add support for ssh v2 subsystems. ok markus@.

5 files changed, 54 insertions, 5 deletions

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index aaf54a09db4..97ea361d692 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.42 2000/05/31 06:36:40 markus Exp $");
+RCSID("$Id: servconf.c,v 1.43 2000/06/17 22:52:33 jakob Exp $");
 
 #include "ssh.h"
 #include "servconf.h"
@@ -75,6 +75,7 @@ initialize_server_options(ServerOptions *options)
 	options->ciphers = NULL;
 	options->protocol = SSH_PROTO_UNKNOWN;
 	options->gateway_ports = -1;
+	options->num_subsystems = 0;
 }
 
 void
@@ -182,7 +183,7 @@ typedef enum {
 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
 	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
 	sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,
-	sGatewayPorts, sDSAAuthentication, sXAuthLocation
+	sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -237,6 +238,7 @@ static struct {
 	{ "ciphers", sCiphers },
 	{ "protocol", sProtocol },
 	{ "gatewayports", sGatewayPorts },
+	{ "subsystem", sSubsystem },
 	{ NULL, 0 }
 };
 
@@ -302,6 +304,7 @@ read_server_config(ServerOptions *options, const char *filename)
 	int linenum, *intptr, value;
 	int bad_options = 0;
 	ServerOpCodes opcode;
+	int i;
 
 	f = fopen(filename, "r");
 	if (!f) {
@@ -613,6 +616,28 @@ parse_flag:
 				*intptr = value;
 			break;
 
+		case sSubsystem:
+			if(options->num_subsystems >= MAX_SUBSYSTEMS) {
+				fatal("%s line %d: too many subsystems defined.",
+				      filename, linenum);
+			}
+			cp = strtok(NULL, WHITESPACE);
+			if (!cp)
+				fatal("%s line %d: Missing subsystem name.",
+				      filename, linenum);
+			for (i = 0; i < options->num_subsystems; i++)
+				if(strcmp(cp, options->subsystem_name[i]) == 0)
+					fatal("%s line %d: Subsystem '%s' already defined.",
+					      filename, linenum, cp);
+			options->subsystem_name[options->num_subsystems] = xstrdup(cp);
+			cp = strtok(NULL, WHITESPACE);
+			if (!cp)
+				fatal("%s line %d: Missing subsystem command.",
+				      filename, linenum);
+			options->subsystem_command[options->num_subsystems] = xstrdup(cp);
+			options->num_subsystems++;
+			break;
+
 		default:
 			fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
 				filename, linenum, cp, opcode);
diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 22b3501b739..8708d9ae462 100644
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -13,7 +13,7 @@
  *
  */
 
-/* RCSID("$Id: servconf.h,v 1.23 2000/05/31 06:36:40 markus Exp $"); */
+/* RCSID("$Id: servconf.h,v 1.24 2000/06/17 22:52:33 jakob Exp $"); */
 
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -24,6 +24,7 @@
 #define MAX_DENY_USERS		256	/* Max # users on deny list. */
 #define MAX_ALLOW_GROUPS	256	/* Max # groups on allow list. */
 #define MAX_DENY_GROUPS		256	/* Max # groups on deny list. */
+#define MAX_SUBSYSTEMS		256	/* Max # subsystems. */
 
 typedef struct {
 	unsigned int num_ports;
@@ -94,6 +95,10 @@ typedef struct {
 	char   *allow_groups[MAX_ALLOW_GROUPS];
 	unsigned int num_deny_groups;
 	char   *deny_groups[MAX_DENY_GROUPS];
+
+	unsigned int num_subsystems;
+	char   *subsystem_name[MAX_SUBSYSTEMS];
+	char   *subsystem_command[MAX_SUBSYSTEMS];
 }       ServerOptions;
 /*
  * Initializes the server options to special values that indicate that they
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 34bdf8508f1..6c9b42c2642 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -8,7 +8,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.17 2000/06/05 19:53:40 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.18 2000/06/17 22:52:33 jakob Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -1221,10 +1221,22 @@ session_subsystem_req(Session *s)
 	unsigned int len;
 	int success = 0;
 	char *subsys = packet_get_string(&len);
+	int i;
 
 	packet_done();
 	log("subsystem request for %s", subsys);
 
+	for (i = 0; i < options.num_subsystems; i++) {
+		if(strcmp(subsys, options.subsystem_name[i]) == 0) {
+			debug("subsystem: exec() %s", options.subsystem_command[i]);
+			do_exec_no_pty(s, options.subsystem_command[i], s->pw);
+			success = 1;
+		}
+	}
+
+	if (!success)
+		log("subsystem request for %s failed, subsystem not found", subsys);
+
 	xfree(subsys);
 	return success;
 }
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index 258ddff0aae..bcaac4f2466 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.53 2000/06/05 19:59:46 markus Exp $
+.\" $Id: sshd.8,v 1.54 2000/06/17 22:52:34 jakob Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -543,6 +543,11 @@ This is normally desirable because novices sometimes accidentally leave their
 directory or files world-writable.
 The default is
 .Dq yes .
+.It Cm Subsystem
+Configures an external subsystem (e.g. file transfer daemon).
+Arguments should be a subsystem name and a command to execute upon subsystem request. 
+By default no subsystems are defined.
+Note that this option applies to protocol version 2 only.
 .It Cm SyslogFacility
 Gives the facility code that is used when logging messages from
 .Nm sshd .
diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config
index 0366ee48542..a0930a50e42 100644
--- a/usr.bin/ssh/sshd_config
+++ b/usr.bin/ssh/sshd_config
@@ -49,3 +49,5 @@ PermitEmptyPasswords no
 
 #CheckMail yes
 #UseLogin no
+
+#Subsystem	sftp	/usr/local/sbin/sftpd