Blame - ssh.c - platform/external/openssh

blob: d3619fe292a2e2a3d13265e39c7797658d7cd28e [file] [log] [blame]

markus@openbsd.org	1b11ea7	2018-02-23 15:58:37 +0000	[diff] [blame]	1	/* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	6	* Ssh client program. This program can be used to log into a remote machine.
				7	* The software supports strong authentication, encryption, and forwarding
				8	* of X11, TCP/IP, and authentication connections.
				9	*
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	10	* As far as I am concerned, the code I have written for this software
				11	* can be used freely for any purpose. Any derived versions of this
				12	* software must be clearly marked as such, and if the derived work is
				13	* incompatible with the protocol description in the RFC file, it must be
				14	* called by a name other than "ssh" or "Secure Shell".
				15	*
				16	* Copyright (c) 1999 Niels Provos. All rights reserved.
Darren Tucker	0a118da	2003-10-15 15:54:32 +1000	[diff] [blame]	17	* Copyright (c) 2000, 2001, 2002, 2003 Markus Friedl. All rights reserved.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	18	*
				19	* Modified to work with SSL by Niels Provos <provos@citi.umich.edu>
				20	* in Canada (German citizen).
				21	*
				22	* Redistribution and use in source and binary forms, with or without
				23	* modification, are permitted provided that the following conditions
				24	* are met:
				25	* 1. Redistributions of source code must retain the above copyright
				26	* notice, this list of conditions and the following disclaimer.
				27	* 2. Redistributions in binary form must reproduce the above copyright
				28	* notice, this list of conditions and the following disclaimer in the
				29	* documentation and/or other materials provided with the distribution.
				30	*
				31	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				32	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				33	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				34	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				35	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				36	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				37	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				38	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				39	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				40	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	41	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	42
				43	#include "includes.h"
Damien Miller	cd4223c	2006-03-15 11:22:47 +1100	[diff] [blame]	44
Damien Miller	f17883e	2006-03-15 11:45:54 +1100	[diff] [blame]	45	#include <sys/types.h>
				46	#ifdef HAVE_SYS_STAT_H
				47	# include <sys/stat.h>
				48	#endif
Damien Miller	cd4223c	2006-03-15 11:22:47 +1100	[diff] [blame]	49	#include <sys/resource.h>
Damien Miller	17e91c0	2006-03-15 11:28:34 +1100	[diff] [blame]	50	#include <sys/ioctl.h>
Damien Miller	e3b60b5	2006-07-10 21:08:03 +1000	[diff] [blame]	51	#include <sys/socket.h>
Damien Miller	857b02e	2010-09-24 22:02:56 +1000	[diff] [blame]	52	#include <sys/wait.h>
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	53
Damien Miller	c7b0636	2006-03-15 11:53:45 +1100	[diff] [blame]	54	#include <ctype.h>
Darren Tucker	ba72405	2006-07-12 22:24:22 +1000	[diff] [blame]	55	#include <errno.h>
Damien Miller	57cf638	2006-07-10 21:13:46 +1000	[diff] [blame]	56	#include <fcntl.h>
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	57	#include <netdb.h>
Damien Miller	6645e7a	2006-03-15 14:42:54 +1100	[diff] [blame]	58	#ifdef HAVE_PATHS_H
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	59	#include <paths.h>
Damien Miller	6645e7a	2006-03-15 14:42:54 +1100	[diff] [blame]	60	#endif
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	61	#include <pwd.h>
Damien Miller	6ff3cad	2006-03-15 11:52:09 +1100	[diff] [blame]	62	#include <signal.h>
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	63	#include <stdarg.h>
Damien Miller	2d00e63	2006-07-24 13:53:19 +1000	[diff] [blame]	64	#include <stddef.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	65	#include <stdio.h>
Damien Miller	e7a1e5c	2006-08-05 11:34:19 +1000	[diff] [blame]	66	#include <stdlib.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	67	#include <string.h>
Damien Miller	e6b3b61	2006-07-24 14:01:23 +1000	[diff] [blame]	68	#include <unistd.h>
deraadt@openbsd.org	087266e	2015-01-20 23:14:00 +0000	[diff] [blame]	69	#include <limits.h>
djm@openbsd.org	65c6c6b	2016-07-17 04:20:16 +0000	[diff] [blame]	70	#include <locale.h>
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	71
Darren Tucker	46aa3e0	2006-09-02 15:32:40 +1000	[diff] [blame]	72	#include <netinet/in.h>
				73	#include <arpa/inet.h>
				74
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	75	#ifdef WITH_OPENSSL
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	76	#include <openssl/evp.h>
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	77	#include <openssl/err.h>
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	78	#endif
Darren Tucker	bfaaf96	2008-02-28 19:13:52 +1100	[diff] [blame]	79	#include "openbsd-compat/openssl-compat.h"
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	80	#include "openbsd-compat/sys-queue.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	81
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	82	#include "xmalloc.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	83	#include "ssh.h"
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	84	#include "ssh2.h"
Damien Miller	b96c441	2010-07-02 13:34:24 +1000	[diff] [blame]	85	#include "canohost.h"
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	86	#include "compat.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	87	#include "cipher.h"
Damien Miller	9c38643	2014-07-03 21:27:46 +1000	[diff] [blame]	88	#include "digest.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	89	#include "packet.h"
				90	#include "buffer.h"
Ben Lindstrom	c763767	2001-06-09 00:36:26 +0000	[diff] [blame]	91	#include "channels.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	92	#include "key.h"
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	93	#include "authfd.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	94	#include "authfile.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	95	#include "pathnames.h"
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	96	#include "dispatch.h"
Ben Lindstrom	bf555ba	2001-01-18 02:04:35 +0000	[diff] [blame]	97	#include "clientloop.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	98	#include "log.h"
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	99	#include "misc.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	100	#include "readconf.h"
				101	#include "sshconnect.h"
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	102	#include "kex.h"
				103	#include "mac.h"
Darren Tucker	06f2bd8	2004-05-13 16:06:46 +1000	[diff] [blame]	104	#include "sshpty.h"
Darren Tucker	46bc075	2004-05-02 22:11:30 +1000	[diff] [blame]	105	#include "match.h"
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	106	#include "msg.h"
Darren Tucker	25f60a7	2004-08-15 17:23:34 +1000	[diff] [blame]	107	#include "uidswap.h"
Damien Miller	b757677	2006-07-10 20:23:39 +1000	[diff] [blame]	108	#include "version.h"
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	109	#include "ssherr.h"
djm@openbsd.org	f9eca24	2015-07-30 00:01:34 +0000	[diff] [blame]	110	#include "myproposal.h"
Damien Miller	dda78a0	2016-12-12 13:57:10 +1100	[diff] [blame]	111	#include "utf8.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	112
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	113	#ifdef ENABLE_PKCS11
				114	#include "ssh-pkcs11.h"
Ben Lindstrom	bcc1808	2001-08-06 21:59:25 +0000	[diff] [blame]	115	#endif
Ben Lindstrom	c5b6800	2001-07-04 04:52:03 +0000	[diff] [blame]	116
Damien Miller	3f90587	1999-11-15 17:10:57 +1100	[diff] [blame]	117	extern char *__progname;
Damien Miller	3f90587	1999-11-15 17:10:57 +1100	[diff] [blame]	118
Damien Miller	ea2c1a4	2011-06-03 12:10:22 +1000	[diff] [blame]	119	/* Saves a copy of argv for setproctitle emulation */
				120	#ifndef HAVE_SETPROCTITLE
				121	static char **saved_av;
				122	#endif
				123
Darren Tucker	d6173c0	2008-06-13 04:52:53 +1000	[diff] [blame]	124	/* Flag indicating whether debug mode is on. May be set on the command line. */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	125	int debug_flag = 0;
				126
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	127	/* Flag indicating whether a tty should be requested */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	128	int tty_flag = 0;
				129
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	130	/* don't exec a shell */
				131	int no_shell_flag = 0;
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	132
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	133	/*
				134	* Flag indicating that nothing should be read from stdin. This can be set
				135	* on the command line.
				136	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	137	int stdin_null_flag = 0;
				138
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	139	/*
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	140	* Flag indicating that the current process should be backgrounded and
				141	* a new slave launched in the foreground for ControlPersist.
				142	*/
				143	int need_controlpersist_detach = 0;
				144
				145	/* Copies of flags for ControlPersist foreground slave */
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	146	int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty;
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	147
				148	/*
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	149	* Flag indicating that ssh should fork after authentication. This is useful
Ben Lindstrom	f666fec	2002-06-06 19:51:58 +0000	[diff] [blame]	150	* so that the passphrase can be entered manually, and then ssh goes to the
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	151	* background.
				152	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	153	int fork_after_authentication_flag = 0;
				154
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	155	/*
				156	* General data structure for command line options and options configurable
				157	* in configuration files. See readconf.h.
				158	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	159	Options options;
				160
Ben Lindstrom	14f31ab	2001-09-12 17:48:04 +0000	[diff] [blame]	161	/* optional user configfile */
				162	char *config = NULL;
				163
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	164	/*
				165	* Name of the host we are connecting to. This is the name given on the
				166	* command line, or the HostName specified for the user-supplied name in a
				167	* configuration file.
				168	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	169	char *host;
				170
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	171	/* Various strings used to to percent_expand() arguments */
				172	static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
				173	static char uidstr[32], host_arg, conn_hash_hex;
				174
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	175	/* socket address the host resolves to */
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	176	struct sockaddr_storage hostaddr;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	177
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	178	/* Private host keys. */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	179	Sensitive sensitive_data;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	180
				181	/* Original real UID. */
				182	uid_t original_real_uid;
Ben Lindstrom	f9c4884	2002-06-11 16:37:51 +0000	[diff] [blame]	183	uid_t original_effective_uid;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	184
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	185	/* command to be executed */
				186	Buffer command;
				187
Damien Miller	832562e	2001-01-30 09:30:01 +1100	[diff] [blame]	188	/* Should we execute a command or invoke a subsystem? */
				189	int subsystem_flag = 0;
				190
Damien Miller	2797f7f	2002-04-23 21:09:44 +1000	[diff] [blame]	191	/* # of replies received for global requests */
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	192	static int remote_forward_confirms_received = 0;
Damien Miller	2797f7f	2002-04-23 21:09:44 +1000	[diff] [blame]	193
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	194	/* mux.c */
				195	extern int muxserver_sock;
				196	extern u_int muxclient_command;
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	197
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	198	/* Prints a help message to the user. This function never returns. */
				199
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	200	static void
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	201	usage(void)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	202	{
Damien Miller	5095510	2004-03-22 09:34:58 +1100	[diff] [blame]	203	fprintf(stderr,
djm@openbsd.org	ac2e302	2018-02-23 02:34:33 +0000	[diff] [blame]	204	"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n"
				205	" [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n"
				206	" [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n"
				207	" [-i identity_file] [-J [user@]host[:port]] [-L address]\n"
				208	" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
				209	" [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n"
				210	" [-w local_tun[:remote_tun]] destination [command]\n"
Damien Miller	5095510	2004-03-22 09:34:58 +1100	[diff] [blame]	211	);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	212	exit(255);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	213	}
				214
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	215	static int ssh_session2(struct ssh , struct passwd );
				216	static void load_public_identity_files(struct passwd *);
Damien Miller	857b02e	2010-09-24 22:02:56 +1000	[diff] [blame]	217	static void main_sigchld_handler(int);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	218
Damien Miller	295ee63	2011-05-29 21:42:31 +1000	[diff] [blame]	219	/* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */
				220	static void
				221	tilde_expand_paths(char **paths, u_int num_paths)
				222	{
				223	u_int i;
				224	char *cp;
				225
				226	for (i = 0; i < num_paths; i++) {
				227	cp = tilde_expand_filename(paths[i], original_real_uid);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	228	free(paths[i]);
Damien Miller	295ee63	2011-05-29 21:42:31 +1000	[diff] [blame]	229	paths[i] = cp;
				230	}
				231	}
				232
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	233	/*
				234	* Attempt to resolve a host name / port to a set of addresses and
				235	* optionally return any CNAMEs encountered along the way.
				236	* Returns NULL on failure.
				237	* NB. this function must operate with a options having undefined members.
				238	*/
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	239	static struct addrinfo *
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	240	resolve_host(const char name, int port, int logerr, char cname, size_t clen)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	241	{
				242	char strport[NI_MAXSERV];
				243	struct addrinfo hints, *res;
				244	int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1;
				245
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	246	if (port <= 0)
				247	port = default_ssh_port();
				248
djm@openbsd.org	b1d38a3	2015-10-15 23:51:40 +0000	[diff] [blame]	249	snprintf(strport, sizeof strport, "%d", port);
Damien Miller	1d2c456	2014-02-04 11:18:20 +1100	[diff] [blame]	250	memset(&hints, 0, sizeof(hints));
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	251	hints.ai_family = options.address_family == -1 ?
				252	AF_UNSPEC : options.address_family;
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	253	hints.ai_socktype = SOCK_STREAM;
				254	if (cname != NULL)
				255	hints.ai_flags = AI_CANONNAME;
				256	if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
				257	if (logerr \|\| (gaierr != EAI_NONAME && gaierr != EAI_NODATA))
				258	loglevel = SYSLOG_LEVEL_ERROR;
				259	do_log2(loglevel, "%s: Could not resolve hostname %.100s: %s",
				260	__progname, name, ssh_gai_strerror(gaierr));
				261	return NULL;
				262	}
				263	if (cname != NULL && res->ai_canonname != NULL) {
				264	if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
				265	error("%s: host \"%s\" cname \"%s\" too long (max %lu)",
				266	__func__, name, res->ai_canonname, (u_long)clen);
				267	if (clen > 0)
				268	*cname = '\0';
				269	}
				270	}
				271	return res;
				272	}
				273
djm@openbsd.org	fc21ea9	2018-01-23 05:06:25 +0000	[diff] [blame]	274	/* Returns non-zero if name can only be an address and not a hostname */
				275	static int
				276	is_addr_fast(const char *name)
				277	{
				278	return (strchr(name, '%') != NULL \|\| strchr(name, ':') != NULL \|\|
				279	strspn(name, "0123456789.") == strlen(name));
				280	}
				281
				282	/* Returns non-zero if name represents a valid, single address */
				283	static int
				284	is_addr(const char *name)
				285	{
				286	char strport[NI_MAXSERV];
				287	struct addrinfo hints, *res;
				288
				289	if (is_addr_fast(name))
				290	return 1;
				291
				292	snprintf(strport, sizeof strport, "%u", default_ssh_port());
				293	memset(&hints, 0, sizeof(hints));
				294	hints.ai_family = options.address_family == -1 ?
