*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.180 2002/07/04 08:12:15 deraadt Exp $");
+RCSID("$OpenBSD: channels.c,v 1.206 2004/06/18 11:11:54 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
#include "key.h"
#include "authfd.h"
#include "pathnames.h"
-
+#include "bufaux.h"
/* -- channel core */
Channel *c;
if (id < 0 || id >= channels_alloc) {
- log("channel_lookup: %d: bad id", id);
+ logit("channel_lookup: %d: bad id", id);
return NULL;
}
c = channels[id];
if (c == NULL) {
- log("channel_lookup: %d: bad id: channel free", id);
+ logit("channel_lookup: %d: bad id: channel free", id);
return NULL;
}
return c;
c->rfd = rfd;
c->wfd = wfd;
c->sock = (rfd == wfd) ? rfd : -1;
+ c->ctl_fd = -1; /* XXX: set elsewhere */
c->efd = efd;
c->extended_usage = extusage;
/* XXX ugly hack: nonblock is only set by the server */
if (nonblock && isatty(c->rfd)) {
- debug("channel %d: rfd %d isatty", c->self, c->rfd);
+ debug2("channel %d: rfd %d isatty", c->self, c->rfd);
c->isatty = 1;
if (!isatty(c->wfd)) {
error("channel %d: wfd %d is not a tty?",
} else {
c->isatty = 0;
}
+ c->wfd_isatty = isatty(c->wfd);
/* enable nonblocking mode */
if (nonblock) {
channels = xmalloc(channels_alloc * sizeof(Channel *));
for (i = 0; i < channels_alloc; i++)
channels[i] = NULL;
- fatal_add_cleanup((void (*) (void *)) channel_free_all, NULL);
}
/* Try to find a free slot where to put the new channel. */
for (found = -1, i = 0; i < channels_alloc; i++)
if (found == -1) {
/* There are no free slots. Take last+1 slot and expand the array. */
found = channels_alloc;
- channels_alloc += 10;
if (channels_alloc > 10000)
fatal("channel_new: internal error: channels_alloc %d "
"too big.", channels_alloc);
+ channels = xrealloc(channels,
+ (channels_alloc + 10) * sizeof(Channel *));
+ channels_alloc += 10;
debug2("channel: expanding %d", channels_alloc);
- channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
for (i = found; i < channels_alloc; i++)
channels[i] = NULL;
}
c->local_consumed = 0;
c->local_maxpacket = maxpack;
c->remote_id = -1;
- c->remote_name = remote_name;
+ c->remote_name = xstrdup(remote_name);
c->remote_window = 0;
c->remote_maxpacket = 0;
c->force_drain = 0;
c->single_connection = 0;
c->detach_user = NULL;
c->confirm = NULL;
+ c->confirm_ctx = NULL;
c->input_filter = NULL;
debug("channel %d: new [%s]", found, remote_name);
return c;
static void
channel_close_fds(Channel *c)
{
- debug3("channel_close_fds: channel %d: r %d w %d e %d",
- c->self, c->rfd, c->wfd, c->efd);
+ debug3("channel %d: close_fds r %d w %d e %d c %d",
+ c->self, c->rfd, c->wfd, c->efd, c->ctl_fd);
channel_close_fd(&c->sock);
+ channel_close_fd(&c->ctl_fd);
channel_close_fd(&c->rfd);
channel_close_fd(&c->wfd);
channel_close_fd(&c->efd);
for (n = 0, i = 0; i < channels_alloc; i++)
if (channels[i])
n++;
- debug("channel_free: channel %d: %s, nchannels %d", c->self,
+ debug("channel %d: free: %s, nchannels %d", c->self,
c->remote_name ? c->remote_name : "???", n);
s = channel_open_message();
- debug3("channel_free: status: %s", s);
+ debug3("channel %d: status: %s", c->self, s);
xfree(s);
if (c->sock != -1)
shutdown(c->sock, SHUT_RDWR);
+ if (c->ctl_fd != -1)
+ shutdown(c->ctl_fd, SHUT_RDWR);
channel_close_fds(c);
buffer_free(&c->input);
buffer_free(&c->output);
#if 0
if (!compat20 &&
buffer_len(&c->input) > packet_get_maxsize()) {
- debug("channel %d: big input buffer %d",
+ debug2("channel %d: big input buffer %d",
c->self, buffer_len(&c->input));
return 0;
}
#endif
if (buffer_len(&c->output) > packet_get_maxsize()) {
- debug("channel %d: big output buffer %d > %d",
+ debug2("channel %d: big output buffer %u > %u",
c->self, buffer_len(&c->output),
packet_get_maxsize());
return 0;
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
- if (c == NULL)
+ if (c == NULL || c->remote_id < 0)
