blob: 456570fc4aa4aeb2cb44996feea5664275c32f1f [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Created: Sat Mar 18 16:36:11 1995 ylo
6 * Ssh client program. This program can be used to log into a remote machine.
7 * The software supports strong authentication, encryption, and forwarding
8 * of X11, TCP/IP, and authentication connections.
9 *
10 * Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
11 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100012
13#include "includes.h"
Damien Miller4af51302000-04-16 11:18:38 +100014RCSID("$Id: ssh.c,v 1.26 2000/04/16 01:18:46 damien Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100015
16#include "xmalloc.h"
17#include "ssh.h"
18#include "packet.h"
19#include "buffer.h"
20#include "authfd.h"
21#include "readconf.h"
22#include "uidswap.h"
Damien Miller1383bd82000-04-06 12:32:37 +100023
24#include "ssh2.h"
25#include "compat.h"
Damien Millerb38eff82000-04-01 11:09:21 +100026#include "channels.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100027
Damien Miller3f905871999-11-15 17:10:57 +110028#ifdef HAVE___PROGNAME
29extern char *__progname;
30#else /* HAVE___PROGNAME */
31const char *__progname = "ssh";
32#endif /* HAVE___PROGNAME */
33
Damien Miller34132e52000-01-14 15:45:46 +110034/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
35 Default value is AF_UNSPEC means both IPv4 and IPv6. */
Damien Miller7d80e342000-01-19 14:36:49 +110036#ifdef IPV4_DEFAULT
37int IPv4or6 = AF_INET;
38#else
Damien Miller34132e52000-01-14 15:45:46 +110039int IPv4or6 = AF_UNSPEC;
Damien Miller7d80e342000-01-19 14:36:49 +110040#endif
Damien Miller34132e52000-01-14 15:45:46 +110041
Damien Miller95def091999-11-25 00:26:21 +110042/* Flag indicating whether debug mode is on. This can be set on the command line. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100043int debug_flag = 0;
44
Damien Miller78928792000-04-12 20:17:38 +100045/* Flag indicating whether a tty should be allocated */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100046int tty_flag = 0;
47
Damien Miller1383bd82000-04-06 12:32:37 +100048/* don't exec a shell */
49int no_shell_flag = 0;
50int no_tty_flag = 0;
51
Damien Miller5428f641999-11-25 11:54:57 +110052/*
53 * Flag indicating that nothing should be read from stdin. This can be set
54 * on the command line.
55 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100056int stdin_null_flag = 0;
57
Damien Miller5428f641999-11-25 11:54:57 +110058/*
59 * Flag indicating that ssh should fork after authentication. This is useful
60 * so that the pasphrase can be entered manually, and then ssh goes to the
61 * background.
62 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100063int fork_after_authentication_flag = 0;
64
Damien Miller5428f641999-11-25 11:54:57 +110065/*
66 * General data structure for command line options and options configurable
67 * in configuration files. See readconf.h.
68 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100069Options options;
70
Damien Miller5428f641999-11-25 11:54:57 +110071/*
72 * Name of the host we are connecting to. This is the name given on the
73 * command line, or the HostName specified for the user-supplied name in a
74 * configuration file.
75 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100076char *host;
77
78/* socket address the host resolves to */
Damien Miller34132e52000-01-14 15:45:46 +110079struct sockaddr_storage hostaddr;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100080
Damien Miller5428f641999-11-25 11:54:57 +110081/*
82 * Flag to indicate that we have received a window change signal which has
83 * not yet been processed. This will cause a message indicating the new
84 * window size to be sent to the server a little later. This is volatile
85 * because this is updated in a signal handler.
