blob: 16284f824bc05f183f0dc15f54d84e79b6af2d13 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11005 * Ssh client program. This program can be used to log into a remote machine.
6 * The software supports strong authentication, encryption, and forwarding
7 * of X11, TCP/IP, and authentication connections.
8 *
Damien Millere4340be2000-09-16 13:29:08 +11009 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 *
15 * Copyright (c) 1999 Niels Provos. All rights reserved.
Darren Tucker0a118da2003-10-15 15:54:32 +100016 * Copyright (c) 2000, 2001, 2002, 2003 Markus Friedl. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110017 *
18 * Modified to work with SSL by Niels Provos <provos@citi.umich.edu>
19 * in Canada (German citizen).
20 *
21 * Redistribution and use in source and binary forms, with or without
22 * modification, are permitted provided that the following conditions
23 * are met:
24 * 1. Redistributions of source code must retain the above copyright
25 * notice, this list of conditions and the following disclaimer.
26 * 2. Redistributions in binary form must reproduce the above copyright
27 * notice, this list of conditions and the following disclaimer in the
28 * documentation and/or other materials provided with the distribution.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
31 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
33 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
34 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
35 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
36 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
37 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
38 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
39 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller95def091999-11-25 00:26:21 +110040 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100041
42#include "includes.h"
Darren Tuckerba5c5922004-06-18 16:22:39 +100043RCSID("$OpenBSD: ssh.c,v 1.217 2004/06/17 23:56:57 djm Exp $");
Damien Millereba71ba2000-04-29 23:57:08 +100044
45#include <openssl/evp.h>
Damien Miller0bc1bd82000-11-13 22:57:25 +110046#include <openssl/err.h>
Damien Millerd4a8b7e1999-10-27 13:42:43 +100047
Damien Millerd4a8b7e1999-10-27 13:42:43 +100048#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000049#include "ssh1.h"
Damien Miller1383bd82000-04-06 12:32:37 +100050#include "ssh2.h"
51#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000052#include "cipher.h"
53#include "xmalloc.h"
54#include "packet.h"
55#include "buffer.h"
Damien Miller0e220db2004-06-15 10:34:08 +100056#include "bufaux.h"
Ben Lindstromc7637672001-06-09 00:36:26 +000057#include "channels.h"
Damien Millereba71ba2000-04-29 23:57:08 +100058#include "key.h"
Damien Miller994cf142000-07-21 10:19:44 +100059#include "authfd.h"
Damien Millereba71ba2000-04-29 23:57:08 +100060#include "authfile.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000061#include "pathnames.h"
Damien Miller0e220db2004-06-15 10:34:08 +100062#include "dispatch.h"
Ben Lindstrombf555ba2001-01-18 02:04:35 +000063#include "clientloop.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000064#include "log.h"
65#include "readconf.h"
66#include "sshconnect.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000067#include "misc.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000068#include "kex.h"
69#include "mac.h"
Darren Tucker06f2bd82004-05-13 16:06:46 +100070#include "sshpty.h"
Darren Tucker46bc0752004-05-02 22:11:30 +100071#include "match.h"
Damien Miller0e220db2004-06-15 10:34:08 +100072#include "msg.h"
73#include "monitor_fdpass.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100074
Ben Lindstromc5b68002001-07-04 04:52:03 +000075#ifdef SMARTCARD
Ben Lindstromc5b68002001-07-04 04:52:03 +000076#include "scard.h"
Ben Lindstrombcc18082001-08-06 21:59:25 +000077#endif
Ben Lindstromc5b68002001-07-04 04:52:03 +000078
Damien Miller3f905871999-11-15 17:10:57 +110079#ifdef HAVE___PROGNAME
80extern char *__progname;
Ben Lindstrom49a79c02000-11-17 03:47:20 +000081#else
82char *__progname;
83#endif
Damien Miller3f905871999-11-15 17:10:57 +110084
Damien Miller95def091999-11-25 00:26:21 +110085/* Flag indicating whether debug mode is on. This can be set on the command line. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100086int debug_flag = 0;
87
Damien Miller78928792000-04-12 20:17:38 +100088/* Flag indicating whether a tty should be allocated */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100089int tty_flag = 0;
Ben Lindstrom4dccfa52000-12-28 16:40:05 +000090int no_tty_flag = 0;
91int force_tty_flag = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100092
Damien Miller1383bd82000-04-06 12:32:37 +100093/* don't exec a shell */
94int no_shell_flag = 0;
Damien Miller1383bd82000-04-06 12:32:37 +100095
Damien Miller5428f641999-11-25 11:54:57 +110096/*
97 * Flag indicating that nothing should be read from stdin. This can be set
98 * on the command line.
99 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000100int stdin_null_flag = 0;
101
Damien Miller5428f641999-11-25 11:54:57 +1100102/*
103 * Flag indicating that ssh should fork after authentication. This is useful
Ben Lindstromf666fec2002-06-06 19:51:58 +0000104 * so that the passphrase can be entered manually, and then ssh goes to the
Damien Miller5428f641999-11-25 11:54:57 +1100105 * background.
106 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000107int fork_after_authentication_flag = 0;
108
Damien Miller5428f641999-11-25 11:54:57 +1100109/*
110 * General data structure for command line options and options configurable
111 * in configuration files. See readconf.h.
112 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000113Options options;
114
Ben Lindstrom14f31ab2001-09-12 17:48:04 +0000115/* optional user configfile */
116char *config = NULL;
117
Damien Miller5428f641999-11-25 11:54:57 +1100118/*
119 * Name of the host we are connecting to. This is the name given on the
120 * command line, or the HostName specified for the user-supplied name in a
121 * configuration file.
122 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000123char *host;
124
125/* socket address the host resolves to */
Damien Miller34132e52000-01-14 15:45:46 +1100126struct sockaddr_storage hostaddr;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000127
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000128/* Private host keys. */
Ben Lindstrom1bad2562002-06-06 19:57:33 +0000129Sensitive sensitive_data;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000130
131/* Original real UID. */
132uid_t original_real_uid;
Ben Lindstromf9c48842002-06-11 16:37:51 +0000133uid_t original_effective_uid;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000134
Damien Miller1383bd82000-04-06 12:32:37 +1000135/* command to be executed */
136Buffer command;
137
Damien Miller832562e2001-01-30 09:30:01 +1100138/* Should we execute a command or invoke a subsystem? */
139int subsystem_flag = 0;
140
Damien Miller2797f7f2002-04-23 21:09:44 +1000141/* # of replies received for global requests */
142static int client_global_request_id = 0;
143
Damien Miller8c4e18a2002-09-19 12:05:02 +1000144/* pid of proxycommand child process */
145pid_t proxy_command_pid = 0;
146
Damien Miller0e220db2004-06-15 10:34:08 +1000147/* fd to control socket */
148int control_fd = -1;
149
150/* Only used in control client mode */
151volatile sig_atomic_t control_client_terminate = 0;
152u_int control_server_pid = 0;
153
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000154/* Prints a help message to the user. This function never returns. */
155
Ben Lindstrombba81212001-06-25 05:01:22 +0000156static void
Ben Lindstrom31ca54a2001-02-09 02:11:24 +0000157usage(void)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000158{
Damien Miller50955102004-03-22 09:34:58 +1100159 fprintf(stderr,
Darren Tuckerba5c5922004-06-18 16:22:39 +1000160"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
Damien Miller50955102004-03-22 09:34:58 +1100161" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n"
162" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n"
Darren Tuckerba5c5922004-06-18 16:22:39 +1000163" [-p port] [-R port:host:hostport] [-S ctl_path]\n"
164" [user@]hostname [command]\n"
Damien Miller50955102004-03-22 09:34:58 +1100165 );
Damien Miller95def091999-11-25 00:26:21 +1100166 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000167}
168
Ben Lindstrombba81212001-06-25 05:01:22 +0000169static int ssh_session(void);
170static int ssh_session2(void);
171static void load_public_identity_files(void);
Damien Miller0e220db2004-06-15 10:34:08 +1000172static void control_client(const char *path);
Damien Miller1383bd82000-04-06 12:32:37 +1000173
Damien Miller95def091999-11-25 00:26:21 +1100174/*
175 * Main program for the ssh client.
176 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000177int
178main(int ac, char **av)
179{
Ben Lindstrom24157572002-06-12 16:09:39 +0000180 int i, opt, exit_status;
Damien Milleraae6c611999-12-06 11:47:28 +1100181 u_short fwd_port, fwd_host_port;
Ben Lindstrom1a174712001-09-12 17:56:15 +0000182 char sfwd_port[6], sfwd_host_port[6];
Damien Miller9836cf82003-12-17 16:30:06 +1100183 char *p, *cp, *line, buf[256];
Damien Miller95def091999-11-25 00:26:21 +1100184 struct stat st;
Ben Lindstrom086cf212001-03-05 05:56:40 +0000185 struct passwd *pw;
Damien Miller1383bd82000-04-06 12:32:37 +1000186 int dummy;
Ben Lindstrom5ccf63a2001-09-24 20:00:10 +0000187 extern int optind, optreset;
Damien Miller4f8e6692001-07-14 13:22:53 +1000188 extern char *optarg;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000189
Damien Miller59d3d5b2003-08-22 09:34:41 +1000190 __progname = ssh_get_progname(av[0]);
Damien Millerf9b625c2000-07-09 22:42:32 +1000191 init_rng();
192
Damien Miller5428f641999-11-25 11:54:57 +1100193 /*
194 * Save the original real uid. It will be needed later (uid-swapping
195 * may clobber the real uid).