				295	AF_UNSPEC : options.address_family;
				296	hints.ai_socktype = SOCK_STREAM;
				297	hints.ai_flags = AI_NUMERICHOST\|AI_NUMERICSERV;
				298	if (getaddrinfo(name, strport, &hints, &res) != 0)
				299	return 0;
				300	if (res == NULL \|\| res->ai_next != NULL) {
				301	freeaddrinfo(res);
				302	return 0;
				303	}
				304	freeaddrinfo(res);
				305	return 1;
				306	}
				307
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	308	/*
djm@openbsd.org	9010902	2015-01-16 07:19:48 +0000	[diff] [blame]	309	* Attempt to resolve a numeric host address / port to a single address.
				310	* Returns a canonical address string.
				311	* Returns NULL on failure.
				312	* NB. this function must operate with a options having undefined members.
				313	*/
				314	static struct addrinfo *
				315	resolve_addr(const char name, int port, char caddr, size_t clen)
				316	{
				317	char addr[NI_MAXHOST], strport[NI_MAXSERV];
				318	struct addrinfo hints, *res;
				319	int gaierr;
				320
				321	if (port <= 0)
				322	port = default_ssh_port();
				323	snprintf(strport, sizeof strport, "%u", port);
				324	memset(&hints, 0, sizeof(hints));
				325	hints.ai_family = options.address_family == -1 ?
				326	AF_UNSPEC : options.address_family;
				327	hints.ai_socktype = SOCK_STREAM;
				328	hints.ai_flags = AI_NUMERICHOST\|AI_NUMERICSERV;
				329	if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
				330	debug2("%s: could not resolve name %.100s as address: %s",
				331	__func__, name, ssh_gai_strerror(gaierr));
				332	return NULL;
				333	}
				334	if (res == NULL) {
				335	debug("%s: getaddrinfo %.100s returned no addresses",
				336	__func__, name);
				337	return NULL;
				338	}
				339	if (res->ai_next != NULL) {
				340	debug("%s: getaddrinfo %.100s returned multiple addresses",
				341	__func__, name);
				342	goto fail;
				343	}
				344	if ((gaierr = getnameinfo(res->ai_addr, res->ai_addrlen,
				345	addr, sizeof(addr), NULL, 0, NI_NUMERICHOST)) != 0) {
				346	debug("%s: Could not format address for name %.100s: %s",
				347	__func__, name, ssh_gai_strerror(gaierr));
				348	goto fail;
				349	}
				350	if (strlcpy(caddr, addr, clen) >= clen) {
				351	error("%s: host \"%s\" addr \"%s\" too long (max %lu)",
				352	__func__, name, addr, (u_long)clen);
				353	if (clen > 0)
				354	*caddr = '\0';
				355	fail:
				356	freeaddrinfo(res);
				357	return NULL;
				358	}
				359	return res;
				360	}
				361
				362	/*
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	363	* Check whether the cname is a permitted replacement for the hostname
				364	* and perform the replacement if it is.
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	365	* NB. this function must operate with a options having undefined members.
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	366	*/
				367	static int
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	368	check_follow_cname(int direct, char *namep, const char cname)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	369	{
				370	int i;
				371	struct allowed_cname *rule;
				372
				373	if (*cname == '\0' \|\| options.num_permitted_cnames == 0 \|\|
				374	strcmp(*namep, cname) == 0)
				375	return 0;
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	376	if (options.canonicalize_hostname == SSH_CANONICALISE_NO)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	377	return 0;
				378	/*
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	379	* Don't attempt to canonicalize names that will be interpreted by
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	380	* a proxy or jump host unless the user specifically requests so.
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	381	*/
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	382	if (!direct &&
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	383	options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	384	return 0;
				385	debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
				386	for (i = 0; i < options.num_permitted_cnames; i++) {
				387	rule = options.permitted_cnames + i;
djm@openbsd.org	e661a86	2015-05-04 06:10:48 +0000	[diff] [blame]	388	if (match_pattern_list(*namep, rule->source_list, 1) != 1 \|\|
				389	match_pattern_list(cname, rule->target_list, 1) != 1)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	390	continue;
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	391	verbose("Canonicalized DNS aliased hostname "
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	392	"\"%s\" => \"%s\"", *namep, cname);
				393	free(*namep);
				394	*namep = xstrdup(cname);
				395	return 1;
				396	}
				397	return 0;
				398	}
				399
				400	/*
				401	* Attempt to resolve the supplied hostname after applying the user's
Damien Miller	51682fa	2013-10-17 11:48:31 +1100	[diff] [blame]	402	* canonicalization rules. Returns the address list for the host or NULL
				403	* if no name was found after canonicalization.
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	404	* NB. this function must operate with a options having undefined members.
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	405	*/
				406	static struct addrinfo *
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	407	resolve_canonicalize(char **hostp, int port)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	408	{
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	409	int i, direct, ndots;
djm@openbsd.org	9010902	2015-01-16 07:19:48 +0000	[diff] [blame]	410	char cp, fullhost, newname[NI_MAXHOST];
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	411	struct addrinfo *addrs;
				412
djm@openbsd.org	fc21ea9	2018-01-23 05:06:25 +0000	[diff] [blame]	413	/*
				414	* Attempt to canonicalise addresses, regardless of
				415	* whether hostname canonicalisation was requested
				416	*/
				417	if ((addrs = resolve_addr(*hostp, port,
				418	newname, sizeof(newname))) != NULL) {
				419	debug2("%s: hostname %.100s is address", __func__, *hostp);
				420	if (strcasecmp(*hostp, newname) != 0) {
				421	debug2("%s: canonicalised address \"%s\" => \"%s\"",
				422	__func__, *hostp, newname);
				423	free(*hostp);
				424	*hostp = xstrdup(newname);
				425	}
				426	return addrs;
				427	}
				428
				429	/*
				430	* If this looks like an address but didn't parse as one, it might
				431	* be an address with an invalid interface scope. Skip further
				432	* attempts at canonicalisation.
				433	*/
				434	if (is_addr_fast(*hostp)) {
				435	debug("%s: hostname %.100s is an unrecognised address",
				436	__func__, *hostp);
				437	return NULL;
				438	}
				439
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	440	if (options.canonicalize_hostname == SSH_CANONICALISE_NO)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	441	return NULL;
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	442
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	443	/*
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	444	* Don't attempt to canonicalize names that will be interpreted by
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	445	* a proxy unless the user specifically requests so.
				446	*/
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	447	direct = option_clear_or_none(options.proxy_command) &&
				448	options.jump_host == NULL;
				449	if (!direct &&
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	450	options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	451	return NULL;
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	452
djm@openbsd.org	5ee0063	2015-10-16 18:40:49 +0000	[diff] [blame]	453	/* If domain name is anchored, then resolve it now */
				454	if ((hostp)[strlen(hostp) - 1] == '.') {
				455	debug3("%s: name is fully qualified", __func__);
				456	fullhost = xstrdup(*hostp);
				457	if ((addrs = resolve_host(fullhost, port, 0,
				458	newname, sizeof(newname))) != NULL)
				459	goto found;
				460	free(fullhost);
				461	goto notfound;
				462	}
				463
Damien Miller	51682fa	2013-10-17 11:48:31 +1100	[diff] [blame]	464	/* Don't apply canonicalization to sufficiently-qualified hostnames */
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	465	ndots = 0;
				466	for (cp = hostp; cp != '\0'; cp++) {
				467	if (*cp == '.')
				468	ndots++;
				469	}
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	470	if (ndots > options.canonicalize_max_dots) {
				471	debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)",
				472	__func__, *hostp, options.canonicalize_max_dots);
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	473	return NULL;
				474	}
				475	/* Attempt each supplied suffix */
				476	for (i = 0; i < options.num_canonical_domains; i++) {
djm@openbsd.org	9010902	2015-01-16 07:19:48 +0000	[diff] [blame]	477	*newname = '\0';
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	478	xasprintf(&fullhost, "%s.%s.", *hostp,
				479	options.canonical_domains[i]);
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	480	debug3("%s: attempting \"%s\" => \"%s\"", __func__,
				481	*hostp, fullhost);
				482	if ((addrs = resolve_host(fullhost, port, 0,
djm@openbsd.org	9010902	2015-01-16 07:19:48 +0000	[diff] [blame]	483	newname, sizeof(newname))) == NULL) {
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	484	free(fullhost);
				485	continue;
				486	}
djm@openbsd.org	5ee0063	2015-10-16 18:40:49 +0000	[diff] [blame]	487	found:
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	488	/* Remove trailing '.' */
				489	fullhost[strlen(fullhost) - 1] = '\0';
				490	/* Follow CNAME if requested */
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	491	if (!check_follow_cname(direct, &fullhost, newname)) {
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	492	debug("Canonicalized hostname \"%s\" => \"%s\"",
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	493	*hostp, fullhost);
				494	}
				495	free(*hostp);
				496	*hostp = fullhost;
				497	return addrs;
				498	}
djm@openbsd.org	5ee0063	2015-10-16 18:40:49 +0000	[diff] [blame]	499	notfound:
Damien Miller	3850559	2013-10-17 11:48:13 +1100	[diff] [blame]	500	if (!options.canonicalize_fallback_local)
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	501	fatal("%s: Could not resolve host \"%s\"", __progname, *hostp);
				502	debug2("%s: host %s not found in any suffix", __func__, *hostp);
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	503	return NULL;
				504	}
				505
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	506	/*
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	507	* Read per-user configuration file. Ignore the system wide config
				508	* file if the user specifies a config file on the command line.
				509	*/
				510	static void
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	511	process_config_files(const char host_name, struct passwd pw, int post_canon)
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	512	{
deraadt@openbsd.org	087266e	2015-01-20 23:14:00 +0000	[diff] [blame]	513	char buf[PATH_MAX];
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	514	int r;
				515
				516	if (config != NULL) {
				517	if (strcasecmp(config, "none") != 0 &&
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	518	!read_config_file(config, pw, host, host_name, &options,
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	519	SSHCONF_USERCONF \| (post_canon ? SSHCONF_POSTCANON : 0)))
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	520	fatal("Can't open user config file %.100s: "
				521	"%.100s", config, strerror(errno));
				522	} else {
				523	r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
				524	_PATH_SSH_USER_CONFFILE);
				525	if (r > 0 && (size_t)r < sizeof(buf))
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	526	(void)read_config_file(buf, pw, host, host_name,
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	527	&options, SSHCONF_CHECKPERM \| SSHCONF_USERCONF \|
				528	(post_canon ? SSHCONF_POSTCANON : 0));
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	529
				530	/* Read systemwide configuration file after user config. */
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	531	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	532	host, host_name, &options,
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	533	post_canon ? SSHCONF_POSTCANON : 0);
				534	}
				535	}
				536
				537	/* Rewrite the port number in an addrinfo list of addresses */
				538	static void
				539	set_addrinfo_port(struct addrinfo *addrs, int port)
				540	{
				541	struct addrinfo *addr;
				542
				543	for (addr = addrs; addr != NULL; addr = addr->ai_next) {
				544	switch (addr->ai_family) {
				545	case AF_INET:
				546	((struct sockaddr_in *)addr->ai_addr)->
				547	sin_port = htons(port);
				548	break;
				549	case AF_INET6:
				550	((struct sockaddr_in6 *)addr->ai_addr)->
				551	sin6_port = htons(port);
				552	break;
				553	}
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	554	}
				555	}
				556
				557	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	558	* Main program for the ssh client.
				559	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	560	int
				561	main(int ac, char **av)
				562	{
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	563	struct ssh *ssh = NULL;
djm@openbsd.org	643c2ad	2017-08-12 06:46:01 +0000	[diff] [blame]	564	int i, r, opt, exit_status, use_syslog, direct, timeout_ms;
djm@openbsd.org	fc21ea9	2018-01-23 05:06:25 +0000	[diff] [blame]	565	int was_addr, config_test = 0, opt_terminated = 0;
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	566	char p, cp, line, argv0, buf[PATH_MAX], *logfile;
				567	char cname[NI_MAXHOST];
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	568	struct stat st;
Ben Lindstrom	086cf21	2001-03-05 05:56:40 +0000	[diff] [blame]	569	struct passwd *pw;
Ben Lindstrom	5ccf63a	2001-09-24 20:00:10 +0000	[diff] [blame]	570	extern int optind, optreset;
Damien Miller	4f8e669	2001-07-14 13:22:53 +1000	[diff] [blame]	571	extern char *optarg;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	572	struct Forward fwd;
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	573	struct addrinfo *addrs = NULL;
Damien Miller	9c38643	2014-07-03 21:27:46 +1000	[diff] [blame]	574	struct ssh_digest_ctx *md;
				575	u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	576
dtucker@openbsd.org	ffb1e7e	2016-02-15 09:47:49 +0000	[diff] [blame]	577	ssh_malloc_init(); /* must be called before any mallocs */
Darren Tucker	ce321d8	2005-10-03 18:11:24 +1000	[diff] [blame]	578	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
				579	sanitise_stdfd();
				580
Damien Miller	59d3d5b	2003-08-22 09:34:41 +1000	[diff] [blame]	581	__progname = ssh_get_progname(av[0]);
Damien Miller	f9b625c	2000-07-09 22:42:32 +1000	[diff] [blame]	582
Damien Miller	ea2c1a4	2011-06-03 12:10:22 +1000	[diff] [blame]	583	#ifndef HAVE_SETPROCTITLE
				584	/* Prepare for later setproctitle emulation */
				585	/* Save argv so it isn't clobbered by setproctitle() emulation */
				586	saved_av = xcalloc(ac + 1, sizeof(*saved_av));
				587	for (i = 0; i < ac; i++)
				588	saved_av[i] = xstrdup(av[i]);
				589	saved_av[i] = NULL;
				590	compat_init_setproctitle(ac, av);
				591	av = saved_av;
				592	#endif
				593
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	594	/*
Damien Miller	00d9ae2	2010-08-17 01:59:31 +1000	[diff] [blame]	595	* Discard other fds that are hanging around. These can cause problem
				596	* with backgrounded ssh processes started by ControlPersist.
				597	*/
				598	closefrom(STDERR_FILENO + 1);
				599
				600	/*
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	601	* Save the original real uid. It will be needed later (uid-swapping
				602	* may clobber the real uid).
				603	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	604	original_real_uid = getuid();
				605	original_effective_uid = geteuid();
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	606
Damien Miller	50b9a60	2002-09-04 16:50:06 +1000	[diff] [blame]	607	/*
				608	* Use uid-swapping to give up root privileges for the duration of
				609	* option processing. We will re-instantiate the rights when we are
				610	* ready to create the privileged port, and will permanently drop
				611	* them when the port has been created (actually, when the connection
				612	* has been made, as we may need to create the port several times).
