disable features
Markus Friedl
markus at openbsd.org
Wed Oct 24 18:30:51 EST 2001
this (uncomplete) patch makes various features compile time
options and saves up to 24K in the resulting
ssh/sshd binaries. i don't know whether this
should be added to the CVS since it makes
the code less readable.
perhaps WITH_COMPRESSION should be added, since
it removes the dependency on libz
-m
Index: Makefile.inc
===================================================================
RCS file: /home/markus/cvs/ssh/Makefile.inc,v
retrieving revision 1.19
diff -u -r1.19 Makefile.inc
--- Makefile.inc 29 Jul 2001 14:00:07 -0000 1.19
+++ Makefile.inc 22 Oct 2001 18:57:12 -0000
@@ -10,7 +10,14 @@
CDIAGFLAGS+= -Wmissing-prototypes
CDIAGFLAGS+= -Wunused
-#DEBUG=-g
+DEBUG=-g
+
+#CFLAGS+= -DWITH_AGENTFWD
+#CFLAGS+= -DWITH_COMPRESSION
+#CFLAGS+= -DWITH_DYNFWD
+#CFLAGS+= -DWITH_PROTO13
+#CFLAGS+= -DWITH_TCPFWD
+#CFLAGS+= -DWITH_X11FWD
#CFLAGS+= -DSMARTCARD
#LDADD+= -lsectok
Index: auth-options.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth-options.c,v
retrieving revision 1.20
diff -u -r1.20 auth-options.c
--- auth-options.c 30 Aug 2001 20:36:34 -0000 1.20
+++ auth-options.c 22 Oct 2001 18:26:52 -0000
@@ -53,7 +53,9 @@
xfree(forced_command);
forced_command = NULL;
}
+#ifdef WITH_TCPFWD
channel_clear_permitted_opens();
+#endif
}
/*
@@ -257,8 +259,10 @@
xfree(patterns);
goto bad_option;
}
+#ifdef WITH_TCPFWD
if (options.allow_tcp_forwarding)
channel_add_permitted_opens(host, port);
+#endif
xfree(patterns);
goto next_option;
}
Index: channels.c
===================================================================
RCS file: /home/markus/cvs/ssh/channels.c,v
retrieving revision 1.140
diff -u -r1.140 channels.c
--- channels.c 10 Oct 2001 22:18:47 -0000 1.140
+++ channels.c 22 Oct 2001 18:25:31 -0000
@@ -76,7 +76,7 @@
*/
static int channel_max_fd = 0;
-
+#ifdef WITH_TCPFWD
/* -- tcp forwarding */
/*
@@ -102,8 +102,9 @@
* anything after logging in anyway.
*/
static int all_opens_permitted = 0;
+#endif
-
+#ifdef WITH_X11FWD
/* -- X11 forwarding */
/* Maximum number of fake X11 displays to try. */
@@ -122,8 +123,9 @@
*/
static char *x11_fake_data = NULL;
static u_int x11_fake_data_len;
+#endif
-
+#ifdef WITH_AGENTFWD
/* -- agent forwarding */
#define NUM_SOCKS 10
@@ -131,12 +133,15 @@
/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
static char *auth_sock_dir = NULL;
+#endif
/* AF_UNSPEC or AF_INET or AF_INET6 */
static int IPv4or6 = AF_UNSPEC;
+#ifdef WITH_TCPFWD
/* helper */
static void port_open_helper(Channel *c, char *rtype);
+#endif
/* -- channel core */
@@ -678,6 +683,7 @@
chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE];
chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE];
+#ifdef WITH_TCPFWD
static void
channel_pre_listener(Channel *c, fd_set * readset, fd_set * writeset)
{
@@ -690,7 +696,9 @@
debug3("channel %d: waiting for connection", c->self);
FD_SET(c->sock, writeset);
}
+#endif
+#ifdef WITH_PROTO13
static void
channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset)
{
@@ -699,6 +707,7 @@
if (buffer_len(&c->output) > 0)
FD_SET(c->sock, writeset);
}
+#endif
static void
channel_pre_open_15(Channel *c, fd_set * readset, fd_set * writeset)
@@ -743,6 +752,7 @@
}
}
+#ifdef WITH_PROTO13
static void
channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset)
{
@@ -763,7 +773,9 @@
else
FD_SET(c->sock, writeset);
}
+#endif
+#ifdef WITH_X11FWD
/*
* This is a special state for X11 authentication spoofing. An opened X11
* connection (when authentication spoofing is being done) remains in this
@@ -831,6 +843,7 @@
return 1;
}
+#ifdef WITH_PROTO13
static void
channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
{
@@ -855,6 +868,7 @@
packet_send();
}
}
+#endif
static void
channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
@@ -876,7 +890,9 @@
debug("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate);
}
}
+#endif /* WITH_X11FWD */
+#ifdef WITH_DYNFWD
/* try to decode a socks4 header */
