]> andersk Git - gssapi-openssh.git/blobdiff - openssh/serverloop.c
merged OpenSSH 5.3p1 to trunk
[gssapi-openssh.git] / openssh / serverloop.c
index b60932f0d0f8fe6798da0db1519b1d8eb4e6828a..7ab9ff5662d8fe751d06eee502fc454001a4c406 100644 (file)
@@ -1,3 +1,4 @@
+/* $OpenBSD: serverloop.c,v 1.159 2009/05/28 16:50:16 andreas Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.124 2005/12/13 15:03:02 reyk Exp $");
 
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/wait.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+
+#include <netinet/in.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <stdarg.h>
+
+#include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
 #include "packet.h"
 #include "buffer.h"
@@ -48,13 +68,17 @@ RCSID("$OpenBSD: serverloop.c,v 1.124 2005/12/13 15:03:02 reyk Exp $");
 #include "compat.h"
 #include "ssh1.h"
 #include "ssh2.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "hostfile.h"
 #include "auth.h"
 #include "session.h"
 #include "dispatch.h"
 #include "auth-options.h"
 #include "serverloop.h"
 #include "misc.h"
-#include "kex.h"
+#include "roaming.h"
 
 extern ServerOptions options;
 
@@ -70,10 +94,10 @@ static int fdin;            /* Descriptor for stdin (for writing) */
 static int fdout;              /* Descriptor for stdout (for reading);
                                   May be same number as fdin. */
 static int fderr;              /* Descriptor for stderr.  May be -1. */
-static long stdin_bytes = 0;   /* Number of bytes written to stdin. */
-static long stdout_bytes = 0;  /* Number of stdout bytes sent to client. */
-static long stderr_bytes = 0;  /* Number of stderr bytes sent to client. */
-static long fdout_bytes = 0;   /* Number of stdout bytes read from program. */
+static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */
+static u_long stdout_bytes = 0;        /* Number of stdout bytes sent to client. */
+static u_long stderr_bytes = 0;        /* Number of stderr bytes sent to client. */
+static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */
 static int stdin_eof = 0;      /* EOF message received from client. */
 static int fdout_eof = 0;      /* EOF encountered reading from fdout. */
 static int fderr_eof = 0;      /* EOF encountered readung from fderr. */
@@ -82,7 +106,7 @@ static int connection_in;    /* Connection to client (input). */
 static int connection_out;     /* Connection to client (output). */
 static int connection_closed = 0;      /* Connection to client closed. */
 static u_int buffer_high;      /* "Soft" max buffer size. */
-static int client_alive_timeouts = 0;
+static int no_more_sessions = 0; /* Disallow further sessions. */
 
 /*
  * This SIGCHLD kludge is used to detect when the child exits.  The server
@@ -97,6 +121,20 @@ static volatile sig_atomic_t received_sigterm = 0;
 /* prototypes */
 static void server_init_dispatch(void);
 
+/*
+ * Returns current time in seconds from Jan 1, 1970 with the maximum
+ * available resolution.
+ */
+
+static double
+get_current_time(void)
+{
+       struct timeval tv;
+       gettimeofday(&tv, NULL);
+       return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
+}
+
+
 /*
  * we write to this pipe if a SIGCHLD is caught in order to avoid
  * the race between select() and child_terminated
@@ -142,11 +180,11 @@ notify_done(fd_set *readset)
                        debug2("notify_done: reading");
 }
 
+/*ARGSUSED*/
 static void
 sigchld_handler(int sig)
 {
        int save_errno = errno;
-       debug("Received SIGCHLD.");
        child_terminated = 1;
 #ifndef _UNICOS
        mysignal(SIGCHLD, sigchld_handler);
@@ -155,6 +193,7 @@ sigchld_handler(int sig)
        errno = save_errno;
 }
 
+/*ARGSUSED*/
 static void
 sigterm_handler(int sig)
 {
@@ -225,8 +264,10 @@ client_alive_check(void)
        int channel_id;
 
