From db1cb46ca2e70fbd8357ff6c8acc5f7f07b36b3f Mon Sep 17 00:00:00 2001 From: Kris Kennaway Date: Sat, 3 Jun 2000 07:31:44 +0000 Subject: [PATCH] Bring vendor patches onto the main branch, and resolve conflicts. --- crypto/openssh/key.c | 18 +++++++++------- crypto/openssh/readconf.c | 10 +++++++-- crypto/openssh/session.c | 44 +++++++++++++++++++++++++++------------ crypto/openssh/ssh.1 | 21 +++++++++++++------ crypto/openssh/ssh.c | 9 ++++++-- 5 files changed, 72 insertions(+), 30 deletions(-) diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index 47720b27c0a7..b91bd2190edf 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -258,12 +258,14 @@ key_read(Key *ret, char **cpp) blob = xmalloc(len); n = uudecode(cp, blob, len); if (n < 0) { - error("uudecode %s failed", cp); + error("key_read: uudecode %s failed", cp); return 0; } k = dsa_key_from_blob(blob, n); - if (k == NULL) - return 0; + if (k == NULL) { + error("key_read: dsa_key_from_blob %s failed", cp); + return 0; + } xfree(blob); if (ret->dsa != NULL) DSA_free(ret->dsa); @@ -271,10 +273,12 @@ key_read(Key *ret, char **cpp) k->dsa = NULL; key_free(k); bits = BN_num_bits(ret->dsa->p); - cp = strchr(cp, '='); - if (cp == NULL) - return 0; - *cpp = cp + 1; + /* advance cp: skip whitespace and data */ + while (*cp == ' ' || *cp == '\t') + cp++; + while (*cp != '\0' && *cp != ' ' && *cp != '\t') + cp++; + *cpp = cp; break; default: fatal("key_read: bad key type: %d", ret->type); diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index cf7cd14577ab..bad4c15c1f8f 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.31 2000/05/08 17:12:15 markus Exp $"); +RCSID("$Id: readconf.c,v 1.33 2000/05/29 20:20:46 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -482,6 +482,8 @@ process_config_line(Options *options, const char *host, case oCipher: intptr = &options->cipher; cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); value = cipher_number(cp); if (value == -1) fatal("%.200s line %d: Bad cipher '%s'.", @@ -492,6 +494,8 @@ process_config_line(Options *options, const char *host, case oCiphers: cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); if (!ciphers_valid(cp)) fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, cp ? cp : ""); @@ -502,6 +506,8 @@ process_config_line(Options *options, const char *host, case oProtocol: intptr = &options->protocol; cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); value = proto_spec(cp); if (value == SSH_PROTO_UNKNOWN) fatal("%.200s line %d: Bad protocol spec '%s'.", @@ -713,7 +719,7 @@ void fill_default_options(Options * options) { if (options->forward_agent == -1) - options->forward_agent = 1; + options->forward_agent = 0; if (options->forward_x11 == -1) options->forward_x11 = 0; if (options->gateway_ports == -1) diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 94494d1e614c..f4c615d23725 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.15 2000/05/30 17:23:37 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -315,8 +315,7 @@ do_authenticated(struct passwd * pw) break; } debug("Received authentication agent forwarding request."); - auth_input_request_forwarding(pw); - success = 1; + success = auth_input_request_forwarding(pw); break; case SSH_CMSG_PORT_FORWARD_REQUEST: @@ -723,7 +722,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) #endif /* LOGIN_CAP */ /* Do common processing for the child, such as execing the command. */ - do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty); + do_child(command, pw, s->term, s->display, s->auth_proto, + s->auth_data, s->tty); /* NOTREACHED */ } if (pid < 0) @@ -827,7 +827,10 @@ read_environment_file(char ***env, unsigned int *envsize, fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); continue; } - /* Replace the equals sign by nul, and advance value to the value string. */ + /* + * Replace the equals sign by nul, and advance value to + * the value string. + */ *value = '\0'; value++; child_set_env(env, envsize, cp, value); @@ -1059,7 +1062,8 @@ do_child(const char *command, struct passwd * pw, const char *term, /* read $HOME/.ssh/environment. */ if (!options.use_login) { - snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); + snprintf(buf, sizeof buf, "%.200s/.ssh/environment", + pw->pw_dir); read_environment_file(&env, &envsize, buf); } if (debug_flag) { @@ -1183,16 +1187,29 @@ do_child(const char *command, struct passwd * pw, const char *term, else { /* Add authority data to .Xauthority if appropriate. */ if (auth_proto != NULL && auth_data != NULL) { - if (debug_flag) - fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n", - XAUTH_PATH, display, auth_proto, auth_data); - + char *screen = strchr(display, ':'); + if (debug_flag) { + fprintf(stderr, + "Running %.100s add %.100s %.100s %.100s\n", + XAUTH_PATH, display, auth_proto, auth_data); + if (screen != NULL) + fprintf(stderr, + "Adding %.