				613	*/
				614	PRIV_END;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	615
Damien Miller	05dd795	2000-10-01 00:42:48 +1100	[diff] [blame]	616	#ifdef HAVE_SETRLIMIT
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	617	/* If we are installed setuid root be careful to not drop core. */
				618	if (original_real_uid != original_effective_uid) {
				619	struct rlimit rlim;
				620	rlim.rlim_cur = rlim.rlim_max = 0;
				621	if (setrlimit(RLIMIT_CORE, &rlim) < 0)
				622	fatal("setrlimit failed: %.100s", strerror(errno));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	623	}
Damien Miller	bac2d8a	2000-09-05 16:13:06 +1100	[diff] [blame]	624	#endif
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	625	/* Get user data. */
				626	pw = getpwuid(original_real_uid);
				627	if (!pw) {
Damien Miller	3009d3c	2013-07-20 13:22:31 +1000	[diff] [blame]	628	logit("No user exists for uid %lu", (u_long)original_real_uid);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	629	exit(255);
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	630	}
				631	/* Take a copy of the returned structure. */
				632	pw = pwcopy(pw);
				633
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	634	/*
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	635	* Set our umask to something reasonable, as some files are created
				636	* with the default umask. This will make them world-readable but
				637	* writable only by the owner, which is ok for all files for which we
				638	* don't set the modes explicitly.
				639	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	640	umask(022);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	641
Damien Miller	dda78a0	2016-12-12 13:57:10 +1100	[diff] [blame]	642	msetlocale();
djm@openbsd.org	65c6c6b	2016-07-17 04:20:16 +0000	[diff] [blame]	643
Darren Tucker	d6173c0	2008-06-13 04:52:53 +1000	[diff] [blame]	644	/*
				645	* Initialize option structure to indicate that no values have been
				646	* set.
				647	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	648	initialize_options(&options);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	649
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	650	/*
				651	* Prepare main ssh transport/connection structures
				652	*/
				653	if ((ssh = ssh_alloc_session_state()) == NULL)
				654	fatal("Couldn't allocate session state");
				655	channel_init_channels(ssh);
				656	active_state = ssh; /* XXX legacy API compat */
				657
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	658	/* Parse command-line arguments. */
				659	host = NULL;
Damien Miller	e272a5b	2008-11-03 19:22:37 +1100	[diff] [blame]	660	use_syslog = 0;
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	661	logfile = NULL;
Darren Tucker	72efd74	2009-06-21 17:48:00 +1000	[diff] [blame]	662	argv0 = av[0];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	663
Damien Miller	2ecb6bd	2006-03-15 12:03:53 +1100	[diff] [blame]	664	again:
Darren Tucker	d6173c0	2008-06-13 04:52:53 +1000	[diff] [blame]	665	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
djm@openbsd.org	ac2e302	2018-02-23 02:34:33 +0000	[diff] [blame]	666	"AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	667	switch (opt) {
Ben Lindstrom	1e7d306	2001-02-09 02:36:43 +0000	[diff] [blame]	668	case '1':
djm@openbsd.org	99f95ba	2017-04-30 23:11:45 +0000	[diff] [blame]	669	fatal("SSH protocol v.1 is no longer supported");
Ben Lindstrom	1e7d306	2001-02-09 02:36:43 +0000	[diff] [blame]	670	break;
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	671	case '2':
djm@openbsd.org	99f95ba	2017-04-30 23:11:45 +0000	[diff] [blame]	672	/* Ignored */
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	673	break;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	674	case '4':
Darren Tucker	0a4f04b	2003-07-03 20:37:47 +1000	[diff] [blame]	675	options.address_family = AF_INET;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	676	break;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	677	case '6':
Darren Tucker	0a4f04b	2003-07-03 20:37:47 +1000	[diff] [blame]	678	options.address_family = AF_INET6;
Damien Miller	34132e5	2000-01-14 15:45:46 +1100	[diff] [blame]	679	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	680	case 'n':
				681	stdin_null_flag = 1;
				682	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	683	case 'f':
				684	fork_after_authentication_flag = 1;
				685	stdin_null_flag = 1;
				686	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	687	case 'x':
				688	options.forward_x11 = 0;
				689	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	690	case 'X':
				691	options.forward_x11 = 1;
				692	break;
Damien Miller	e272a5b	2008-11-03 19:22:37 +1100	[diff] [blame]	693	case 'y':
				694	use_syslog = 1;
				695	break;
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	696	case 'E':
dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	697	logfile = optarg;
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	698	break;
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	699	case 'G':
				700	config_test = 1;
				701	break;
Darren Tucker	0a118da	2003-10-15 15:54:32 +1000	[diff] [blame]	702	case 'Y':
				703	options.forward_x11 = 1;
				704	options.forward_x11_trusted = 1;
				705	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	706	case 'g':
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	707	options.fwd_opts.gateway_ports = 1;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	708	break;
Darren Tucker	7ebfc10	2004-11-07 20:06:19 +1100	[diff] [blame]	709	case 'O':
dtucker@openbsd.org	8543ff3	2016-06-03 03:14:41 +0000	[diff] [blame]	710	if (options.stdio_forward_host != NULL)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	711	fatal("Cannot specify multiplexing "
				712	"command with -W");
				713	else if (muxclient_command != 0)
				714	fatal("Multiplexing command already specified");
Darren Tucker	7ebfc10	2004-11-07 20:06:19 +1100	[diff] [blame]	715	if (strcmp(optarg, "check") == 0)
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	716	muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK;
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	717	else if (strcmp(optarg, "forward") == 0)
				718	muxclient_command = SSHMUX_COMMAND_FORWARD;
Darren Tucker	7ebfc10	2004-11-07 20:06:19 +1100	[diff] [blame]	719	else if (strcmp(optarg, "exit") == 0)
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	720	muxclient_command = SSHMUX_COMMAND_TERMINATE;
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	721	else if (strcmp(optarg, "stop") == 0)
				722	muxclient_command = SSHMUX_COMMAND_STOP;
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	723	else if (strcmp(optarg, "cancel") == 0)
				724	muxclient_command = SSHMUX_COMMAND_CANCEL_FWD;
markus@openbsd.org	8d05784	2016-09-30 09:19:13 +0000	[diff] [blame]	725	else if (strcmp(optarg, "proxy") == 0)
				726	muxclient_command = SSHMUX_COMMAND_PROXY;
Darren Tucker	7ebfc10	2004-11-07 20:06:19 +1100	[diff] [blame]	727	else
				728	fatal("Invalid multiplex command.");
				729	break;
Damien Miller	147bba3	2002-09-04 16:46:06 +1000	[diff] [blame]	730	case 'P': /* deprecated */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	731	options.use_privileged_port = 0;
				732	break;
Damien Miller	d937dc0	2013-12-05 10:19:54 +1100	[diff] [blame]	733	case 'Q':
Damien Miller	ea11119	2013-04-23 19:24:32 +1000	[diff] [blame]	734	cp = NULL;
Damien Miller	d937dc0	2013-12-05 10:19:54 +1100	[diff] [blame]	735	if (strcmp(optarg, "cipher") == 0)
Damien Miller	0fde8ac	2013-11-21 14:12:23 +1100	[diff] [blame]	736	cp = cipher_alg_list('\n', 0);
Damien Miller	d937dc0	2013-12-05 10:19:54 +1100	[diff] [blame]	737	else if (strcmp(optarg, "cipher-auth") == 0)
Damien Miller	0fde8ac	2013-11-21 14:12:23 +1100	[diff] [blame]	738	cp = cipher_alg_list('\n', 1);
Damien Miller	d937dc0	2013-12-05 10:19:54 +1100	[diff] [blame]	739	else if (strcmp(optarg, "mac") == 0)
Damien Miller	690d989	2013-11-08 12:16:49 +1100	[diff] [blame]	740	cp = mac_alg_list('\n');
Damien Miller	d937dc0	2013-12-05 10:19:54 +1100	[diff] [blame]	741	else if (strcmp(optarg, "kex") == 0)
Damien Miller	690d989	2013-11-08 12:16:49 +1100	[diff] [blame]	742	cp = kex_alg_list('\n');
Damien Miller	d937dc0	2013-12-05 10:19:54 +1100	[diff] [blame]	743	else if (strcmp(optarg, "key") == 0)
djm@openbsd.org	183ba55	2017-03-10 04:07:20 +0000	[diff] [blame]	744	cp = sshkey_alg_list(0, 0, 0, '\n');
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	745	else if (strcmp(optarg, "key-cert") == 0)
djm@openbsd.org	183ba55	2017-03-10 04:07:20 +0000	[diff] [blame]	746	cp = sshkey_alg_list(1, 0, 0, '\n');
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	747	else if (strcmp(optarg, "key-plain") == 0)
djm@openbsd.org	183ba55	2017-03-10 04:07:20 +0000	[diff] [blame]	748	cp = sshkey_alg_list(0, 1, 0, '\n');
djm@openbsd.org	68d2dfc	2015-03-03 06:48:58 +0000	[diff] [blame]	749	else if (strcmp(optarg, "protocol-version") == 0) {
djm@openbsd.org	68d2dfc	2015-03-03 06:48:58 +0000	[diff] [blame]	750	cp = xstrdup("2");
djm@openbsd.org	68d2dfc	2015-03-03 06:48:58 +0000	[diff] [blame]	751	}
Damien Miller	ea11119	2013-04-23 19:24:32 +1000	[diff] [blame]	752	if (cp == NULL)
				753	fatal("Unsupported query \"%s\"", optarg);
				754	printf("%s\n", cp);
				755	free(cp);
				756	exit(0);
				757	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	758	case 'a':
				759	options.forward_agent = 0;
				760	break;
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	761	case 'A':
				762	options.forward_agent = 1;
				763	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	764	case 'k':
Damien Miller	e0113cc	2003-11-24 13:10:09 +1100	[diff] [blame]	765	options.gss_deleg_creds = 0;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	766	break;
Darren Tucker	415bddc	2007-06-12 23:43:16 +1000	[diff] [blame]	767	case 'K':
				768	options.gss_authentication = 1;
				769	options.gss_deleg_creds = 1;
				770	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	771	case 'i':
dtucker@openbsd.org	03239c1	2015-10-25 23:42:00 +0000	[diff] [blame]	772	p = tilde_expand_filename(optarg, original_real_uid);
				773	if (stat(p, &st) < 0)
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	774	fprintf(stderr, "Warning: Identity file %s "
dtucker@openbsd.org	03239c1	2015-10-25 23:42:00 +0000	[diff] [blame]	775	"not accessible: %s.\n", p,
Damien Miller	3eb48b6	2005-03-01 21:15:46 +1100	[diff] [blame]	776	strerror(errno));
dtucker@openbsd.org	03239c1	2015-10-25 23:42:00 +0000	[diff] [blame]	777	else
				778	add_identity_file(&options, NULL, p, 1);
				779	free(p);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	780	break;
Ben Lindstrom	c5b6800	2001-07-04 04:52:03 +0000	[diff] [blame]	781	case 'I':
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	782	#ifdef ENABLE_PKCS11
dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	783	free(options.pkcs11_provider);
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	784	options.pkcs11_provider = xstrdup(optarg);
Ben Lindstrom	bcc1808	2001-08-06 21:59:25 +0000	[diff] [blame]	785	#else
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	786	fprintf(stderr, "no support for PKCS#11.\n");
Ben Lindstrom	bcc1808	2001-08-06 21:59:25 +0000	[diff] [blame]	787	#endif
Ben Lindstrom	c5b6800	2001-07-04 04:52:03 +0000	[diff] [blame]	788	break;
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	789	case 'J':
				790	if (options.jump_host != NULL)
				791	fatal("Only a single -J option permitted");
				792	if (options.proxy_command != NULL)
				793	fatal("Cannot specify -J with ProxyCommand");
				794	if (parse_jump(optarg, &options, 1) == -1)
				795	fatal("Invalid -J argument");
				796	options.proxy_command = xstrdup("none");
				797	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	798	case 't':
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	799	if (options.request_tty == REQUEST_TTY_YES)
				800	options.request_tty = REQUEST_TTY_FORCE;
				801	else
				802	options.request_tty = REQUEST_TTY_YES;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	803	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	804	case 'v':
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	805	if (debug_flag == 0) {
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	806	debug_flag = 1;
				807	options.log_level = SYSLOG_LEVEL_DEBUG1;
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	808	} else {
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	809	if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
				810	debug_flag++;
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	811	options.log_level++;
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	812	}
Darren Tucker	e98dfa3	2003-07-19 19:54:31 +1000	[diff] [blame]	813	}
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	814	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	815	case 'V':
Damien Miller	0c889cd	2004-03-22 09:36:00 +1100	[diff] [blame]	816	fprintf(stderr, "%s, %s\n",
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	817	SSH_RELEASE,
				818	#ifdef WITH_OPENSSL
				819	SSLeay_version(SSLEAY_VERSION)
				820	#else
				821	"without OpenSSL"
				822	#endif
				823	);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	824	if (opt == 'V')
				825	exit(0);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	826	break;
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	827	case 'w':
Damien Miller	7b58e80	2005-12-13 19:33:19 +1100	[diff] [blame]	828	if (options.tun_open == -1)
				829	options.tun_open = SSH_TUNMODE_DEFAULT;
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	830	options.tun_local = a2tun(optarg, &options.tun_remote);
Damien Miller	7b58e80	2005-12-13 19:33:19 +1100	[diff] [blame]	831	if (options.tun_local == SSH_TUNID_ERR) {
Darren Tucker	d6173c0	2008-06-13 04:52:53 +1000	[diff] [blame]	832	fprintf(stderr,
				833	"Bad tun device '%s'\n", optarg);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	834	exit(255);
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	835	}
				836	break;
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	837	case 'W':
dtucker@openbsd.org	8543ff3	2016-06-03 03:14:41 +0000	[diff] [blame]	838	if (options.stdio_forward_host != NULL)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	839	fatal("stdio forward already specified");
				840	if (muxclient_command != 0)
				841	fatal("Cannot specify stdio forward with -O");
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	842	if (parse_forward(&fwd, optarg, 1, 0)) {
dtucker@openbsd.org	8543ff3	2016-06-03 03:14:41 +0000	[diff] [blame]	843	options.stdio_forward_host = fwd.listen_host;
				844	options.stdio_forward_port = fwd.listen_port;
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	845	free(fwd.connect_host);
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	846	} else {
				847	fprintf(stderr,
				848	"Bad stdio forwarding specification '%s'\n",
				849	optarg);
				850	exit(255);
				851	}
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	852	options.request_tty = REQUEST_TTY_NO;
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	853	no_shell_flag = 1;
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	854	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	855	case 'q':
				856	options.log_level = SYSLOG_LEVEL_QUIET;
				857	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	858	case 'e':
				859	if (optarg[0] == '^' && optarg[2] == 0 &&
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	860	(u_char) optarg[1] >= 64 &&
				861	(u_char) optarg[1] < 128)
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	862	options.escape_char = (u_char) optarg[1] & 31;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	863	else if (strlen(optarg) == 1)
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	864	options.escape_char = (u_char) optarg[0];
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	865	else if (strcmp(optarg, "none") == 0)
Ben Lindstrom	2b1f71b	2001-06-05 20:32:21 +0000	[diff] [blame]	866	options.escape_char = SSH_ESCAPECHAR_NONE;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	867	else {
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	868	fprintf(stderr, "Bad escape character '%s'.\n",
				869	optarg);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	870	exit(255);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	871	}
				872	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	873	case 'c':
djm@openbsd.org	cdccebd	2017-04-30 23:15:04 +0000	[diff] [blame]	874	if (!ciphers_valid(*optarg == '+' ?
