/*
- *
- * clientloop.c
- *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
+ * The main loop for the interactive session (client side).
*
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
*
- * Created: Sat Sep 23 12:23:57 1995 ylo
*
- * The main loop for the interactive session (client side).
+ * Copyright (c) 1999 Theo de Raadt. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
*
* SSH2 support added by Markus Friedl.
+ * Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.32 2000/08/19 22:21:19 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.72 2001/05/24 18:57:53 stevesk Exp $");
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
-#include "readconf.h"
-
-#include "ssh2.h"
#include "compat.h"
#include "channels.h"
#include "dispatch.h"
-
#include "buffer.h"
#include "bufaux.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "readconf.h"
+#include "clientloop.h"
+#include "authfd.h"
+#include "atomicio.h"
+#include "sshtty.h"
+#include "misc.h"
+
+/* import options */
+extern Options options;
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
*/
static volatile int received_window_change_signal = 0;
-/* Terminal modes, as saved by enter_raw_mode. */
-static struct termios saved_tio;
-
-/*
- * Flag indicating whether we are in raw mode. This is used by
- * enter_raw_mode and leave_raw_mode.
- */
-static int in_raw_mode = 0;
-
/* Flag indicating whether the user\'s terminal is in non-blocking mode. */
static int in_non_blocking_mode = 0;
static Buffer stdin_buffer; /* Buffer for stdin data. */
static Buffer stdout_buffer; /* Buffer for stdout data. */
static Buffer stderr_buffer; /* Buffer for stderr data. */
-static unsigned long stdin_bytes, stdout_bytes, stderr_bytes;
-static unsigned int buffer_high;/* Soft max buffer size. */
-static int max_fd; /* Maximum file descriptor number in select(). */
+static u_long stdin_bytes, stdout_bytes, stderr_bytes;
+static u_int buffer_high;/* Soft max buffer size. */
static int connection_in; /* Connection to server (input). */
static int connection_out; /* Connection to server (output). */
-
+static int need_rekeying; /* Set to non-zero if rekeying is requested. */
+static int session_closed = 0; /* In SSH2: login session closed. */
void client_init_dispatch(void);
int session_ident = -1;
-/* Returns the user\'s terminal to normal mode if it had been put in raw mode. */
-
-void
-leave_raw_mode()
-{
- if (!in_raw_mode)
- return;
- in_raw_mode = 0;
- if (tcsetattr(fileno(stdin), TCSADRAIN, &saved_tio) < 0)
- perror("tcsetattr");
-
- fatal_remove_cleanup((void (*) (void *)) leave_raw_mode, NULL);
-}
-
-/* Puts the user\'s terminal in raw mode. */
-
-void
-enter_raw_mode()
-{
- struct termios tio;
-
- if (tcgetattr(fileno(stdin), &tio) < 0)
- perror("tcgetattr");
- saved_tio = tio;
- tio.c_iflag |= IGNPAR;
- tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
- tio.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
-#ifdef IEXTEN
- tio.c_lflag &= ~IEXTEN;
-#endif /* IEXTEN */
- tio.c_oflag &= ~OPOST;
- tio.c_cc[VMIN] = 1;
- tio.c_cc[VTIME] = 0;
- if (tcsetattr(fileno(stdin), TCSADRAIN, &tio) < 0)
- perror("tcsetattr");
- in_raw_mode = 1;
-
- fatal_add_cleanup((void (*) (void *)) leave_raw_mode, NULL);
-}
+/*XXX*/
+extern Kex *xxx_kex;
/* Restores stdin to blocking mode. */
void
-leave_non_blocking()
+leave_non_blocking(void)
{
if (in_non_blocking_mode) {
(void) fcntl(fileno(stdin), F_SETFL, 0);
/* Puts stdin terminal in non-blocking mode. */
void
-enter_non_blocking()
+enter_non_blocking(void)
{
in_non_blocking_mode = 1;
(void) fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
void
signal_handler(int sig)
{
- if (in_raw_mode)
+ if (in_raw_mode())
leave_raw_mode();
if (in_non_blocking_mode)
leave_non_blocking();
*/
double
-get_current_time()
+get_current_time(void)
{
struct timeval tv;
gettimeofday(&tv, NULL);
*/
void
-client_check_initial_eof_on_stdin()
+client_check_initial_eof_on_stdin(void)
{
int len;
char buf[1];
* and also process it as an escape character if
* appropriate.
