X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/9dfd96d6ad0bab6a165ec1ccd4f4f71ec9700ba5..fc231518ec338ae6dddbd7e6cd5590aa77e89427:/ssh.c diff --git a/ssh.c b/ssh.c index a27c4572..01303dc9 100644 --- a/ssh.c +++ b/ssh.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,7 +41,20 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.242 2005/06/08 11:25:09 djm Exp $"); + +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#include +#include +#include + +#include +#ifdef HAVE_PATHS_H +#include +#endif +#include #include #include @@ -158,13 +172,13 @@ usage(void) { fprintf(stderr, "usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" -" [-D port] [-e escape_char] [-F configfile]\n" +" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [user@]hostname [command]\n" +" [-w tunnel:tunnel] [user@]hostname [command]\n" ); - exit(1); + exit(255); } static int ssh_session(void); @@ -185,8 +199,12 @@ main(int ac, char **av) int dummy; extern int optind, optreset; extern char *optarg; + struct servent *sp; Forward fwd; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(av[0]); init_rng(); @@ -219,7 +237,7 @@ main(int ac, char **av) pw = getpwuid(original_real_uid); if (!pw) { logit("You don't exist, go away!"); - exit(1); + exit(255); } /* Take a copy of the returned structure. */ pw = pwcopy(pw); @@ -238,9 +256,9 @@ main(int ac, char **av) /* Parse command-line arguments. */ host = NULL; -again: + again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -336,6 +354,15 @@ again: if (opt == 'V') exit(0); break; + case 'w': + if (options.tun_open == -1) + options.tun_open = SSH_TUNMODE_DEFAULT; + options.tun_local = a2tun(optarg, &options.tun_remote); + if (options.tun_local == SSH_TUNID_ERR) { + fprintf(stderr, "Bad tun device '%s'\n", optarg); + exit(255); + } + break; case 'q': options.log_level = SYSLOG_LEVEL_QUIET; break; @@ -351,7 +378,7 @@ again: else { fprintf(stderr, "Bad escape character '%s'.\n", optarg); - exit(1); + exit(255); } break; case 'c': @@ -366,7 +393,7 @@ again: fprintf(stderr, "Unknown cipher type '%s'\n", optarg); - exit(1); + exit(255); } if (options.cipher == SSH_CIPHER_3DES) options.ciphers = "3des-cbc"; @@ -382,7 +409,7 @@ again: else { fprintf(stderr, "Unknown mac type '%s'\n", optarg); - exit(1); + exit(255); } break; case 'M': @@ -395,7 +422,7 @@ again: options.port = a2port(optarg); if (options.port == 0) { fprintf(stderr, "Bad port '%s'\n", optarg); - exit(1); + exit(255); } break; case 'l': @@ -409,7 +436,7 @@ again: fprintf(stderr, "Bad local forwarding specification '%s'\n", optarg); - exit(1); + exit(255); } break; @@ -420,7 +447,7 @@ again: fprintf(stderr, "Bad remote forwarding specification " "'%s'\n", optarg); - exit(1); + exit(255); } break; @@ -431,20 +458,20 @@ again: if ((fwd.listen_host = hpdelim(&cp)) == NULL) { fprintf(stderr, "Bad dynamic forwarding " "specification '%.100s'\n", optarg); - exit(1); + exit(255); } if (cp != NULL) { fwd.listen_port = a2port(cp); fwd.listen_host = cleanhostname(fwd.listen_host); } else { fwd.listen_port = a2port(fwd.listen_host); - fwd.listen_host = ""; + fwd.listen_host = NULL; } if (fwd.listen_port == 0) { fprintf(stderr, "Bad dynamic port '%s'\n", optarg); - exit(1); + exit(255); } add_local_forward(&options, &fwd); xfree(p); @@ -465,7 +492,7 @@ again: line = xstrdup(optarg); if (process_config_line(&options, host ? host : "", line, "command-line", 0, &dummy) != 0) - exit(1); + exit(255); xfree(line); break; case 's': @@ -603,19 +630,32 @@ again: if (options.host_key_alias != NULL) { for (p = options.host_key_alias; *p; p++) if (isupper(*p)) - *p = tolower(*p); + *p = (char)tolower(*p); + } + + /* Get default port if port has not been set. */ + if (options.port == 0) { + sp = getservbyname(SSH_SERVICE_NAME, "tcp"); + options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; } if (options.proxy_command != NULL && strcmp(options.proxy_command, "none") == 0) options.proxy_command = NULL; + if (options.control_path != NULL && + strcmp(options.control_path, "none") == 0) + options.control_path = NULL; if (options.control_path != NULL) { + char thishost[NI_MAXHOST]; + + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("gethostname: %s", strerror(errno)); snprintf(buf, sizeof(buf), "%d", options.port); cp = tilde_expand_filename(options.control_path, original_real_uid); options.control_path = percent_expand(cp, "p", buf, "h", host, - "r", options.user, (char *)NULL); + "r", options.user, "l", thishost, (char *)NULL); xfree(cp); } if (mux_command != 0 && options.control_path == NULL) @@ -632,7 +672,7 @@ again: original_effective_uid == 0 && options.use_privileged_port, #endif options.proxy_command) != 0) - exit(1); + exit(255); /* * If we successfully made the connection, load the host private key @@ -648,16 +688,16 @@ again: if (options.rhosts_rsa_authentication || options.hostbased_authentication) { sensitive_data.nkeys = 3; - sensitive_data.keys = xmalloc(sensitive_data.nkeys * + sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, - _PATH_HOST_KEY_FILE, "", NULL); + _PATH_HOST_KEY_FILE, "", NULL, NULL); sensitive_data.keys[1] = key_load_private_type(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL); + _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); sensitive_data.keys[2] = key_load_private_type(KEY_RSA, - _PATH_HOST_RSA_KEY_FILE, "", NULL); + _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && @@ -685,7 +725,7 @@ again: /* * Now that we are back to our own permissions, create ~/.ssh - * directory if it doesn\'t already exist. + * directory if it doesn't already exist. */ snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (stat(buf, &st) < 0) @@ -750,110 +790,6 @@ again: return exit_status; } -#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" - -static void -x11_get_proto(char **_proto, char **_data) -{ - char cmd[1024]; - char line[512]; - char xdisplay[512]; - static char proto[512], data[512]; - FILE *f; - int got_data = 0, generated = 0, do_unlink = 0, i; - char *display, *xauthdir, *xauthfile; - struct stat st; - - xauthdir = xauthfile = NULL; - *_proto = proto; - *_data = data; - proto[0] = data[0] = '\0'; - - if (!options.xauth_location || - (stat(options.xauth_location, &st) == -1)) { - debug("No xauth program."); - } else { - if ((display = getenv("DISPLAY")) == NULL) { - debug("x11_get_proto: DISPLAY not set"); - return; - } - /* - * Handle FamilyLocal case where $DISPLAY does - * not match an authorization entry. For this we - * just try "xauth list unix:displaynum.screennum". - * XXX: "localhost" match to determine FamilyLocal - * is not perfect. - */ - if (strncmp(display, "localhost:", 10) == 0) { - snprintf(xdisplay, sizeof(xdisplay), "unix:%s", - display + 10); - display = xdisplay; - } - if (options.forward_x11_trusted == 0) { - xauthdir = xmalloc(MAXPATHLEN); - xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); - if (mkdtemp(xauthdir) != NULL) { - do_unlink = 1; - snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", - xauthdir); - snprintf(cmd, sizeof(cmd), - "%s -f %s generate %s " SSH_X11_PROTO - " untrusted timeout 1200 2>" _PATH_DEVNULL, - options.xauth_location, xauthfile, display); - debug2("x11_get_proto: %s", cmd); - if (system(cmd) == 0) - generated = 1; - } - } - snprintf(cmd, sizeof(cmd), - "%s %s%s list %s . 2>" _PATH_DEVNULL, - options.xauth_location, - generated ? "-f " : "" , - generated ? xauthfile : "", - display); - debug2("x11_get_proto: %s", cmd); - f = popen(cmd, "r"); - if (f && fgets(line, sizeof(line), f) && - sscanf(line, "%*s %511s %511s", proto, data) == 2) - got_data = 1; - if (f) - pclose(f); - } - - if (do_unlink) { - unlink(xauthfile); - rmdir(xauthdir); - } - if (xauthdir) - xfree(xauthdir); - if (xauthfile) - xfree(xauthfile); - - /* - * If we didn't get authentication data, just make up some - * data. The forwarding code will check the validity of the - * response anyway, and substitute this data. The X11 - * server, however, will ignore this fake data and use - * whatever authentication mechanisms it was using otherwise - * for the local connection. - */ - if (!got_data) { - u_int32_t rnd = 0; - - logit("Warning: No xauth data; " - "using fake authentication data for X11 forwarding."); - strlcpy(proto, SSH_X11_PROTO, sizeof proto); - for (i = 0; i < 16; i++) { - if (i % 4 == 0) - rnd = arc4random(); - snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", - rnd & 0xff); - rnd >>= 8; - } - } -} - static void ssh_init_forwarding(void) { @@ -884,9 +820,8 @@ ssh_init_forwarding(void) for (i = 0; i < options.num_remote_forwards; i++) { debug("Remote connections from %.200s:%d forwarded to " "local address %.200s:%d", - (options.remote_forwards[i].listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : - options.remote_forwards[i].listen_host, + (options.remote_forwards[i].listen_host == NULL) ? + "LOCALHOST" : options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); @@ -902,7 +837,7 @@ static void check_agent_present(void) { if (options.forward_agent) { - /* Clear agent forwarding if we don\'t have an agent. */ + /* Clear agent forwarding if we don't have an agent. */ if (!ssh_agent_present()) options.forward_agent = 0; } @@ -916,6 +851,7 @@ ssh_session(void) int have_tty = 0; struct winsize ws; char *cp; + const char *display; /* Enable compression if requested. */ if (options.compression) { @@ -954,10 +890,10 @@ ssh_session(void) /* Store window size in the packet. */ if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) memset(&ws, 0, sizeof(ws)); - packet_put_int(ws.ws_row); - packet_put_int(ws.ws_col); - packet_put_int(ws.ws_xpixel); - packet_put_int(ws.ws_ypixel); + packet_put_int((u_int)ws.ws_row); + packet_put_int((u_int)ws.ws_col); + packet_put_int((u_int)ws.ws_xpixel); + packet_put_int((u_int)ws.ws_ypixel); /* Store tty modes in the packet. */ tty_make_modes(fileno(stdin), NULL); @@ -977,13 +913,15 @@ ssh_session(void) packet_disconnect("Protocol error waiting for pty request response."); } /* Request X11 forwarding if enabled and DISPLAY is set. */ - if (options.forward_x11 && getenv("DISPLAY") != NULL) { + display = getenv("DISPLAY"); + if (options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ - x11_get_proto(&proto, &data); + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, &proto, &data); /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication spoofing."); - x11_request_forwarding_with_spoofing(0, proto, data); + x11_request_forwarding_with_spoofing(0, display, proto, data); /* Read response from the server. */ type = packet_read(); @@ -1101,21 +1039,21 @@ ssh_control_listener(void) fatal("ControlPath too long"); if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) - fatal("%s socket(): %s\n", __func__, strerror(errno)); + fatal("%s socket(): %s", __func__, strerror(errno)); old_umask = umask(0177); - if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) { + if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) { control_fd = -1; if (errno == EINVAL || errno == EADDRINUSE) fatal("ControlSocket %s already exists", options.control_path); else - fatal("%s bind(): %s\n", __func__, strerror(errno)); + fatal("%s bind(): %s", __func__, strerror(errno)); } umask(old_umask); if (listen(control_fd, 64) == -1) - fatal("%s listen(): %s\n", __func__, strerror(errno)); + fatal("%s listen(): %s", __func__, strerror(errno)); set_nonblock(control_fd); } @@ -1125,15 +1063,18 @@ static void ssh_session2_setup(int id, void *arg) { extern char **environ; - + const char *display; int interactive = tty_flag; - if (options.forward_x11 && getenv("DISPLAY") != NULL) { + + display = getenv("DISPLAY"); + if (options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ - x11_get_proto(&proto, &data); + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, &proto, &data); /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication spoofing."); - x11_request_forwarding_with_spoofing(id, proto, data); + x11_request_forwarding_with_spoofing(id, display, proto, data); interactive = 1; /* XXX wait for reply */ } @@ -1145,6 +1086,33 @@ ssh_session2_setup(int id, void *arg) packet_send(); } + if (options.tun_open != SSH_TUNMODE_NO) { + Channel *c; + int fd; + + debug("Requesting tun."); + if ((fd = tun_open(options.tun_local, + options.tun_open)) >= 0) { + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "tun", 1); + c->datagram = 1; +#if defined(SSH_TUN_FILTER) + if (options.tun_open == SSH_TUNMODE_POINTOPOINT) + channel_register_filter(c->self, sys_tun_infilter, + sys_tun_outfilter); +#endif + packet_start(SSH2_MSG_CHANNEL_OPEN); + packet_put_cstring("tun@openssh.com"); + packet_put_int(c->self); + packet_put_int(c->local_window_max); + packet_put_int(c->local_maxpacket); + packet_put_int(options.tun_open); + packet_put_int(options.tun_remote); + packet_send(); + } + } + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); @@ -1209,6 +1177,11 @@ ssh_session2(void) if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); + /* Execute a local command */ + if (options.local_command != NULL && + options.permit_local_command) + ssh_local_cmd(options.local_command); + /* If requested, let ssh continue in the background. */ if (fork_after_authentication_flag) if (daemon(1, 1) < 0) @@ -1221,9 +1194,10 @@ ssh_session2(void) static void load_public_identity_files(void) { - char *filename; + char *filename, *cp, thishost[NI_MAXHOST]; int i = 0; Key *public; + struct passwd *pw; #ifdef SMARTCARD Key **keys; @@ -1247,9 +1221,18 @@ load_public_identity_files(void) xfree(keys); } #endif /* SMARTCARD */ + if ((pw = getpwuid(original_real_uid)) == NULL) + fatal("load_public_identity_files: getpwuid failed"); + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("load_public_identity_files: gethostname: %s", + strerror(errno)); for (; i < options.num_identity_files; i++) { - filename = tilde_expand_filename(options.identity_files[i], + cp = tilde_expand_filename(options.identity_files[i], original_real_uid); + filename = percent_expand(cp, "d", pw->pw_dir, + "u", pw->pw_name, "l", thishost, "h", host, + "r", options.user, (char *)NULL); + xfree(cp); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); @@ -1278,7 +1261,8 @@ env_permitted(char *env) int i; char name[1024], *cp; - strlcpy(name, env, sizeof(name)); + if (strlcpy(name, env, sizeof(name)) >= sizeof(name)) + fatal("env_permitted: name too long"); if ((cp = strchr(name, '=')) == NULL) return (0); @@ -1327,15 +1311,15 @@ control_client(const char *path) if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) fatal("%s socket(): %s", __func__, strerror(errno)); - if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) { + if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) { if (mux_command != SSHMUX_COMMAND_OPEN) { fatal("Control socket connect(%.100s): %s", path, strerror(errno)); } if (errno == ENOENT) - debug("Control socket \"%.100s\" does not exist", path); + debug("Control socket \"%.100s\" does not exist", path); else { - error("Control socket connect(%.100s): %s", path, + error("Control socket connect(%.100s): %s", path, strerror(errno)); } close(sock); @@ -1351,28 +1335,31 @@ control_client(const char *path) close(fd); } - if ((term = getenv("TERM")) == NULL) - term = ""; + term = getenv("TERM"); flags = 0; if (tty_flag) flags |= SSHMUX_FLAG_TTY; if (subsystem_flag) flags |= SSHMUX_FLAG_SUBSYS; + if (options.forward_x11) + flags |= SSHMUX_FLAG_X11_FWD; + if (options.forward_agent) + flags |= SSHMUX_FLAG_AGENT_FWD; buffer_init(&m); /* Send our command to server */ buffer_put_int(&m, mux_command); buffer_put_int(&m, flags); - if (ssh_msg_send(sock, /* version */1, &m) == -1) + if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) fatal("%s: msg_send", __func__); buffer_clear(&m); /* Get authorisation status and PID of controlee */ if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 1) + if (buffer_get_char(&m) != SSHMUX_VER) fatal("%s: wrong version", __func__); if (buffer_get_int(&m) != 1) fatal("Connection to master denied"); @@ -1396,7 +1383,7 @@ control_client(const char *path) } /* SSHMUX_COMMAND_OPEN */ - buffer_put_cstring(&m, term); + buffer_put_cstring(&m, term ? term : ""); buffer_append(&command, "\0", 1); buffer_put_cstring(&m, buffer_ptr(&command)); @@ -1418,7 +1405,7 @@ control_client(const char *path) } } - if (ssh_msg_send(sock, /* version */1, &m) == -1) + if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) fatal("%s: msg_send", __func__); mm_send_fd(sock, STDIN_FILENO); @@ -1429,7 +1416,7 @@ control_client(const char *path) buffer_clear(&m); if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 1) + if (buffer_get_char(&m) != SSHMUX_VER) fatal("%s: wrong version", __func__); buffer_free(&m);