- djm@cvs.openbsd.org 2001/01/29 05:36:11

[ssh.1 ssh.c]
     Allow invocation of sybsystem by commandline (-s); ok markus@

ChangeLog

@@ -10,6 +10,9 @@
      [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
      handle rsa_private_decrypt failures; helps against the Bleichenbacher
      pkcs#1 attack
+   - djm@cvs.openbsd.org     2001/01/29 05:36:11
+     [ssh.1 ssh.c]
+     Allow invocation of sybsystem by commandline (-s); ok markus@
 
 20000129
  - (stevesk) sftp-server.c: use %lld vs. %qd

ssh.1

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.79 2001/01/28 20:36:16 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.80 2001/01/29 12:36:10 djm Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -48,7 +48,7 @@
 .Op Ar command
 .Pp
 .Nm ssh
-.Op Fl afgknqtvxACNPTX246
+.Op Fl afgknqstvxACNPTX246
 .Op Fl c Ar cipher_spec
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
@@ -470,6 +470,10 @@ for older servers.
 Quiet mode.
 Causes all warning and diagnostic messages to be suppressed.
 Only fatal errors are displayed.
+.It Fl s
+May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use 
+of SSH as a secure transport for other application (eg. sftp). The 
+subsystem is specified as the remote command.
 .It Fl t
 Force pseudo-tty allocation.
 This can be used to execute arbitrary

ssh.c

@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.85 2001/01/29 12:36:10 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -139,6 +139,9 @@ uid_t original_real_uid;
 /* command to be executed */
 Buffer command;
 
+/* Should we execute a command or invoke a subsystem? */
+int subsystem_flag = 0;
+
 /* Prints a help message to the user.  This function never returns. */
 
 void
@@ -181,6 +184,7 @@ usage()
 	fprintf(stderr, "  -6          Use IPv6 only.\n");
 	fprintf(stderr, "  -2          Force protocol version 2.\n");
 	fprintf(stderr, "  -o 'option' Process the option as if it was read from a configuration file.\n");
+	fprintf(stderr, "  -s          Invoke command (mandatory) as SSH2 subsystem.\n");
 	exit(1);
 }
 
@@ -484,6 +488,9 @@ main(int ac, char **av)
 					 "command-line", 0, &dummy) != 0)
 				exit(1);
 			break;
+		case 's':
+			subsystem_flag = 1;
+			break;
 		default:
 			usage();
 		}
@@ -507,6 +514,10 @@ main(int ac, char **av)
 	if (optind == ac) {
 		/* No command specified - execute shell on a tty. */
 		tty_flag = 1;
+		if (subsystem_flag) {
+			fprintf(stderr, "You must specify a subsystem to invoke.");
+			usage();
+		}
 	} else {
 		/* A command has been specified.  Store it into the
 		   buffer. */
@@ -978,8 +989,13 @@ ssh_session2_callback(int id, void *arg)
 	if (len > 0) {
 		if (len > 900)
 			len = 900;
+		if (subsystem_flag) {
+			debug("Sending subsystem: %.*s", len, buffer_ptr(&command));
+			channel_request_start(id, "subsystem", 0);
+		} else {
 			debug("Sending command: %.*s", len, buffer_ptr(&command));
 			channel_request_start(id, "exec", 0);
+		}
 		packet_put_string(buffer_ptr(&command), len);
 		packet_send();
 	} else {