continue;
switch (c->type) {
case SSH_CHANNEL_CLOSED:
case SSH_CHANNEL_X11_OPEN:
case SSH_CHANNEL_INPUT_DRAINING:
case SSH_CHANNEL_OUTPUT_DRAINING:
- snprintf(buf, sizeof buf, " #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d)\r\n",
+ snprintf(buf, sizeof buf,
+ " #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d cfd %d)\r\n",
c->self, c->remote_name,
c->type, c->remote_id,
c->istate, buffer_len(&c->input),
c->ostate, buffer_len(&c->output),
- c->rfd, c->wfd);
+ c->rfd, c->wfd, c->ctl_fd);
buffer_append(&buffer, buf, strlen(buf));
continue;
default:
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_send_open: %d: bad id", id);
+ logit("channel_send_open: %d: bad id", id);
return;
}
- debug("send channel open %d", id);
+ debug2("channel %d: send open", id);
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring(c->ctype);
packet_put_int(c->self);
}
void
-channel_request_start(int local_id, char *service, int wantconfirm)
+channel_request_start(int id, char *service, int wantconfirm)
{
- Channel *c = channel_lookup(local_id);
+ Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_request_start: %d: unknown channel id", local_id);
+ logit("channel_request_start: %d: unknown channel id", id);
return;
}
- debug("channel request %d: %s", local_id, service) ;
+ debug2("channel %d: request %s confirm %d", id, service, wantconfirm);
packet_start(SSH2_MSG_CHANNEL_REQUEST);
packet_put_int(c->remote_id);
packet_put_cstring(service);
packet_put_char(wantconfirm);
}
void
-channel_register_confirm(int id, channel_callback_fn *fn)
+channel_register_confirm(int id, channel_callback_fn *fn, void *ctx)
{
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_register_comfirm: %d: bad id", id);
+ logit("channel_register_comfirm: %d: bad id", id);
return;
}
c->confirm = fn;
+ c->confirm_ctx = ctx;
}
void
channel_register_cleanup(int id, channel_callback_fn *fn)
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_register_cleanup: %d: bad id", id);
+ logit("channel_register_cleanup: %d: bad id", id);
return;
}
c->detach_user = fn;
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_cancel_cleanup: %d: bad id", id);
+ logit("channel_cancel_cleanup: %d: bad id", id);
return;
}
c->detach_user = NULL;
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_register_filter: %d: bad id", id);
+ logit("channel_register_filter: %d: bad id", id);
return;
}
c->input_filter = fn;
buffer_len(&c->extended) < c->remote_window)
FD_SET(c->efd, readset);
}
+ /* XXX: What about efd? races? */
+ if (compat20 && c->ctl_fd != -1 &&
+ c->istate == CHAN_INPUT_OPEN && c->ostate == CHAN_OUTPUT_OPEN)
+ FD_SET(c->ctl_fd, readset);
}
static void
packet_put_int(c->remote_id);
packet_send();
c->type = SSH_CHANNEL_CLOSED;
- debug("channel %d: closing after input drain.", c->self);
+ debug2("channel %d: closing after input drain.", c->self);
}
}
proto_len = ucp[6] + 256 * ucp[7];
data_len = ucp[8] + 256 * ucp[9];
} else {
- debug("Initial X11 packet contains bad byte order byte: 0x%x",
+ debug2("Initial X11 packet contains bad byte order byte: 0x%x",
ucp[0]);
return -1;
}
/* Check if authentication protocol matches. */
if (proto_len != strlen(x11_saved_proto) ||
memcmp(ucp + 12, x11_saved_proto, proto_len) != 0) {
- debug("X11 connection uses different authentication protocol.");
+ debug2("X11 connection uses different authentication protocol.");
return -1;
}
/* Check if authentication data matches our fake data. */
if (data_len != x11_fake_data_len ||
memcmp(ucp + 12 + ((proto_len + 3) & ~3),
x11_fake_data, x11_fake_data_len) != 0) {
- debug("X11 auth data does not match fake data.");
+ debug2("X11 auth data does not match fake data.");
return -1;
}
/* Check fake data length */
* We have received an X11 connection that has bad
* authentication information.