djm@openbsd.org	f9eca24	2015-07-30 00:01:34 +0000	[diff] [blame]	875	optarg + 1 : optarg)) {
djm@openbsd.org	f9eca24	2015-07-30 00:01:34 +0000	[diff] [blame]	876	fprintf(stderr, "Unknown cipher type '%s'\n",
				877	optarg);
				878	exit(255);
				879	}
djm@openbsd.org	cdccebd	2017-04-30 23:15:04 +0000	[diff] [blame]	880	free(options.ciphers);
				881	options.ciphers = xstrdup(optarg);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	882	break;
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	883	case 'm':
dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	884	if (mac_valid(optarg)) {
				885	free(options.macs);
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	886	options.macs = xstrdup(optarg);
dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	887	} else {
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	888	fprintf(stderr, "Unknown mac type '%s'\n",
				889	optarg);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	890	exit(255);
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	891	}
				892	break;
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	893	case 'M':
Damien Miller	d14b1e7	2005-06-16 13:19:41 +1000	[diff] [blame]	894	if (options.control_master == SSHCTL_MASTER_YES)
				895	options.control_master = SSHCTL_MASTER_ASK;
				896	else
				897	options.control_master = SSHCTL_MASTER_YES;
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	898	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	899	case 'p':
millert@openbsd.org	887669e	2017-10-21 23:06:24 +0000	[diff] [blame]	900	if (options.port == -1) {
				901	options.port = a2port(optarg);
				902	if (options.port <= 0) {
				903	fprintf(stderr, "Bad port '%s'\n",
				904	optarg);
				905	exit(255);
				906	}
Ben Lindstrom	146edb9	2001-04-11 23:06:28 +0000	[diff] [blame]	907	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	908	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	909	case 'l':
millert@openbsd.org	887669e	2017-10-21 23:06:24 +0000	[diff] [blame]	910	if (options.user == NULL)
				911	options.user = optarg;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	912	break;
Ben Lindstrom	1a17471	2001-09-12 17:56:15 +0000	[diff] [blame]	913
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	914	case 'L':
Damien Miller	4bf648f	2009-02-14 16:28:21 +1100	[diff] [blame]	915	if (parse_forward(&fwd, optarg, 0, 0))
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	916	add_local_forward(&options, &fwd);
				917	else {
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	918	fprintf(stderr,
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	919	"Bad local forwarding specification '%s'\n",
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	920	optarg);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	921	exit(255);
Ben Lindstrom	1a17471	2001-09-12 17:56:15 +0000	[diff] [blame]	922	}
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	923	break;
				924
				925	case 'R':
markus@openbsd.org	609d7a6	2017-09-21 19:16:53 +0000	[diff] [blame]	926	if (parse_forward(&fwd, optarg, 0, 1) \|\|
				927	parse_forward(&fwd, optarg, 1, 1)) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	928	add_remote_forward(&options, &fwd);
				929	} else {
				930	fprintf(stderr,
				931	"Bad remote forwarding specification "
				932	"'%s'\n", optarg);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	933	exit(255);
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	934	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	935	break;
Ben Lindstrom	3bb4f9d	2001-04-08 18:30:26 +0000	[diff] [blame]	936
				937	case 'D':
Damien Miller	4bf648f	2009-02-14 16:28:21 +1100	[diff] [blame]	938	if (parse_forward(&fwd, optarg, 1, 0)) {
Damien Miller	a699d95	2008-11-03 19:27:34 +1100	[diff] [blame]	939	add_local_forward(&options, &fwd);
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	940	} else {
Damien Miller	a699d95	2008-11-03 19:27:34 +1100	[diff] [blame]	941	fprintf(stderr,
				942	"Bad dynamic forwarding specification "
				943	"'%s'\n", optarg);
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	944	exit(255);
Ben Lindstrom	146edb9	2001-04-11 23:06:28 +0000	[diff] [blame]	945	}
Ben Lindstrom	3bb4f9d	2001-04-08 18:30:26 +0000	[diff] [blame]	946	break;
				947
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	948	case 'C':
				949	options.compression = 1;
				950	break;
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	951	case 'N':
				952	no_shell_flag = 1;
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	953	options.request_tty = REQUEST_TTY_NO;
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	954	break;
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	955	case 'T':
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	956	options.request_tty = REQUEST_TTY_NO;
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	957	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	958	case 'o':
Damien Miller	9836cf8	2003-12-17 16:30:06 +1100	[diff] [blame]	959	line = xstrdup(optarg);
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	960	if (process_config_line(&options, pw,
				961	host ? host : "", host ? host : "", line,
				962	"command-line", 0, NULL, SSHCONF_USERCONF) != 0)
Darren Tucker	e9a9b71	2005-12-20 16:15:51 +1100	[diff] [blame]	963	exit(255);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	964	free(line);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	965	break;
Damien Miller	832562e	2001-01-30 09:30:01 +1100	[diff] [blame]	966	case 's':
				967	subsystem_flag = 1;
				968	break;
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	969	case 'S':
mmcc@openbsd.org	d59ce08	2015-12-10 17:08:40 +0000	[diff] [blame]	970	free(options.control_path);
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	971	options.control_path = xstrdup(optarg);
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	972	break;
Ben Lindstrom	e0f8804	2001-04-30 13:06:24 +0000	[diff] [blame]	973	case 'b':
				974	options.bind_address = optarg;
				975	break;
djm@openbsd.org	ac2e302	2018-02-23 02:34:33 +0000	[diff] [blame]	976	case 'B':
				977	options.bind_interface = optarg;
				978	break;
Ben Lindstrom	14f31ab	2001-09-12 17:48:04 +0000	[diff] [blame]	979	case 'F':
				980	config = optarg;
				981	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	982	default:
				983	usage();
				984	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	985	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	986
djm@openbsd.org	643c2ad	2017-08-12 06:46:01 +0000	[diff] [blame]	987	if (optind > 1 && strcmp(av[optind - 1], "--") == 0)
				988	opt_terminated = 1;
				989
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	990	ac -= optind;
				991	av += optind;
				992
Darren Tucker	b8c884a	2010-01-08 18:53:43 +1100	[diff] [blame]	993	if (ac > 0 && !host) {
millert@openbsd.org	887669e	2017-10-21 23:06:24 +0000	[diff] [blame]	994	int tport;
				995	char *tuser;
				996	switch (parse_ssh_uri(*av, &tuser, &host, &tport)) {
				997	case -1:
				998	usage();
				999	break;
				1000	case 0:
				1001	if (options.user == NULL) {
				1002	options.user = tuser;
				1003	tuser = NULL;
				1004	}
				1005	free(tuser);
				1006	if (options.port == -1 && tport != -1)
				1007	options.port = tport;
				1008	break;
				1009	default:
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	1010	p = xstrdup(*av);
Ben Lindstrom	c276c12	2002-12-23 02:14:51 +0000	[diff] [blame]	1011	cp = strrchr(p, '@');
millert@openbsd.org	887669e	2017-10-21 23:06:24 +0000	[diff] [blame]	1012	if (cp != NULL) {
				1013	if (cp == p)
				1014	usage();
				1015	if (options.user == NULL) {
				1016	options.user = p;
				1017	p = NULL;
				1018	}
				1019	*cp++ = '\0';
				1020	host = xstrdup(cp);
				1021	free(p);
				1022	} else
				1023	host = p;
				1024	break;
				1025	}
djm@openbsd.org	643c2ad	2017-08-12 06:46:01 +0000	[diff] [blame]	1026	if (ac > 1 && !opt_terminated) {
Ben Lindstrom	b9fa691	2002-12-23 02:24:54 +0000	[diff] [blame]	1027	optind = optreset = 1;
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	1028	goto again;
				1029	}
Ben Lindstrom	b9fa691	2002-12-23 02:24:54 +0000	[diff] [blame]	1030	ac--, av++;
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	1031	}
				1032
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1033	/* Check that we got a host name. */
				1034	if (!host)
				1035	usage();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1036
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	1037	host_arg = xstrdup(host);
				1038
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1039	#ifdef WITH_OPENSSL
Damien Miller	4314c2b	2010-09-10 11:12:09 +1000	[diff] [blame]	1040	OpenSSL_add_all_algorithms();
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1041	ERR_load_crypto_strings();
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1042	#endif
Damien Miller	cb5e44a	2000-09-29 12:12:36 +1100	[diff] [blame]	1043
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1044	/* Initialize the command to execute on remote host. */
				1045	buffer_init(&command);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1046
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1047	/*
				1048	* Save the command to execute on the remote host in a buffer. There
				1049	* is no limit on the length of the command, except by the maximum
				1050	* packet size. Also sets the tty flag if there is no command.
				1051	*/
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	1052	if (!ac) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1053	/* No command specified - execute shell on a tty. */
Damien Miller	832562e	2001-01-30 09:30:01 +1100	[diff] [blame]	1054	if (subsystem_flag) {
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	1055	fprintf(stderr,
				1056	"You must specify a subsystem to invoke.\n");
Damien Miller	832562e	2001-01-30 09:30:01 +1100	[diff] [blame]	1057	usage();
				1058	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1059	} else {
Damien Miller	f461445	2001-07-14 12:18:10 +1000	[diff] [blame]	1060	/* A command has been specified. Store it into the buffer. */
				1061	for (i = 0; i < ac; i++) {
				1062	if (i)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1063	buffer_append(&command, " ", 1);
				1064	buffer_append(&command, av[i], strlen(av[i]));
				1065	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1066	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1067
Ben Lindstrom	8a432f5	2001-03-05 07:24:46 +0000	[diff] [blame]	1068	/*
				1069	* Initialize "log" output. Since we are the client all output
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1070	* goes to stderr unless otherwise specified by -y or -E.
Ben Lindstrom	8a432f5	2001-03-05 07:24:46 +0000	[diff] [blame]	1071	*/
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1072	if (use_syslog && logfile != NULL)
				1073	fatal("Can't specify both -y and -E");
dtucker@openbsd.org	4f7cc2f	2015-09-04 08:21:47 +0000	[diff] [blame]	1074	if (logfile != NULL)
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1075	log_redirect_stderr_to(logfile);
Darren Tucker	72efd74	2009-06-21 17:48:00 +1000	[diff] [blame]	1076	log_init(argv0,
djm@openbsd.org@openbsd.org	dbe0662	2017-10-27 01:57:06 +0000	[diff] [blame]	1077	options.log_level == SYSLOG_LEVEL_NOT_SET ?
dtucker@openbsd.org	68d3a2a	2017-04-28 03:20:27 +0000	[diff] [blame]	1078	SYSLOG_LEVEL_INFO : options.log_level,
djm@openbsd.org@openbsd.org	dbe0662	2017-10-27 01:57:06 +0000	[diff] [blame]	1079	options.log_facility == SYSLOG_FACILITY_NOT_SET ?
dtucker@openbsd.org	68d3a2a	2017-04-28 03:20:27 +0000	[diff] [blame]	1080	SYSLOG_FACILITY_USER : options.log_facility,
				1081	!use_syslog);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1082
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1083	if (debug_flag)
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1084	logit("%s, %s", SSH_RELEASE,
				1085	#ifdef WITH_OPENSSL
				1086	SSLeay_version(SSLEAY_VERSION)
				1087	#else
				1088	"without OpenSSL"
				1089	#endif
				1090	);
Damien Miller	03d4d7e	2013-04-23 15:21:06 +1000	[diff] [blame]	1091
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1092	/* Parse the configuration files */
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	1093	process_config_files(host_arg, pw, 0);
Ben Lindstrom	83f07d1	2001-10-03 17:22:29 +0000	[diff] [blame]	1094
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1095	/* Hostname canonicalisation needs a few options filled. */
				1096	fill_default_options_for_canonicalization(&options);
				1097
				1098	/* If the user has replaced the hostname then take it into use now */
				1099	if (options.hostname != NULL) {
				1100	/* NB. Please keep in sync with readconf.c:match_cfg_line() */
				1101	cp = percent_expand(options.hostname,
				1102	"h", host, (char *)NULL);
				1103	free(host);
				1104	host = cp;
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	1105	free(options.hostname);
				1106	options.hostname = xstrdup(host);
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1107	}
				1108
djm@openbsd.org	fc21ea9	2018-01-23 05:06:25 +0000	[diff] [blame]	1109	/* Don't lowercase addresses, they will be explicitly canonicalised */
				1110	if ((was_addr = is_addr(host)) == 0)
				1111	lowercase(host);
				1112
				1113	/*
				1114	* Try to canonicalize if requested by configuration or the
				1115	* hostname is an address.
				1116	*/
				1117	if (options.canonicalize_hostname != SSH_CANONICALISE_NO \|\| was_addr)
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1118	addrs = resolve_canonicalize(&host, options.port);
				1119
				1120	/*
Damien Miller	08b57c6	2014-02-27 10:17:13 +1100	[diff] [blame]	1121	* If CanonicalizePermittedCNAMEs have been specified but
				1122	* other canonicalization did not happen (by not being requested
				1123	* or by failing with fallback) then the hostname may still be changed
djm@openbsd.org@openbsd.org	dbe0662	2017-10-27 01:57:06 +0000	[diff] [blame]	1124	* as a result of CNAME following.
Damien Miller	08b57c6	2014-02-27 10:17:13 +1100	[diff] [blame]	1125	*
				1126	* Try to resolve the bare hostname name using the system resolver's
				1127	* usual search rules and then apply the CNAME follow rules.
