*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.92 2001/02/16 13:38:18 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.108 2001/04/14 16:17:14 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "packet.h"
#include "xmalloc.h"
#include "buffer.h"
+#include "bufaux.h"
#include "uidswap.h"
#include "log.h"
#include "misc.h"
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
+void port_open_helper(Channel *c, char *rtype);
+
/* Sets specific protocol options. */
void
have_hostname_in_open = hostname_in_open;
}
-/*
- * Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually
- * called by the server, because the user could connect to any port anyway,
- * and the server has no way to know but to trust the client anyway.
- */
-
-void
-channel_permit_all_opens()
-{
- all_opens_permitted = 1;
-}
-
/* lookup channel by id */
Channel *
/* XXX ugly hack: nonblock is only set by the server */
if (nonblock && isatty(c->rfd)) {
- debug("channel: %d: rfd %d isatty", c->self, c->rfd);
+ debug("channel %d: rfd %d isatty", c->self, c->rfd);
c->isatty = 1;
if (!isatty(c->wfd)) {
- error("channel: %d: wfd %d is not a tty?",
+ error("channel %d: wfd %d is not a tty?",
c->self, c->wfd);
}
} else {
packet_put_int(c->remote_id);
packet_send();
c->type = SSH_CHANNEL_CLOSED;
- debug("Closing channel %d after input drain.", c->self);
+ debug("channel %d: closing after input drain.", c->self);
}
}
* We have received an X11 connection that has bad
* authentication information.
*/
- log("X11 connection rejected because of wrong authentication.\r\n");
+ log("X11 connection rejected because of wrong authentication.");
buffer_clear(&c->input);
buffer_clear(&c->output);
close(c->sock);
}
}
+
+int
+channel_decode_helper(Channel *c, int start, int lookfor)
+{
+ u_char *p;
+ int i, have;
+
+ p = buffer_ptr(&c->input);
+ have = buffer_len(&c->input);
+ debug2("channel %d: decode_helper: start %d have %d lookfor %d",
+ c->self, start, have, lookfor);
+ if (have < start)
+ return 0;
+ for (i = start; i < have; i++) {
+ if (p[i] == lookfor) {
+ debug2("channel %d: decode_helper: matched at %d",
+ c->self, i);
+ if (lookfor == '\0' ||
+ (i+3 < have &&
+ p[i+1] == '\n' &&
+ p[i+2] == '\r' &&
+ p[i+3] == '\n'))
+ return i;
+ }
+ if (i > 4096) {
+ /* the peer is probably sending garbage */
+ debug("channel %d: decode_helper: too long",
+ c->self);
+ return -1;
+ }
+ }
+ return 0; /* need more */
+}
+
+/* try to decode a http connect header */
+int
+channel_decode_https(Channel *c, fd_set * readset, fd_set * writeset)
+{
+ u_char *p, *host, *buf;
+ int port, ret;
+ char httpok[] = "HTTP/1.0 200\r\n\r\n";
+
+ debug2("channel %d: decode https connect", c->self);
+ ret = channel_decode_helper(c, strlen("connect "), '\r');
+ if (ret <= 0)
+ return ret;
+ p = buffer_ptr(&c->input);
+ buf = xmalloc(ret+1);
+ host = xmalloc(ret);
+ memcpy(buf, p, ret);
+ buf[ret] = '\0';
+ if (sscanf(buf, "CONNECT %[^:]:%u HTTP/", host, &port) != 2) {
+ debug("channel %d: cannot parse http header", c->self);
+ return -1;
+ }
+ debug("channel %d: dynamic request: https host %s port %u",
+ c->self, host, port);
+ strlcpy(c->path, host, sizeof(c->path));
+ c->host_port = port;
+ xfree(host);
+ xfree(buf);
+ buffer_consume(&c->input, ret+4);
+ buffer_append(&c->output, httpok, strlen(httpok));
+
+ return 1;
+}
+
+/* try to decode a socks4 header */
+int
+channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
+{
+ u_char *p, *host;
+ int len, have, ret;
+ char username[256];
+ struct {
+ u_int8_t version;
+ u_int8_t command;
+ u_int16_t dest_port;
+ struct in_addr dest_addr;
+ } s4_req, s4_rsp;
+
