#include "stream.h"
#include "version.h"
-#ifdef SSH_SECURITY
-
-/*#define SSH_DEBUG*/
-
-#ifdef SSH_DEBUG
-int ssh_debug = 1;
-#else
-int ssh_debug = 0;
-#endif
-
-#define sshprintf(x) \
- do { \
- if (ssh_debug) { \
- dbprintf(x); \
- } \
- } while (0)
-
-/*
- * Path to the ssh binary. This should be configurable.
- */
-#define SSH_PATH "/usr/bin/ssh"
-
-/*
- * Arguments to ssh. This should also be configurable
- */
-#define SSH_ARGS "-x", "-o", "BatchMode=yes", "-o", "PreferredAuthentications=publickey"
-
/*
* Number of seconds ssh has to start up
*/
tcpm_stream_read_sync,
tcpm_stream_read_cancel,
tcpm_close_connection,
+ NULL,
+ NULL
};
static int newhandle = 1;
void * arg,
void * datap)
{
+ int result;
struct sec_handle *rh;
- struct hostent *he;
char *amandad_path=NULL, *client_username=NULL, *ssh_keys=NULL;
assert(fn != NULL);
assert(hostname != NULL);
- (void)conf_fn; /* Quiet unused parameter warning */
-
- sshprintf(("%s: ssh: ssh_connect: %s\n", debug_prefix_time(NULL),
- hostname));
+ auth_debug(1, "ssh_connect: %s\n", hostname);
rh = alloc(SIZEOF(*rh));
security_handleinit(&rh->sech, &ssh_security_driver);
rh->ev_timeout = NULL;
rh->rc = NULL;
- if ((he = gethostbyname(hostname)) == NULL) {
+ /* get the canonical hostname */
+ rh->hostname = NULL;
+ if ((result = resolve_hostname(hostname, 0, NULL, &rh->hostname)) != 0
+ || rh->hostname == NULL) {
security_seterror(&rh->sech,
- "%s: ssh could not resolve hostname", hostname);
+ _("ssh_security could not find canonical name for '%s': %s"),
+ hostname, gai_strerror(result));
(*fn)(arg, &rh->sech, S_ERROR);
return;
}
- rh->hostname = stralloc(he->h_name); /* will be replaced */
rh->rs = tcpma_stream_client(rh, newhandle++);
+ rh->rc->conf_fn = conf_fn;
+ rh->rc->datap = datap;
if (rh->rs == NULL)
goto error;
}
if(rh->rc->read == -1) {
if (runssh(rh->rs->rc, amandad_path, client_username, ssh_keys) < 0) {
- security_seterror(&rh->sech, "can't connect to %s: %s",
+ security_seterror(&rh->sech, _("can't connect to %s: %s"),
hostname, rh->rs->rc->errmsg);
goto error;
}
memset(rpipe, -1, SIZEOF(rpipe));
memset(wpipe, -1, SIZEOF(wpipe));
if (pipe(rpipe) < 0 || pipe(wpipe) < 0) {
- rc->errmsg = newvstralloc(rc->errmsg, "pipe: ", strerror(errno), NULL);
+ rc->errmsg = newvstrallocf(rc->errmsg, _("pipe: %s"), strerror(errno));
return (-1);
}
switch (rc->pid = fork()) {
case -1:
- rc->errmsg = newvstralloc(rc->errmsg, "fork: ", strerror(errno), NULL);
+ rc->errmsg = newvstrallocf(rc->errmsg, _("fork: %s"), strerror(errno));
aclose(rpipe[0]);
aclose(rpipe[1]);
aclose(wpipe[0]);
safe_fd(-1, 0);
if(!xamandad_path || strlen(xamandad_path) <= 1)
- xamandad_path = vstralloc(libexecdir, "/", "amandad",
+ xamandad_path = vstralloc(amlibexecdir, "/", "amandad",
versionsuffix(), NULL);
if(!xclient_username || strlen(xclient_username) <= 1)
xclient_username = CLIENT_LOGIN;
if(!ssh_keys || strlen(ssh_keys) <= 1) {
- execlp(SSH_PATH, SSH_PATH, SSH_ARGS, "-l", xclient_username,
+ execlp(SSH, SSH, SSH_OPTIONS, "-l", xclient_username,
rc->hostname, xamandad_path, "-auth=ssh", "amdump", "amindexd",
"amidxtaped", (char *)NULL);
}
else {
- execlp(SSH_PATH, SSH_PATH, SSH_ARGS, "-l", xclient_username,
+ execlp(SSH, SSH, SSH_OPTIONS, "-l", xclient_username,
"-i", xssh_keys, rc->hostname, xamandad_path, "-auth=ssh",
"amdump", "amindexd", "amidxtaped", (char *)NULL);
}
- error("error: couldn't exec %s: %s", SSH_PATH, strerror(errno));
+ error("error: couldn't exec %s: %s", SSH, strerror(errno));
/* should never go here, shut up compiler warning */
return(-1);
}
-
-#endif /* SSH_SECURITY */