]> andersk Git - openssh.git/blobdiff - ssh.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- djm@cvs.openbsd.org 2001/03/13 22:42:54
[openssh.git] / ssh.c
diff --git a/ssh.c b/ssh.c
index 4ca1e7bf879f585c09d7189c62d8f5336fc093ba..74a2b75ac459ab999012b2ab10bf730aa6a54a54 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.94 2001/02/10 01:46:28 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.104 2001/03/08 21:42:32 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -65,6 +65,8 @@ RCSID("$OpenBSD: ssh.c,v 1.94 2001/02/10 01:46:28 markus Exp $");
 #include "tildexpand.h"
 #include "dispatch.h"
 #include "misc.h"
+#include "kex.h"
+#include "mac.h"
 
 #ifdef HAVE___PROGNAME
 extern char *__progname;
@@ -159,7 +161,8 @@ usage(void)
 #endif                         /* AFS */
        fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
        fprintf(stderr, "  -x          Disable X11 connection forwarding.\n");
-       fprintf(stderr, "  -i file     Identity for RSA authentication (default: ~/.ssh/identity).\n");
+       fprintf(stderr, "  -i file     Identity for public key authentication "
+           "(default: ~/.ssh/identity)\n");
        fprintf(stderr, "  -t          Tty; allocate a tty even if command is given.\n");
        fprintf(stderr, "  -T          Do not allocate a tty.\n");
        fprintf(stderr, "  -v          Verbose; display verbose debugging messages.\n");
@@ -171,8 +174,8 @@ usage(void)
        fprintf(stderr, "  -e char     Set escape character; ``none'' = disable (default: ~).\n");
 
        fprintf(stderr, "  -c cipher   Select encryption algorithm: "
-                       "``3des'', "
-                       "``blowfish''\n");
+           "``3des'', ``blowfish''\n");
+       fprintf(stderr, "  -m macs     Specify MAC algorithms for protocol version 2.\n");
        fprintf(stderr, "  -p port     Connect to this port.  Server must be on the same port.\n");
        fprintf(stderr, "  -L listen-port:host:port   Forward local port to remote address\n");
        fprintf(stderr, "  -R listen-port:host:port   Forward remote port to local address\n");
@@ -230,7 +233,7 @@ rsh_connect(char *host, char *user, Buffer * command)
 
 int    ssh_session(void);
 int    ssh_session2(void);
-int    guess_identity_file_type(const char *filename);
+void   load_public_identity_files(void);
 
 /*
  * Main program for the ssh client.
@@ -242,7 +245,7 @@ main(int ac, char **av)
        u_short fwd_port, fwd_host_port;
        char *optarg, *cp, buf[256];
        struct stat st;
-       struct passwd *pw, pwcopy;
+       struct passwd *pw;
        int dummy;
        uid_t original_effective_uid;
 
@@ -305,7 +308,7 @@ main(int ac, char **av)
                opt = av[optind][1];
                if (!opt)
                        usage();
-               if (strchr("eilcpLRo", opt)) {  /* options with arguments */
+               if (strchr("eilcmpLRo", opt)) { /* options with arguments */
                        optarg = av[optind] + 2;
                        if (strcmp(optarg, "") == 0) {
                                if (optind >= ac - 1)
@@ -385,15 +388,16 @@ main(int ac, char **av)
                                options.log_level++;
                                break;
                        } else {
-                               fatal("Too high debugging level.\n");
+                               fatal("Too high debugging level.");
                        }
                        /* fallthrough */
                case 'V':
-                       fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n",
+                       fprintf(stderr,
+                           "%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n",
                            SSH_VERSION,
                            PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
-                           PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2);
-                       fprintf(stderr, "Compiled with SSL (0x%8.8lx).\n", SSLeay());
+                           PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
+                           SSLeay());
                        if (opt == 'V')
                                exit(0);
                        break;
@@ -434,6 +438,14 @@ main(int ac, char **av)
                                }
                        }
                        break;
+               case 'm':
+                       if (mac_valid(optarg))
+                               options.macs = xstrdup(optarg);
+                       else {
+                               fprintf(stderr, "Unknown mac type '%s'\n", optarg);
+                               exit(1);
+                       }
+                       break;
                case 'p':
                        options.port = atoi(optarg);
                        break;
@@ -532,32 +544,24 @@ main(int ac, char **av)
        /* Do not allocate a tty if stdin is not a tty. */
        if (!isatty(fileno(stdin)) && !force_tty_flag) {
                if (tty_flag)
-                       log("Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
+                       log("Pseudo-terminal will not be allocated because stdin is not a terminal.");
                tty_flag = 0;
        }
 
