*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.139 2001/10/09 21:59:41 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.150 2001/12/20 22:50:24 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
#include "canohost.h"
#include "key.h"
#include "authfd.h"
+#include "pathnames.h"
/* -- channel core */
c->cb_arg = NULL;
c->cb_event = 0;
c->force_drain = 0;
+ c->single_connection = 0;
c->detach_user = NULL;
c->input_filter = NULL;
debug("channel %d: new [%s]", found, remote_name);
debug3("channel_free: status: %s", s);
xfree(s);
- if (c->detach_user != NULL) {
- debug("channel_free: channel %d: detaching channel user", c->self);
- c->detach_user(c->self, NULL);
- }
if (c->sock != -1)
shutdown(c->sock, SHUT_RDWR);
channel_close_fds(c);
*/
void
-channel_close_all()
+channel_close_all(void)
{
int i;
*/
int
-channel_not_very_much_buffered_data()
+channel_not_very_much_buffered_data(void)
{
u_int i;
Channel *c;
/* Returns true if any channel is still open. */
int
-channel_still_open()
+channel_still_open(void)
{
int i;
Channel *c;
/* Returns the id of an open channel suitable for keepaliving */
int
-channel_find_open()
+channel_find_open(void)
{
int i;
Channel *c;
*/
char *
-channel_open_message()
+channel_open_message(void)
{
Buffer buffer;
Channel *c;
data_len = ucp[8] + 256 * ucp[9];
} else {
debug("Initial X11 packet contains bad byte order byte: 0x%x",
- ucp[0]);
+ ucp[0]);
return -1;
}
{
u_char *p, *host;
int len, have, i, found;
- char username[256];
+ char username[256];
struct {
u_int8_t version;
u_int8_t command;
host = inet_ntoa(s4_req.dest_addr);
strlcpy(c->path, host, sizeof(c->path));
c->host_port = ntohs(s4_req.dest_port);
-
+
debug("channel %d: dynamic request: socks4 host %s port %u command %u",
c->self, host, c->host_port, s4_req.command);
{
Channel *nc;
struct sockaddr addr;
- int newsock;
+ int newsock, on = 1;
socklen_t addrlen;
char buf[16384], *remote_ipaddr;
int remote_port;
debug("X11 connection requested.");
addrlen = sizeof(addr);
newsock = accept(c->sock, &addr, &addrlen);
+ if (c->single_connection) {
+ debug("single_connection: closing X11 listener.");
+ channel_close_fd(&c->sock);
+ chan_mark_dead(c);
+ }
if (newsock < 0) {
error("accept: %.100s", strerror(errno));
return;
}
+ if (setsockopt(newsock, IPPROTO_TCP, TCP_NODELAY, &on,
+ sizeof on) == -1)
+ error("setsockopt TCP_NODELAY: %.100s",
+ strerror(errno));
remote_ipaddr = get_peer_ipaddr(newsock);
remote_port = get_peer_port(newsock);
snprintf(buf, sizeof buf, "X11 connection from %.200s port %d",
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("x11");
packet_put_int(nc->self);
- packet_put_int(c->local_window_max);
- packet_put_int(c->local_maxpacket);
+ packet_put_int(nc->local_window_max);
+ packet_put_int(nc->local_maxpacket);
/* originator ipaddr and port */
packet_put_cstring(remote_ipaddr);
if (datafellows & SSH_BUG_X11FWD) {
}
return -1;
}
- if(c->input_filter != NULL) {
+ if (c->input_filter != NULL) {
if (c->input_filter(c, buf, len) == -1) {
debug("channel %d: filter stops", c->self);
chan_read_failed(c);
FD_ISSET(c->efd, readset)) {
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
- c->self, len, c->efd);
+ c->self, len, c->efd);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
channel_handler_init(void)
{
int i;
- for(i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
+ for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
channel_pre[i] = NULL;
channel_post[i] = NULL;
}
channel_handler_init_15();
}
+/* gc dead channels */
+static void
+channel_garbage_collect(Channel *c)
+{
+ if (c == NULL)
+ return;
+ if (c->detach_user != NULL) {
+ if (!chan_is_dead(c, 0))
+ return;
+ debug("channel %d: gc: notify user", c->self);
+ c->detach_user(c->self, NULL);