+ debug2("channel %d: decode socks4", c->self);
+ ret = channel_decode_helper(c, sizeof(s4_req), '\0');
+ if (ret <= 0)
+ return ret;
+ buffer_get(&c->input, (char *)&s4_req.version, 1);
+ buffer_get(&c->input, (char *)&s4_req.command, 1);
+ buffer_get(&c->input, (char *)&s4_req.dest_port, 2);
+ buffer_get(&c->input, (char *)&s4_req.dest_addr, 4);
+ p = buffer_ptr(&c->input);
+ len = strlen(p);
+ have = buffer_len(&c->input);
+ debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);
+ if (len > have)
+ fatal("channel %d: decode socks4: len %d > have %d",
+ c->self, len, have);
+ strlcpy(username, p, sizeof(username));
+ buffer_consume(&c->input, len);
+ buffer_consume(&c->input, 1); /* trailing '\0' */
+
+ host = inet_ntoa(s4_req.dest_addr);
+ strlcpy(c->path, host, sizeof(c->path));
+ c->host_port = ntohs(s4_req.dest_port);
+
+ debug("channel %d: dynamic request: socks4 host %s port %u command %u",
+ c->self, host, c->host_port, s4_req.command);
+
+ if (s4_req.command != 1) {
+ debug("channel %d: cannot handle: socks4 cn %d",
+ c->self, s4_req.command);
+ return -1;
+ }
+ s4_rsp.version = 0; /* vn: 0 for reply */
+ s4_rsp.command = 90; /* cd: req granted */
+ s4_rsp.dest_port = 0; /* ignored */
+ s4_rsp.dest_addr.s_addr = INADDR_ANY; /* ignored */
+ buffer_append(&c->output, (char *)&s4_rsp, sizeof(s4_rsp));
+ return 1;
+}
+
+/* try to decode a socks5 header */
+#define SSH_SOCKS5_AUTHDONE 0x1000
+#define SSH_SOCKS5_NOAUTH 0x00
+#define SSH_SOCKS5_IPV4 0x01
+#define SSH_SOCKS5_DOMAIN 0x03
+#define SSH_SOCKS5_IPV6 0x04
+#define SSH_SOCKS5_CONNECT 0x01
+#define SSH_SOCKS5_SUCCESS 0x00
+
+int
+channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
+{
+ struct {
+ u_int8_t version;
+ u_int8_t command;
+ u_int8_t reserved;
+ u_int8_t atyp;
+ } s5_req, s5_rsp;
+ u_int16_t dest_port;
+ u_char *p, dest_addr[255+1];
+ int i, have, found, nmethods, addrlen, af;
+
+ debug2("channel %d: decode socks5", c->self);
+ p = buffer_ptr(&c->input);
+ if (p[0] != 0x05)
+ return -1;
+ have = buffer_len(&c->input);
+ if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {
+ /* format: ver | nmethods | methods */
+ if (have < 2)
+ return 0;
+ nmethods = p[1];
+ if (have < nmethods + 2)
+ return 0;
+ /* look for method: "NO AUTHENTICATION REQUIRED" */
+ for (found = 0, i = 2 ; i < nmethods + 2; i++) {
+ if (p[i] == SSH_SOCKS5_NOAUTH ) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ debug("channel %d: method SSH_SOCKS5_NOAUTH not found",
+ c->self);
+ return -1;
+ }
+ buffer_consume(&c->input, nmethods + 2);
+ buffer_put_char(&c->output, 0x05); /* version */
+ buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */
+ FD_SET(c->sock, writeset);
+ c->flags |= SSH_SOCKS5_AUTHDONE;
+ debug2("channel %d: socks5 auth done", c->self);
+ return 0; /* need more */
+ }
+ debug2("channel %d: socks5 post auth", c->self);
+ if (have < sizeof(s5_req)+1)
+ return 0; /* need more */
+ memcpy((char *)&s5_req, p, sizeof(s5_req));
+ if (s5_req.version != 0x05 ||
+ s5_req.command != SSH_SOCKS5_CONNECT ||
+ s5_req.reserved != 0x00) {
+ debug("channel %d: only socks5 connect supported", c->self);
+ return -1;
+ }
+ switch(s5_req.atyp){
+ case SSH_SOCKS5_IPV4:
+ addrlen = 4;
+ af = AF_INET;
+ break;
+ case SSH_SOCKS5_DOMAIN:
+ addrlen = p[sizeof(s5_req)];
+ af = -1;
+ break;
+ case SSH_SOCKS5_IPV6:
+ addrlen = 16;
+ af = AF_INET6;
+ break;
+ default:
+ debug("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);
+ return -1;
+ }
+ if (have < 4 + addrlen + 2)
+ return 0;
+ buffer_consume(&c->input, sizeof(s5_req));
+ buffer_get(&c->input, (char *)&dest_addr, addrlen);
