upstream commit

remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
author: markus@openbsd.org <markus@openbsd.org> 2016-08-13 17:47:40 +0000
committer: Damien Miller <djm@mindrot.org> 2016-08-14 11:19:14 +1000
commit: 6cb6dcffe1a2204ba9006de20f73255c268fcb6b (patch)
tree: 235267a1264f9363c39c4c0b11b59384e9acbdcf /session.c
parent: 42d47adc5ad1187f22c726cbc52e71d6b1767ca2 (diff)
1 files changed, 11 insertions, 201 deletions
diff --git a/session.c b/session.c
index 2235f26ac..9bad653fc 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */
+/* $OpenBSD: session.c,v 1.283 2016/08/13 17:47:41 markus Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -66,7 +66,6 @@
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
 #include "ssh.h"
-#include "ssh1.h"
 #include "ssh2.h"
 #include "sshpty.h"
 #include "packet.h"
@@ -128,7 +127,6 @@ void	do_child(Session *, const char *);
 void    do_motd(void);
 int     check_quietlogin(Session *, const char *);
-static void do_authenticated1(Authctxt *);
 static void do_authenticated2(Authctxt *);
 static int session_pty_req(Session *);
@@ -267,11 +265,7 @@ do_authenticated(Authctxt *authctxt)
        auth_debug_send();
-        if (compat20)
+        do_authenticated2(authctxt);
-                do_authenticated2(authctxt);
-        else
-                do_authenticated1(authctxt);
        do_cleanup(authctxt);
 }
@@ -290,164 +284,6 @@ xauth_valid_string(const char *s)
        return 1;
 }
-/*
- * Prepares for an interactive session.  This is called after the user has
- * been successfully authenticated.  During this message exchange, pseudo
- * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
- * are requested, etc.
- */
-static void
-do_authenticated1(Authctxt *authctxt)
-{
-        Session *s;
-        char *command;
-        int success, type, screen_flag;
-        int enable_compression_after_reply = 0;
-        u_int proto_len, data_len, dlen, compression_level = 0;
-        s = session_new();
-        if (s == NULL) {
-                error("no more sessions");
-                return;
-        }
-        s->authctxt = authctxt;
-        s->pw = authctxt->pw;
-        /*
-         * We stay in this loop until the client requests to execute a shell
-         * or a command.
-         */
-        for (;;) {
-                success = 0;
-                /* Get a packet from the client. */
-                type = packet_read();
-                /* Process the packet. */
-                switch (type) {
-                case SSH_CMSG_REQUEST_COMPRESSION:
-                        compression_level = packet_get_int();
-                        packet_check_eom();
-                        if (compression_level < 1 || compression_level > 9) {
-                                packet_send_debug("Received invalid compression level %d.",
-                                    compression_level);
-                                break;
-                        }
-                        if (options.compression == COMP_NONE) {
-                                debug2("compression disabled");
-                                break;
-                        }
-                        /* Enable compression after we have responded with SUCCESS. */
-                        enable_compression_after_reply = 1;
-                        success = 1;
-                        break;
-                case SSH_CMSG_REQUEST_PTY:
-                        success = session_pty_req(s);
-                        break;
-                case SSH_CMSG_X11_REQUEST_FORWARDING:
-                        s->auth_proto = packet_get_string(&proto_len);
-                        s->auth_data = packet_get_string(&data_len);
-                        screen_flag = packet_get_protocol_flags() &
-                            SSH_PROTOFLAG_SCREEN_NUMBER;
-                        debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag);
-                        if (packet_remaining() == 4) {
-                                if (!screen_flag)
-                                        debug2("Buggy client: "
-                                            "X11 screen flag missing");
-                                s->screen = packet_get_int();
-                        } else {
-                                s->screen = 0;
-                        }
-                        packet_check_eom();
-                        if (xauth_valid_string(s->auth_proto) &&
-                            xauth_valid_string(s->auth_data))
-                                success = session_setup_x11fwd(s);
-                        else {
-                                success = 0;
-                                error("Invalid X11 forwarding data");