196 */
Damien Miller95def091999-11-25 00:26:21 +1100197 original_real_uid = getuid();
198 original_effective_uid = geteuid();
Damien Millera8e06ce2003-11-21 23:48:55 +1100199
Damien Miller50b9a602002-09-04 16:50:06 +1000200 /*
201 * Use uid-swapping to give up root privileges for the duration of
202 * option processing. We will re-instantiate the rights when we are
203 * ready to create the privileged port, and will permanently drop
204 * them when the port has been created (actually, when the connection
205 * has been made, as we may need to create the port several times).
206 */
207 PRIV_END;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000208
Damien Miller05dd7952000-10-01 00:42:48 +1100209#ifdef HAVE_SETRLIMIT
Damien Miller95def091999-11-25 00:26:21 +1100210 /* If we are installed setuid root be careful to not drop core. */
211 if (original_real_uid != original_effective_uid) {
212 struct rlimit rlim;
213 rlim.rlim_cur = rlim.rlim_max = 0;
214 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
215 fatal("setrlimit failed: %.100s", strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000216 }
Damien Millerbac2d8a2000-09-05 16:13:06 +1100217#endif
Ben Lindstrom3fcf1a22001-04-08 18:26:59 +0000218 /* Get user data. */
219 pw = getpwuid(original_real_uid);
220 if (!pw) {
Damien Miller996acd22003-04-09 20:59:48 +1000221 logit("You don't exist, go away!");
Ben Lindstrom3fcf1a22001-04-08 18:26:59 +0000222 exit(1);
223 }
224 /* Take a copy of the returned structure. */
225 pw = pwcopy(pw);
226
Damien Miller5428f641999-11-25 11:54:57 +1100227 /*
Damien Miller5428f641999-11-25 11:54:57 +1100228 * Set our umask to something reasonable, as some files are created
229 * with the default umask. This will make them world-readable but
230 * writable only by the owner, which is ok for all files for which we
231 * don't set the modes explicitly.
232 */
Damien Miller95def091999-11-25 00:26:21 +1100233 umask(022);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000234
Damien Miller95def091999-11-25 00:26:21 +1100235 /* Initialize option structure to indicate that no values have been set. */
236 initialize_options(&options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000237
Damien Miller95def091999-11-25 00:26:21 +1100238 /* Parse command-line arguments. */
239 host = NULL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000240
Damien Millerf4614452001-07-14 12:18:10 +1000241again:
242 while ((opt = getopt(ac, av,
Damien Miller0e220db2004-06-15 10:34:08 +1000243 "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) {
Damien Miller95def091999-11-25 00:26:21 +1100244 switch (opt) {
Ben Lindstrom1e7d3062001-02-09 02:36:43 +0000245 case '1':
246 options.protocol = SSH_PROTO_1;
247 break;
Damien Miller4af51302000-04-16 11:18:38 +1000248 case '2':
249 options.protocol = SSH_PROTO_2;
250 break;
Damien Miller34132e52000-01-14 15:45:46 +1100251 case '4':
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000252 options.address_family = AF_INET;
Damien Miller34132e52000-01-14 15:45:46 +1100253 break;
Damien Miller34132e52000-01-14 15:45:46 +1100254 case '6':
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000255 options.address_family = AF_INET6;
Damien Miller34132e52000-01-14 15:45:46 +1100256 break;
Damien Miller95def091999-11-25 00:26:21 +1100257 case 'n':
258 stdin_null_flag = 1;
259 break;
Damien Miller95def091999-11-25 00:26:21 +1100260 case 'f':
261 fork_after_authentication_flag = 1;
262 stdin_null_flag = 1;
263 break;
Damien Miller95def091999-11-25 00:26:21 +1100264 case 'x':
265 options.forward_x11 = 0;
266 break;
Damien Miller95def091999-11-25 00:26:21 +1100267 case 'X':
268 options.forward_x11 = 1;
269 break;
Darren Tucker0a118da2003-10-15 15:54:32 +1000270 case 'Y':
271 options.forward_x11 = 1;
272 options.forward_x11_trusted = 1;
273 break;
Damien Miller95def091999-11-25 00:26:21 +1100274 case 'g':
275 options.gateway_ports = 1;
276 break;
Damien Miller147bba32002-09-04 16:46:06 +1000277 case 'P': /* deprecated */
Damien Miller95def091999-11-25 00:26:21 +1100278 options.use_privileged_port = 0;
279 break;
Damien Miller95def091999-11-25 00:26:21 +1100280 case 'a':
281 options.forward_agent = 0;
282 break;
Damien Millerb1715dc2000-05-30 13:44:51 +1000283 case 'A':
284 options.forward_agent = 1;
285 break;
Damien Miller95def091999-11-25 00:26:21 +1100286 case 'k':
Damien Millere0113cc2003-11-24 13:10:09 +1100287 options.gss_deleg_creds = 0;
Damien Miller95def091999-11-25 00:26:21 +1100288 break;
Damien Miller95def091999-11-25 00:26:21 +1100289 case 'i':
290 if (stat(optarg, &st) < 0) {
Damien Millerf4614452001-07-14 12:18:10 +1000291 fprintf(stderr, "Warning: Identity file %s "
292 "does not exist.\n", optarg);
Damien Miller95def091999-11-25 00:26:21 +1100293 break;
294 }
Damien Millerf4614452001-07-14 12:18:10 +1000295 if (options.num_identity_files >=
296 SSH_MAX_IDENTITY_FILES)
297 fatal("Too many identity files specified "
298 "(max %d)", SSH_MAX_IDENTITY_FILES);
299 options.identity_files[options.num_identity_files++] =
300 xstrdup(optarg);
Damien Miller95def091999-11-25 00:26:21 +1100301 break;
Ben Lindstromc5b68002001-07-04 04:52:03 +0000302 case 'I':
303#ifdef SMARTCARD
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000304 options.smartcard_device = xstrdup(optarg);
Ben Lindstrombcc18082001-08-06 21:59:25 +0000305#else
Ben Lindstromc5b68002001-07-04 04:52:03 +0000306 fprintf(stderr, "no support for smartcards.\n");
Ben Lindstrombcc18082001-08-06 21:59:25 +0000307#endif
Ben Lindstromc5b68002001-07-04 04:52:03 +0000308 break;
Damien Miller95def091999-11-25 00:26:21 +1100309 case 't':
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000310 if (tty_flag)
311 force_tty_flag = 1;
Damien Miller95def091999-11-25 00:26:21 +1100312 tty_flag = 1;
313 break;
Damien Miller95def091999-11-25 00:26:21 +1100314 case 'v':
Darren Tuckere98dfa32003-07-19 19:54:31 +1000315 if (debug_flag == 0) {
Damien Millere4340be2000-09-16 13:29:08 +1100316 debug_flag = 1;
317 options.log_level = SYSLOG_LEVEL_DEBUG1;
Darren Tuckere98dfa32003-07-19 19:54:31 +1000318 } else {
319 if (options.log_level < SYSLOG_LEVEL_DEBUG3)
320 options.log_level++;
Damien Millere4340be2000-09-16 13:29:08 +1100321 break;
Darren Tuckere98dfa32003-07-19 19:54:31 +1000322 }
Damien Millere4340be2000-09-16 13:29:08 +1100323 /* fallthrough */
Damien Miller95def091999-11-25 00:26:21 +1100324 case 'V':
Damien Miller0c889cd2004-03-22 09:36:00 +1100325 fprintf(stderr, "%s, %s\n",
326 SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
Damien Miller95def091999-11-25 00:26:21 +1100327 if (opt == 'V')
328 exit(0);
Damien Miller95def091999-11-25 00:26:21 +1100329 break;
Damien Miller95def091999-11-25 00:26:21 +1100330 case 'q':
331 options.log_level = SYSLOG_LEVEL_QUIET;
332 break;
Damien Miller95def091999-11-25 00:26:21 +1100333 case 'e':
334 if (optarg[0] == '^' && optarg[2] == 0 &&
Damien Millerf4614452001-07-14 12:18:10 +1000335 (u_char) optarg[1] >= 64 &&
336 (u_char) optarg[1] < 128)
Ben Lindstrom46c16222000-12-22 01:43:59 +0000337 options.escape_char = (u_char) optarg[1] & 31;
Damien Miller95def091999-11-25 00:26:21 +1100338 else if (strlen(optarg) == 1)
Ben Lindstrom46c16222000-12-22 01:43:59 +0000339 options.escape_char = (u_char) optarg[0];
Damien Miller95def091999-11-25 00:26:21 +1100340 else if (strcmp(optarg, "none") == 0)
Ben Lindstrom2b1f71b2001-06-05 20:32:21 +0000341 options.escape_char = SSH_ESCAPECHAR_NONE;