+ buffer_get(&c->input, (char *)&dest_port, 2);
+ dest_addr[addrlen] = '\0';
+ if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
+ strlcpy(c->path, dest_addr, sizeof(c->path));
+ else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)
+ return -1;
+ c->host_port = ntohs(dest_port);
+
+ debug("channel %d: dynamic request: socks5 host %s port %u command %u",
+ c->self, c->path, c->host_port, s5_req.command);
+
+ s5_rsp.version = 0x05;
+ s5_rsp.command = SSH_SOCKS5_SUCCESS;
+ s5_rsp.reserved = 0; /* ignored */
+ s5_rsp.atyp = SSH_SOCKS5_IPV4;
+ ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;
+ dest_port = 0; /* ignored */
+
+ buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp));
+ buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr));
+ buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port));
+ return 1;
+}
+
+/* dynamic port forwarding */
+void
+channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
+{
+ u_char *p;
+ int have, ret;
+
+ have = buffer_len(&c->input);
+
+ debug2("channel %d: pre_dynamic: have %d", c->self, have);
+ /* buffer_dump(&c->input); */
+ /* check if the fixed size part of the packet is in buffer. */
+ if (have < 4) {
+ /* need more */
+ FD_SET(c->sock, readset);
+ return;
+ }
+ /* try to guess the protocol */
+ p = buffer_ptr(&c->input);
+ switch (p[0]) {
+ case 'C':
+ ret = channel_decode_https(c, readset, writeset);
+ break;
+ case 0x04:
+ ret = channel_decode_socks4(c, readset, writeset);
+ break;
+ case 0x05:
+ ret = channel_decode_socks5(c, readset, writeset);
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+ if (ret < 0) {
+ channel_free(c->self);
+ } else if (ret == 0) {
+ debug2("channel %d: pre_dynamic: need more", c->self);
+ /* need more */
+ FD_SET(c->sock, readset);
+ } else {
+ /* switch to the next state */
+ c->type = SSH_CHANNEL_OPENING;
+ port_open_helper(c, "direct-tcpip");
+ }
+}
+
/* This is our fake X11 server socket. */
void
channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
}
}
+void
+port_open_helper(Channel *c, char *rtype)
+{
+ int direct;
+ char buf[1024];
+ char *remote_ipaddr = get_peer_ipaddr(c->sock);
+ u_short remote_port = get_peer_port(c->sock);
+
+ direct = (strcmp(rtype, "direct-tcpip") == 0);
+
+ snprintf(buf, sizeof buf,
+ "%s: listening port %d for %.100s port %d, "
+ "connect from %.200s port %d",
+ rtype, c->listening_port, c->path, c->host_port,
+ remote_ipaddr, remote_port);
+
+ xfree(c->remote_name);
+ c->remote_name = xstrdup(buf);
+
+ if (compat20) {
+ packet_start(SSH2_MSG_CHANNEL_OPEN);
+ packet_put_cstring(rtype);
+ packet_put_int(c->self);
+ packet_put_int(c->local_window_max);
+ packet_put_int(c->local_maxpacket);
+ if (direct) {
+ /* target host, port */
+ packet_put_cstring(c->path);
+ packet_put_int(c->host_port);
+ } else {
+ /* listen address, port */
+ packet_put_cstring(c->path);
+ packet_put_int(c->listening_port);
+ }
+ /* originator host and port */
+ packet_put_cstring(remote_ipaddr);
+ packet_put_int(remote_port);
+ packet_send();
+ } else {
+ packet_start(SSH_MSG_PORT_OPEN);
+ packet_put_int(c->self);
+ packet_put_cstring(c->path);
+ packet_put_int(c->host_port);
+ if (have_hostname_in_open)
+ packet_put_cstring(c->remote_name);
+ packet_send();
+ }
+ xfree(remote_ipaddr);
+}
+
/*
* This socket is listening for connections to a forwarded TCP/IP port.
*/
void
channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
{
+ Channel *nc;
struct sockaddr addr;
- int newsock, newch;
+ int newsock, newch, nextstate;
socklen_t addrlen;
- char buf[1024], *remote_ipaddr, *rtype;
- int remote_port;
-
- rtype = (c->type == SSH_CHANNEL_RPORT_LISTENER) ?