-                        }
-                        if (!success) {
-                                free(s->auth_proto);
-                                free(s->auth_data);
-                                s->auth_proto = NULL;
-                                s->auth_data = NULL;
-                        }
-                        break;
-                case SSH_CMSG_AGENT_REQUEST_FORWARDING:
-                        if (!options.allow_agent_forwarding ||
-                            no_agent_forwarding_flag || compat13) {
-                                debug("Authentication agent forwarding not permitted for this authentication.");
-                                break;
-                        }
-                        debug("Received authentication agent forwarding request.");
-                        success = auth_input_request_forwarding(s->pw);
-                        break;
-                case SSH_CMSG_PORT_FORWARD_REQUEST:
-                        if (no_port_forwarding_flag) {
-                                debug("Port forwarding not permitted for this authentication.");
-                                break;
-                        }
-                        if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) {
-                                debug("Port forwarding not permitted.");
-                                break;
-                        }
-                        debug("Received TCP/IP port forwarding request.");
-                        if (channel_input_port_forward_request(s->pw->pw_uid == 0,
-                            &options.fwd_opts) < 0) {
-                                debug("Port forwarding failed.");
-                                break;
-                        }
-                        success = 1;
-                        break;
-                case SSH_CMSG_MAX_PACKET_SIZE:
-                        if (packet_set_maxsize(packet_get_int()) > 0)
-                                success = 1;
-                        break;
-                case SSH_CMSG_EXEC_SHELL:
-                case SSH_CMSG_EXEC_CMD:
-                        if (type == SSH_CMSG_EXEC_CMD) {
-                                command = packet_get_string(&dlen);
-                                debug("Exec command '%.500s'", command);
-                                if (do_exec(s, command) != 0)
-                                        packet_disconnect(
-                                            "command execution failed");
-                                free(command);
-                        } else {
-                                if (do_exec(s, NULL) != 0)
-                                        packet_disconnect(
-                                            "shell execution failed");
-                        }
-                        packet_check_eom();
-                        session_close(s);
-                        return;
-                default:
-                        /*
-                         * Any unknown messages in this phase are ignored,
-                         * and a failure message is returned.
-                         */
-                        logit("Unknown packet type received after authentication: %d", type);
-                }
-                packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
-                packet_send();
-                packet_write_wait();
-                /* Enable compression now that we have replied if appropriate. */
-                if (enable_compression_after_reply) {
-                        enable_compression_after_reply = 0;
-                        packet_start_compression(compression_level);
-                }
-        }
-}
 #define USE_PIPES 1
 /*
 * This is called to fork and execute a command when we have no tty.  This
@@ -615,14 +451,8 @@ do_exec_no_pty(Session *s, const char *command)
        close(pout[1]);
        close(perr[1]);
-        if (compat20) {
+        session_set_fds(s, pin[1], pout[0], perr[0],
-                session_set_fds(s, pin[1], pout[0], perr[0],
+            s->is_subsystem, 0);
-                    s->is_subsystem, 0);
-        } else {
-                /* Enter the interactive session. */
-                server_loop(pid, pin[1], pout[0], perr[0]);
-                /* server_loop has closed pin[1], pout[0], and perr[0]. */
-        }
 #else
        /* We are the parent.  Close the child sides of the socket pairs. */
        close(inout[0]);
@@ -632,13 +462,8 @@ do_exec_no_pty(Session *s, const char *command)
         * Enter the interactive session.  Note: server_loop must be able to
         * handle the case that fdin and fdout are the same.