static int
channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
@@ -986,7 +1002,9 @@
port_open_helper(c, "direct-tcpip");
}
}
+#endif
+#ifdef WITH_X11FWD
/* This is our fake X11 server socket. */
static void
channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
@@ -1045,7 +1063,9 @@
xfree(remote_ipaddr);
}
}
+#endif
+#ifdef WITH_TCPFWD
static void
port_open_helper(Channel *c, char *rtype)
{
@@ -1158,7 +1178,9 @@
}
}
}
+#endif /* WITH_TCPFWD */
+#ifdef WITH_AGENTFWD
/*
* This is the authentication agent socket listening for connections from
* clients.
@@ -1202,7 +1224,9 @@
packet_send();
}
}
+#endif /* WITH_AGENTFWD */
+#ifdef WITH_TCPFWD
static void
channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
{
@@ -1249,6 +1273,7 @@
packet_send();
}
}
+#endif /* WITH_TCPFWD */
static int
channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
@@ -1423,6 +1448,7 @@
channel_check_window(c);
}
+#ifdef WITH_PROTO13
static void
channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
{
@@ -1437,67 +1463,118 @@
buffer_consume(&c->output, len);
}
}
+#endif
static void
channel_handler_init_20(void)
{
channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open_20;
- channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open;
+#ifdef WITH_TCPFWD
channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
channel_pre[SSH_CHANNEL_RPORT_LISTENER] = &channel_pre_listener;
- channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
- channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
+#ifdef WITH_DYNFWD
channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
+#endif
+#endif
+#ifdef WITH_X11FWD
+ channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open;
+ channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
+#endif
+#ifdef WITH_AGENTFWD
+ channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
+#endif
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_2;
+#ifdef WITH_TCPFWD
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
channel_post[SSH_CHANNEL_RPORT_LISTENER] = &channel_post_port_listener;
- channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
- channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
+#ifdef WITH_DYNFWD
channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_2;
+#endif
+#endif
+#ifdef WITH_X11FWD
+ channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
+#endif
+#ifdef WITH_AGENTFWD
+ channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
+#endif
}
+#ifdef WITH_PROTO13
static void
channel_handler_init_13(void)
{
channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open_13;
+#ifdef WITH_TCPFWD
+ channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
+ channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
+#ifdef WITH_DYNFWD
+ channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
+#endif
+#endif
+#ifdef WITH_X11FWD
channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open_13;
channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
- channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
+#endif
+#ifdef WITH_AGENTFWD
channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
+#endif
channel_pre[SSH_CHANNEL_INPUT_DRAINING] = &channel_pre_input_draining;
channel_pre[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_pre_output_draining;
- channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
- channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;
- channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
+#ifdef WITH_TCPFWD
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
- channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
- channel_post[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_post_output_drain_13;
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
+#ifdef WITH_DYNFWD
channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_1;
+#endif
+#endif
+#ifdef WITH_X11FWD
+ channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
