X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/811a6342ecb70c20c47b2d5aa854e0531badeb0c..556f1c050904b36aa3c83a423d9c50f5ceeff685:/channels.c diff --git a/channels.c b/channels.c index 325f278f..1586ea39 100644 --- a/channels.c +++ b/channels.c @@ -39,14 +39,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.169 2002/02/24 19:59:42 stevesk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.184 2002/12/13 10:03:15 markus Exp $"); #include "ssh.h" #include "ssh1.h" #include "ssh2.h" #include "packet.h" #include "xmalloc.h" -#include "uidswap.h" #include "log.h" #include "misc.h" #include "channels.h" @@ -129,10 +128,6 @@ static u_int x11_fake_data_len; #define NUM_SOCKS 10 -/* Name and directory of socket for authentication agent forwarding. */ -static char *auth_sock_name = NULL; -static char *auth_sock_dir = NULL; - /* AF_UNSPEC or AF_INET or AF_INET6 */ static int IPv4or6 = AF_UNSPEC; @@ -146,7 +141,7 @@ channel_lookup(int id) { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; } @@ -191,6 +186,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, } else { c->isatty = 0; } + c->wfd_isatty = isatty(c->wfd); /* enable nonblocking mode */ if (nonblock) { @@ -210,7 +206,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, Channel * channel_new(char *ctype, int type, int rfd, int wfd, int efd, - int window, int maxpack, int extusage, char *remote_name, int nonblock) + u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) { int i, found; Channel *c; @@ -234,6 +230,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; channels_alloc += 10; + if (channels_alloc > 10000) + fatal("channel_new: internal error: channels_alloc %d " + "too big.", channels_alloc); debug2("channel: expanding %d", channels_alloc); channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); for (i = found; i < channels_alloc; i++) @@ -574,11 +573,12 @@ void channel_send_open(int id) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_send_open: %d: bad id", id); return; } - debug("send channel open %d", id); + debug2("channel %d: send open", id); packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring(c->ctype); packet_put_int(c->self); @@ -588,14 +588,15 @@ channel_send_open(int id) } void -channel_request_start(int local_id, char *service, int wantconfirm) +channel_request_start(int id, char *service, int wantconfirm) { - Channel *c = channel_lookup(local_id); + Channel *c = channel_lookup(id); + if (c == NULL) { - log("channel_request_start: %d: unknown channel id", local_id); + log("channel_request_start: %d: unknown channel id", id); return; } - debug("channel request %d: %s", local_id, service) ; + debug("channel %d: request %s", id, service) ; packet_start(SSH2_MSG_CHANNEL_REQUEST); packet_put_int(c->remote_id); packet_put_cstring(service); @@ -605,6 +606,7 @@ void channel_register_confirm(int id, channel_callback_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_register_comfirm: %d: bad id", id); return; @@ -615,6 +617,7 @@ void channel_register_cleanup(int id, channel_callback_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_register_cleanup: %d: bad id", id); return; @@ -625,6 +628,7 @@ void channel_cancel_cleanup(int id) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_cancel_cleanup: %d: bad id", id); return; @@ -635,6 +639,7 @@ void channel_register_filter(int id, channel_filter_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_register_filter: %d: bad id", id); return; @@ -647,6 +652,7 @@ channel_set_fds(int id, int rfd, int wfd, int efd, int extusage, int nonblock, u_int window_max) { Channel *c = channel_lookup(id); + if (c == NULL || c->type != SSH_CHANNEL_LARVAL) fatal("channel_activate for non-larval channel %d.", id); channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); @@ -706,7 +712,11 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) if (buffer_len(&c->output) > 0) { FD_SET(c->wfd, writeset); } else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { - chan_obuf_empty(c); + if (CHANNEL_EFD_OUTPUT_ACTIVE(c)) + debug2("channel %d: obuf_empty delayed efd %d/(%d)", + c->self, c->efd, buffer_len(&c->extended)); + else + chan_obuf_empty(c); } } /** XXX check close conditions, too */ @@ -714,7 +724,8 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) if (c->extended_usage == CHAN_EXTENDED_WRITE && buffer_len(&c->extended) > 0) FD_SET(c->efd, writeset); - else if (c->extended_usage == CHAN_EXTENDED_READ && + else if (!