6882255 sftp connection fails when .bashrc generates output on stderr

6886656 unlimited window size causes problems with limited buffer sizes
6894519 USE_PIPES is not used on Solaris and should be removed

6 files changed, 18 insertions, 83 deletions

diff --git a/usr/src/cmd/ssh/include/channels.h b/usr/src/cmd/ssh/include/channels.h
index 408f819d7f..1845845f6a 100644
--- a/usr/src/cmd/ssh/include/channels.h
+++ b/usr/src/cmd/ssh/include/channels.h
@@ -33,7 +33,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 /*	$OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $	*/
@@ -42,8 +42,6 @@
 #ifndef	_CHANNELS_H
 #define	_CHANNELS_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -154,6 +152,8 @@ struct Channel {
 #define CHAN_EOF_SENT			0x04
 #define CHAN_EOF_RCVD			0x08
 
+#define CHAN_RBUF			16*1024
+
 /* check whether 'efd' is still in use */
 #define CHANNEL_EFD_INPUT_ACTIVE(c) \
 	(compat20 && c->extended_usage == CHAN_EXTENDED_READ && \
diff --git a/usr/src/cmd/ssh/include/config.h b/usr/src/cmd/ssh/include/config.h
index 8bf9962434..cd754f9320 100644
--- a/usr/src/cmd/ssh/include/config.h
+++ b/usr/src/cmd/ssh/include/config.h
@@ -65,9 +65,6 @@ extern "C" {
 /* Work around problematic Linux PAM modules handling of PAM_TTY */
 #define	PAM_TTY_KLUDGE 1
 
-/* Use PIPES instead of a socketpair() */
-/* #undef USE_PIPES */
-
 /* Define if your snprintf is busted */
 /* #undef BROKEN_SNPRINTF */
 
diff --git a/usr/src/cmd/ssh/include/defines.h b/usr/src/cmd/ssh/include/defines.h
index 31bd42574e..5cd500907a 100644
--- a/usr/src/cmd/ssh/include/defines.h
+++ b/usr/src/cmd/ssh/include/defines.h
@@ -22,15 +22,13 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
 #ifndef	_DEFINES_H
 #define	_DEFINES_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -537,15 +535,6 @@ typedef unsigned long int fd_mask;
 #endif
 
 /*
- * Define this to use pipes instead of socketpairs for communicating with the
- * client program.  Socketpairs do not seem to work on all systems.
- *
- * configure.ac sets this for a few OS's which are known to have problems
- * but you may need to set it yourself
- */
-/* #define	USE_PIPES 1 */
-
-/*
  * login recorder definitions
  */
 
diff --git a/usr/src/cmd/ssh/libssh/common/channels.c b/usr/src/cmd/ssh/libssh/common/channels.c
index c38a012dfe..3a0e6bad22 100644
--- a/usr/src/cmd/ssh/libssh/common/channels.c
+++ b/usr/src/cmd/ssh/libssh/common/channels.c
@@ -723,7 +723,8 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
 
 	if (c->istate == CHAN_INPUT_OPEN &&
 	    limit > 0 &&
-	    buffer_len(&c->input) < limit)
+	    buffer_len(&c->input) < limit &&
+	    buffer_check_alloc(&c->input, CHAN_RBUF))
 		FD_SET(c->rfd, readset);
 	if (c->ostate == CHAN_OUTPUT_OPEN ||
 	    c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
@@ -1383,7 +1384,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
 static int
 channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
 {
-	char buf[16*1024];
+	char buf[CHAN_RBUF];
 	int len;
 
 	if (c->rfd != -1 &&
@@ -1477,7 +1478,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
 static int
 channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
 {
-	char buf[16*1024];
+	char buf[CHAN_RBUF];
 	int len;
 
 /** XXX handle drain efd, too */
diff --git a/usr/src/cmd/ssh/sftp/sftp.c b/usr/src/cmd/ssh/sftp/sftp.c
index 45537d4ea8..9b5caac074 100644
--- a/usr/src/cmd/ssh/sftp/sftp.c
+++ b/usr/src/cmd/ssh/sftp/sftp.c
@@ -1473,23 +1473,12 @@ connect_to_server(char *path, char **args, int *in, int *out)
 {
 	int c_in, c_out;
 
-#ifdef USE_PIPES
-	int pin[2], pout[2];
-
-	if ((pipe(pin) == -1) || (pipe(pout) == -1))
-		fatal("pipe: %s", strerror(errno));
-	*in = pin[0];
-	*out = pout[1];
-	c_in = pout[0];
-	c_out = pin[1];
-#else /* USE_PIPES */
 	int inout[2];
 