         */
-        if (compat20) {
+        session_set_fds(s, inout[1], inout[1], err[1],
-                session_set_fds(s, inout[1], inout[1], err[1],
+            s->is_subsystem, 0);
-                    s->is_subsystem, 0);
-        } else {
-                server_loop(pid, inout[1], inout[1], err[1]);
-                /* server_loop has closed inout[1] and err[1]. */
-        }
 #endif
        return 0;
 }
@@ -756,12 +581,7 @@ do_exec_pty(Session *s, const char *command)
        s->ptymaster = ptymaster;
        packet_set_interactive(1, 
            options.ip_qos_interactive, options.ip_qos_bulk);
-        if (compat20) {
+        session_set_fds(s, ptyfd, fdout, -1, 1, 1);
-                session_set_fds(s, ptyfd, fdout, -1, 1, 1);
-        } else {
-                server_loop(pid, ptyfd, fdout, -1);
-                /* server_loop _has_ closed ptyfd and fdout. */
-        }
        return 0;
 }
@@ -2106,14 +1926,8 @@ session_pty_req(Session *s)
        }
        s->term = packet_get_string(&len);
+        s->col = packet_get_int();
-        if (compat20) {
+        s->row = packet_get_int();
-                s->col = packet_get_int();
-                s->row = packet_get_int();
-        } else {
-                s->row = packet_get_int();
-                s->col = packet_get_int();
-        }
        s->xpixel = packet_get_int();
        s->ypixel = packet_get_int();
@@ -2135,9 +1949,7 @@ session_pty_req(Session *s)
        }
        debug("session_pty_req: session %d alloc %s", s->self, s->tty);
-        /* for SSH1 the tty modes length is not given */
+        n_bytes = packet_remaining();
-        if (!compat20)
-                n_bytes = packet_remaining();
        tty_parse_modes(s->ttyfd, &n_bytes);
        if (!use_privsep)
@@ -2353,8 +2165,6 @@ void
 session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
    int is_tty)
 {
-        if (!compat20)
-                fatal("session_set_fds: called for proto != 2.0");
        /*
         * now that have a child and a pipe to the child,
         * we can activate our channel and register the fd's
@@ -2794,7 +2604,7 @@ do_cleanup(Authctxt *authctxt)
 #endif
 #ifdef GSSAPI
-        if (compat20 && options.gss_cleanup_creds)
+        if (options.gss_cleanup_creds)
                ssh_gssapi_cleanup_creds();
 #endif
author	markus@openbsd.org <markus@openbsd.org>	2016-08-13 17:47:40 +0000
committer	Damien Miller <djm@mindrot.org>	2016-08-14 11:19:14 +1000
commit	6cb6dcffe1a2204ba9006de20f73255c268fcb6b (patch)
tree	235267a1264f9363c39c4c0b11b59384e9acbdcf /session.c
parent	42d47adc5ad1187f22c726cbc52e71d6b1767ca2 (diff)

diff --git a/session.c b/session.c index 2235f26ac..9bad653fc 100644 --- a/session.c +++ b/session.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */	1	/* $OpenBSD: session.c,v 1.283 2016/08/13 17:47:41 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved
@@ -66,7 +66,6 @@
66	#include "openbsd-compat/sys-queue.h"	66	#include "openbsd-compat/sys-queue.h"
67	#include "xmalloc.h"	67	#include "xmalloc.h"
68	#include "ssh.h"	68	#include "ssh.h"
69	#include "ssh1.h"
70	#include "ssh2.h"	69	#include "ssh2.h"
71	#include "sshpty.h"	70	#include "sshpty.h"
72	#include "packet.h"	71	#include "packet.h"
@@ -128,7 +127,6 @@ void do_child(Session , const char );
128	void do_motd(void);	127	void do_motd(void);
129	int check_quietlogin(Session , const char );	128	int check_quietlogin(Session , const char );
130		129
131	static void do_authenticated1(Authctxt *);
132	static void do_authenticated2(Authctxt *);	130	static void do_authenticated2(Authctxt *);
133		131
134	static int session_pty_req(Session *);	132	static int session_pty_req(Session *);
@@ -267,11 +265,7 @@ do_authenticated(Authctxt *authctxt)
267		265
268	auth_debug_send();	266	auth_debug_send();
269		267
270	if (compat20)	268	do_authenticated2(authctxt);
271	do_authenticated2(authctxt);
272	else
273	do_authenticated1(authctxt);
274
275	do_cleanup(authctxt);	269	do_cleanup(authctxt);
276	}	270	}
277		271
@@ -290,164 +284,6 @@ xauth_valid_string(const char *s)
290	return 1;	284	return 1;
291	}	285	}
292		286
293	/*
294	* Prepares for an interactive session. This is called after the user has
295	* been successfully authenticated. During this message exchange, pseudo
296	* terminals are allocated, X11, TCP/IP, and authentication agent forwardings
297	* are requested, etc.
298	*/
299	static void
300	do_authenticated1(Authctxt *authctxt)
301	{
302	Session *s;
303	char *command;
304	int success, type, screen_flag;
305	int enable_compression_after_reply = 0;
306	u_int proto_len, data_len, dlen, compression_level = 0;
307
308	s = session_new();
309	if (s == NULL) {
310	error("no more sessions");
311	return;
312	}
313	s->authctxt = authctxt;
314	s->pw = authctxt->pw;
315
316	/*
317	* We stay in this loop until the client requests to execute a shell
318	* or a command.