86 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100087volatile int received_window_change_signal = 0;
88
89/* Value of argv[0] (set in the main program). */
90char *av0;
91
92/* Flag indicating whether we have a valid host private key loaded. */
93int host_private_key_loaded = 0;
94
95/* Host private key. */
96RSA *host_private_key = NULL;
97
98/* Original real UID. */
99uid_t original_real_uid;
100
Damien Miller1383bd82000-04-06 12:32:37 +1000101/* command to be executed */
102Buffer command;
103
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000104/* Prints a help message to the user. This function never returns. */
105
106void
107usage()
108{
Damien Miller95def091999-11-25 00:26:21 +1100109 fprintf(stderr, "Usage: %s [options] host [command]\n", av0);
110 fprintf(stderr, "Options:\n");
111 fprintf(stderr, " -l user Log in using this user name.\n");
112 fprintf(stderr, " -n Redirect input from /dev/null.\n");
113 fprintf(stderr, " -a Disable authentication agent forwarding.\n");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000114#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100115 fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
116#endif /* AFS */
117 fprintf(stderr, " -x Disable X11 connection forwarding.\n");
118 fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
119 fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
Damien Miller1383bd82000-04-06 12:32:37 +1000120 fprintf(stderr, " -T Do not allocate a tty.\n");
Damien Miller95def091999-11-25 00:26:21 +1100121 fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
122 fprintf(stderr, " -V Display version number only.\n");
123 fprintf(stderr, " -P Don't allocate a privileged port.\n");
124 fprintf(stderr, " -q Quiet; don't display any warning messages.\n");
125 fprintf(stderr, " -f Fork into background after authentication.\n");
126 fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000127
Damien Miller95def091999-11-25 00:26:21 +1100128 fprintf(stderr, " -c cipher Select encryption algorithm: "
129 "``3des'', "
130 "``blowfish''\n");
131 fprintf(stderr, " -p port Connect to this port. Server must be on the same port.\n");
132 fprintf(stderr, " -L listen-port:host:port Forward local port to remote address\n");
133 fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n");
134 fprintf(stderr, " These cause %s to listen for connections on a port, and\n", av0);
135 fprintf(stderr, " forward them to the other side by connecting to host:port.\n");
136 fprintf(stderr, " -C Enable compression.\n");
Damien Miller1383bd82000-04-06 12:32:37 +1000137 fprintf(stderr, " -N Do not execute a shell or command.\n");
Damien Miller95def091999-11-25 00:26:21 +1100138 fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");
Damien Miller34132e52000-01-14 15:45:46 +1100139 fprintf(stderr, " -4 Use IPv4 only.\n");
140 fprintf(stderr, " -6 Use IPv6 only.\n");
Damien Miller4af51302000-04-16 11:18:38 +1000141 fprintf(stderr, " -2 Force protocol version 2.\n");
Damien Miller95def091999-11-25 00:26:21 +1100142 fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n");
143 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000144}
145
Damien Miller95def091999-11-25 00:26:21 +1100146/*
147 * Connects to the given host using rsh (or prints an error message and exits
148 * if rsh is not available). This function never returns.
149 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000150void
Damien Miller95def091999-11-25 00:26:21 +1100151rsh_connect(char *host, char *user, Buffer * command)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000152{
Damien Miller95def091999-11-25 00:26:21 +1100153 char *args[10];
154 int i;
155
156 log("Using rsh. WARNING: Connection will not be encrypted.");
157 /* Build argument list for rsh. */
158 i = 0;
159 args[i++] = _PATH_RSH;
160 /* host may have to come after user on some systems */
161 args[i++] = host;
162 if (user) {
163 args[i++] = "-l";
164 args[i++] = user;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000165 }
Damien Miller95def091999-11-25 00:26:21 +1100166 if (buffer_len(command) > 0) {
167 buffer_append(command, "\0", 1);
168 args[i++] = buffer_ptr(command);
169 }
170 args[i++] = NULL;
171 if (debug_flag) {
172 for (i = 0; args[i]; i++) {
173 if (i != 0)
174 fprintf(stderr, " ");
175 fprintf(stderr, "%s", args[i]);
176 }
177 fprintf(stderr, "\n");
178 }
179 execv(_PATH_RSH, args);
180 perror(_PATH_RSH);
181 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000182}
183
Damien Miller1383bd82000-04-06 12:32:37 +1000184int ssh_session(void);
185int ssh_session2(void);
186
Damien Miller95def091999-11-25 00:26:21 +1100187/*
188 * Main program for the ssh client.
189 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000190int
191main(int ac, char **av)
192{
Damien Miller1383bd82000-04-06 12:32:37 +1000193 int i, opt, optind, exit_status, ok;
Damien Milleraae6c611999-12-06 11:47:28 +1100194 u_short fwd_port, fwd_host_port;
Damien Miller95def091999-11-25 00:26:21 +1100195 char *optarg, *cp, buf[256];
Damien Miller95def091999-11-25 00:26:21 +1100196 struct stat st;
197 struct passwd *pw, pwcopy;
Damien Miller1383bd82000-04-06 12:32:37 +1000198 int dummy;
Damien Miller95def091999-11-25 00:26:21 +1100199 uid_t original_effective_uid;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000200
Damien Miller5428f641999-11-25 11:54:57 +1100201 /*
202 * Save the original real uid. It will be needed later (uid-swapping
203 * may clobber the real uid).
204 */
Damien Miller95def091999-11-25 00:26:21 +1100205 original_real_uid = getuid();
206 original_effective_uid = geteuid();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000207
Damien Miller95def091999-11-25 00:26:21 +1100208 /* If we are installed setuid root be careful to not drop core. */
209 if (original_real_uid != original_effective_uid) {
210 struct rlimit rlim;
211 rlim.rlim_cur = rlim.rlim_max = 0;
212 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
213 fatal("setrlimit failed: %.100s", strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000214 }
Damien Miller5428f641999-11-25 11:54:57 +1100215 /*
216 * Use uid-swapping to give up root privileges for the duration of
217 * option processing. We will re-instantiate the rights when we are
218 * ready to create the privileged port, and will permanently drop
219 * them when the port has been created (actually, when the connection
220 * has been made, as we may need to create the port several times).
221 */
Damien Miller95def091999-11-25 00:26:21 +1100222 temporarily_use_uid(original_real_uid);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000223
Damien Miller5428f641999-11-25 11:54:57 +1100224 /*
225 * Set our umask to something reasonable, as some files are created
226 * with the default umask. This will make them world-readable but
227 * writable only by the owner, which is ok for all files for which we
228 * don't set the modes explicitly.