Damien Miller95def091999-11-25 00:26:21 +1100342 else {
Damien Millerf4614452001-07-14 12:18:10 +1000343 fprintf(stderr, "Bad escape character '%s'.\n",
344 optarg);
Damien Miller95def091999-11-25 00:26:21 +1100345 exit(1);
346 }
347 break;
Damien Miller95def091999-11-25 00:26:21 +1100348 case 'c':
Damien Millereba71ba2000-04-29 23:57:08 +1000349 if (ciphers_valid(optarg)) {
350 /* SSH2 only */
351 options.ciphers = xstrdup(optarg);
Damien Miller30c3d422000-05-09 11:02:59 +1000352 options.cipher = SSH_CIPHER_ILLEGAL;
Damien Millereba71ba2000-04-29 23:57:08 +1000353 } else {
354 /* SSH1 only */
Damien Millere39cacc2000-11-29 12:18:44 +1100355 options.cipher = cipher_number(optarg);
356 if (options.cipher == -1) {
Damien Millerf4614452001-07-14 12:18:10 +1000357 fprintf(stderr,
358 "Unknown cipher type '%s'\n",
359 optarg);
Damien Millereba71ba2000-04-29 23:57:08 +1000360 exit(1);
361 }
Damien Millerf4614452001-07-14 12:18:10 +1000362 if (options.cipher == SSH_CIPHER_3DES)
Damien Millere39cacc2000-11-29 12:18:44 +1100363 options.ciphers = "3des-cbc";
Damien Millerf4614452001-07-14 12:18:10 +1000364 else if (options.cipher == SSH_CIPHER_BLOWFISH)
Damien Millere39cacc2000-11-29 12:18:44 +1100365 options.ciphers = "blowfish-cbc";
Damien Millerf4614452001-07-14 12:18:10 +1000366 else
Damien Millere39cacc2000-11-29 12:18:44 +1100367 options.ciphers = (char *)-1;
Damien Miller95def091999-11-25 00:26:21 +1100368 }
369 break;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000370 case 'm':
371 if (mac_valid(optarg))
372 options.macs = xstrdup(optarg);
373 else {
Damien Millerf4614452001-07-14 12:18:10 +1000374 fprintf(stderr, "Unknown mac type '%s'\n",
375 optarg);
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000376 exit(1);
377 }
378 break;
Damien Miller0e220db2004-06-15 10:34:08 +1000379 case 'M':
380 options.control_master = 1;
381 break;
Damien Miller95def091999-11-25 00:26:21 +1100382 case 'p':
Ben Lindstrom19066a12001-04-12 23:39:26 +0000383 options.port = a2port(optarg);
384 if (options.port == 0) {
Ben Lindstrom146edb92001-04-11 23:06:28 +0000385 fprintf(stderr, "Bad port '%s'\n", optarg);
386 exit(1);
387 }
Damien Miller95def091999-11-25 00:26:21 +1100388 break;
Damien Miller95def091999-11-25 00:26:21 +1100389 case 'l':
390 options.user = optarg;
391 break;
Ben Lindstrom1a174712001-09-12 17:56:15 +0000392
Damien Miller95def091999-11-25 00:26:21 +1100393 case 'L':
Ben Lindstrom1a174712001-09-12 17:56:15 +0000394 case 'R':
Damien Miller1ea71662003-05-14 22:33:58 +1000395 if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",
Ben Lindstrom1a174712001-09-12 17:56:15 +0000396 sfwd_port, buf, sfwd_host_port) != 3 &&
Damien Miller1ea71662003-05-14 22:33:58 +1000397 sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",
Ben Lindstrom1a174712001-09-12 17:56:15 +0000398 sfwd_port, buf, sfwd_host_port) != 3) {
Damien Millerf4614452001-07-14 12:18:10 +1000399 fprintf(stderr,
Ben Lindstrom1a174712001-09-12 17:56:15 +0000400 "Bad forwarding specification '%s'\n",
Damien Millerf4614452001-07-14 12:18:10 +1000401 optarg);
Damien Miller95def091999-11-25 00:26:21 +1100402 usage();
403 /* NOTREACHED */
404 }
Ben Lindstrom1a174712001-09-12 17:56:15 +0000405 if ((fwd_port = a2port(sfwd_port)) == 0 ||
Ben Lindstrom6328ab32002-03-22 02:54:23 +0000406 (fwd_host_port = a2port(sfwd_host_port)) == 0) {
Ben Lindstrom1a174712001-09-12 17:56:15 +0000407 fprintf(stderr,
408 "Bad forwarding port(s) '%s'\n", optarg);
409 exit(1);
410 }
411 if (opt == 'L')
412 add_local_forward(&options, fwd_port, buf,
413 fwd_host_port);
414 else if (opt == 'R')
415 add_remote_forward(&options, fwd_port, buf,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100416 fwd_host_port);
Damien Miller95def091999-11-25 00:26:21 +1100417 break;
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000418
419 case 'D':
Ben Lindstrom19066a12001-04-12 23:39:26 +0000420 fwd_port = a2port(optarg);
421 if (fwd_port == 0) {
Damien Millerf4614452001-07-14 12:18:10 +1000422 fprintf(stderr, "Bad dynamic port '%s'\n",
423 optarg);
Ben Lindstrom146edb92001-04-11 23:06:28 +0000424 exit(1);
425 }
Darren Tucker1c52ee32003-08-13 20:38:36 +1000426 add_local_forward(&options, fwd_port, "socks", 0);
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000427 break;
428
Damien Miller95def091999-11-25 00:26:21 +1100429 case 'C':
430 options.compression = 1;
431 break;
Damien Miller1383bd82000-04-06 12:32:37 +1000432 case 'N':
433 no_shell_flag = 1;
434 no_tty_flag = 1;
435 break;
Damien Miller1383bd82000-04-06 12:32:37 +1000436 case 'T':
437 no_tty_flag = 1;
438 break;
Damien Miller95def091999-11-25 00:26:21 +1100439 case 'o':
440 dummy = 1;
Damien Miller9836cf82003-12-17 16:30:06 +1100441 line = xstrdup(optarg);
Damien Millerf4614452001-07-14 12:18:10 +1000442 if (process_config_line(&options, host ? host : "",
Damien Miller9836cf82003-12-17 16:30:06 +1100443 line, "command-line", 0, &dummy) != 0)
Damien Miller95def091999-11-25 00:26:21 +1100444 exit(1);
Damien Miller9836cf82003-12-17 16:30:06 +1100445 xfree(line);
Damien Miller95def091999-11-25 00:26:21 +1100446 break;
Damien Miller832562e2001-01-30 09:30:01 +1100447 case 's':
448 subsystem_flag = 1;
449 break;
Damien Miller0e220db2004-06-15 10:34:08 +1000450 case 'S':
451 if (options.control_path != NULL)
452 free(options.control_path);
453 options.control_path = xstrdup(optarg);
454 if (options.control_master == -1)
455 options.control_master = 0;
456 break;
Ben Lindstrome0f88042001-04-30 13:06:24 +0000457 case 'b':
458 options.bind_address = optarg;
459 break;
Ben Lindstrom14f31ab2001-09-12 17:48:04 +0000460 case 'F':
461 config = optarg;
462 break;
Damien Miller95def091999-11-25 00:26:21 +1100463 default:
464 usage();
465 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000466 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000467
Damien Millerf4614452001-07-14 12:18:10 +1000468 ac -= optind;
469 av += optind;
470
471 if (ac > 0 && !host && **av != '-') {
Ben Lindstromc276c122002-12-23 02:14:51 +0000472 if (strrchr(*av, '@')) {
Damien Millerf4614452001-07-14 12:18:10 +1000473 p = xstrdup(*av);
Ben Lindstromc276c122002-12-23 02:14:51 +0000474 cp = strrchr(p, '@');
Damien Millerf4614452001-07-14 12:18:10 +1000475 if (cp == NULL || cp == p)
476 usage();
477 options.user = p;
478 *cp = '\0';
479 host = ++cp;
480 } else
481 host = *av;
Ben Lindstromb9fa6912002-12-23 02:24:54 +0000482 if (ac > 1) {
483 optind = optreset = 1;
Damien Millerf4614452001-07-14 12:18:10 +1000484 goto again;
485 }
Ben Lindstromb9fa6912002-12-23 02:24:54 +0000486 ac--, av++;
Damien Millerf4614452001-07-14 12:18:10 +1000487 }
488
Damien Miller95def091999-11-25 00:26:21 +1100489 /* Check that we got a host name. */
490 if (!host)
491 usage();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000492
Damien Millercb5e44a2000-09-29 12:12:36 +1100493 SSLeay_add_all_algorithms();
Damien Miller0bc1bd82000-11-13 22:57:25 +1100494 ERR_load_crypto_strings();
Damien Millercb5e44a2000-09-29 12:12:36 +1100495
Damien Miller95def091999-11-25 00:26:21 +1100496 /* Initialize the command to execute on remote host. */
497 buffer_init(&command);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000498
Damien Miller5428f641999-11-25 11:54:57 +1100499 /*
500 * Save the command to execute on the remote host in a buffer. There
501 * is no limit on the length of the command, except by the maximum
502 * packet size. Also sets the tty flag if there is no command.
