X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/875ec2753a1297bbed3492345f6fd1069fd7f809..9a6fee8b2b42608a177803d2351d3cfe732910d8:/channels.c diff --git a/channels.c b/channels.c index cca138c2..e27ae1fa 100644 --- a/channels.c +++ b/channels.c @@ -39,14 +39,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.173 2002/04/22 21:04:52 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $"); #include "ssh.h" #include "ssh1.h" #include "ssh2.h" #include "packet.h" #include "xmalloc.h" -#include "uidswap.h" #include "log.h" #include "misc.h" #include "channels.h" @@ -129,10 +128,6 @@ static u_int x11_fake_data_len; #define NUM_SOCKS 10 -/* Name and directory of socket for authentication agent forwarding. */ -static char *auth_sock_name = NULL; -static char *auth_sock_dir = NULL; - /* AF_UNSPEC or AF_INET or AF_INET6 */ static int IPv4or6 = AF_UNSPEC; @@ -147,12 +142,12 @@ channel_lookup(int id) Channel *c; if (id < 0 || id >= channels_alloc) { - log("channel_lookup: %d: bad id", id); + logit("channel_lookup: %d: bad id", id); return NULL; } c = channels[id]; if (c == NULL) { - log("channel_lookup: %d: bad id: channel free", id); + logit("channel_lookup: %d: bad id: channel free", id); return NULL; } return c; @@ -191,6 +186,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, } else { c->isatty = 0; } + c->wfd_isatty = isatty(c->wfd); /* enable nonblocking mode */ if (nonblock) { @@ -210,7 +206,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, Channel * channel_new(char *ctype, int type, int rfd, int wfd, int efd, - int window, int maxpack, int extusage, char *remote_name, int nonblock) + u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) { int i, found; Channel *c; @@ -234,6 +230,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; channels_alloc += 10; + if (channels_alloc > 10000) + fatal("channel_new: internal error: channels_alloc %d " + "too big.", channels_alloc); debug2("channel: expanding %d", channels_alloc); channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); for (i = found; i < channels_alloc; i++) @@ -414,13 +413,13 @@ channel_not_very_much_buffered_data(void) #if 0 if (!compat20 && buffer_len(&c->input) > packet_get_maxsize()) { - debug("channel %d: big input buffer %d", + debug2("channel %d: big input buffer %d", c->self, buffer_len(&c->input)); return 0; } #endif if (buffer_len(&c->output) > packet_get_maxsize()) { - debug("channel %d: big output buffer %d > %d", + debug2("channel %d: big output buffer %d > %d", c->self, buffer_len(&c->output), packet_get_maxsize()); return 0; @@ -574,11 +573,12 @@ void channel_send_open(int id) { Channel *c = channel_lookup(id); + if (c == NULL) { - log("channel_send_open: %d: bad id", id); + logit("channel_send_open: %d: bad id", id); return; } - debug("send channel open %d", id); + debug2("channel %d: send open", id); packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring(c->ctype); packet_put_int(c->self); @@ -588,14 +588,15 @@ channel_send_open(int id) } void -channel_request_start(int local_id, char *service, int wantconfirm) +channel_request_start(int id, char *service, int wantconfirm) { - Channel *c = channel_lookup(local_id); + Channel *c = channel_lookup(id); + if (c == NULL) { - log("channel_request_start: %d: unknown channel id", local_id); + logit("channel_request_start: %d: unknown channel id", id); return; } - debug("channel request %d: %s", local_id, service) ; + debug("channel %d: request %s", id, service) ; packet_start(SSH2_MSG_CHANNEL_REQUEST); packet_put_int(c->remote_id); packet_put_cstring(service); @@ -605,8 +606,9 @@ void channel_register_confirm(int id, channel_callback_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { - log("channel_register_comfirm: %d: bad id", id); + logit("channel_register_comfirm: %d: bad id", id); return; } c->confirm = fn; @@ -615,8 +617,9 @@ void channel_register_cleanup(int id, channel_callback_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { - log("channel_register_cleanup: %d: bad id", id); + logit("channel_register_cleanup: %d: bad id", id); return; } c->detach_user = fn; @@ -625,8 +628,9 @@ void channel_cancel_cleanup(int id) { Channel *c = channel_lookup(id); + if (c == NULL) { - log("channel_cancel_cleanup: %d: bad id", id); + logit("channel_cancel_cleanup: %d: bad id", id); return; } c->detach_user = NULL; @@ -635,8 +639,9 @@ void channel_register_filter(int id, channel_filter_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { - log("channel_register_filter: %d: bad id", id); + logit("channel_register_filter: %d: bad id", id); return; } c->input_filter = fn; @@ -647,6 +652,7 @@ channel_set_fds(int id, int rfd, int wfd, int efd, int extusage, int nonblock, u_int window_max) { Channel *c = channel_lookup(id); + if (c == NULL || c->type != SSH_CHANNEL_LARVAL) fatal("channel_activate for non-larval channel %d.", id); channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); @@ -817,6 +823,7 @@ static void channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) { int ret = x11_open_helper(&c->output); + if (ret == 1) { /* Start normal processing for the channel. */ c->type = SSH_CHANNEL_OPEN; @@ -826,7 +833,7 @@ channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) * We have received an X11 connection that has bad * authentication information. */ - log("X11 connection rejected because