229 */
Damien Miller95def091999-11-25 00:26:21 +1100230 umask(022);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000231
Damien Miller95def091999-11-25 00:26:21 +1100232 /* Save our own name. */
233 av0 = av[0];
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000234
Damien Miller95def091999-11-25 00:26:21 +1100235 /* Initialize option structure to indicate that no values have been set. */
236 initialize_options(&options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000237
Damien Miller95def091999-11-25 00:26:21 +1100238 /* Parse command-line arguments. */
239 host = NULL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000240
Damien Miller95def091999-11-25 00:26:21 +1100241 /* If program name is not one of the standard names, use it as host name. */
242 if (strchr(av0, '/'))
243 cp = strrchr(av0, '/') + 1;
244 else
245 cp = av0;
246 if (strcmp(cp, "rsh") != 0 && strcmp(cp, "ssh") != 0 &&
247 strcmp(cp, "rlogin") != 0 && strcmp(cp, "slogin") != 0)
248 host = cp;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000249
Damien Miller95def091999-11-25 00:26:21 +1100250 for (optind = 1; optind < ac; optind++) {
251 if (av[optind][0] != '-') {
252 if (host)
253 break;
254 if ((cp = strchr(av[optind], '@'))) {
Damien Miller4af51302000-04-16 11:18:38 +1000255 if(cp == av[optind])
256 usage();
Damien Miller95def091999-11-25 00:26:21 +1100257 options.user = av[optind];
258 *cp = '\0';
259 host = ++cp;
260 } else
261 host = av[optind];
262 continue;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000263 }
Damien Miller95def091999-11-25 00:26:21 +1100264 opt = av[optind][1];
265 if (!opt)
266 usage();
267 if (strchr("eilcpLRo", opt)) { /* options with arguments */
268 optarg = av[optind] + 2;
269 if (strcmp(optarg, "") == 0) {
270 if (optind >= ac - 1)
271 usage();
272 optarg = av[++optind];
273 }
274 } else {
275 if (av[optind][2])
276 usage();
277 optarg = NULL;
278 }
279 switch (opt) {
Damien Miller4af51302000-04-16 11:18:38 +1000280 case '2':
281 options.protocol = SSH_PROTO_2;
282 break;
Damien Miller34132e52000-01-14 15:45:46 +1100283 case '4':
284 IPv4or6 = AF_INET;
285 break;
Damien Miller34132e52000-01-14 15:45:46 +1100286 case '6':
287 IPv4or6 = AF_INET6;
288 break;
Damien Miller95def091999-11-25 00:26:21 +1100289 case 'n':
290 stdin_null_flag = 1;
291 break;
Damien Miller95def091999-11-25 00:26:21 +1100292 case 'f':
293 fork_after_authentication_flag = 1;
294 stdin_null_flag = 1;
295 break;
Damien Miller95def091999-11-25 00:26:21 +1100296 case 'x':
297 options.forward_x11 = 0;
298 break;
Damien Miller95def091999-11-25 00:26:21 +1100299 case 'X':
300 options.forward_x11 = 1;
301 break;
Damien Miller95def091999-11-25 00:26:21 +1100302 case 'g':
303 options.gateway_ports = 1;
304 break;
Damien Miller95def091999-11-25 00:26:21 +1100305 case 'P':
306 options.use_privileged_port = 0;
307 break;
Damien Miller95def091999-11-25 00:26:21 +1100308 case 'a':
309 options.forward_agent = 0;
310 break;
311#ifdef AFS
312 case 'k':
313 options.kerberos_tgt_passing = 0;
314 options.afs_token_passing = 0;
315 break;
316#endif
317 case 'i':
318 if (stat(optarg, &st) < 0) {
319 fprintf(stderr, "Warning: Identity file %s does not exist.\n",
320 optarg);
321 break;
322 }
323 if (options.num_identity_files >= SSH_MAX_IDENTITY_FILES)
324 fatal("Too many identity files specified (max %d)",
325 SSH_MAX_IDENTITY_FILES);
326 options.identity_files[options.num_identity_files++] =
327 xstrdup(optarg);
328 break;
Damien Miller95def091999-11-25 00:26:21 +1100329 case 't':
330 tty_flag = 1;
331 break;
Damien Miller95def091999-11-25 00:26:21 +1100332 case 'v':
333 case 'V':
Damien Miller78928792000-04-12 20:17:38 +1000334 fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n",
335 SSH_VERSION,
336 PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
337 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2);
