+static void
+client_subsystem_reply(int type, u_int32_t seq, void *ctxt)
+{
+ int id;
+ Channel *c;
+
+ id = packet_get_int();
+ packet_check_eom();
+
+ if ((c = channel_lookup(id)) == NULL) {
+ error("%s: no channel for id %d", __func__, id);
+ return;
+ }
+
+ if (type == SSH2_MSG_CHANNEL_SUCCESS)
+ debug2("Request suceeded on channel %d", id);
+ else if (type == SSH2_MSG_CHANNEL_FAILURE) {
+ error("Request failed on channel %d", id);
+ channel_free(c);
+ }
+}
+
+static void
+client_extra_session2_setup(int id, void *arg)
+{
+ struct confirm_ctx *cctx = arg;
+ Channel *c;
+ int i;
+
+ if (cctx == NULL)
+ fatal("%s: cctx == NULL", __func__);
+ if ((c = channel_lookup(id)) == NULL)
+ fatal("%s: no channel for id %d", __func__, id);
+
+ client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
+ cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
+ client_subsystem_reply);
+
+ c->confirm_ctx = NULL;
+ buffer_free(&cctx->cmd);
+ xfree(cctx->term);
+ if (cctx->env != NULL) {
+ for (i = 0; cctx->env[i] != NULL; i++)
+ xfree(cctx->env[i]);
+ xfree(cctx->env);
+ }
+ xfree(cctx);
+}
+
+static void
+client_process_control(fd_set * readset)
+{
+ Buffer m;
+ Channel *c;
+ int client_fd, new_fd[3], ver, i, allowed;
+ socklen_t addrlen;
+ struct sockaddr_storage addr;
+ struct confirm_ctx *cctx;
+ char *cmd;
+ u_int len, env_len;
+ uid_t euid;
+ gid_t egid;
+
+ /*
+ * Accept connection on control socket
+ */
+ if (control_fd == -1 || !FD_ISSET(control_fd, readset))
+ return;
+
+ memset(&addr, 0, sizeof(addr));
+ addrlen = sizeof(addr);
+ if ((client_fd = accept(control_fd,
+ (struct sockaddr*)&addr, &addrlen)) == -1) {
+ error("%s accept: %s", __func__, strerror(errno));
+ return;
+ }
+
+ if (getpeereid(client_fd, &euid, &egid) < 0) {
+ error("%s getpeereid failed: %s", __func__, strerror(errno));
+ close(client_fd);
+ return;
+ }
+ if ((euid != 0) && (getuid() != euid)) {
+ error("control mode uid mismatch: peer euid %u != uid %u",
+ (u_int) euid, (u_int) getuid());
+ close(client_fd);
+ return;
+ }
+
+ allowed = 1;
+ if (options.control_master == 2) {
+ char *p, prompt[1024];
+
+ allowed = 0;
+ snprintf(prompt, sizeof(prompt),
+ "Allow shared connection to %s? ", host);
+ p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+ if (p != NULL) {
+ /*
+ * Accept empty responses and responses consisting
+ * of the word "yes" as affirmative.
+ */
+ if (*p == '\0' || *p == '\n' ||
+ strcasecmp(p, "yes") == 0)
+ allowed = 1;
+ xfree(p);
+ }
+ }
+
+ unset_nonblock(client_fd);
+
+ buffer_init(&m);
+
+ buffer_put_int(&m, allowed);
+ buffer_put_int(&m, getpid());
+ if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
+ error("%s: client msg_send failed", __func__);
+ close(client_fd);
+ buffer_free(&m);
+ return;
+ }
+ buffer_clear(&m);
+
+ if (!allowed) {
+ error("Refused control connection");
+ close(client_fd);
+ buffer_free(&m);
+ return;
+ }
+
+ if (ssh_msg_recv(client_fd, &m) == -1) {
+ error("%s: client msg_recv failed", __func__);
+ close(client_fd);
+ buffer_free(&m);
+ return;
+ }
+
+ if ((ver = buffer_get_char(&m)) != 0) {
+ error("%s: wrong client version %d", __func__, ver);
+ buffer_free(&m);
+ close(client_fd);
+ return;
+ }
+
+ cctx = xmalloc(sizeof(*cctx));
+ memset(cctx, 0, sizeof(*cctx));
+
+ cctx->want_tty = buffer_get_int(&m);
+ cctx->want_subsys = buffer_get_int(&m);
+ cctx->term = buffer_get_string(&m, &len);
+
+ cmd = buffer_get_string(&m, &len);
+ buffer_init(&cctx->cmd);
+ buffer_append(&cctx->cmd, cmd, strlen(cmd));
+
+ env_len = buffer_get_int(&m);
+ env_len = MIN(env_len, 4096);
+ debug3("%s: receiving %d env vars", __func__, env_len);
+ if (env_len != 0) {
+ cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
