_closed);
+ client_channel_closed, 0);
} else {
/* Check if we should immediately send eof on stdin. */
client_check_initial_eof_on_stdin();
if (!options.forward_x11) {
error("Warning: ssh server tried X11 forwarding.");
- error("Warning: this is probably a break in attempt by a malicious server.");
+ error("Warning: this is probably a break-in attempt by a malicious server.");
return NULL;
}
originator = packet_get_string(NULL);
if (!options.forward_agent) {
error("Warning: ssh server tried agent forwarding.");
- error("Warning: this is probably a break in attempt by a malicious server.");
+ error("Warning: this is probably a break-in attempt by a malicious server.");
return NULL;
}
sock = ssh_get_authentication_socket();
/* Split */
name = xstrdup(env[i]);
if ((val = strchr(name, '=')) == NULL) {
- free(name);
+ xfree(name);
continue;
}
*val++ = '\0';
}
if (!matched) {
debug3("Ignored env %s", name);
- free(name);
+ xfree(name);
continue;
}
packet_put_cstring(name);
packet_put_cstring(val);
packet_send();
- free(name);
+ xfree(name);
}
}
andersk / openssh.git / blobdiff