Damien Miller1383bd82000-04-06 12:32:37 +1000338 fprintf(stderr, "Compiled with SSL (0x%8.8lx).\n", SSLeay());
Damien Miller95def091999-11-25 00:26:21 +1100339 if (opt == 'V')
340 exit(0);
341 debug_flag = 1;
342 options.log_level = SYSLOG_LEVEL_DEBUG;
343 break;
Damien Miller95def091999-11-25 00:26:21 +1100344 case 'q':
345 options.log_level = SYSLOG_LEVEL_QUIET;
346 break;
Damien Miller95def091999-11-25 00:26:21 +1100347 case 'e':
348 if (optarg[0] == '^' && optarg[2] == 0 &&
349 (unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128)
350 options.escape_char = (unsigned char) optarg[1] & 31;
351 else if (strlen(optarg) == 1)
352 options.escape_char = (unsigned char) optarg[0];
353 else if (strcmp(optarg, "none") == 0)
354 options.escape_char = -2;
355 else {
356 fprintf(stderr, "Bad escape character '%s'.\n", optarg);
357 exit(1);
358 }
359 break;
Damien Miller95def091999-11-25 00:26:21 +1100360 case 'c':
361 options.cipher = cipher_number(optarg);
362 if (options.cipher == -1) {
363 fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
364 exit(1);
365 }
366 break;
Damien Miller95def091999-11-25 00:26:21 +1100367 case 'p':
368 options.port = atoi(optarg);
Damien Miller95def091999-11-25 00:26:21 +1100369 break;
Damien Miller95def091999-11-25 00:26:21 +1100370 case 'l':
371 options.user = optarg;
372 break;
Damien Miller95def091999-11-25 00:26:21 +1100373 case 'R':
Damien Miller34132e52000-01-14 15:45:46 +1100374 if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
375 &fwd_host_port) != 3 &&
376 sscanf(optarg, "%hu:%255[^:]:%hu", &fwd_port, buf,
377 &fwd_host_port) != 3) {
Damien Miller95def091999-11-25 00:26:21 +1100378 fprintf(stderr, "Bad forwarding specification '%s'.\n", optarg);
379 usage();
380 /* NOTREACHED */
381 }
382 add_remote_forward(&options, fwd_port, buf, fwd_host_port);
383 break;
Damien Miller95def091999-11-25 00:26:21 +1100384 case 'L':
Damien Miller34132e52000-01-14 15:45:46 +1100385 if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
386 &fwd_host_port) != 3 &&
387 sscanf(optarg, "%hu:%255[^:]:%hu", &fwd_port, buf,
388 &fwd_host_port) != 3) {
Damien Miller95def091999-11-25 00:26:21 +1100389 fprintf(stderr, "Bad forwarding specification '%s'.\n", optarg);
390 usage();
391 /* NOTREACHED */
392 }
393 add_local_forward(&options, fwd_port, buf, fwd_host_port);
394 break;
Damien Miller95def091999-11-25 00:26:21 +1100395 case 'C':
396 options.compression = 1;
397 break;
Damien Miller1383bd82000-04-06 12:32:37 +1000398 case 'N':
399 no_shell_flag = 1;
400 no_tty_flag = 1;
401 break;
Damien Miller1383bd82000-04-06 12:32:37 +1000402 case 'T':
403 no_tty_flag = 1;
404 break;
Damien Miller95def091999-11-25 00:26:21 +1100405 case 'o':
406 dummy = 1;
407 if (process_config_line(&options, host ? host : "", optarg,
408 "command-line", 0, &dummy) != 0)
409 exit(1);
410 break;
Damien Miller95def091999-11-25 00:26:21 +1100411 default:
412 usage();
413 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000414 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000415
Damien Miller95def091999-11-25 00:26:21 +1100416 /* Check that we got a host name. */
417 if (!host)
418 usage();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000419
Damien Miller95def091999-11-25 00:26:21 +1100420 /* check if RSA support exists */
421 if (rsa_alive() == 0) {
422 fprintf(stderr,
423 "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
424 __progname);
425 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000426 }
Damien Miller95def091999-11-25 00:26:21 +1100427 /* Initialize the command to execute on remote host. */
428 buffer_init(&command);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000429
Damien Miller5428f641999-11-25 11:54:57 +1100430 /*
431 * Save the command to execute on the remote host in a buffer. There
432 * is no limit on the length of the command, except by the maximum
433 * packet size. Also sets the tty flag if there is no command.