				1128	*
				1129	* Skip the lookup if a ProxyCommand is being used unless the user
				1130	* has specifically requested canonicalisation for this case via
				1131	* CanonicalizeHostname=always
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1132	*/
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	1133	direct = option_clear_or_none(options.proxy_command) &&
				1134	options.jump_host == NULL;
				1135	if (addrs == NULL && options.num_permitted_cnames != 0 && (direct \|\|
				1136	options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
Damien Miller	19439e9	2014-07-02 15:28:40 +1000	[diff] [blame]	1137	if ((addrs = resolve_host(host, options.port,
				1138	option_clear_or_none(options.proxy_command),
				1139	cname, sizeof(cname))) == NULL) {
				1140	/* Don't fatal proxied host names not in the DNS */
				1141	if (option_clear_or_none(options.proxy_command))
				1142	cleanup_exit(255); /* logged in resolve_host */
				1143	} else
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	1144	check_follow_cname(direct, &host, cname);
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1145	}
				1146
				1147	/*
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	1148	* If canonicalisation is enabled then re-parse the configuration
				1149	* files as new stanzas may match.
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1150	*/
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	1151	if (options.canonicalize_hostname != 0) {
				1152	debug("Re-reading configuration after hostname "
				1153	"canonicalisation");
				1154	free(options.hostname);
				1155	options.hostname = xstrdup(host);
				1156	process_config_files(host_arg, pw, 1);
				1157	/*
				1158	* Address resolution happens early with canonicalisation
				1159	* enabled and the port number may have changed since, so
				1160	* reset it in address list
				1161	*/
				1162	if (addrs != NULL && options.port > 0)
				1163	set_addrinfo_port(addrs, options.port);
Ben Lindstrom	14f31ab	2001-09-12 17:48:04 +0000	[diff] [blame]	1164	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1165
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1166	/* Fill configuration defaults. */
				1167	fill_default_options(&options);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1168
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	1169	/*
				1170	* If ProxyJump option specified, then construct a ProxyCommand now.
				1171	*/
				1172	if (options.jump_host != NULL) {
				1173	char port_s[8];
				1174
				1175	/* Consistency check */
				1176	if (options.proxy_command != NULL)
				1177	fatal("inconsistent options: ProxyCommand+ProxyJump");
				1178	/* Never use FD passing for ProxyJump */
				1179	options.proxy_use_fdpass = 0;
				1180	snprintf(port_s, sizeof(port_s), "%d", options.jump_port);
				1181	xasprintf(&options.proxy_command,
djm@openbsd.org	8fb1531	2017-03-08 12:07:47 +0000	[diff] [blame]	1182	"ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s",
djm@openbsd.org	ed877ef	2016-07-15 00:24:30 +0000	[diff] [blame]	1183	/* Optional "-l user" argument if jump_user set */
				1184	options.jump_user == NULL ? "" : " -l ",
				1185	options.jump_user == NULL ? "" : options.jump_user,
				1186	/* Optional "-p port" argument if jump_port set */
				1187	options.jump_port <= 0 ? "" : " -p ",
				1188	options.jump_port <= 0 ? "" : port_s,
				1189	/* Optional additional jump hosts ",..." */
				1190	options.jump_extra == NULL ? "" : " -J ",
				1191	options.jump_extra == NULL ? "" : options.jump_extra,
				1192	/* Optional "-F" argumment if -F specified */
				1193	config == NULL ? "" : " -F ",
				1194	config == NULL ? "" : config,
				1195	/* Optional "-v" arguments if -v set */
				1196	debug_flag ? " -" : "",
				1197	debug_flag, "vvv",
				1198	/* Mandatory hostname */
				1199	options.jump_host);
				1200	debug("Setting implicit ProxyCommand from ProxyJump: %s",
				1201	options.proxy_command);
				1202	}
				1203
Damien Miller	13f97b2	2014-02-24 15:57:55 +1100	[diff] [blame]	1204	if (options.port == 0)
				1205	options.port = default_ssh_port();
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1206	channel_set_af(ssh, options.address_family);
Darren Tucker	0a4f04b	2003-07-03 20:37:47 +1000	[diff] [blame]	1207
Damien Miller	e9fc72e	2013-10-15 12:14:12 +1100	[diff] [blame]	1208	/* Tidy and check options */
				1209	if (options.host_key_alias != NULL)
				1210	lowercase(options.host_key_alias);
				1211	if (options.proxy_command != NULL &&
				1212	strcmp(options.proxy_command, "-") == 0 &&
				1213	options.proxy_use_fdpass)
				1214	fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
djm@openbsd.org	44732de	2015-02-20 22:17:21 +0000	[diff] [blame]	1215	if (options.control_persist &&
				1216	options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
				1217	debug("UpdateHostKeys=ask is incompatible with ControlPersist; "
				1218	"disabling");
				1219	options.update_hostkeys = 0;
				1220	}
djm@openbsd.org	88b6fcd	2015-11-19 08:23:27 +0000	[diff] [blame]	1221	if (options.connection_attempts <= 0)
				1222	fatal("Invalid number of ConnectionAttempts");
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	1223	#ifndef HAVE_CYGWIN
				1224	if (original_effective_uid != 0)
				1225	options.use_privileged_port = 0;
				1226	#endif
Damien Miller	e9fc72e	2013-10-15 12:14:12 +1100	[diff] [blame]	1227
bluhm@openbsd.org	1112b53	2017-05-30 18:58:37 +0000	[diff] [blame]	1228	if (buffer_len(&command) != 0 && options.remote_command != NULL)
				1229	fatal("Cannot execute command-line and remote command.");
				1230
				1231	/* Cannot fork to background if no command. */
				1232	if (fork_after_authentication_flag && buffer_len(&command) == 0 &&
				1233	options.remote_command == NULL && !no_shell_flag)
				1234	fatal("Cannot fork into background without a command "
				1235	"to execute.");
				1236
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1237	/* reinit */
dtucker@openbsd.org	68d3a2a	2017-04-28 03:20:27 +0000	[diff] [blame]	1238	log_init(argv0, options.log_level, options.log_facility, !use_syslog);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1239
Damien Miller	fff9f09	2012-07-06 13:45:01 +1000	[diff] [blame]	1240	if (options.request_tty == REQUEST_TTY_YES \|\|
				1241	options.request_tty == REQUEST_TTY_FORCE)
				1242	tty_flag = 1;
				1243
				1244	/* Allocate a tty by default if no command specified. */
bluhm@openbsd.org	1112b53	2017-05-30 18:58:37 +0000	[diff] [blame]	1245	if (buffer_len(&command) == 0 && options.remote_command == NULL)
Damien Miller	fff9f09	2012-07-06 13:45:01 +1000	[diff] [blame]	1246	tty_flag = options.request_tty != REQUEST_TTY_NO;
				1247
				1248	/* Force no tty */
markus@openbsd.org	8d05784	2016-09-30 09:19:13 +0000	[diff] [blame]	1249	if (options.request_tty == REQUEST_TTY_NO \|\|
				1250	(muxclient_command && muxclient_command != SSHMUX_COMMAND_PROXY))
Damien Miller	fff9f09	2012-07-06 13:45:01 +1000	[diff] [blame]	1251	tty_flag = 0;
				1252	/* Do not allocate a tty if stdin is not a tty. */
				1253	if ((!isatty(fileno(stdin)) \|\| stdin_null_flag) &&
				1254	options.request_tty != REQUEST_TTY_FORCE) {
				1255	if (tty_flag)
				1256	logit("Pseudo-terminal will not be allocated because "
				1257	"stdin is not a terminal.");
				1258	tty_flag = 0;
				1259	}
				1260
Damien Miller	60bc517	2001-03-19 09:38:15 +1100	[diff] [blame]	1261	seed_rng();
				1262
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1263	if (options.user == NULL)
				1264	options.user = xstrdup(pw->pw_name);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1265
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1266	/* Set up strings used to percent_expand() arguments */
Damien Miller	dfc85fa	2011-05-15 08:44:02 +1000	[diff] [blame]	1267	if (gethostname(thishost, sizeof(thishost)) == -1)
				1268	fatal("gethostname: %s", strerror(errno));
				1269	strlcpy(shorthost, thishost, sizeof(shorthost));
				1270	shorthost[strcspn(thishost, ".")] = '\0';
				1271	snprintf(portstr, sizeof(portstr), "%d", options.port);
djm@openbsd.org	674b3b6	2015-09-11 03:47:28 +0000	[diff] [blame]	1272	snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid);
Darren Tucker	f6b01b7	2008-06-13 04:56:37 +1000	[diff] [blame]	1273
Damien Miller	9c38643	2014-07-03 21:27:46 +1000	[diff] [blame]	1274	if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL \|\|
				1275	ssh_digest_update(md, thishost, strlen(thishost)) < 0 \|\|
				1276	ssh_digest_update(md, host, strlen(host)) < 0 \|\|
				1277	ssh_digest_update(md, portstr, strlen(portstr)) < 0 \|\|
				1278	ssh_digest_update(md, options.user, strlen(options.user)) < 0 \|\|
				1279	ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
				1280	fatal("%s: mux digest failed", __func__);
				1281	ssh_digest_free(md);
				1282	conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
				1283
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1284	/*
				1285	* Expand tokens in arguments. NB. LocalCommand is expanded later,
				1286	* after port-forwarding is set up, so it may pick up any local
				1287	* tunnel interface name allocated.
				1288	*/
bluhm@openbsd.org	1112b53	2017-05-30 18:58:37 +0000	[diff] [blame]	1289	if (options.remote_command != NULL) {
				1290	debug3("expanding RemoteCommand: %s", options.remote_command);
				1291	cp = options.remote_command;
				1292	options.remote_command = percent_expand(cp,
				1293	"C", conn_hash_hex,
				1294	"L", shorthost,
				1295	"d", pw->pw_dir,
				1296	"h", host,
				1297	"l", thishost,
				1298	"n", host_arg,
				1299	"p", portstr,
				1300	"r", options.user,
				1301	"u", pw->pw_name,
				1302	(char *)NULL);
				1303	debug3("expanded RemoteCommand: %s", options.remote_command);
				1304	free(cp);
				1305	buffer_append(&command, options.remote_command,
				1306	strlen(options.remote_command));
bluhm@openbsd.org	1112b53	2017-05-30 18:58:37 +0000	[diff] [blame]	1307	}
				1308
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	1309	if (options.control_path != NULL) {
Damien Miller	6476cad	2005-06-16 13:18:34 +1000	[diff] [blame]	1310	cp = tilde_expand_filename(options.control_path,
				1311	original_real_uid);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1312	free(options.control_path);
Damien Miller	9c38643	2014-07-03 21:27:46 +1000	[diff] [blame]	1313	options.control_path = percent_expand(cp,
				1314	"C", conn_hash_hex,
				1315	"L", shorthost,
				1316	"h", host,
				1317	"l", thishost,
				1318	"n", host_arg,
				1319	"p", portstr,
				1320	"r", options.user,
				1321	"u", pw->pw_name,
djm@openbsd.org	674b3b6	2015-09-11 03:47:28 +0000	[diff] [blame]	1322	"i", uidstr,
Damien Miller	dfc85fa	2011-05-15 08:44:02 +1000	[diff] [blame]	1323	(char *)NULL);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1324	free(cp);
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	1325	}
Damien Miller	9c38643	2014-07-03 21:27:46 +1000	[diff] [blame]	1326	free(conn_hash_hex);
				1327
djm@openbsd.org	957fbce	2014-10-08 22:20:25 +0000	[diff] [blame]	1328	if (config_test) {
				1329	dump_client_config(&options, host);
				1330	exit(0);
				1331	}
				1332
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1333	if (muxclient_command != 0 && options.control_path == NULL)
Darren Tucker	0814d31	2005-06-01 23:08:51 +1000	[diff] [blame]	1334	fatal("No ControlPath specified for \"-O\" command");
markus@openbsd.org	8d05784	2016-09-30 09:19:13 +0000	[diff] [blame]	1335	if (options.control_path != NULL) {
				1336	int sock;
				1337	if ((sock = muxclient(options.control_path)) >= 0) {
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1338	ssh_packet_set_connection(ssh, sock, sock);
markus@openbsd.org	8d05784	2016-09-30 09:19:13 +0000	[diff] [blame]	1339	packet_set_mux();
				1340	goto skip_connect;
				1341	}
				1342	}
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	1343
Damien Miller	08b57c6	2014-02-27 10:17:13 +1100	[diff] [blame]	1344	/*
				1345	* If hostname canonicalisation was not enabled, then we may not
				1346	* have yet resolved the hostname. Do so now.
				1347	*/
				1348	if (addrs == NULL && options.proxy_command == NULL) {
djm@openbsd.org	a85768a	2015-09-04 04:56:09 +0000	[diff] [blame]	1349	debug2("resolving \"%s\" port %d", host, options.port);
Damien Miller	08b57c6	2014-02-27 10:17:13 +1100	[diff] [blame]	1350	if ((addrs = resolve_host(host, options.port, 1,
				1351	cname, sizeof(cname))) == NULL)
				1352	cleanup_exit(255); /* resolve_host logs the error */
				1353	}
				1354
Damien Miller	67bd062	2007-09-17 12:06:57 +1000	[diff] [blame]	1355	timeout_ms = options.connection_timeout * 1000;
				1356
Kevin Steves	fcec7f8	2000-12-15 19:55:48 +0000	[diff] [blame]	1357	/* Open a connection to the remote host. */
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1358	if (ssh_connect(ssh, host, addrs, &hostaddr, options.port,
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	1359	options.address_family, options.connection_attempts,
				1360	&timeout_ms, options.tcp_keep_alive,
				1361	options.use_privileged_port) != 0)
				1362	exit(255);
				1363
Damien Miller	28631ce	2013-10-26 10:07:56 +1100	[diff] [blame]	1364	if (addrs != NULL)
				1365	freeaddrinfo(addrs);
				1366
Damien Miller	0faf747	2013-10-17 11:47:23 +1100	[diff] [blame]	1367	packet_set_timeout(options.server_alive_interval,
				1368	options.server_alive_count_max);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1369
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	1370	ssh = active_state; /* XXX */
				1371
Damien Miller	67bd062	2007-09-17 12:06:57 +1000	[diff] [blame]	1372	if (timeout_ms > 0)
				1373	debug3("timeout: %d ms remain after connect", timeout_ms);
				1374
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1375	/*
				1376	* If we successfully made the connection, load the host private key
				1377	* in case we will need it later for combined rsa-rhosts
				1378	* authentication. This must be done before releasing extra
				1379	* privileges, because the file is only readable by root.
Ben Lindstrom	9e5bb57	2002-06-06 19:58:27 +0000	[diff] [blame]	1380	* If we cannot access the private keys, load the public keys
				1381	* instead and try to execute the ssh-keysign helper instead.