(c->flags & CHAN_EOF_SENT) && + c->extended_usage == CHAN_EXTENDED_READ && buffer_len(&c->extended) < c->remote_window) FD_SET(c->efd, readset); } @@ -812,6 +823,7 @@ static void channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) { int ret = x11_open_helper(&c->output); + if (ret == 1) { /* Start normal processing for the channel. */ c->type = SSH_CHANNEL_OPEN; @@ -863,7 +875,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) static int channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) { - u_char *p, *host; + char *p, *host; int len, have, i, found; char username[256]; struct { @@ -1184,8 +1196,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset) socklen_t sz = sizeof(err); if (FD_ISSET(c->sock, writeset)) { - if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, - &sz) < 0) { + if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) { err = errno; error("getsockopt SO_ERROR failed"); } @@ -1276,6 +1287,11 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) buffer_len(&c->output) > 0) { data = buffer_ptr(&c->output); dlen = buffer_len(&c->output); +#ifdef _AIX + /* XXX: Later AIX versions can't push as much data to tty */ + if (compat20 && c->wfd_isatty && dlen > 8*1024) + dlen = 8*1024; +#endif len = write(c->wfd, data, dlen); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; @@ -1393,6 +1409,7 @@ static void channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset) { int len; + /* Send buffered output data to the socket. */ if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) { len = write(c->sock, buffer_ptr(&c->output), @@ -1470,6 +1487,7 @@ static void channel_handler_init(void) { int i; + for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { channel_pre[i] = NULL; channel_post[i] = NULL; @@ -1569,8 +1587,9 @@ channel_after_select(fd_set * readset, fd_set * writeset) void channel_output_poll(void) { - int len, i; Channel *c; + int i; + u_int len; for (i = 0; i < channels_alloc; i++) { c = channels[i]; @@ -1633,16 +1652,22 @@ channel_output_poll(void) fatal("cannot happen: istate == INPUT_WAIT_DRAIN for proto 1.3"); /* * input-buffer is empty and read-socket shutdown: - * tell peer, that we will not send more data: send IEOF + * tell peer, that we will not send more data: send IEOF. + * hack for extended data: delay EOF if EFD still in use. */ - chan_ibuf_empty(c); + if (CHANNEL_EFD_INPUT_ACTIVE(c)) + debug2("channel %d: ibuf_empty delayed efd %d/(%d)", + c->self, c->efd, buffer_len(&c->extended)); + else + chan_ibuf_empty(c); } /* Send extended data, i.e. stderr */ if (compat20 && + !(c->flags & CHAN_EOF_SENT) && c->remote_window > 0 && (len = buffer_len(&c->extended)) > 0 && c->extended_usage == CHAN_EXTENDED_READ) { - debug2("channel %d: rwin %d elen %d euse %d", + debug2("channel %d: rwin %u elen %u euse %d", c->self, c->remote_window, buffer_len(&c->extended), c->extended_usage); if (len > c->remote_window) @@ -1712,9 +1737,8 @@ void channel_input_extended_data(int type, u_int32_t seq, void *ctxt) { int id; - int tcode; char *data; - u_int data_len; + u_int data_len, tcode; Channel *c; /* Get the channel number and verify it. */ @@ -1727,6 +1751,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) log("channel %d: ext data for non open", id); return; } + if (c->flags & CHAN_EOF_RCVD) { + if (datafellows & SSH_BUG_EXTEOF) + debug("channel %d: accepting ext data after eof", id); + else + packet_disconnect("Received extended_data after EOF " + "on channel %d.", id); + } tcode = packet_get_int(); if (c->efd == -1 || c->extended_usage != CHAN_EXTENDED_WRITE || @@ -1862,7 +1893,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) c->confirm(c->self, NULL); debug2("callback done"); } - debug("channel %d: open confirm rwindow %d rmax %d", c->self, + debug("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); } packet_check_eom(); @@ -1919,7 +1950,8 @@ void channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) { Channel *c; - int id, adjust; + int id; + u_int adjust; if (!compat20) return; @@ -1935,7 +1967,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) } adjust = packet_get_int(); packet_check_eom(); - debug2("channel %d: rcvd adjust %d", id, adjust); + debug2("channel %d: rcvd adjust %u", id, adjust); c->remote_window += adjust; } @@ -1990,7 +2022,6 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por struct addrinfo hints, *ai, *aitop; const char *host; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - struct linger linger; success = 0; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? @@ -2033,13 +2064,13 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por continue; } /* - * Set socket options. We would like the socket to disappear - * as soon as it has been closed for whatever reason. + * Set socket options. + * Allow local port reuse in TIME_WAIT. */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger)); + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, + sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR: %s", strerror(errno)); + debug("Local forwarding listening on %s port %s.", ntop, strport); /* Bind the socket to the address. */ @@ -2113,7 +2144,7 @@ channel_request_remote_forwarding(u_short listen_port, const char *address_to_bind = "0.0.0.0"; packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); - packet_put_char(0); /* boolean: want reply */ + packet_put_char(1); /* boolean: want reply */ packet_put_cstring(address_to_bind); packet_put_int(listen_port); packet_send(); @@ -2316,12 +2347,12 @@ channel_connect_to(const char *host, u_short port) /* * Creates an internet domain socket for listening for X11 connections. - * Returns a suitable display number for the DISPLAY variable, or -1 if - * an error occurs. + * Returns 0 and a suitable display number for the DISPLAY variable + * stored in display_numberp , or -1 if an error occurs. */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, - int single_connection) + int single_connection, u_int *display_numberp) { Channel *nc = NULL; int display_number, sock; @@ -2357,6 +2388,13 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, continue; } } +#ifdef IPV6_V6ONLY + if (ai->ai_family == AF_INET6) { + int on = 1; + if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) + error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); + } +#endif if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug("bind port %d: %.100s", port, strerror(errno)); close(sock); @@ -2375,7 +2413,12 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, if (num_socks == NUM_SOCKS) break; #else - break; + if (x11_use_localhost) { + if (num_socks == NUM_SOCKS) + break; + } else { + break; + } #endif } freeaddrinfo(aitop); @@ -2407,7 +2450,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Return the display number for the DISPLAY environment variable. */ - return display_number; + *display_numberp = display_number; + return (0); } static int @@ -2576,6 +2620,7 @@ void deny_input_open(int type, u_int32_t seq, void *ctxt) { int rchan = packet_get_int(); + switch (type) { case SSH_SMSG_AGENT_OPEN: error("Warning: ssh server tried agent forwarding."); @@ -2675,105 +2720,6 @@ auth_request_forwarding(void) packet_write_wait(); } -/* - * Returns the name of the forwarded authentication socket. Returns NULL if - * there is no forwarded authentication socket. The returned value points to - * a static buffer. - */ - -char * -auth_get_socket_name(void) -{ - return auth_sock_name; -} - -/* removes the agent forwarding socket */ - -void -auth_sock_cleanup_proc(void *_pw) -{ - struct passwd *pw = _pw; - - if (auth_sock_name) { - temporarily_use_uid(pw); - unlink(auth_sock_name); - rmdir(auth_sock_dir); - auth_sock_name = NULL; - restore_uid(); - } -} - -/* - * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. - * This starts forwarding authentication requests. - */ - -int -auth_input_request_forwarding(struct passwd * pw) -{ - Channel *nc; - int sock; - struct sockaddr_un sunaddr; - - if (auth_get_socket_name() != NULL) { - error("authentication forwarding requested twice."); - return 0; - } - - /* Temporarily drop privileged uid for mkdir/bind. */ - temporarily_use_uid(pw); - - /* Allocate a buffer for the socket name, and format the name. */ - auth_sock_name = xmalloc(MAXPATHLEN); - auth_sock_dir = xmalloc(MAXPATHLEN); - strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); - - /* Create private directory for socket */ - if (mkdtemp(auth_sock_dir) == NULL) { - packet_send_debug("Agent forwarding disabled: " - "mkdtemp() failed: %.100s", strerror(errno)); - restore_uid(); - xfree(auth_sock_name); - xfree(auth_sock_dir); - auth_sock_name = NULL; - auth_sock_dir = NULL; - return 0; - } - snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d", - auth_sock_dir, (int) getpid()); - - /* delete agent socket on fatal() */ - fatal_add_cleanup(auth_sock_cleanup_proc, pw); - - /* Create the socket. */ - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - - /* Bind it to the name. */ - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); - - if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Restore the privileged uid. */ - restore_uid(); - - /* Start listening on the socket. */ - if (listen(sock, 5) < 0) - packet_disconnect("listen: %.100s", strerror(errno)); - - /* Allocate a channel for the authentication agent socket. */ - nc = channel_new("auth socket", - SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, xstrdup("auth socket"), 1); - strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); - return 1; -} - /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ void