system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 10:19:04 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/crypto/openssh/openbsd-compat/bsd-openpty.c
Ed Maste 1323ec5712 ssh: update to OpenSSH v8.9p1 
Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

 * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
   restricting forwarding and use of keys added to ssh-agent(1)

 * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
   ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
   default KEXAlgorithms list (after the ECDH methods but before the
   prime-group DH ones). The next release of OpenSSH is likely to
   make this key exchange the default method.

 * sshd(8), portable OpenSSH only: this release removes in-built
   support for MD5-hashed passwords. If you require these on your
   system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2022-04-13 16:00:56 -04:00

241 lines
6.3 KiB
C
Raw Blame History

/*
* Please note: this implementation of openpty() is far from complete.
* it is just enough for portable OpenSSH's needs.
*/
/*
* Copyright (c) 2004 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Allocating a pseudo-terminal, and making it the controlling tty.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#include "includes.h"
#if !defined(HAVE_OPENPTY)
#include <sys/types.h>
#include <stdlib.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
#endif
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif
#ifdef HAVE_UTIL_H
# include <util.h>
#endif /* HAVE_UTIL_H */
#ifdef HAVE_PTY_H
# include <pty.h>
#endif
#if defined(HAVE_DEV_PTMX) && defined(HAVE_SYS_STROPTS_H)
# include <sys/stropts.h>
#endif
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include "misc.h"
#include "log.h"
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
#if defined(HAVE_DEV_PTMX) && !defined(HAVE__GETPTY)
static int
openpty_streams(int *amaster, int *aslave)
{
/*
* This code is used e.g. on Solaris 2.x. (Note that Solaris 2.3
* also has bsd-style ptys, but they simply do not work.)
*/
int ptm;
char *pts;
sshsig_t old_signal;
if ((ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1)
return (-1);
/* XXX: need to close ptm on error? */
old_signal = ssh_signal(SIGCHLD, SIG_DFL);
if (grantpt(ptm) < 0)
return (-1);
ssh_signal(SIGCHLD, old_signal);
if (unlockpt(ptm) < 0)
return (-1);
if ((pts = ptsname(ptm)) == NULL)
return (-1);
*amaster = ptm;
/* Open the slave side. */
if ((*aslave = open(pts, O_RDWR | O_NOCTTY)) == -1) {
close(*amaster);
return (-1);
}
# if defined(I_FIND) && defined(__SVR4)
/*
* If the streams modules have already been pushed then there
* is no more work to do here.
*/
if (ioctl(*aslave, I_FIND, "ptem") != 0)
return 0;
# endif
/*
* Try to push the appropriate streams modules, as described
* in Solaris pts(7).
*/
ioctl(*aslave, I_PUSH, "ptem");
ioctl(*aslave, I_PUSH, "ldterm");
# ifndef __hpux
ioctl(*aslave, I_PUSH, "ttcompat");
# endif /* __hpux */
return (0);
}
#endif
int
openpty(int *amaster, int *aslave, char *name, struct termios *termp,
struct winsize *winp)
{
#if defined(HAVE__GETPTY)
/*
* _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more
* pty's automagically when needed
*/
char *slave;
if ((slave = _getpty(amaster, O_RDWR, 0622, 0)) == NULL)
return (-1);
/* Open the slave side. */
if ((*aslave = open(slave, O_RDWR | O_NOCTTY)) == -1) {
close(*amaster);
return (-1);
}
return (0);
#elif defined(HAVE_DEV_PTMX)
#ifdef SSHD_ACQUIRES_CTTY
/*
* On some (most? all?) SysV based systems with STREAMS based terminals,
* sshd will acquire a controlling terminal when it pushes the "ptem"
* module. On such platforms, first allocate a sacrificial pty so
* that sshd already has a controlling terminal before allocating the
* one that will be passed back to the user process. This ensures
* the second pty is not already the controlling terminal for a
* different session and is available to become controlling terminal
* for the client's subprocess. See bugzilla #245 for details.
*/
int r, fd;
static int junk_ptyfd = -1, junk_ttyfd;
r = openpty_streams(amaster, aslave);
if (junk_ptyfd == -1 && (fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) >= 0) {
close(fd);
junk_ptyfd = *amaster;
junk_ttyfd = *aslave;
debug("STREAMS bug workaround pty %d tty %d name %s",
junk_ptyfd, junk_ttyfd, ttyname(junk_ttyfd));
} else
return r;
#endif
return openpty_streams(amaster, aslave);
#elif defined(HAVE_DEV_PTS_AND_PTC)
/* AIX-style pty code. */
const char *ttname;
if ((*amaster = open("/dev/ptc", O_RDWR | O_NOCTTY)) == -1)
return (-1);
if ((ttname = ttyname(*amaster)) == NULL)
return (-1);
if ((*aslave = open(ttname, O_RDWR | O_NOCTTY)) == -1) {
close(*amaster);
return (-1);
}
return (0);
#else
/* BSD-style pty code. */
char ptbuf[64], ttbuf[64];
int i;
const char *ptymajors = "pqrstuvwxyzabcdefghijklmno"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ";
const char *ptyminors = "0123456789abcdef";
int num_minors = strlen(ptyminors);
int num_ptys = strlen(ptymajors) * num_minors;
struct termios tio;
for (i = 0; i < num_ptys; i++) {
snprintf(ptbuf, sizeof(ptbuf), "/dev/pty%c%c",
ptymajors[i / num_minors], ptyminors[i % num_minors]);
snprintf(ttbuf, sizeof(ttbuf), "/dev/tty%c%c",
ptymajors[i / num_minors], ptyminors[i % num_minors]);
if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1) {
/* Try SCO style naming */
snprintf(ptbuf, sizeof(ptbuf), "/dev/ptyp%d", i);
snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%d", i);
if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1)
continue;
}
/* Open the slave side. */
if ((*aslave = open(ttbuf, O_RDWR | O_NOCTTY)) == -1) {
close(*amaster);
return (-1);
}
/* set tty modes to a sane state for broken clients */
if (tcgetattr(*amaster, &tio) != -1) {
tio.c_lflag |= (ECHO | ISIG | ICANON);
tio.c_oflag |= (OPOST | ONLCR);
tio.c_iflag |= ICRNL;
tcsetattr(*amaster, TCSANOW, &tio);
}
return (0);
}
return (-1);
#endif
}
#endif /* !defined(HAVE_OPENPTY) */
Reference in a new issue View git blame Copy permalink