503 */
Damien Millerf4614452001-07-14 12:18:10 +1000504 if (!ac) {
Damien Miller95def091999-11-25 00:26:21 +1100505 /* No command specified - execute shell on a tty. */
506 tty_flag = 1;
Damien Miller832562e2001-01-30 09:30:01 +1100507 if (subsystem_flag) {
Damien Millerf4614452001-07-14 12:18:10 +1000508 fprintf(stderr,
509 "You must specify a subsystem to invoke.\n");
Damien Miller832562e2001-01-30 09:30:01 +1100510 usage();
511 }
Damien Miller95def091999-11-25 00:26:21 +1100512 } else {
Damien Millerf4614452001-07-14 12:18:10 +1000513 /* A command has been specified. Store it into the buffer. */
514 for (i = 0; i < ac; i++) {
515 if (i)
Damien Miller95def091999-11-25 00:26:21 +1100516 buffer_append(&command, " ", 1);
517 buffer_append(&command, av[i], strlen(av[i]));
518 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000519 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000520
Damien Miller95def091999-11-25 00:26:21 +1100521 /* Cannot fork to background if no command. */
Damien Millercaf6dd62000-08-29 11:33:50 +1100522 if (fork_after_authentication_flag && buffer_len(&command) == 0 && !no_shell_flag)
Damien Miller95def091999-11-25 00:26:21 +1100523 fatal("Cannot fork into background without a command to execute.");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000524
Damien Miller95def091999-11-25 00:26:21 +1100525 /* Allocate a tty by default if no command specified. */
526 if (buffer_len(&command) == 0)
527 tty_flag = 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000528
Ben Lindstroma962c2f2002-07-04 00:14:17 +0000529 /* Force no tty */
Ben Lindstromc72745a2000-12-02 19:03:54 +0000530 if (no_tty_flag)
531 tty_flag = 0;
Damien Miller95def091999-11-25 00:26:21 +1100532 /* Do not allocate a tty if stdin is not a tty. */
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000533 if (!isatty(fileno(stdin)) && !force_tty_flag) {
Damien Miller95def091999-11-25 00:26:21 +1100534 if (tty_flag)
Damien Miller996acd22003-04-09 20:59:48 +1000535 logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
Damien Miller95def091999-11-25 00:26:21 +1100536 tty_flag = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000537 }
Damien Miller1383bd82000-04-06 12:32:37 +1000538
Ben Lindstrom8a432f52001-03-05 07:24:46 +0000539 /*
540 * Initialize "log" output. Since we are the client all output
541 * actually goes to stderr.
542 */
Ben Lindstrom2b646522001-04-12 16:16:57 +0000543 log_init(av[0], options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
544 SYSLOG_FACILITY_USER, 1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000545
Ben Lindstrom14f31ab2001-09-12 17:48:04 +0000546 /*
547 * Read per-user configuration file. Ignore the system wide config
548 * file if the user specifies a config file on the command line.
549 */
550 if (config != NULL) {
Damien Miller914420f2004-04-20 20:14:07 +1000551 if (!read_config_file(config, host, &options, 0))
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000552 fatal("Can't open user config file %.100s: "
553 "%.100s", config, strerror(errno));
Ben Lindstrom14f31ab2001-09-12 17:48:04 +0000554 } else {
555 snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
556 _PATH_SSH_USER_CONFFILE);
Damien Miller57a44762004-04-20 20:11:57 +1000557 (void)read_config_file(buf, host, &options, 1);
Ben Lindstrom83f07d12001-10-03 17:22:29 +0000558
559 /* Read systemwide configuration file after use config. */
Damien Miller57a44762004-04-20 20:11:57 +1000560 (void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
561 &options, 0);
Ben Lindstrom14f31ab2001-09-12 17:48:04 +0000562 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000563
Damien Miller95def091999-11-25 00:26:21 +1100564 /* Fill configuration defaults. */
565 fill_default_options(&options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000566
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000567 channel_set_af(options.address_family);
568
Damien Miller95def091999-11-25 00:26:21 +1100569 /* reinit */
Ben Lindstrom8a432f52001-03-05 07:24:46 +0000570 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000571
Damien Miller60bc5172001-03-19 09:38:15 +1100572 seed_rng();
573
Damien Miller95def091999-11-25 00:26:21 +1100574 if (options.user == NULL)
575 options.user = xstrdup(pw->pw_name);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000576
Damien Miller95def091999-11-25 00:26:21 +1100577 if (options.hostname != NULL)
578 host = options.hostname;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000579
Darren Tucker3f521e22003-07-03 16:20:42 +1000580 /* force lowercase for hostkey matching */
581 if (options.host_key_alias != NULL) {
582 for (p = options.host_key_alias; *p; p++)
583 if (isupper(*p))
584 *p = tolower(*p);
585 }
586
Damien Miller9f1e33a2003-02-24 11:57:32 +1100587 if (options.proxy_command != NULL &&
588 strcmp(options.proxy_command, "none") == 0)
589 options.proxy_command = NULL;
590
Damien Miller0e220db2004-06-15 10:34:08 +1000591 if (options.control_path != NULL) {
592 options.control_path = tilde_expand_filename(
593 options.control_path, original_real_uid);
594 }
595 if (options.control_path != NULL && options.control_master == 0)
596 control_client(options.control_path); /* This doesn't return */
597
Kevin Stevesfcec7f82000-12-15 19:55:48 +0000598 /* Open a connection to the remote host. */
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000599 if (ssh_connect(host, &hostaddr, options.port,
600 options.address_family, options.connection_attempts,
Ben Lindstrom1aa64272002-06-11 20:28:05 +0000601#ifdef HAVE_CYGWIN
602 options.use_privileged_port,
603#else
Ben Lindstromf9c48842002-06-11 16:37:51 +0000604 original_effective_uid == 0 && options.use_privileged_port,
Ben Lindstrom1aa64272002-06-11 20:28:05 +0000605#endif
Ben Lindstromda394ca2002-06-12 16:11:12 +0000606 options.proxy_command) != 0)
Ben Lindstrom24157572002-06-12 16:09:39 +0000607 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000608
Damien Miller5428f641999-11-25 11:54:57 +1100609 /*
610 * If we successfully made the connection, load the host private key
611 * in case we will need it later for combined rsa-rhosts
612 * authentication. This must be done before releasing extra
613 * privileges, because the file is only readable by root.
Ben Lindstrom9e5bb572002-06-06 19:58:27 +0000614 * If we cannot access the private keys, load the public keys
615 * instead and try to execute the ssh-keysign helper instead.
Damien Miller5428f641999-11-25 11:54:57 +1100616 */
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000617 sensitive_data.nkeys = 0;
618 sensitive_data.keys = NULL;
Ben Lindstrom1bad2562002-06-06 19:57:33 +0000619 sensitive_data.external_keysign = 0;
Ben Lindstrom24157572002-06-12 16:09:39 +0000620 if (options.rhosts_rsa_authentication ||
621 options.hostbased_authentication) {
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000622 sensitive_data.nkeys = 3;
Ben Lindstroma962c2f2002-07-04 00:14:17 +0000623 sensitive_data.keys = xmalloc(sensitive_data.nkeys *
624 sizeof(Key));
Ben Lindstromf9c48842002-06-11 16:37:51 +0000625
626 PRIV_START;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000627 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
Ben Lindstromd0fca422001-03-26 13:44:06 +0000628 _PATH_HOST_KEY_FILE, "", NULL);
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000629 sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
630 _PATH_HOST_DSA_KEY_FILE, "", NULL);
631 sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
632 _PATH_HOST_RSA_KEY_FILE, "", NULL);
Ben Lindstromf9c48842002-06-11 16:37:51 +0000633 PRIV_END;
Ben Lindstrom1bad2562002-06-06 19:57:33 +0000634
Ben Lindstrom5d35a2f2002-07-04 00:19:40 +0000635 if (options.hostbased_authentication == 1 &&
636 sensitive_data.keys[0] == NULL &&
Ben Lindstrom1bad2562002-06-06 19:57:33 +0000637 sensitive_data.keys[1] == NULL &&
638 sensitive_data.keys[2] == NULL) {
639 sensitive_data.keys[1] = key_load_public(
640 _PATH_HOST_DSA_KEY_FILE, NULL);
641 sensitive_data.keys[2] = key_load_public(
642 _PATH_HOST_RSA_KEY_FILE, NULL);
643 sensitive_data.external_keysign = 1;
644 }
Damien Miller95def091999-11-25 00:26:21 +1100645 }
Damien Miller5428f641999-11-25 11:54:57 +1100646 /*
647 * Get rid of any extra privileges that we may have. We will no
648 * longer need them. Also, extra privileges could make it very hard
649 * to read identity files and other non-world-readable files from the
650 * user's home directory if it happens to be on a NFS volume where
651 * root is mapped to nobody.
652 */
Ben Lindstromf9c48842002-06-11 16:37:51 +0000653 seteuid(original_real_uid);
654 setuid(original_real_uid);
Damien Miller95def091999-11-25 00:26:21 +1100655
Damien Miller5428f641999-11-25 11:54:57 +1100656 /*
657 * Now that we are back to our own permissions, create ~/.ssh
658 * directory if it doesn\'t already exist.