+ /* if we still have a callback */
+ if (c->detach_user != NULL)
+ return;
+ debug("channel %d: gc: user detached", c->self);
+ }
+ if (!chan_is_dead(c, 1))
+ return;
+ debug("channel %d: garbage collecting", c->self);
+ channel_free(c);
+}
+
static void
channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
{
continue;
if (ftab[c->type] != NULL)
(*ftab[c->type])(c, readset, writeset);
- if (chan_is_dead(c)) {
- /*
- * we have to remove the fd's from the select mask
- * before the channels are free'd and the fd's are
- * closed
- */
- if (c->wfd != -1)
- FD_CLR(c->wfd, writeset);
- if (c->rfd != -1)
- FD_CLR(c->rfd, readset);
- if (c->efd != -1) {
- if (c->extended_usage == CHAN_EXTENDED_READ)
- FD_CLR(c->efd, readset);
- if (c->extended_usage == CHAN_EXTENDED_WRITE)
- FD_CLR(c->efd, writeset);
- }
- channel_free(c);
- }
+ channel_garbage_collect(c);
}
}
/* If there is data to send to the connection, enqueue some of it now. */
void
-channel_output_poll()
+channel_output_poll(void)
{
int len, i;
Channel *c;
if (compat20 &&
(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD))) {
/* XXX is this true? */
- debug2("channel %d: no data after CLOSE", c->self);
+ debug3("channel %d: will not send data after close", c->self);
continue;
}
/* -- protocol input */
void
-channel_input_data(int type, int plen, void *ctxt)
+channel_input_data(int type, int plen, u_int32_t seq, void *ctxt)
{
int id;
char *data;
data = packet_get_string(&data_len);
packet_done();
- if (compat20){
+ if (compat20) {
if (data_len > c->local_maxpacket) {
log("channel %d: rcvd big packet %d, maxpack %d",
c->self, data_len, c->local_maxpacket);
}
void
-channel_input_extended_data(int type, int plen, void *ctxt)
+channel_input_extended_data(int type, int plen, u_int32_t seq, void *ctxt)
{
int id;
int tcode;
}
void
-channel_input_ieof(int type, int plen, void *ctxt)
+channel_input_ieof(int type, int plen, u_int32_t seq, void *ctxt)
{
int id;
Channel *c;
}
void
-channel_input_close(int type, int plen, void *ctxt)
+channel_input_close(int type, int plen, u_int32_t seq, void *ctxt)
{
int id;
Channel *c;
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */
void
-channel_input_oclose(int type, int plen, void *ctxt)
+channel_input_oclose(int type, int plen, u_int32_t seq, void *ctxt)
{
int id = packet_get_int();
Channel *c = channel_lookup(id);
}
void
-channel_input_close_confirmation(int type, int plen, void *ctxt)
+channel_input_close_confirmation(int type, int plen, u_int32_t seq, void *ctxt)
{
int id = packet_get_int();
Channel *c = channel_lookup(id);
}
void
-channel_input_open_confirmation(int type, int plen, void *ctxt)
+channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt)
{
int id, remote_id;
Channel *c;
static char *
reason2txt(int reason)
{
- switch(reason) {
+ switch (reason) {
case SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED:
return "administratively prohibited";
case SSH2_OPEN_CONNECT_FAILED:
}
void
-channel_input_open_failure(int type, int plen, void *ctxt)
+channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt)
{
int id, reason;
char *msg = NULL, *lang = NULL;
}
void
-channel_input_channel_request(int type, int plen, void *ctxt)
+channel_input_channel_request(int type, int plen, u_int32_t seq, void *ctxt)
{
int id;
Channel *c;
}
void
-channel_input_window_adjust(int type, int plen, void *ctxt)
+channel_input_window_adjust(int type, int plen, u_int32_t seq, void *ctxt)
{
Channel *c;
int id, adjust;
}
void
-channel_input_port_open(int type, int plen, void *ctxt)
+channel_input_port_open(int type, int plen, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
u_short host_port;
* anyway, and the server has no way to know but to trust the client anyway.