        /* Get user data. */
        pw = getpwuid(original_real_uid);
        if (!pw) {
-               log("You don't exist, go away!\n");
+               log("You don't exist, go away!");
                exit(1);
        }
        /* Take a copy of the returned structure. */
-       memset(&pwcopy, 0, sizeof(pwcopy));
-       pwcopy.pw_name = xstrdup(pw->pw_name);
-       pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
-       pwcopy.pw_uid = pw->pw_uid;
-       pwcopy.pw_gid = pw->pw_gid;
-#ifdef HAVE_PW_CLASS_IN_PASSWD
-       pwcopy.pw_class = xstrdup(pw->pw_class);
-#endif
-       pwcopy.pw_dir = xstrdup(pw->pw_dir);
-       pwcopy.pw_shell = xstrdup(pw->pw_shell);
-       pw = &pwcopy;
+       pw = pwcopy(pw);
 
-       /* Initialize "log" output.  Since we are the client all output
-          actually goes to the terminal. */
-       log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
+       /*
+        * Initialize "log" output.  Since we are the client all output
+        * actually goes to stderr.
+        */
+       log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
 
        /* Read per-user configuration file. */
        snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE);
@@ -570,7 +574,7 @@ main(int ac, char **av)
        fill_default_options(&options);
 
        /* reinit */
-       log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
+       log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
 
        if (options.user == NULL)
                options.user = xstrdup(pw->pw_name);
@@ -674,15 +678,11 @@ main(int ac, char **av)
                }
                exit(1);
        }
-       /* Expand ~ in options.identity_files, known host file names. */
-       /* XXX mem-leaks */
-       for (i = 0; i < options.num_identity_files; i++) {
-               options.identity_files[i] =
-                   tilde_expand_filename(options.identity_files[i], original_real_uid);
-               options.identity_files_type[i] = guess_identity_file_type(options.identity_files[i]);
-               debug("identity file %s type %d", options.identity_files[i],
-                   options.identity_files_type[i]);
-       }
+       /* load options.identity_files */
+       load_public_identity_files();
+
+       /* Expand ~ in known host file names. */
+       /* XXX mem-leaks: */
        options.system_hostfile =
            tilde_expand_filename(options.system_hostfile, original_real_uid);
        options.user_hostfile =
@@ -935,7 +935,8 @@ client_subsystem_reply(int type, int plen, void *ctxt)
 
        id = packet_get_int();
        len = buffer_len(&command);
-       len = MAX(len, 900);
+       if (len > 900)
+               len = 900;
        packet_done();
        if (type == SSH2_MSG_CHANNEL_FAILURE)
                fatal("Request for subsystem '%.*s' failed on channel %d",
@@ -1008,7 +1009,7 @@ ssh_session2_callback(int id, void *arg)
                        debug("Sending command: %.*s", len, buffer_ptr(&command));
                        channel_request_start(id, "exec", 0);
                }
-               packet_put_string(buffer_ptr(&command), len);
+               packet_put_string(buffer_ptr(&command), buffer_len(&command));
                packet_send();
        } else {
                channel_request(id, "shell", 0);
@@ -1090,3 +1091,31 @@ guess_identity_file_type(const char *filename)
        key_free(public);
        return type;
 }
+
+void
+load_public_identity_files(void)
+{
+       char *filename;
+       Key *public;
+       int i;
+
+       for (i = 0; i < options.num_identity_files; i++) {
+               filename = tilde_expand_filename(options.identity_files[i],
+                   original_real_uid);
+               public = key_new(KEY_RSA1);
+               if (!load_public_key(filename, public, NULL)) {
+                       key_free(public);
+                       public = key_new(KEY_UNSPEC);
+                       if (!try_load_public_key(filename, public, NULL)) {
+                               debug("unknown identity file %s", filename);
+                               key_free(public);
+                               public = NULL;
+                       }
+               }
+               debug("identity file %s type %d", filename,
+                   public ? public->type : -1);
+               xfree(options.identity_files[i]);
+               options.identity_files[i] = filename;
+               options.identity_keys[i] = public;
+       }
+}
git-cvsimport mirror of OpenSSH
This page took 0.040718 seconds and 4 git commands to generate.