-/* $OpenBSD: serverloop.c,v 1.145 2006/10/11 12:38:03 markus Exp $ */
+/* $OpenBSD: serverloop.c,v 1.157 2009/02/12 03:16:01 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include <unistd.h>
#include <stdarg.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
static int fdout; /* Descriptor for stdout (for reading);
May be same number as fdin. */
static int fderr; /* Descriptor for stderr. May be -1. */
-static long stdin_bytes = 0; /* Number of bytes written to stdin. */
-static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
-static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
-static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
+static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */
+static u_long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
+static u_long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
+static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */
static int stdin_eof = 0; /* EOF message received from client. */
static int fdout_eof = 0; /* EOF encountered reading from fdout. */
static int fderr_eof = 0; /* EOF encountered readung from fderr. */
static int connection_out; /* Connection to client (output). */
static int connection_closed = 0; /* Connection to client closed. */
static u_int buffer_high; /* "Soft" max buffer size. */
-static int client_alive_timeouts = 0;
+static int no_more_sessions = 0; /* Disallow further sessions. */
/*
* This SIGCHLD kludge is used to detect when the child exits. The server
/* prototypes */
static void server_init_dispatch(void);
+/*
+ * Returns current time in seconds from Jan 1, 1970 with the maximum
+ * available resolution.
+ */
+
+static double
+get_current_time(void)
+{
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
+}
+
+
/*
* we write to this pipe if a SIGCHLD is caught in order to avoid
* the race between select() and child_terminated
int channel_id;
/* timeout, check to see how many we have had */
- if (++client_alive_timeouts > options.client_alive_count_max) {
+ if (++keep_alive_timeouts > options.client_alive_count_max) {
logit("Timeout, client not responding.");
cleanup_exit(255);
}
return;
cleanup_exit(255);
} else if (len < 0) {
- if (errno != EINTR && errno != EAGAIN) {
+ if (errno != EINTR && errno != EAGAIN &&
+ errno != EWOULDBLOCK) {
verbose("Read error from remote host "
"%.100s: %.100s",
get_remote_ipaddr(), strerror(errno));
} else {
/* Buffer any received data. */
packet_process_incoming(buf, len);
+ fdout_bytes += len;
}
}
if (compat20)
if (!fdout_eof && FD_ISSET(fdout, readset)) {
errno = 0;
len = read(fdout, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !child_terminated))) {
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
} else {
buffer_append(&stdout_buffer, buf, len);
fdout_bytes += len;
+ debug ("FD out now: %ld", fdout_bytes);
}
}
/* Read and buffer any available stderr data from the program. */
if (!fderr_eof && FD_ISSET(fderr, readset)) {
errno = 0;
len = read(fderr, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !child_terminated))) {
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
data = buffer_ptr(&stdin_buffer);
dlen = buffer_len(&stdin_buffer);
len = write(fdin, data, dlen);
- if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ if (len < 0 &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) {
/* do nothing */
} else if (len <= 0) {
if (fdin != fdout)
}
/* Send any buffered packet data to the client. */
if (FD_ISSET(connection_out, writeset))
- packet_write_poll();
+ stdin_bytes += packet_write_poll();
}
/*
{
fd_set *readset = NULL, *writeset = NULL;
int rekeying = 0, max_fd, nalloc = 0;
+ double start_time, total_time;
debug("Entering interactive session for SSH2.");
+ start_time = get_current_time();
mysignal(SIGCHLD, sigchld_handler);
child_terminated = 0;
/* free remaining sessions, e.g. remove wtmp entries */
session_destroy_all(NULL);
+ total_time = get_current_time() - start_time;
+ logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f",
+ get_remote_ipaddr(), get_remote_port(),
+ stdin_bytes, fdout_bytes, total_time, stdin_bytes / total_time,
+ fdout_bytes / total_time);
}
static void
* even if this was generated by something other than
* the bogus CHANNEL_REQUEST we send for keepalives.
*/
- client_alive_timeouts = 0;
+ keep_alive_timeouts = 0;
}
static void
server_request_direct_tcpip(void)
{
Channel *c;
- int sock;
char *target, *originator;
- int target_port, originator_port;
+ u_short target_port, originator_port;
target = packet_get_string(NULL);
target_port = packet_get_int();
originator_port = packet_get_int();
packet_check_eom();
- debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
- originator, originator_port, target, target_port);
+ debug("server_request_direct_tcpip: originator %s port %d, target %s "
+ "port %d", originator, originator_port, target, target_port);
/* XXX check permission */
- sock = channel_connect_to(target, target_port);
- xfree(target);
+ c = channel_connect_to(target, target_port,
+ "direct-tcpip", "direct-tcpip");
+
xfree(originator);
- if (sock < 0)
- return NULL;
- if (options.hpn_disabled)
- c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
- sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
- CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
- else
- c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
- sock, sock, -1, options.hpn_buffer_size,
- CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
+ xfree(target);
+
return c;
}
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
- sys_tun_outfilter);
+ sys_tun_outfilter, NULL, NULL);
#endif
done:
debug("input_session_request");
packet_check_eom();
+
+ if (no_more_sessions) {
+ packet_disconnect("Possible attack: attempt to open a session "
+ "after additional sessions disabled");
+ }
+
/*
* A server session has no fd to read or write until a
* CHANNEL_REQUEST for a shell is made, so we set the type to
c = channel_new("session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
- if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled))
+ if ((options.tcp_rcv_buf_poll) && (!options.hpn_disabled))
c->dynamic_window = 1;
if (session_open(the_authctxt, c->self) != 1) {
debug("session open failed, free channel %d", c->self);
{
char *rtype;
int want_reply;
- int success = 0;
+ int success = 0, allocated_listen_port = 0;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
/* check permissions */
if (!options.allow_tcp_forwarding ||
- no_port_forwarding_flag
+ no_port_forwarding_flag ||
+ (!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
#endif
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(
- listen_address, listen_port, options.gateway_ports,
- options.hpn_disabled, options.hpn_buffer_size);
+ listen_address, listen_port,
+ &allocated_listen_port, options.gateway_ports);
}
xfree(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
xfree(cancel_address);
+ } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
+ no_more_sessions = 1;
+ success = 1;
}
if (want_reply) {
packet_start(success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
+ if (success && allocated_listen_port > 0)
+ packet_put_int(allocated_listen_port);
packet_send();
packet_write_wait();
}
if ((c = channel_lookup(id)) == NULL)
packet_disconnect("server_input_channel_req: "
"unknown channel %d", id);
- if (c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN)
+ if (!strcmp(rtype, "eow@openssh.com")) {
+ packet_check_eom();
+ chan_rcvd_eow(c);
+ } else if ((c->type == SSH_CHANNEL_LARVAL ||
+ c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
success = session_input_channel_req(c, rtype);
if (reply) {
packet_start(success ?
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
/* client_alive */
+ dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);
dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);