*/
void
-channel_permit_all_opens()
+channel_permit_all_opens(void)
{
if (num_permitted_opens == 0)
all_opens_permitted = 1;
/*
* Creates an internet domain socket for listening for X11 connections.
- * Returns a suitable value for the DISPLAY variable, or NULL if an error
- * occurs.
+ * Returns a suitable display number for the DISPLAY variable, or -1 if
+ * an error occurs.
*/
-char *
-x11_create_display_inet(int screen_number, int x11_display_offset)
+int
+x11_create_display_inet(int x11_display_offset, int gateway_ports,
+ int single_connection)
{
+ Channel *nc = NULL;
int display_number, sock;
u_short port;
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
- char display[512];
- char hostname[MAXHOSTNAMELEN];
for (display_number = x11_display_offset;
- display_number < MAX_DISPLAYS;
- display_number++) {
+ display_number < MAX_DISPLAYS;
+ display_number++) {
port = 6000 + display_number;
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
- hints.ai_flags = AI_PASSIVE; /* XXX loopback only ? */
+ hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
error("getaddrinfo: %.100s", gai_strerror(gaierr));
- return NULL;
+ return -1;
}
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
if (sock < 0) {
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
error("socket: %.100s", strerror(errno));
- return NULL;
+ return -1;
} else {
debug("x11_create_display_inet: Socket family %d not supported",
ai->ai_family);
}
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
debug("bind port %d: %.100s", port, strerror(errno));
- shutdown(sock, SHUT_RDWR);
close(sock);
if (ai->ai_next)
continue;
for (n = 0; n < num_socks; n++) {
- shutdown(socks[n], SHUT_RDWR);
close(socks[n]);
}
num_socks = 0;
}
if (display_number >= MAX_DISPLAYS) {
error("Failed to allocate internet-domain X11 display socket.");
- return NULL;
+ return -1;
}
/* Start listening for connections on the socket. */
for (n = 0; n < num_socks; n++) {
sock = socks[n];
if (listen(sock, 5) < 0) {
error("listen: %.100s", strerror(errno));
- shutdown(sock, SHUT_RDWR);
- close(sock);
- return NULL;
- }
- }
-
- /* Set up a suitable value for the DISPLAY variable. */
- if (gethostname(hostname, sizeof(hostname)) < 0)
- fatal("gethostname: %.100s", strerror(errno));
-
-#ifdef IPADDR_IN_DISPLAY
- /*
- * HPUX detects the local hostname in the DISPLAY variable and tries
- * to set up a shared memory connection to the server, which it
- * incorrectly supposes to be local.
- *
- * The workaround - as used in later $$H and other programs - is
- * is to set display to the host's IP address.
