Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
This commit is contained in:
+100
-45
@@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: clientloop.c,v 1.240 2012/06/20 04:42:58 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.248 2013/01/02 00:32:07 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@@ -969,9 +969,9 @@ process_cmdline(void)
|
||||
goto out;
|
||||
}
|
||||
if (local || dynamic) {
|
||||
if (channel_setup_local_fwd_listener(fwd.listen_host,
|
||||
if (!channel_setup_local_fwd_listener(fwd.listen_host,
|
||||
fwd.listen_port, fwd.connect_host,
|
||||
fwd.connect_port, options.gateway_ports) < 0) {
|
||||
fwd.connect_port, options.gateway_ports)) {
|
||||
logit("Port forwarding failed.");
|
||||
goto out;
|
||||
}
|
||||
@@ -997,6 +997,63 @@ process_cmdline(void)
|
||||
xfree(fwd.connect_host);
|
||||
}
|
||||
|
||||
/* reasons to suppress output of an escape command in help output */
|
||||
#define SUPPRESS_NEVER 0 /* never suppress, always show */
|
||||
#define SUPPRESS_PROTO1 1 /* don't show in protocol 1 sessions */
|
||||
#define SUPPRESS_MUXCLIENT 2 /* don't show in mux client sessions */
|
||||
#define SUPPRESS_MUXMASTER 4 /* don't show in mux master sessions */
|
||||
#define SUPPRESS_SYSLOG 8 /* don't show when logging to syslog */
|
||||
struct escape_help_text {
|
||||
const char *cmd;
|
||||
const char *text;
|
||||
unsigned int flags;
|
||||
};
|
||||
static struct escape_help_text esc_txt[] = {
|
||||
{".", "terminate session", SUPPRESS_MUXMASTER},
|
||||
{".", "terminate connection (and any multiplexed sessions)",
|
||||
SUPPRESS_MUXCLIENT},
|
||||
{"B", "send a BREAK to the remote system", SUPPRESS_PROTO1},
|
||||
{"C", "open a command line", SUPPRESS_MUXCLIENT},
|
||||
{"R", "request rekey", SUPPRESS_PROTO1},
|
||||
{"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT},
|
||||
{"^Z", "suspend ssh", SUPPRESS_MUXCLIENT},
|
||||
{"#", "list forwarded connections", SUPPRESS_NEVER},
|
||||
{"&", "background ssh (when waiting for connections to terminate)",
|
||||
SUPPRESS_MUXCLIENT},
|
||||
{"?", "this message", SUPPRESS_NEVER},
|
||||
};
|
||||
|
||||
static void
|
||||
print_escape_help(Buffer *b, int escape_char, int protocol2, int mux_client,
|
||||
int using_stderr)
|
||||
{
|
||||
unsigned int i, suppress_flags;
|
||||
char string[1024];
|
||||
|
||||
snprintf(string, sizeof string, "%c?\r\n"
|
||||
"Supported escape sequences:\r\n", escape_char);
|
||||
buffer_append(b, string, strlen(string));
|
||||
|
||||
suppress_flags = (protocol2 ? 0 : SUPPRESS_PROTO1) |
|
||||
(mux_client ? SUPPRESS_MUXCLIENT : 0) |
|
||||
(mux_client ? 0 : SUPPRESS_MUXMASTER) |
|
||||
(using_stderr ? 0 : SUPPRESS_SYSLOG);
|
||||
|
||||
for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) {
|
||||
if (esc_txt[i].flags & suppress_flags)
|
||||
continue;
|
||||
snprintf(string, sizeof string, " %c%-3s - %s\r\n",
|
||||
escape_char, esc_txt[i].cmd, esc_txt[i].text);
|
||||
buffer_append(b, string, strlen(string));
|
||||
}
|
||||
|
||||
snprintf(string, sizeof string,
|
||||
" %c%c - send the escape character by typing it twice\r\n"
|
||||
"(Note that escapes are only recognized immediately after "
|
||||
"newline.)\r\n", escape_char, escape_char);
|
||||
buffer_append(b, string, strlen(string));
|
||||
}
|
||||
|
||||
/*
|
||||
* Process the characters one by one, call with c==NULL for proto1 case.