*/
- log("X11 connection rejected because of wrong authentication.");
+ logit("X11 connection rejected because of wrong authentication.");
buffer_clear(&c->input);
buffer_clear(&c->output);
channel_close_fd(&c->sock);
c->type = SSH_CHANNEL_OPEN;
channel_pre_open(c, readset, writeset);
} else if (ret == -1) {
- log("X11 connection rejected because of wrong authentication.");
- debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
+ logit("X11 connection rejected because of wrong authentication.");
+ debug2("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
chan_read_failed(c);
buffer_clear(&c->input);
chan_ibuf_empty(c);
chan_write_failed(c);
else
c->type = SSH_CHANNEL_OPEN;
- debug("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate);
+ debug2("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate);
}
}
static int
channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
{
- u_char *p, *host;
+ char *p, *host;
int len, have, i, found;
char username[256];
struct {
strlcpy(c->path, host, sizeof(c->path));
c->host_port = ntohs(s4_req.dest_port);
- debug("channel %d: dynamic request: socks4 host %s port %u command %u",
+ debug2("channel %d: dynamic request: socks4 host %s port %u command %u",
c->self, host, c->host_port, s4_req.command);
if (s4_req.command != 1) {
return 1;
}
+/* try to decode a socks5 header */
+#define SSH_SOCKS5_AUTHDONE 0x1000
+#define SSH_SOCKS5_NOAUTH 0x00
+#define SSH_SOCKS5_IPV4 0x01
+#define SSH_SOCKS5_DOMAIN 0x03
+#define SSH_SOCKS5_IPV6 0x04
+#define SSH_SOCKS5_CONNECT 0x01
+#define SSH_SOCKS5_SUCCESS 0x00
+
+static int
+channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
+{
+ struct {
+ u_int8_t version;
+ u_int8_t command;
+ u_int8_t reserved;
+ u_int8_t atyp;
+ } s5_req, s5_rsp;
+ u_int16_t dest_port;
+ u_char *p, dest_addr[255+1];
+ int i, have, found, nmethods, addrlen, af;
+
+ debug2("channel %d: decode socks5", c->self);
+ p = buffer_ptr(&c->input);
+ if (p[0] != 0x05)
+ return -1;
+ have = buffer_len(&c->input);
+ if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {
+ /* format: ver | nmethods | methods */
+ if (have < 2)
+ return 0;
+ nmethods = p[1];
+ if (have < nmethods + 2)
+ return 0;
+ /* look for method: "NO AUTHENTICATION REQUIRED" */
+ for (found = 0, i = 2 ; i < nmethods + 2; i++) {
+ if (p[i] == SSH_SOCKS5_NOAUTH ) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ debug("channel %d: method SSH_SOCKS5_NOAUTH not found",
+ c->self);
+ return -1;
+ }
+ buffer_consume(&c->input, nmethods + 2);
+ buffer_put_char(&c->output, 0x05); /* version */
+ buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */
+ FD_SET(c->sock, writeset);
+ c->flags |= SSH_SOCKS5_AUTHDONE;
+ debug2("channel %d: socks5 auth done", c->self);
+ return 0; /* need more */
+ }
+ debug2("channel %d: socks5 post auth", c->self);
+ if (have < sizeof(s5_req)+1)
+ return 0; /* need more */
+ memcpy((char *)&s5_req, p, sizeof(s5_req));
+ if (s5_req.version != 0x05 ||
+ s5_req.command != SSH_SOCKS5_CONNECT ||
+ s5_req.reserved != 0x00) {
+ debug2("channel %d: only socks5 connect supported", c->self);
+ return -1;
+ }
+ switch(s5_req.atyp){
+ case SSH_SOCKS5_IPV4:
+ addrlen = 4;
+ af = AF_INET;
+ break;
+ case SSH_SOCKS5_DOMAIN:
+ addrlen = p[sizeof(s5_req)];
+ af = -1;
+ break;
+ case SSH_SOCKS5_IPV6:
+ addrlen = 16;
+ af = AF_INET6;