        /* timeout, check to see how many we have had */
-       if (++client_alive_timeouts > options.client_alive_count_max)
-               packet_disconnect("Timeout, your session not responding.");
+       if (packet_inc_alive_timeouts() > options.client_alive_count_max) {
+               logit("Timeout, client not responding.");
+               cleanup_exit(255);
+       }
 
        /*
         * send a bogus global/channel request with "wantreply",
@@ -255,6 +296,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
        struct timeval tv, *tvp;
        int ret;
        int client_alive_scheduled = 0;
+       int program_alive_scheduled = 0;
 
        /*
         * if using client_alive, set the max timeout accordingly,
@@ -292,6 +334,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
                 * the client, try to get some more data from the program.
                 */
                if (packet_not_very_much_data_to_write()) {
+                       program_alive_scheduled = child_terminated;
                        if (!fdout_eof)
                                FD_SET(fdout, *readsetp);
                        if (!fderr_eof)
@@ -337,8 +380,16 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
                memset(*writesetp, 0, *nallocp);
                if (errno != EINTR)
                        error("select: %.100s", strerror(errno));
-       } else if (ret == 0 && client_alive_scheduled)
-               client_alive_check();
+       } else {
+               if (ret == 0 && client_alive_scheduled)
+                       client_alive_check();
+               if (!compat20 && program_alive_scheduled && fdin_is_tty) {
+                       if (!fdout_eof)
+                               FD_SET(fdout, *readsetp);
+                       if (!fderr_eof)
+                               FD_SET(fderr, *readsetp);
+               }
+       }
 
        notify_done(*readsetp);
 }
@@ -348,15 +399,18 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
  * in buffers and processed later.
  */
 static void
-process_input(fd_set * readset)
+process_input(fd_set *readset)
 {
        int len;
        char buf[16384];
 
        /* Read and buffer any input data from the client. */
        if (FD_ISSET(connection_in, readset)) {
-               len = read(connection_in, buf, sizeof(buf));
+               int cont = 0;
+               len = roaming_read(connection_in, buf, sizeof(buf), &cont);
                if (len == 0) {
+                       if (cont)
+                               return;
                        verbose("Connection closed by %.100s",
                            get_remote_ipaddr());
                        connection_closed = 1;
@@ -364,7 +418,8 @@ process_input(fd_set * readset)
                                return;
                        cleanup_exit(255);
                } else if (len < 0) {
-                       if (errno != EINTR && errno != EAGAIN) {
+                       if (errno != EINTR && errno != EAGAIN &&
+                           errno != EWOULDBLOCK) {
                                verbose("Read error from remote host "
                                    "%.100s: %.100s",
                                    get_remote_ipaddr(), strerror(errno));
@@ -373,6 +428,7 @@ process_input(fd_set * readset)
                } else {
                        /* Buffer any received data. */
                        packet_process_incoming(buf, len);
+                       fdout_bytes += len;
                }
        }
        if (compat20)
@@ -380,22 +436,37 @@ process_input(fd_set * readset)
 
        /* Read and buffer any available stdout data from the program. */
        if (!fdout_eof && FD_ISSET(fdout, readset)) {
+               errno = 0;
                len = read(fdout, buf, sizeof(buf));
-               if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+               if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+                   errno == EWOULDBLOCK) && !child_terminated))) {
                        /* do nothing */
+#ifndef PTY_ZEROREAD
                } else if (len <= 0) {
+#else
+               } else if ((!isatty(fdout) && len <= 0) ||
+                   (isatty(fdout) && (len < 0 || (len == 0 && errno != 0)))) {
+#endif
                        fdout_eof = 1;
                } else {
                        buffer_append(&stdout_buffer, buf, len);
                        fdout_bytes += len;
+                       debug ("FD out now: %ld", fdout_bytes);
                }
        }
        /* Read and buffer any available stderr data from the program. */
        if (!fderr_eof && FD_ISSET(fderr, readset)) {
+               errno = 0;
                len = read(fderr, buf, sizeof(buf));
-               if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+               if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+                   errno == EWOULDBLOCK) && !child_terminated))) {
                        /* do nothing */
+#ifndef PTY_ZEROREAD
                } else if (len <= 0) {
+#else
+               } else if ((!isatty(fderr) && len <= 0) ||
+                   (isatty(fderr) && (len < 0 || (len == 0 && errno != 0)))) {
+#endif
                        fderr_eof = 1;
                } else {
                        buffer_append(&stderr_buffer, buf, len);
@@ -407,7 +478,7 @@ process_input(fd_set * readset)
  * Sends data from internal buffers to client program stdin.
  */
 static void
-process_output(fd_set * writeset)
+process_output(fd_set *writeset)
 {
        struct termios tio;
        u_char *data;
@@ -419,7 +490,8 @@ process_output(fd_set * writeset)
                data = buffer_ptr(&stdin_buffer);
                dlen = buffer_len(&stdin_buffer);
                len = write(fdin, data, dlen);
-               if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+               if (len < 0 &&
+                   (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) {
                        /* do nothing */
                } else if (len <= 0) {
                        if (fdin != fdout)
@@ -447,7 +519,7 @@ process_output(fd_set * writeset)
        }
        /* Send any buffered packet data to the client. */
        if (FD_ISSET(connection_out, writeset))
-               packet_write_poll();
+               stdin_bytes += packet_write_poll();
 }
 