319	*/
320	for (;;) {
321	success = 0;
322
323	/* Get a packet from the client. */
324	type = packet_read();
325
326	/* Process the packet. */
327	switch (type) {
328	case SSH_CMSG_REQUEST_COMPRESSION:
329	compression_level = packet_get_int();
330	packet_check_eom();
331	if (compression_level < 1 \|\| compression_level > 9) {
332	packet_send_debug("Received invalid compression level %d.",
333	compression_level);
334	break;
335	}
336	if (options.compression == COMP_NONE) {
337	debug2("compression disabled");
338	break;
339	}
340	/* Enable compression after we have responded with SUCCESS. */
341	enable_compression_after_reply = 1;
342	success = 1;
343	break;
344
345	case SSH_CMSG_REQUEST_PTY:
346	success = session_pty_req(s);
347	break;
348
349	case SSH_CMSG_X11_REQUEST_FORWARDING:
350	s->auth_proto = packet_get_string(&proto_len);
351	s->auth_data = packet_get_string(&data_len);
352
353	screen_flag = packet_get_protocol_flags() &
354	SSH_PROTOFLAG_SCREEN_NUMBER;
355	debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag);
356
357	if (packet_remaining() == 4) {
358	if (!screen_flag)
359	debug2("Buggy client: "
360	"X11 screen flag missing");
361	s->screen = packet_get_int();
362	} else {
363	s->screen = 0;
364	}
365	packet_check_eom();
366	if (xauth_valid_string(s->auth_proto) &&
367	xauth_valid_string(s->auth_data))
368	success = session_setup_x11fwd(s);
369	else {
370	success = 0;
371	error("Invalid X11 forwarding data");
372	}
373	if (!success) {
374	free(s->auth_proto);
375	free(s->auth_data);
376	s->auth_proto = NULL;
377	s->auth_data = NULL;
378	}
379	break;
380
381	case SSH_CMSG_AGENT_REQUEST_FORWARDING:
382	if (!options.allow_agent_forwarding \|\|
383	no_agent_forwarding_flag \|\| compat13) {
384	debug("Authentication agent forwarding not permitted for this authentication.");
385	break;
386	}
387	debug("Received authentication agent forwarding request.");
388	success = auth_input_request_forwarding(s->pw);
389	break;
390
391	case SSH_CMSG_PORT_FORWARD_REQUEST:
392	if (no_port_forwarding_flag) {
393	debug("Port forwarding not permitted for this authentication.");
394	break;
395	}
396	if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) {
397	debug("Port forwarding not permitted.");
398	break;
399	}
400	debug("Received TCP/IP port forwarding request.");
401	if (channel_input_port_forward_request(s->pw->pw_uid == 0,
402	&options.fwd_opts) < 0) {
403	debug("Port forwarding failed.");
404	break;
405	}
406	success = 1;
407	break;
408
409	case SSH_CMSG_MAX_PACKET_SIZE:
410	if (packet_set_maxsize(packet_get_int()) > 0)
411	success = 1;
412	break;
413
414	case SSH_CMSG_EXEC_SHELL:
415	case SSH_CMSG_EXEC_CMD:
416	if (type == SSH_CMSG_EXEC_CMD) {
417	command = packet_get_string(&dlen);
418	debug("Exec command '%.500s'", command);
419	if (do_exec(s, command) != 0)
420	packet_disconnect(
421	"command execution failed");
422	free(command);
423	} else {
424	if (do_exec(s, NULL) != 0)
425	packet_disconnect(
426	"shell execution failed");
427	}
428	packet_check_eom();
429	session_close(s);
430	return;
431
432	default:
433	/*
434	* Any unknown messages in this phase are ignored,
435	* and a failure message is returned.
436	*/
437	logit("Unknown packet type received after authentication: %d", type);
438	}
439	packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
440	packet_send();
441	packet_write_wait();
442
443	/* Enable compression now that we have replied if appropriate. */
444	if (enable_compression_after_reply) {
445	enable_compression_after_reply = 0;
446	packet_start_compression(compression_level);
447	}
448	}
449	}
450
451	#define USE_PIPES 1	287	#define USE_PIPES 1
452	/*	288	/*
453	* This is called to fork and execute a command when we have no tty. This	289	* This is called to fork and execute a command when we have no tty. This
@@ -615,14 +451,8 @@ do_exec_no_pty(Session s, const char command)
615	close(pout[1]);	451	close(pout[1]);
616	close(perr[1]);	452	close(perr[1]);
617		453
618	if (compat20) {	454	session_set_fds(s, pin[1], pout[0], perr[0],
619	session_set_fds(s, pin[1], pout[0], perr[0],	455	s->is_subsystem, 0);
620	s->is_subsystem, 0);
621	} else {
622	/* Enter the interactive session. */
623	server_loop(pid, pin[1], pout[0], perr[0]);
624	/* server_loop has closed pin[1], pout[0], and perr[0]. */
625	}
626	#else	456	#else
627	/* We are the parent. Close the child sides of the socket pairs. */	457	/* We are the parent. Close the child sides of the socket pairs. */
628	close(inout[0]);	458	close(inout[0]);
@@ -632,13 +462,8 @@ do_exec_no_pty(Session s, const char command)
632	* Enter the interactive session. Note: server_loop must be able to	462	* Enter the interactive session. Note: server_loop must be able to
633	* handle the case that fdin and fdout are the same.	463	* handle the case that fdin and fdout are the same.
