This isn't related to the snapshot, but mention of it reminded me to submit these changes. I added a few things, and made a couple small changes; here's a list of what the patch includes: - adds a "-1" argument to ssh and ssh.1 to force protocol1, similar to the existing "-2" argument. - adds "-1" and "-2" to scp and scp.1 as well. - adds "-S" to scp.1 "Synopsis" argument list; it was described in the body, but wasn't included in the list of options at the top. - in configure.in, removed "-L/usr/ucblib -R/usr/ucblib" from the LDFLAGS for solaris, as it has been my experience that one generally does _not_ want to use any of the UCB-compat libraries under Solaris - that it usually causes more problems than anything else. Everything should work fine using svr4 interfaces, and I didn't notice any problems with compile or execution without ucblib. The only caveat is that it may actually be required with older solaris versions; I'm not sure about those (2.4 and below). - in the getopt-handling section of scp.c, there were comment headers that seemed to split the arguments into "Server options" and "User-visible flags". However, there appeared to be a number of "user" options added to the end of the list, appearing under the "server options" comment. I put all the user options together, and moved the server options (df:t:) to the top, so that if new options are added at the bottom, they'll be in user section rather than the server section. - on startup, have sshd log the PAM service it's going to recognize. I had a situation with machines using different strings (sometimes the default "sshd", sometimes compiled with -DSSHD_PAM_SERVICE="ssh"), and I couldn't tell which the particular binary was looking for. Doing a 'strings' on the binary didn't help. :) So, I added a message to log this on startup, when compiled with PAM support. - in auth-pam.c:pamconv(), add support for PAM_ERROR_MSG. Also, in addition to appending messages to pam_msg, it sends errors and text_infos to the client as debug messages, and also log()'s error messages. I had a situation where a PAM module was trying to send an error to the user, but it was never being displayed. I also figured it'd be nice to see them _immediately_ (when connecting with '-v'), as well as having them logged so the sysadmin can go back to see any errors if a user reported a problem logging in. - in configure.in, added an option "--without-progress-meter" to have scp default to not showing the progress meter, similar to "--disable-scp-stats" in recent versions of ssh-1.2.2x. Added a "-Q" option to scp and scp.1 to enable the meter, again similar to recent ssh-1.2. In my case, I use scp in a lot of scripts and things, and prefer to only see the progress meter in a subset of these situations. - also in scp, added a transfer rate display to the progress meter, as I had gotten used to the one in ssh-1.2 and missed it very much. :) I had to make room on the line, of course, and did that by: - pulling 2 characters from the filename - pulling 7 characters from the progress-bar - pulling 2 characters from the ETA time, by making times over 1 hour display as "hh:mm:" (with a trailing ':' to differentiate from "mm:ss") and leaving off the seconds (and changing "- stalled -" to "-stalled-"). I figured that, statistically speaking, most transfers probably take less than an hour, and so most of the time the space reserved for the "hh:" is just being wasted. I also figured that, if the transfer were going to be more than another hour, knowing the number of seconds wasn't much help, and thus didn't especially need to be displayed. It thus looks like: perl5.005_03.tar.g 72% |*************** | 2592 KB 530 KB/s 00:01 ETA This could easily be a configure option, if enough people don't want to see the transfer rate in the progress meter, but I figured it probably wouldn't be much of an issue, so I didn't add one to configure. Also, many times when watching the transfer rate, I found I was more interested in knowing the rate in bits/sec rather than in bytes/sec (since I