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
 		fatal("socketpair: %s", strerror(errno));
 	*in = *out = inout[0];
 	c_in = c_out = inout[1];
-#endif /* USE_PIPES */
 
 	if ((sshpid = fork()) == -1)
 		fatal("fork: %s", strerror(errno));
@@ -1684,10 +1673,8 @@ main(int argc, char **argv)
 
 	err = interactive_loop(in, out, file1, file2);
 
-#if !defined(USE_PIPES)
 	shutdown(in, SHUT_RDWR);
 	shutdown(out, SHUT_RDWR);
-#endif
 
 	close(in);
 	close(out);
diff --git a/usr/src/cmd/ssh/sshd/session.c b/usr/src/cmd/ssh/sshd/session.c
index de5b903eea..a546880398 100644
--- a/usr/src/cmd/ssh/sshd/session.c
+++ b/usr/src/cmd/ssh/sshd/session.c
@@ -462,20 +462,12 @@ do_exec_no_pty(Session *s, const char *command)
 {
 	pid_t pid;
 
-#ifdef USE_PIPES
-	int pin[2], pout[2], perr[2];
-	/* Allocate pipes for communicating with the program. */
-	if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
-		packet_disconnect("Could not create pipes: %.100s",
-				  strerror(errno));
-#else /* USE_PIPES */
 	int inout[2], err[2];
 	/* Uses socket pairs to communicate with the program. */
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
 	    socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
 		packet_disconnect("Could not create socket pairs: %.100s",
 				  strerror(errno));
-#endif /* USE_PIPES */
 	if (s == NULL)
 		fatal("do_exec_no_pty: no session");
 
@@ -495,28 +487,6 @@ do_exec_no_pty(Session *s, const char *command)
 		if (setsid() < 0)
 			error("setsid failed: %.100s", strerror(errno));
 
-#ifdef USE_PIPES
-		/*
-		 * Redirect stdin.  We close the parent side of the socket
-		 * pair, and make the child side the standard input.
-		 */
-		close(pin[1]);
-		if (dup2(pin[0], 0) < 0)
-			perror("dup2 stdin");
-		close(pin[0]);
-
-		/* Redirect stdout. */
-		close(pout[0]);
-		if (dup2(pout[1], 1) < 0)
-			perror("dup2 stdout");
-		close(pout[1]);
-
-		/* Redirect stderr. */
-		close(perr[0]);
-		if (dup2(perr[1], 2) < 0)
-			perror("dup2 stderr");
-		close(perr[1]);
-#else /* USE_PIPES */
 		/*
 		 * Redirect stdin, stdout, and stderr.  Stdin and stdout will
 		 * use the same socket, as some programs (particularly rdist)
@@ -528,9 +498,18 @@ do_exec_no_pty(Session *s, const char *command)
 			perror("dup2 stdin");
 		if (dup2(inout[0], 1) < 0)	/* stdout.  Note: same socket as stdin. */
 			perror("dup2 stdout");
+		if (s->is_subsystem) {
+			/*
+			 * Redirect the subsystem's stderr to /dev/null. We might send it
+			 * over to the other side but changing that might break existing
+			 * SSH clients.
+			 */
+			close(err[0]);
+			if ((err[0] = open(_PATH_DEVNULL, O_WRONLY)) == -1)
+				fatal("Cannot open /dev/null: %.100s", strerror(errno));
+		} 
 		if (dup2(err[0], 2) < 0)	/* stderr */
 			perror("dup2 stderr");
-#endif /* USE_PIPES */
 
 #ifdef _UNICOS
 		cray_init_job(s->pw); /* set up cray jid and tmpdir */
@@ -553,24 +532,7 @@ do_exec_no_pty(Session *s, const char *command)
 	s->pid = pid;
 	/* Set interactive/non-interactive mode. */
 	packet_set_interactive(s->display != NULL);
-#ifdef USE_PIPES
-	/* We are the parent.  Close the child sides of the pipes. */
-	close(pin[0]);
-	close(pout[1]);
-	close(perr[1]);
 
-	if (compat20) {
-		session_set_fds(s, pin[1], pout[0], s->is_subsystem ? -1 : perr[0]);
-		if (s->is_subsystem)
-                        close(perr[0]);
-		/* Don't close channel before sending exit-status! */
-		channel_set_wait_for_exit(s->chanid, 1);
-	} else {
-		/* Enter the interactive session. */
-		server_loop(pid, pin[1], pout[0], perr[0]);
-		/* server_loop has closed pin[1], pout[0], and perr[0]. */
-	}
-#else /* USE_PIPES */
 	/* We are the parent.  Close the child sides of the socket pairs. */
 	close(inout[0]);
 	close(err[0]);
@@ -589,7 +551,6 @@ do_exec_no_pty(Session *s, const char *command)
 		server_loop(pid, inout[1], inout[1], err[1]);
 		/* server_loop has closed inout[1] and err[1]. */
 	}
-#endif /* USE_PIPES */
 }
 
 /*