of wrong authentication."); + logit("X11 connection rejected because of wrong authentication."); buffer_clear(&c->input); buffer_clear(&c->output); channel_close_fd(&c->sock); @@ -849,7 +856,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) c->type = SSH_CHANNEL_OPEN; channel_pre_open(c, readset, writeset); } else if (ret == -1) { - log("X11 connection rejected because of wrong authentication."); + logit("X11 connection rejected because of wrong authentication."); debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); chan_read_failed(c); buffer_clear(&c->input); @@ -868,7 +875,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) static int channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) { - u_char *p, *host; + char *p, *host; int len, have, i, found; char username[256]; struct { @@ -1280,6 +1287,11 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) buffer_len(&c->output) > 0) { data = buffer_ptr(&c->output); dlen = buffer_len(&c->output); +#ifdef _AIX + /* XXX: Later AIX versions can't push as much data to tty */ + if (compat20 && c->wfd_isatty && dlen > 8*1024) + dlen = 8*1024; +#endif len = write(c->wfd, data, dlen); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; @@ -1397,6 +1409,7 @@ static void channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset) { int len; + /* Send buffered output data to the socket. */ if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) { len = write(c->sock, buffer_ptr(&c->output), @@ -1474,6 +1487,7 @@ static void channel_handler_init(void) { int i; + for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { channel_pre[i] = NULL; channel_post[i] = NULL; @@ -1573,8 +1587,9 @@ channel_after_select(fd_set * readset, fd_set * writeset) void channel_output_poll(void) { - int len, i; Channel *c; + int i; + u_int len; for (i = 0; i < channels_alloc; i++) { c = channels[i]; @@ -1652,7 +1667,7 @@ channel_output_poll(void) c->remote_window > 0 && (len = buffer_len(&c->extended)) > 0 && c->extended_usage == CHAN_EXTENDED_READ) { - debug2("channel %d: rwin %d elen %d euse %d", + debug2("channel %d: rwin %u elen %u euse %d", c->self, c->remote_window, buffer_len(&c->extended), c->extended_usage); if (len > c->remote_window) @@ -1702,11 +1717,11 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) if (compat20) { if (data_len > c->local_maxpacket) { - log("channel %d: rcvd big packet %d, maxpack %d", + logit("channel %d: rcvd big packet %d, maxpack %d", c->self, data_len, c->local_maxpacket); } if (data_len > c->local_window) { - log("channel %d: rcvd too much data %d, win %d", + logit("channel %d: rcvd too much data %d, win %d", c->self, data_len, c->local_window); xfree(data); return; @@ -1722,9 +1737,8 @@ void channel_input_extended_data(int type, u_int32_t seq, void *ctxt) { int id; - int tcode; char *data; - u_int data_len; + u_int data_len, tcode; Channel *c; /* Get the channel number and verify it. */ @@ -1734,7 +1748,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) if (c == NULL) packet_disconnect("Received extended_data for bad channel %d.", id); if (c->type != SSH_CHANNEL_OPEN) { - log("channel %d: ext data for non open", id); + logit("channel %d: ext data for non open", id); return; } if (c->flags & CHAN_EOF_RCVD) { @@ -1748,13 +1762,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) if (c->efd == -1 || c->extended_usage != CHAN_EXTENDED_WRITE || tcode != SSH2_EXTENDED_DATA_STDERR) { - log("channel %d: bad ext data", c->self); + logit("channel %d: bad ext data", c->self); return; } data = packet_get_string(&data_len); packet_check_eom(); if (data_len > c->local_window) { - log("channel %d: rcvd too much extended_data %d, win %d", + logit("channel %d: rcvd too much extended_data %d, win %d", c->self, data_len, c->local_window); xfree(data); return; @@ -1879,7 +1893,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) c->confirm(c->self, NULL); debug2("callback done"); } - debug("channel %d: open confirm rwindow %d rmax %d", c->self, + debug("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); } packet_check_eom(); @@ -1920,7 +1934,7 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) msg = packet_get_string(NULL); lang = packet_get_string(NULL); } - log("channel %d: open failed: %s%s%s", id, + logit("channel %d: open failed: %s%s%s", id, reason2txt(reason), msg ? ": ": "", msg ? msg : ""); if (msg != NULL) xfree(msg); @@ -1936,7 +1950,8 @@ void channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) { Channel *c; - int id, adjust; + int id; + u_int adjust; if (!compat20) return; @@ -1946,13 +1961,13 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) c = channel_lookup(id); if (c == NULL || c->type != SSH_CHANNEL_OPEN) { - log("Received window adjust for " + logit("Received window adjust for " "non-open channel %d.", id); return; } adjust = packet_get_int(); packet_check_eom(); - debug2("channel %d: rcvd adjust %d", id, adjust); + debug2("channel %d: rcvd adjust %u", id, adjust); c->remote_window += adjust; } @@ -1982,6 +1997,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) c->remote_id = remote_id; } if (c == NULL) { + xfree(originator_string); packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); packet_send(); @@ -2007,7 +2023,6 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por struct addrinfo hints, *ai, *aitop; const char *host; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - struct linger linger; success = 0; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? @@ -2050,13 +2065,13 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por continue; } /* - * Set socket options. We would like the socket to disappear - * as soon as it has been closed for whatever reason. + * Set socket options. + * Allow local port reuse in TIME_WAIT. */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, + sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR: %s", strerror(errno)); + debug("Local forwarding listening on %s port %s.", ntop, strport); /* Bind the socket to the address. */ @@ -2152,7 +2167,7 @@ channel_request_remote_forwarding(u_short listen_port, success = 1; break; case SSH_SMSG_FAILURE: - log("Warning: Server denied remote port forwarding."); + logit("Warning: Server denied remote port forwarding."); break; default: /* Unknown packet */ @@ -2267,7 +2282,10 @@ connect_to(const char *host, u_short port) } sock = socket(ai->ai_family, SOCK_STREAM, 0); if (sock < 0) { - error("socket: %.100s", strerror(errno)); + if (ai->ai_next == NULL) + error("socket: %.100s", strerror(errno)); + else + verbose("socket: %.100s", strerror(errno)); continue; } if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) @@ -2322,7 +2340,7 @@ channel_connect_to(const char *host, u_short port) } if (!permit) { - log("Received request to connect to host %.100s port %d, " + logit("Received request to connect to host %.100s port %d, " "but the request was denied.", host, port); return -1; } @@ -2333,12 +2351,12 @@ channel_connect_to(const char *host, u_short port) /* * Creates an internet domain socket for listening for X11 connections. - * Returns a suitable display number for the DISPLAY variable, or -1 if - * an error occurs. + * Returns 0 and a suitable display number for the DISPLAY variable + * stored in display_numberp , or -1 if an error occurs. */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, - int single_connection) + int single_connection, u_int *display_numberp) { Channel *nc = NULL; int display_number, sock; @@ -2436,7 +2454,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Return the display number for the DISPLAY environment variable. */ - return display_number; + *display_numberp = display_number; + return (0); } static int @@ -2591,6 +2610,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) /* Send refusal to the remote host. */ packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); + xfree(remote_host); } else { /* Send a confirmation to the remote host. */ packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); @@ -2605,6 +2625,7 @@ void deny_input_open(int type, u_int32_t seq, void *ctxt) { int rchan = packet_get_int(); + switch (type) { case SSH_SMSG_AGENT_OPEN: error("Warning: ssh server tried agent forwarding."); @@ -2704,105 +2725,6 @@ auth_request_forwarding(void) packet_write_wait(); } -/* - * Returns the name of the forwarded authentication socket. Returns NULL if - * there is no forwarded authentication socket. The returned value points to - * a static buffer. - */ - -char * -auth_get_socket_name(void) -{ - return auth_sock_name; -} - -/* removes the agent forwarding socket */ - -void -auth_sock_cleanup_proc(void *_pw) -{ - struct passwd *pw = _pw; - - if (auth_sock_name) { - temporarily_use_uid(pw); - unlink(auth_sock_name); - rmdir(auth_sock_dir); - auth_sock_name = NULL; - restore_uid(); - } -} - -/* - * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. - * This starts forwarding authentication requests. - */ - -int -auth_input_request_forwarding(struct passwd * pw) -{ - Channel *nc; - int sock; - struct sockaddr_un sunaddr; - - if (auth_get_socket_name() != NULL) { - error("authentication forwarding requested twice."); - return 0; - } - - /* Temporarily drop privileged uid for mkdir/bind. */ - temporarily_use_uid(pw); - - /* Allocate a buffer for the socket name, and format the name. */ - auth_sock_name = xmalloc(MAXPATHLEN); - auth_sock_dir = xmalloc(MAXPATHLEN); - strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); - - /* Create private directory for socket */ - if (mkdtemp(auth_sock_dir) == NULL) { - packet_send_debug("Agent forwarding disabled: " - "mkdtemp() failed: %.100s", strerror(errno)); - restore_uid(); - xfree(auth_sock_name); - xfree(auth_sock_dir); - auth_sock_name = NULL; - auth_sock_dir = NULL; - return 0; - } - snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d", - auth_sock_dir, (int) getpid()); - - /* delete agent socket on fatal() */ - fatal_add_cleanup(auth_sock_cleanup_proc, pw); - - /* Create the socket. */ - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - - /* Bind it to the name. */ - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); - - if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Restore the privileged uid. */ - restore_uid(); - - /* Start listening on the socket. */ - if (listen(sock, 5) < 0) - packet_disconnect("listen: %.100s", strerror(errno)); - - /* Allocate a channel for the authentication agent socket. */ - nc = channel_new("auth socket", - SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, xstrdup("auth socket"), 1); - strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); - return 1; -} - /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ void