summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/authfd.c116
-rw-r--r--usr.bin/ssh/authfd.h13
-rw-r--r--usr.bin/ssh/channels.c84
-rw-r--r--usr.bin/ssh/ssh-agent.126
-rw-r--r--usr.bin/ssh/ssh-agent.c64
-rw-r--r--usr.bin/ssh/ssh.115
-rw-r--r--usr.bin/ssh/ssh.c4
-rw-r--r--usr.bin/ssh/ssh.h4
-rw-r--r--usr.bin/ssh/sshconnect.c10
-rw-r--r--usr.bin/ssh/sshd.c9
-rw-r--r--usr.bin/ssh/version.h2
11 files changed, 80 insertions, 267 deletions
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c
index 6fc51c347b6..b70a824a2c1 100644
--- a/usr.bin/ssh/authfd.c
+++ b/usr.bin/ssh/authfd.c
@@ -14,7 +14,7 @@ Functions for connecting the local authentication agent.
*/
#include "includes.h"
-RCSID("$Id: authfd.c,v 1.7 1999/10/05 22:18:52 markus Exp $");
+RCSID("$Id: authfd.c,v 1.8 1999/10/14 18:17:41 markus Exp $");
#include "ssh.h"
#include "rsa.h"
@@ -29,7 +29,7 @@ RCSID("$Id: authfd.c,v 1.7 1999/10/05 22:18:52 markus Exp $");
/* Returns the number of the authentication fd, or -1 if there is none. */
int
-ssh_get_authentication_fd()
+ssh_get_authentication_socket()
{
const char *authsocket;
int sock;
@@ -57,7 +57,7 @@ ssh_get_authentication_fd()
/* Closes the agent socket if it should be closed (depends on how it was
obtained). The argument must have been returned by
- ssh_get_authentication_fd(). */
+ ssh_get_authentication_socket(). */
void ssh_close_authentication_socket(int sock)
{
@@ -65,95 +65,6 @@ void ssh_close_authentication_socket(int sock)
close(sock);
}
-/* Dummy alarm used to prevent waiting for connection from the
- authentication agent indefinitely. */
-
-static void dummy_alarm_handler(int sig)
-{
- /* Do nothing; a cought signal will just cause accept to return. */
-}
-
-/* Opens a socket to the authentication server. Returns the number of
- that socket, or -1 if no connection could be made. */
-
-int ssh_get_authentication_connection_fd()
-{
- int authfd;
- int listen_sock, sock, port, addrlen;
- int old_timeout;
- void (*old_handler)();
- struct sockaddr_in sin;
- char msg[3];
-
- /* Get the the socket number from the environment. This is the socket
- used to obtain the real authentication socket. */
- authfd = ssh_get_authentication_fd();
- if (authfd == -1)
- return -1;
-
- /* Create a local socket for listening. */
- listen_sock = socket(AF_INET, SOCK_STREAM, 0);
- if (listen_sock == -1)
- {
- ssh_close_authentication_socket(authfd);
- return -1;
- }
-
- /* Bind the socket to random unprivileged port. */
- memset(&sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
- do
- {
- port = 32768 + (rand() % 30000);
- sin.sin_port = htons(port);
- }
- while (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0 &&
- errno == EADDRINUSE);
-
- /* Start listening for connections on the socket. */
- if (listen(listen_sock, 1) < 0)
- {
- error("listen: %.100s", strerror(errno));
- close(listen_sock);
- ssh_close_authentication_socket(authfd);
- return -1;
- }
-
- /* Send a message to the authentication fd requesting the agent or its
- local representative to connect to the given socket. Note that
- we use send() to get the packet sent atomically (there can be several
- clients trying to use the same authentication fd simultaneously). */
- msg[0] = (char)SSH_AUTHFD_CONNECT;
- PUT_16BIT(msg + 1, port);
- if (send(authfd, msg, 3, 0) < 0)
- {
- shutdown(listen_sock, SHUT_RDWR);
- close(listen_sock);
- ssh_close_authentication_socket(authfd);
- return -1;
- }
-
- /* Setup a timeout so we won't wait for the connection indefinitely. */
- old_timeout = alarm(120);
- old_handler = signal(SIGALRM, dummy_alarm_handler);
-
- /* Wait for the connection from the agent or its representative. */
- addrlen = sizeof(sin);
- sock = accept(listen_sock, (struct sockaddr *)&sin, &addrlen);
-
- /* Remove the alarm (restore its old values). */
- alarm(old_timeout);
- signal(SIGALRM, old_handler);
-
- /* Close the socket we used for listening. It is no longer needed.
