- stevesk@cvs.openbsd.org 2001/09/19 19:24:19

     [readconf.c readconf.h scp.c sftp.c ssh.1]
     add ClearAllForwardings ssh option and set it in scp and sftp; ok
     markus@

6 files changed, 61 insertions, 12 deletions

diff --git a/ChangeLog b/ChangeLog
index ad408495..fe725c79 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
    - markus@cvs.openbsd.org 2001/09/19 13:23:29
      [key.c]
      key_read() now returns -1 on type mismatch, too
+   - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
+     [readconf.c readconf.h scp.c sftp.c ssh.1]
+     add ClearAllForwardings ssh option and set it in scp and sftp; ok 
+     markus@
 
 20010918
  - (djm) Configure support for smartcards. Based on Ben's work.
@@ -6513,4 +6517,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1543 2001/09/20 00:55:53 mouring Exp $
+$Id: ChangeLog,v 1.1544 2001/09/20 00:57:55 mouring Exp $
diff --git a/readconf.c b/readconf.c
index 6a426ae0..83069d3a 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.89 2001/09/03 20:58:33 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.90 2001/09/19 19:24:18 stevesk Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -114,7 +114,8 @@ typedef enum {
 	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice
+	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
+	oClearAllForwardings
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -184,6 +185,7 @@ static struct {
 	{ "hostkeyalgorithms", oHostKeyAlgorithms },
 	{ "bindaddress", oBindAddress },
 	{ "smartcarddevice", oSmartcardDevice },
+	{ "clearallforwardings", oClearAllForwardings }, 
 	{ NULL, 0 }
 };
 
@@ -229,6 +231,19 @@ add_remote_forward(Options *options, u_short port, const char *host,
 	fwd->host_port = host_port;
 }
 
+static void
+clear_forwardings(Options *options)
+{
+	int i;
+
+	for (i = 0; i < options->num_local_forwards; i++)
+		xfree(options->local_forwards[i].host);
+	options->num_local_forwards = 0;
+	for (i = 0; i < options->num_remote_forwards; i++)
+		xfree(options->remote_forwards[i].host);
+	options->num_remote_forwards = 0;
+}
+
 /*
  * Returns the number of the token pointed to by cp or oBadOption.
  */
@@ -621,6 +636,10 @@ parse_int:
 			add_local_forward(options, fwd_port, "socks4", 0);
 		break;
 
+	case oClearAllForwardings:
+		intptr = &options->clear_forwardings;
+		goto parse_flag;
+
 	case oHost:
 		*activep = 0;
 		while ((arg = strdelim(&s)) != NULL && *arg != '\0')
@@ -769,6 +788,7 @@ initialize_options(Options * options)
 	options->user_hostfile2 = NULL;
 	options->num_local_forwards = 0;
 	options->num_remote_forwards = 0;
+	options->clear_forwardings = -1;
 	options->log_level = (LogLevel) - 1;
 	options->preferred_authentications = NULL;
 	options->bind_address = NULL;
@@ -889,6 +909,8 @@ fill_default_options(Options * options)
 		options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
 	if (options->log_level == (LogLevel) - 1)
 		options->log_level = SYSLOG_LEVEL_INFO;
+	if (options->clear_forwardings == 1)
+		clear_forwardings(options);
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index faeef1db..bde9eaa1 100644
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: readconf.h,v 1.38 2001/09/03 20:58:33 stevesk Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.39 2001/09/19 19:24:18 stevesk Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -100,6 +100,7 @@ typedef struct {
 	/* Remote TCP/IP forward requests. */
 	int     num_remote_forwards;
 	Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
+	int	clear_forwardings;
 }       Options;
 
 
diff --git a/scp.c b/scp.c
index 512dfa67..e603646b 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.83 2001/09/17 17:57:56 stevesk Exp $");
+RCSID("$OpenBSD: scp.c,v 1.84 2001/09/19 19:24:19 stevesk Exp $");
 