 /*
@@ -749,6 +821,7 @@ collect_children(void)
        sigaddset(&nset, SIGCHLD);
        sigprocmask(SIG_BLOCK, &nset, &oset);
        if (child_terminated) {
+               debug("Received SIGCHLD.");
                while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
                    (pid < 0 && errno == EINTR))
                        if (pid > 0)
@@ -763,8 +836,10 @@ server_loop2(Authctxt *authctxt)
 {
        fd_set *readset = NULL, *writeset = NULL;
        int rekeying = 0, max_fd, nalloc = 0;
+       double start_time, total_time;
 
        debug("Entering interactive session for SSH2.");
+       start_time = get_current_time();
 
        mysignal(SIGCHLD, sigchld_handler);
        child_terminated = 0;
@@ -826,6 +901,11 @@ server_loop2(Authctxt *authctxt)
 
        /* free remaining sessions, e.g. remove wtmp entries */
        session_destroy_all(NULL);
+       total_time = get_current_time() - start_time;
+       logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f",
+             get_remote_ipaddr(), get_remote_port(),
+             stdin_bytes, fdout_bytes, total_time, stdin_bytes / total_time, 
+             fdout_bytes / total_time);
 }
 
 static void
@@ -837,7 +917,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
         * even if this was generated by something other than
         * the bogus CHANNEL_REQUEST we send for keepalives.
         */
-       client_alive_timeouts = 0;
+       packet_set_alive_timeouts(0);
 }
 
 static void
@@ -873,10 +953,10 @@ server_input_eof(int type, u_int32_t seq, void *ctxt)
 static void
 server_input_window_size(int type, u_int32_t seq, void *ctxt)
 {
-       int row = packet_get_int();
-       int col = packet_get_int();
-       int xpixel = packet_get_int();
-       int ypixel = packet_get_int();
+       u_int row = packet_get_int();
+       u_int col = packet_get_int();
+       u_int xpixel = packet_get_int();
+       u_int ypixel = packet_get_int();
 
        debug("Window change received.");
        packet_check_eom();
@@ -888,9 +968,8 @@ static Channel *
 server_request_direct_tcpip(void)
 {
        Channel *c;
-       int sock;
        char *target, *originator;
-       int target_port, originator_port;
+       u_short target_port, originator_port;
 
        target = packet_get_string(NULL);
        target_port = packet_get_int();
@@ -898,18 +977,16 @@ server_request_direct_tcpip(void)
        originator_port = packet_get_int();
        packet_check_eom();
 
-       debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
-           originator, originator_port, target, target_port);
+       debug("server_request_direct_tcpip: originator %s port %d, target %s "
+           "port %d", originator, originator_port, target, target_port);
 
        /* XXX check permission */
-       sock = channel_connect_to(target, target_port);
-       xfree(target);
+       c = channel_connect_to(target, target_port,
+           "direct-tcpip", "direct-tcpip");
+
        xfree(originator);
-       if (sock < 0)
-               return NULL;
-       c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
-           sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
-           CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
+       xfree(target);
+
        return c;
 }
 
