X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/d452ec1a025eec27f04251fb16baf1a0c88fb03e..d740ec16d235be70918ab2538588f982c295ae12:/serverloop.c

diff --git a/serverloop.c b/serverloop.c
index cacf0ad4..8d2642d5 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,13 +35,14 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.100 2002/03/24 16:00:27 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.116 2004/05/21 11:33:11 djm Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
 #include "servconf.h"
+#include "canohost.h"
 #include "sshpty.h"
 #include "channels.h"
 #include "compat.h"
@@ -59,7 +60,7 @@ extern ServerOptions options;
 
 /* XXX */
 extern Kex *xxx_kex;
-static Authctxt *xxx_authctxt;
+extern Authctxt *the_authctxt;
 
 static Buffer stdin_buffer;	/* Buffer for stdin data. */
 static Buffer stdout_buffer;	/* Buffer for stdout data. */
@@ -143,7 +144,9 @@ sigchld_handler(int sig)
 	int save_errno = errno;
 	debug("Received SIGCHLD.");
 	child_terminated = 1;
+#ifndef _UNICOS
 	mysignal(SIGCHLD, sigchld_handler);
+#endif
 	notify_parent();
 	errno = save_errno;
 }
@@ -155,7 +158,7 @@ sigchld_handler(int sig)
 static void
 make_packets_from_stderr_data(void)
 {
-	int len;
+	u_int len;
 
 	/* Send buffered stderr data to the client. */
 	while (buffer_len(&stderr_buffer) > 0 &&
@@ -184,7 +187,7 @@ make_packets_from_stderr_data(void)
 static void
 make_packets_from_stdout_data(void)
 {
-	int len;
+	u_int len;
 
 	/* Send buffered stdout data to the client. */
 	while (buffer_len(&stdout_buffer) > 0 &&
@@ -209,26 +212,23 @@ make_packets_from_stdout_data(void)
 static void
 client_alive_check(void)
 {
-	static int had_channel = 0;
-	int id;
-
-	id = channel_find_open();
-	if (id == -1) {
-		if (!had_channel)
-			return;
-		packet_disconnect("No open channels after timeout!");
-	}
-	had_channel = 1;
+	int channel_id;
 
 	/* timeout, check to see how many we have had */
 	if (++client_alive_timeouts > options.client_alive_count_max)
 		packet_disconnect("Timeout, your session not responding.");
 
 	/*
-	 * send a bogus channel request with "wantreply",
+	 * send a bogus global/channel request with "wantreply",
 	 * we should get back a failure
 	 */
-	channel_request_start(id, "keepalive@openssh.com", 1);
+	if ((channel_id = channel_find_open()) == -1) {
+		packet_start(SSH2_MSG_GLOBAL_REQUEST);
+		packet_put_cstring("keepalive@openssh.com");
+		packet_put_char(1);	/* boolean: want reply */
+	} else {
+		channel_request_start(channel_id, "keepalive@openssh.com", 1);
+	}
 	packet_send();
 }
 
@@ -347,15 +347,18 @@ process_input(fd_set * readset)
 	if (FD_ISSET(connection_in, readset)) {
 		len = read(connection_in, buf, sizeof(buf));
 		if (len == 0) {
-			verbose("Connection closed by remote host.");
+			verbose("Connection closed by %.100s",
+			    get_remote_ipaddr());
 			connection_closed = 1;
 			if (compat20)
 				return;
-			fatal_cleanup();
+			cleanup_exit(255);
 		} else if (len < 0) {
 			if (errno != EINTR && errno != EAGAIN) {
-				verbose("Read error from remote host: %.100s", strerror(errno));
-				fatal_cleanup();
+				verbose("Read error from remote host "
+				    "%.100s: %.100s",
+				    get_remote_ipaddr(), strerror(errno));
+				cleanup_exit(255);
 			}
 		} else {
 			/* Buffer any received data. */
@@ -670,12 +673,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
 	/* We no longer want our SIGCHLD handler to be called. */
 	mysignal(SIGCHLD, SIG_DFL);
 
-	wait_pid = waitpid(-1, &wait_status, 0);
-	if (wait_pid == -1)
-		packet_disconnect("wait: %.100s", strerror(errno));
-	else if (wait_pid != pid)
-		error("Strange, wait returned pid %d, expected %d",
-		    wait_pid, pid);
+	while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0)
+		if (errno != EINTR)
+			packet_disconnect("wait: %.100s", strerror(errno));
+	if (wait_pid != pid)
+		error("Strange, wait returned pid %ld, expected %ld",
+		    (long)wait_pid, (long)pid);
 
 	/* Check if it exited normally. */
 	if (WIFEXITED(wait_status)) {
@@ -723,8 +726,10 @@ collect_children(void)
 	sigaddset(&nset, SIGCHLD);
 	sigprocmask(SIG_BLOCK, &nset, &oset);
 	if (child_terminated) {
-		while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
-			session_close_by_pid(pid, status);
+		while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
+		    (pid < 0 && errno == EINTR))
+			if (pid > 0)
+				session_close_by_pid(pid, status);
 		child_terminated = 0;
 	}
 	sigprocmask(SIG_SETMASK, &oset, NULL);
@@ -748,8 +753,6 @@ server_loop2(Authctxt *authctxt)
 	max_fd = MAX(connection_in, connection_out);
 	max_fd = MAX(max_fd, notify_pipe[0]);
 