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -239,6 +239,7 @@ main(argc, argv)
 	addargs(&args, "-x");
 	addargs(&args, "-oForwardAgent no");
 	addargs(&args, "-oFallBackToRsh no");
+	addargs(&args, "-oClearAllForwardings yes");
 
 	fflag = tflag = 0;
 	while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1)
@@ -371,13 +372,17 @@ toremote(targ, argc, argv)
 	for (i = 0; i < argc - 1; i++) {
 		src = colon(argv[i]);
 		if (src) {	/* remote to remote */
+			static char *ssh_options =
+			    "-x -o'FallBackToRsh no' "
+			    "-o'ClearAllForwardings yes'";
 			*src++ = 0;
 			if (*src == 0)
 				src = ".";
 			host = strchr(argv[i], '@');
 			len = strlen(ssh_program) + strlen(argv[i]) +
 			    strlen(src) + (tuser ? strlen(tuser) : 0) +
-			    strlen(thost) + strlen(targ) + CMDNEEDS + 32;
+			    strlen(thost) + strlen(targ) +
+			    strlen(ssh_options) + CMDNEEDS + 20;
 			bp = xmalloc(len);
 			if (host) {
 				*host++ = 0;
@@ -388,19 +393,19 @@ toremote(targ, argc, argv)
 				else if (!okname(suser))
 					continue;
 				snprintf(bp, len,
-				    "%s%s -x -o'FallBackToRsh no' -n "
+				    "%s%s %s -n "
 				    "-l %s %s %s %s '%s%s%s:%s'",
 				    ssh_program, verbose_mode ? " -v" : "",
-				    suser, host, cmd, src,
+				    ssh_options, suser, host, cmd, src,
 				    tuser ? tuser : "", tuser ? "@" : "",
 				    thost, targ);
 			} else {
 				host = cleanhostname(argv[i]);
 				snprintf(bp, len,
-				    "exec %s%s -x -o'FallBackToRsh no' -n %s "
+				    "exec %s%s %s -n %s "
 				    "%s %s '%s%s%s:%s'",
 				    ssh_program, verbose_mode ? " -v" : "",
-				    host, cmd, src,
+				    ssh_options, host, cmd, src,
 				    tuser ? tuser : "", tuser ? "@" : "",
 				    thost, targ);
 			}
diff --git a/sftp.c b/sftp.c
index 519ee696..06110f9a 100644
--- a/sftp.c
+++ b/sftp.c
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 
-RCSID("$OpenBSD: sftp.c,v 1.20 2001/09/17 20:38:09 stevesk Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.21 2001/09/19 19:24:19 stevesk Exp $");
 
 /* XXX: commandline mode */
 /* XXX: short-form remote directory listings (like 'ls -C') */
@@ -118,6 +118,7 @@ main(int argc, char **argv)
 	addargs(&args, "-oFallBackToRsh no");
 	addargs(&args, "-oForwardX11 no");
 	addargs(&args, "-oForwardAgent no");
+	addargs(&args, "-oClearAllForwardings yes");
 	ll = SYSLOG_LEVEL_INFO;
 	infile = stdin;		/* Read from STDIN unless changed by -b */
 
diff --git a/ssh.1 b/ssh.1
index c7a19e3b..e3dc7506 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.137 2001/09/05 06:23:07 deraadt Exp $
+.\" $OpenBSD: ssh.1,v 1.138 2001/09/19 19:24:19 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -767,6 +767,22 @@ The default is
   ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
     aes192-cbc,aes256-cbc''
 .Ed
+.It Cm ClearAllForwardings
+Specifies that all local, remote and dynamic port forwardings
+specified in the configuration files or on the command line be
+cleared.  This option is primarily useful when used from the
+.Nm
+command line to clear port forwardings set in
+configuration files, and is automatically set by
+.Xr scp 1
+and
+.Xr sftp 1 .
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
 .It Cm Compression
 Specifies whether to use compression.
 The argument must be