know the speed of given networks in bits), so I added an option "-b" to scp and scp.1 to display in bits/sec instead of bytes. So: perl5.005_03.tar.g 84% |****************** | 3048 KB 4274 Kb/s 00:01 ETA - also in the progress meter, upon completion, I added a "FIN" in place of the "ETA". I sometimes found that, looking back in a window scrollback, I couldn't always tell if the transfer had succeeded, or if I'd hit CTRL-C, and just lost the "ETA" somewhere. Thus, I added the "FIN" so that (a) there was no question it had finished, and (b) it looked consistent with the in-progress display "ETA". So: perl5.005_03.tar.g 100% |**********************| 3592 KB 518 KB/s 00:07 FIN - in sshd's "Connection from" and "Closing connection" log messages, had them include the hostname as well, since that's generally more useful to me than the ipaddr. The ipaddr is still included, though, for completeness and security's sake. Also, when using libwrap, have it call eval_client() to evaluate and return the hostname. I also added the remote port to the "Closing" message, so that it could be correlated to the original connection. - also with sshd connection logging, I found that when using protocol2, it seems the daemon frequently exits with fatal_cleanup(), and execution doesn't return to main() to log the "connection closing" message. I don't understand the protocol well enough to know if there was a better way to have it handle the situation so that it actually does return to main. So, I did this: - added a routine log_connect_close() and pushed this with fatal_add_cleanup() to run on fatal_cleanup() - saved hostname, ipaddr, and port in global vars There's almost certainly a better way to do this, though. The attached patch is made against the openssh-SNAP-20000823 source. -- Will Day <PGP mail preferred> OIT / O&E / Technical Support willday at rom.oit.gatech.edu Georgia Tech, Atlanta 30332-0715 -> Opinions expressed are mine alone and do not reflect OIT policy <- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin, Pennsylvania Assembly, Nov. 11, 1755 -------------- next part -------------- *** ./ssh.c.orig Tue Aug 22 20:46:25 2000 --- ./ssh.c Thu Aug 24 11:12:51 2000 *************** *** 146,151 **** --- 146,152 ---- fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); fprintf(stderr, " -4 Use IPv4 only.\n"); fprintf(stderr, " -6 Use IPv6 only.\n"); + fprintf(stderr, " -1 Force protocol version 1.\n"); fprintf(stderr, " -2 Force protocol version 2.\n"); fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n"); exit(1); *************** *** 287,292 **** --- 288,296 ---- optarg = NULL; } switch (opt) { + case '1': + options.protocol = SSH_PROTO_1; + break; case '2': options.protocol = SSH_PROTO_2; break; *** ./sshd.c.orig Thu Aug 17 23:59:07 2000 --- ./sshd.c Thu Aug 24 15:30:16 2000 *************** *** 90,95 **** --- 90,101 ---- char **saved_argv; int saved_argc; + /* Save these for use from log_connect_close(), called on fatal_cleanup, + * to make sure connection-close is fully logged. */ + char saved_remote_hostname[200]; + char saved_remote_ipaddress[200]; + int saved_remote_port = 0; + /* * The sockets that the server is listening; this is used in the SIGHUP * signal handler. *************** *** 228,233 **** --- 234,248 ---- fatal("Timeout before authentication for %s.", get_remote_ipaddr()); } + void + log_connect_close(void *junk) + { + verbose("Closing connection to %.100s [%.100s] port %d", + saved_remote_hostname, saved_remote_ipaddress, + saved_remote_port); + return; + } + /* * Signal handler for the key regeneration alarm. Note that this * alarm only occurs in the daemon waiting for connections, and it does not *************** *** 451,456 **** --- 466,472 ---- struct sockaddr_storage from; const char *remote_ip; int remote_port; + const char *remote_hostname; FILE *f; struct linger linger; struct addrinfo *ai; *************** *** 753,758 **** --- 769,777 ---- } freeaddrinfo(options.listen_addrs); + #ifdef USE_PAM + log("Using PAM authentication service \"%s\".", SSHD_PAM_SERVICE); + #endif /* USE_PAM */ if (!num_listen_socks) fatal("Cannot bind any address."); *************** *** 975,980 **** --- 994,1000 ---- remote_port = get_remote_port(); remote_ip = get_remote_ipaddr(); + remote_hostname = get_canonical_hostname(); /* Check whether logins are denied from this host. */ #ifdef LIBWRAP *************** *** 990,1000 **** close(sock_out); refuse(&req); } /*XXX IPv6 verbose("Connection from %.500s port %d", eval_client(&req), remote_port); */ } #endif /* LIBWRAP */ /* Log the connection. */ ! verbose("Connection from %.500s port %d", remote_ip, remote_port); /* * We don\'t want to listen forever unless the other side --- 1010,1029 ---- close(sock_out); refuse(&req); } + snprintf(saved_remote_hostname, sizeof(saved_remote_hostname), + "%s", eval_client(&req)); /*XXX IPv6 verbose("Connection from %.500s port %d", eval_client(&req), remote_port); */ } + snprintf(saved_remote_hostname, sizeof(saved_remote_hostname), + "%s", remote_hostname); #endif /* LIBWRAP */ /* Log the connection. */ ! snprintf(saved_remote_ipaddress, sizeof(saved_remote_ipaddress), ! "%s", remote_ip); ! saved_remote_port=remote_port; ! verbose("Connection from %.100s [%.500s] port %d", ! saved_remote_hostname, saved_remote_ip, saved_remote_port); ! fatal_add_cleanup(log_connect_close, NULL); /* * We don\'t want to listen forever unless the other side *************** *** 1048,1054 **** #endif /* KRB4 */ /* The connection has been terminated. */ ! verbose("Closing connection to %.100s", remote_ip); #ifdef USE_PAM finish_pam(); --- 1077,1084 ---- #endif /* KRB4 */ /* The connection has been terminated. */ ! verbose("Closing connection to %.100s [%.100s] port %d", ! remote_hostname, remote_ip, remote_port); #ifdef USE_PAM finish_pam(); *** ./auth-pam.c.orig Sun Jul 9 08:42:33 2000 --- ./auth-pam.c Thu Aug 24 15:41:56 2000 *************** *** 77,89 **** reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = xstrdup(pampasswd); break; case PAM_TEXT_INFO: reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = xstrdup(""); ! ! if (msg[count]->msg != NULL) pam_msg_cat(msg[count]->msg); ! break; default: free(reply); --- 77,92 ---- reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = xstrdup(pampasswd); break; + case PAM_ERROR_MSG: case PAM_TEXT_INFO: reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = xstrdup(""); ! if (msg[count]->msg != NULL) { ! if(msg[count]->msg_style==PAM_ERROR_MSG) ! log(msg[count]->msg); ! packet_send_debug(msg[count]->msg); pam_msg_cat(msg[count]->msg); ! } break; default: free(reply); *** ./ssh.1.orig Thu Aug 17 23:59:06 2000 --- ./ssh.1 Thu Aug 24 11:02:14 2000 *************** *** 24,30 **** .Op Ar command .Pp .Nm ssh ! .Op Fl afgknqtvxACNPTX246 .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file --- 24,30 ---- .Op Ar command .Pp .Nm ssh ! .Op Fl afgknqtvxACNPTX1246 .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file *************** *** 512,517 **** --- 512,521 ---- Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. + .It Fl 1 + Forces + .Nm + to try protocol version 1 only. .It Fl 2 Forces .Nm *** ./scp.1.orig Tue Aug 22 20:46:24 2000 --- ./scp.1 Thu Aug 24 11:40:17 2000 *************** *** 19,25 **** .Nd secure copy (remote file copy program) .Sh SYNOPSIS .Nm scp ! .Op Fl pqrvC46 .Op Fl P Ar port .Op Fl c Ar cipher .Op Fl i Ar identity_file --- 19,25 ---- .Nd secure copy (remote file copy program) .Sh SYNOPSIS .Nm scp ! .Op Fl bpqrvCQS1246 .Op Fl P Ar port .Op Fl c Ar cipher .Op Fl i Ar identity_file *************** *** 86,93 **** --- 86,97 ---- debugging connection, authentication, and configuration problems. .It Fl B Selects batch mode (prevents asking for passwords or passphrases). + .It Fl Q + Enables the progress meter. .It Fl q Disables the progress meter. + .It Fl b + Show progress meter transfer rate in bits/sec rather than bytes/sec. .It Fl C Compression enable. Passes the *************** *** 108,113 **** --- 112,125 ---- understand .Xr ssh 1 options. + .It Fl 1 + Forces + .Nm + to use SSH Protocol v1 only. + .It Fl 2 + Forces + .Nm + to