- */
- {
- struct hostent *he;
- struct in_addr my_addr;
-
- he = gethostbyname(hostname);
- if (he == NULL) {
- error("[X11-broken-fwd-hostname-workaround] Could not get "
- "IP address for hostname %s.", hostname);
-
- packet_send_debug("[X11-broken-fwd-hostname-workaround]"
- "Could not get IP address for hostname %s.", hostname);
-
- shutdown(sock, SHUT_RDWR);
close(sock);
-
- return NULL;
+ return -1;
}
-
- memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
-
- /* Set DISPLAY to <ip address>:screen.display */
- snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
- display_number, screen_number);
}
-#else /* IPADDR_IN_DISPLAY */
- /* Just set DISPLAY to hostname:screen.display */
- snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
- display_number, screen_number);
-#endif /* IPADDR_IN_DISPLAY */
/* Allocate a channel for each socket. */
for (n = 0; n < num_socks; n++) {
sock = socks[n];
- (void) channel_new("x11 listener",
+ nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, xstrdup("X11 inet listener"), 1);
+ if (nc != NULL)
+ nc->single_connection = single_connection;
}
- /* Return a suitable value for the DISPLAY environment variable. */
- return xstrdup(display);
+ /* Return the display number for the DISPLAY environment variable. */
+ return display_number;
}
-#ifndef X_UNIX_PATH
-#define X_UNIX_PATH "/tmp/.X11-unix/X"
-#endif
-
static int
connect_local_xsocket(u_int dnr)
{
- static const char *const x_sockets[] = {
- X_UNIX_PATH "%u",
- "/var/X/.X11-unix/X" "%u",
- "/usr/spool/sockets/X11/" "%u",
- NULL
- };
int sock;
struct sockaddr_un addr;
- const char *const * path;
- for (path = x_sockets; *path; ++path) {
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0)
- error("socket: %.100s", strerror(errno));
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- snprintf(addr.sun_path, sizeof addr.sun_path, *path, dnr);
- if (connect(sock, (struct sockaddr *) & addr, sizeof(addr)) == 0)
- return sock;
- close(sock);
- }
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0)
+ error("socket: %.100s", strerror(errno));
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ snprintf(addr.sun_path, sizeof addr.sun_path, _PATH_UNIX_X, dnr);
+ if (connect(sock, (struct sockaddr *) & addr, sizeof(addr)) == 0)
+ return sock;
+ close(sock);
error("connect %.100s: %.100s", addr.sun_path, strerror(errno));
return -1;
}
int
x11_connect_display(void)
{
- int display_number, sock = 0;
+ int display_number, sock = 0, on = 1;
const char *display;
char buf[1024], *cp;
struct addrinfo hints, *ai, *aitop;
/* Connect to the unix domain socket. */
if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
error("Could not parse display number from DISPLAY: %.100s",
- display);
+ display);
return -1;
}
/* Create a socket. */
* Connect to an inet socket. The DISPLAY value is supposedly
* hostname:d[.s], where hostname may also be numeric IP address.
*/
- strncpy(buf, display, sizeof(buf));
- buf[sizeof(buf) - 1] = 0;
+ strlcpy(buf, display, sizeof(buf));
cp = strchr(buf, ':');
if (!cp) {
error("Could not find ':' in DISPLAY: %.100s", display);
/* buf now contains the host name. But first we parse the display number. */
if (sscanf(cp + 1, "%d", &display_number) != 1) {
error("Could not parse display number from DISPLAY: %.100s",
- display);
+ display);
return -1;
}
strerror(errno));
return -1;
}
+ if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof on) == -1)
+ error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
return sock;
}
*/
void
-x11_input_open(int type, int plen, void *ctxt)
+x11_input_open(int type, int plen, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
int remote_id, sock = 0;
/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
void
-deny_input_open(int type, int plen, void *ctxt)
+deny_input_open(int type, int plen, u_int32_t seq, void *ctxt)
{
int rchan = packet_get_int();
- switch(type){
+ switch (type) {
case SSH_SMSG_AGENT_OPEN:
error("Warning: ssh server tried agent forwarding.");
break;
/* Sends a message to the server to request authentication fd forwarding. */
void
-auth_request_forwarding()
+auth_request_forwarding(void)
{
packet_start(SSH_CMSG_AGENT_REQUEST_FORWARDING);
packet_send();
*/
char *
-auth_get_socket_name()
+auth_get_socket_name(void)
{
return auth_sock_name;
}
/* Bind it to the name. */
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
- strncpy(sunaddr.sun_path, auth_sock_name,
- sizeof(sunaddr.sun_path));
+ strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0)
packet_disconnect("bind: %.100s", strerror(errno));
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
void
-auth_input_open_request(int type, int plen, void *ctxt)
+auth_input_open_request(int type, int plen, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
int remote_id, sock;