*/
- if ((unsigned char) buf[0] == escape_char)
+ if ((u_char) buf[0] == escape_char)
escape_pending = 1;
- else {
+ else
buffer_append(&stdin_buffer, buf, 1);
- stdin_bytes += 1;
- }
}
leave_non_blocking();
}
*/
void
-client_make_packets_from_stdin_data()
+client_make_packets_from_stdin_data(void)
{
- unsigned int len;
+ u_int len;
/* Send buffered stdin data to the server. */
while (buffer_len(&stdin_buffer) > 0 &&
packet_put_string(buffer_ptr(&stdin_buffer), len);
packet_send();
buffer_consume(&stdin_buffer, len);
+ stdin_bytes += len;
/* If we have a pending EOF, send it now. */
if (stdin_eof && buffer_len(&stdin_buffer) == 0) {
packet_start(SSH_CMSG_EOF);
*/
void
-client_check_window_change()
+client_check_window_change(void)
{
struct winsize ws;
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
return;
- debug("client_check_window_change: changed");
+ debug2("client_check_window_change: changed");
if (compat20) {
channel_request_start(session_ident, "window-change", 0);
*/
void
-client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
+client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
+ int *maxfdp, int rekeying)
{
- /*debug("client_wait_until_can_do_something"); */
-
- /* Initialize select masks. */
- FD_ZERO(readset);
- FD_ZERO(writeset);
+ /* Add any selections by the channel mechanism. */
+ channel_prepare_select(readsetp, writesetp, maxfdp, rekeying);
if (!compat20) {
/* Read from the connection, unless our buffers are full. */
if (buffer_len(&stdout_buffer) < buffer_high &&
buffer_len(&stderr_buffer) < buffer_high &&
channel_not_very_much_buffered_data())
- FD_SET(connection_in, readset);
+ FD_SET(connection_in, *readsetp);
/*
* Read from stdin, unless we have seen EOF or have very much
* buffered data to send to the server.
*/
if (!stdin_eof && packet_not_very_much_data_to_write())
- FD_SET(fileno(stdin), readset);
+ FD_SET(fileno(stdin), *readsetp);
/* Select stdout/stderr if have data in buffer. */
if (buffer_len(&stdout_buffer) > 0)
- FD_SET(fileno(stdout), writeset);
+ FD_SET(fileno(stdout), *writesetp);
if (buffer_len(&stderr_buffer) > 0)
- FD_SET(fileno(stderr), writeset);
+ FD_SET(fileno(stderr), *writesetp);
} else {
- FD_SET(connection_in, readset);
+ /* channel_prepare_select could have closed the last channel */
+ if (session_closed && !channel_still_open()) {
+ if (!packet_have_data_to_write())
+ return;
+ } else {
+ FD_SET(connection_in, *readsetp);
+ }
}
- /* Add any selections by the channel mechanism. */
- channel_prepare_select(readset, writeset);
-
/* Select server connection if have data to write to the server. */
if (packet_have_data_to_write())
- FD_SET(connection_out, writeset);
-
-/* move UP XXX */
- /* Update maximum file descriptor number, if appropriate. */
- if (channel_max_fd() > max_fd)
- max_fd = channel_max_fd();
+ FD_SET(connection_out, *writesetp);
/*
* Wait for something to happen. This will suspend the process until
* SSH_MSG_IGNORE packet when the timeout expires.
*/
- if (select(max_fd + 1, readset, writeset, NULL, NULL) < 0) {
+ if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) {
char buf[100];
- /* Some systems fail to clear these automatically. */
- FD_ZERO(readset);
- FD_ZERO(writeset);
+
+ /*
+ * We have to clear the select masks, because we return.
+ * We have to return, because the mainloop checks for the flags
+ * set by the signal handlers.