use SSH Protocol v2 only. .It Fl 4 Forces .Nm *** ./configure.in.orig Tue Aug 22 20:46:24 2000 --- ./configure.in Thu Aug 24 11:02:14 2000 *************** *** 134,140 **** ;; *-*-solaris*) CFLAGS="$CFLAGS -I/usr/local/include" ! LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib" need_dash_r=1 # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" --- 134,140 ---- ;; *-*-solaris*) CFLAGS="$CFLAGS -I/usr/local/include" ! LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" need_dash_r=1 # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" *************** *** 1097,1102 **** --- 1097,1119 ---- ] ) + # Display scp progress-meter by default or not + PROGRESS_METER="yes" + AC_MSG_CHECKING(whether to enable progress-meter by default) + AC_ARG_WITH(progress-meter, + [ --without-progress-meter Don't display scp progress-meter by default], + [ + if test "x$withval" = "xno" ; then + PROGRESS_METER="no" + AC_DEFINE(DEFAULT_NO_PROGRESS) + AC_MSG_RESULT(no) + else + PROGRESS_METER="yes" + AC_MSG_RESULT(yes) + fi + ] + ) + # Whether to mess with the default path SERVER_PATH_MSG="(default)" AC_ARG_WITH(default-path, *************** *** 1434,1439 **** --- 1451,1457 ---- echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Use IPv4 by default hack: $IPV4_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + echo " scp progress meter by default: $PROGRESS_METER" echo "" *** ./acconfig.h.orig Tue Aug 22 20:46:23 2000 --- ./acconfig.h Thu Aug 24 11:02:14 2000 *************** *** 248,253 **** --- 248,256 ---- /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ #undef IPV4_IN_IPV6 + /* Don't display scp progress meter by default */ + #undef DEFAULT_NO_PROGRESS + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ *** ./config.h.in.orig Tue Aug 22 21:45:36 2000 --- ./config.h.in Thu Aug 24 11:02:14 2000 *************** *** 235,240 **** --- 235,243 ---- /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ #undef IPV4_IN_IPV6 + /* Don't display scp progress meter by default */ + #undef DEFAULT_NO_PROGRESS + /* The number of bytes in a char. */ #undef SIZEOF_CHAR *** ./scp.c.orig Tue Aug 22 20:46:24 2000 --- ./scp.c Thu Aug 24 15:20:35 2000 *************** *** 91,104 **** /* This is set to non-zero if IPv6 is desired. */ int IPv6 = 0; /* This is set to non-zero to enable verbose mode. */ int verbose_mode = 0; /* This is set to non-zero if compression is desired. */ int compress_flag = 0; ! /* This is set to zero if the progressmeter is not desired. */ int showprogress = 1; /* This is set to non-zero if running in batch mode (that is, password and passphrase queries are not allowed). */ --- 91,114 ---- /* This is set to non-zero if IPv6 is desired. */ int IPv6 = 0; + /* Protocol (1, 2) to pass to ssh. */ + int protocol = 0; + + /* Show transfer rate in bits/sec rather than bytes/sec. */ + int bitspersec = 0; + /* This is set to non-zero to enable verbose mode. */ int verbose_mode = 0; /* This is set to non-zero if compression is desired. */ int compress_flag = 0; ! /* This is set to zero if the progress meter is not desired by default. */ ! #ifdef DEFAULT_NO_PROGRESS ! int showprogress = 0; ! #else /* not DEFAULT_NO_PROGRESS */ int showprogress = 1; + #endif /* DEFAULT_NO_PROGRESS */ /* This is set to non-zero if running in batch mode (that is, password and passphrase queries are not allowed). */ *************** *** 165,170 **** --- 175,184 ---- args[i++] = ssh_program; args[i++] = "-x"; args[i++] = "-oFallBackToRsh no"; + if (protocol==1) + args[i++] = "-oProtocol 1"; + else if (protocol==2) + args[i++] = "-oProtocol 2"; if (IPv4) args[i++] = "-4"; if (IPv6) *************** *** 262,270 **** extern int optind; fflag = tflag = 0; ! while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S")) != EOF) switch (ch) { /* User-visible flags. */ case '4': IPv4 = 1; break; --- 276,302 ---- extern int optind; fflag = tflag = 0; ! while ((ch = getopt(argc, argv, "bdfprtvBCc:i:P:qQS4612")) != EOF) switch (ch) { + /* Server options. */ + case 'd': + targetshouldbedirectory = 1; + break; + case 