634	*/	464	*/
635	if (compat20) {	465	session_set_fds(s, inout[1], inout[1], err[1],
636	session_set_fds(s, inout[1], inout[1], err[1],	466	s->is_subsystem, 0);
637	s->is_subsystem, 0);
638	} else {
639	server_loop(pid, inout[1], inout[1], err[1]);
640	/* server_loop has closed inout[1] and err[1]. */
641	}
642	#endif	467	#endif
643	return 0;	468	return 0;
644	}	469	}
@@ -756,12 +581,7 @@ do_exec_pty(Session s, const char command)
756	s->ptymaster = ptymaster;	581	s->ptymaster = ptymaster;
757	packet_set_interactive(1,	582	packet_set_interactive(1,
758	options.ip_qos_interactive, options.ip_qos_bulk);	583	options.ip_qos_interactive, options.ip_qos_bulk);
759	if (compat20) {	584	session_set_fds(s, ptyfd, fdout, -1, 1, 1);
760	session_set_fds(s, ptyfd, fdout, -1, 1, 1);
761	} else {
762	server_loop(pid, ptyfd, fdout, -1);
763	/* server_loop _has_ closed ptyfd and fdout. */
764	}
765	return 0;	585	return 0;
766	}	586	}
767		587
@@ -2106,14 +1926,8 @@ session_pty_req(Session *s)
2106	}	1926	}
2107		1927
2108	s->term = packet_get_string(&len);	1928	s->term = packet_get_string(&len);
2109		1929	s->col = packet_get_int();
2110	if (compat20) {	1930	s->row = packet_get_int();
2111	s->col = packet_get_int();
2112	s->row = packet_get_int();
2113	} else {
2114	s->row = packet_get_int();
2115	s->col = packet_get_int();
2116	}
2117	s->xpixel = packet_get_int();	1931	s->xpixel = packet_get_int();
2118	s->ypixel = packet_get_int();	1932	s->ypixel = packet_get_int();
2119		1933
@@ -2135,9 +1949,7 @@ session_pty_req(Session *s)
2135	}	1949	}
2136	debug("session_pty_req: session %d alloc %s", s->self, s->tty);	1950	debug("session_pty_req: session %d alloc %s", s->self, s->tty);
2137		1951
2138	/* for SSH1 the tty modes length is not given */	1952	n_bytes = packet_remaining();
2139	if (!compat20)
2140	n_bytes = packet_remaining();
2141	tty_parse_modes(s->ttyfd, &n_bytes);	1953	tty_parse_modes(s->ttyfd, &n_bytes);
2142		1954
2143	if (!use_privsep)	1955	if (!use_privsep)
@@ -2353,8 +2165,6 @@ void
2353	session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,	2165	session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
2354	int is_tty)	2166	int is_tty)
2355	{	2167	{
2356	if (!compat20)
2357	fatal("session_set_fds: called for proto != 2.0");
2358	/*	2168	/*
2359	* now that have a child and a pipe to the child,	2169	* now that have a child and a pipe to the child,
2360	* we can activate our channel and register the fd's	2170	* we can activate our channel and register the fd's
@@ -2794,7 +2604,7 @@ do_cleanup(Authctxt *authctxt)
2794	#endif	2604	#endif
2795		2605
2796	#ifdef GSSAPI	2606	#ifdef GSSAPI
2797	if (compat20 && options.gss_cleanup_creds)	2607	if (options.gss_cleanup_creds)
2798	ssh_gssapi_cleanup_creds();	2608	ssh_gssapi_cleanup_creds();
2799	#endif	2609	#endif
2800		2610