- (The authentication fd and the new connection still remain open.) */
- shutdown(listen_sock, SHUT_RDWR);
- close(listen_sock);
- ssh_close_authentication_socket(authfd);
-
- return sock;
-}
-
/* Opens and connects a private socket for communication with the
authentication agent. Returns the file descriptor (which must be
shut down and closed by the caller when no longer needed).
@@ -165,8 +76,7 @@ AuthenticationConnection *ssh_get_authentication_connection()
AuthenticationConnection *auth;
int sock;
- /* Get a connection to the authentication agent. */
- sock = ssh_get_authentication_connection_fd();
+ sock = ssh_get_authentication_socket();
/* Fail if we couldn't obtain a connection. This happens if we exited
due to a timeout. */
@@ -191,6 +101,8 @@ void ssh_close_authentication_connection(AuthenticationConnection *ac)
buffer_free(&ac->packet);
buffer_free(&ac->identities);
close(ac->fd);
+ /* Free the connection data structure. */
+ xfree(ac);
}
/* Returns the first authentication identity held by the agent.
@@ -651,19 +563,3 @@ int ssh_remove_all_identities(AuthenticationConnection *auth)
/*NOTREACHED*/
return 0;
}
-
-/* Closes the connection to the authentication agent. */
-
-void ssh_close_authentication(AuthenticationConnection *auth)
-{
- /* Close the connection. */
- shutdown(auth->fd, SHUT_RDWR);
- close(auth->fd);
-
- /* Free the buffers. */
- buffer_free(&auth->packet);
- buffer_free(&auth->identities);
-
- /* Free the connection data structure. */
- xfree(auth);
-}
diff --git a/usr.bin/ssh/authfd.h b/usr.bin/ssh/authfd.h
index f889830b820..5f362e02a74 100644
--- a/usr.bin/ssh/authfd.h
+++ b/usr.bin/ssh/authfd.h
@@ -13,16 +13,13 @@ Functions to interface with the SSH_AUTHENTICATION_FD socket.
*/
-/* RCSID("$Id: authfd.h,v 1.2 1999/09/28 04:45:35 provos Exp $"); */
+/* RCSID("$Id: authfd.h,v 1.3 1999/10/14 18:17:42 markus Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
#include "buffer.h"
-/* Message types for SSH_AUTHENTICATION_FD socket. */
-#define SSH_AUTHFD_CONNECT 0xf0
-
/* Messages for the authentication agent connection. */
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
@@ -43,17 +40,13 @@ typedef struct
} AuthenticationConnection;
/* Returns the number of the authentication fd, or -1 if there is none. */
-int ssh_get_authentication_fd();
+int ssh_get_authentication_socket();
/* This should be called for any descriptor returned by
- ssh_get_authentication_fd(). Depending on the way the descriptor was
+ ssh_get_authentication_socket(). Depending on the way the descriptor was
obtained, this may close the descriptor. */
void ssh_close_authentication_socket(int authfd);
-/* Opens a socket to the authentication server. Returns the number of
- that socket, or -1 if no connection could be made. */
-int ssh_get_authentication_connection_fd();
-
/* Opens and connects a private socket for communication with the
authentication agent. Returns NULL if an error occurred and the
connection could not be opened. The connection should be closed by
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 7b70f115df9..a0eb88f6c91 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.12 1999/10/05 22:18:52 markus Exp $");
+RCSID("$Id: channels.c,v 1.13 1999/10/14 18:17:42 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -36,9 +36,9 @@ RCSID("$Id: channels.c,v 1.12 1999/10/05 22:18:52 markus Exp $");
#define SSH_CHANNEL_OPENING 3 /* waiting for confirmation */
#define SSH_CHANNEL_OPEN 4 /* normal open two-way channel */
#define SSH_CHANNEL_CLOSED 5 /* waiting for close confirmation */
-#define SSH_CHANNEL_AUTH_FD 6 /* authentication fd */
+/* SSH_CHANNEL_AUTH_FD 6 authentication fd */