434 */
Damien Miller95def091999-11-25 00:26:21 +1100435 if (optind == ac) {
436 /* No command specified - execute shell on a tty. */
437 tty_flag = 1;
438 } else {
439 /* A command has been specified. Store it into the
440 buffer. */
441 for (i = optind; i < ac; i++) {
442 if (i > optind)
443 buffer_append(&command, " ", 1);
444 buffer_append(&command, av[i], strlen(av[i]));
445 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000446 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000447
Damien Miller95def091999-11-25 00:26:21 +1100448 /* Cannot fork to background if no command. */
449 if (fork_after_authentication_flag && buffer_len(&command) == 0)
450 fatal("Cannot fork into background without a command to execute.");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000451
Damien Miller95def091999-11-25 00:26:21 +1100452 /* Allocate a tty by default if no command specified. */
453 if (buffer_len(&command) == 0)
454 tty_flag = 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000455
Damien Miller95def091999-11-25 00:26:21 +1100456 /* Do not allocate a tty if stdin is not a tty. */
457 if (!isatty(fileno(stdin))) {
458 if (tty_flag)
459 fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
460 tty_flag = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000461 }
Damien Miller1383bd82000-04-06 12:32:37 +1000462 /* force */
463 if (no_tty_flag)
464 tty_flag = 0;
465
Damien Miller95def091999-11-25 00:26:21 +1100466 /* Get user data. */
467 pw = getpwuid(original_real_uid);
468 if (!pw) {
469 fprintf(stderr, "You don't exist, go away!\n");
470 exit(1);
471 }
472 /* Take a copy of the returned structure. */
473 memset(&pwcopy, 0, sizeof(pwcopy));
474 pwcopy.pw_name = xstrdup(pw->pw_name);
475 pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
476 pwcopy.pw_uid = pw->pw_uid;
477 pwcopy.pw_gid = pw->pw_gid;
478 pwcopy.pw_dir = xstrdup(pw->pw_dir);
479 pwcopy.pw_shell = xstrdup(pw->pw_shell);
480 pw = &pwcopy;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000481
Damien Miller95def091999-11-25 00:26:21 +1100482 /* Initialize "log" output. Since we are the client all output
483 actually goes to the terminal. */
484 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000485
Damien Miller95def091999-11-25 00:26:21 +1100486 /* Read per-user configuration file. */
487 snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE);
488 read_config_file(buf, host, &options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000489
Damien Miller95def091999-11-25 00:26:21 +1100490 /* Read systemwide configuration file. */
491 read_config_file(HOST_CONFIG_FILE, host, &options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000492
Damien Miller95def091999-11-25 00:26:21 +1100493 /* Fill configuration defaults. */
494 fill_default_options(&options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000495
Damien Miller95def091999-11-25 00:26:21 +1100496 /* reinit */
497 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000498
Damien Miller95def091999-11-25 00:26:21 +1100499 if (options.user == NULL)
500 options.user = xstrdup(pw->pw_name);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000501
Damien Miller95def091999-11-25 00:26:21 +1100502 if (options.hostname != NULL)
503 host = options.hostname;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000504
Damien Miller95def091999-11-25 00:26:21 +1100505 /* Find canonic host name. */
506 if (strchr(host, '.') == 0) {
Damien Miller34132e52000-01-14 15:45:46 +1100507 struct addrinfo hints;
508 struct addrinfo *ai = NULL;
509 int errgai;
510 memset(&hints, 0, sizeof(hints));
Damien Miller98c7ad62000-03-09 21:27:49 +1100511 hints.ai_family = IPv4or6;
Damien Miller34132e52000-01-14 15:45:46 +1100512 hints.ai_flags = AI_CANONNAME;
513 hints.ai_socktype = SOCK_STREAM;
514 errgai = getaddrinfo(host, NULL, &hints, &ai);
515 if (errgai == 0) {
516 if (ai->ai_canonname != NULL)
517 host = xstrdup(ai->ai_canonname);
518 freeaddrinfo(ai);
Damien Miller95def091999-11-25 00:26:21 +1100519 }
520 }
521 /* Disable rhosts authentication if not running as root. */
522 if (original_effective_uid != 0 || !options.use_privileged_port) {
523 options.rhosts_authentication = 0;
524 options.rhosts_rsa_authentication = 0;
525 }
Damien Miller5428f641999-11-25 11:54:57 +1100526 /*
527 * If using rsh has been selected, exec it now (without trying
528 * anything else). Note that we must release privileges first.
529 */
Damien Miller95def091999-11-25 00:26:21 +1100530 if (options.use_rsh) {
Damien Miller5428f641999-11-25 11:54:57 +1100531 /*
532 * Restore our superuser privileges. This must be done
533 * before permanently setting the uid.
534 */
Damien Miller95def091999-11-25 00:26:21 +1100535 restore_uid();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000536
Damien Miller95def091999-11-25 00:26:21 +1100537 /* Switch to the original uid permanently. */
538 permanently_set_uid(original_real_uid);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000539
Damien Miller95def091999-11-25 00:26:21 +1100540 /* Execute rsh. */
541 rsh_connect(host, options.user, &command);
542 fatal("rsh_connect returned");
543 }
544 /* Restore our superuser privileges. */
545 restore_uid();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000546
Damien Miller5428f641999-11-25 11:54:57 +1100547 /*
548 * Open a connection to the remote host. This needs root privileges
549 * if rhosts_{rsa_}authentication is enabled.
550 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000551
Damien Miller95def091999-11-25 00:26:21 +1100552 ok = ssh_connect(host, &hostaddr, options.port,
553 options.connection_attempts,
554 !options.rhosts_authentication &&
555 !options.rhosts_rsa_authentication,
556 original_real_uid,
557 options.proxy_command);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000558
Damien Miller5428f641999-11-25 11:54:57 +1100559 /*
560 * If we successfully made the connection, load the host private key
561 * in case we will need it later for combined rsa-rhosts
562 * authentication. This must be done before releasing extra
563 * privileges, because the file is only readable by root.