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1382	*/
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1383	sensitive_data.nkeys = 0;
				1384	sensitive_data.keys = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1385	sensitive_data.external_keysign = 0;
djm@openbsd.org	873d3e7	2017-04-30 23:18:44 +0000	[diff] [blame]	1386	if (options.hostbased_authentication) {
markus@openbsd.org	1b11ea7	2018-02-23 15:58:37 +0000	[diff] [blame]	1387	sensitive_data.nkeys = 11;
Damien Miller	ddd63ab	2006-03-31 23:10:51 +1100	[diff] [blame]	1388	sensitive_data.keys = xcalloc(sensitive_data.nkeys,
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	1389	sizeof(struct sshkey)); /* XXX */
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1390	for (i = 0; i < sensitive_data.nkeys; i++)
				1391	sensitive_data.keys[i] = NULL;
Ben Lindstrom	f9c4884	2002-06-11 16:37:51 +0000	[diff] [blame]	1392
				1393	PRIV_START;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1394	#ifdef OPENSSL_HAS_ECC
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1395	sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1396	_PATH_HOST_ECDSA_KEY_FILE, "", NULL);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1397	#endif
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1398	sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
				1399	_PATH_HOST_ED25519_KEY_FILE, "", NULL);
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1400	sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
Damien Miller	c158331	2010-08-05 13:04:50 +1000	[diff] [blame]	1401	_PATH_HOST_RSA_KEY_FILE, "", NULL);
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1402	sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
				1403	_PATH_HOST_DSA_KEY_FILE, "", NULL);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1404	#ifdef OPENSSL_HAS_ECC
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1405	sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1406	_PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1407	#endif
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1408	sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
				1409	_PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
Damien Miller	0fa47cf	2013-12-29 17:53:39 +1100	[diff] [blame]	1410	sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
Darren Tucker	232b76f	2006-05-06 17:41:51 +1000	[diff] [blame]	1411	_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1412	sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
				1413	_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
markus@openbsd.org	1b11ea7	2018-02-23 15:58:37 +0000	[diff] [blame]	1414	sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS,
				1415	_PATH_HOST_XMSS_KEY_FILE, "", NULL);
				1416	sensitive_data.keys[10] = key_load_private_type(KEY_XMSS,
				1417	_PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL);
Ben Lindstrom	f9c4884	2002-06-11 16:37:51 +0000	[diff] [blame]	1418	PRIV_END;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1419
Ben Lindstrom	5d35a2f	2002-07-04 00:19:40 +0000	[diff] [blame]	1420	if (options.hostbased_authentication == 1 &&
				1421	sensitive_data.keys[0] == NULL &&
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1422	sensitive_data.keys[5] == NULL &&
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	1423	sensitive_data.keys[6] == NULL &&
Damien Miller	0fa47cf	2013-12-29 17:53:39 +1100	[diff] [blame]	1424	sensitive_data.keys[7] == NULL &&
markus@openbsd.org	1b11ea7	2018-02-23 15:58:37 +0000	[diff] [blame]	1425	sensitive_data.keys[8] == NULL &&
				1426	sensitive_data.keys[9] == NULL) {
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1427	#ifdef OPENSSL_HAS_ECC
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1428	sensitive_data.keys[1] = key_load_cert(
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1429	_PATH_HOST_ECDSA_KEY_FILE);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1430	#endif
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1431	sensitive_data.keys[2] = key_load_cert(
				1432	_PATH_HOST_ED25519_KEY_FILE);
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1433	sensitive_data.keys[3] = key_load_cert(
Damien Miller	c158331	2010-08-05 13:04:50 +1000	[diff] [blame]	1434	_PATH_HOST_RSA_KEY_FILE);
Damien Miller	0fa47cf	2013-12-29 17:53:39 +1100	[diff] [blame]	1435	sensitive_data.keys[4] = key_load_cert(
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1436	_PATH_HOST_DSA_KEY_FILE);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1437	#ifdef OPENSSL_HAS_ECC
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1438	sensitive_data.keys[5] = key_load_public(
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1439	_PATH_HOST_ECDSA_KEY_FILE, NULL);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1440	#endif
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1441	sensitive_data.keys[6] = key_load_public(
				1442	_PATH_HOST_ED25519_KEY_FILE, NULL);
Damien Miller	5be9d9e	2013-12-07 11:24:01 +1100	[diff] [blame]	1443	sensitive_data.keys[7] = key_load_public(
Damien Miller	0fa47cf	2013-12-29 17:53:39 +1100	[diff] [blame]	1444	_PATH_HOST_RSA_KEY_FILE, NULL);
				1445	sensitive_data.keys[8] = key_load_public(
djm@openbsd.org	ab24ab8	2015-01-08 10:15:45 +0000	[diff] [blame]	1446	_PATH_HOST_DSA_KEY_FILE, NULL);
markus@openbsd.org	1b11ea7	2018-02-23 15:58:37 +0000	[diff] [blame]	1447	sensitive_data.keys[9] = key_load_cert(
				1448	_PATH_HOST_XMSS_KEY_FILE);
				1449	sensitive_data.keys[10] = key_load_public(
				1450	_PATH_HOST_XMSS_KEY_FILE, NULL);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1451	sensitive_data.external_keysign = 1;
				1452	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1453	}
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1454	/*
				1455	* Get rid of any extra privileges that we may have. We will no
				1456	* longer need them. Also, extra privileges could make it very hard
				1457	* to read identity files and other non-world-readable files from the
				1458	* user's home directory if it happens to be on a NFS volume where
				1459	* root is mapped to nobody.
				1460	*/
Darren Tucker	25f60a7	2004-08-15 17:23:34 +1000	[diff] [blame]	1461	if (original_effective_uid == 0) {
				1462	PRIV_START;
				1463	permanently_set_uid(pw);
				1464	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1465
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1466	/*
				1467	* Now that we are back to our own permissions, create ~/.ssh
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	1468	* directory if it doesn't already exist.
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1469	*/
Darren Tucker	45c66d7	2011-11-04 10:50:40 +1100	[diff] [blame]	1470	if (config == NULL) {
				1471	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
				1472	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
				1473	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	1474	#ifdef WITH_SELINUX
Darren Tucker	45c66d7	2011-11-04 10:50:40 +1100	[diff] [blame]	1475	ssh_selinux_setfscreatecon(buf);
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	1476	#endif
Darren Tucker	45c66d7	2011-11-04 10:50:40 +1100	[diff] [blame]	1477	if (mkdir(buf, 0700) < 0)
				1478	error("Could not create directory '%.200s'.",
				1479	buf);
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	1480	#ifdef WITH_SELINUX
Darren Tucker	45c66d7	2011-11-04 10:50:40 +1100	[diff] [blame]	1481	ssh_selinux_setfscreatecon(NULL);
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	1482	#endif
Darren Tucker	45c66d7	2011-11-04 10:50:40 +1100	[diff] [blame]	1483	}
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	1484	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1485	/* load options.identity_files */
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1486	load_public_identity_files(pw);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1487
markus@openbsd.org	b02ad1c	2016-05-04 12:21:53 +0000	[diff] [blame]	1488	/* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */
markus@openbsd.org	1a75d14	2016-05-04 14:29:58 +0000	[diff] [blame]	1489	if (options.identity_agent &&
				1490	strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) {
markus@openbsd.org	b02ad1c	2016-05-04 12:21:53 +0000	[diff] [blame]	1491	if (strcmp(options.identity_agent, "none") == 0) {
				1492	unsetenv(SSH_AUTHSOCKET_ENV_NAME);
				1493	} else {
				1494	p = tilde_expand_filename(options.identity_agent,
				1495	original_real_uid);
				1496	cp = percent_expand(p, "d", pw->pw_dir,
				1497	"u", pw->pw_name, "l", thishost, "h", host,
				1498	"r", options.user, (char *)NULL);
				1499	setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
				1500	free(cp);
				1501	free(p);
				1502	}
				1503	}
				1504
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1505	/* Expand ~ in known host file names. */
Damien Miller	295ee63	2011-05-29 21:42:31 +1000	[diff] [blame]	1506	tilde_expand_paths(options.system_hostfiles,
				1507	options.num_system_hostfiles);
				1508	tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1509
Damien Miller	07cd589	2001-11-12 10:52:03 +1100	[diff] [blame]	1510	signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
Damien Miller	857b02e	2010-09-24 22:02:56 +1000	[diff] [blame]	1511	signal(SIGCHLD, main_sigchld_handler);
Damien Miller	07cd589	2001-11-12 10:52:03 +1100	[diff] [blame]	1512
Darren Tucker	d6173c0	2008-06-13 04:52:53 +1000	[diff] [blame]	1513	/* Log into the remote system. Never returns if the login fails. */
Damien Miller	67bd062	2007-09-17 12:06:57 +1000	[diff] [blame]	1514	ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	1515	options.port, pw, timeout_ms);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1516
Damien Miller	383ffe6	2010-06-26 10:02:03 +1000	[diff] [blame]	1517	if (packet_connection_is_on_socket()) {
				1518	verbose("Authenticated to %s ([%s]:%d).", host,
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	1519	ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
Damien Miller	383ffe6	2010-06-26 10:02:03 +1000	[diff] [blame]	1520	} else {
				1521	verbose("Authenticated to %s (via proxy).", host);
				1522	}
				1523
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1524	/* We no longer need the private host keys. Clear them now. */
				1525	if (sensitive_data.nkeys != 0) {
				1526	for (i = 0; i < sensitive_data.nkeys; i++) {
				1527	if (sensitive_data.keys[i] != NULL) {
				1528	/* Destroys contents safely */
				1529	debug3("clear hostkey %d", i);
				1530	key_free(sensitive_data.keys[i]);
				1531	sensitive_data.keys[i] = NULL;
				1532	}
				1533	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1534	free(sensitive_data.keys);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1535	}
Ben Lindstrom	a6c8a8d	2001-08-06 21:42:00 +0000	[diff] [blame]	1536	for (i = 0; i < options.num_identity_files; i++) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1537	free(options.identity_files[i]);
				1538	options.identity_files[i] = NULL;
Ben Lindstrom	a6c8a8d	2001-08-06 21:42:00 +0000	[diff] [blame]	1539	if (options.identity_keys[i]) {
				1540	key_free(options.identity_keys[i]);
				1541	options.identity_keys[i] = NULL;
				1542	}
				1543	}
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1544	for (i = 0; i < options.num_certificate_files; i++) {
				1545	free(options.certificate_files[i]);
				1546	options.certificate_files[i] = NULL;
				1547	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1548
markus@openbsd.org	8d05784	2016-09-30 09:19:13 +0000	[diff] [blame]	1549	skip_connect:
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1550	exit_status = ssh_session2(ssh, pw);
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1551	packet_close();
Damien Miller	8c4e18a	2002-09-19 12:05:02 +1000	[diff] [blame]	1552
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1553	if (options.control_path != NULL && muxserver_sock != -1)
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	1554	unlink(options.control_path);
				1555
Damien Miller	a41ccca	2010-10-07 22:07:32 +1100	[diff] [blame]	1556	/* Kill ProxyCommand if it is running. */
				1557	ssh_kill_proxy_command();
Damien Miller	8c4e18a	2002-09-19 12:05:02 +1000	[diff] [blame]	1558
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1559	return exit_status;
				1560	}
				1561
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1562	static void
				1563	control_persist_detach(void)
				1564	{
				1565	pid_t pid;
djm@openbsd.org	d2d6bf8	2016-04-29 08:07:53 +0000	[diff] [blame]	1566	int devnull, keep_stderr;
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1567
				1568	debug("%s: backgrounding master process", __func__);
				1569
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1570	/*
				1571	* master (current process) into the background, and make the
				1572	* foreground process a client of the backgrounded master.
