Re: ssh: use getservbyname(3) for port numbers

2018-10-04 Thread Theo de Raadt 
Darren Tucker  wrote:

> On Sun, 2 Sep 2018 at 03:16, Theo de Raadt  wrote:
> >
> > > Is there a reason ssh doesn't consult services(5) for port numbers?
> >
> > I think I know why but I'm not going to speak about those dark days.
> 
> I would be fine with adding this.  I am not sure what the reasoning
> behind it was (reduce NIS lookups back in the day?)

Yes I think that is the reason it was done.

naddy, that is an ok deraadt

Re: ssh: use getservbyname(3) for port numbers

2018-10-04 Thread Darren Tucker 
On Sun, 2 Sep 2018 at 03:16, Theo de Raadt  wrote:
>
> > Is there a reason ssh doesn't consult services(5) for port numbers?
>
> I think I know why but I'm not going to speak about those dark days.

I would be fine with adding this.  I am not sure what the reasoning
behind it was (reduce NIS lookups back in the day?)

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: ssh: use getservbyname(3) for port numbers

2018-09-01 Thread Theo de Raadt 
> Is there a reason ssh doesn't consult services(5) for port numbers?

I think I know why but I'm not going to speak about those dark days.

Diff looks good to me.

ssh: use getservbyname(3) for port numbers

2018-08-31 Thread Christian Weisgerber 
Is there a reason ssh doesn't consult services(5) for port numbers?

This has irked me forever.  I'd rather write ssh -L icb:localhost:icb
instead of ssh -L 7326, wait, 7236, uhm, grep icb /etc/services...

I don't think there is any syntactic ambiguity since Unix sockets
already must contain a '/'.

The patch below adds this:
* Try to resolve a port specification with getservbyname(3) if a
  numeric conversion fails.
* Make the "Port" option in ssh_config handle its argument as a
  port rather than a plain integer.

All other command line switches and configuration file options
already use a2port().

This passes the existing regression tests.

Index: misc.c
===
RCS file: /cvs/src/usr.bin/ssh/misc.c,v
retrieving revision 1.131
diff -u -p -r1.131 misc.c
--- misc.c  27 Jul 2018 05:13:02 -  1.131
+++ misc.c  30 Aug 2018 23:59:07 -
@@ -36,6 +36,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -299,13 +300,16 @@ pwcopy(struct passwd *pw)
 int
 a2port(const char *s)
 {
+   struct servent *se;
long long port;
const char *errstr;
 
port = strtonum(s, 0, 65535, );
-   if (errstr != NULL)
-   return -1;
-   return (int)port;
+   if (errstr == NULL)
+   return (int)port;
+   if ((se = getservbyname(s, "tcp")) != NULL)
+   return ntohs(se->s_port);
+   return -1;
 }
 
 int
Index: readconf.c
===
RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
retrieving revision 1.297
diff -u -p -r1.297 readconf.c
--- readconf.c  12 Aug 2018 20:19:13 -  1.297
+++ readconf.c  30 Aug 2018 23:14:38 -
@@ -1142,7 +1142,20 @@ parse_command:
return 0;
 
case oPort:
-   intptr = >port;
+   arg = strdelim();
+   if (!arg || *arg == '\0')
+   fatal("%.200s line %d: Missing argument.",
+   filename, linenum);
+   value = a2port(arg);
+   if (value <= 0)
+   fatal("%.200s line %d: Bad port '%s'.",
+   filename, linenum, arg);
+   if (*activep && options->port == -1)
+   options->port = value;
+   break;
+
+   case oConnectionAttempts:
+   intptr = >connection_attempts;
 parse_int:
arg = strdelim();
if ((errstr = atoi_err(arg, )) != NULL)
@@ -1151,10 +1164,6 @@ parse_int:
if (*activep && *intptr == -1)
*intptr = value;
break;
-
-   case oConnectionAttempts:
-   intptr = >connection_attempts;
-   goto parse_int;
 
case oCiphers:
arg = strdelim();
-- 
Christian "naddy" Weisgerber  na...@mips.inka.de