@@ -937,20 +1014,24 @@ server_request_tun(void)
 
        tun = packet_get_int();
        if (forced_tun_device != -1) {
-               if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
+               if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
                        goto done;
                tun = forced_tun_device;
        }
        sock = tun_open(tun, mode);
        if (sock < 0)
                goto done;
+       if (options.hpn_disabled)
        c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
            CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+       else
+               c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+                   options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
        c->datagram = 1;
 #if defined(SSH_TUN_FILTER)
        if (mode == SSH_TUNMODE_POINTOPOINT)
                channel_register_filter(c->self, sys_tun_infilter,
-                   sys_tun_outfilter);
+                   sys_tun_outfilter, NULL, NULL);
 #endif
 
  done:
@@ -966,6 +1047,12 @@ server_request_session(void)
 
        debug("input_session_request");
        packet_check_eom();
+
+       if (no_more_sessions) {
+               packet_disconnect("Possible attack: attempt to open a session "
+                   "after additional sessions disabled");
+       }
+
        /*
         * A server session has no fd to read or write until a
         * CHANNEL_REQUEST for a shell is made, so we set the type to
@@ -975,7 +1062,7 @@ server_request_session(void)
        c = channel_new("session", SSH_CHANNEL_LARVAL,
            -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
            0, "server-session", 1);
-       if (!(datafellows & SSH_BUG_LARGEWINDOW))
+       if ((options.tcp_rcv_buf_poll) && (!options.hpn_disabled))
                c->dynamic_window = 1;
        if (session_open(the_authctxt, c->self) != 1) {
                debug("session open failed, free channel %d", c->self);
@@ -1041,7 +1128,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 {
        char *rtype;
        int want_reply;
-       int success = 0;
+       int success = 0, allocated_listen_port = 0;
 
        rtype = packet_get_string(NULL);
        want_reply = packet_get_char();
@@ -1063,9 +1150,11 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 
                /* check permissions */
                if (!options.allow_tcp_forwarding ||
-                   no_port_forwarding_flag
+                   no_port_forwarding_flag ||
+                   (!want_reply && listen_port == 0)
 #ifndef NO_IPPORT_RESERVED_CONCEPT
-                   || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
+                   || (listen_port != 0 && listen_port < IPPORT_RESERVED &&
+                    pw->pw_uid != 0)
 #endif
                    ) {
                        success = 0;
@@ -1073,7 +1162,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
                } else {
                        /* Start listening on the port */
                        success = channel_setup_remote_fwd_listener(
-                           listen_address, listen_port, options.gateway_ports);
+                           listen_address, listen_port,
+                           &allocated_listen_port, options.gateway_ports);
                }
                xfree(listen_address);
        } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
@@ -1087,15 +1177,22 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 
                success = channel_cancel_rport_listener(cancel_address,
                    cancel_port);
+               xfree(cancel_address);
+       } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
+               no_more_sessions = 1;
+               success = 1;
        }
        if (want_reply) {
                packet_start(success ?
                    SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
+               if (success && allocated_listen_port > 0)
+                       packet_put_int(allocated_listen_port);
                packet_send();
                packet_write_wait();
        }
        xfree(rtype);
 }
+
 static void
 server_input_channel_req(int type, u_int32_t seq, void *ctxt)
 {
@@ -1113,7 +1210,11 @@ server_input_channel_req(int type, u_int32_t seq, void *ctxt)
        if ((c = channel_lookup(id)) == NULL)
                packet_disconnect("server_input_channel_req: "
                    "unknown channel %d", id);
-       if (c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN)
+       if (!strcmp(rtype, "eow@openssh.com")) {
+               packet_check_eom();
+               chan_rcvd_eow(c);
+       } else if ((c->type == SSH_CHANNEL_LARVAL ||
+           c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
                success = session_input_channel_req(c, rtype);
        if (reply) {
                packet_start(success ?
@@ -1140,6 +1241,7 @@ server_init_dispatch_20(void)
        dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
        dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
        /* client_alive */
+       dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);
        dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
        dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
        dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
This page took 0.051427 seconds and 4 git commands to generate.