				1573	*/
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1574	switch ((pid = fork())) {
				1575	case -1:
				1576	fatal("%s: fork: %s", __func__, strerror(errno));
				1577	case 0:
				1578	/* Child: master process continues mainloop */
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1579	break;
				1580	default:
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1581	/* Parent: set up mux slave to connect to backgrounded master */
				1582	debug2("%s: background process is %ld", __func__, (long)pid);
				1583	stdin_null_flag = ostdin_null_flag;
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	1584	options.request_tty = orequest_tty;
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1585	tty_flag = otty_flag;
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1586	close(muxserver_sock);
				1587	muxserver_sock = -1;
Damien Miller	5929c52	2010-09-10 11:17:02 +1000	[diff] [blame]	1588	options.control_master = SSHCTL_MASTER_NO;
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1589	muxclient(options.control_path);
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1590	/* muxclient() doesn't return on success. */
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1591	fatal("Failed to connect to new control master");
				1592	}
Damien Miller	00d9ae2	2010-08-17 01:59:31 +1000	[diff] [blame]	1593	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
				1594	error("%s: open(\"/dev/null\"): %s", __func__,
				1595	strerror(errno));
				1596	} else {
djm@openbsd.org	d2d6bf8	2016-04-29 08:07:53 +0000	[diff] [blame]	1597	keep_stderr = log_is_on_stderr() && debug_flag;
Damien Miller	00d9ae2	2010-08-17 01:59:31 +1000	[diff] [blame]	1598	if (dup2(devnull, STDIN_FILENO) == -1 \|\|
djm@openbsd.org	d2d6bf8	2016-04-29 08:07:53 +0000	[diff] [blame]	1599	dup2(devnull, STDOUT_FILENO) == -1 \|\|
				1600	(!keep_stderr && dup2(devnull, STDERR_FILENO) == -1))
Damien Miller	00d9ae2	2010-08-17 01:59:31 +1000	[diff] [blame]	1601	error("%s: dup2: %s", __func__, strerror(errno));
				1602	if (devnull > STDERR_FILENO)
				1603	close(devnull);
				1604	}
Damien Miller	98e27dc	2013-07-25 11:55:52 +1000	[diff] [blame]	1605	daemon(1, 1);
Damien Miller	ea2c1a4	2011-06-03 12:10:22 +1000	[diff] [blame]	1606	setproctitle("%s [mux]", options.control_path);
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1607	}
				1608
				1609	/* Do fork() after authentication. Used by "ssh -f" */
				1610	static void
				1611	fork_postauth(void)
				1612	{
				1613	if (need_controlpersist_detach)
				1614	control_persist_detach();
				1615	debug("forking to background");
				1616	fork_after_authentication_flag = 0;
				1617	if (daemon(1, 1) < 0)
				1618	fatal("daemon() failed: %.200s", strerror(errno));
				1619	}
				1620
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1621	/* Callback for remote forward global requests */
				1622	static void
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1623	ssh_confirm_remote_forward(struct ssh ssh, int type, u_int32_t seq, void ctxt)
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1624	{
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1625	struct Forward rfwd = (struct Forward )ctxt;
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1626
Damien Miller	4bf648f	2009-02-14 16:28:21 +1100	[diff] [blame]	1627	/* XXX verbose() on failure? */
Damien Miller	4b3ed64	2014-07-02 15:29:40 +1000	[diff] [blame]	1628	debug("remote forward %s for: listen %s%s%d, connect %s:%d",
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1629	type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1630	rfwd->listen_path ? rfwd->listen_path :
				1631	rfwd->listen_host ? rfwd->listen_host : "",
				1632	(rfwd->listen_path \|\| rfwd->listen_host) ? ":" : "",
				1633	rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path :
				1634	rfwd->connect_host, rfwd->connect_port);
				1635	if (rfwd->listen_path == NULL && rfwd->listen_port == 0) {
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	1636	if (type == SSH2_MSG_REQUEST_SUCCESS) {
				1637	rfwd->allocated_port = packet_get_int();
				1638	logit("Allocated port %u for remote forward to %s:%d",
				1639	rfwd->allocated_port,
				1640	rfwd->connect_host, rfwd->connect_port);
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1641	channel_update_permitted_opens(ssh,
				1642	rfwd->handle, rfwd->allocated_port);
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	1643	} else {
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1644	channel_update_permitted_opens(ssh, rfwd->handle, -1);
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	1645	}
Damien Miller	4bf648f	2009-02-14 16:28:21 +1100	[diff] [blame]	1646	}
djm@openbsd.org@openbsd.org	dbe0662	2017-10-27 01:57:06 +0000	[diff] [blame]	1647
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1648	if (type == SSH2_MSG_REQUEST_FAILURE) {
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1649	if (options.exit_on_forward_failure) {
				1650	if (rfwd->listen_path != NULL)
				1651	fatal("Error: remote port forwarding failed "
				1652	"for listen path %s", rfwd->listen_path);
				1653	else
				1654	fatal("Error: remote port forwarding failed "
				1655	"for listen port %d", rfwd->listen_port);
				1656	} else {
				1657	if (rfwd->listen_path != NULL)
				1658	logit("Warning: remote port forwarding failed "
				1659	"for listen path %s", rfwd->listen_path);
				1660	else
				1661	logit("Warning: remote port forwarding failed "
				1662	"for listen port %d", rfwd->listen_port);
				1663	}
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1664	}
Darren Tucker	9a2a609	2008-07-04 12:53:50 +1000	[diff] [blame]	1665	if (++remote_forward_confirms_received == options.num_remote_forwards) {
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1666	debug("All remote forwarding requests processed");
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1667	if (fork_after_authentication_flag)
				1668	fork_postauth();
Darren Tucker	9a2a609	2008-07-04 12:53:50 +1000	[diff] [blame]	1669	}
Darren Tucker	9f407c4	2008-06-13 04:50:27 +1000	[diff] [blame]	1670	}
				1671
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1672	static void
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1673	client_cleanup_stdio_fwd(struct ssh ssh, int id, void arg)
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	1674	{
				1675	debug("stdio forwarding: done");
				1676	cleanup_exit(0);
				1677	}
				1678
Darren Tucker	2d6665d	2011-11-04 10:54:22 +1100	[diff] [blame]	1679	static void
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1680	ssh_stdio_confirm(struct ssh ssh, int id, int success, void arg)
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	1681	{
				1682	if (!success)
				1683	fatal("stdio forwarding failed");
				1684	}
				1685
				1686	static void
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1687	ssh_init_stdio_forwarding(struct ssh *ssh)
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	1688	{
				1689	Channel *c;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1690	int in, out;
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	1691
dtucker@openbsd.org	8543ff3	2016-06-03 03:14:41 +0000	[diff] [blame]	1692	if (options.stdio_forward_host == NULL)
Darren Tucker	2d6665d	2011-11-04 10:54:22 +1100	[diff] [blame]	1693	return;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1694
dtucker@openbsd.org	8543ff3	2016-06-03 03:14:41 +0000	[diff] [blame]	1695	debug3("%s: %s:%d", __func__, options.stdio_forward_host,
				1696	options.stdio_forward_port);
Darren Tucker	2d6665d	2011-11-04 10:54:22 +1100	[diff] [blame]	1697
				1698	if ((in = dup(STDIN_FILENO)) < 0 \|\|
				1699	(out = dup(STDOUT_FILENO)) < 0)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1700	fatal("channel_connect_stdio_fwd: dup() in/out failed");
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1701	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
dtucker@openbsd.org	8543ff3	2016-06-03 03:14:41 +0000	[diff] [blame]	1702	options.stdio_forward_port, in, out)) == NULL)
Darren Tucker	2d6665d	2011-11-04 10:54:22 +1100	[diff] [blame]	1703	fatal("%s: channel_connect_stdio_fwd failed", __func__);
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1704	channel_register_cleanup(ssh, c->self, client_cleanup_stdio_fwd, 0);
				1705	channel_register_open_confirm(ssh, c->self, ssh_stdio_confirm, NULL);
Darren Tucker	7ad8dd2	2010-01-12 19:40:27 +1100	[diff] [blame]	1706	}
				1707
				1708	static void
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1709	ssh_init_forwarding(struct ssh ssh, char *ifname)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1710	{
Kevin Steves	1205750	2001-02-05 14:54:34 +0000	[diff] [blame]	1711	int success = 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1712	int i;
Kevin Steves	1205750	2001-02-05 14:54:34 +0000	[diff] [blame]	1713
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1714	/* Initiate local TCP/IP port forwardings. */
				1715	for (i = 0; i < options.num_local_forwards; i++) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	1716	debug("Local connections to %.200s:%d forwarded to remote "
				1717	"address %.200s:%d",
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1718	(options.local_forwards[i].listen_path != NULL) ?
				1719	options.local_forwards[i].listen_path :
Darren Tucker	47eede7	2005-03-14 23:08:12 +1100	[diff] [blame]	1720	(options.local_forwards[i].listen_host == NULL) ?
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1721	(options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	1722	options.local_forwards[i].listen_host,
				1723	options.local_forwards[i].listen_port,
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1724	(options.local_forwards[i].connect_path != NULL) ?
				1725	options.local_forwards[i].connect_path :
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	1726	options.local_forwards[i].connect_host,
				1727	options.local_forwards[i].connect_port);
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1728	success += channel_setup_local_fwd_listener(ssh,
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1729	&options.local_forwards[i], &options.fwd_opts);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1730	}
Darren Tucker	e7d4b19	2006-07-12 22:17:10 +1000	[diff] [blame]	1731	if (i > 0 && success != i && options.exit_on_forward_failure)
				1732	fatal("Could not request local forwarding.");
Kevin Steves	1205750	2001-02-05 14:54:34 +0000	[diff] [blame]	1733	if (i > 0 && success == 0)
				1734	error("Could not request local forwarding.");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1735
				1736	/* Initiate remote TCP/IP port forwardings. */
				1737	for (i = 0; i < options.num_remote_forwards; i++) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	1738	debug("Remote connections from %.200s:%d forwarded to "
				1739	"local address %.200s:%d",
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1740	(options.remote_forwards[i].listen_path != NULL) ?
				1741	options.remote_forwards[i].listen_path :
Damien Miller	46d38de	2005-07-17 17:02:09 +1000	[diff] [blame]	1742	(options.remote_forwards[i].listen_host == NULL) ?
Damien Miller	aa3bb10	2005-11-05 15:12:59 +1100	[diff] [blame]	1743	"LOCALHOST" : options.remote_forwards[i].listen_host,
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	1744	options.remote_forwards[i].listen_port,
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1745	(options.remote_forwards[i].connect_path != NULL) ?
				1746	options.remote_forwards[i].connect_path :
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	1747	options.remote_forwards[i].connect_host,
				1748	options.remote_forwards[i].connect_port);
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	1749	options.remote_forwards[i].handle =
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1750	channel_request_remote_forwarding(ssh,
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1751	&options.remote_forwards[i]);
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	1752	if (options.remote_forwards[i].handle < 0) {
Darren Tucker	e7d4b19	2006-07-12 22:17:10 +1000	[diff] [blame]	1753	if (options.exit_on_forward_failure)
				1754	fatal("Could not request remote forwarding.");
				1755	else
				1756	logit("Warning: Could not request remote "
				1757	"forwarding.");
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	1758	} else {
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1759	client_register_global_confirm(
				1760	ssh_confirm_remote_forward,
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	1761	&options.remote_forwards[i]);
Darren Tucker	e7d4b19	2006-07-12 22:17:10 +1000	[diff] [blame]	1762	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1763	}
Damien Miller	b3ce9fe	2007-08-08 14:32:41 +1000	[diff] [blame]	1764
				1765	/* Initiate tunnel forwarding. */
				1766	if (options.tun_open != SSH_TUNMODE_NO) {
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1767	if ((*ifname = client_request_tun_fwd(ssh,
				1768	options.tun_open, options.tun_local,
				1769	options.tun_remote)) == NULL) {
Damien Miller	b3ce9fe	2007-08-08 14:32:41 +1000	[diff] [blame]	1770	if (options.exit_on_forward_failure)
				1771	fatal("Could not request tunnel forwarding.");
				1772	else
				1773	error("Could not request tunnel forwarding.");
				1774	}
djm@openbsd.org@openbsd.org	dbe0662	2017-10-27 01:57:06 +0000	[diff] [blame]	1775	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1776	}
				1777
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1778	static void
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1779	check_agent_present(void)
				1780	{
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1781	int r;
				1782
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1783	if (options.forward_agent) {
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	1784	/* Clear agent forwarding if we don't have an agent. */
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1785	if ((r = ssh_get_authentication_socket(NULL)) != 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1786	options.forward_agent = 0;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1787	if (r != SSH_ERR_AGENT_NOT_PRESENT)
				1788	debug("ssh_get_authentication_socket: %s",
				1789	ssh_err(r));
				1790	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1791	}
				1792	}
				1793
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1794	static void
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1795	ssh_session2_setup(struct ssh ssh, int id, int success, void arg)
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1796	{
Damien Miller	3756dce	2004-06-18 01:17:29 +1000	[diff] [blame]	1797	extern char **environ;
Damien Miller	17e7ed0	2005-06-17 12:54:33 +1000	[diff] [blame]	1798	const char *display;
Damien Miller	0e220db	2004-06-15 10:34:08 +1000	[diff] [blame]	1799	int interactive = tty_flag;
djm@openbsd.org	ed4ce82	2016-01-13 23:04:47 +0000	[diff] [blame]	1800	char proto = NULL, data = NULL;
Damien Miller	17e7ed0	2005-06-17 12:54:33 +1000	[diff] [blame]	1801
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	1802	if (!success)
				1803	return; /* No need for error message, channels code sens one */
				1804
Damien Miller	46d38de	2005-07-17 17:02:09 +1000	[diff] [blame]	1805	display = getenv("DISPLAY");
djm@openbsd.org	a58be33	2015-04-17 13:16:48 +0000	[diff] [blame]	1806	if (display == NULL && options.forward_x11)
				1807	debug("X11 forwarding requested but DISPLAY not set");
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1808	if (options.forward_x11 && client_x11_get_proto(ssh, display,
djm@openbsd.org	ed4ce82	2016-01-13 23:04:47 +0000	[diff] [blame]	1809	options.xauth_location, options.forward_x11_trusted,
				1810	options.forward_x11_timeout, &proto, &data) == 0) {
Damien Miller	bd483e7	2000-04-30 10:00:53 +1000	[diff] [blame]	1811	/* Request forwarding with authentication spoofing. */
Darren Tucker	d6173c0	2008-06-13 04:52:53 +1000	[diff] [blame]	1812	debug("Requesting X11 forwarding with authentication "
				1813	"spoofing.");
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1814	x11_request_forwarding_with_spoofing(ssh, id, display, proto,
Damien Miller	6d7b437	2011-06-23 08:31:57 +1000	[diff] [blame]	1815	data, 1);
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1816	client_expect_confirm(ssh, id, "X11 forwarding", CONFIRM_WARN);
Damien Miller	6d7b437	2011-06-23 08:31:57 +1000	[diff] [blame]	1817	/* XXX exit_on_forward_failure */
Ben Lindstrom	bf555ba	2001-01-18 02:04:35 +0000	[diff] [blame]	1818	interactive = 1;
Damien Miller	bd483e7	2000-04-30 10:00:53 +1000	[diff] [blame]	1819	}
				1820
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1821	check_agent_present();
				1822	if (options.forward_agent) {
				1823	debug("Requesting authentication agent forwarding.");
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1824	channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1825	packet_send();
				1826	}
				1827
Darren Tucker	7b30501	2012-07-02 18:55:09 +1000	[diff] [blame]	1828	/* Tell the packet module whether this is an interactive session. */
				1829	packet_set_interactive(interactive,
				1830	options.ip_qos_interactive, options.ip_qos_bulk);
				1831
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1832	client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"),
Damien Miller	5771ed7	2008-05-19 15:35:33 +1000	[diff] [blame]	1833	NULL, fileno(stdin), &command, environ);
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1834	}
				1835
Ben Lindstrom	f558cf6	2001-09-20 23:13:49 +0000	[diff] [blame]	1836	/* open new channel for a session */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1837	static int
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1838	ssh_session2_open(struct ssh *ssh)
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1839	{
Ben Lindstrom	99c73b3	2001-05-05 04:09:47 +0000	[diff] [blame]	1840	Channel *c;
				1841	int window, packetmax, in, out, err;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1842
Damien Miller	caf6dd6	2000-08-29 11:33:50 +1100	[diff] [blame]	1843	if (stdin_null_flag) {
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	1844	in = open(_PATH_DEVNULL, O_RDONLY);
Damien Miller	caf6dd6	2000-08-29 11:33:50 +1100	[diff] [blame]	1845	} else {
				1846	in = dup(STDIN_FILENO);
				1847	}
				1848	out = dup(STDOUT_FILENO);
				1849	err = dup(STDERR_FILENO);
				1850
				1851	if (in < 0 \|\| out < 0 \|\| err < 0)
				1852	fatal("dup() in/out/err failed");
				1853
Damien Miller	69b69aa	2000-10-28 14:19:58 +1100	[diff] [blame]	1854	/* enable nonblocking unless tty */
				1855	if (!isatty(in))
				1856	set_nonblock(in);
				1857	if (!isatty(out))
				1858	set_nonblock(out);
				1859	if (!isatty(err))
				1860	set_nonblock(err);
				1861
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1862	window = CHAN_SES_WINDOW_DEFAULT;
				1863	packetmax = CHAN_SES_PACKET_DEFAULT;
Damien Miller	19a5945	2002-02-19 15:20:57 +1100	[diff] [blame]	1864	if (tty_flag) {
				1865	window >>= 1;
				1866	packetmax >>= 1;
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1867	}
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1868	c = channel_new(ssh,
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1869	"session", SSH_CHANNEL_OPENING, in, out, err,
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1870	window, packetmax, CHAN_EXTENDED_WRITE,
Damien Miller	b1ca8bb	2003-05-14 13:45:42 +1000	[diff] [blame]	1871	"client-session", /nonblock/0);
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1872
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1873	debug3("%s: channel_new: %d", __func__, c->self);
Ben Lindstrom	4c3f77d	2001-04-05 23:37:36 +0000	[diff] [blame]	1874
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1875	channel_send_open(ssh, c->self);
Ben Lindstrom	f558cf6	2001-09-20 23:13:49 +0000	[diff] [blame]	1876	if (!no_shell_flag)
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1877	channel_register_open_confirm(ssh, c->self,
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	1878	ssh_session2_setup, NULL);
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame]	1879
Ben Lindstrom	99c73b3	2001-05-05 04:09:47 +0000	[diff] [blame]	1880	return c->self;
Ben Lindstrom	4c3f77d	2001-04-05 23:37:36 +0000	[diff] [blame]	1881	}
				1882
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1883	static int
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1884	ssh_session2(struct ssh ssh, struct passwd pw)
Ben Lindstrom	4c3f77d	2001-04-05 23:37:36 +0000	[diff] [blame]	1885	{
djm@openbsd.org	4d5456c	2017-10-25 00:21:37 +0000	[diff] [blame]	1886	int devnull, id = -1;
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1887	char cp, tun_fwd_ifname = NULL;
Ben Lindstrom	4c3f77d	2001-04-05 23:37:36 +0000	[diff] [blame]	1888
				1889	/* XXX should be pre-session */
Darren Tucker	2d6665d	2011-11-04 10:54:22 +1100	[diff] [blame]	1890	if (!options.control_persist)
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1891	ssh_init_stdio_forwarding(ssh);
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	1892
				1893	ssh_init_forwarding(ssh, &tun_fwd_ifname);
				1894
				1895	if (options.local_command != NULL) {
				1896	debug3("expanding LocalCommand: %s", options.local_command);
				1897	cp = options.local_command;
				1898	options.local_command = percent_expand(cp,
				1899	"C", conn_hash_hex,
				1900	"L", shorthost,
				1901	"d", pw->pw_dir,
				1902	"h", host,
				1903	"l", thishost,
				1904	"n", host_arg,
				1905	"p", portstr,
				1906	"r", options.user,
				1907	"u", pw->pw_name,
				1908	"T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname,
				1909	(char *)NULL);
				1910	debug3("expanded LocalCommand: %s", options.local_command);
				1911	free(cp);
				1912	}
Ben Lindstrom	4c3f77d	2001-04-05 23:37:36 +0000	[diff] [blame]	1913
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1914	/* Start listening for multiplex clients */
markus@openbsd.org	8d05784	2016-09-30 09:19:13 +0000	[diff] [blame]	1915	if (!packet_get_mux())
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1916	muxserver_listen(ssh);
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1917
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1918	/*
Darren Tucker	2d6665d	2011-11-04 10:54:22 +1100	[diff] [blame]	1919	* If we are in control persist mode and have a working mux listen
				1920	* socket, then prepare to background ourselves and have a foreground
				1921	* client attach as a control slave.
