- (djm) Sync with OpenBSD:

- markus@cvs.openbsd.org 2000/10/16 15:46:32 [ssh.1] fixes from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/10/17 14:28:11 [atomicio.c] return number of characters processed; ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:04:02 [atomicio.c] undo - markus@cvs.openbsd.org 2000/10/18 12:23:02 [scp.c] replace atomicio(read,...) with read(); ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:42:00 [session.c] restore old record login behaviour - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 [auth-skey.c] fmt string problem in unused code - provos@cvs.openbsd.org 2000/10/19 10:45:16 [sshconnect2.c] don't reference freed memory. okay deraadt@ - markus@cvs.openbsd.org 2000/10/21 11:04:23 [canohost.c] typo, eramore@era-t.ericsson.se; ok niels@ - markus@cvs.openbsd.org 2000/10/23 13:31:55 [cipher.c] non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd - markus@cvs.openbsd.org 2000/10/26 12:38:28 [compat.c] add older vandyke products - markus@cvs.openbsd.org 2000/10/27 01:32:19 [channels.c channels.h clientloop.c serverloop.c session.c] [ssh.c util.c] enable non-blocking IO on channels, and tty's (except for the client ttys). - markus@cvs.openbsd.org 2000/10/27 01:48:22 channels.c channels.h clientloop.c deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
author: Damien Miller <djm@mindrot.org> 2000-10-28 14:19:58 +1100
committer: Damien Miller <djm@mindrot.org> 2000-10-28 14:19:58 +1100
commit: 69b69aa50d0effadc8b7e9c564f7a2ee223ac6b5 (patch)
tree: 4aea8b2b116123812ade69ae73fde80fee8e0f41 /channels.c
parent: c05e01875bab590584f51bbeb464dd23c64f27fa (diff)
1 files changed, 45 insertions, 18 deletions
diff --git a/channels.c b/channels.c
index 96d8dc4b4..028c09e6a 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.70 2000/09/28 18:03:18 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.72 2000/10/27 07:48:22 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
@@ -174,7 +174,8 @@ channel_lookup(int id)
 */
 void
-channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
+channel_register_fds(Channel *c, int rfd, int wfd, int efd,
+    int extusage, int nonblock)
 {
        /* Update the maximum file descriptor value. */
        if (rfd > channel_max_fd_value)
@@ -190,12 +191,16 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
        c->sock = (rfd == wfd) ? rfd : -1;
        c->efd = efd;
        c->extended_usage = extusage;
-        if (rfd != -1)
-                set_nonblock(rfd);
+        /* enable nonblocking mode */
-        if (wfd != -1)
+        if (nonblock) {
-                set_nonblock(wfd);
+                if (rfd != -1)
-        if (efd != -1)
+                        set_nonblock(rfd);
-                set_nonblock(efd);
+                if (wfd != -1)
+                        set_nonblock(wfd);
+                if (efd != -1)
+                        set_nonblock(efd);
+        }
 }
 /*
@@ -205,7 +210,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
 int
 channel_new(char *ctype, int type, int rfd, int wfd, int efd,
-    int window, int maxpack, int extusage, char *remote_name)
+    int window, int maxpack, int extusage, char *remote_name, int nonblock)
 {
        int i, found;
        Channel *c;
@@ -245,7 +250,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
        buffer_init(&c->output);
        buffer_init(&c->extended);
        chan_init_iostates(c);
-        channel_register_fds(c, rfd, wfd, efd, extusage);
+        channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
        c->self = found;
        c->type = type;
        c->ctype = ctype;
@@ -269,7 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
 int
 channel_allocate(int type, int sock, char *remote_name)
 {
-        return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name);