+#endif
+#ifdef WITH_AGENTFWD
+ channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
+#endif
+ channel_post[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_post_output_drain_13;
}
+#endif
static void
channel_handler_init_15(void)
{
channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open_15;
- channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open;
- channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
+#ifdef WITH_TCPFWD
channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
- channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
+#ifdef WITH_DYNFWD
channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
+#endif
+#endif
+#ifdef WITH_X11FWD
+ channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open;
+ channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
+#endif
+#ifdef WITH_AGENTFWD
+ channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
+#endif
- channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
+#ifdef WITH_TCPFWD
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
- channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
- channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
+#ifdef WITH_DYNFWD
channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_1;
+#endif
+#endif
+#ifdef WITH_X11FWD
+ channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
+#endif
+#ifdef WITH_AGENTFWD
+ channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
+#endif
+ channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;
}
static void
@@ -1510,8 +1587,10 @@
}
if (compat20)
channel_handler_init_20();
+#ifdef WITH_PROTO13
else if (compat13)
channel_handler_init_13();
+#endif
else
channel_handler_init_15();
}
@@ -1806,6 +1885,7 @@
}
+#ifdef WITH_PROTO13
void
channel_input_close(int type, int plen, void *ctxt)
{
@@ -1843,6 +1923,7 @@
c->type = SSH_CHANNEL_OUTPUT_DRAINING;
}
}
+#endif
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */
void
@@ -1856,6 +1937,7 @@
chan_rcvd_oclose(c);
}
+#ifdef WITH_PROTO13
void
channel_input_close_confirmation(int type, int plen, void *ctxt)
{
@@ -1871,6 +1953,7 @@
"non-closed channel %d (type %d).", id, c->type);
channel_free(c);
}
+#endif
void
channel_input_open_confirmation(int type, int plen, void *ctxt)
@@ -2005,6 +2088,7 @@
c->remote_window += adjust;
}
+#ifdef WITH_TCPFWD
void
channel_input_port_open(int type, int plen, void *ctxt)
{
@@ -2042,7 +2126,7 @@
}
xfree(host);
}
-
+#endif
/* -- tcp forwarding */
@@ -2052,6 +2136,7 @@
IPv4or6 = af;
}
+#ifdef WITH_X11FWD
/*
* Initiate forwarding of connections to local port "port" through the secure
* channel to host:port from remote side.
@@ -2385,7 +2470,9 @@
}
return connect_to(host, port);
}
+#endif /* WITH_X11FWD */
+#ifdef WITH_X11FWD
/* -- X11 forwarding */
/*
@@ -2656,6 +2743,7 @@
}
packet_send();
}
+#endif /* WITH_X11FWD */
/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
void
@@ -2679,6 +2767,7 @@
packet_send();
}
+#ifdef WITH_X11FWD
/*
* Requests forwarding of X11 connections, generates fake authentication
* data, and enables authentication spoofing.
@@ -2747,8 +2836,9 @@
packet_write_wait();
xfree(new_data);
}
+#endif /* WITH_X11FWD */
-
+#ifdef WITH_AGENTFWD
/* -- agent forwarding */
/* Sends a message to the server to request authentication fd forwarding. */
@@ -2919,3 +3009,4 @@
}
packet_send();
}
+#endif WITH_AGENTFWD
Index: clientloop.c
===================================================================
RCS file: /home/markus/cvs/ssh/clientloop.c,v
retrieving revision 1.84
diff -u -r1.84 clientloop.c
--- clientloop.c 11 Oct 2001 15:24:00 -0000 1.84
+++ clientloop.c 22 Oct 2001 18:23:38 -0000
@@ -1042,6 +1042,7 @@
quit_pending = 1;
}
+#ifdef WITH_TCPFWD
static Channel *
client_request_forwarded_tcpip(const char *request_type, int rchan)
{
@@ -1078,7 +1079,9 @@
xfree(listen_address);
return c;
}
+#endif /* WITH_TCPFWD */
+#ifdef WITH_X11FWD
static Channel*
client_request_x11(const char *request_type, int rchan)
{