				1922	* NB. we must save copies of the flags that we override for
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1923	* the backgrounding, since we defer attachment of the slave until
				1924	* after the connection is fully established (in particular,
				1925	* async rfwd replies have been received for ExitOnForwardFailure).
				1926	*/
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1927	if (options.control_persist && muxserver_sock != -1) {
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1928	ostdin_null_flag = stdin_null_flag;
				1929	ono_shell_flag = no_shell_flag;
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	1930	orequest_tty = options.request_tty;
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1931	otty_flag = tty_flag;
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1932	stdin_null_flag = 1;
				1933	no_shell_flag = 1;
				1934	tty_flag = 0;
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1935	if (!fork_after_authentication_flag)
				1936	need_controlpersist_detach = 1;
				1937	fork_after_authentication_flag = 1;
djm@openbsd.org	b8bbff3	2018-02-13 03:36:56 +0000	[diff] [blame]	1938	}
Darren Tucker	2d6665d	2011-11-04 10:54:22 +1100	[diff] [blame]	1939	/*
				1940	* ControlPersist mux listen socket setup failed, attempt the
				1941	* stdio forward setup that we skipped earlier.
				1942	*/
				1943	if (options.control_persist && muxserver_sock == -1)
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1944	ssh_init_stdio_forwarding(ssh);
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1945
djm@openbsd.org	14b5c63	2018-01-23 05:27:21 +0000	[diff] [blame]	1946	if (!no_shell_flag)
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1947	id = ssh_session2_open(ssh);
Damien Miller	649fe02	2013-07-18 16:13:55 +1000	[diff] [blame]	1948	else {
				1949	packet_set_interactive(
				1950	options.control_master == SSHCTL_MASTER_NO,
				1951	options.ip_qos_interactive, options.ip_qos_bulk);
				1952	}
Ben Lindstrom	4c3f77d	2001-04-05 23:37:36 +0000	[diff] [blame]	1953
Darren Tucker	8901fa9	2008-06-11 09:34:01 +1000	[diff] [blame]	1954	/* If we don't expect to open a new session, then disallow it */
Damien Miller	456e6f0	2008-11-03 19:20:10 +1100	[diff] [blame]	1955	if (options.control_master == SSHCTL_MASTER_NO &&
				1956	(datafellows & SSH_NEW_OPENSSH)) {
Darren Tucker	8901fa9	2008-06-11 09:34:01 +1000	[diff] [blame]	1957	debug("Requesting no-more-sessions@openssh.com");
				1958	packet_start(SSH2_MSG_GLOBAL_REQUEST);
				1959	packet_put_cstring("no-more-sessions@openssh.com");
				1960	packet_put_char(0);
				1961	packet_send();
				1962	}
				1963
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	1964	/* Execute a local command */
				1965	if (options.local_command != NULL &&
				1966	options.permit_local_command)
				1967	ssh_local_cmd(options.local_command);
				1968
Damien Miller	1f25ab4	2010-07-16 13:56:23 +1000	[diff] [blame]	1969	/*
djm@openbsd.org	4d5456c	2017-10-25 00:21:37 +0000	[diff] [blame]	1970	* stdout is now owned by the session channel; clobber it here
				1971	* so future channel closes are propagated to the local fd.
				1972	* NB. this can only happen after LocalCommand has completed,
				1973	* as it may want to write to stdout.
				1974	*/
djm@openbsd.org@openbsd.org	939b30b	2017-11-01 00:04:15 +0000	[diff] [blame]	1975	if (!need_controlpersist_detach) {
				1976	if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1)
				1977	error("%s: open %s: %s", __func__,
				1978	_PATH_DEVNULL, strerror(errno));
				1979	if (dup2(devnull, STDOUT_FILENO) < 0)
				1980	fatal("%s: dup2() stdout failed", __func__);
				1981	if (devnull > STDERR_FILENO)
				1982	close(devnull);
				1983	}
djm@openbsd.org	4d5456c	2017-10-25 00:21:37 +0000	[diff] [blame]	1984
				1985	/*
Damien Miller	1f25ab4	2010-07-16 13:56:23 +1000	[diff] [blame]	1986	* If requested and we are not interested in replies to remote
				1987	* forwarding requests, then let ssh continue in the background.
				1988	*/
Damien Miller	e11e1ea	2010-08-03 16:04:46 +1000	[diff] [blame]	1989	if (fork_after_authentication_flag) {
				1990	if (options.exit_on_forward_failure &&
				1991	options.num_remote_forwards > 0) {
				1992	debug("deferring postauth fork until remote forward "
				1993	"confirmation received");
				1994	} else
				1995	fork_postauth();
Darren Tucker	9a2a609	2008-07-04 12:53:50 +1000	[diff] [blame]	1996	}
Ben Lindstrom	4c3f77d	2001-04-05 23:37:36 +0000	[diff] [blame]	1997
djm@openbsd.org	dbee411	2017-09-12 06:32:07 +0000	[diff] [blame]	1998	return client_loop(ssh, tty_flag, tty_flag ?
Ben Lindstrom	2b1f71b	2001-06-05 20:32:21 +0000	[diff] [blame]	1999	options.escape_char : SSH_ESCAPECHAR_NONE, id);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2000	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	2001
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2002	/* Loads all IdentityFile and CertificateFile keys */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2003	static void
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	2004	load_public_identity_files(struct passwd *pw)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	2005	{
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	2006	char filename, cp;
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	2007	struct sshkey *public;
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2008	int i;
				2009	u_int n_ids, n_certs;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2010	char *identity_files[SSH_MAX_IDENTITY_FILES];
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	2011	struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2012	char *certificate_files[SSH_MAX_CERTIFICATE_FILES];
				2013	struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	2014	#ifdef ENABLE_PKCS11
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	2015	struct sshkey **keys;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	2016	int nkeys;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2017	#endif /* PKCS11 */
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	2018
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2019	n_ids = n_certs = 0;
Damien Miller	1d2c456	2014-02-04 11:18:20 +1100	[diff] [blame]	2020	memset(identity_files, 0, sizeof(identity_files));
				2021	memset(identity_keys, 0, sizeof(identity_keys));
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2022	memset(certificate_files, 0, sizeof(certificate_files));
				2023	memset(certificates, 0, sizeof(certificates));
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2024
				2025	#ifdef ENABLE_PKCS11
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	2026	if (options.pkcs11_provider != NULL &&
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	2027	options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	2028	(pkcs11_init(!options.batch_mode) == 0) &&
				2029	(nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL,
				2030	&keys)) > 0) {
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	2031	for (i = 0; i < nkeys; i++) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2032	if (n_ids >= SSH_MAX_IDENTITY_FILES) {
				2033	key_free(keys[i]);
				2034	continue;
				2035	}
				2036	identity_keys[n_ids] = keys[i];
				2037	identity_files[n_ids] =
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	2038	xstrdup(options.pkcs11_provider); /* XXX */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2039	n_ids++;
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	2040	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2041	free(keys);
Ben Lindstrom	711b04a	2001-08-06 21:12:42 +0000	[diff] [blame]	2042	}
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	2043	#endif /* ENABLE_PKCS11 */
Damien Miller	6b1d53c	2006-03-31 23:13:21 +1100	[diff] [blame]	2044	if ((pw = getpwuid(original_real_uid)) == NULL)
				2045	fatal("load_public_identity_files: getpwuid failed");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2046	for (i = 0; i < options.num_identity_files; i++) {
Darren Tucker	15fd19c	2013-04-05 11:22:26 +1100	[diff] [blame]	2047	if (n_ids >= SSH_MAX_IDENTITY_FILES \|\|
				2048	strcasecmp(options.identity_files[i], "none") == 0) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2049	free(options.identity_files[i]);
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2050	options.identity_files[i] = NULL;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2051	continue;
				2052	}
Damien Miller	6b1d53c	2006-03-31 23:13:21 +1100	[diff] [blame]	2053	cp = tilde_expand_filename(options.identity_files[i],
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	2054	original_real_uid);
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	2055	filename = percent_expand(cp, "d", pw->pw_dir,
				2056	"u", pw->pw_name, "l", thishost, "h", host,
Damien Miller	6b1d53c	2006-03-31 23:13:21 +1100	[diff] [blame]	2057	"r", options.user, (char *)NULL);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2058	free(cp);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	2059	public = key_load_public(filename, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	2060	debug("identity file %s type %d", filename,
				2061	public ? public->type : -1);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2062	free(options.identity_files[i]);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2063	identity_files[n_ids] = filename;
				2064	identity_keys[n_ids] = public;
				2065
				2066	if (++n_ids >= SSH_MAX_IDENTITY_FILES)
				2067	continue;
				2068
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2069	/*
				2070	* If no certificates have been explicitly listed then try
				2071	* to add the default certificate variant too.
				2072	*/
				2073	if (options.num_certificate_files != 0)
				2074	continue;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2075	xasprintf(&cp, "%s-cert", filename);
				2076	public = key_load_public(cp, NULL);
				2077	debug("identity file %s type %d", cp,
				2078	public ? public->type : -1);
				2079	if (public == NULL) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2080	free(cp);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2081	continue;
				2082	}
				2083	if (!key_is_cert(public)) {
				2084	debug("%s: key %s type %s is not a certificate",
				2085	__func__, cp, key_type(public));
				2086	key_free(public);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2087	free(cp);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2088	continue;
				2089	}
djm@openbsd.org	b4867e0	2016-12-06 07:48:01 +0000	[diff] [blame]	2090	/* NB. leave filename pointing to private key */
				2091	identity_files[n_ids] = xstrdup(filename);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2092	identity_keys[n_ids] = public;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2093	n_ids++;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	2094	}
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2095
				2096	if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES)
				2097	fatal("%s: too many certificates", __func__);
				2098	for (i = 0; i < options.num_certificate_files; i++) {
				2099	cp = tilde_expand_filename(options.certificate_files[i],
				2100	original_real_uid);
djm@openbsd.org	b7548b1	2017-10-23 05:08:00 +0000	[diff] [blame]	2101	filename = percent_expand(cp, "d", pw->pw_dir,
				2102	"u", pw->pw_name, "l", thishost, "h", host,
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2103	"r", options.user, (char *)NULL);
				2104	free(cp);
				2105
				2106	public = key_load_public(filename, NULL);
				2107	debug("certificate file %s type %d", filename,
				2108	public ? public->type : -1);
				2109	free(options.certificate_files[i]);
				2110	options.certificate_files[i] = NULL;
				2111	if (public == NULL) {
				2112	free(filename);
				2113	continue;
				2114	}
				2115	if (!key_is_cert(public)) {
				2116	debug("%s: key %s type %s is not a certificate",
				2117	__func__, filename, key_type(public));
				2118	key_free(public);
				2119	free(filename);
				2120	continue;
				2121	}
				2122	certificate_files[n_certs] = filename;
				2123	certificates[n_certs] = public;
				2124	++n_certs;
				2125	}
				2126
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2127	options.num_identity_files = n_ids;
				2128	memcpy(options.identity_files, identity_files, sizeof(identity_files));
				2129	memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
				2130
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	2131	options.num_certificate_files = n_certs;
				2132	memcpy(options.certificate_files,
				2133	certificate_files, sizeof(certificate_files));
				2134	memcpy(options.certificates, certificates, sizeof(certificates));
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	2135	}
Damien Miller	857b02e	2010-09-24 22:02:56 +1000	[diff] [blame]	2136
				2137	static void
				2138	main_sigchld_handler(int sig)
				2139	{
				2140	int save_errno = errno;
				2141	pid_t pid;
				2142	int status;
				2143
				2144	while ((pid = waitpid(-1, &status, WNOHANG)) > 0 \|\|
				2145	(pid < 0 && errno == EINTR))
				2146	;
Damien Miller	857b02e	2010-09-24 22:02:56 +1000	[diff] [blame]	2147	errno = save_errno;
				2148	}