summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-05-17 22:34:22 +1000
committerDamien Miller <djm@mindrot.org>2000-05-17 22:34:22 +1000
commitdcb6ecd1b3b25b6909296ff0546ca6b18d0c19d3 (patch)
tree7eb6d184356f6aa00e62c71565568db706f2e960
parent0e65eed58acc0053d163e96463a7c4d0684e55bd (diff)
- OpenBSD CVS update:
- markus@cvs.openbsd.org [ssh.c] fix usage() [ssh2.h] draft-ietf-secsh-architecture-05.txt [ssh.1] document ssh -T -N (ssh2 only) [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] enable nonblocking IO for sshd w/ proto 1, too; split out common code [aux.c] missing include
-rw-r--r--ChangeLog12
-rw-r--r--Makefile.in2
-rw-r--r--aux.c36
-rw-r--r--channels.c19
-rw-r--r--serverloop.c44
-rw-r--r--ssh.110
-rw-r--r--ssh.c3
-rw-r--r--ssh.h8
-rw-r--r--ssh2.h8
-rw-r--r--sshconnect.c17
-rw-r--r--sshd.c17
11 files changed, 102 insertions, 74 deletions
diff --git a/ChangeLog b/ChangeLog
index 4f0c42d6..e14392af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,18 @@
- Avoid WCOREDUMP complation errors for systems that lack it
- Avoid SIGCHLD warnings from entropy commands
- Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
+ - OpenBSD CVS update:
+ - markus@cvs.openbsd.org
+ [ssh.c]
+ fix usage()
+ [ssh2.h]
+ draft-ietf-secsh-architecture-05.txt
+ [ssh.1]
+ document ssh -T -N (ssh2 only)
+ [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
+ enable nonblocking IO for sshd w/ proto 1, too; split out common code
+ [aux.c]
+ missing include
20000513
- Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
diff --git a/Makefile.in b/Makefile.in
index 403b75fa..3aeced93 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -34,7 +34,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o aux.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
LIBOPENBSD_COMPAT_OBJS=bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o fake-getaddrinfo.o fake-getnameinfo.o
diff --git a/aux.c b/aux.c
new file mode 100644
index 00000000..899142da
--- /dev/null
+++ b/aux.c
@@ -0,0 +1,36 @@
+#include "includes.h"
+RCSID("$OpenBSD: aux.c,v 1.2 2000/05/17 09:47:59 markus Exp $");
+
+#include "ssh.h"
+
+char *
+chop(char *s)
+{
+ char *t = s;
+ while (*t) {
+ if(*t == '\n' || *t == '\r') {
+ *t = '\0';
+ return s;
+ }
+ t++;
+ }
+ return s;
+
+}
+
+void
+set_nonblock(int fd)
+{
+ int val;
+ val = fcntl(fd, F_GETFL, 0);
+ if (val < 0) {
+ error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
+ return;
+ }
+ if (val & O_NONBLOCK)
+ return;
+ debug("fd %d setting O_NONBLOCK", fd);
+ val |= O_NONBLOCK;
+ if (fcntl(fd, F_SETFL, val) == -1)
+ error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
+}
diff --git a/channels.c b/channels.c
index a18c7e30..f26b3a65 100644
--- a/channels.c
+++ b/channels.c
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $");
+RCSID("$Id: channels.c,v 1.31 2000/05/17 12:34:23 damien Exp $");
#include "ssh.h"
#include "packet.h"
@@ -147,23 +147,6 @@ channel_lookup(int id)
return c;
}
-void
-set_nonblock(int fd)
-{
- int val;
- val = fcntl(fd, F_GETFL, 0);
- if (val < 0) {
- error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
- return;
- }
- if (val & O_NONBLOCK)
- return;
- debug("fd %d setting O_NONBLOCK", fd);
- val |= O_NONBLOCK;
- if (fcntl(fd, F_SETFL, val) == -1)
- error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
-}
-
/*
* Register filedescriptors for a channel, used when allocating a channel or
* when the channel consumer/producer is ready, e.g. shell exec'd
diff --git a/serverloop.c b/serverloop.c
index 1bc5d8b7..79bdf77b 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -259,20 +259,15 @@ process_input(fd_set * readset)
if (len == 0) {
verbose("Connection closed by remote host.");
fatal_cleanup();
+ } else if (len < 0) {
+ if (errno != EINTR && errno != EAGAIN) {
+ verbose("Read error from remote host: %.100s", strerror(errno));
+ fatal_cleanup();
+ }
+ } else {
+ /* Buffer any received data. */
+ packet_process_incoming(buf, len);
}
- /*
- * There is a kernel bug on Solaris that causes select to
- * sometimes wake up even though there is no data available.