+ break;
+ default:
+ debug2("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);
+ return -1;
+ }
+ if (have < 4 + addrlen + 2)
+ return 0;
+ buffer_consume(&c->input, sizeof(s5_req));
+ if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
+ buffer_consume(&c->input, 1); /* host string length */
+ buffer_get(&c->input, (char *)&dest_addr, addrlen);
+ buffer_get(&c->input, (char *)&dest_port, 2);
+ dest_addr[addrlen] = '\0';
+ if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
+ strlcpy(c->path, (char *)dest_addr, sizeof(c->path));
+ else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)
+ return -1;
+ c->host_port = ntohs(dest_port);
+
+ debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
+ c->self, c->path, c->host_port, s5_req.command);
+
+ s5_rsp.version = 0x05;
+ s5_rsp.command = SSH_SOCKS5_SUCCESS;
+ s5_rsp.reserved = 0; /* ignored */
+ s5_rsp.atyp = SSH_SOCKS5_IPV4;
+ ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;
+ dest_port = 0; /* ignored */
+
+ buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp));
+ buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr));
+ buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port));
+ return 1;
+}
+
/* dynamic port forwarding */
static void
channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
debug2("channel %d: pre_dynamic: have %d", c->self, have);
/* buffer_dump(&c->input); */
/* check if the fixed size part of the packet is in buffer. */
- if (have < 4) {
+ if (have < 3) {
/* need more */
FD_SET(c->sock, readset);
return;
case 0x04:
ret = channel_decode_socks4(c, readset, writeset);
break;
+ case 0x05:
+ ret = channel_decode_socks5(c, readset, writeset);
+ break;
default:
ret = -1;
break;
addrlen = sizeof(addr);
newsock = accept(c->sock, &addr, &addrlen);
if (c->single_connection) {
- debug("single_connection: closing X11 listener.");
+ debug2("single_connection: closing X11 listener.");
channel_close_fd(&c->sock);
chan_mark_dead(c);
}
nc = channel_new("accepted x11 socket",
SSH_CHANNEL_OPENING, newsock, newsock, -1,
- c->local_window_max, c->local_maxpacket,
- 0, xstrdup(buf), 1);
+ c->local_window_max, c->local_maxpacket, 0, buf, 1);
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("x11");
/* originator ipaddr and port */
packet_put_cstring(remote_ipaddr);
if (datafellows & SSH_BUG_X11FWD) {
- debug("ssh2 x11 bug compat mode");
+ debug2("ssh2 x11 bug compat mode");
} else {
packet_put_int(remote_port);
}
return;
}
set_nodelay(newsock);
- nc = channel_new(rtype,
- nextstate, newsock, newsock, -1,
- c->local_window_max, c->local_maxpacket,
- 0, xstrdup(rtype), 1);
+ nc = channel_new(rtype, nextstate, newsock, newsock, -1,
+ c->local_window_max, c->local_maxpacket, 0, rtype, 1);
nc->listening_port = c->listening_port;
nc->host_port = c->host_port;
strlcpy(nc->path, c->path, sizeof(nc->path));
channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
{
Channel *nc;
- char *name;
int newsock;
struct sockaddr addr;
socklen_t addrlen;
error("accept from auth socket: %.100s", strerror(errno));
return;
}
- name = xstrdup("accepted auth socket");
nc = channel_new("accepted auth socket",
SSH_CHANNEL_OPENING, newsock, newsock, -1,
c->local_window_max, c->local_maxpacket,
- 0, name, 1);
+ 0, "accepted auth socket", 1);
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("auth-agent@openssh.com");