564 */
Damien Miller95def091999-11-25 00:26:21 +1100565 if (ok) {
566 host_private_key = RSA_new();
567 if (load_private_key(HOST_KEY_FILE, "", host_private_key, NULL))
568 host_private_key_loaded = 1;
569 }
Damien Miller5428f641999-11-25 11:54:57 +1100570 /*
571 * Get rid of any extra privileges that we may have. We will no
572 * longer need them. Also, extra privileges could make it very hard
573 * to read identity files and other non-world-readable files from the
574 * user's home directory if it happens to be on a NFS volume where
575 * root is mapped to nobody.
576 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000577
Damien Miller5428f641999-11-25 11:54:57 +1100578 /*
579 * Note that some legacy systems need to postpone the following call
580 * to permanently_set_uid() until the private hostkey is destroyed
581 * with RSA_free(). Otherwise the calling user could ptrace() the
582 * process, read the private hostkey and impersonate the host.
583 * OpenBSD does not allow ptracing of setuid processes.
584 */
Damien Miller95def091999-11-25 00:26:21 +1100585 permanently_set_uid(original_real_uid);
586
Damien Miller5428f641999-11-25 11:54:57 +1100587 /*
588 * Now that we are back to our own permissions, create ~/.ssh
589 * directory if it doesn\'t already exist.
590 */
Damien Miller95def091999-11-25 00:26:21 +1100591 snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR);
592 if (stat(buf, &st) < 0)
593 if (mkdir(buf, 0755) < 0)
594 error("Could not create directory '%.200s'.", buf);
595
596 /* Check if the connection failed, and try "rsh" if appropriate. */
597 if (!ok) {
598 if (options.port != 0)
Damien Milleraae6c611999-12-06 11:47:28 +1100599 log("Secure connection to %.100s on port %hu refused%.100s.",
Damien Miller95def091999-11-25 00:26:21 +1100600 host, options.port,
601 options.fallback_to_rsh ? "; reverting to insecure method" : "");
602 else
603 log("Secure connection to %.100s refused%.100s.", host,
604 options.fallback_to_rsh ? "; reverting to insecure method" : "");
605
606 if (options.fallback_to_rsh) {
607 rsh_connect(host, options.user, &command);
608 fatal("rsh_connect returned");
609 }
610 exit(1);
611 }
612 /* Expand ~ in options.identity_files. */
613 for (i = 0; i < options.num_identity_files; i++)
614 options.identity_files[i] =
615 tilde_expand_filename(options.identity_files[i], original_real_uid);
616
617 /* Expand ~ in known host file names. */
618 options.system_hostfile = tilde_expand_filename(options.system_hostfile,
Damien Miller4af51302000-04-16 11:18:38 +1000619 original_real_uid);
Damien Miller95def091999-11-25 00:26:21 +1100620 options.user_hostfile = tilde_expand_filename(options.user_hostfile,
621 original_real_uid);
622
623 /* Log into the remote system. This never returns if the login fails. */
624 ssh_login(host_private_key_loaded, host_private_key,
Damien Miller34132e52000-01-14 15:45:46 +1100625 host, (struct sockaddr *)&hostaddr, original_real_uid);
Damien Miller95def091999-11-25 00:26:21 +1100626
627 /* We no longer need the host private key. Clear it now. */
628 if (host_private_key_loaded)
629 RSA_free(host_private_key); /* Destroys contents safely */
630
Damien Miller1383bd82000-04-06 12:32:37 +1000631 exit_status = compat20 ? ssh_session2() : ssh_session();
632 packet_close();
633 return exit_status;
634}
635
636int
637ssh_session(void)
638{
639 int type;
640 int i;
641 int plen;
642 int interactive = 0;
643 int have_tty = 0;
644 struct winsize ws;
645 int authfd;
646 char *cp;
647
Damien Miller95def091999-11-25 00:26:21 +1100648 /* Enable compression if requested. */
649 if (options.compression) {
650 debug("Requesting compression at level %d.", options.compression_level);
651
652 if (options.compression_level < 1 || options.compression_level > 9)
653 fatal("Compression level must be from 1 (fast) to 9 (slow, best).");
654
655 /* Send the request. */
656 packet_start(SSH_CMSG_REQUEST_COMPRESSION);
657 packet_put_int(options.compression_level);
658 packet_send();
659 packet_write_wait();
660 type = packet_read(&plen);
661 if (type == SSH_SMSG_SUCCESS)
662 packet_start_compression(options.compression_level);
663 else if (type == SSH_SMSG_FAILURE)
664 log("Warning: Remote host refused compression.");
665 else
666 packet_disconnect("Protocol error waiting for compression response.");
667 }
668 /* Allocate a pseudo tty if appropriate. */
669 if (tty_flag) {
670 debug("Requesting pty.");
671
672 /* Start the packet. */
673 packet_start(SSH_CMSG_REQUEST_PTY);
674
675 /* Store TERM in the packet. There is no limit on the
676 length of the string. */
677 cp = getenv("TERM");
678 if (!cp)
679 cp = "";
680 packet_put_string(cp, strlen(cp));
681
682 /* Store window size in the packet. */
683 if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
684 memset(&ws, 0, sizeof(ws));
685 packet_put_int(ws.ws_row);
686 packet_put_int(ws.ws_col);
687 packet_put_int(ws.ws_xpixel);
688 packet_put_int(ws.ws_ypixel);
689
690 /* Store tty modes in the packet. */
691 tty_make_modes(fileno(stdin));
692
693 /* Send the packet, and wait for it to leave. */
694 packet_send();
695 packet_write_wait();
696
697 /* Read response from the server. */
698 type = packet_read(&plen);
Damien Miller450a7a12000-03-26 13:04:51 +1000699 if (type == SSH_SMSG_SUCCESS) {