*s/unix%s %s %s\n", + screen-display, display, + screen, auth_proto, auth_data); + } f = popen(XAUTH_PATH " -q -", "w"); if (f) { - fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data); + fprintf(f, "add %s %s %s\n", display, + auth_proto, auth_data); + if (screen != NULL) + fprintf(f, "add %.*s/unix%s %s %s\n", + screen-display, display, + screen, auth_proto, auth_data); pclose(f); } else - fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH); + fprintf(stderr, "Could not run %s -q -\n", + XAUTH_PATH); } } #endif /* XAUTH_PATH */ @@ -1222,7 +1239,8 @@ do_child(const char *command, struct passwd * pw, const char *term, struct stat mailstat; mailbox = getenv("MAIL"); if (mailbox != NULL) { - if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0) + if (stat(mailbox, &mailstat) != 0 || + mailstat.st_size == 0) #ifdef __FreeBSD__ ; #else /* !__FreeBSD__ */ diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 22af8e184518..c5e0aafe6b27 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -9,9 +9,8 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.43 2000/03/24 03:04:46 brad Exp $ -.\" $Id: ssh.1,v 1.52 2000/05/08 17:21:32 hugh Exp $ -.\" $FreeBSD$ +.\" $Id: ssh.1,v 1.54 2000/05/29 20:20:46 markus Exp $ +/\" $FreeBSD$ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -26,7 +25,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqtvxCPX246 +.Op Fl afgknqtvxACNPTX246 .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file @@ -335,7 +334,9 @@ host key is not known or has changed. .Bl -tag -width Ds .It Fl a Disables forwarding of the authentication agent connection. -This may also be specified on a per-host basis in the configuration file. +.It Fl A +Enables forwarding of the authentication agent connection. +This can also be specified on a per-host basis in a configuration file. .It Fl c Ar blowfish|3des Selects the cipher to use for encrypting the session. .Ar 3des @@ -419,6 +420,10 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl N +Do not execute a remote command. +This is usefull if you just want to forward ports +(protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the config file. This is useful for specifying options for which there is no separate @@ -445,6 +450,8 @@ Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. +.It Fl T +Disable pseudo-tty allocation (protocol version 2 only). .It Fl v Verbose mode. Causes @@ -457,9 +464,9 @@ The verbose mode is also used to display challenges, if the user entered "s/key" as password. .It Fl x Disables X11 forwarding. -This can also be specified on a per-host basis in a configuration file. .It Fl X Enables X11 forwarding. +This can also be specified on a per-host basis in a configuration file. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -668,6 +675,8 @@ The argument must be .Dq yes or .Dq no . +The default is +.Dq no . .It Cm ForwardX11 Specifies whether X11 connections will be automatically redirected over the secure channel and diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 39b551f14e2c..c1d0bbcd49ea 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $"); +RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $"); #include #include @@ -110,10 +110,12 @@ usage() fprintf(stderr, "Options:\n"); fprintf(stderr, " -l user Log in using this user name.\n"); fprintf(stderr, " -n Redirect input from /dev/null.\n"); + fprintf(stderr, " -A Enable authentication agent forwarding.\n"); fprintf(stderr, " -a Disable authentication agent forwarding.\n"); #ifdef AFS fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); #endif /* AFS */ + fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding.\n"); fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); @@ -312,6 +314,9 @@ main(int ac, char **av) case 'a': options.forward_agent = 0; break; + case 'A': + options.forward_agent = 1; + break; #ifdef AFS case 'k': options.krb4_tgt_passing = 0; @@ -429,7 +434,7 @@ main(int ac, char **av) if (!host) usage(); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); /* Initialize the command to execute on remote host. */ buffer_init(&command);