| ssh.c (5dc73ebebeb64670a24b3db3934735b1859926b7) | ssh.c (a8f6863aa612ce6941e7bad9cf809a8d0608a7ca) |
|---|---|
| 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Created: Sat Mar 18 16:36:11 1995 ylo 6 * Ssh client program. This program can be used to log into a remote machine. 7 * The software supports strong authentication, encryption, and forwarding 8 * of X11, TCP/IP, and authentication connections. 9 * 10 * Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. | 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Created: Sat Mar 18 16:36:11 1995 ylo 6 * Ssh client program. This program can be used to log into a remote machine. 7 * The software supports strong authentication, encryption, and forwarding 8 * of X11, TCP/IP, and authentication connections. 9 * 10 * Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. |
| 11 * 12 * $FreeBSD$ | |
| 13 */ 14 15#include "includes.h" | 11 */ 12 13#include "includes.h" |
| 16RCSID("$Id: ssh.c,v 1.41 2000/02/28 19:51:58 markus Exp $"); | 14RCSID("$Id: ssh.c,v 1.43 2000/03/23 21:52:02 markus Exp $"); |
| 17 18#include "xmalloc.h" 19#include "ssh.h" 20#include "packet.h" 21#include "buffer.h" 22#include "authfd.h" 23#include "readconf.h" 24#include "uidswap.h" --- 104 unchanged lines hidden (view full) --- 129rsh_connect(char *host, char *user, Buffer * command) 130{ 131 char *args[10]; 132 int i; 133 134 log("Using rsh. WARNING: Connection will not be encrypted."); 135 /* Build argument list for rsh. */ 136 i = 0; | 15 16#include "xmalloc.h" 17#include "ssh.h" 18#include "packet.h" 19#include "buffer.h" 20#include "authfd.h" 21#include "readconf.h" 22#include "uidswap.h" --- 104 unchanged lines hidden (view full) --- 127rsh_connect(char *host, char *user, Buffer * command) 128{ 129 char *args[10]; 130 int i; 131 132 log("Using rsh. WARNING: Connection will not be encrypted."); 133 /* Build argument list for rsh. */ 134 i = 0; |
| 137#ifndef _PATH_RSH 138#define _PATH_RSH "/usr/bin/rsh" 139#endif | |
| 140 args[i++] = _PATH_RSH; 141 /* host may have to come after user on some systems */ 142 args[i++] = host; 143 if (user) { 144 args[i++] = "-l"; 145 args[i++] = user; 146 } 147 if (buffer_len(command) > 0) { --- 23 unchanged lines hidden (view full) --- 171 int i, opt, optind, type, exit_status, ok, authfd; 172 u_short fwd_port, fwd_host_port; 173 char *optarg, *cp, buf[256]; 174 Buffer command; 175 struct winsize ws; 176 struct stat st; 177 struct passwd *pw, pwcopy; 178 int interactive = 0, dummy; | 135 args[i++] = _PATH_RSH; 136 /* host may have to come after user on some systems */ 137 args[i++] = host; 138 if (user) { 139 args[i++] = "-l"; 140 args[i++] = user; 141 } 142 if (buffer_len(command) > 0) { --- 23 unchanged lines hidden (view full) --- 166 int i, opt, optind, type, exit_status, ok, authfd; 167 u_short fwd_port, fwd_host_port; 168 char *optarg, *cp, buf[256]; 169 Buffer command; 170 struct winsize ws; 171 struct stat st; 172 struct passwd *pw, pwcopy; 173 int interactive = 0, dummy; |
| 174 int have_pty = 0; |
|
| 179 uid_t original_effective_uid; 180 int plen; 181 182 /* 183 * Save the original real uid. It will be needed later (uid-swapping 184 * may clobber the real uid). 185 */ 186 original_real_uid = getuid(); --- 104 unchanged lines hidden (view full) --- 291 options.use_privileged_port = 0; 292 break; 293 294 case 'a': 295 options.forward_agent = 0; 296 break; 297#ifdef AFS 298 case 'k': | 175 uid_t original_effective_uid; 176 int plen; 177 178 /* 179 * Save the original real uid. It will be needed later (uid-swapping 180 * may clobber the real uid). 181 */ 182 original_real_uid = getuid(); --- 104 unchanged lines hidden (view full) --- 287 options.use_privileged_port = 0; 288 break; 289 290 case 'a': 291 options.forward_agent = 0; 292 break; 293#ifdef AFS 294 case 'k': |
| 299 options.krb4_tgt_passing = 0; 300 options.krb5_tgt_passing = 0; | 295 options.kerberos_tgt_passing = 0; |