+ */
+ memset(*readsetp, 0, *maxfdp);
+ memset(*writesetp, 0, *maxfdp);
+
if (errno == EINTR)
return;
/* Note: we might still have data in the buffers. */
snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
- stderr_bytes += strlen(buf);
quit_pending = 1;
}
}
if (FD_ISSET(connection_in, readset)) {
/* Read as much as possible. */
len = read(connection_in, buf, sizeof(buf));
-/*debug("read connection_in len %d", len); XXX */
if (len == 0) {
/* Received EOF. The remote host has closed the connection. */
snprintf(buf, sizeof buf, "Connection to %.300s closed by remote host.\r\n",
host);
buffer_append(&stderr_buffer, buf, strlen(buf));
- stderr_bytes += strlen(buf);
quit_pending = 1;
return;
}
* There is a kernel bug on Solaris that causes select to
* sometimes wake up even though there is no data available.
*/
- if (len < 0 && errno == EAGAIN)
+ if (len < 0 && (errno == EAGAIN || errno == EINTR))
len = 0;
if (len < 0) {
snprintf(buf, sizeof buf, "Read from remote host %.300s: %.100s\r\n",
host, strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
- stderr_bytes += strlen(buf);
quit_pending = 1;
return;
}
char string[1024];
pid_t pid;
int bytes = 0;
- unsigned int i;
- unsigned char ch;
+ u_int i;
+ u_char ch;
char *s;
for (i = 0; i < len; i++) {
/* Terminate the connection. */
snprintf(string, sizeof string, "%c.\r\n", escape_char);
buffer_append(berr, string, strlen(string));
- /*stderr_bytes += strlen(string); XXX*/
quit_pending = 1;
return -1;
/* Print a message to that effect to the user. */
snprintf(string, sizeof string, "%c^Z [suspend ssh]\r\n", escape_char);
buffer_append(berr, string, strlen(string));
- /*stderr_bytes += strlen(string); XXX*/
/* Restore terminal modes and suspend. */
client_suspend_self(bin, bout, berr);
/* We have been continued. */
continue;
+ case 'R':
+ if (compat20) {
+ if (datafellows & SSH_BUG_NOREKEY)
+ log("Server does not support re-keying");
+ else
+ need_rekeying = 1;
+ }
+ continue;
+
case '&':
/* XXX does not work yet with proto 2 */
if (compat20)
"%c?\r\n\
Supported escape sequences:\r\n\
~. - terminate connection\r\n\
+~R - Request rekey (SSH protocol 2 only)\r\n\
~^Z - suspend ssh\r\n\
~# - list forwarded connections\r\n\
~& - background ssh (when waiting for connections to terminate)\r\n\
void
client_process_input(fd_set * readset)
{
- int ret;
int len;
char buf[8192];
if (FD_ISSET(fileno(stdin), readset)) {
/* Read as much as possible. */
len = read(fileno(stdin), buf, sizeof(buf));
+ if (len < 0 && (errno == EAGAIN || errno == EINTR))
+ return; /* we'll try again later */
if (len <= 0) {
/*
* Received EOF or error. They are treated
if (len < 0) {
snprintf(buf, sizeof buf, "read: %.100s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
- stderr_bytes += strlen(buf);
}
/* Mark that we have seen EOF. */
stdin_eof = 1;
packet_start(SSH_CMSG_EOF);
packet_send();
}
- } else if (escape_char == -1) {
+ } else if (escape_char == SSH_ESCAPECHAR_NONE) {
/*
* Normal successful read, and no escape character.
* Just append the data to buffer.
*/
buffer_append(&stdin_buffer, buf, len);
- stdin_bytes += len;
} else {
/*
* Normal, successful read. But we have an escape character
* and have to process the characters one by one.