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
- debug("channel %d: read<=0 rfd %d len %d",
+ debug2("channel %d: read<=0 rfd %d len %d",
c->self, c->rfd, len);
if (c->type != SSH_CHANNEL_OPEN) {
- debug("channel %d: not open", c->self);
+ debug2("channel %d: not open", c->self);
chan_mark_dead(c);
return -1;
} else if (compat13) {
buffer_clear(&c->output);
c->type = SSH_CHANNEL_INPUT_DRAINING;
- debug("channel %d: input draining.", c->self);
+ debug2("channel %d: input draining.", c->self);
} else {
chan_read_failed(c);
}
}
if (c->input_filter != NULL) {
if (c->input_filter(c, buf, len) == -1) {
- debug("channel %d: filter stops", c->self);
+ debug2("channel %d: filter stops", c->self);
chan_read_failed(c);
}
} else {
buffer_len(&c->output) > 0) {
data = buffer_ptr(&c->output);
dlen = buffer_len(&c->output);
- len = write(c->wfd, data, dlen);
#ifdef _AIX
- /* XXX: Later AIX versions can't push as much data to tty */
- if (compat20 && c->isatty && dlen >= 8*1024)
- dlen = 8*1024;
+ /* XXX: Later AIX versions can't push as much data to tty */
+ if (compat20 && c->wfd_isatty)
+ dlen = MIN(dlen, 8*1024);
#endif
+ len = write(c->wfd, data, dlen);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN) {
- debug("channel %d: not open", c->self);
+ debug2("channel %d: not open", c->self);
chan_mark_dead(c);
return -1;
} else if (compat13) {
buffer_clear(&c->output);
- debug("channel %d: input draining.", c->self);
+ debug2("channel %d: input draining.", c->self);
c->type = SSH_CHANNEL_INPUT_DRAINING;
} else {
chan_write_failed(c);
return 1;
}
static int
+channel_handle_ctl(Channel *c, fd_set * readset, fd_set * writeset)
+{
+ char buf[16];
+ int len;
+
+ /* Monitor control fd to detect if the slave client exits */
+ if (c->ctl_fd != -1 && FD_ISSET(c->ctl_fd, readset)) {
+ len = read(c->ctl_fd, buf, sizeof(buf));
+ if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ return 1;
+ if (len <= 0) {
+ debug2("channel %d: ctl read<=0", c->self);
+ if (c->type != SSH_CHANNEL_OPEN) {
+ debug2("channel %d: not open", c->self);
+ chan_mark_dead(c);
+ return -1;
+ } else {
+ chan_read_failed(c);
+ chan_write_failed(c);
+ }
+ return -1;
+ } else
+ fatal("%s: unexpected data on ctl fd", __func__);
+ }
+ return 1;
+}
+static int
channel_check_window(Channel *c)
{
if (c->type == SSH_CHANNEL_OPEN &&
if (!compat20)
return;
channel_handle_efd(c, readset, writeset);
+ channel_handle_ctl(c, readset, writeset);
channel_check_window(c);
}
if (c->detach_user != NULL) {
if (!chan_is_dead(c, 0))
return;
- debug("channel %d: gc: notify user", c->self);
+ debug2("channel %d: gc: notify user", c->self);
c->detach_user(c->self, NULL);
/* if we still have a callback */
if (c->detach_user != NULL)
return;
- debug("channel %d: gc: user detached", c->self);
+ debug2("channel %d: gc: user detached", c->self);
}
if (!chan_is_dead(c, 1))
return;
- debug("channel %d: garbage collecting", c->self);
+ debug2("channel %d: garbage collecting", c->self);
channel_free(c);
}
c->type != SSH_CHANNEL_X11_OPEN)
return;
- /* same for protocol 1.5 if output end is no longer open */
- if (!compat13 && c->ostate != CHAN_OUTPUT_OPEN)
- return;
-
/* Get the data. */
data = packet_get_string(&data_len);
+ /*
+ * Ignore data for protocol > 1.3 if output end is no longer open.
