upstream commit

refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
author: djm@openbsd.org <djm@openbsd.org> 2017-09-12 06:32:07 +0000
committer: Damien Miller <djm@mindrot.org> 2017-09-12 17:37:02 +1000
commit: dbee4119b502e3f8b6cd3282c69c537fd01d8e16 (patch)
tree: b8a3263a79e0920e8d08f188654f1ccb7c254406 /sshd.c
parent: abd59663df37a42152e37980113ccaa405b9a282 (diff)
1 files changed, 12 insertions, 7 deletions
diff --git a/sshd.c b/sshd.c
index 1d19ce679..51a1aaf6e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.492 2017/09/12 06:32:07 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1621,9 +1621,6 @@ main(int ac, char **av)
                            "enabled authentication methods");
        }
-        /* set default channel AF */
-        channel_set_af(options.address_family);
        /* Check that there are no remaining arguments. */
        if (optind < ac) {
                fprintf(stderr, "Extra argument %s.\n", av[optind]);
@@ -1955,8 +1952,14 @@ main(int ac, char **av)
        packet_set_connection(sock_in, sock_out);
        packet_set_server();
        ssh = active_state; /* XXX */
        check_ip_options(ssh);
+        /* Prepare the channels layer */
+        channel_init_channels(ssh);
+        channel_set_af(ssh, options.address_family);
+        process_permitopen(ssh, &options);
        /* Set SO_KEEPALIVE if requested. */
        if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
            setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
@@ -2080,10 +2083,10 @@ main(int ac, char **av)
            options.client_alive_count_max);
        /* Try to send all our hostkeys to the client */
-        notify_hostkeys(active_state);
+        notify_hostkeys(ssh);
        /* Start session. */
-        do_authenticated(authctxt);
+        do_authenticated(ssh, authctxt);
        /* The connection has been terminated. */
        packet_get_bytes(&ibytes, &obytes);
@@ -2211,8 +2214,10 @@ do_ssh2_kex(void)
 void
 cleanup_exit(int i)
 {
+        struct ssh *ssh = active_state; /* XXX */
        if (the_authctxt) {
-                do_cleanup(the_authctxt);
+                do_cleanup(ssh, the_authctxt);
                if (use_privsep && privsep_is_preauth &&
                    pmonitor != NULL && pmonitor->m_pid > 1) {
                        debug("Killing privsep child %d", pmonitor->m_pid);
author	djm@openbsd.org <djm@openbsd.org>	2017-09-12 06:32:07 +0000
committer	Damien Miller <djm@mindrot.org>	2017-09-12 17:37:02 +1000
commit	dbee4119b502e3f8b6cd3282c69c537fd01d8e16 (patch)
tree	b8a3263a79e0920e8d08f188654f1ccb7c254406 /sshd.c
parent	abd59663df37a42152e37980113ccaa405b9a282 (diff)