X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/188adeb23a3cbd4165c39be879a95161f7e16807..278a05ad21a7e1729abc503ff0a1a1085b2da7f9:/clientloop.c

diff --git a/clientloop.c b/clientloop.c
index 845307eb..3a0f977b 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.36 2000/09/21 11:25:33 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.41 2000/12/05 20:34:10 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -75,6 +75,14 @@ RCSID("$OpenBSD: clientloop.c,v 1.36 2000/09/21 11:25:33 markus Exp $");
 #include "buffer.h"
 #include "bufaux.h"
 
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include "key.h"
+#include "authfd.h"
+
+/* import options */
+extern Options options;
+
 /* Flag indicating that stdin should be redirected from /dev/null. */
 extern int stdin_null_flag;
 
@@ -333,7 +341,7 @@ client_check_window_change()
 	if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
 		return;
 
-	debug("client_check_window_change: changed");
+	debug2("client_check_window_change: changed");
 
 	if (compat20) {
 		channel_request_start(session_ident, "window-change", 0);
@@ -360,8 +368,6 @@ client_check_window_change()
 void
 client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
 {
-	/*debug("client_wait_until_can_do_something"); */
-
 	/* Initialize select masks. */
 	FD_ZERO(readset);
 	FD_ZERO(writeset);
@@ -480,7 +486,6 @@ client_process_net_input(fd_set * readset)
 	if (FD_ISSET(connection_in, readset)) {
 		/* Read as much as possible. */
 		len = read(connection_in, buf, sizeof(buf));
-/*debug("read connection_in len %d", len); XXX */
 		if (len == 0) {
 			/* Received EOF.  The remote host has closed the connection. */
 			snprintf(buf, sizeof buf, "Connection to %.300s closed by remote host.\r\n",
@@ -793,7 +798,6 @@ simple_escape_filter(Channel *c, char *buf, int len)
 int
 client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 {
-	extern Options options;
 	double start_time, total_time;
 	int len;
 	char buf[100];
@@ -852,7 +856,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 		client_process_buffered_input_packets();
 
 		if (compat20 && !channel_still_open()) {
-			debug("!channel_still_open.");
+			debug2("!channel_still_open.");
 			break;
 		}
 
@@ -1016,13 +1020,99 @@ client_input_exit_status(int type, int plen, void *ctxt)
 	quit_pending = 1;
 }
 
+Channel *
+client_request_forwarded_tcpip(const char *request_type, int rchan)
+{
+	Channel* c = NULL;
+	char *listen_address, *originator_address;
+	int listen_port, originator_port;
+	int sock, newch;
+
+	/* Get rest of the packet */
+	listen_address = packet_get_string(NULL);
+	listen_port = packet_get_int();
+	originator_address = packet_get_string(NULL);
+	originator_port = packet_get_int();
+	packet_done();
+
+	debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
+	    listen_address, listen_port, originator_address, originator_port);
+
+	sock = channel_connect_by_listen_adress(listen_port);
+	if (sock >= 0) {
+		newch = channel_new("forwarded-tcpip",
+		    SSH_CHANNEL_CONNECTING, sock, sock, -1,
+		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+		    xstrdup(originator_address), 1);
+		c = channel_lookup(newch);
+	}
+	xfree(originator_address);
+	xfree(listen_address);
+	return c;
+}
+
+Channel*
+client_request_x11(const char *request_type, int rchan)
+{
+	Channel *c = NULL;
+	char *originator;
+	int originator_port;
+	int sock, newch;
+
+	if (!options.forward_x11) {
+		error("Warning: ssh server tried X11 forwarding.");
+		error("Warning: this is probably a break in attempt by a malicious server.");
+		return NULL;
+	}
+	originator = packet_get_string(NULL);
+	if (datafellows & SSH_BUG_X11FWD) {
+		debug2("buggy server: x11 request w/o originator_port");
+		originator_port = 0;
+	} else {
+		originator_port = packet_get_int();
+	}
+	packet_done();
+	/* XXX check permission */
+	sock = x11_connect_display();
+	if (sock >= 0) {
+		newch = channel_new("x11",
+		    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+		    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0,
+		    xstrdup("x11"), 1);
+		c = channel_lookup(newch);
+	}
+	xfree(originator);
+	return c;
+}
+
+Channel*
+client_request_agent(const char *request_type, int rchan)
+{
+	Channel *c = NULL;
+	int sock, newch;
+
+	if (!options.forward_agent) {
+		error("Warning: ssh server tried agent forwarding.");
+		error("Warning: this is probably a break in attempt by a malicious server.");
+		return NULL;
+	}
+	sock =  ssh_get_authentication_socket();
+	if (sock >= 0) {
+		newch = channel_new("authentication agent connection",
+		    SSH_CHANNEL_OPEN, sock, sock, -1,
+		    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+		    xstrdup("authentication agent connection"), 1);
+		c = channel_lookup(newch);
+	}
+	return c;
+}
+
 /* XXXX move to generic input handler */
 void
 client_input_channel_open(int type, int plen, void *ctxt)
 {
 	Channel *c = NULL;
 	char *ctype;
-	int id;
 	unsigned int len;
 	int rchan;
 	int rmaxpack;
@@ -1036,28 +1126,12 @@ client_input_channel_open(int type, int plen, void *ctxt)
 	debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
 	    ctype, rchan, rwindow, rmaxpack);
 
-	if (strcmp(ctype, "x11") == 0) {
-		int sock;
-		char *originator;
-		int originator_port;
-		originator = packet_get_string(NULL);
-		if (datafellows & SSH_BUG_X11FWD) {
-			debug("buggy server: x11 request w/o originator_port");
-			originator_port = 0;
-		} else {
-			originator_port = packet_get_int();
-		}
-		packet_done();
-		/* XXX check permission */
-		xfree(originator);
-		/* XXX move to channels.c */
-		sock = x11_connect_display();
-		if (sock >= 0) {
-			id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
-			    sock, sock, -1, CHAN_X11_WINDOW_DEFAULT,
-			    CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"));
-			c = channel_lookup(id);
-		}
+	if (strcmp(ctype, "forwarded-tcpip") == 0) {
+		c = client_request_forwarded_tcpip(ctype, rchan);
+	} else if (strcmp(ctype, "x11") == 0) {
+		c = client_request_x11(ctype, rchan);
+	} else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
+		c = client_request_agent(ctype, rchan);
 	}
 /* XXX duplicate : */
 	if (c != NULL) {
@@ -1108,11 +1182,14 @@ client_init_dispatch_13()
 	dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
 	dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
 	dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
-	dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
 	dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
 	dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
 	dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
-	dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
+
+	dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
+	    &auth_input_open_request : &deny_input_open);
+	dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
+	    &x11_input_open : &deny_input_open);
 }
 void
 client_init_dispatch_15()
@@ -1172,7 +1249,7 @@ client_input_channel_req(int id, void *arg)
 void
 client_set_session_ident(int id)
 {
-	debug("client_set_session_ident: id %d", id);
+	debug2("client_set_session_ident: id %d", id);
 	session_ident = id;
 	channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
 	    client_input_channel_req, (void *)0);