659 */
Ben Lindstrom930b14a2001-08-15 23:19:21 +0000660 snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
Damien Miller95def091999-11-25 00:26:21 +1100661 if (stat(buf, &st) < 0)
Damien Millerbe484b52000-07-15 14:14:16 +1000662 if (mkdir(buf, 0700) < 0)
Damien Miller95def091999-11-25 00:26:21 +1100663 error("Could not create directory '%.200s'.", buf);
664
Ben Lindstrom266dfdf2001-03-09 00:12:22 +0000665 /* load options.identity_files */
666 load_public_identity_files();
667
668 /* Expand ~ in known host file names. */
669 /* XXX mem-leaks: */
Damien Miller0bc1bd82000-11-13 22:57:25 +1100670 options.system_hostfile =
671 tilde_expand_filename(options.system_hostfile, original_real_uid);
672 options.user_hostfile =
673 tilde_expand_filename(options.user_hostfile, original_real_uid);
674 options.system_hostfile2 =
675 tilde_expand_filename(options.system_hostfile2, original_real_uid);
676 options.user_hostfile2 =
677 tilde_expand_filename(options.user_hostfile2, original_real_uid);
Damien Miller95def091999-11-25 00:26:21 +1100678
Damien Miller07cd5892001-11-12 10:52:03 +1100679 signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
680
Damien Miller95def091999-11-25 00:26:21 +1100681 /* Log into the remote system. This never returns if the login fails. */
Ben Lindstrom1bad2562002-06-06 19:57:33 +0000682 ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw);
Damien Miller95def091999-11-25 00:26:21 +1100683
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000684 /* We no longer need the private host keys. Clear them now. */
685 if (sensitive_data.nkeys != 0) {
686 for (i = 0; i < sensitive_data.nkeys; i++) {
687 if (sensitive_data.keys[i] != NULL) {
688 /* Destroys contents safely */
689 debug3("clear hostkey %d", i);
690 key_free(sensitive_data.keys[i]);
691 sensitive_data.keys[i] = NULL;
692 }
693 }
694 xfree(sensitive_data.keys);
695 }
Ben Lindstroma6c8a8d2001-08-06 21:42:00 +0000696 for (i = 0; i < options.num_identity_files; i++) {
697 if (options.identity_files[i]) {
698 xfree(options.identity_files[i]);
699 options.identity_files[i] = NULL;
700 }
701 if (options.identity_keys[i]) {
702 key_free(options.identity_keys[i]);
703 options.identity_keys[i] = NULL;
704 }
705 }
Damien Miller95def091999-11-25 00:26:21 +1100706
Damien Miller1383bd82000-04-06 12:32:37 +1000707 exit_status = compat20 ? ssh_session2() : ssh_session();
708 packet_close();
Damien Miller8c4e18a2002-09-19 12:05:02 +1000709
Damien Miller0e220db2004-06-15 10:34:08 +1000710 if (options.control_path != NULL && control_fd != -1)
711 unlink(options.control_path);
712
Damien Miller8c4e18a2002-09-19 12:05:02 +1000713 /*
Damien Millera8e06ce2003-11-21 23:48:55 +1100714 * Send SIGHUP to proxy command if used. We don't wait() in
Damien Miller8c4e18a2002-09-19 12:05:02 +1000715 * case it hangs and instead rely on init to reap the child
716 */
717 if (proxy_command_pid > 1)
718 kill(proxy_command_pid, SIGHUP);
719
Damien Miller1383bd82000-04-06 12:32:37 +1000720 return exit_status;
721}
722
Darren Tucker0a118da2003-10-15 15:54:32 +1000723#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
724
Ben Lindstrombba81212001-06-25 05:01:22 +0000725static void
Ben Lindstrom4a4bd712001-12-06 17:45:19 +0000726x11_get_proto(char **_proto, char **_data)
Damien Millerbd483e72000-04-30 10:00:53 +1000727{
Darren Tucker0a118da2003-10-15 15:54:32 +1000728 char cmd[1024];
Damien Millerbd483e72000-04-30 10:00:53 +1000729 char line[512];
Darren Tucker0a118da2003-10-15 15:54:32 +1000730 char xdisplay[512];
Ben Lindstrom4a4bd712001-12-06 17:45:19 +0000731 static char proto[512], data[512];
Damien Millerbd483e72000-04-30 10:00:53 +1000732 FILE *f;
Darren Tucker0a118da2003-10-15 15:54:32 +1000733 int got_data = 0, generated = 0, do_unlink = 0, i;
734 char *display, *xauthdir, *xauthfile;
Ben Lindstromee8d52d2002-07-23 21:03:02 +0000735 struct stat st;
Damien Millerbd483e72000-04-30 10:00:53 +1000736
Darren Tucker0a118da2003-10-15 15:54:32 +1000737 xauthdir = xauthfile = NULL;
Ben Lindstrom4a4bd712001-12-06 17:45:19 +0000738 *_proto = proto;
739 *_data = data;
740 proto[0] = data[0] = '\0';
Darren Tucker0a118da2003-10-15 15:54:32 +1000741
Ben Lindstromee8d52d2002-07-23 21:03:02 +0000742 if (!options.xauth_location ||
743 (stat(options.xauth_location, &st) == -1)) {
744 debug("No xauth program.");
745 } else {
746 if ((display = getenv("DISPLAY")) == NULL) {
747 debug("x11_get_proto: DISPLAY not set");
748 return;
749 }
Darren Tucker0a118da2003-10-15 15:54:32 +1000750 /*
751 * Handle FamilyLocal case where $DISPLAY does
752 * not match an authorization entry. For this we
753 * just try "xauth list unix:displaynum.screennum".
754 * XXX: "localhost" match to determine FamilyLocal
755 * is not perfect.
756 */
757 if (strncmp(display, "localhost:", 10) == 0) {
758 snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
759 display + 10);
760 display = xdisplay;
761 }
762 if (options.forward_x11_trusted == 0) {
763 xauthdir = xmalloc(MAXPATHLEN);
764 xauthfile = xmalloc(MAXPATHLEN);
765 strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
766 if (mkdtemp(xauthdir) != NULL) {
767 do_unlink = 1;
768 snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
769 xauthdir);
770 snprintf(cmd, sizeof(cmd),
771 "%s -f %s generate %s " SSH_X11_PROTO
Damien Miller3df755e2004-03-22 09:34:26 +1100772 " untrusted timeout 1200 2>" _PATH_DEVNULL,
Darren Tucker0a118da2003-10-15 15:54:32 +1000773 options.xauth_location, xauthfile, display);
774 debug2("x11_get_proto: %s", cmd);
775 if (system(cmd) == 0)
776 generated = 1;
777 }
778 }
779 snprintf(cmd, sizeof(cmd),
780 "%s %s%s list %s . 2>" _PATH_DEVNULL,
781 options.xauth_location,
782 generated ? "-f " : "" ,
783 generated ? xauthfile : "",
784 display);
785 debug2("x11_get_proto: %s", cmd);
786 f = popen(cmd, "r");
Damien Millerd3a18572000-06-07 19:55:44 +1000787 if (f && fgets(line, sizeof(line), f) &&
Ben Lindstrom4a4bd712001-12-06 17:45:19 +0000788 sscanf(line, "%*s %511s %511s", proto, data) == 2)
Damien Millerd3a18572000-06-07 19:55:44 +1000789 got_data = 1;
790 if (f)
791 pclose(f);
792 }
Darren Tucker0a118da2003-10-15 15:54:32 +1000793
794 if (do_unlink) {
795 unlink(xauthfile);
796 rmdir(xauthdir);
797 }
798 if (xauthdir)
799 xfree(xauthdir);
800 if (xauthfile)
801 xfree(xauthfile);
802
Damien Millerbd483e72000-04-30 10:00:53 +1000803 /*
804 * If we didn't get authentication data, just make up some
805 * data. The forwarding code will check the validity of the
806 * response anyway, and substitute this data. The X11
807 * server, however, will ignore this fake data and use
808 * whatever authentication mechanisms it was using otherwise
809 * for the local connection.