*/
- ret = process_escapes(&stdin_buffer, &stdout_buffer, &stderr_buffer, buf, len);
- if (ret == -1)
+ if (process_escapes(&stdin_buffer, &stdout_buffer,
+ &stderr_buffer, buf, len) == -1)
return;
- stdout_bytes += ret;
}
}
}
len = write(fileno(stdout), buffer_ptr(&stdout_buffer),
buffer_len(&stdout_buffer));
if (len <= 0) {
- if (errno == EAGAIN)
+ if (errno == EINTR || errno == EAGAIN)
len = 0;
else {
/*
*/
snprintf(buf, sizeof buf, "write stdout: %.50s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
- stderr_bytes += strlen(buf);
quit_pending = 1;
return;
}
}
/* Consume printed data from the buffer. */
buffer_consume(&stdout_buffer, len);
+ stdout_bytes += len;
}
/* Write buffered output to stderr. */
if (FD_ISSET(fileno(stderr), writeset)) {
len = write(fileno(stderr), buffer_ptr(&stderr_buffer),
buffer_len(&stderr_buffer));
if (len <= 0) {
- if (errno == EAGAIN)
+ if (errno == EINTR || errno == EAGAIN)
len = 0;
else {
/* EOF or error, but can't even print error message. */
}
/* Consume printed characters from the buffer. */
buffer_consume(&stderr_buffer, len);
+ stderr_bytes += len;
}
}
*/
void
-client_process_buffered_input_packets()
+client_process_buffered_input_packets(void)
{
- dispatch_run(DISPATCH_NONBLOCK, &quit_pending);
+ dispatch_run(DISPATCH_NONBLOCK, &quit_pending, compat20 ? xxx_kex : NULL);
}
/* scan buf[] for '~' before sending data to the peer */
return process_escapes(&c->input, &c->output, &c->extended, buf, len);
}
+void
+client_channel_closed(int id, void *arg)
+{
+ if (id != session_ident)
+ error("client_channel_closed: id %d != session_ident %d",
+ id, session_ident);
+ session_closed = 1;
+ if (in_raw_mode())
+ leave_raw_mode();
+}
+
/*
* Implements the interactive session with the server. This is called after
* the user has been authenticated, and a command has been started on the
- * remote host. If escape_char != -1, it is the character used as an escape
- * character for terminating or suspending the session.
+ * remote host. If escape_char != SSH_ESCAPECHAR_NONE, it is the character
+ * used as an escape character for terminating or suspending the session.
*/
int
client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
- extern Options options;
+ fd_set *readset = NULL, *writeset = NULL;
double start_time, total_time;
- int len;
+ int max_fd = 0, len, rekeying = 0;
char buf[100];
debug("Entering interactive session.");
buffer_high = 64 * 1024;
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
- max_fd = connection_in;
- if (connection_out > max_fd)
- max_fd = connection_out;
+ max_fd = MAX(connection_in, connection_out);
+
+ if (!compat20) {
+ /* enable nonblocking unless tty */
+ if (!isatty(fileno(stdin)))
+ set_nonblock(fileno(stdin));
+ if (!isatty(fileno(stdout)))
+ set_nonblock(fileno(stdout));
+ if (!isatty(fileno(stderr)))
+ set_nonblock(fileno(stderr));
+ max_fd = MAX(max_fd, fileno(stdin));
+ max_fd = MAX(max_fd, fileno(stdout));
+ max_fd = MAX(max_fd, fileno(stderr));
+ }
stdin_bytes = 0;
stdout_bytes = 0;
stderr_bytes = 0;
if (have_pty)
enter_raw_mode();
- /* Check if we should immediately send eof on stdin. */
- if (!compat20)
+ if (compat20) {
+ session_ident = ssh2_chan_id;
+ if (escape_char != SSH_ESCAPECHAR_NONE)
+ channel_register_filter(session_ident,
+ simple_escape_filter);
+ if (session_ident != -1)
+ channel_register_cleanup(session_ident,
+ client_channel_closed);
+ } else {
+ /* Check if we should immediately send eof on stdin. */
client_check_initial_eof_on_stdin();
-
- if (compat20 && escape_char != -1)
- channel_register_filter(ssh2_chan_id, simple_escape_filter);
+ }
/* Main loop of the client for the interactive session mode. */
while (!quit_pending) {
- fd_set readset, writeset;
/* Process buffered packets sent by the server. */
client_process_buffered_input_packets();
- if (compat20 && !channel_still_open()) {
- debug("!channel_still_open.");
+ if (compat20 && session_closed && !channel_still_open())
break;
- }
- /*
- * Make packets of buffered stdin data, and buffer them for
- * sending to the server.
- */
- if (!compat20)
- client_make_packets_from_stdin_data();
+ rekeying = (xxx_kex != NULL && !xxx_kex->done);
- /*
- * Make packets from buffered channel data, and buffer them
- * for sending to the server.