|
||||
*/
|
||||
@@ -1047,6 +1104,8 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
|
||||
if (c && c->ctl_chan != -1) {
|
||||
chan_read_failed(c);
|
||||
chan_write_failed(c);
|
||||
mux_master_session_cleanup_cb(c->self,
|
||||
NULL);
|
||||
return 0;
|
||||
} else
|
||||
quit_pending = 1;
|
||||
@@ -1055,11 +1114,16 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
|
||||
case 'Z' - 64:
|
||||
/* XXX support this for mux clients */
|
||||
if (c && c->ctl_chan != -1) {
|
||||
char b[16];
|
||||
noescape:
|
||||
if (ch == 'Z' - 64)
|
||||
snprintf(b, sizeof b, "^Z");
|
||||
else
|
||||
snprintf(b, sizeof b, "%c", ch);
|
||||
snprintf(string, sizeof string,
|
||||
"%c%c escape not available to "
|
||||
"%c%s escape not available to "
|
||||
"multiplexed sessions\r\n",
|
||||
escape_char, ch);
|
||||
escape_char, b);
|
||||
buffer_append(berr, string,
|
||||
strlen(string));
|
||||
continue;
|
||||
@@ -1098,6 +1162,31 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
|
||||
}
|
||||
continue;
|
||||
|
||||
case 'V':
|
||||
/* FALLTHROUGH */
|
||||
case 'v':
|
||||
if (c && c->ctl_chan != -1)
|
||||
goto noescape;
|
||||
if (!log_is_on_stderr()) {
|
||||
snprintf(string, sizeof string,
|
||||
"%c%c [Logging to syslog]\r\n",
|
||||
escape_char, ch);
|
||||
buffer_append(berr, string,
|
||||
strlen(string));
|
||||
continue;
|
||||
}
|
||||
if (ch == 'V' && options.log_level >
|
||||
SYSLOG_LEVEL_QUIET)
|
||||
log_change_level(--options.log_level);
|
||||
if (ch == 'v' && options.log_level <
|
||||
SYSLOG_LEVEL_DEBUG3)
|
||||
log_change_level(++options.log_level);
|
||||
snprintf(string, sizeof string,
|
||||
"%c%c [LogLevel %s]\r\n", escape_char, ch,
|
||||
log_level_name(options.log_level));
|
||||
buffer_append(berr, string, strlen(string));
|
||||
continue;
|
||||
|
||||
case '&':
|
||||
if (c && c->ctl_chan != -1)
|
||||
goto noescape;
|
||||
@@ -1151,43 +1240,9 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
|
||||
continue;
|
||||
|
||||
case '?':
|
||||
if (c && c->ctl_chan != -1) {
|
||||
snprintf(string, sizeof string,
|
||||
"%c?\r\n\
|
||||
Supported escape sequences:\r\n\
|
||||
%c. - terminate session\r\n\
|
||||
%cB - send a BREAK to the remote system\r\n\
|
||||
%cR - Request rekey (SSH protocol 2 only)\r\n\
|
||||
%c# - list forwarded connections\r\n\
|
||||
%c? - this message\r\n\
|
||||
%c%c - send the escape character by typing it twice\r\n\
|
||||
(Note that escapes are only recognized immediately after newline.)\r\n",
|
||||
escape_char, escape_char,
|
||||
escape_char, escape_char,
|
||||
escape_char, escape_char,
|
||||
escape_char, escape_char);
|
||||
} else {
|
||||
snprintf(string, sizeof string,
|
||||
"%c?\r\n\
|
||||
Supported escape sequences:\r\n\
|
||||
%c. - terminate connection (and any multiplexed sessions)\r\n\
|
||||
%cB - send a BREAK to the remote system\r\n\
|
||||
%cC - open a command line\r\n\
|
||||
%cR - Request rekey (SSH protocol 2 only)\r\n\
|
||||
%c^Z - suspend ssh\r\n\
|
||||
%c# - list forwarded connections\r\n\
|
||||
%c& - background ssh (when waiting for connections to terminate)\r\n\
|
||||
%c? - this message\r\n\
|
||||
%c%c - send the escape character by typing it twice\r\n\
|
||||
(Note that escapes are only recognized immediately after newline.)\r\n",
|
||||
escape_char, escape_char,
|
||||
escape_char, escape_char,
|
||||
escape_char, escape_char,
|
||||
escape_char, escape_char,
|
||||
escape_char, escape_char,
|
||||
escape_char);
|
||||
}
|
||||
buffer_append(berr, string, strlen(string));
|
||||
print_escape_help(berr, escape_char, compat20,
|
||||
(c && c->ctl_chan != -1),
|
||||
log_is_on_stderr());
|
||||
continue;
|
||||
|
||||
case '#':
|
||||
@@ -2207,10 +2262,10 @@ client_stop_mux(void)
|
||||
if (options.control_path != NULL && muxserver_sock != -1)
|
||||
unlink(options.control_path);
|
||||
/*
|
||||
* If we are in persist mode, signal that we should close when all
|
||||
* active channels are closed.
|
||||
* If we are in persist mode, or don't have a shell, signal that we
|
||||
* should close when all active channels are closed.
|
||||
*/
|
||||
if (options.control_persist) {
|
||||
if (options.control_persist || no_shell_flag) {
|
||||
session_closed = 1;
|
||||
setproctitle("[stopped mux]");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user