From e1c5bfafcaa11bd09a0325e046b09425e74901d5 Mon Sep 17 00:00:00 2001 From: mouring Date: Thu, 20 Sep 2001 00:57:55 +0000 Subject: [PATCH] - stevesk@cvs.openbsd.org 2001/09/19 19:24:19 [readconf.c readconf.h scp.c sftp.c ssh.1] add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@ --- ChangeLog | 4 ++++ readconf.c | 26 ++++++++++++++++++++++++-- readconf.h | 3 ++- scp.c | 17 +++++++++++------ sftp.c | 3 ++- ssh.1 | 18 +++++++++++++++++- 6 files changed, 60 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index f57e0337..6d40384d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - markus@cvs.openbsd.org 2001/09/19 13:23:29 [key.c] key_read() now returns -1 on type mismatch, too + - stevesk@cvs.openbsd.org 2001/09/19 19:24:19 + [readconf.c readconf.h scp.c sftp.c ssh.1] + add ClearAllForwardings ssh option and set it in scp and sftp; ok + markus@ 20010918 - (djm) Configure support for smartcards. Based on Ben's work. diff --git a/readconf.c b/readconf.c index 6a426ae0..83069d3a 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.89 2001/09/03 20:58:33 stevesk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.90 2001/09/19 19:24:18 stevesk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -114,7 +114,8 @@ typedef enum { oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms, oBindAddress, oSmartcardDevice + oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, + oClearAllForwardings } OpCodes; /* Textual representations of the tokens. */ @@ -184,6 +185,7 @@ static struct { { "hostkeyalgorithms", oHostKeyAlgorithms }, { "bindaddress", oBindAddress }, { "smartcarddevice", oSmartcardDevice }, + { "clearallforwardings", oClearAllForwardings }, { NULL, 0 } }; @@ -229,6 +231,19 @@ add_remote_forward(Options *options, u_short port, const char *host, fwd->host_port = host_port; } +static void +clear_forwardings(Options *options) +{ + int i; + + for (i = 0; i < options->num_local_forwards; i++) + xfree(options->local_forwards[i].host); + options->num_local_forwards = 0; + for (i = 0; i < options->num_remote_forwards; i++) + xfree(options->remote_forwards[i].host); + options->num_remote_forwards = 0; +} + /* * Returns the number of the token pointed to by cp or oBadOption. */ @@ -621,6 +636,10 @@ parse_int: add_local_forward(options, fwd_port, "socks4", 0); break; + case oClearAllForwardings: + intptr = &options->clear_forwardings; + goto parse_flag; + case oHost: *activep = 0; while ((arg = strdelim(&s)) != NULL && *arg != '\0') @@ -769,6 +788,7 @@ initialize_options(Options * options) options->user_hostfile2 = NULL; options->num_local_forwards = 0; options->num_remote_forwards = 0; + options->clear_forwardings = -1; options->log_level = (LogLevel) - 1; options->preferred_authentications = NULL; options->bind_address = NULL; @@ -889,6 +909,8 @@ fill_default_options(Options * options) options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2; if (options->log_level == (LogLevel) - 1) options->log_level = SYSLOG_LEVEL_INFO; + if (options->clear_forwardings == 1) + clear_forwardings(options); /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index faeef1db..bde9eaa1 100644 --- a/readconf.h +++ b/readconf.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: readconf.h,v 1.38 2001/09/03 20:58:33 stevesk Exp $"); */ +/* RCSID("$OpenBSD: readconf.h,v 1.39 2001/09/19 19:24:18 stevesk Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -100,6 +100,7 @@ typedef struct { /* Remote TCP/IP forward requests. */ int num_remote_forwards; Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; + int clear_forwardings; } Options; diff --git a/scp.c b/scp.c index 512dfa67..e603646b 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.83 2001/09/17 17:57:56 stevesk Exp $"); +RCSID("$OpenBSD: scp.c,v 1.84 2001/09/19 19:24:19 stevesk Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -239,6 +239,7 @@ main(argc, argv) addargs(&args, "-x"); addargs(&args, "-oForwardAgent no"); addargs(&args, "-oFallBackToRsh no"); + addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1) @@ -371,13 +372,17 @@ toremote(targ, argc, argv) for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); if (src) { /* remote to remote */ + static char *ssh_options = + "-x -o'FallBackToRsh no' " + "-o'ClearAllForwardings yes'"; *src++ = 0; if (*src == 0) src = "."; host = strchr(argv[i], '@'); len = strlen(ssh_program) + strlen(argv[i]) + strlen(src) + (tuser ? strlen(tuser) : 0) + - strlen(thost) + strlen(targ) + CMDNEEDS + 32; + strlen(thost) + strlen(targ) + + strlen(ssh_options) + CMDNEEDS + 20; bp = xmalloc(len); if (host) { *host++ = 0; @@ -388,19 +393,19 @@ toremote(targ, argc, argv) else if (!okname(suser)) continue; snprintf(bp, len, - "%s%s -x -o'FallBackToRsh no' -n " + "%s%s %s -n " "-l %s %s %s %s '%s%s%s:%s'", ssh_program, verbose_mode ? " -v" : "", - suser, host, cmd, src, + ssh_options, suser, host, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } else { host = cleanhostname(argv[i]); snprintf(bp, len, - "exec %s%s -x -o'FallBackToRsh no' -n %s " + "exec %s%s %s -n %s " "%s %s '%s%s%s:%s'", ssh_program, verbose_mode ? " -v" : "", - host, cmd, src, + ssh_options, host, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } diff --git a/sftp.c b/sftp.c index 519ee696..06110f9a 100644 --- a/sftp.c +++ b/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.20 2001/09/17 20:38:09 stevesk Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.21 2001/09/19 19:24:19 stevesk Exp $"); /* XXX: commandline mode */ /* XXX: short-form remote directory listings (like 'ls -C') */ @@ -118,6 +118,7 @@ main(int argc, char **argv) addargs(&args, "-oFallBackToRsh no"); addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); + addargs(&args, "-oClearAllForwardings yes"); ll = SYSLOG_LEVEL_INFO; infile = stdin; /* Read from STDIN unless changed by -b */ diff --git a/ssh.1 b/ssh.1 index c7a19e3b..e3dc7506 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.137 2001/09/05 06:23:07 deraadt Exp $ +.\" $OpenBSD: ssh.1,v 1.138 2001/09/19 19:24:19 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -767,6 +767,22 @@ The default is ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc'' .Ed +.It Cm ClearAllForwardings +Specifies that all local, remote and dynamic port forwardings +specified in the configuration files or on the command line be +cleared. This option is primarily useful when used from the +.Nm +command line to clear port forwardings set in +configuration files, and is automatically set by +.Xr scp 1 +and +.Xr sftp 1 . +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm Compression Specifies whether to use compression. The argument must be -- 2.45.2