810 */
811 if (!got_data) {
812 u_int32_t rand = 0;
813
Darren Tucker0a118da2003-10-15 15:54:32 +1000814 logit("Warning: No xauth data; "
815 "using fake authentication data for X11 forwarding.");
816 strlcpy(proto, SSH_X11_PROTO, sizeof proto);
Damien Millerbd483e72000-04-30 10:00:53 +1000817 for (i = 0; i < 16; i++) {
818 if (i % 4 == 0)
819 rand = arc4random();
Darren Tucker0a118da2003-10-15 15:54:32 +1000820 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
821 rand & 0xff);
Damien Millerbd483e72000-04-30 10:00:53 +1000822 rand >>= 8;
823 }
824 }
825}
826
Ben Lindstrombba81212001-06-25 05:01:22 +0000827static void
Damien Miller0bc1bd82000-11-13 22:57:25 +1100828ssh_init_forwarding(void)
829{
Kevin Steves12057502001-02-05 14:54:34 +0000830 int success = 0;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100831 int i;
Kevin Steves12057502001-02-05 14:54:34 +0000832
Damien Miller0bc1bd82000-11-13 22:57:25 +1100833 /* Initiate local TCP/IP port forwardings. */
834 for (i = 0; i < options.num_local_forwards; i++) {
835 debug("Connections to local port %d forwarded to remote address %.200s:%d",
836 options.local_forwards[i].port,
837 options.local_forwards[i].host,
838 options.local_forwards[i].host_port);
Damien Millerb16461c2002-01-22 23:29:22 +1100839 success += channel_setup_local_fwd_listener(
Damien Miller0bc1bd82000-11-13 22:57:25 +1100840 options.local_forwards[i].port,
841 options.local_forwards[i].host,
842 options.local_forwards[i].host_port,
843 options.gateway_ports);
844 }
Kevin Steves12057502001-02-05 14:54:34 +0000845 if (i > 0 && success == 0)
846 error("Could not request local forwarding.");
Damien Miller0bc1bd82000-11-13 22:57:25 +1100847
848 /* Initiate remote TCP/IP port forwardings. */
849 for (i = 0; i < options.num_remote_forwards; i++) {
850 debug("Connections to remote port %d forwarded to local address %.200s:%d",
851 options.remote_forwards[i].port,
852 options.remote_forwards[i].host,
853 options.remote_forwards[i].host_port);
854 channel_request_remote_forwarding(
855 options.remote_forwards[i].port,
856 options.remote_forwards[i].host,
857 options.remote_forwards[i].host_port);
858 }
859}
860
Ben Lindstrombba81212001-06-25 05:01:22 +0000861static void
Damien Miller0bc1bd82000-11-13 22:57:25 +1100862check_agent_present(void)
863{
864 if (options.forward_agent) {
865 /* Clear agent forwarding if we don\'t have an agent. */
Damien Miller789e95d2002-09-12 09:52:46 +1000866 if (!ssh_agent_present())
Damien Miller0bc1bd82000-11-13 22:57:25 +1100867 options.forward_agent = 0;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100868 }
869}
870
Ben Lindstrombba81212001-06-25 05:01:22 +0000871static int
Damien Miller1383bd82000-04-06 12:32:37 +1000872ssh_session(void)
873{
874 int type;
Damien Miller1383bd82000-04-06 12:32:37 +1000875 int interactive = 0;
876 int have_tty = 0;
877 struct winsize ws;
Damien Miller1383bd82000-04-06 12:32:37 +1000878 char *cp;
879
Damien Miller95def091999-11-25 00:26:21 +1100880 /* Enable compression if requested. */
881 if (options.compression) {
882 debug("Requesting compression at level %d.", options.compression_level);
883
884 if (options.compression_level < 1 || options.compression_level > 9)
885 fatal("Compression level must be from 1 (fast) to 9 (slow, best).");
886
887 /* Send the request. */
888 packet_start(SSH_CMSG_REQUEST_COMPRESSION);
889 packet_put_int(options.compression_level);
890 packet_send();
891 packet_write_wait();
Damien Millerdff50992002-01-22 23:16:32 +1100892 type = packet_read();
Damien Miller95def091999-11-25 00:26:21 +1100893 if (type == SSH_SMSG_SUCCESS)
894 packet_start_compression(options.compression_level);
895 else if (type == SSH_SMSG_FAILURE)
Damien Miller996acd22003-04-09 20:59:48 +1000896 logit("Warning: Remote host refused compression.");
Damien Miller95def091999-11-25 00:26:21 +1100897 else
898 packet_disconnect("Protocol error waiting for compression response.");
899 }
900 /* Allocate a pseudo tty if appropriate. */
901 if (tty_flag) {
902 debug("Requesting pty.");
903
904 /* Start the packet. */
905 packet_start(SSH_CMSG_REQUEST_PTY);
906
907 /* Store TERM in the packet. There is no limit on the
908 length of the string. */
909 cp = getenv("TERM");
910 if (!cp)
911 cp = "";
Ben Lindstrom664408d2001-06-09 01:42:01 +0000912 packet_put_cstring(cp);
Damien Miller95def091999-11-25 00:26:21 +1100913
914 /* Store window size in the packet. */
915 if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
916 memset(&ws, 0, sizeof(ws));
917 packet_put_int(ws.ws_row);
918 packet_put_int(ws.ws_col);
919 packet_put_int(ws.ws_xpixel);
920 packet_put_int(ws.ws_ypixel);
921
922 /* Store tty modes in the packet. */
Ben Lindstromae8e2d32001-04-14 23:13:02 +0000923 tty_make_modes(fileno(stdin), NULL);
Damien Miller95def091999-11-25 00:26:21 +1100924
925 /* Send the packet, and wait for it to leave. */
926 packet_send();
927 packet_write_wait();
928
929 /* Read response from the server. */
Damien Millerdff50992002-01-22 23:16:32 +1100930 type = packet_read();
Damien Miller450a7a12000-03-26 13:04:51 +1000931 if (type == SSH_SMSG_SUCCESS) {
Damien Miller95def091999-11-25 00:26:21 +1100932 interactive = 1;
Damien Miller1383bd82000-04-06 12:32:37 +1000933 have_tty = 1;
Damien Miller450a7a12000-03-26 13:04:51 +1000934 } else if (type == SSH_SMSG_FAILURE)
Damien Miller996acd22003-04-09 20:59:48 +1000935 logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
Damien Miller95def091999-11-25 00:26:21 +1100936 else
937 packet_disconnect("Protocol error waiting for pty request response.");
938 }
939 /* Request X11 forwarding if enabled and DISPLAY is set. */
940 if (options.forward_x11 && getenv("DISPLAY") != NULL) {
Ben Lindstrom4a4bd712001-12-06 17:45:19 +0000941 char *proto, *data;
Damien Millerbd483e72000-04-30 10:00:53 +1000942 /* Get reasonable local authentication information. */
Ben Lindstrom4a4bd712001-12-06 17:45:19 +0000943 x11_get_proto(&proto, &data);
Damien Millerbd483e72000-04-30 10:00:53 +1000944 /* Request forwarding with authentication spoofing. */
Damien Miller95def091999-11-25 00:26:21 +1100945 debug("Requesting X11 forwarding with authentication spoofing.");
Damien Millerbd483e72000-04-30 10:00:53 +1000946 x11_request_forwarding_with_spoofing(0, proto, data);
Damien Miller95def091999-11-25 00:26:21 +1100947
948 /* Read response from the server. */
Damien Millerdff50992002-01-22 23:16:32 +1100949 type = packet_read();
Damien Miller95def091999-11-25 00:26:21 +1100950 if (type == SSH_SMSG_SUCCESS) {
Damien Miller95def091999-11-25 00:26:21 +1100951 interactive = 1;
Damien Millerbd483e72000-04-30 10:00:53 +1000952 } else if (type == SSH_SMSG_FAILURE) {
Damien Miller996acd22003-04-09 20:59:48 +1000953 logit("Warning: Remote host denied X11 forwarding.");
Damien Millerbd483e72000-04-30 10:00:53 +1000954 } else {
Damien Miller95def091999-11-25 00:26:21 +1100955 packet_disconnect("Protocol error waiting for X11 forwarding");
Damien Millerbd483e72000-04-30 10:00:53 +1000956 }
Damien Miller95def091999-11-25 00:26:21 +1100957 }
958 /* Tell the packet module whether this is an interactive session. */
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000959 packet_set_interactive(interactive);
Damien Miller95def091999-11-25 00:26:21 +1100960
961 /* Request authentication agent forwarding if appropriate. */
Damien Miller0bc1bd82000-11-13 22:57:25 +1100962 check_agent_present();
963
Damien Miller95def091999-11-25 00:26:21 +1100964 if (options.forward_agent) {
965 debug("Requesting authentication agent forwarding.");
966 auth_request_forwarding();
967
968 /* Read response from the server. */
Damien Millerdff50992002-01-22 23:16:32 +1100969 type = packet_read();
Damien Miller48b03fc2002-01-22 23:11:40 +1100970 packet_check_eom();
Damien Miller95def091999-11-25 00:26:21 +1100971 if (type != SSH_SMSG_SUCCESS)
Damien Miller996acd22003-04-09 20:59:48 +1000972 logit("Warning: Remote host denied authentication agent forwarding.");
Damien Miller95def091999-11-25 00:26:21 +1100973 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000974
Damien Miller0bc1bd82000-11-13 22:57:25 +1100975 /* Initiate port forwardings. */
976 ssh_init_forwarding();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000977
Damien Miller5428f641999-11-25 11:54:57 +1100978 /* If requested, let ssh continue in the background. */
Damien Miller4af51302000-04-16 11:18:38 +1000979 if (fork_after_authentication_flag)
Damien Miller5428f641999-11-25 11:54:57 +1100980 if (daemon(1, 1) < 0)
981 fatal("daemon() failed: %.200s", strerror(errno));
982
983 /*
984 * If a command was specified on the command line, execute the
985 * command now. Otherwise request the server to start a shell.
986 */
Damien Miller95def091999-11-25 00:26:21 +1100987 if (buffer_len(&command) > 0) {
988 int len = buffer_len(&command);
989 if (len > 900)
990 len = 900;
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100991 debug("Sending command: %.*s", len, (u_char *)buffer_ptr(&command));
Damien Miller95def091999-11-25 00:26:21 +1100992 packet_start(SSH_CMSG_EXEC_CMD);
993 packet_put_string(buffer_ptr(&command), buffer_len(&command));
994 packet_send();
995 packet_write_wait();
996 } else {
997 debug("Requesting shell.");
998 packet_start(SSH_CMSG_EXEC_SHELL);
999 packet_send();
1000 packet_write_wait();
1001 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001002
Damien Miller95def091999-11-25 00:26:21 +11001003 /* Enter the interactive session. */
Ben Lindstrom2b1f71b2001-06-05 20:32:21 +00001004 return client_loop(have_tty, tty_flag ?