Damien Miller95def091999-11-25 00:26:21 +1100700 interactive = 1;
Damien Miller1383bd82000-04-06 12:32:37 +1000701 have_tty = 1;
Damien Miller450a7a12000-03-26 13:04:51 +1000702 } else if (type == SSH_SMSG_FAILURE)
Damien Miller95def091999-11-25 00:26:21 +1100703 log("Warning: Remote host failed or refused to allocate a pseudo tty.");
704 else
705 packet_disconnect("Protocol error waiting for pty request response.");
706 }
707 /* Request X11 forwarding if enabled and DISPLAY is set. */
708 if (options.forward_x11 && getenv("DISPLAY") != NULL) {
709 char line[512], proto[512], data[512];
710 FILE *f;
711 int forwarded = 0, got_data = 0, i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000712
713#ifdef XAUTH_PATH
Damien Miller95def091999-11-25 00:26:21 +1100714 /* Try to get Xauthority information for the display. */
715 snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null",
716 XAUTH_PATH, getenv("DISPLAY"));
717 f = popen(line, "r");
718 if (f && fgets(line, sizeof(line), f) &&
719 sscanf(line, "%*s %s %s", proto, data) == 2)
720 got_data = 1;
721 if (f)
722 pclose(f);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000723#endif /* XAUTH_PATH */
Damien Miller5428f641999-11-25 11:54:57 +1100724 /*
725 * If we didn't get authentication data, just make up some
726 * data. The forwarding code will check the validity of the
727 * response anyway, and substitute this data. The X11
728 * server, however, will ignore this fake data and use
729 * whatever authentication mechanisms it was using otherwise
730 * for the local connection.
731 */
Damien Miller95def091999-11-25 00:26:21 +1100732 if (!got_data) {
733 u_int32_t rand = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000734
Damien Miller95def091999-11-25 00:26:21 +1100735 strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
736 for (i = 0; i < 16; i++) {
737 if (i % 4 == 0)
738 rand = arc4random();
739 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", rand & 0xff);
740 rand >>= 8;
741 }
742 }
Damien Miller5428f641999-11-25 11:54:57 +1100743 /*
744 * Got local authentication reasonable information. Request
745 * forwarding with authentication spoofing.
746 */
Damien Miller95def091999-11-25 00:26:21 +1100747 debug("Requesting X11 forwarding with authentication spoofing.");
748 x11_request_forwarding_with_spoofing(proto, data);
749
750 /* Read response from the server. */
751 type = packet_read(&plen);
752 if (type == SSH_SMSG_SUCCESS) {
753 forwarded = 1;
754 interactive = 1;
755 } else if (type == SSH_SMSG_FAILURE)
756 log("Warning: Remote host denied X11 forwarding.");
757 else
758 packet_disconnect("Protocol error waiting for X11 forwarding");
759 }
760 /* Tell the packet module whether this is an interactive session. */
761 packet_set_interactive(interactive, options.keepalives);
762
763 /* Clear agent forwarding if we don\'t have an agent. */
764 authfd = ssh_get_authentication_socket();
765 if (authfd < 0)
766 options.forward_agent = 0;
767 else
768 ssh_close_authentication_socket(authfd);
769
770 /* Request authentication agent forwarding if appropriate. */
771 if (options.forward_agent) {
772 debug("Requesting authentication agent forwarding.");
773 auth_request_forwarding();
774
775 /* Read response from the server. */
776 type = packet_read(&plen);
777 packet_integrity_check(plen, 0, type);
778 if (type != SSH_SMSG_SUCCESS)
779 log("Warning: Remote host denied authentication agent forwarding.");
780 }
781 /* Initiate local TCP/IP port forwardings. */
782 for (i = 0; i < options.num_local_forwards; i++) {
783 debug("Connections to local port %d forwarded to remote address %.200s:%d",
784 options.local_forwards[i].port,
785 options.local_forwards[i].host,
786 options.local_forwards[i].host_port);
787 channel_request_local_forwarding(options.local_forwards[i].port,
Damien Miller4af51302000-04-16 11:18:38 +1000788 options.local_forwards[i].host,
Damien Millera34a28b1999-12-14 10:47:15 +1100789 options.local_forwards[i].host_port,
790 options.gateway_ports);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000791 }
792
Damien Miller95def091999-11-25 00:26:21 +1100793 /* Initiate remote TCP/IP port forwardings. */
794 for (i = 0; i < options.num_remote_forwards; i++) {
795 debug("Connections to remote port %d forwarded to local address %.200s:%d",
796 options.remote_forwards[i].port,
797 options.remote_forwards[i].host,
798 options.remote_forwards[i].host_port);
799 channel_request_remote_forwarding(options.remote_forwards[i].port,
800 options.remote_forwards[i].host,
Damien Miller4af51302000-04-16 11:18:38 +1000801 options.remote_forwards[i].host_port);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000802 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000803
Damien Miller5428f641999-11-25 11:54:57 +1100804 /* If requested, let ssh continue in the background. */
Damien Miller4af51302000-04-16 11:18:38 +1000805 if (fork_after_authentication_flag)
Damien Miller5428f641999-11-25 11:54:57 +1100806 if (daemon(1, 1) < 0)
807 fatal("daemon() failed: %.200s", strerror(errno));
808
809 /*
810 * If a command was specified on the command line, execute the
811 * command now. Otherwise request the server to start a shell.