@@ -1118,7 +1121,9 @@
c->force_drain = 1;
return c;
}
+#endif /* WITH_X11FWD */
+#ifdef WITH_AGENTFWD
static Channel*
client_request_agent(const char *request_type, int rchan)
{
@@ -1144,6 +1149,7 @@
c->force_drain = 1;
return c;
}
+#endif
/* XXXX move to generic input handler */
static void
@@ -1165,11 +1171,17 @@
ctype, rchan, rwindow, rmaxpack);
if (strcmp(ctype, "forwarded-tcpip") == 0) {
+#ifdef WITH_TCPFWD
c = client_request_forwarded_tcpip(ctype, rchan);
+#endif
} else if (strcmp(ctype, "x11") == 0) {
+#ifdef WITH_X11FWD
c = client_request_x11(ctype, rchan);
+#endif
} else if (strcmp(ctype, "auth-agent at openssh.com") == 0) {
+#ifdef WITH_AGENTFWD
c = client_request_agent(ctype, rchan);
+#endif
}
/* XXX duplicate : */
if (c != NULL) {
@@ -1256,20 +1268,28 @@
client_init_dispatch_13(void)
{
dispatch_init(NULL);
+#ifdef WITH_PROTO13
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
+#endif
dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
+#ifdef WITH_TCPFWD
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
+#endif
dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
+#ifdef WITH_AGENTFWD
dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
&auth_input_open_request : &deny_input_open);
+#endif
+#ifdef WITH_X11FWD
dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
&x11_input_open : &deny_input_open);
+#endif
}
static void
client_init_dispatch_15(void)
Index: compress.c
===================================================================
RCS file: /home/markus/cvs/ssh/compress.c,v
retrieving revision 1.15
diff -u -r1.15 compress.c
--- compress.c 27 Sep 2001 11:58:16 -0000 1.15
+++ compress.c 22 Oct 2001 18:47:06 -0000
@@ -10,6 +10,7 @@
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
+#ifdef WITH_COMPRESSION
#include "includes.h"
RCSID("$OpenBSD: compress.c,v 1.15 2001/09/27 11:58:16 markus Exp $");
@@ -154,3 +155,4 @@
}
}
}
+#endif
Index: myproposal.h
===================================================================
RCS file: /home/markus/cvs/ssh/myproposal.h,v
retrieving revision 1.12
diff -u -r1.12 myproposal.h
--- myproposal.h 5 Mar 2001 15:56:16 -0000 1.12
+++ myproposal.h 22 Oct 2001 18:42:06 -0000
@@ -34,7 +34,11 @@
"hmac-md5,hmac-sha1,hmac-ripemd160," \
"hmac-ripemd160 at openssh.com," \
"hmac-sha1-96,hmac-md5-96"
+#ifdef WITH_COMPRESSION
#define KEX_DEFAULT_COMP "none,zlib"
+#else
+#define KEX_DEFAULT_COMP "none"
+#endif
#define KEX_DEFAULT_LANG ""
Index: packet.c
===================================================================
RCS file: /home/markus/cvs/ssh/packet.c,v
retrieving revision 1.70
diff -u -r1.70 packet.c
--- packet.c 27 Sep 2001 11:59:37 -0000 1.70
+++ packet.c 22 Oct 2001 18:36:47 -0000
@@ -96,12 +96,14 @@
/* Buffer for the incoming packet currently being processed. */
static Buffer incoming_packet;
+#ifdef WITH_COMPRESSION
/* Scratch buffer for packet compression/decompression. */
static Buffer compression_buffer;
static int compression_buffer_ready = 0;
/* Flag indicating whether packet compression/decompression is enabled. */
static int packet_compression = 0;
+#endif
/* default maximum packet size */
int max_packet_size = 32768;
@@ -233,10 +235,12 @@
buffer_free(&output);
buffer_free(&outgoing_packet);
buffer_free(&incoming_packet);
+#ifdef WITH_COMPRESSION
if (compression_buffer_ready) {
buffer_free(&compression_buffer);
buffer_compress_uninit();
}
+#endif
}
/* Sets remote side protocol flags. */
@@ -255,6 +259,7 @@
return remote_protocol_flags;
}
+#ifdef WITH_COMPRESSION
/*
* Starts packet compression from the next packet on in both directions.
* Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
@@ -279,6 +284,7 @@
buffer_compress_init_send(level);
buffer_compress_init_recv();
}
+#endif
/*
* Causes any further packets to be encrypted using the given key. The same
@@ -364,6 +370,7 @@
u_int checksum;
u_int32_t rand = 0;
+#ifdef WITH_COMPRESSION
/*
* If using packet compression, compress the payload of the outgoing
* packet.