+        return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name, 1);
 }
@@ -548,7 +553,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
                newch = channel_new("x11",
                    SSH_CHANNEL_OPENING, newsock, newsock, -1,
                    c->local_window_max, c->local_maxpacket,
-                    0, xstrdup(buf));
+                    0, xstrdup(buf), 1);
                if (compat20) {
                        packet_start(SSH2_MSG_CHANNEL_OPEN);
                        packet_put_cstring("x11");
@@ -606,7 +611,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
                newch = channel_new("direct-tcpip",
                    SSH_CHANNEL_OPENING, newsock, newsock, -1,
                    c->local_window_max, c->local_maxpacket,
-                    0, xstrdup(buf));
+                    0, xstrdup(buf), 1);
                if (compat20) {
                        packet_start(SSH2_MSG_CHANNEL_OPEN);
                        packet_put_cstring("direct-tcpip");
@@ -1514,7 +1519,7 @@ channel_request_local_forwarding(u_short port, const char *host,
                    "port listener", SSH_CHANNEL_PORT_LISTENER,
                    sock, sock, -1,
                    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-                    0, xstrdup("port listener"));
+                    0, xstrdup("port listener"), 1);
                strlcpy(channels[ch].path, host, sizeof(channels[ch].path));
                channels[ch].host_port = host_port;
                channels[ch].listening_port = port;
@@ -1859,7 +1864,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
                (void) channel_new("x11 listener",
                    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
                    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-                    0, xstrdup("X11 inet listener"));
+                    0, xstrdup("X11 inet listener"), 1);
        }
        /* Return a suitable value for the DISPLAY environment variable. */
@@ -2045,6 +2050,28 @@ x11_input_open(int type, int plen, void *ctxt)
        }
 }
+/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
+void
+deny_input_open(int type, int plen, void *ctxt)
+{
+        int rchan = packet_get_int();
+        switch(type){
+        case SSH_SMSG_AGENT_OPEN:
+                error("Warning: ssh server tried agent forwarding.");
+                break;
+        case SSH_SMSG_X11_OPEN:
+                error("Warning: ssh server tried X11 forwarding.");
+                break;
+        default:
+                error("deny_input_open: type %d plen %d", type, plen);
+                break;
+        }
+        error("Warning: this is probably a break in attempt by a malicious server.");
+        packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
+        packet_put_int(rchan);
+        packet_send();
+}
 /*
 * Requests forwarding of X11 connections, generates fake authentication
 * data, and enables authentication spoofing.
@@ -2349,13 +2376,13 @@ channel_register_filter(int id, channel_filter_fn *fn)
 }
 void
-channel_set_fds(int id, int rfd, int wfd, int efd, int extusage)
+channel_set_fds(int id, int rfd, int wfd, int efd,
+    int extusage, int nonblock)
 {
        Channel *c = channel_lookup(id);
        if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
                fatal("channel_activate for non-larval channel %d.", id);
+        channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
-        channel_register_fds(c, rfd, wfd, efd, extusage);
        c->type = SSH_CHANNEL_OPEN;
        /* XXX window size? */
        c->local_window = c->local_window_max = c->local_maxpacket * 2;
author	Damien Miller <djm@mindrot.org>	2000-10-28 14:19:58 +1100
