*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.36 2000/09/21 11:25:33 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $");
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
-#include "readconf.h"
-
-#include "ssh2.h"
#include "compat.h"
#include "channels.h"
#include "dispatch.h"
-
#include "buffer.h"
#include "bufaux.h"
+#include "key.h"
+#include "log.h"
+#include "readconf.h"
+#include "clientloop.h"
+#include "authfd.h"
+#include "atomicio.h"
+
+/* import options */
+extern Options options;
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
static Buffer stdin_buffer; /* Buffer for stdin data. */
static Buffer stdout_buffer; /* Buffer for stdout data. */
static Buffer stderr_buffer; /* Buffer for stderr data. */
-static unsigned long stdin_bytes, stdout_bytes, stderr_bytes;
-static unsigned int buffer_high;/* Soft max buffer size. */
+static u_long stdin_bytes, stdout_bytes, stderr_bytes;
+static u_int buffer_high;/* Soft max buffer size. */
static int max_fd; /* Maximum file descriptor number in select(). */
static int connection_in; /* Connection to server (input). */
static int connection_out; /* Connection to server (output). */
* and also process it as an escape character if
* appropriate.
*/
- if ((unsigned char) buf[0] == escape_char)
+ if ((u_char) buf[0] == escape_char)
escape_pending = 1;
else {
buffer_append(&stdin_buffer, buf, 1);
void
client_make_packets_from_stdin_data()
{
- unsigned int len;
+ u_int len;
/* Send buffered stdin data to the server. */
while (buffer_len(&stdin_buffer) > 0 &&
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
return;
- debug("client_check_window_change: changed");
+ debug2("client_check_window_change: changed");
if (compat20) {
channel_request_start(session_ident, "window-change", 0);
void
client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
{
- /*debug("client_wait_until_can_do_something"); */
-
/* Initialize select masks. */
FD_ZERO(readset);
FD_ZERO(writeset);
if (FD_ISSET(connection_in, readset)) {
/* Read as much as possible. */
len = read(connection_in, buf, sizeof(buf));
-/*debug("read connection_in len %d", len); XXX */
if (len == 0) {
/* Received EOF. The remote host has closed the connection. */
snprintf(buf, sizeof buf, "Connection to %.300s closed by remote host.\r\n",
char string[1024];
pid_t pid;
int bytes = 0;
- unsigned int i;
- unsigned char ch;
+ u_int i;
+ u_char ch;
char *s;
for (i = 0; i < len; i++) {
int
client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
- extern Options options;
double start_time, total_time;
int len;
char buf[100];
client_process_buffered_input_packets();
if (compat20 && !channel_still_open()) {
- debug("!channel_still_open.");
+ debug2("!channel_still_open.");
break;
}
void
client_input_stdout_data(int type, int plen, void *ctxt)
{
- unsigned int data_len;
+ u_int data_len;
char *data = packet_get_string(&data_len);
packet_integrity_check(plen, 4 + data_len, type);
buffer_append(&stdout_buffer, data, data_len);
void
client_input_stderr_data(int type, int plen, void *ctxt)
{
- unsigned int data_len;
+ u_int data_len;
char *data = packet_get_string(&data_len);
packet_integrity_check(plen, 4 + data_len, type);
buffer_append(&stderr_buffer, data, data_len);
quit_pending = 1;
}
+Channel *
+client_request_forwarded_tcpip(const char *request_type, int rchan)
+{
+ Channel* c = NULL;
+ char *listen_address, *originator_address;
+ int listen_port, originator_port;
+ int sock, newch;
+
+ /* Get rest of the packet */
+ listen_address = packet_get_string(NULL);
+ listen_port = packet_get_int();
+ originator_address = packet_get_string(NULL);
+ originator_port = packet_get_int();
+ packet_done();
+
+ debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
+ listen_address, listen_port, originator_address, originator_port);
+
+ sock = channel_connect_by_listen_adress(listen_port);
+ if (sock >= 0) {
+ newch = channel_new("forwarded-tcpip",
+ SSH_CHANNEL_CONNECTING, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ xstrdup(originator_address), 1);
+ c = channel_lookup(newch);
+ }
+ xfree(originator_address);
+ xfree(listen_address);
+ return c;
+}
+
+Channel*
+client_request_x11(const char *request_type, int rchan)
+{
+ Channel *c = NULL;
+ char *originator;
+ int originator_port;
+ int sock, newch;
+
+ if (!options.forward_x11) {
+ error("Warning: ssh server tried X11 forwarding.");
+ error("Warning: this is probably a break in attempt by a malicious server.");
+ return NULL;
+ }
+ originator = packet_get_string(NULL);
+ if (datafellows & SSH_BUG_X11FWD) {
+ debug2("buggy server: x11 request w/o originator_port");
+ originator_port = 0;
+ } else {
+ originator_port = packet_get_int();
+ }
+ packet_done();
+ /* XXX check permission */
+ sock = x11_connect_display();
+ if (sock >= 0) {
+ newch = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0,
+ xstrdup("x11"), 1);
+ c = channel_lookup(newch);
+ }
+ xfree(originator);
+ return c;
+}
+
+Channel*
+client_request_agent(const char *request_type, int rchan)
+{
+ Channel *c = NULL;
+ int sock, newch;
+
+ if (!options.forward_agent) {
+ error("Warning: ssh server tried agent forwarding.");
+ error("Warning: this is probably a break in attempt by a malicious server.");
+ return NULL;
+ }
+ sock = ssh_get_authentication_socket();
+ if (sock >= 0) {
+ newch = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ xstrdup("authentication agent connection"), 1);
+ c = channel_lookup(newch);
+ }
+ return c;
+}
+
/* XXXX move to generic input handler */
void
client_input_channel_open(int type, int plen, void *ctxt)
{
Channel *c = NULL;
char *ctype;
- int id;
- unsigned int len;
+ u_int len;
int rchan;
int rmaxpack;
int rwindow;
debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
ctype, rchan, rwindow, rmaxpack);
- if (strcmp(ctype, "x11") == 0) {
- int sock;
- char *originator;
- int originator_port;
- originator = packet_get_string(NULL);
- if (datafellows & SSH_BUG_X11FWD) {
- debug("buggy server: x11 request w/o originator_port");
- originator_port = 0;
- } else {
- originator_port = packet_get_int();
- }
- packet_done();
- /* XXX check permission */
- xfree(originator);
- /* XXX move to channels.c */
- sock = x11_connect_display();
- if (sock >= 0) {
- id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
- sock, sock, -1, CHAN_X11_WINDOW_DEFAULT,
- CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"));
- c = channel_lookup(id);
- }
+ if (strcmp(ctype, "forwarded-tcpip") == 0) {
+ c = client_request_forwarded_tcpip(ctype, rchan);
+ } else if (strcmp(ctype, "x11") == 0) {
+ c = client_request_x11(ctype, rchan);
+ } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
+ c = client_request_agent(ctype, rchan);
}
/* XXX duplicate : */
if (c != NULL) {
dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
+
+ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
+ &auth_input_open_request : &deny_input_open);
+ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
+ &x11_input_open : &deny_input_open);
}
void
client_init_dispatch_15()
client_input_channel_req(int id, void *arg)
{
Channel *c = NULL;
- unsigned int len;
+ u_int len;
int success = 0;
int reply;
char *rtype;
}
void
-client_set_session_ident(int id)
+clientloop_set_session_ident(int id)
{
- debug("client_set_session_ident: id %d", id);
+ debug2("clientloop_set_session_ident: id %d", id);
session_ident = id;
channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
client_input_channel_req, (void *)0);