'f': /* "from" */ + iamremote = 1; + fflag = 1; + break; + case 't': /* "to" */ + iamremote = 1; + tflag = 1; + break; /* User-visible flags. */ + case '1': + protocol = 1; + break; + case '2': + protocol = 2; + break; case '4': IPv4 = 1; break; *************** *** 283,301 **** case 'S': ssh_program = optarg; break; - - /* Server options. */ - case 'd': - targetshouldbedirectory = 1; - break; - case 'f': /* "from" */ - iamremote = 1; - fflag = 1; - break; - case 't': /* "to" */ - iamremote = 1; - tflag = 1; - break; case 'c': cipher = optarg; break; --- 315,320 ---- *************** *** 311,319 **** --- 330,344 ---- case 'C': compress_flag = 1; break; + case 'Q': + showprogress = 1; + break; case 'q': showprogress = 0; break; + case 'b': + bitspersec = 1; + break; case '?': default: usage(); *************** *** 1129,1134 **** --- 1154,1162 ---- struct timeval now, td, wait; off_t cursize, abbrevsize; double elapsed; + double rate, abbrevrate; + int j; + char b; int ratio, barlength, i, remaining; char buf[256]; *************** *** 1148,1157 **** ratio = MIN(ratio, 100); } else ratio = 100; ! snprintf(buf, sizeof(buf), "\r%-20.20s %3d%% ", curfile, ratio); ! ! barlength = getttywidth() - 51; barlength = (barlength <= MAX_BARLENGTH)?barlength:MAX_BARLENGTH; if (barlength > 0) { i = barlength * ratio / 100; --- 1176,1184 ---- ratio = MIN(ratio, 100); } else ratio = 100; + snprintf(buf, sizeof(buf), "\r%-18.18s %3d%% ", curfile, ratio); ! barlength = getttywidth() - 58; barlength = (barlength <= MAX_BARLENGTH)?barlength:MAX_BARLENGTH; if (barlength > 0) { i = barlength * ratio / 100; *************** *** 1181,1192 **** timersub(&now, &start, &td); elapsed = td.tv_sec + (td.tv_usec / 1000000.0); if (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes) { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! " --:-- ETA"); } else if (wait.tv_sec >= STALLTIME) { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! " - stalled -"); } else { if (flag != 1) remaining --- 1208,1249 ---- timersub(&now, &start, &td); elapsed = td.tv_sec + (td.tv_usec / 1000000.0); + rate = cursize / elapsed; + if(bitspersec) { + rate *= 8; + b='b'; + } + else + b='B'; + j = 0; + abbrevrate = rate; + while (abbrevrate >= 10000 && j < sizeof(prefixes)) { + j++; + abbrevrate/=1000; + } + if(wait.tv_sec >= STALLTIME) { + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " -.- %c%c/s ", prefixes[j], b); + } + else if (abbrevrate < 10) { + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " %1.2f %c%c/s ", abbrevrate, prefixes[j], b); + } + else if (abbrevrate < 100) { + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " %2.1f %c%c/s ", abbrevrate, prefixes[j], b); + } + else { + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " %4.0f %c%c/s ", abbrevrate, prefixes[j], b); + } + if (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes) { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! " --:-- ETA"); } else if (wait.tv_sec >= STALLTIME) { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! " -stalled-"); } else { if (flag != 1) remaining *************** *** 1195,1210 **** remaining = elapsed; i = remaining / 3600; ! if (i) ! snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! "%2d:", i); ! else snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! " "); ! i = remaining % 3600; ! snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! "%02d:%02d%s", i / 60, i % 60, ! (flag != 1) ? " ETA" : " "); } atomicio(write, fileno(stdout), buf, strlen(buf)); --- 1252,1268 ---- remaining = elapsed; i = remaining / 3600; ! j = remaining % 3600; ! if (remaining > 3600) { ! snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! "%2d:%02d:%s", i, j / 60, ! (flag != 1) ? " ETA" : " FIN"); ! } ! else { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ! " %02d:%02d%s", j / 60, j % 60, ! (flag != 1) ? " ETA" : " FIN"); ! } } atomicio(write, fileno(stdout), buf, strlen(buf)); -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 360 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000824/efc9685b/attachment.bin