#define SSH_CHANNEL_AUTH_SOCKET 7 /* authentication socket */
-#define SSH_CHANNEL_AUTH_SOCKET_FD 8 /* connection to auth socket */
+/* SSH_CHANNEL_AUTH_SOCKET_FD 8 connection to auth socket */
#define SSH_CHANNEL_X11_OPEN 9 /* reading first X11 packet */
#define SSH_CHANNEL_INPUT_DRAINING 10 /* sending remaining data to conn */
#define SSH_CHANNEL_OUTPUT_DRAINING 11 /* sending remaining data to app */
@@ -222,8 +222,6 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset)
case SSH_CHANNEL_X11_LISTENER:
case SSH_CHANNEL_PORT_LISTENER:
case SSH_CHANNEL_AUTH_SOCKET:
- case SSH_CHANNEL_AUTH_SOCKET_FD:
- case SSH_CHANNEL_AUTH_FD:
FD_SET(ch->sock, readset);
break;
@@ -350,7 +348,7 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset)
void channel_after_select(fd_set *readset, fd_set *writeset)
{
struct sockaddr addr;
- int addrlen, newsock, i, newch, len, port;
+ int addrlen, newsock, i, newch, len;
Channel *ch;
char buf[16384], *remote_hostname;
@@ -417,40 +415,25 @@ void channel_after_select(fd_set *readset, fd_set *writeset)
}
break;
- case SSH_CHANNEL_AUTH_FD:
- /* This is the authentication agent file descriptor. It is used to
- obtain the real connection to the agent. */
- case SSH_CHANNEL_AUTH_SOCKET_FD:
- /* This is the temporary connection obtained by connecting the
- authentication agent socket. */
- if (FD_ISSET(ch->sock, readset))
- {
- len = recv(ch->sock, buf, sizeof(buf), 0);
- if (len <= 0)
- {
- channel_free(i);
- break;
- }
- if (len != 3 || (unsigned char)buf[0] != SSH_AUTHFD_CONNECT)
- break; /* Ignore any messages of wrong length or type. */
- port = 256 * (unsigned char)buf[1] + (unsigned char)buf[2];
- packet_start(SSH_SMSG_AGENT_OPEN);
- packet_put_int(port);
- packet_send();
- }
- break;
-
case SSH_CHANNEL_AUTH_SOCKET:
/* This is the authentication agent socket listening for connections
from clients. */
if (FD_ISSET(ch->sock, readset))
{
+ int nchan;
len = sizeof(addr);
newsock = accept(ch->sock, &addr, &len);
if (newsock < 0)
- error("Accept from authentication socket failed");
- (void)channel_allocate(SSH_CHANNEL_AUTH_SOCKET_FD, newsock,
+ {
+ error("accept from auth socket: %.100s", strerror(errno));
+ break;
+ }
+
+ nchan = channel_allocate(SSH_CHANNEL_OPENING, newsock,
xstrdup("accepted auth socket"));
+ packet_start(SSH_SMSG_AGENT_OPEN);
+ packet_put_int(nchan);
+ packet_send();
}
break;
@@ -592,8 +575,6 @@ int channel_not_very_much_buffered_data()
case SSH_CHANNEL_X11_LISTENER:
case SSH_CHANNEL_PORT_LISTENER:
case SSH_CHANNEL_AUTH_SOCKET:
- case SSH_CHANNEL_AUTH_SOCKET_FD:
- case SSH_CHANNEL_AUTH_FD:
continue;
case SSH_CHANNEL_OPEN:
if (buffer_len(&ch->input) > 32768)
@@ -762,9 +743,7 @@ int channel_still_open()
case SSH_CHANNEL_X11_LISTENER:
case SSH_CHANNEL_PORT_LISTENER:
case SSH_CHANNEL_CLOSED:
- case SSH_CHANNEL_AUTH_FD:
case SSH_CHANNEL_AUTH_SOCKET:
- case SSH_CHANNEL_AUTH_SOCKET_FD:
continue;
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_OPEN:
@@ -799,9 +778,7 @@ char *channel_open_message()
case SSH_CHANNEL_X11_LISTENER:
case SSH_CHANNEL_PORT_LISTENER:
case SSH_CHANNEL_CLOSED:
- case SSH_CHANNEL_AUTH_FD:
case SSH_CHANNEL_AUTH_SOCKET:
- case SSH_CHANNEL_AUTH_SOCKET_FD:
continue;
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_OPEN:
@@ -1437,22 +1414,26 @@ void auth_input_request_forwarding(struct passwd *pw)
void auth_input_open_request()
{
- int port, sock, newch;
+ int remch, sock, newch;
char *dummyname;
- /* Read the port number from the message. */
- port = packet_get_int();
+ /* Read the remote channel number from the message. */
+ remch = packet_get_int();
/* Get a connection to the local authentication agent (this may again get
forwarded). */
- sock = ssh_get_authentication_connection_fd();
