*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.36 2000/09/21 11:25:33 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.41 2000/12/05 20:34:10 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "buffer.h"
#include "bufaux.h"
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include "key.h"
+#include "authfd.h"
+
+/* import options */
+extern Options options;
+
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
return;
- debug("client_check_window_change: changed");
+ debug2("client_check_window_change: changed");
if (compat20) {
channel_request_start(session_ident, "window-change", 0);
void
client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
{
- /*debug("client_wait_until_can_do_something"); */
-
/* Initialize select masks. */
FD_ZERO(readset);
FD_ZERO(writeset);
if (FD_ISSET(connection_in, readset)) {
/* Read as much as possible. */
len = read(connection_in, buf, sizeof(buf));
-/*debug("read connection_in len %d", len); XXX */
if (len == 0) {
/* Received EOF. The remote host has closed the connection. */
snprintf(buf, sizeof buf, "Connection to %.300s closed by remote host.\r\n",
int
client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
- extern Options options;
double start_time, total_time;
int len;
char buf[100];
client_process_buffered_input_packets();
if (compat20 && !channel_still_open()) {
- debug("!channel_still_open.");
+ debug2("!channel_still_open.");
break;
}
quit_pending = 1;
}
+Channel *
+client_request_forwarded_tcpip(const char *request_type, int rchan)
+{
+ Channel* c = NULL;
+ char *listen_address, *originator_address;
+ int listen_port, originator_port;
+ int sock, newch;
+
+ /* Get rest of the packet */
+ listen_address = packet_get_string(NULL);
+ listen_port = packet_get_int();
+ originator_address = packet_get_string(NULL);
+ originator_port = packet_get_int();
+ packet_done();
+
+ debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
+ listen_address, listen_port, originator_address, originator_port);
+
+ sock = channel_connect_by_listen_adress(listen_port);
+ if (sock >= 0) {
+ newch = channel_new("forwarded-tcpip",
+ SSH_CHANNEL_CONNECTING, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ xstrdup(originator_address), 1);
+ c = channel_lookup(newch);
+ }
+ xfree(originator_address);
+ xfree(listen_address);
+ return c;
+}
+
+Channel*
+client_request_x11(const char *request_type, int rchan)
+{
+ Channel *c = NULL;
+ char *originator;
+ int originator_port;
+ int sock, newch;
+
+ if (!options.forward_x11) {
+ error("Warning: ssh server tried X11 forwarding.");
+ error("Warning: this is probably a break in attempt by a malicious server.");
+ return NULL;
+ }
+ originator = packet_get_string(NULL);
+ if (datafellows & SSH_BUG_X11FWD) {
+ debug2("buggy server: x11 request w/o originator_port");
+ originator_port = 0;
+ } else {
+ originator_port = packet_get_int();
+ }
+ packet_done();
+ /* XXX check permission */
+ sock = x11_connect_display();
+ if (sock >= 0) {
+ newch = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0,
+ xstrdup("x11"), 1);
+ c = channel_lookup(newch);
+ }
+ xfree(originator);
+ return c;
+}
+
+Channel*
+client_request_agent(const char *request_type, int rchan)
+{
+ Channel *c = NULL;
+ int sock, newch;
+
+ if (!options.forward_agent) {
+ error("Warning: ssh server tried agent forwarding.");
+ error("Warning: this is probably a break in attempt by a malicious server.");
+ return NULL;
+ }
+ sock = ssh_get_authentication_socket();
+ if (sock >= 0) {
+ newch = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ xstrdup("authentication agent connection"), 1);
+ c = channel_lookup(newch);
+ }
+ return c;
+}
+
/* XXXX move to generic input handler */
void
client_input_channel_open(int type, int plen, void *ctxt)
{
Channel *c = NULL;
char *ctype;
- int id;
unsigned int len;
int rchan;
int rmaxpack;
debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
ctype, rchan, rwindow, rmaxpack);
- if (strcmp(ctype, "x11") == 0) {
- int sock;
- char *originator;
- int originator_port;
- originator = packet_get_string(NULL);
- if (datafellows & SSH_BUG_X11FWD) {
- debug("buggy server: x11 request w/o originator_port");
- originator_port = 0;
- } else {
- originator_port = packet_get_int();
- }
- packet_done();
- /* XXX check permission */
- xfree(originator);
- /* XXX move to channels.c */
- sock = x11_connect_display();
- if (sock >= 0) {
- id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
- sock, sock, -1, CHAN_X11_WINDOW_DEFAULT,
- CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"));
- c = channel_lookup(id);
- }
+ if (strcmp(ctype, "forwarded-tcpip") == 0) {
+ c = client_request_forwarded_tcpip(ctype, rchan);
+ } else if (strcmp(ctype, "x11") == 0) {
+ c = client_request_x11(ctype, rchan);
+ } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
+ c = client_request_agent(ctype, rchan);
}
/* XXX duplicate : */
if (c != NULL) {
dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
+
+ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
+ &auth_input_open_request : &deny_input_open);
+ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
+ &x11_input_open : &deny_input_open);
}
void
client_init_dispatch_15()
void
client_set_session_ident(int id)
{
- debug("client_set_session_ident: id %d", id);
+ debug2("client_set_session_ident: id %d", id);
session_ident = id;
channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
client_input_channel_req, (void *)0);