1005 options.escape_char : SSH_ESCAPECHAR_NONE, 0);
Damien Miller1383bd82000-04-06 12:32:37 +10001006}
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001007
Ben Lindstrombba81212001-06-25 05:01:22 +00001008static void
Damien Miller0e220db2004-06-15 10:34:08 +10001009ssh_subsystem_reply(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom1e7d3062001-02-09 02:36:43 +00001010{
1011 int id, len;
1012
1013 id = packet_get_int();
1014 len = buffer_len(&command);
Ben Lindstrom4040fe12001-03-05 06:52:57 +00001015 if (len > 900)
1016 len = 900;
Damien Miller48b03fc2002-01-22 23:11:40 +11001017 packet_check_eom();
Ben Lindstrom1e7d3062001-02-09 02:36:43 +00001018 if (type == SSH2_MSG_CHANNEL_FAILURE)
1019 fatal("Request for subsystem '%.*s' failed on channel %d",
Damien Miller5a6b4fe2001-12-21 14:56:54 +11001020 len, (u_char *)buffer_ptr(&command), id);
Ben Lindstrom1e7d3062001-02-09 02:36:43 +00001021}
1022
Damien Miller2797f7f2002-04-23 21:09:44 +10001023void
Damien Miller509b0102003-12-17 16:33:10 +11001024client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
Damien Miller2797f7f2002-04-23 21:09:44 +10001025{
1026 int i;
1027
1028 i = client_global_request_id++;
Damien Miller509b0102003-12-17 16:33:10 +11001029 if (i >= options.num_remote_forwards)
Damien Miller2797f7f2002-04-23 21:09:44 +10001030 return;
Damien Miller2797f7f2002-04-23 21:09:44 +10001031 debug("remote forward %s for: listen %d, connect %s:%d",
1032 type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
1033 options.remote_forwards[i].port,
1034 options.remote_forwards[i].host,
1035 options.remote_forwards[i].host_port);
1036 if (type == SSH2_MSG_REQUEST_FAILURE)
Damien Miller996acd22003-04-09 20:59:48 +10001037 logit("Warning: remote port forwarding failed for listen port %d",
Damien Miller2797f7f2002-04-23 21:09:44 +10001038 options.remote_forwards[i].port);
1039}
1040
Damien Miller0e220db2004-06-15 10:34:08 +10001041static void
1042ssh_control_listener(void)
1043{
1044 struct sockaddr_un addr;
1045 mode_t old_umask;
Damien Miller07b6ff12004-06-15 11:14:45 +10001046 int addr_len;
1047
Damien Miller23f07702004-06-18 01:19:03 +10001048 if (options.control_path == NULL || options.control_master <= 0)
Damien Miller0e220db2004-06-15 10:34:08 +10001049 return;
1050
1051 memset(&addr, '\0', sizeof(addr));
1052 addr.sun_family = AF_UNIX;
Damien Miller07b6ff12004-06-15 11:14:45 +10001053 addr_len = offsetof(struct sockaddr_un, sun_path) +
Damien Miller0e220db2004-06-15 10:34:08 +10001054 strlen(options.control_path) + 1;
1055
1056 if (strlcpy(addr.sun_path, options.control_path,
1057 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1058 fatal("ControlPath too long");
1059
1060 if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1061 fatal("%s socket(): %s\n", __func__, strerror(errno));
1062
1063 old_umask = umask(0177);
Damien Miller07b6ff12004-06-15 11:14:45 +10001064 if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {
Damien Miller0e220db2004-06-15 10:34:08 +10001065 control_fd = -1;
1066 if (errno == EINVAL)
1067 fatal("ControlSocket %s already exists",
1068 options.control_path);
1069 else
1070 fatal("%s bind(): %s\n", __func__, strerror(errno));
1071 }
1072 umask(old_umask);
1073
1074 if (listen(control_fd, 64) == -1)
1075 fatal("%s listen(): %s\n", __func__, strerror(errno));
1076
1077 set_nonblock(control_fd);
1078}
1079
Ben Lindstromf558cf62001-09-20 23:13:49 +00001080/* request pty/x11/agent/tcpfwd/shell for channel */
Ben Lindstrombba81212001-06-25 05:01:22 +00001081static void
Ben Lindstromf558cf62001-09-20 23:13:49 +00001082ssh_session2_setup(int id, void *arg)
Damien Miller1383bd82000-04-06 12:32:37 +10001083{
Damien Miller3756dce2004-06-18 01:17:29 +10001084 extern char **environ;
1085
Damien Miller0e220db2004-06-15 10:34:08 +10001086 int interactive = tty_flag;
1087 if (options.forward_x11 && getenv("DISPLAY") != NULL) {
Ben Lindstrom4a4bd712001-12-06 17:45:19 +00001088 char *proto, *data;
Damien Millerbd483e72000-04-30 10:00:53 +10001089 /* Get reasonable local authentication information. */
Ben Lindstrom4a4bd712001-12-06 17:45:19 +00001090 x11_get_proto(&proto, &data);
Damien Millerbd483e72000-04-30 10:00:53 +10001091 /* Request forwarding with authentication spoofing. */
1092 debug("Requesting X11 forwarding with authentication spoofing.");
1093 x11_request_forwarding_with_spoofing(id, proto, data);
Ben Lindstrombf555ba2001-01-18 02:04:35 +00001094 interactive = 1;
Damien Millerbd483e72000-04-30 10:00:53 +10001095 /* XXX wait for reply */
1096 }
1097
Damien Miller0bc1bd82000-11-13 22:57:25 +11001098 check_agent_present();
1099 if (options.forward_agent) {
1100 debug("Requesting authentication agent forwarding.");
1101 channel_request_start(id, "auth-agent-req@openssh.com", 0);
1102 packet_send();
1103 }
1104
Damien Miller0e220db2004-06-15 10:34:08 +10001105 client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
Damien Miller3756dce2004-06-18 01:17:29 +10001106 NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply);
Ben Lindstrom1e7d3062001-02-09 02:36:43 +00001107
Ben Lindstrombf555ba2001-01-18 02:04:35 +00001108 packet_set_interactive(interactive);
Damien Miller1383bd82000-04-06 12:32:37 +10001109}
1110
Ben Lindstromf558cf62001-09-20 23:13:49 +00001111/* open new channel for a session */
Ben Lindstrombba81212001-06-25 05:01:22 +00001112static int
Ben Lindstromf558cf62001-09-20 23:13:49 +00001113ssh_session2_open(void)
Damien Miller1383bd82000-04-06 12:32:37 +10001114{
Ben Lindstrom99c73b32001-05-05 04:09:47 +00001115 Channel *c;
1116 int window, packetmax, in, out, err;
Damien Millerad833b32000-08-23 10:46:23 +10001117
Damien Millercaf6dd62000-08-29 11:33:50 +11001118 if (stdin_null_flag) {
Ben Lindstrom31ca54a2001-02-09 02:11:24 +00001119 in = open(_PATH_DEVNULL, O_RDONLY);
Damien Millercaf6dd62000-08-29 11:33:50 +11001120 } else {
1121 in = dup(STDIN_FILENO);
1122 }
1123 out = dup(STDOUT_FILENO);
1124 err = dup(STDERR_FILENO);
1125
1126 if (in < 0 || out < 0 || err < 0)
1127 fatal("dup() in/out/err failed");
1128
Damien Miller69b69aa2000-10-28 14:19:58 +11001129 /* enable nonblocking unless tty */
1130 if (!isatty(in))
1131 set_nonblock(in);
1132 if (!isatty(out))
1133 set_nonblock(out);
1134 if (!isatty(err))
1135 set_nonblock(err);
1136
Damien Millere4340be2000-09-16 13:29:08 +11001137 window = CHAN_SES_WINDOW_DEFAULT;
1138 packetmax = CHAN_SES_PACKET_DEFAULT;
Damien Miller19a59452002-02-19 15:20:57 +11001139 if (tty_flag) {
1140 window >>= 1;
1141 packetmax >>= 1;
Damien Miller1383bd82000-04-06 12:32:37 +10001142 }
Ben Lindstrom99c73b32001-05-05 04:09:47 +00001143 c = channel_new(
Damien Miller1383bd82000-04-06 12:32:37 +10001144 "session", SSH_CHANNEL_OPENING, in, out, err,
Damien Millere4340be2000-09-16 13:29:08 +11001145 window, packetmax, CHAN_EXTENDED_WRITE,
Damien Millerb1ca8bb2003-05-14 13:45:42 +10001146 "client-session", /*nonblock*/0);
Damien Miller1383bd82000-04-06 12:32:37 +10001147
Ben Lindstromf558cf62001-09-20 23:13:49 +00001148 debug3("ssh_session2_open: channel_new: %d", c->self);
Ben Lindstrom4c3f77d2001-04-05 23:37:36 +00001149
Ben Lindstrom5ec26452001-06-09 00:18:51 +00001150 channel_send_open(c->self);
Ben Lindstromf558cf62001-09-20 23:13:49 +00001151 if (!no_shell_flag)
Damien Miller0e220db2004-06-15 10:34:08 +10001152 channel_register_confirm(c->self, ssh_session2_setup, NULL);
Damien Miller1383bd82000-04-06 12:32:37 +10001153
Ben Lindstrom99c73b32001-05-05 04:09:47 +00001154 return c->self;
Ben Lindstrom4c3f77d2001-04-05 23:37:36 +00001155}
1156
Ben Lindstrombba81212001-06-25 05:01:22 +00001157static int
Ben Lindstrom4c3f77d2001-04-05 23:37:36 +00001158ssh_session2(void)
1159{
Ben Lindstromf558cf62001-09-20 23:13:49 +00001160 int id = -1;
Ben Lindstrom4c3f77d2001-04-05 23:37:36 +00001161
1162 /* XXX should be pre-session */
1163 ssh_init_forwarding();
Damien Miller0e220db2004-06-15 10:34:08 +10001164 ssh_control_listener();
Ben Lindstrom4c3f77d2001-04-05 23:37:36 +00001165
Ben Lindstromf558cf62001-09-20 23:13:49 +00001166 if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
1167 id = ssh_session2_open();
Ben Lindstrom4c3f77d2001-04-05 23:37:36 +00001168
1169 /* If requested, let ssh continue in the background. */
1170 if (fork_after_authentication_flag)
1171 if (daemon(1, 1) < 0)
1172 fatal("daemon() failed: %.200s", strerror(errno));
1173
Ben Lindstrom2b1f71b2001-06-05 20:32:21 +00001174 return client_loop(tty_flag, tty_flag ?