@@ -379,6 +386,7 @@
buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
buffer_len(&compression_buffer));
}
+#endif
/* Compute packet length without padding (add checksum, remove padding). */
len = buffer_len(&outgoing_packet) + 4 - 8;
@@ -467,6 +475,7 @@
enc->iv, enc->cipher->block_size);
memset(enc->iv, 0, enc->cipher->block_size);
memset(enc->key, 0, enc->cipher->key_len);
+#ifdef WITH_COMPRESSION
if (comp->type != 0 && comp->enabled == 0) {
packet_init_compression();
if (mode == MODE_OUT)
@@ -475,6 +484,7 @@
buffer_compress_init_recv();
comp->enabled = 1;
}
+#endif
}
/*
@@ -509,6 +519,7 @@
buffer_dump(&outgoing_packet);
#endif
+#ifdef WITH_COMPRESSION
if (comp && comp->enabled) {
len = buffer_len(&outgoing_packet);
/* skip header, compress only payload */
@@ -522,6 +533,7 @@
DBG(debug("compression: raw %d compressed %d", len,
buffer_len(&outgoing_packet)));
}
+#endif
/* sizeof (packet_len + pad_len + payload) */
len = buffer_len(&outgoing_packet);
@@ -749,6 +761,7 @@
packet_disconnect("Corrupted check bytes on input.");
buffer_consume_end(&incoming_packet, 4);
+#ifdef WITH_COMPRESSION
if (packet_compression) {
buffer_clear(&compression_buffer);
buffer_uncompress(&incoming_packet, &compression_buffer);
@@ -756,6 +769,7 @@
buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
buffer_len(&compression_buffer));
}
+#endif
type = buffer_get_char(&incoming_packet);
*payload_len_ptr = buffer_len(&incoming_packet);
return type;
@@ -849,6 +863,7 @@
buffer_consume(&incoming_packet, 4 + 1);
buffer_consume_end(&incoming_packet, padlen);
+#ifdef WITH_COMPRESSION
DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet)));
if (comp && comp->enabled) {
buffer_clear(&compression_buffer);
@@ -858,6 +873,7 @@
buffer_len(&compression_buffer));
DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet)));
}
+#endif
/*
* get packet type, implies consume.
* return length of payload (without type field)
Index: serverloop.c
===================================================================
RCS file: /home/markus/cvs/ssh/serverloop.c,v
retrieving revision 1.82
diff -u -r1.82 serverloop.c
--- serverloop.c 10 Oct 2001 22:18:47 -0000 1.82
+++ serverloop.c 22 Oct 2001 18:24:43 -0000
@@ -790,6 +790,7 @@
pty_change_window_size(fdin, row, col, xpixel, ypixel);
}
+#ifdef WITH_TCPFWD
static Channel *
server_request_direct_tcpip(char *ctype)
{
@@ -822,6 +823,7 @@
}
return c;
}
+#endif
static Channel *
server_request_session(char *ctype)
@@ -874,8 +876,10 @@
if (strcmp(ctype, "session") == 0) {
c = server_request_session(ctype);
+#ifdef WITH_TCPFWD
} else if (strcmp(ctype, "direct-tcpip") == 0) {
c = server_request_direct_tcpip(ctype);
+#endif
}
if (c != NULL) {
debug("server_input_channel_open: confirm %s", ctype);
@@ -904,6 +908,7 @@
xfree(ctype);
}
+#ifdef WITH_TCPFWD
static void
server_input_global_request(int type, int plen, void *ctxt)
{
@@ -953,6 +958,7 @@
}
xfree(rtype);
}
+#endif
static void
server_init_dispatch_20(void)
@@ -968,7 +974,9 @@
dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
+#ifdef WITH_TCPFWD
dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
+#endif
/* client_alive */
dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_channel_failure);
/* rekeying */
@@ -982,12 +990,16 @@
dispatch_set(SSH_CMSG_EOF, &server_input_eof);
dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data);
dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size);
+#ifdef WITH_PROTO13
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
+#endif
dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
+#ifdef WITH_TCPFWD
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