+ * For protocol 2 the sending side is reducing its window as it sends
+ * data, so we must 'fake' consumption of the data in order to ensure
+ * that window updates are sent back. Otherwise the connection might
+ * deadlock.
+ */
+ if (!compat13 && c->ostate != CHAN_OUTPUT_OPEN) {
+ if (compat20) {
+ c->local_window -= data_len;
+ c->local_consumed += data_len;
+ }
+ xfree(data);
+ return;
+ }
+
if (compat20) {
if (data_len > c->local_maxpacket) {
- log("channel %d: rcvd big packet %d, maxpack %d",
+ logit("channel %d: rcvd big packet %d, maxpack %d",
c->self, data_len, c->local_maxpacket);
}
if (data_len > c->local_window) {
- log("channel %d: rcvd too much data %d, win %d",
+ logit("channel %d: rcvd too much data %d, win %d",
c->self, data_len, c->local_window);
xfree(data);
return;
if (c == NULL)
packet_disconnect("Received extended_data for bad channel %d.", id);
if (c->type != SSH_CHANNEL_OPEN) {
- log("channel %d: ext data for non open", id);
+ logit("channel %d: ext data for non open", id);
return;
}
if (c->flags & CHAN_EOF_RCVD) {
if (c->efd == -1 ||
c->extended_usage != CHAN_EXTENDED_WRITE ||
tcode != SSH2_EXTENDED_DATA_STDERR) {
- log("channel %d: bad ext data", c->self);
+ logit("channel %d: bad ext data", c->self);
return;
}
data = packet_get_string(&data_len);
packet_check_eom();
if (data_len > c->local_window) {
- log("channel %d: rcvd too much extended_data %d, win %d",
+ logit("channel %d: rcvd too much extended_data %d, win %d",
c->self, data_len, c->local_window);
xfree(data);
return;
c->remote_maxpacket = packet_get_int();
if (c->confirm) {
debug2("callback start");
- c->confirm(c->self, NULL);
+ c->confirm(c->self, c->confirm_ctx);
debug2("callback done");
}
- debug("channel %d: open confirm rwindow %u rmax %u", c->self,
+ debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
c->remote_window, c->remote_maxpacket);
}
packet_check_eom();
msg = packet_get_string(NULL);
lang = packet_get_string(NULL);
}
- log("channel %d: open failed: %s%s%s", id,
+ logit("channel %d: open failed: %s%s%s", id,
reason2txt(reason), msg ? ": ": "", msg ? msg : "");
if (msg != NULL)
xfree(msg);
c = channel_lookup(id);
if (c == NULL || c->type != SSH_CHANNEL_OPEN) {
- log("Received window adjust for "
+ logit("Received window adjust for "
"non-open channel %d.", id);
return;
}
originator_string, 1);
c->remote_id = remote_id;
}
+ xfree(originator_string);
if (c == NULL) {
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
struct addrinfo hints, *ai, *aitop;
const char *host;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
- struct linger linger;
success = 0;
host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
continue;
}
/* Create a port to listen for the host. */
- sock = socket(ai->ai_family, SOCK_STREAM, 0);
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
/* this is no error since kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
continue;
}
/*
- * Set socket options. We would like the socket to disappear
- * as soon as it has been closed for whatever reason.
+ * Set socket options.
+ * Allow local port reuse in TIME_WAIT.