- "forwarded-tcpip" : "direct-tcpip";
+ char *rtype;
if (FD_ISSET(c->sock, readset)) {
debug("Connection to port %d forwarding "
"to %.100s port %d requested.",
c->listening_port, c->path, c->host_port);
+
+ rtype = (c->type == SSH_CHANNEL_RPORT_LISTENER) ?
+ "forwarded-tcpip" : "direct-tcpip";
+ nextstate = (c->host_port == 0) ? SSH_CHANNEL_DYNAMIC :
+ SSH_CHANNEL_OPENING;
+
addrlen = sizeof(addr);
newsock = accept(c->sock, &addr, &addrlen);
if (newsock < 0) {
error("accept: %.100s", strerror(errno));
return;
}
- remote_ipaddr = get_peer_ipaddr(newsock);
- remote_port = get_peer_port(newsock);
- snprintf(buf, sizeof buf,
- "listen port %d for %.100s port %d, "
- "connect from %.200s port %d",
- c->listening_port, c->path, c->host_port,
- remote_ipaddr, remote_port);
-
newch = channel_new(rtype,
- SSH_CHANNEL_OPENING, newsock, newsock, -1,
+ nextstate, newsock, newsock, -1,
c->local_window_max, c->local_maxpacket,
- 0, xstrdup(buf), 1);
- if (compat20) {
- packet_start(SSH2_MSG_CHANNEL_OPEN);
- packet_put_cstring(rtype);
- packet_put_int(newch);
- packet_put_int(c->local_window_max);
- packet_put_int(c->local_maxpacket);
- if (c->type == SSH_CHANNEL_RPORT_LISTENER) {
- /* listen address, port */
- packet_put_string(c->path, strlen(c->path));
- packet_put_int(c->listening_port);
- } else {
- /* target host, port */
- packet_put_string(c->path, strlen(c->path));
- packet_put_int(c->host_port);
- }
- /* originator host and port */
- packet_put_cstring(remote_ipaddr);
- packet_put_int(remote_port);
- packet_send();
- } else {
- packet_start(SSH_MSG_PORT_OPEN);
- packet_put_int(newch);
- packet_put_string(c->path, strlen(c->path));
- packet_put_int(c->host_port);
- if (have_hostname_in_open) {
- packet_put_string(buf, strlen(buf));
- }
- packet_send();
+ 0, xstrdup(rtype), 1);
+
+ nc = channel_lookup(newch);
+ if (nc == NULL) {
+ error("xxx: no new channel:");
+ return;
}
- xfree(remote_ipaddr);
+ nc->listening_port = c->listening_port;
+ nc->host_port = c->host_port;
+ strlcpy(nc->path, c->path, sizeof(nc->path));
+
+ if (nextstate != SSH_CHANNEL_DYNAMIC)
+ port_open_helper(nc, rtype);
}
}
if (len <= 0) {
debug("channel %d: read<=0 rfd %d len %d",
c->self, c->rfd, len);
- if (compat13) {
+ if (c->type != SSH_CHANNEL_OPEN) {
+ debug("channel %d: not open", c->self);
+ channel_free(c->self);
+ return -1;
+ } else if (compat13) {
buffer_consume(&c->output, buffer_len(&c->output));
c->type = SSH_CHANNEL_INPUT_DRAINING;
- debug("Channel %d status set to input draining.", c->self);
+ debug("channel %d: status set to input draining.", c->self);
} else {
chan_read_failed(c);
}
}
if(c->input_filter != NULL) {
if (c->input_filter(c, buf, len) == -1) {
- debug("filter stops channel %d", c->self);
+ debug("channel %d: filter stops", c->self);
chan_read_failed(c);
}
} else {
int
channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
{
+ struct termios tio;
int len;
/* Send buffered output data to the socket. */
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
- if (compat13) {
+ if (c->type != SSH_CHANNEL_OPEN) {
+ debug("channel %d: not open", c->self);
+ channel_free(c->self);
+ return -1;
+ } else if (compat13) {
buffer_consume(&c->output, buffer_len(&c->output));
- debug("Channel %d status set to input draining.", c->self);
+ debug("channel %d: status set to input draining.", c->self);
c->type = SSH_CHANNEL_INPUT_DRAINING;
} else {
chan_write_failed(c);
return -1;
}
if (compat20 && c->isatty) {
- struct termios tio;
if (tcgetattr(c->wfd, &tio) == 0 &&
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
/*
* Simulate echo to reduce the impact of
- * traffic analysis.