-	xxx_authctxt = authctxt;
-
 	server_init_dispatch();
 
 	for (;;) {
@@ -763,8 +766,14 @@ server_loop2(Authctxt *authctxt)
 		    &nalloc, 0);
 
 		collect_children();
-		if (!rekeying)
+		if (!rekeying) {
 			channel_after_select(readset, writeset);
+			if (packet_need_rekeying()) {
+				debug("need rekeying");
+				xxx_kex->done = 0;
+				kex_send_kexinit(xxx_kex);
+			}
+		}
 		process_input(readset);
 		if (connection_closed)
 			break;
@@ -785,9 +794,9 @@ server_loop2(Authctxt *authctxt)
 }
 
 static void
-server_input_channel_failure(int type, u_int32_t seq, void *ctxt)
+server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
 {
-	debug("Got CHANNEL_FAILURE for keepalive");
+	debug("Got %d/%u for keepalive", type, seq);
 	/*
 	 * reset timeout, since we got a sane answer from the client.
 	 * even if this was generated by something other than
@@ -796,7 +805,6 @@ server_input_channel_failure(int type, u_int32_t seq, void *ctxt)
 	client_alive_timeouts = 0;
 }
 
-
 static void
 server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
 {
@@ -842,7 +850,7 @@ server_input_window_size(int type, u_int32_t seq, void *ctxt)
 }
 
 static Channel *
-server_request_direct_tcpip(char *ctype)
+server_request_direct_tcpip(void)
 {
 	Channel *c;
 	int sock;
@@ -864,14 +872,14 @@ server_request_direct_tcpip(char *ctype)
 	xfree(originator);
 	if (sock < 0)
 		return NULL;
-	c = channel_new(ctype, SSH_CHANNEL_CONNECTING,
+	c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
 	    sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
-	    CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"), 1);
+	    CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
 	return c;
 }
 
 static Channel *
-server_request_session(char *ctype)
+server_request_session(void)
 {
 	Channel *c;
 
@@ -883,10 +891,10 @@ server_request_session(char *ctype)
 	 * SSH_CHANNEL_LARVAL.  Additionally, a callback for handling all
 	 * CHANNEL_REQUEST messages is registered.
 	 */
-	c = channel_new(ctype, SSH_CHANNEL_LARVAL,
+	c = channel_new("session", SSH_CHANNEL_LARVAL,
 	    -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
-	    0, xstrdup("server-session"), 1);
-	if (session_open(xxx_authctxt, c->self) != 1) {
+	    0, "server-session", 1);
+	if (session_open(the_authctxt, c->self) != 1) {
 		debug("session open failed, free channel %d", c->self);
 		channel_free(c);
 		return NULL;
@@ -900,10 +908,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
 {
 	Channel *c = NULL;
 	char *ctype;
-	u_int len;
 	int rchan;
-	int rmaxpack;
-	int rwindow;
+	u_int rmaxpack, rwindow, len;
 
 	ctype = packet_get_string(&len);
 	rchan = packet_get_int();
@@ -914,9 +920,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
 	    ctype, rchan, rwindow, rmaxpack);
 
 	if (strcmp(ctype, "session") == 0) {
-		c = server_request_session(ctype);
+		c = server_request_session();
 	} else if (strcmp(ctype, "direct-tcpip") == 0) {
-		c = server_request_direct_tcpip(ctype);
+		c = server_request_direct_tcpip();
 	}
 	if (c != NULL) {
 		debug("server_input_channel_open: confirm %s", ctype);
@@ -962,18 +968,21 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 		char *listen_address;
 		u_short listen_port;
 
-		pw = auth_get_user();
-		if (pw == NULL)
-			fatal("server_input_global_request: no user");
-		listen_address = packet_get_string(NULL); /* XXX currently ignored */
+		pw = the_authctxt->pw;
+		if (pw == NULL || !the_authctxt->valid)
+			fatal("server_input_global_request: no/invalid user");
+		listen_address = packet_get_string(NULL);
 		listen_port = (u_short)packet_get_int();
 		debug("server_input_global_request: tcpip-forward listen %s port %d",
 		    listen_address, listen_port);
 
 		/* check permissions */
 		if (!options.allow_tcp_forwarding ||
-		    no_port_forwarding_flag ||
-		    (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) {
+		    no_port_forwarding_flag
+#ifndef NO_IPPORT_RESERVED_CONCEPT
+		    || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
+#endif
+		   ) {
 			success = 0;
 			packet_send_debug("Server has disabled port forwarding.");
 		} else {
@@ -982,6 +991,17 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 			    listen_address, listen_port, options.gateway_ports);
 		}
 		xfree(listen_address);
+	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
+		char *cancel_address;
+		u_short cancel_port;
+
+		cancel_address = packet_get_string(NULL);
+		cancel_port = (u_short)packet_get_int();
+		debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
+		    cancel_address, cancel_port);
+
+		success = channel_cancel_rport_listener(cancel_address,
+		    cancel_port);
 	}
 	if (want_reply) {
 		packet_start(success ?
@@ -1035,7 +1055,9 @@ server_init_dispatch_20(void)
 	dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
 	dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
 	/* client_alive */
-	dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_channel_failure);
+	dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
+	dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
+	dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
 	/* rekeying */
 	dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
 }