- Added NxModeEnabled, NxAuthOnlyModeEnabled, NXStdinPassEnabled, NXServerMode,…

- Added NxModeEnabled, NxAuthOnlyModeEnabled, NXStdinPassEnabled, NXServerMode, NxAdminModeEnabled to ssh.c - Args: Rename -B to -nxswitch and -E to -nxnoconfig - Addes NX preferred options (disable TTY, escape, compression; enable X11) - Transer NX specfic code to ssh.c

- Added NxModeEnabled, NxAuthOnlyModeEnabled, NXStdinPassEnabled, NXServerMode,…
6d4624c1 · Konstantin Artyushkin · 403463ce · 6d4624c1
Commit 6d4624c1 authored Feb 24, 2026 by Konstantin Artyushkin
Hide whitespace changes
Inline Side-by-side

Showing with 119 additions and 11 deletions

ssh.c ssh.c +119 -11

No files found.
--- a/ssh.c
+++ b/ssh.c
@@ -113,6 +113,12 @@
 #include "ssh-pkcs11.h"
 #endif
+/*
+ * Include the NX specific functions and
+ * definitions.
+ */
+#include "proxy.h"
 extern char *__progname;
 /* Saves a copy of argv for setproctitle emulation */
@@ -120,6 +126,14 @@ extern char *__progname;
 static char **saved_av;
 #endif
+/* NX MODE */
+int NxModeEnabled = 0;
+int NxAuthOnlyModeEnabled = 0;
+int NXStdinPassEnabled = 0;
+int NXServerMode = 0;
+int NxAdminModeEnabled = 0;
+static int nx_skip_config_file = 0;
 /* Flag indicating whether debug mode is on.  May be set on the command line. */
 int debug_flag = 0;
@@ -180,14 +194,17 @@ static void
 usage(void)
 {
 	fprintf(stderr,
-"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]\n"
+"usage: nxssh [-nx|-nxservermode|-nxadminmode|-nxauthonly|-nxstdinpass]\n"
-"           [-c cipher_spec] [-D [bind_address:]port] [-E log_file]\n"
+"             [-nxswitch] [-nxnoconfig]\n"
-"           [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]\n"
+"             [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n"
-"           [-J destination] [-L address] [-l login_name] [-m mac_spec]\n"
+"             [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n"
-"           [-O ctl_cmd] [-o option] [-P tag] [-p port] [-R address]\n"
+"             [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n"
-"           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]\n"
+"             [-i identity_file] [-J destination] [-L address]\n"
-"           destination [command [argument ...]]\n"
+"             [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option]\n"
-"       ssh [-Q query_option]\n"
+"             [-P tag] [-p port] [-R address] [-S ctl_path]\n"
+"             [-W host:port] [-w local_tun[:remote_tun]]\n"
+"             destination [command [argument ...]]\n"
+"       nxssh [-Q query_option]\n"
 	);
 	exit(255);
 }
@@ -716,6 +733,63 @@ main(int ac, char **av)
 	pw = pwcopy(pw);
 	/*
+	 * NX: Initialize proxy buffer and parse NX-specific first arguments.
+	 * These must be argv[1] and are consumed before getopt processing.
+	 */
+	{
+		nx_proxy_init();
+		if (ac > 1 && strcmp(av[1], "-nxstdinpass") == 0) {
+			NXStdinPassEnabled = 1;
+			av[1] = "-T";
+		}
+		if (ac > 1 && strcmp(av[1], "-nxservermode") == 0) {
+			NXStdinPassEnabled = 1;
+			NXServerMode = 1;
+			av[1] = "-T";
+		}
+		if (ac > 1 && strcmp(av[1], "-nxauthonly") == 0) {
+			NxAuthOnlyModeEnabled = 1;
+			av[1] = "-T";
+		}
+		if (ac > 1 && strcmp(av[1], "-nx") == 0) {
+			NxModeEnabled = 1;
+			av[1] = "-T";
+		}
+		if (ac > 1 && strcmp(av[1], "-nxadminmode") == 0) {
+			NxAdminModeEnabled = 1;
+			av[1] = "-T";
+		}
+		if (NxModeEnabled) {
+			logit("NX> 203 NXSSH running with pid: %d", getpid());
+		}
+		/* Check for -nxswitch and -nxnoconfig among remaining args */
+		for (i = 1; i < ac; i++) {
+			if (strcmp(av[i], "-nxswitch") == 0) {
+				logit("NX> 285 Enabling check on switch command");
+				nx_check_switch = 1;
+				/* Remove this arg by shifting */
+				for (j = i; j < (u_int)(ac - 1); j++)
+					av[j] = av[j + 1];
+				ac--;
+				i--;
+			} else if (strcmp(av[i], "-nxnoconfig") == 0) {
+				logit("NX> 285 Enabling skip of SSH config files");
+				nx_skip_config_file = 1;
+				for (j = i; j < (u_int)(ac - 1); j++)
+					av[j] = av[j + 1];
+				ac--;
+				i--;
+			}
+		}
+	/*
 	 * Set our umask to something reasonable, as some files are created
 	 * with the default umask.  This will make them world-readable but
 	 * writable only by the owner, which is ok for all files for which we
@@ -1205,9 +1279,11 @@ main(int ac, char **av)
 		logit("%s, %s", SSH_RELEASE, SSH_OPENSSL_VERSION);
 	/* Parse the configuration files */
-	process_config_files(options.host_arg, pw, 0, &want_final_pass);
+	if (!nx_skip_config_file) {
-	if (want_final_pass)
+		process_config_files(options.host_arg, pw, 0, &want_final_pass);
-		debug("configuration requests final Match pass");
+		if (want_final_pass)
+			debug("configuration requests final Match pass");
+	}
 	/* Hostname canonicalisation needs a few options filled. */
 	fill_default_options_for_canonicalization(&options);
@@ -1288,6 +1364,38 @@ main(int ac, char **av)
 	if (fill_default_options(&options) != 0)
 		cleanup_exit(255);
+	/*
+	 * Force our preferred options if this is a NX session.
+	 */
+	if (nx_check_switch == 1) {
+		logit("NX> 285 Setting the preferred NX options");
+		tty_flag    = 0;
+		options.request_tty = REQUEST_TTY_NO;
+		options.escape_char = SSH_ESCAPECHAR_NONE;
+		options.compression = 0;
+		options.forward_x11 = 1;
+		if (nx_get_environment("DISPLAY") == NULL) {
+			nx_set_environment("DISPLAY", "");
+		}
+	}
+	/*
+	 * NX server-side: if -nxswitch was given and we are in NXServerMode,
+	 * wait for the switch command on stdin.
+	 */
+	if (nx_check_switch && NXServerMode) {
+		for (;;) {
+			if (nx_switch_received) {
+				nx_switch_server_side_descriptors();
+				exit(0);
+			}
+			nx_check_standard_input();
+		}
+	}
+	} /* end of NX argv parsing block */
 	if (options.user == NULL)
 		options.user = xstrdup(pw->pw_name);