committer	Damien Miller <djm@mindrot.org>	2000-10-28 14:19:58 +1100
commit	69b69aa50d0effadc8b7e9c564f7a2ee223ac6b5 (patch)
tree	4aea8b2b116123812ade69ae73fde80fee8e0f41 /channels.c
parent	c05e01875bab590584f51bbeb464dd23c64f27fa (diff)

diff --git a/channels.c b/channels.c index 96d8dc4b4..028c09e6a 100644 --- a/channels.c +++ b/channels.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: channels.c,v 1.70 2000/09/28 18:03:18 markus Exp $");	43	RCSID("$OpenBSD: channels.c,v 1.72 2000/10/27 07:48:22 markus Exp $");
44		44
45	#include "ssh.h"	45	#include "ssh.h"
46	#include "packet.h"	46	#include "packet.h"
@@ -174,7 +174,8 @@ channel_lookup(int id)
174	*/	174	*/
175		175
176	void	176	void
177	channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)	177	channel_register_fds(Channel *c, int rfd, int wfd, int efd,
		178	int extusage, int nonblock)
178	{	179	{
179	/* Update the maximum file descriptor value. */	180	/* Update the maximum file descriptor value. */
180	if (rfd > channel_max_fd_value)	181	if (rfd > channel_max_fd_value)
@@ -190,12 +191,16 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
190	c->sock = (rfd == wfd) ? rfd : -1;	191	c->sock = (rfd == wfd) ? rfd : -1;
191	c->efd = efd;	192	c->efd = efd;
192	c->extended_usage = extusage;	193	c->extended_usage = extusage;
193	if (rfd != -1)	194
194	set_nonblock(rfd);	195	/* enable nonblocking mode */
195	if (wfd != -1)	196	if (nonblock) {
196	set_nonblock(wfd);	197	if (rfd != -1)
197	if (efd != -1)	198	set_nonblock(rfd);
198	set_nonblock(efd);	199	if (wfd != -1)
		200	set_nonblock(wfd);
		201	if (efd != -1)
		202	set_nonblock(efd);
		203	}
199	}	204	}
200		205
201	/*	206	/*
@@ -205,7 +210,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
205		210
206	int	211	int
207	channel_new(char *ctype, int type, int rfd, int wfd, int efd,	212	channel_new(char *ctype, int type, int rfd, int wfd, int efd,
208	int window, int maxpack, int extusage, char *remote_name)	213	int window, int maxpack, int extusage, char *remote_name, int nonblock)
209	{	214	{
210	int i, found;	215	int i, found;
211	Channel *c;	216	Channel *c;
@@ -245,7 +250,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
245	buffer_init(&c->output);	250	buffer_init(&c->output);
246	buffer_init(&c->extended);	251	buffer_init(&c->extended);
247	chan_init_iostates(c);	252	chan_init_iostates(c);
248	channel_register_fds(c, rfd, wfd, efd, extusage);	253	channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
249	c->self = found;	254	c->self = found;
250	c->type = type;	255	c->type = type;
251	c->ctype = ctype;	256	c->ctype = ctype;
@@ -269,7 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
269	int	274	int
270	channel_allocate(int type, int sock, char *remote_name)	275	channel_allocate(int type, int sock, char *remote_name)
271	{	276	{
272	return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name);	277	return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name, 1);
273	}	278	}
274		279
275		280
@@ -548,7 +553,7 @@ channel_post_x11_listener(Channel c, fd_set readset, fd_set * writeset)
548	newch = channel_new("x11",	553	newch = channel_new("x11",
549	SSH_CHANNEL_OPENING, newsock, newsock, -1,	554	SSH_CHANNEL_OPENING, newsock, newsock, -1,
550	c->local_window_max, c->local_maxpacket,	555	c->local_window_max, c->local_maxpacket,
551	0, xstrdup(buf));	556	0, xstrdup(buf), 1);
552	if (compat20) {	557	if (compat20) {
553	packet_start(SSH2_MSG_CHANNEL_OPEN);	558	packet_start(SSH2_MSG_CHANNEL_OPEN);
554	packet_put_cstring("x11");	559	packet_put_cstring("x11");
@@ -606,7 +611,7 @@ channel_post_port_listener(Channel c, fd_set readset, fd_set * writeset)
606	newch = channel_new("direct-tcpip",	611	newch = channel_new("direct-tcpip",
607	SSH_CHANNEL_OPENING, newsock, newsock, -1,	612	SSH_CHANNEL_OPENING, newsock, newsock, -1,