+ sock = ssh_get_authentication_socket();
- /* If we could not connect the agent, just return. This will cause the
- client to timeout and fail. This should never happen unless the agent
+ /* If we could not connect the agent, send an error message back to
+ the server. This should never happen unless the agent
dies, because authentication forwarding is only enabled if we have an
agent. */
- if (sock < 0)
+ if (sock < 0){
+ packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
+ packet_put_int(remch);
+ packet_send();
return;
+ }
debug("Forwarding authentication connection.");
@@ -1461,15 +1442,12 @@ void auth_input_open_request()
yet be freed at that point. */
dummyname = xstrdup("authentication agent connection");
- /* Allocate a channel for the new connection. */
- newch = channel_allocate(SSH_CHANNEL_OPENING, sock, dummyname);
-
- /* Fake a forwarding request. */
- packet_start(SSH_MSG_PORT_OPEN);
+ newch = channel_allocate(SSH_CHANNEL_OPEN, sock, dummyname);
+ channels[newch].remote_id = remch;
+
+ /* Send a confirmation to the remote host. */
+ packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
+ packet_put_int(remch);
packet_put_int(newch);
- packet_put_string("localhost", strlen("localhost"));
- packet_put_int(port);
- if (have_hostname_in_open)
- packet_put_string(dummyname, strlen(dummyname));
packet_send();
}
diff --git a/usr.bin/ssh/ssh-agent.1 b/usr.bin/ssh/ssh-agent.1
index a9ae86224ac..c69517d8492 100644
--- a/usr.bin/ssh/ssh-agent.1
+++ b/usr.bin/ssh/ssh-agent.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 23 20:10:43 1995 ylo
.\"
-.\" $Id: ssh-agent.1,v 1.3 1999/10/02 13:10:26 deraadt Exp $
+.\" $Id: ssh-agent.1,v 1.4 1999/10/14 18:17:42 markus Exp $
.\"
.Dd September 25, 1999
.Dt SSH-AGENT 1
@@ -58,27 +58,15 @@ However, the connection to the agent is forwarded over SSH
remote logins, and the user can thus use the privileges given by the
identities anywhere in the network in a secure way.
.Pp
-A connection to the agent is inherited by child programs.
-There are two alternative
-methods for inheriting the agent. The preferred method is to have an
-open file descriptor which is inherited, and have an environment
-variable
-.Pq Ev SSH_AUTHENTICATION_FD
-contain the number of this
-descriptor. This restricts access to the authentication agent to only
-those programs that are siblings of the agent, and it is fairly
-difficult even for root to get unauthorized access to the agent.
-.Pp
-On some machines, an alternative method is used. A unix-domain
-socket is created
-.Pq Pa /tmp/ssh_agent.* ,
+A connection to the agent is inherited by child programs:
+A unix-domain socket is created
+.Pq Pa /tmp/ssh-XXXX/agent.<pid> ,
and the name of this socket is stored in the
-.Ev SSH_AUTHENTICATION_SOCKET
+.Ev SSH_AUTH_SOCKET
environment
variable. The socket is made accessible only to the current user.
This method is easily abused by root or another instance of the same
-user. The socket is only used if ssh is unable to find a file
-descriptor that would not be closed by shells.
+user.
.Pp
The agent exits automatically when the command given on the command
line terminates.
@@ -94,7 +82,7 @@ is not used by
but is normally added to the agent using
.Xr ssh-add 1
at login time.
-.It Pa /tmp/ssh_agent.<pid>
+.It Pa /tmp/ssh-XXXX/agent.<pid> ,
Unix-domain sockets used to contain the connection to the
authentication agent. These sockets should only be readable by the
owner. The sockets should get automatically removed when the agent
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 24ad6179513..9d2ad675e53 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -14,7 +14,7 @@ The authentication agent program.
