summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-07-18 14:11:24 +1000
committerDamien Miller <djm@mindrot.org>2014-07-18 14:11:24 +1000
commit7acefbbcbeab725420ea07397ae35992f505f702 (patch)
treebfb07917715d425438dab987a47ccd7a8d7f118b /session.c
parent6262d760e00714523633bd989d62e273a3dca99a (diff)
- millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
Diffstat (limited to 'session.c')
-rw-r--r--session.c34
1 files changed, 8 insertions, 26 deletions
diff --git a/session.c b/session.c
index b5979dd91..3e96557b8 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.273 2014/07/03 22:40:43 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -84,11 +84,11 @@
84#include "authfd.h" 84#include "authfd.h"
85#include "pathnames.h" 85#include "pathnames.h"
86#include "log.h" 86#include "log.h"
87#include "misc.h"
87#include "servconf.h" 88#include "servconf.h"
88#include "sshlogin.h" 89#include "sshlogin.h"
89#include "serverloop.h" 90#include "serverloop.h"
90#include "canohost.h" 91#include "canohost.h"
91#include "misc.h"
92#include "session.h" 92#include "session.h"
93#include "kex.h" 93#include "kex.h"
94#include "monitor_wrap.h" 94#include "monitor_wrap.h"
@@ -183,7 +183,6 @@ auth_input_request_forwarding(struct passwd * pw)
183{ 183{
184 Channel *nc; 184 Channel *nc;
185 int sock = -1; 185 int sock = -1;
186 struct sockaddr_un sunaddr;
187 186
188 if (auth_sock_name != NULL) { 187 if (auth_sock_name != NULL) {
189 error("authentication forwarding requested twice."); 188 error("authentication forwarding requested twice.");
@@ -209,33 +208,15 @@ auth_input_request_forwarding(struct passwd * pw)
209 xasprintf(&auth_sock_name, "%s/agent.%ld", 208 xasprintf(&auth_sock_name, "%s/agent.%ld",
210 auth_sock_dir, (long) getpid()); 209 auth_sock_dir, (long) getpid());
211 210
212 /* Create the socket. */ 211 /* Start a Unix listener on auth_sock_name. */
213 sock = socket(AF_UNIX, SOCK_STREAM, 0); 212 sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0);
214 if (sock < 0) {
215 error("socket: %.100s", strerror(errno));
216 restore_uid();
217 goto authsock_err;
218 }
219
220 /* Bind it to the name. */
221 memset(&sunaddr, 0, sizeof(sunaddr));
222 sunaddr.sun_family = AF_UNIX;
223 strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
224
225 if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
226 error("bind: %.100s", strerror(errno));
227 restore_uid();
228 goto authsock_err;
229 }
230 213
231 /* Restore the privileged uid. */ 214 /* Restore the privileged uid. */
232 restore_uid(); 215 restore_uid();
233 216
234 /* Start listening on the socket. */ 217 /* Check for socket/bind/listen failure. */
235 if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { 218 if (sock < 0)
236 error("listen: %.100s", strerror(errno));
237 goto authsock_err; 219 goto authsock_err;
238 }
239 220
240 /* Allocate a channel for the authentication agent socket. */ 221 /* Allocate a channel for the authentication agent socket. */
241 nc = channel_new("auth socket", 222 nc = channel_new("auth socket",
@@ -274,6 +255,7 @@ do_authenticated(Authctxt *authctxt)
274 setproctitle("%s", authctxt->pw->pw_name); 255 setproctitle("%s", authctxt->pw->pw_name);
275 256
276 /* setup the channel layer */ 257 /* setup the channel layer */
258 /* XXX - streamlocal? */
277 if (no_port_forwarding_flag || 259 if (no_port_forwarding_flag ||
278 (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) 260 (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
279 channel_disable_adm_local_opens(); 261 channel_disable_adm_local_opens();
@@ -393,7 +375,7 @@ do_authenticated1(Authctxt *authctxt)
393 } 375 }
394 debug("Received TCP/IP port forwarding request."); 376 debug("Received TCP/IP port forwarding request.");
395 if (channel_input_port_forward_request(s->pw->pw_uid == 0, 377 if (channel_input_port_forward_request(s->pw->pw_uid == 0,
396 options.gateway_ports) < 0) { 378 &options.fwd_opts) < 0) {
397 debug("Port forwarding failed."); 379 debug("Port forwarding failed.");
398 break; 380 break;
399 } 381 }