diff options
| author | Colin Watson <cjwatson@debian.org> | 2018-08-24 12:49:36 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2018-08-24 12:49:36 +0100 |
| commit | e6547182a54f0f268ee36e7c99319eeddffbaff2 (patch) | |
| tree | 417527229ad3f3764ba71ea383f478a168895087 /serverloop.c | |
| parent | ed6ae9c1a014a08ff5db3d768f01f2e427eeb476 (diff) | |
| parent | 71508e06fab14bc415a79a08f5535ad7bffa93d9 (diff) | |
Import openssh_7.8p1.orig.tar.gz
Diffstat (limited to 'serverloop.c')
| -rw-r--r-- | serverloop.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/serverloop.c b/serverloop.c index d6fe24cc1..7be83e2d3 100644 --- a/serverloop.c +++ b/serverloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -58,7 +58,7 @@ | |||
| 58 | #include "openbsd-compat/sys-queue.h" | 58 | #include "openbsd-compat/sys-queue.h" |
| 59 | #include "xmalloc.h" | 59 | #include "xmalloc.h" |
| 60 | #include "packet.h" | 60 | #include "packet.h" |
| 61 | #include "buffer.h" | 61 | #include "sshbuf.h" |
| 62 | #include "log.h" | 62 | #include "log.h" |
| 63 | #include "misc.h" | 63 | #include "misc.h" |
| 64 | #include "servconf.h" | 64 | #include "servconf.h" |
| @@ -67,7 +67,7 @@ | |||
| 67 | #include "channels.h" | 67 | #include "channels.h" |
| 68 | #include "compat.h" | 68 | #include "compat.h" |
| 69 | #include "ssh2.h" | 69 | #include "ssh2.h" |
| 70 | #include "key.h" | 70 | #include "sshkey.h" |
| 71 | #include "cipher.h" | 71 | #include "cipher.h" |
| 72 | #include "kex.h" | 72 | #include "kex.h" |
| 73 | #include "hostfile.h" | 73 | #include "hostfile.h" |
| @@ -103,6 +103,17 @@ static void server_init_dispatch(void); | |||
| 103 | /* requested tunnel forwarding interface(s), shared with session.c */ | 103 | /* requested tunnel forwarding interface(s), shared with session.c */ |
| 104 | char *tun_fwd_ifnames = NULL; | 104 | char *tun_fwd_ifnames = NULL; |
| 105 | 105 | ||
| 106 | /* returns 1 if bind to specified port by specified user is permitted */ | ||
| 107 | static int | ||
| 108 | bind_permitted(int port, uid_t uid) | ||
| 109 | { | ||
| 110 | if (use_privsep) | ||
| 111 | return 1; /* allow system to decide */ | ||
| 112 | if (port < IPPORT_RESERVED && uid != 0) | ||
| 113 | return 0; | ||
| 114 | return 1; | ||
| 115 | } | ||
| 116 | |||
| 106 | /* | 117 | /* |
| 107 | * we write to this pipe if a SIGCHLD is caught in order to avoid | 118 | * we write to this pipe if a SIGCHLD is caught in order to avoid |
| 108 | * the race between select() and child_terminated | 119 | * the race between select() and child_terminated |
| @@ -145,7 +156,7 @@ notify_done(fd_set *readset) | |||
| 145 | 156 | ||
| 146 | if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) | 157 | if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) |
| 147 | while (read(notify_pipe[0], &c, 1) != -1) | 158 | while (read(notify_pipe[0], &c, 1) != -1) |
| 148 | debug2("notify_done: reading"); | 159 | debug2("%s: reading", __func__); |
| 149 | } | 160 | } |
| 150 | 161 | ||
| 151 | /*ARGSUSED*/ | 162 | /*ARGSUSED*/ |
| @@ -623,7 +634,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
| 623 | rwindow = packet_get_int(); | 634 | rwindow = packet_get_int(); |
| 624 | rmaxpack = packet_get_int(); | 635 | rmaxpack = packet_get_int(); |
| 625 | 636 | ||
| 626 | debug("server_input_channel_open: ctype %s rchan %d win %d max %d", | 637 | debug("%s: ctype %s rchan %d win %d max %d", __func__, |
