blob: d7e40175ae293a221a28684e457a445b17816341 [file] [log] [blame]
--- a/channels.h
+++ b/channels.h
@@ -179,9 +179,9 @@ struct Channel {
/* default window/packet sizes for tcp/x11-fwd-channel */
#define CHAN_SES_PACKET_DEFAULT (32*1024)
-#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
+#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
#define CHAN_TCP_PACKET_DEFAULT (32*1024)
-#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
+#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
--- a/ssh.c
+++ b/ssh.c
@@ -506,7 +506,7 @@ set_addrinfo_port(struct addrinfo *addrs, int port)
* Main program for the ssh client.
*/
int
-main(int ac, char **av)
+ssh_main(int ac, char **av, const char *subsystem)
{
struct ssh *ssh = NULL;
int i, r, opt, exit_status, use_syslog, direct, timeout_ms;
@@ -964,6 +964,21 @@ main(int ac, char **av)
/* Initialize the command to execute on remote host. */
buffer_init(&command);
+ if (subsystem) {
+ /*
+ * Hijack the codeflow now that we're done parsing the command line.
+ * We want all the flags, but none of the command line. Unless they
+ * passed in -s themselves.
+ */
+ if (!subsystem_flag) {
+ subsystem_flag = 1;
+ av = xcalloc(2, sizeof(*av));
+ av[0] = subsystem;
+ av[1] = NULL;
+ ac = 1;
+ }
+ }
+
/*
* Save the command to execute on the remote host in a buffer. There
* is no limit on the length of the command, except by the maximum
We hack the agent code to use a fake IP address which the plugin watches for.
We should have the plugin deal with AF_UNIX requests instead, then we won't
have to hack up OpenSSH.
--- a/authfd.c
+++ b/authfd.c
@@ -88,7 +88,10 @@ ssh_get_authentication_socket(int *fdp)
{
const char *authsocket;
int sock, oerrno;
- struct sockaddr_un sunaddr;
+ struct sockaddr_in sunaddr;
+
+ /* Magic value. Keep in sync with //ssh_client/src/file_system.cc */
+ static const int kSshAgentFakeIP = 0x7F010203;
if (fdp != NULL)
*fdp = -1;
@@ -98,10 +101,10 @@ ssh_get_authentication_socket(int *fdp)
return SSH_ERR_AGENT_NOT_PRESENT;
memset(&sunaddr, 0, sizeof(sunaddr));
- sunaddr.sun_family = AF_UNIX;
- strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
+ sunaddr.sin_family = AF_INET;
+ sunaddr.sin_addr.s_addr = htonl(kSshAgentFakeIP);
- if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+ if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
return SSH_ERR_SYSTEM_ERROR;
/* close on exec */
the bind_permitted() check doesn't work well in the nacl env. leave it to the
host os to do the actual check and deny/permit as makes sense.
daemonized() relies on funcs we don't implement (because we don't need them),
and this func is only used in sshd. disable it to avoid link failures.
--- a/misc.c
+++ b/misc.c
@@ -1586,11 +1586,10 @@ forward_equals(const struct Forward *a, const struct Forward *b)
int
bind_permitted(int port, uid_t uid)
{
- if (port < IPPORT_RESERVED && uid != 0)
- return 0;
return 1;
}
+#if !defined(__pnacl__) && !defined(__nacl__)
/* returns 1 if process is already daemonized, 0 otherwise */
int
daemonized(void)
@@ -1600,6 +1600,7 @@ daemonized(void)
debug3("already daemonized");
return 1;
}
+#endif
/*