Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by:	gshapiro, peter, green

1 files changed, 71 insertions, 35 deletions

diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c
index 5708897..d46e992 100644
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@@ -2,18 +2,45 @@
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
- * Created: Sat Mar 18 16:36:11 1995 ylo
  * Ssh client program.  This program can be used to log into a remote machine.
  * The software supports strong authentication, encryption, and forwarding
  * of X11, TCP/IP, and authentication connections.
  *
- * Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
  *
- * $FreeBSD$
+ * Copyright (c) 1999 Niels Provos.  All rights reserved.
+ *
+ * Modified to work with SSL by Niels Provos <provos@citi.umich.edu>
+ * in Canada (German citizen).
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.65 2000/09/07 20:40:30 markus Exp $");
+RCSID("$FreeBSD$");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -23,7 +50,6 @@ RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
 #include "buffer.h"
-#include "authfd.h"
 #include "readconf.h"
 #include "uidswap.h"
 
@@ -31,6 +57,7 @@ RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $");
 #include "compat.h"
 #include "channels.h"
 #include "key.h"
+#include "authfd.h"
 #include "authfile.h"
 
 extern char *__progname;
@@ -117,7 +144,6 @@ usage()
 #endif				/* AFS */
         fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
 	fprintf(stderr, "  -x          Disable X11 connection forwarding.\n");
-	fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
 	fprintf(stderr, "  -i file     Identity for RSA authentication (default: ~/.ssh/identity).\n");
 	fprintf(stderr, "  -t          Tty; allocate a tty even if command is given.\n");
 	fprintf(stderr, "  -T          Do not allocate a tty.\n");
@@ -249,8 +275,8 @@ main(int ac, char **av)
 		cp = strrchr(av0, '/') + 1;
 	else
 		cp = av0;
-	if (strcmp(cp, "rsh") != 0 && strcmp(cp, "ssh") != 0 &&
-	    strcmp(cp, "rlogin") != 0 && strcmp(cp, "slogin") != 0)
+	if (strcmp(cp, "rsh") && strcmp(cp, "ssh") && strcmp(cp, "rlogin") &&
+	    strcmp(cp, "slogin") && strcmp(cp, "remsh"))
 		host = cp;
 
 	for (optind = 1; optind < ac; optind++) {
@@ -458,7 +484,7 @@ main(int ac, char **av)
 	}
 
 	/* Cannot fork to background if no command. */
-	if (fork_after_authentication_flag && buffer_len(&command) == 0)
+	if (fork_after_authentication_flag && buffer_len(&command) == 0 && !no_shell_flag)
 		fatal("Cannot fork into background without a command to execute.");
 
 	/* Allocate a tty by default if no command specified. */
@@ -487,6 +513,7 @@ main(int ac, char **av)
 	pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
 	pwcopy.pw_uid = pw->pw_uid;
 	pwcopy.pw_gid = pw->pw_gid;
+	pwcopy.pw_class = xstrdup(pw->pw_class);
 	pwcopy.pw_dir = xstrdup(pw->pw_dir);
 	pwcopy.pw_shell = xstrdup(pw->pw_shell);
 	pwcopy.pw_class = xstrdup(pw->pw_class);
@@ -622,7 +649,7 @@ main(int ac, char **av)
 	 */
 	snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR);
 	if (stat(buf, &st) < 0)
-		if (mkdir(buf, 0755) < 0)
+		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
 
 	/* Check if the connection failed, and try "rsh" if appropriate. */
@@ -679,17 +706,17 @@ x11_get_proto(char *proto, int proto_len, char *data, int data_len)
 	FILE *f;
 	int got_data = 0, i;
 
-#ifdef XAUTH_PATH
-	/* Try to get Xauthority information for the display. */
-	snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null",
-		 XAUTH_PATH, getenv("DISPLAY"));
-	f = popen(line, "r");
-	if (f && fgets(line, sizeof(line), f) &&
-	    sscanf(line, "%*s %s %s", proto, data) == 2)
-		got_data = 1;
-	if (f)
-		pclose(f);
-#endif /* XAUTH_PATH */
+	if (options.xauth_location) {
+		/* Try to get Xauthority information for the display. */
+		snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null",
+		    options.xauth_location, getenv("DISPLAY"));
+		f = popen(line, "r");
+		if (f && fgets(line, sizeof(line), f) &&
+		    sscanf(line, "%*s %s %s", proto, data) == 2)
+			got_data = 1;
+		if (f)
+			pclose(f);
+	}
 	/*
 	 * If we didn't get authentication data, just make up some
 	 * data.  The forwarding code will check the validity of the
@@ -871,7 +898,7 @@ ssh_session(void)
 	}
 
 	/* Enter the interactive session. */
-	return client_loop(have_tty, tty_flag ? options.escape_char : -1);
+	return client_loop(have_tty, tty_flag ? options.escape_char : -1, 0);
 }
 
 void
@@ -954,31 +981,40 @@ int
 ssh_session2(void)
 {
 	int window, packetmax, id;
-	int in  = dup(STDIN_FILENO);
-	int out = dup(STDOUT_FILENO);
-	int err = dup(STDERR_FILENO);
+	int in, out, err;
+
+	if (stdin_null_flag) {
+		in = open("/dev/null", O_RDONLY);
+	} else {
+		in = dup(STDIN_FILENO);
+	}
+	out = dup(STDOUT_FILENO);
+	err = dup(STDERR_FILENO);
 
 	if (in < 0 || out < 0 || err < 0)
-		fatal("dump in/out/err failed");
+		fatal("dup() in/out/err failed");
 
 	/* should be pre-session */
 	init_local_fwd();
 	
-	window = 32*1024;
-	if (tty_flag) {
-		packetmax = window/8;
-	} else {
+	/* If requested, let ssh continue in the background. */
+	if (fork_after_authentication_flag)
+		if (daemon(1, 1) < 0)
+			fatal("daemon() failed: %.200s", strerror(errno));
+
+	window = CHAN_SES_WINDOW_DEFAULT;
+	packetmax = CHAN_SES_PACKET_DEFAULT;
+	if (!tty_flag) {
 		window *= 2;
-		packetmax = window/2;
+		packetmax *=2;
 	}
-
 	id = channel_new(
 	    "session", SSH_CHANNEL_OPENING, in, out, err,
-	    window, packetmax, CHAN_EXTENDED_WRITE, xstrdup("client-session"));
-
+	    window, packetmax, CHAN_EXTENDED_WRITE,
+	    xstrdup("client-session"));
 
 	channel_open(id);
 	channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0);
 
-	return client_loop(tty_flag, tty_flag ? options.escape_char : -1);
+	return client_loop(tty_flag, tty_flag ? options.escape_char : -1, id);
 }