+ * traffic analysis. We need to match the
+ * size of a SSH2_MSG_CHANNEL_DATA message
+ * (4 byte channel id + data)
*/
- packet_start(SSH2_MSG_IGNORE);
- memset(buffer_ptr(&c->output), 0, len);
- packet_put_string(buffer_ptr(&c->output), len);
+ packet_send_ignore(4 + len);
packet_send();
}
}
buffer_len(&c->extended));
debug2("channel %d: written %d to efd %d",
c->self, len, c->efd);
- if (len > 0) {
+ if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ return 1;
+ if (len <= 0) {
+ debug2("channel %d: closing write-efd %d",
+ c->self, c->efd);
+ close(c->efd);
+ c->efd = -1;
+ } else {
buffer_consume(&c->extended, len);
c->local_consumed += len;
}
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
c->self, len, c->efd);
- if (len == 0) {
- debug("channel %d: closing efd %d",
+ if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ return 1;
+ if (len <= 0) {
+ debug2("channel %d: closing read-efd %d",
c->self, c->efd);
close(c->efd);
c->efd = -1;
- } else if (len > 0)
+ } else {
buffer_append(&c->extended, buf, len);
+ }
}
}
return 1;
}
int
-channel_check_window(Channel *c, fd_set * readset, fd_set * writeset)
+channel_check_window(Channel *c)
{
- if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
+ if (c->type == SSH_CHANNEL_OPEN &&
+ !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
c->local_window < c->local_window_max/2 &&
c->local_consumed > 0) {
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
channel_handle_rfd(c, readset, writeset);
channel_handle_wfd(c, readset, writeset);
channel_handle_efd(c, readset, writeset);
- channel_check_window(c, readset, writeset);
+
+ channel_check_window(c);
}
void
channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
+ channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_2;
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
+ channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_2;
}
void
channel_pre[SSH_CHANNEL_INPUT_DRAINING] = &channel_pre_input_draining;
channel_pre[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_pre_output_draining;
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
+ channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;
channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
channel_post[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_post_output_drain_13;
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
+ channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_1;
}
void
channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
+ channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
+ channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_1;
}
void
if (ftab[c->type] == NULL)
continue;
(*ftab[c->type])(c, readset, writeset);
- chan_delete_if_full_closed(c);
+ if (chan_is_dead(c)) {
+ /*
+ * we have to remove the fd's from the select mask
+ * before the channels are free'd and the fd's are
+ * closed
+ */
+ if (c->wfd != -1)
+ FD_CLR(c->wfd, writeset);
+ if (c->rfd != -1)
+ FD_CLR(c->rfd, readset);
+ if (c->efd != -1) {
+ if (c->extended_usage == CHAN_EXTENDED_READ)
+ FD_CLR(c->efd, readset);
+ if (c->extended_usage == CHAN_EXTENDED_WRITE)
+ FD_CLR(c->efd, writeset);
+ }
+ channel_free(c->self);
+ }
}
}
void
-channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp)
+channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
+ int rekeying)
{
int n;
u_int sz;
memset(*readsetp, 0, sz);
memset(*writesetp, 0, sz);
- channel_handler(channel_pre, *readsetp, *writesetp);
+ if (!rekeying)
+ channel_handler(channel_pre, *readsetp, *writesetp);
}
void
} else {
if (c->type != SSH_CHANNEL_OPEN)
continue;
- if (c->istate != CHAN_INPUT_OPEN &&
- c->istate != CHAN_INPUT_WAIT_DRAIN)
- continue;
}
if (compat20 &&
(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD))) {
- debug("channel: %d: no data after CLOSE", c->self);
+ /* XXX is this true? */
+ debug2("channel %d: no data after CLOSE", c->self);
continue;
}
/* Get the amount of buffered data for this channel. */
- len = buffer_len(&c->input);
- if (len > 0) {
+ if ((c->istate == CHAN_INPUT_OPEN ||
+ c->istate == CHAN_INPUT_WAIT_DRAIN) &&
+ (len = buffer_len(&c->input)) > 0) {
/* Send some data for the other side over the secure connection. */
if (compat20) {
if (len > c->remote_window)
c->remote_window > 0 &&
(len = buffer_len(&c->extended)) > 0 &&
c->extended_usage == CHAN_EXTENDED_READ) {
+ debug2("channel %d: rwin %d elen %d euse %d",
+ c->self, c->remote_window, buffer_len(&c->extended),
+ c->extended_usage);
if (len > c->remote_window)
len = c->remote_window;
if (len > c->remote_maxpacket)
packet_send();
buffer_consume(&c->extended, len);
c->remote_window -= len;
+ debug2("channel %d: sent ext data %d", c->self, len);
}
}
}
debug2("callback done");
} else {
char *service = packet_get_string(NULL);
- debug("channel: %d rcvd request for %s", c->self, service);
+ debug("channel %d: rcvd request for %s", c->self, service);
debug("cb_fn %p cb_event %d", c->cb_fn , c->cb_event);
xfree(service);
}
case SSH_CHANNEL_RPORT_LISTENER:
case SSH_CHANNEL_CLOSED:
case SSH_CHANNEL_AUTH_SOCKET:
+ case SSH_CHANNEL_DYNAMIC:
case SSH_CHANNEL_CONNECTING: /* XXX ??? */
continue;
case SSH_CHANNEL_LARVAL:
return 0;
}
+/* Returns the id of an open channel suitable for keepaliving */
+
+int
+channel_find_open()
+{
+ u_int i;
+ for (i = 0; i < channels_alloc; i++)
+ switch (channels[i].type) {
+ case SSH_CHANNEL_CLOSED:
+ case SSH_CHANNEL_DYNAMIC:
+ case SSH_CHANNEL_FREE:
+ case SSH_CHANNEL_X11_LISTENER:
+ case SSH_CHANNEL_PORT_LISTENER:
+ case SSH_CHANNEL_RPORT_LISTENER:
+ case SSH_CHANNEL_OPENING:
+ continue;
+ case SSH_CHANNEL_LARVAL:
+ case SSH_CHANNEL_AUTH_SOCKET:
+ case SSH_CHANNEL_CONNECTING: /* XXX ??? */
+ case SSH_CHANNEL_OPEN:
+ case SSH_CHANNEL_X11_OPEN:
+ return i;
+ case SSH_CHANNEL_INPUT_DRAINING:
+ case SSH_CHANNEL_OUTPUT_DRAINING:
+ if (!compat13)
+ fatal("cannot happen: OUT_DRAIN");
+ return i;
+ default:
+ fatal("channel_find_open: bad channel type %d", channels[i].type);
+ /* NOTREACHED */
+ }
+ return -1;
+}
+
+
/*
* Returns a message describing the currently open forwarded connections,
* suitable for sending to the client. The message contains crlf pairs for
case SSH_CHANNEL_LARVAL:
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_CONNECTING:
+ case SSH_CHANNEL_DYNAMIC:
case SSH_CHANNEL_OPEN:
case SSH_CHANNEL_X11_OPEN:
case SSH_CHANNEL_INPUT_DRAINING:
xfree(hostname);
}
-/* XXX move to aux.c */
+/*
+ * Permits opening to any host/port if permitted_opens[] is empty. This is
+ * usually called by the server, because the user could connect to any port
+ * anyway, and the server has no way to know but to trust the client anyway.