- */
- if (len < 0 && errno == EAGAIN)
- len = 0;
-
- if (len < 0) {
- verbose("Read error from remote host: %.100s", strerror(errno));
- fatal_cleanup();
- }
- /* Buffer any received data. */
- packet_process_incoming(buf, len);
}
if (compat20)
return;
@@ -280,9 +275,11 @@ process_input(fd_set * readset)
/* Read and buffer any available stdout data from the program. */
if (!fdout_eof && FD_ISSET(fdout, readset)) {
len = read(fdout, buf, sizeof(buf));
- if (len <= 0)
+ if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ /* do nothing */
+ } else if (len <= 0) {
fdout_eof = 1;
- else {
+ } else {
buffer_append(&stdout_buffer, buf, len);
fdout_bytes += len;
}
@@ -290,10 +287,13 @@ process_input(fd_set * readset)
/* Read and buffer any available stderr data from the program. */
if (!fderr_eof && FD_ISSET(fderr, readset)) {
len = read(fderr, buf, sizeof(buf));
- if (len <= 0)
+ if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ /* do nothing */
+ } else if (len <= 0) {
fderr_eof = 1;
- else
+ } else {
buffer_append(&stderr_buffer, buf, len);
+ }
}
}
@@ -309,7 +309,9 @@ process_output(fd_set * writeset)
if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
len = write(fdin, buffer_ptr(&stdin_buffer),
buffer_len(&stdin_buffer));
- if (len <= 0) {
+ if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ /* do nothing */
+ } else if (len <= 0) {
#ifdef USE_PIPES
close(fdin);
#else
@@ -396,6 +398,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
fdin = fdin_arg;
fdout = fdout_arg;
fderr = fderr_arg;
+
+ /* nonblocking IO */
+ set_nonblock(fdin);
+ set_nonblock(fdout);
+ set_nonblock(fderr);
+
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
diff --git a/ssh.1 b/ssh.1
index 48040c43..d8e9eb0b 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $
+.\" $Id: ssh.1,v 1.26 2000/05/17 12:34:24 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSH 1
@@ -24,7 +24,7 @@
.Op Ar command
.Pp
.Nm ssh
-.Op Fl afgknqtvxCPX246
+.Op Fl afgknqtvxCNPTX246
.Op Fl c Ar cipher_spec
.Op Fl e Ar escape_char
.Op Fl i Ar identity_file
@@ -416,6 +416,10 @@ program will be put in the background.
needs to ask for a password or passphrase; see also the
.Fl f
option.)
+.It Fl N
+Do not execute a remote command.
+This is usefull if you just want to forward ports
+(protocol version 2 only).
.It Fl o Ar option
Can be used to give options in the format used in the config file.
This is useful for specifying options for which there is no separate
@@ -442,6 +446,8 @@ Force pseudo-tty allocation.
This can be used to execute arbitrary
screen-based programs on a remote machine, which can be very useful,
e.g., when implementing menu services.
+.It Fl T
+Disable pseudo-tty allocation (protocol version 2 only).
.It Fl v
Verbose mode.
Causes
diff --git a/ssh.c b/ssh.c
index 2dfc2b02..bf4f8b1c 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.30 2000/05/09 01:03:02 damien Exp $");
+RCSID("$Id: ssh.c,v 1.31 2000/05/17 12:34:24 damien Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@@ -120,6 +120,7 @@ usage()
#ifdef AFS
fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
#endif /* AFS */
+ fprintf(stderr, " -X Enable X11 connection forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding.\n");
fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
diff --git a/ssh.h b/ssh.h
index 42a71008..ed124cec 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: ssh.h,v 1.39 2000/05/09 01:03:02 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.40 2000/05/17 12:34:24 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
@@ -486,6 +486,12 @@ void fatal_remove_cleanup(void (*proc) (void *context), void *context);
*/
char *tilde_expand_filename(const char *filename, uid_t my_uid);
+/* remove newline at end of string */
+char *chop(char *s);
+
+/* set filedescriptor to non-blocking */
+void set_nonblock(int fd);
+
/*
* Performs the interactive session. This handles data transmission between
* the client and the program. Note that the notion of stdin, stdout, and
diff --git a/ssh2.h b/ssh2.h
index cf684bac..1fa4c0a0 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,5 +1,5 @@
/*
- * draft-ietf-secsh-architecture-04.txt
+ * draft-ietf-secsh-architecture-05.txt
*
* Transport layer protocol:
*
@@ -28,6 +28,7 @@
*
* 192-255 Local extensions
*/
+/* RCSID("$OpenBSD: ssh2.h,v 1.3 2000/05/15 07:03:12 markus Exp $"); */
/* transport layer: generic */
@@ -88,6 +89,7 @@
#define SSH2_DISCONNECT_PROTOCOL_ERROR 2
#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3
#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4
+#define SSH2_DISCONNECT_RESERVED 4
#define SSH2_DISCONNECT_MAC_ERROR 5
#define SSH2_DISCONNECT_COMPRESSION_ERROR 6
#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7
@@ -95,6 +97,10 @@
#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9
#define SSH2_DISCONNECT_CONNECTION_LOST 10
#define SSH2_DISCONNECT_BY_APPLICATION 11
+#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12
+#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13
+#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14
+#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15
/* misc */
diff --git a/sshconnect.c b/sshconnect.c
index d74658c9..40e359ce 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -8,7 +8,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.72 2000/05/04 09:50:22 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.73 2000/05/17 08:20:15 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -301,21 +301,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
return 1;
}
-char *
-chop(char *s)
-{
- char *t = s;
- while (*t) {
- if(*t == '\n' || *t == '\r') {
- *t = '\0';
- return s;
- }
- t++;
- }
- return s;
-
-}
-
/*
* Waits for the server identification string, and sends our own
* identification string.
diff --git a/sshd.c b/sshd.c
index d1ed1506..a13332cb 100644
--- a/sshd.c
+++ b/sshd.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.116 2000/05/17 08:20:16 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -262,21 +262,6 @@ key_regeneration_alarm(int sig)
errno = save_errno;
}
-char *
-chop(char *s)
-{
- char *t = s;
- while (*t) {
- if(*t == '\n' || *t == '\r') {
- *t = '\0';
- return s;
- }
- t++;
- }
- return s;
-
-}
-
void
sshd_exchange_identification(int sock_in, int sock_out)
{