+ for (i = 0; i < env_len; i++)
+ cctx->env[i] = buffer_get_string(&m, &len);
+ cctx->env[i] = NULL;
+ }
+
+ debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
+ cctx->want_tty, cctx->want_subsys, cmd);
+
+ /* Gather fds from client */
+ new_fd[0] = mm_receive_fd(client_fd);
+ new_fd[1] = mm_receive_fd(client_fd);
+ new_fd[2] = mm_receive_fd(client_fd);
+
+ debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
+ new_fd[0], new_fd[1], new_fd[2]);
+
+ /* Try to pick up ttymodes from client before it goes raw */
+ if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
+ error("%s: tcgetattr: %s", __func__, strerror(errno));
+
+ buffer_clear(&m);
+ if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
+ error("%s: client msg_send failed", __func__);
+ close(client_fd);
+ close(new_fd[0]);
+ close(new_fd[1]);
+ close(new_fd[2]);
+ buffer_free(&m);
+ return;
+ }
+ buffer_free(&m);
+
+ /* enable nonblocking unless tty */
+ if (!isatty(new_fd[0]))
+ set_nonblock(new_fd[0]);
+ if (!isatty(new_fd[1]))
+ set_nonblock(new_fd[1]);
+ if (!isatty(new_fd[2]))
+ set_nonblock(new_fd[2]);
+
+ set_nonblock(client_fd);
+
+ c = channel_new("session", SSH_CHANNEL_OPENING,
+ new_fd[0], new_fd[1], new_fd[2],
+ CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT,
+ CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
+
+ /* XXX */
+ c->ctl_fd = client_fd;
+
+ debug3("%s: channel_new: %d", __func__, c->self);
+
+ channel_send_open(c->self);
+ channel_register_confirm(c->self, client_extra_session2_setup, cctx);
+}
+
+static void
+process_cmdline(void)
+{
+ void (*handler)(int);
+ char *s, *cmd;
+ u_short fwd_port, fwd_host_port;
+ char buf[1024], sfwd_port[6], sfwd_host_port[6];
+ int delete = 0;
+ int local = 0;
+
+ leave_raw_mode();
+ handler = signal(SIGINT, SIG_IGN);
+ cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
+ if (s == NULL)
+ goto out;
+ while (*s && isspace(*s))
+ s++;
+ if (*s == '-')
+ s++; /* Skip cmdline '-', if any */
+ if (*s == '\0')
+ goto out;
+
+ if (*s == 'h' || *s == 'H' || *s == '?') {
+ logit("Commands:");
+ logit(" -Lport:host:hostport Request local forward");
+ logit(" -Rport:host:hostport Request remote forward");
+ logit(" -KRhostport Cancel remote forward");
+ goto out;
+ }
+
+ if (*s == 'K') {
+ delete = 1;
+ s++;
+ }
+ if (*s != 'L' && *s != 'R') {
+ logit("Invalid command.");
+ goto out;
+ }
+ if (*s == 'L')
+ local = 1;
+ if (local && delete) {
+ logit("Not supported.");
+ goto out;
+ }
+ if ((!local || delete) && !compat20) {
+ logit("Not supported for SSH protocol version 1.");
+ goto out;
+ }
+
+ s++;
+ while (*s && isspace(*s))
+ s++;
+
+ if (delete) {
+ if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) {
+ logit("Bad forwarding specification.");
+ goto out;
+ }
+ if ((fwd_host_port = a2port(sfwd_host_port)) == 0) {
+ logit("Bad forwarding port(s).");
+ goto out;
+ }
+ channel_request_rforward_cancel(fwd_host_port);
+ } else {
+ if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",
+ sfwd_port, buf, sfwd_host_port) != 3 &&
+ sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
+ sfwd_port, buf, sfwd_host_port) != 3) {
+ logit("Bad forwarding specification.");
+ goto out;
+ }
+ if ((fwd_port = a2port(sfwd_port)) == 0 ||
+ (fwd_host_port = a2port(sfwd_host_port)) == 0) {
+ logit("Bad forwarding port(s).");
+ goto out;
+ }
+ if (local) {
+ if (channel_setup_local_fwd_listener(fwd_port, buf,
+ fwd_host_port, options.gateway_ports) < 0) {
+ logit("Port forwarding failed.");
+ goto out;
+ }
+ } else
+ channel_request_remote_forwarding(fwd_port, buf,
+ fwd_host_port);
+ logit("Forwarding port.");
+ }
+
+out:
+ signal(SIGINT, handler);
+ enter_raw_mode();
+ if (cmd)
+ xfree(cmd);
+}
+