812 */
Damien Miller95def091999-11-25 00:26:21 +1100813 if (buffer_len(&command) > 0) {
814 int len = buffer_len(&command);
815 if (len > 900)
816 len = 900;
817 debug("Sending command: %.*s", len, buffer_ptr(&command));
818 packet_start(SSH_CMSG_EXEC_CMD);
819 packet_put_string(buffer_ptr(&command), buffer_len(&command));
820 packet_send();
821 packet_write_wait();
822 } else {
823 debug("Requesting shell.");
824 packet_start(SSH_CMSG_EXEC_SHELL);
825 packet_send();
826 packet_write_wait();
827 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000828
Damien Miller95def091999-11-25 00:26:21 +1100829 /* Enter the interactive session. */
Damien Miller1383bd82000-04-06 12:32:37 +1000830 return client_loop(have_tty, tty_flag ? options.escape_char : -1);
831}
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000832
Damien Miller1383bd82000-04-06 12:32:37 +1000833void
834init_local_fwd(void)
835{
836 int i;
837 /* Initiate local TCP/IP port forwardings. */
838 for (i = 0; i < options.num_local_forwards; i++) {
839 debug("Connections to local port %d forwarded to remote address %.200s:%d",
840 options.local_forwards[i].port,
841 options.local_forwards[i].host,
842 options.local_forwards[i].host_port);
843 channel_request_local_forwarding(options.local_forwards[i].port,
Damien Miller4af51302000-04-16 11:18:38 +1000844 options.local_forwards[i].host,
Damien Miller1383bd82000-04-06 12:32:37 +1000845 options.local_forwards[i].host_port,
846 options.gateway_ports);
847 }
848}
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000849
Damien Miller1383bd82000-04-06 12:32:37 +1000850extern void client_set_session_ident(int id);
851
852void
853client_init(int id, void *arg)
854{
855 int len;
856 debug("client_init id %d arg %d", id, (int)arg);
857
858 if (no_shell_flag)
859 goto done;
860
861 if (tty_flag) {
862 struct winsize ws;
863 char *cp;
864 cp = getenv("TERM");
865 if (!cp)
866 cp = "";
867 /* Store window size in the packet. */
868 if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
869 memset(&ws, 0, sizeof(ws));
870
871 channel_request_start(id, "pty-req", 0);
872 packet_put_cstring(cp);
873 packet_put_int(ws.ws_col);
874 packet_put_int(ws.ws_row);
875 packet_put_int(ws.ws_xpixel);
876 packet_put_int(ws.ws_ypixel);
877 packet_put_cstring(""); /* XXX: encode terminal modes */
878 packet_send();
879 /* XXX wait for reply */
880 }
881 len = buffer_len(&command);
882 if (len > 0) {
883 if (len > 900)
884 len = 900;
885 debug("Sending command: %.*s", len, buffer_ptr(&command));
886 channel_request_start(id, "exec", 0);
887 packet_put_string(buffer_ptr(&command), len);
888 packet_send();
889 } else {
890 channel_request(id, "shell", 0);
891 }
892 /* channel_callback(id, SSH2_MSG_OPEN_CONFIGMATION, client_init, 0); */
893done:
894 /* register different callback, etc. XXX */
895 client_set_session_ident(id);
896}
897
898int
899ssh_session2(void)
900{
901 int window, packetmax, id;
902 int in = dup(STDIN_FILENO);
903 int out = dup(STDOUT_FILENO);
904 int err = dup(STDERR_FILENO);
905
906 if (in < 0 || out < 0 || err < 0)
907 fatal("dump in/out/err failed");
908
909 /* should be pre-session */
910 init_local_fwd();
911
912 window = 32*1024;
913 if (tty_flag) {
914 packetmax = window/8;
915 } else {
916 window *= 2;
917 packetmax = window/2;
918 }
919
920 id = channel_new(
921 "session", SSH_CHANNEL_OPENING, in, out, err,
922 window, packetmax, CHAN_EXTENDED_WRITE, xstrdup("client-session"));
923
924
925 channel_open(id);
926 channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0);
927
928 return client_loop(tty_flag, tty_flag ? options.escape_char : -1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000929}