Upgrade to OpenSSH 6.2p1. The most important new features are support

for a key revocation list and more fine-grained authentication control.
This commit is contained in:
Dag-Erling Smørgrav
2013-03-22 17:55:38 +00:00
95 changed files with 4989 additions and 1242 deletions
+100 -45
View File
@@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.240 2012/06/20 04:42:58 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.248 2013/01/02 00:32:07 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -969,9 +969,9 @@ process_cmdline(void)
goto out;
}
if (local || dynamic) {
if (channel_setup_local_fwd_listener(fwd.listen_host,
if (!channel_setup_local_fwd_listener(fwd.listen_host,
fwd.listen_port, fwd.connect_host,
fwd.connect_port, options.gateway_ports) < 0) {
fwd.connect_port, options.gateway_ports)) {
logit("Port forwarding failed.");
goto out;
}
@@ -997,6 +997,63 @@ process_cmdline(void)
xfree(fwd.connect_host);
}
/* reasons to suppress output of an escape command in help output */
#define SUPPRESS_NEVER 0 /* never suppress, always show */
#define SUPPRESS_PROTO1 1 /* don't show in protocol 1 sessions */
#define SUPPRESS_MUXCLIENT 2 /* don't show in mux client sessions */
#define SUPPRESS_MUXMASTER 4 /* don't show in mux master sessions */
#define SUPPRESS_SYSLOG 8 /* don't show when logging to syslog */
struct escape_help_text {
const char *cmd;
const char *text;
unsigned int flags;
};
static struct escape_help_text esc_txt[] = {
{".", "terminate session", SUPPRESS_MUXMASTER},
{".", "terminate connection (and any multiplexed sessions)",
SUPPRESS_MUXCLIENT},
{"B", "send a BREAK to the remote system", SUPPRESS_PROTO1},
{"C", "open a command line", SUPPRESS_MUXCLIENT},
{"R", "request rekey", SUPPRESS_PROTO1},
{"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT},
{"^Z", "suspend ssh", SUPPRESS_MUXCLIENT},
{"#", "list forwarded connections", SUPPRESS_NEVER},
{"&", "background ssh (when waiting for connections to terminate)",
SUPPRESS_MUXCLIENT},
{"?", "this message", SUPPRESS_NEVER},
};
static void
print_escape_help(Buffer *b, int escape_char, int protocol2, int mux_client,
int using_stderr)
{
unsigned int i, suppress_flags;
char string[1024];
snprintf(string, sizeof string, "%c?\r\n"
"Supported escape sequences:\r\n", escape_char);
buffer_append(b, string, strlen(string));
suppress_flags = (protocol2 ? 0 : SUPPRESS_PROTO1) |
(mux_client ? SUPPRESS_MUXCLIENT : 0) |
(mux_client ? 0 : SUPPRESS_MUXMASTER) |
(using_stderr ? 0 : SUPPRESS_SYSLOG);
for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) {
if (esc_txt[i].flags & suppress_flags)
continue;
snprintf(string, sizeof string, " %c%-3s - %s\r\n",
escape_char, esc_txt[i].cmd, esc_txt[i].text);
buffer_append(b, string, strlen(string));
}
snprintf(string, sizeof string,
" %c%c - send the escape character by typing it twice\r\n"
"(Note that escapes are only recognized immediately after "
"newline.)\r\n", escape_char, escape_char);
buffer_append(b, string, strlen(string));
}
/*
* Process the characters one by one, call with c==NULL for proto1 case.
*/
@@ -1047,6 +1104,8 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
if (c && c->ctl_chan != -1) {
chan_read_failed(c);
chan_write_failed(c);
mux_master_session_cleanup_cb(c->self,
NULL);
return 0;
} else
quit_pending = 1;
@@ -1055,11 +1114,16 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
case 'Z' - 64:
/* XXX support this for mux clients */
if (c && c->ctl_chan != -1) {
char b[16];
noescape:
if (ch == 'Z' - 64)
snprintf(b, sizeof b, "^Z");
else
snprintf(b, sizeof b, "%c", ch);
snprintf(string, sizeof string,
"%c%c escape not available to "
"%c%s escape not available to "
"multiplexed sessions\r\n",
escape_char, ch);
escape_char, b);
buffer_append(berr, string,
strlen(string));
continue;
@@ -1098,6 +1162,31 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
}
continue;
case 'V':
/* FALLTHROUGH */
case 'v':
if (c && c->ctl_chan != -1)
goto noescape;
if (!log_is_on_stderr()) {
snprintf(string, sizeof string,
"%c%c [Logging to syslog]\r\n",
escape_char, ch);
buffer_append(berr, string,
strlen(string));
continue;
}
if (ch == 'V' && options.log_level >
SYSLOG_LEVEL_QUIET)
log_change_level(--options.log_level);
if (ch == 'v' && options.log_level <
SYSLOG_LEVEL_DEBUG3)
log_change_level(++options.log_level);
snprintf(string, sizeof string,
"%c%c [LogLevel %s]\r\n", escape_char, ch,
log_level_name(options.log_level));
buffer_append(berr, string, strlen(string));
continue;
case '&':
if (c && c->ctl_chan != -1)
goto noescape;
@@ -1151,43 +1240,9 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
continue;
case '?':
if (c && c->ctl_chan != -1) {
snprintf(string, sizeof string,
"%c?\r\n\
Supported escape sequences:\r\n\
%c. - terminate session\r\n\
%cB - send a BREAK to the remote system\r\n\
%cR - Request rekey (SSH protocol 2 only)\r\n\
%c# - list forwarded connections\r\n\
%c? - this message\r\n\
%c%c - send the escape character by typing it twice\r\n\
(Note that escapes are only recognized immediately after newline.)\r\n",
escape_char, escape_char,
escape_char, escape_char,
escape_char, escape_char,
escape_char, escape_char);
} else {
snprintf(string, sizeof string,
"%c?\r\n\
Supported escape sequences:\r\n\
%c. - terminate connection (and any multiplexed sessions)\r\n\
%cB - send a BREAK to the remote system\r\n\
%cC - open a command line\r\n\
%cR - Request rekey (SSH protocol 2 only)\r\n\
%c^Z - suspend ssh\r\n\
%c# - list forwarded connections\r\n\
%c& - background ssh (when waiting for connections to terminate)\r\n\
%c? - this message\r\n\
%c%c - send the escape character by typing it twice\r\n\
(Note that escapes are only recognized immediately after newline.)\r\n",
escape_char, escape_char,
escape_char, escape_char,
escape_char, escape_char,
escape_char, escape_char,
escape_char, escape_char,
escape_char);
}
buffer_append(berr, string, strlen(string));
print_escape_help(berr, escape_char, compat20,
(c && c->ctl_chan != -1),
log_is_on_stderr());
continue;
case '#':
@@ -2207,10 +2262,10 @@ client_stop_mux(void)
if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
/*
* If we are in persist mode, signal that we should close when all
* active channels are closed.
* If we are in persist mode, or don't have a shell, signal that we
* should close when all active channels are closed.
*/
if (options.control_persist) {
if (options.control_persist || no_shell_flag) {
session_closed = 1;
setproctitle("[stopped mux]");
}