+#endif
}
static void
server_init_dispatch_15(void)
Index: session.c
===================================================================
RCS file: /home/markus/cvs/ssh/session.c,v
retrieving revision 1.108
diff -u -r1.108 session.c
--- session.c 11 Oct 2001 13:45:21 -0000 1.108
+++ session.c 22 Oct 2001 18:37:43 -0000
@@ -148,18 +148,22 @@
}
#endif
#endif
+#ifdef WITH_TCPFWD
/* setup the channel layer */
if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
channel_permit_all_opens();
+#endif
if (compat20)
do_authenticated2(authctxt);
else
do_authenticated1(authctxt);
+#ifdef WITH_AGENTFWD
/* remove agent socket */
if (auth_get_socket_name())
auth_sock_cleanup_proc(authctxt->pw);
+#endif
#ifdef KRB4
if (options.kerberos_ticket_cleanup)
krb4_cleanup_proc(authctxt);
@@ -181,9 +185,15 @@
{
Session *s;
char *command;
- int success, type, plen, screen_flag;
+ int success, type, plen;
+ u_int dlen;
+#ifdef WITH_COMPRESSION
int compression_level = 0, enable_compression_after_reply = 0;
- u_int proto_len, data_len, dlen;
+#endif
+#ifdef WITH_X11FWD
+ u_int proto_len, data_len;
+ int screen_flag;
+#endif
s = session_new();
s->authctxt = authctxt;
@@ -202,6 +212,7 @@
/* Process the packet. */
switch (type) {
case SSH_CMSG_REQUEST_COMPRESSION:
+#ifdef WITH_COMPRESSION
packet_integrity_check(plen, 4, type);
compression_level = packet_get_int();
if (compression_level < 1 || compression_level > 9) {
@@ -212,6 +223,7 @@
/* Enable compression after we have responded with SUCCESS. */
enable_compression_after_reply = 1;
success = 1;
+#endif
break;
case SSH_CMSG_REQUEST_PTY:
@@ -219,6 +231,7 @@
break;
case SSH_CMSG_X11_REQUEST_FORWARDING:
+#ifdef WITH_X11FWD
s->auth_proto = packet_get_string(&proto_len);
s->auth_data = packet_get_string(&data_len);
@@ -242,18 +255,22 @@
s->auth_proto = NULL;
s->auth_data = NULL;
}
+#endif
break;
case SSH_CMSG_AGENT_REQUEST_FORWARDING:
+#ifdef WITH_AGENTFWD
if (no_agent_forwarding_flag || compat13) {
debug("Authentication agent forwarding not permitted for this authentication.");
break;
}
debug("Received authentication agent forwarding request.");
success = auth_input_request_forwarding(s->pw);
+#endif
break;
case SSH_CMSG_PORT_FORWARD_REQUEST:
+#ifdef WITH_TCPFWD
if (no_port_forwarding_flag) {
debug("Port forwarding not permitted for this authentication.");
break;
@@ -265,6 +282,7 @@
debug("Received TCP/IP port forwarding request.");
channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports);
success = 1;
+#endif
break;
case SSH_CMSG_MAX_PACKET_SIZE:
@@ -349,11 +367,13 @@
packet_send();
packet_write_wait();
+#ifdef WITH_COMPRESSION
/* Enable compression now that we have replied if appropriate. */
if (enable_compression_after_reply) {
enable_compression_after_reply = 0;
packet_start_compression(compression_level);
}
+#endif
}
}
@@ -912,9 +932,11 @@
child_set_env(&env, &envsize, "KRB5CCNAME",
s->authctxt->krb5_ticket_file);
#endif
+#ifdef WITH_AGENTFWD
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
+#endif
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
@@ -1326,6 +1348,7 @@
return success;
}
+#ifdef WITH_X11FWD
static int
session_x11_req(Session *s)
{
@@ -1346,6 +1369,7 @@
}
return success;
}
+#endif
static int
session_shell_req(Session *s)
@@ -1366,6 +1390,7 @@
return 1;
}
+#ifdef WITH_AGENTFWD
static int
session_auth_agent_req(Session *s)
{
@@ -1382,6 +1407,7 @@
return auth_input_request_forwarding(s->pw);
}
}
+#endif
void
session_input_channel_req(int id, void *arg)
@@ -1417,10 +1443,14 @@
success = session_exec_req(s);
} else if (strcmp(rtype, "pty-req") == 0) {