*/
- setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
- linger.l_onoff = 1;
- linger.l_linger = 5;
- setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on,
+ sizeof(on)) == -1)
+ error("setsockopt SO_REUSEADDR: %s", strerror(errno));
+
debug("Local forwarding listening on %s port %s.", ntop, strport);
/* Bind the socket to the address. */
continue;
}
/* Start listening for connections on the socket. */
- if (listen(sock, 5) < 0) {
+ if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
error("listen: %.100s", strerror(errno));
close(sock);
continue;
/* Allocate a channel number for the socket. */
c = channel_new("port listener", type, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
- 0, xstrdup("port listener"), 1);
+ 0, "port listener", 1);
strlcpy(c->path, host, sizeof(c->path));
c->host_port = port_to_connect;
c->listening_port = listen_port;
return success;
}
+int
+channel_cancel_rport_listener(const char *host, u_short port)
+{
+ int i, found = 0;
+
+ for(i = 0; i < channels_alloc; i++) {
+ Channel *c = channels[i];
+
+ if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
+ strncmp(c->path, host, sizeof(c->path)) == 0 &&
+ c->listening_port == port) {
+ debug2("%s: close clannel %d", __func__, i);
+ channel_free(c);
+ found = 1;
+ }
+ }
+
+ return (found);
+}
+
/* protocol local port fwd, used by ssh (and sshd in v1) */
int
channel_setup_local_fwd_listener(u_short listen_port,
success = 1;
break;
case SSH_SMSG_FAILURE:
- log("Warning: Server denied remote port forwarding.");
+ logit("Warning: Server denied remote port forwarding.");
break;
default:
/* Unknown packet */
}
}
+/*
+ * Request cancellation of remote forwarding of connection host:port from
+ * local side.
+ */
+
+void
+channel_request_rforward_cancel(u_short port)
+{
+ int i;
+ const char *address_to_bind = "0.0.0.0";
+
+ if (!compat20)
+ return;
+
+ for (i = 0; i < num_permitted_opens; i++) {
+ if (permitted_opens[i].host_to_connect != NULL &&
+ permitted_opens[i].listen_port == port)
+ break;
+ }
+ if (i >= num_permitted_opens) {
+ debug("%s: requested forward not found", __func__);
+ return;
+ }
+ packet_start(SSH2_MSG_GLOBAL_REQUEST);
+ packet_put_cstring("cancel-tcpip-forward");
+ packet_put_char(0);
+ packet_put_cstring(address_to_bind);
+ packet_put_int(port);
+ packet_send();
+
+ permitted_opens[i].listen_port = 0;
+ permitted_opens[i].port_to_connect = 0;
+ free(permitted_opens[i].host_to_connect);
+ permitted_opens[i].host_to_connect = NULL;
+}
+
/*
* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates
* listening for the port, and sends back a success reply (or disconnect
* privileged port.
*/
if (port < IPPORT_RESERVED && !is_root)
- packet_disconnect("Requested forwarding of port %d but user is not root.",
- port);
+ packet_disconnect(
+ "Requested forwarding of port %d but user is not root.",
+ port);
+ if (host_port == 0)
+ packet_disconnect("Dynamic forwarding denied.");
#endif
+
/* Initiate forwarding */
channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports);
int i;
for (i = 0; i < num_permitted_opens; i++)
- xfree(permitted_opens[i].host_to_connect);
+ if (permitted_opens[i].host_to_connect != NULL)
+ xfree(permitted_opens[i].host_to_connect);
num_permitted_opens = 0;
}
error("connect_to: getnameinfo failed");
continue;
}
- sock = socket(ai->ai_family, SOCK_STREAM, 0);
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
- error("socket: %.100s", strerror(errno));
+ if (ai->ai_next == NULL)
+ error("socket: %.100s", strerror(errno));
+ else
+ verbose("socket: %.100s", strerror(errno));
continue;
}
- if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0)
- fatal("connect_to: F_SETFL: %s", strerror(errno));
+ if (set_nonblock(sock) == -1)
+ fatal("%s: set_nonblock(%d)", __func__, sock);
if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 &&
errno != EINPROGRESS) {
error("connect_to %.100s port %s: %.100s", ntop, strport,
int i;
for (i = 0; i < num_permitted_opens; i++)
- if (permitted_opens[i].listen_port == listen_port)
+ if (permitted_opens[i].host_to_connect != NULL &&
+ permitted_opens[i].listen_port == listen_port)