608	c->local_window_max, c->local_maxpacket,	613	c->local_window_max, c->local_maxpacket,
609	0, xstrdup(buf));	614	0, xstrdup(buf), 1);
610	if (compat20) {	615	if (compat20) {
611	packet_start(SSH2_MSG_CHANNEL_OPEN);	616	packet_start(SSH2_MSG_CHANNEL_OPEN);
612	packet_put_cstring("direct-tcpip");	617	packet_put_cstring("direct-tcpip");
@@ -1514,7 +1519,7 @@ channel_request_local_forwarding(u_short port, const char *host,
1514	"port listener", SSH_CHANNEL_PORT_LISTENER,	1519	"port listener", SSH_CHANNEL_PORT_LISTENER,
1515	sock, sock, -1,	1520	sock, sock, -1,
1516	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,	1521	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1517	0, xstrdup("port listener"));	1522	0, xstrdup("port listener"), 1);
1518	strlcpy(channels[ch].path, host, sizeof(channels[ch].path));	1523	strlcpy(channels[ch].path, host, sizeof(channels[ch].path));
1519	channels[ch].host_port = host_port;	1524	channels[ch].host_port = host_port;
1520	channels[ch].listening_port = port;	1525	channels[ch].listening_port = port;
@@ -1859,7 +1864,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
1859	(void) channel_new("x11 listener",	1864	(void) channel_new("x11 listener",
1860	SSH_CHANNEL_X11_LISTENER, sock, sock, -1,	1865	SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
1861	CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,	1866	CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
1862	0, xstrdup("X11 inet listener"));	1867	0, xstrdup("X11 inet listener"), 1);
1863	}	1868	}
1864		1869
1865	/* Return a suitable value for the DISPLAY environment variable. */	1870	/* Return a suitable value for the DISPLAY environment variable. */
@@ -2045,6 +2050,28 @@ x11_input_open(int type, int plen, void *ctxt)
2045	}	2050	}
2046	}	2051	}
2047		2052
		2053	/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
		2054	void
		2055	deny_input_open(int type, int plen, void *ctxt)
		2056	{
		2057	int rchan = packet_get_int();
		2058	switch(type){
		2059	case SSH_SMSG_AGENT_OPEN:
		2060	error("Warning: ssh server tried agent forwarding.");
		2061	break;
		2062	case SSH_SMSG_X11_OPEN:
		2063	error("Warning: ssh server tried X11 forwarding.");
		2064	break;
		2065	default:
		2066	error("deny_input_open: type %d plen %d", type, plen);
		2067	break;
		2068	}
		2069	error("Warning: this is probably a break in attempt by a malicious server.");
		2070	packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
		2071	packet_put_int(rchan);
		2072	packet_send();
		2073	}
		2074
2048	/*	2075	/*
2049	* Requests forwarding of X11 connections, generates fake authentication	2076	* Requests forwarding of X11 connections, generates fake authentication
2050	* data, and enables authentication spoofing.	2077	* data, and enables authentication spoofing.
@@ -2349,13 +2376,13 @@ channel_register_filter(int id, channel_filter_fn *fn)
2349	}	2376	}
2350		2377
2351	void	2378	void
2352	channel_set_fds(int id, int rfd, int wfd, int efd, int extusage)	2379	channel_set_fds(int id, int rfd, int wfd, int efd,
		2380	int extusage, int nonblock)
2353	{	2381	{
2354	Channel *c = channel_lookup(id);	2382	Channel *c = channel_lookup(id);
2355	if (c == NULL \|\| c->type != SSH_CHANNEL_LARVAL)	2383	if (c == NULL \|\| c->type != SSH_CHANNEL_LARVAL)
2356	fatal("channel_activate for non-larval channel %d.", id);	2384	fatal("channel_activate for non-larval channel %d.", id);
2357		2385	channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
2358	channel_register_fds(c, rfd, wfd, efd, extusage);
2359	c->type = SSH_CHANNEL_OPEN;	2386	c->type = SSH_CHANNEL_OPEN;
2360	/* XXX window size? */	2387	/* XXX window size? */
2361	c->local_window = c->local_window_max = c->local_maxpacket * 2;	2388	c->local_window = c->local_window_max = c->local_maxpacket * 2;