success = session_pty_req(s);
+#ifdef WITH_X11FWD
} else if (strcmp(rtype, "x11-req") == 0) {
success = session_x11_req(s);
+#endif
+#ifdef WITH_AGENTFWD
} else if (strcmp(rtype, "auth-agent-req at openssh.com") == 0) {
success = session_auth_agent_req(s);
+#endif
} else if (strcmp(rtype, "subsystem") == 0) {
success = session_subsystem_req(s);
}
@@ -1640,6 +1670,7 @@
setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
}
+#ifdef WITH_X11FWD
int
session_setup_x11fwd(Session *s)
{
@@ -1674,6 +1705,7 @@
}
return 1;
}
+#endif
static void
do_authenticated2(Authctxt *authctxt)
Index: ssh.c
===================================================================
RCS file: /home/markus/cvs/ssh/ssh.c,v
retrieving revision 1.147
diff -u -r1.147 ssh.c
--- ssh.c 8 Oct 2001 19:05:05 -0000 1.147
+++ ssh.c 22 Oct 2001 18:40:13 -0000
@@ -772,6 +772,7 @@
return exit_status;
}
+#ifdef WITH_X11FWD
static void
x11_get_proto(char *proto, int proto_len, char *data, int data_len)
{
@@ -810,10 +811,12 @@
}
}
}
+#endif
static void
ssh_init_forwarding(void)
{
+#ifdef WITH_TCPFWD
int success = 0;
int i;
@@ -843,6 +846,7 @@
options.remote_forwards[i].host,
options.remote_forwards[i].host_port);
}
+#endif
}
static void
@@ -868,6 +872,7 @@
struct winsize ws;
char *cp;
+#ifdef WITH_COMPRESSION
/* Enable compression if requested. */
if (options.compression) {
debug("Requesting compression at level %d.", options.compression_level);
@@ -888,6 +893,7 @@
else
packet_disconnect("Protocol error waiting for compression response.");
}
+#endif
/* Allocate a pseudo tty if appropriate. */
if (tty_flag) {
debug("Requesting pty.");
@@ -927,6 +933,7 @@
else
packet_disconnect("Protocol error waiting for pty request response.");
}
+#ifdef WITH_X11FWD
/* Request X11 forwarding if enabled and DISPLAY is set. */
if (options.forward_x11 && getenv("DISPLAY") != NULL) {
char proto[512], data[512];
@@ -946,12 +953,14 @@
packet_disconnect("Protocol error waiting for X11 forwarding");
}
}
+#endif
/* Tell the packet module whether this is an interactive session. */
packet_set_interactive(interactive);
/* Request authentication agent forwarding if appropriate. */
check_agent_present();
+#ifdef WITH_AGENTFWD
if (options.forward_agent) {
debug("Requesting authentication agent forwarding.");
auth_request_forwarding();
@@ -962,6 +971,7 @@
if (type != SSH_SMSG_SUCCESS)
log("Warning: Remote host denied authentication agent forwarding.");
}
+#endif
/* Initiate port forwardings. */
ssh_init_forwarding();
@@ -1043,6 +1053,7 @@
interactive = 1;
/* XXX wait for reply */
}
+#ifdef WITH_X11FWD
if (options.forward_x11 &&
getenv("DISPLAY") != NULL) {
char proto[512], data[512];
@@ -1054,13 +1065,16 @@
interactive = 1;
/* XXX wait for reply */
}
+#endif
+#ifdef WITH_X11FWD
check_agent_present();
if (options.forward_agent) {
debug("Requesting authentication agent forwarding.");
channel_request_start(id, "auth-agent-req at openssh.com", 0);
packet_send();
}
+#endif
len = buffer_len(&command);
if (len > 0) {
Index: sshconnect2.c
===================================================================
RCS file: /home/markus/cvs/ssh/sshconnect2.c,v
retrieving revision 1.83
diff -u -r1.83 sshconnect2.c
--- sshconnect2.c 6 Oct 2001 11:18:19 -0000 1.83
+++ sshconnect2.c 24 Oct 2001 08:07:02 -0000
@@ -99,6 +99,7 @@
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
+#ifdef WITH_COMPRESSION
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
@@ -106,6 +107,7 @@
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
}
+#endif
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
More information about the openssh-unix-dev
mailing list