+ */
+void
+channel_permit_all_opens()
+{
+ if (num_permitted_opens == 0)
+ all_opens_permitted = 1;
+}
+
+void
+channel_add_permitted_opens(char *host, int port)
+{
+ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ fatal("channel_request_remote_forwarding: too many forwards");
+ debug("allow port forwarding to host %s port %d", host, port);
+
+ permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
+ permitted_opens[num_permitted_opens].port_to_connect = port;
+ num_permitted_opens++;
+
+ all_opens_permitted = 0;
+}
+
+void
+channel_clear_permitted_opens(void)
+{
+ int i;
+
+ for (i = 0; i < num_permitted_opens; i++)
+ xfree(permitted_opens[i].host_to_connect);
+ num_permitted_opens = 0;
+
+}
+
+
+/* return socket to remote host, port */
int
-channel_connect_to(const char *host, u_short host_port)
+connect_to(const char *host, u_short port)
{
struct addrinfo hints, *ai, *aitop;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
- snprintf(strport, sizeof strport, "%d", host_port);
+ snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
- error("%.100s: unknown host (%s)", host, gai_strerror(gaierr));
+ error("connect_to %.100s: unknown host (%s)", host,
+ gai_strerror(gaierr));
return -1;
}
for (ai = aitop; ai; ai = ai->ai_next) {
continue;
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
- error("channel_connect_to: getnameinfo failed");
+ error("connect_to: getnameinfo failed");
continue;
}
- /* Create the socket. */
sock = socket(ai->ai_family, SOCK_STREAM, 0);
if (sock < 0) {
error("socket: %.100s", strerror(errno));
}
if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0)
fatal("connect_to: F_SETFL: %s", strerror(errno));
- /* Connect to the host/port. */
if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 &&
errno != EINPROGRESS) {
- error("connect %.100s port %s: %.100s", ntop, strport,
+ error("connect_to %.100s port %s: %.100s", ntop, strport,
strerror(errno));
close(sock);
continue; /* fail -- try next */
}
freeaddrinfo(aitop);
if (!ai) {
- error("connect %.100s port %d: failed.", host, host_port);
+ error("connect_to %.100s port %d: failed.", host, port);
return -1;
}
/* success */
return sock;
}
+
int
channel_connect_by_listen_adress(u_short listen_port)
{
int i;
+
for (i = 0; i < num_permitted_opens; i++)
if (permitted_opens[i].listen_port == listen_port)
- return channel_connect_to(
+ return connect_to(
permitted_opens[i].host_to_connect,
permitted_opens[i].port_to_connect);
error("WARNING: Server requests forwarding for unknown listen_port %d",
return -1;
}
+/* Check if connecting to that port is permitted and connect. */
+int
+channel_connect_to(const char *host, u_short port)
+{
+ int i, permit;
+
+ permit = all_opens_permitted;
+ if (!permit) {
+ for (i = 0; i < num_permitted_opens; i++)
+ if (permitted_opens[i].port_to_connect == port &&
+ strcmp(permitted_opens[i].host_to_connect, host) == 0)
+ permit = 1;
+
+ }
+ if (!permit) {
+ log("Received request to connect to host %.100s port %d, "
+ "but the request was denied.", host, port);
+ return -1;
+ }
+ return connect_to(host, port);
+}
+
/*
* This is called after receiving PORT_OPEN message. This attempts to
* connect to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION
{
u_short host_port;
char *host, *originator_string;
- int remote_channel, sock = -1, newch, i, denied;
- u_int host_len, originator_len;
+ int remote_channel, sock = -1, newch;
- /* Get remote channel number. */
remote_channel = packet_get_int();
-
- /* Get host name to connect to. */
- host = packet_get_string(&host_len);
-
- /* Get port to connect to. */
+ host = packet_get_string(NULL);
host_port = packet_get_int();
- /* Get remote originator name. */
if (have_hostname_in_open) {
- originator_string = packet_get_string(&originator_len);
- originator_len += 4; /* size of packet_int */
+ originator_string = packet_get_string(NULL);
} else {
originator_string = xstrdup("unknown (remote did not supply name)");
- originator_len = 0; /* no originator supplied */
}
-
- packet_integrity_check(plen,
- 4 + 4 + host_len + 4 + originator_len, SSH_MSG_PORT_OPEN);
-
- /* Check if opening that port is permitted. */
- denied = 0;
- if (!all_opens_permitted) {
- /* Go trough all permitted ports. */
- for (i = 0; i < num_permitted_opens; i++)
- if (permitted_opens[i].port_to_connect == host_port &&
- strcmp(permitted_opens[i].host_to_connect, host) == 0)
- break;
-
- /* Check if we found the requested port among those permitted. */
- if (i >= num_permitted_opens) {
- /* The port is not permitted. */
- log("Received request to connect to %.100s:%d, but the request was denied.",
- host, host_port);
- denied = 1;
- }
- }
- sock = denied ? -1 : channel_connect_to(host, host_port);
- if (sock > 0) {
- /* Allocate a channel for this connection. */
+ packet_done();
+ sock = channel_connect_to(host, host_port);
+ if (sock != -1) {
newch = channel_allocate(SSH_CHANNEL_CONNECTING,
sock, originator_string);
-/*XXX delay answer? */
channels[newch].remote_id = remote_channel;
+ /*XXX delay answer? */
packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
packet_put_int(remote_channel);
packet_put_int(newch);
fatal("Protocol error: authentication forwarding requested twice.");
/* Temporarily drop privileged uid for mkdir/bind. */
- temporarily_use_uid(pw->pw_uid);
+ temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
channel_forwarded_auth_socket_name = xmalloc(MAX_SOCKET_NAME);