return connect_to(
permitted_opens[i].host_to_connect,
permitted_opens[i].port_to_connect);
permit = all_opens_permitted;
if (!permit) {
for (i = 0; i < num_permitted_opens; i++)
- if (permitted_opens[i].port_to_connect == port &&
+ if (permitted_opens[i].host_to_connect != NULL &&
+ permitted_opens[i].port_to_connect == port &&
strcmp(permitted_opens[i].host_to_connect, host) == 0)
permit = 1;
}
if (!permit) {
- log("Received request to connect to host %.100s port %d, "
+ logit("Received request to connect to host %.100s port %d, "
"but the request was denied.", host, port);
return -1;
}
return connect_to(host, port);
}
+void
+channel_send_window_changes(void)
+{
+ int i;
+ struct winsize ws;
+
+ for (i = 0; i < channels_alloc; i++) {
+ if (channels[i] == NULL ||
+ channels[i]->type != SSH_CHANNEL_OPEN)
+ continue;
+ if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
+ continue;
+ channel_request_start(i, "window-change", 0);
+ packet_put_int(ws.ws_col);
+ packet_put_int(ws.ws_row);
+ packet_put_int(ws.ws_xpixel);
+ packet_put_int(ws.ws_ypixel);
+ packet_send();
+ }
+}
+
/* -- X11 forwarding */
/*
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
- sock = socket(ai->ai_family, SOCK_STREAM, 0);
+ sock = socket(ai->ai_family, ai->ai_socktype,
+ ai->ai_protocol);
if (sock < 0) {
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
error("socket: %.100s", strerror(errno));
+ freeaddrinfo(aitop);
return -1;
} else {
debug("x11_create_display_inet: Socket family %d not supported",
}
#endif
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
- debug("bind port %d: %.100s", port, strerror(errno));
+ debug2("bind port %d: %.100s", port, strerror(errno));
close(sock);
if (ai->ai_next)
/* Start listening for connections on the socket. */
for (n = 0; n < num_socks; n++) {
sock = socks[n];
- if (listen(sock, 5) < 0) {
+ if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
error("listen: %.100s", strerror(errno));
close(sock);
return -1;
nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 0, xstrdup("X11 inet listener"), 1);
+ 0, "X11 inet listener", 1);
nc->single_connection = single_connection;
}
}
for (ai = aitop; ai; ai = ai->ai_next) {
/* Create a socket. */
- sock = socket(ai->ai_family, SOCK_STREAM, 0);
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
- debug("socket: %.100s", strerror(errno));
+ debug2("socket: %.100s", strerror(errno));
continue;
}
/* Connect it to the display. */
if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
- debug("connect %.100s port %d: %.100s", buf,
+ debug2("connect %.100s port %d: %.100s", buf,
6000 + display_number, strerror(errno));
close(sock);
continue;
c->remote_id = remote_id;
c->force_drain = 1;
}
+ xfree(remote_host);
if (c == NULL) {
/* Send refusal to the remote host. */
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_send();
packet_write_wait();
}
-
-/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
-
-void
-auth_input_open_request(int type, u_int32_t seq, void *ctxt)
-{
- Channel *c = NULL;
- int remote_id, sock;
- char *name;
-
- /* Read the remote channel number from the message. */
- remote_id = packet_get_int();
- packet_check_eom();
-
- /*
- * Get a connection to the local authentication agent (this may again
- * get forwarded).
- */
- sock = ssh_get_authentication_socket();
-
- /*
- * If we could not connect the agent, send an error message back to
- * the server. This should never happen unless the agent dies,
- * because authentication forwarding is only enabled if we have an
- * agent.
- */
- if (sock >= 0) {
- name = xstrdup("authentication agent connection");
- c = channel_new("", SSH_CHANNEL_OPEN, sock, sock,
- -1, 0, 0, 0, name, 1);
- c->remote_id = remote_id;
- c->force_drain = 1;
- }
- if (c == NULL) {
- packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
- packet_put_int(remote_id);
- } else {
- /* Send a confirmation to the remote host. */
- debug("Forwarding authentication connection.");
- packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
- packet_put_int(remote_id);
- packet_put_int(c->self);
- }
- packet_send();
-}