- */
- if (packet_not_very_much_data_to_write())
- channel_output_poll();
+ if (rekeying) {
+ debug("rekeying in progress");
+ } else {
+ /*
+ * Make packets of buffered stdin data, and buffer
+ * them for sending to the server.
+ */
+ if (!compat20)
+ client_make_packets_from_stdin_data();
- /*
- * Check if the window size has changed, and buffer a message
- * about it to the server if so.
- */
- client_check_window_change();
+ /*
+ * Make packets from buffered channel data, and
+ * enqueue them for sending to the server.
+ */
+ if (packet_not_very_much_data_to_write())
+ channel_output_poll();
- if (quit_pending)
- break;
+ /*
+ * Check if the window size has changed, and buffer a
+ * message about it to the server if so.
+ */
+ client_check_window_change();
+ if (quit_pending)
+ break;
+ }
/*
* Wait until we have something to do (something becomes
* available on one of the descriptors).
*/
- client_wait_until_can_do_something(&readset, &writeset);
+ client_wait_until_can_do_something(&readset, &writeset,
+ &max_fd, rekeying);
if (quit_pending)
break;
- /* Do channel operations. */
- channel_after_select(&readset, &writeset);
+ /* Do channel operations unless rekeying in progress. */
+ if (!rekeying) {
+ channel_after_select(readset, writeset);
+
+ if (need_rekeying) {
+ debug("user requests rekeying");
+ xxx_kex->done = 0;
+ kex_send_kexinit(xxx_kex);
+ need_rekeying = 0;
+ }
+ }
/* Buffer input from the connection. */
- client_process_net_input(&readset);
+ client_process_net_input(readset);
if (quit_pending)
break;
if (!compat20) {
/* Buffer data from stdin */
- client_process_input(&readset);
+ client_process_input(readset);
/*
* Process output to stdout and stderr. Output to
* the connection is processed elsewhere (above).
*/
- client_process_output(&writeset);
+ client_process_output(writeset);
}
/* Send as much buffered packet data as possible to the sender. */
- if (FD_ISSET(connection_out, &writeset))
+ if (FD_ISSET(connection_out, writeset))
packet_write_poll();
}
+ if (readset)
+ xfree(readset);
+ if (writeset)
+ xfree(writeset);
/* Terminate the session. */
if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) {
snprintf(buf, sizeof buf, "Connection to %.64s closed.\r\n", host);
buffer_append(&stderr_buffer, buf, strlen(buf));
- stderr_bytes += strlen(buf);
}
+
+ /* restore blocking io */
+ if (!isatty(fileno(stdin)))
+ unset_nonblock(fileno(stdin));
+ if (!isatty(fileno(stdout)))
+ unset_nonblock(fileno(stdout));
+ if (!isatty(fileno(stderr)))
+ unset_nonblock(fileno(stderr));
+
/* Output any buffered data for stdout. */
while (buffer_len(&stdout_buffer) > 0) {
len = write(fileno(stdout), buffer_ptr(&stdout_buffer),
break;
}
buffer_consume(&stdout_buffer, len);
+ stdout_bytes += len;
}
/* Output any buffered data for stderr. */
break;
}
buffer_consume(&stderr_buffer, len);
+ stderr_bytes += len;
}
if (have_pty)
/*********/
void
-client_input_stdout_data(int type, int plen)
+client_input_stdout_data(int type, int plen, void *ctxt)
{
- unsigned int data_len;
+ u_int data_len;
char *data = packet_get_string(&data_len);
packet_integrity_check(plen, 4 + data_len, type);
buffer_append(&stdout_buffer, data, data_len);
- stdout_bytes += data_len;
memset(data, 0, data_len);
xfree(data);
}
void
-client_input_stderr_data(int type, int plen)
+client_input_stderr_data(int type, int plen, void *ctxt)
{
- unsigned int data_len;
+ u_int data_len;
char *data = packet_get_string(&data_len);
packet_integrity_check(plen, 4 + data_len, type);
buffer_append(&stderr_buffer, data, data_len);
- stdout_bytes += data_len;
memset(data, 0, data_len);
xfree(data);
}
void
-client_input_exit_status(int type, int plen)
+client_input_exit_status(int type, int plen, void *ctxt)
{
packet_integrity_check(plen, 4, type);
exit_status = packet_get_int();
quit_pending = 1;
}
+Channel *
+client_request_forwarded_tcpip(const char *request_type, int rchan)