*/
#include "includes.h"
-RCSID("$Id: ssh-agent.c,v 1.11 1999/10/07 22:46:32 markus Exp $");
+RCSID("$Id: ssh-agent.c,v 1.12 1999/10/14 18:17:42 markus Exp $");
#include "ssh.h"
#include "rsa.h"
@@ -31,8 +31,7 @@ RCSID("$Id: ssh-agent.c,v 1.11 1999/10/07 22:46:32 markus Exp $");
typedef struct
{
int fd;
- enum { AUTH_UNUSED, AUTH_FD, AUTH_SOCKET, AUTH_SOCKET_FD,
- AUTH_CONNECTION } type;
+ enum { AUTH_UNUSED, AUTH_SOCKET, AUTH_CONNECTION } type;
Buffer input;
Buffer output;
} SocketEntry;
@@ -324,6 +323,7 @@ process_message(SocketEntry *e)
return;
buffer_consume(&e->input, 4);
type = buffer_get_char(&e->input);
+
switch (type)
{
case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
@@ -391,10 +391,8 @@ prepare_select(fd_set *readset, fd_set *writeset)
for (i = 0; i < sockets_alloc; i++)
switch (sockets[i].type)
{
- case AUTH_FD:
- case AUTH_CONNECTION:
case AUTH_SOCKET:
- case AUTH_SOCKET_FD:
+ case AUTH_CONNECTION:
FD_SET(sockets[i].fd, readset);
if (buffer_len(&sockets[i].output) > 0)
FD_SET(sockets[i].fd, writeset);
@@ -410,9 +408,8 @@ prepare_select(fd_set *readset, fd_set *writeset)
void after_select(fd_set *readset, fd_set *writeset)
{
unsigned int i;
- int len, sock, port;
+ int len, sock;
char buf[1024];
- struct sockaddr_in sin;
struct sockaddr_un sunaddr;
for (i = 0; i < sockets_alloc; i++)
@@ -420,39 +417,6 @@ void after_select(fd_set *readset, fd_set *writeset)
{
case AUTH_UNUSED:
break;
- case AUTH_FD:
- if (FD_ISSET(sockets[i].fd, readset))
- {
- len = recv(sockets[i].fd, buf, sizeof(buf), 0);
- if (len <= 0)
- { /* All instances of the other side have been closed. */
- log("Authentication agent exiting.");
- exit(0);
- }
- process_auth_fd_input:
- if (len != 3 || (unsigned char)buf[0] != SSH_AUTHFD_CONNECT)
- break; /* Incorrect message; ignore it. */
- /* It is a connection request message. */
- port = (unsigned char)buf[1] * 256 + (unsigned char)buf[2];
- memset(&sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = htonl(0x7f000001); /* localhost */
- sin.sin_port = htons(port);
- sock = socket(AF_INET, SOCK_STREAM, 0);
- if (sock < 0)
- {
- perror("socket");
- break;
- }
- if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
- {
- perror("connecting to port requested in authfd message");
- close(sock);
- break;
- }
- new_socket(AUTH_CONNECTION, sock);
- }
- break;
case AUTH_SOCKET:
if (FD_ISSET(sockets[i].fd, readset))
{
@@ -463,21 +427,7 @@ void after_select(fd_set *readset, fd_set *writeset)
perror("accept from AUTH_SOCKET");
break;
}
- new_socket(AUTH_SOCKET_FD, sock);
- }
- break;
- case AUTH_SOCKET_FD:
- if (FD_ISSET(sockets[i].fd, readset))
- {
- len = recv(sockets[i].fd, buf, sizeof(buf), 0);
- if (len <= 0)
- { /* The other side has closed the socket. */
- shutdown(sockets[i].fd, SHUT_RDWR);
- close(sockets[i].fd);
- sockets[i].type = AUTH_UNUSED;
- break;
- }
- goto process_auth_fd_input;
+ new_socket(AUTH_CONNECTION, sock);
}
break;
case AUTH_CONNECTION:
@@ -568,7 +518,7 @@ main(int ac, char **av)
the authentication agent. */
if (fork() != 0)
{ /* Parent - execute the given command. */
- setenv("SSH_AUTHENTICATION_SOCKET", socket_name, 1);
+ setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1);
execvp(av[1], av + 1);
perror(av[1]);
exit(1);
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index 35df1040a50..ab7da01c501 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: ssh.1,v 1.16 1999/10/12 21:04:22 markus Exp $
+.\" $Id: ssh.1,v 1.17 1999/10/14 18:17:42 markus Exp $
.\"
.Dd September 25, 1999
.Dt SSH 1
@@ -745,16 +745,9 @@ Set to the default
.Ev PATH ,
as specified when compiling
.Nm ssh .