| 627 | ctype, rchan, rwindow, rmaxpack); | 638 | ctype, rchan, rwindow, rmaxpack); |
| 628 | 639 | ||
| 629 | if (strcmp(ctype, "session") == 0) { | 640 | if (strcmp(ctype, "session") == 0) { |
| @@ -636,7 +647,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
| 636 | c = server_request_tun(ssh); | 647 | c = server_request_tun(ssh); |
| 637 | } | 648 | } |
| 638 | if (c != NULL) { | 649 | if (c != NULL) { |
| 639 | debug("server_input_channel_open: confirm %s", ctype); | 650 | debug("%s: confirm %s", __func__, ctype); |
| 640 | c->remote_id = rchan; | 651 | c->remote_id = rchan; |
| 641 | c->have_remote_id = 1; | 652 | c->have_remote_id = 1; |
| 642 | c->remote_window = rwindow; | 653 | c->remote_window = rwindow; |
| @@ -650,7 +661,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
| 650 | packet_send(); | 661 | packet_send(); |
| 651 | } | 662 | } |
| 652 | } else { | 663 | } else { |
| 653 | debug("server_input_channel_open: failure %s", ctype); | 664 | debug("%s: failure %s", __func__, ctype); |
| 654 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); | 665 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); |
| 655 | packet_put_int(rchan); | 666 | packet_put_int(rchan); |
| 656 | packet_put_int(reason); | 667 | packet_put_int(reason); |
| @@ -750,11 +761,11 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) | |||
| 750 | struct passwd *pw = the_authctxt->pw; | 761 | struct passwd *pw = the_authctxt->pw; |
| 751 | 762 | ||
| 752 | if (pw == NULL || !the_authctxt->valid) | 763 | if (pw == NULL || !the_authctxt->valid) |
| 753 | fatal("server_input_global_request: no/invalid user"); | 764 | fatal("%s: no/invalid user", __func__); |
| 754 | 765 | ||
| 755 | rtype = packet_get_string(NULL); | 766 | rtype = packet_get_string(NULL); |
| 756 | want_reply = packet_get_char(); | 767 | want_reply = packet_get_char(); |
| 757 | debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply); | 768 | debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply); |
| 758 | 769 | ||
| 759 | /* -R style forwarding */ | 770 | /* -R style forwarding */ |
| 760 | if (strcmp(rtype, "tcpip-forward") == 0) { | 771 | if (strcmp(rtype, "tcpip-forward") == 0) { |
| @@ -763,7 +774,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) | |||
| 763 | memset(&fwd, 0, sizeof(fwd)); | 774 | memset(&fwd, 0, sizeof(fwd)); |
| 764 | fwd.listen_host = packet_get_string(NULL); | 775 | fwd.listen_host = packet_get_string(NULL); |
| 765 | fwd.listen_port = (u_short)packet_get_int(); | 776 | fwd.listen_port = (u_short)packet_get_int(); |
| 766 | debug("server_input_global_request: tcpip-forward listen %s port %d", | 777 | debug("%s: tcpip-forward listen %s port %d", __func__, |
| 767 | fwd.listen_host, fwd.listen_port); | 778 | fwd.listen_host, fwd.listen_port); |
| 768 | 779 | ||
| 769 | /* check permissions */ | 780 | /* check permissions */ |
| @@ -802,7 +813,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) | |||
| 802 | 813 | ||
| 803 | memset(&fwd, 0, sizeof(fwd)); | 814 | memset(&fwd, 0, sizeof(fwd)); |
| 804 | fwd.listen_path = packet_get_string(NULL); | 815 | fwd.listen_path = packet_get_string(NULL); |
| 805 | debug("server_input_global_request: streamlocal-forward listen path %s", | 816 | debug("%s: streamlocal-forward listen path %s", __func__, |
| 806 | fwd.listen_path); | 817 | fwd.listen_path); |
| 807 | 818 | ||
| 808 | /* check permissions */ | 819 | /* check permissions */ |