+{
+ Channel* c = NULL;
+ char *listen_address, *originator_address;
+ int listen_port, originator_port;
+ int sock;
+
+ /* Get rest of the packet */
+ listen_address = packet_get_string(NULL);
+ listen_port = packet_get_int();
+ originator_address = packet_get_string(NULL);
+ originator_port = packet_get_int();
+ packet_done();
+
+ debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
+ listen_address, listen_port, originator_address, originator_port);
+
+ sock = channel_connect_by_listen_adress(listen_port);
+ if (sock < 0) {
+ xfree(originator_address);
+ xfree(listen_address);
+ return NULL;
+ }
+ c = channel_new("forwarded-tcpip",
+ SSH_CHANNEL_CONNECTING, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ xstrdup(originator_address), 1);
+ if (c == NULL) {
+ error("client_request_forwarded_tcpip: channel_new failed");
+ close(sock);
+ }
+ xfree(originator_address);
+ xfree(listen_address);
+ return c;
+}
+
+Channel*
+client_request_x11(const char *request_type, int rchan)
+{
+ Channel *c = NULL;
+ char *originator;
+ int originator_port;
+ int sock;
+
+ if (!options.forward_x11) {
+ error("Warning: ssh server tried X11 forwarding.");
+ error("Warning: this is probably a break in attempt by a malicious server.");
+ return NULL;
+ }
+ originator = packet_get_string(NULL);
+ if (datafellows & SSH_BUG_X11FWD) {
+ debug2("buggy server: x11 request w/o originator_port");
+ originator_port = 0;
+ } else {
+ originator_port = packet_get_int();
+ }
+ packet_done();
+ /* XXX check permission */
+ debug("client_request_x11: request from %s %d", originator,
+ originator_port);
+ xfree(originator);
+ sock = x11_connect_display();
+ if (sock < 0)
+ return NULL;
+ c = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0,
+ xstrdup("x11"), 1);
+ if (c == NULL) {
+ error("client_request_x11: channel_new failed");
+ close(sock);
+ }
+ return c;
+}
+
+Channel*
+client_request_agent(const char *request_type, int rchan)
+{
+ Channel *c = NULL;
+ int sock;
+
+ if (!options.forward_agent) {
+ error("Warning: ssh server tried agent forwarding.");
+ error("Warning: this is probably a break in attempt by a malicious server.");
+ return NULL;
+ }
+ sock = ssh_get_authentication_socket();
+ if (sock < 0)
+ return NULL;
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ xstrdup("authentication agent connection"), 1);
+ if (c == NULL) {
+ error("client_request_agent: channel_new failed");
+ close(sock);
+ }
+ return c;
+}
+
/* XXXX move to generic input handler */
void
-client_input_channel_open(int type, int plen)
+client_input_channel_open(int type, int plen, void *ctxt)
{
Channel *c = NULL;
char *ctype;
- int id;
- unsigned int len;
+ u_int len;
int rchan;
int rmaxpack;
int rwindow;
debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
ctype, rchan, rwindow, rmaxpack);
- if (strcmp(ctype, "x11") == 0) {
- int sock;
- char *originator;
- int originator_port;
- originator = packet_get_string(NULL);
- if (datafellows & SSH_BUG_X11FWD) {
- debug("buggy server: x11 request w/o originator_port");
- originator_port = 0;
- } else {
- originator_port = packet_get_int();
- }
- packet_done();
- /* XXX check permission */
- xfree(originator);
- /* XXX move to channels.c */
- sock = x11_connect_display();
- if (sock >= 0) {
-/*XXX MAXPACK */
- id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
- sock, sock, -1, 4*1024, 32*1024, 0,
- xstrdup("x11"));
- c = channel_lookup(id);
- }
+ if (strcmp(ctype, "forwarded-tcpip") == 0) {
+ c = client_request_forwarded_tcpip(ctype, rchan);
+ } else if (strcmp(ctype, "x11") == 0) {
+ c = client_request_x11(ctype, rchan);
+ } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
+ c = client_request_agent(ctype, rchan);
}
/* XXX duplicate : */
if (c != NULL) {
c->remote_id = rchan;
c->remote_window = rwindow;
c->remote_maxpacket = rmaxpack;
-
- packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
- packet_put_int(c->remote_id);
- packet_put_int(c->self);
- packet_put_int(c->local_window);
- packet_put_int(c->local_maxpacket);
- packet_send();
+ if (c->type != SSH_CHANNEL_CONNECTING) {
+ packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
+ packet_put_int(c->remote_id);
+ packet_put_int(c->self);
+ packet_put_int(c->local_window);
+ packet_put_int(c->local_maxpacket);
+ packet_send();
+ }
} else {
debug("failure %s", ctype);
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(rchan);
packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
- packet_put_cstring("bla bla");
- packet_put_cstring("");
+ if (!(datafellows & SSH_BUG_OPENFAILURE)) {
+ packet_put_cstring("open failed");
+ packet_put_cstring("");
+ }
packet_send();
}
xfree(ctype);
}
+void
+client_input_channel_req(int type, int plen, void *ctxt)
+{
+ Channel *c = NULL;
+ int id, reply, success = 0;
+ char *rtype;
+
+ id = packet_get_int();
+ rtype = packet_get_string(NULL);
+ reply = packet_get_char();
+
+ debug("client_input_channel_req: channel %d rtype %s reply %d",
+ id, rtype, reply);
+
+ if (session_ident == -1) {
+ error("client_input_channel_req: no channel %d", session_ident);
+ } else if (id != session_ident) {
+ error("client_input_channel_req: channel %d: wrong channel: %d",
+ session_ident, id);
+ }
+ c = channel_lookup(id);
+ if (c == NULL) {
+ error("client_input_channel_req: channel %d: unknown channel", id);
+ } else if (strcmp(rtype, "exit-status") == 0) {
+ success = 1;
+ exit_status = packet_get_int();
+ packet_done();
+ }
+ if (reply) {
+ packet_start(success ?
+ SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
+ packet_put_int(c->remote_id);
+ packet_send();
+ }
+ xfree(rtype);
+}
void
-client_init_dispatch_20()
+client_init_dispatch_20(void)
{
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
dispatch_set(SSH2_MSG_CHANNEL_OPEN, &client_input_channel_open);
dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
- dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
+ dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
+
+ /* rekeying */
+ dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
}
void
-client_init_dispatch_13()
+client_init_dispatch_13(void)
{
dispatch_init(NULL);
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
+
+ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
+ &auth_input_open_request : &deny_input_open);
+ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
+ &x11_input_open : &deny_input_open);
}
void
-client_init_dispatch_15()
+client_init_dispatch_15(void)
{
client_init_dispatch_13();
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose);
}
void
-client_init_dispatch()
+client_init_dispatch(void)
{
if (compat20)
client_init_dispatch_20();
else
client_init_dispatch_15();
}
-
-void
-client_input_channel_req(int id, void *arg)
-{
- Channel *c = NULL;
- unsigned int len;
- int success = 0;
- int reply;
- char *rtype;
-
- rtype = packet_get_string(&len);
- reply = packet_get_char();
-
- debug("client_input_channel_req: rtype %s reply %d", rtype, reply);
-
- c = channel_lookup(id);
- if (c == NULL)
- fatal("session_input_channel_req: channel %d: bad channel", id);
-
- if (session_ident == -1) {
- error("client_input_channel_req: no channel %d", id);
- } else if (id != session_ident) {
- error("client_input_channel_req: bad channel %d != %d",
- id, session_ident);
- } else if (strcmp(rtype, "exit-status") == 0) {
- success = 1;
- exit_status = packet_get_int();
- packet_done();
- }
- if (reply) {
- packet_start(success ?
- SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
- packet_put_int(c->remote_id);
- packet_send();
- }
- xfree(rtype);
-}
-
-void
-client_set_session_ident(int id)
-{
- debug("client_set_session_ident: id %d", id);
- session_ident = id;
- channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
- client_input_channel_req, (void *)0);
-}
andersk / openssh.git / blobdiff