1175 options.escape_char : SSH_ESCAPECHAR_NONE, id);
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001176}
Damien Miller0bc1bd82000-11-13 22:57:25 +11001177
Ben Lindstrombba81212001-06-25 05:01:22 +00001178static void
Ben Lindstrom266dfdf2001-03-09 00:12:22 +00001179load_public_identity_files(void)
1180{
1181 char *filename;
Ben Lindstrom711b04a2001-08-06 21:12:42 +00001182 int i = 0;
Ben Lindstrom0936a5b2002-03-26 03:17:42 +00001183 Key *public;
Ben Lindstrom711b04a2001-08-06 21:12:42 +00001184#ifdef SMARTCARD
Ben Lindstrom0936a5b2002-03-26 03:17:42 +00001185 Key **keys;
1186
Ben Lindstromf7db3bb2001-08-06 21:35:51 +00001187 if (options.smartcard_device != NULL &&
Ben Lindstrom0936a5b2002-03-26 03:17:42 +00001188 options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
1189 (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
1190 int count = 0;
1191 for (i = 0; keys[i] != NULL; i++) {
1192 count++;
Ben Lindstrom0936a5b2002-03-26 03:17:42 +00001193 memmove(&options.identity_files[1], &options.identity_files[0],
1194 sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1));
1195 memmove(&options.identity_keys[1], &options.identity_keys[0],
1196 sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
1197 options.num_identity_files++;
1198 options.identity_keys[0] = keys[i];
Damien Miller56a0bb02003-06-18 20:28:40 +10001199 options.identity_files[0] = sc_get_key_label(keys[i]);
Ben Lindstrom0936a5b2002-03-26 03:17:42 +00001200 }
Ben Lindstrom4f054602002-03-26 03:23:00 +00001201 if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
1202 options.num_identity_files = SSH_MAX_IDENTITY_FILES;
Ben Lindstrom0936a5b2002-03-26 03:17:42 +00001203 i = count;
1204 xfree(keys);
Ben Lindstrom711b04a2001-08-06 21:12:42 +00001205 }
Ben Lindstromffce1472001-08-06 21:57:31 +00001206#endif /* SMARTCARD */
Ben Lindstrom711b04a2001-08-06 21:12:42 +00001207 for (; i < options.num_identity_files; i++) {
Ben Lindstrom266dfdf2001-03-09 00:12:22 +00001208 filename = tilde_expand_filename(options.identity_files[i],
1209 original_real_uid);
Ben Lindstromd0fca422001-03-26 13:44:06 +00001210 public = key_load_public(filename, NULL);
Ben Lindstrom266dfdf2001-03-09 00:12:22 +00001211 debug("identity file %s type %d", filename,
1212 public ? public->type : -1);
1213 xfree(options.identity_files[i]);
1214 options.identity_files[i] = filename;
1215 options.identity_keys[i] = public;
1216 }
1217}
Damien Miller0e220db2004-06-15 10:34:08 +10001218
1219static void
1220control_client_sighandler(int signo)
1221{
1222 control_client_terminate = signo;
1223}
1224
1225static void
1226control_client_sigrelay(int signo)
1227{
1228 if (control_server_pid > 1)
1229 kill(control_server_pid, signo);
1230}
1231
1232static void
1233control_client(const char *path)
1234{
1235 struct sockaddr_un addr;
Damien Miller3756dce2004-06-18 01:17:29 +10001236 int i, r, sock, exitval, addr_len;
Damien Miller0e220db2004-06-15 10:34:08 +10001237 Buffer m;
1238 char *cp;
Damien Miller3756dce2004-06-18 01:17:29 +10001239 extern char **environ;
Damien Miller0e220db2004-06-15 10:34:08 +10001240
1241 memset(&addr, '\0', sizeof(addr));
1242 addr.sun_family = AF_UNIX;
Damien Miller07b6ff12004-06-15 11:14:45 +10001243 addr_len = offsetof(struct sockaddr_un, sun_path) +
Damien Miller0e220db2004-06-15 10:34:08 +10001244 strlen(path) + 1;
1245
1246 if (strlcpy(addr.sun_path, path,
1247 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1248 fatal("ControlPath too long");
1249
1250 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1251 fatal("%s socket(): %s", __func__, strerror(errno));
1252
Damien Miller07b6ff12004-06-15 11:14:45 +10001253 if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1)
Damien Miller0e220db2004-06-15 10:34:08 +10001254 fatal("Couldn't connect to %s: %s", path, strerror(errno));
1255
1256 if ((cp = getenv("TERM")) == NULL)
1257 cp = "";
1258
1259 signal(SIGINT, control_client_sighandler);
1260 signal(SIGTERM, control_client_sighandler);
1261 signal(SIGWINCH, control_client_sigrelay);
1262
1263 buffer_init(&m);
1264
1265 /* Get PID of controlee */
1266 if (ssh_msg_recv(sock, &m) == -1)
1267 fatal("%s: msg_recv", __func__);
1268 if (buffer_get_char(&m) != 0)
1269 fatal("%s: wrong version", __func__);
Damien Miller23f07702004-06-18 01:19:03 +10001270 /* Connection allowed? */
1271 if (buffer_get_int(&m) != 1)
1272 fatal("Connection to master denied");
Damien Miller0e220db2004-06-15 10:34:08 +10001273 control_server_pid = buffer_get_int(&m);
1274
Damien Miller0e220db2004-06-15 10:34:08 +10001275 buffer_clear(&m);
1276 buffer_put_int(&m, tty_flag);
1277 buffer_put_int(&m, subsystem_flag);
1278 buffer_put_cstring(&m, cp);
1279
1280 buffer_append(&command, "\0", 1);
1281 buffer_put_cstring(&m, buffer_ptr(&command));
1282
Damien Miller3756dce2004-06-18 01:17:29 +10001283 /* Pass environment */
1284 for (i = 0; environ != NULL && environ[i] != NULL; i++)
1285 ;
1286 buffer_put_int(&m, i);
1287 for (i = 0; environ != NULL && environ[i] != NULL; i++)
1288 buffer_put_cstring(&m, environ[i]);
1289
Damien Miller0e220db2004-06-15 10:34:08 +10001290 if (ssh_msg_send(sock, /* version */0, &m) == -1)
1291 fatal("%s: msg_send", __func__);
1292
1293 mm_send_fd(sock, STDIN_FILENO);
1294 mm_send_fd(sock, STDOUT_FILENO);
1295 mm_send_fd(sock, STDERR_FILENO);
1296
1297 /* Wait for reply, so master has a chance to gather ttymodes */
1298 buffer_clear(&m);
1299 if (ssh_msg_recv(sock, &m) == -1)
1300 fatal("%s: msg_recv", __func__);
1301 if (buffer_get_char(&m) != 0)
1302 fatal("%s: master returned error", __func__);
1303 buffer_free(&m);
1304
1305 if (tty_flag)
1306 enter_raw_mode();
1307
1308 /* Stick around until the controlee closes the client_fd */
1309 exitval = 0;
1310 for (;!control_client_terminate;) {
1311 r = read(sock, &exitval, sizeof(exitval));
1312 if (r == 0) {
1313 debug2("Received EOF from master");
1314 break;
1315 }
1316 if (r > 0)
1317 debug2("Received exit status from master %d", exitval);
1318 if (r == -1 && errno != EINTR)
1319 fatal("%s: read %s", __func__, strerror(errno));
1320 }
1321
1322 if (control_client_terminate)
1323 debug2("Exiting on signal %d", control_client_terminate);
1324
1325 close(sock);
1326
1327 leave_raw_mode();
1328
1329 if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
1330 fprintf(stderr, "Connection to master closed.\r\n");
1331
1332 exit(exitval);
1333}