-.It Ev SSH_AUTHENTICATION_FD
-This is set to an integer value if you are using the authentication
-agent and a connection to it has been forwarded. The value indicates
-a file descriptor number used for communicating with the agent. On
-some systems,
-.Ev SSH_AUTHENTICATION_SOCKET
-may be used instead to
-indicate the path of a unix-domain socket used to communicate with the
-agent (this method is less secure, and is only used on systems that
-don't support the first method).
+.It Ev SSH_AUTH_SOCKET
+indicates the path of a unix-domain socket used to communicate with the
+agent.
.It Ev SSH_CLIENT
Identifies the client end of the connection. The variable contains
three space-separated values: client ip-address, client port number,
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 9fce3199b8b..163eb8787cf 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.23 1999/10/12 21:04:22 markus Exp $");
+RCSID("$Id: ssh.c,v 1.24 1999/10/14 18:17:42 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -736,7 +736,7 @@ main(int ac, char **av)
packet_set_interactive(interactive, options.keepalives);
/* Clear agent forwarding if we don\'t have an agent. */
- authfd = ssh_get_authentication_fd();
+ authfd = ssh_get_authentication_socket();
if (authfd < 0)
options.forward_agent = 0;
else
diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h
index e638acfef6b..d7a568fa555 100644
--- a/usr.bin/ssh/ssh.h
+++ b/usr.bin/ssh/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
*/
-/* RCSID("$Id: ssh.h,v 1.10 1999/10/11 20:00:36 markus Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.11 1999/10/14 18:17:42 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
@@ -118,7 +118,7 @@ only by root, whereas ssh_config should be world-readable. */
/* Name of the environment variable containing the pathname of the
authentication socket. */
-#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTHENTICATION_SOCKET"
+#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCKET"
/* Force host key length and server key length to differ by at least this
many bits. This is to make double encryption with rsaref work. */
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index c7167568a0d..29b16b31d63 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -15,7 +15,7 @@ login (authentication) dialog.
*/
#include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.16 1999/10/06 20:07:42 dugsong Exp $");
+RCSID("$Id: sshconnect.c,v 1.17 1999/10/14 18:17:42 markus Exp $");
#include <ssl/bn.h>
#include "xmalloc.h"
@@ -886,6 +886,7 @@ void ssh_exchange_identification()
int remote_major, remote_minor, i;
int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out();
+ extern Options options;
/* Read other side\'s version identification. */
for (i = 0; i < sizeof(buf) - 1; i++)
@@ -913,6 +914,13 @@ void ssh_exchange_identification()
fatal("Bad remote protocol version identification: '%.100s'", buf);
debug("Remote protocol version %d.%d, remote software version %.100s",
remote_major, remote_minor, remote_version);
+
+ if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0)
+ {
+ log("Agent forwarding disabled, remote version is not '%s'.",
+ SSH_VERSION);
+ options.forward_agent = 0;
+ }
#if 0
/* Removed for now, to permit compatibility with latter versions. The server
will reject our version and disconnect if it doesn't support it. */
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 74744bce259..604fd9c0098 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -18,7 +18,7 @@ agent connections.
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.30 1999/10/12 18:11:55 markus Exp $");
+RCSID("$Id: sshd.c,v 1.31 1999/10/14 18:17:42 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -713,6 +713,13 @@ main(int ac, char **av)
if (remote_major == 1 && remote_minor == 0)
packet_disconnect("Your ssh version is too old and is no longer supported. Please install a newer version.");
+ if (strcmp(remote_version, SSH_VERSION) != 0)
+ {
+ debug("Agent forwarding disabled, remote version is not '%s'.",
+ SSH_VERSION);
+ no_agent_forwarding_flag = 1;
+ }
+
/* Check whether logins are permitted from this host. */
if (options.num_allow_hosts > 0)
{
diff --git a/usr.bin/ssh/version.h b/usr.bin/ssh/version.h
index beca9efff36..2d83dc3983d 100644
--- a/usr.bin/ssh/version.h
+++ b/usr.bin/ssh/version.h
@@ -1 +1 @@
-#define SSH_VERSION "OpenSSH-1.0"
+#define SSH_VERSION "OpenSSH-1.1"