| 301 options.afs_token_passing = 0; 302 break; 303#endif 304 case 'i': 305 if (stat(optarg, &st) < 0) { 306 fprintf(stderr, "Warning: Identity file %s does not exist.\n", 307 optarg); 308 break; --- 302 unchanged lines hidden (view full) --- 611 /* Log into the remote system. This never returns if the login fails. */ 612 ssh_login(host_private_key_loaded, host_private_key, 613 host, (struct sockaddr *)&hostaddr, original_real_uid); 614 615 /* We no longer need the host private key. Clear it now. */ 616 if (host_private_key_loaded) 617 RSA_free(host_private_key); /* Destroys contents safely */ 618 | 296 options.afs_token_passing = 0; 297 break; 298#endif 299 case 'i': 300 if (stat(optarg, &st) < 0) { 301 fprintf(stderr, "Warning: Identity file %s does not exist.\n", 302 optarg); 303 break; --- 302 unchanged lines hidden (view full) --- 606 /* Log into the remote system. This never returns if the login fails. */ 607 ssh_login(host_private_key_loaded, host_private_key, 608 host, (struct sockaddr *)&hostaddr, original_real_uid); 609 610 /* We no longer need the host private key. Clear it now. */ 611 if (host_private_key_loaded) 612 RSA_free(host_private_key); /* Destroys contents safely */ 613 |
| 619 /* Close connection cleanly after attack. */ 620 cipher_attack_detected = packet_disconnect; 621 | |
| 622 /* Enable compression if requested. */ 623 if (options.compression) { 624 debug("Requesting compression at level %d.", options.compression_level); 625 626 if (options.compression_level < 1 || options.compression_level > 9) 627 fatal("Compression level must be from 1 (fast) to 9 (slow, best)."); 628 629 /* Send the request. */ --- 35 unchanged lines hidden (view full) --- 665 tty_make_modes(fileno(stdin)); 666 667 /* Send the packet, and wait for it to leave. */ 668 packet_send(); 669 packet_write_wait(); 670 671 /* Read response from the server. */ 672 type = packet_read(&plen); | 614 /* Enable compression if requested. */ 615 if (options.compression) { 616 debug("Requesting compression at level %d.", options.compression_level); 617 618 if (options.compression_level < 1 || options.compression_level > 9) 619 fatal("Compression level must be from 1 (fast) to 9 (slow, best)."); 620 621 /* Send the request. */ --- 35 unchanged lines hidden (view full) --- 657 tty_make_modes(fileno(stdin)); 658 659 /* Send the packet, and wait for it to leave. */ 660 packet_send(); 661 packet_write_wait(); 662 663 /* Read response from the server. */ 664 type = packet_read(&plen); |
| 673 if (type == SSH_SMSG_SUCCESS) | 665 if (type == SSH_SMSG_SUCCESS) { |
| 674 interactive = 1; | 666 interactive = 1; |
| 675 else if (type == SSH_SMSG_FAILURE) | 667 have_pty = 1; 668 } else if (type == SSH_SMSG_FAILURE) |
| 676 log("Warning: Remote host failed or refused to allocate a pseudo tty."); 677 else 678 packet_disconnect("Protocol error waiting for pty request response."); 679 } 680 /* Request X11 forwarding if enabled and DISPLAY is set. */ 681 if (options.forward_x11 && getenv("DISPLAY") != NULL) { 682 char line[512], proto[512], data[512]; 683 FILE *f; --- 111 unchanged lines hidden (view full) --- 795 } else { 796 debug("Requesting shell."); 797 packet_start(SSH_CMSG_EXEC_SHELL); 798 packet_send(); 799 packet_write_wait(); 800 } 801 802 /* Enter the interactive session. */ | 669 log("Warning: Remote host failed or refused to allocate a pseudo tty."); 670 else 671 packet_disconnect("Protocol error waiting for pty request response."); 672 } 673 /* Request X11 forwarding if enabled and DISPLAY is set. */ 674 if (options.forward_x11 && getenv("DISPLAY") != NULL) { 675 char line[512], proto[512], data[512]; 676 FILE *f; --- 111 unchanged lines hidden (view full) --- 788 } else { 789 debug("Requesting shell."); 790 packet_start(SSH_CMSG_EXEC_SHELL); 791 packet_send(); 792 packet_write_wait(); 793 } 794 795 /* Enter the interactive session. */ |
| 803 exit_status = client_loop(tty_flag, tty_flag ? options.escape_char : -1); | 796 exit_status = client_loop(have_pty, tty_flag ? options.escape_char : -1); |
| 804 805 /* Close the connection to the remote host. */ 806 packet_close(); 807 808 /* Exit with the status returned by the program on the remote side. */ 809 exit(exit_status); 810} | 797 798 /* Close the connection to the remote host. */ 799 packet_close(); 800 801 /* Exit with the status returned by the program on the remote side. */ 802 exit(exit_status); 803} |