3 files changed, 518 insertions, 567 deletions

diff --git a/ChangeLog b/ChangeLog
index 4cfdbc7a0..5b5344297 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@
       packet.c serverloop.c session.c ssh.c]
      undo the .c file split, just merge the header and keep the cvs 
      history
+ - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged 
+   out of ssh Attic)
 
 20010606
  - OpenBSD CVS Sync
@@ -5523,4 +5525,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1249 2001/06/09 00:36:26 mouring Exp $
+$Id: ChangeLog,v 1.1250 2001/06/09 00:41:05 mouring Exp $
diff --git a/channels.c b/channels.c
index 719dbff53..518a071b8 100644
--- a/channels.c
+++ b/channels.c
@@ -40,33 +40,24 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.119 2001/05/28 23:25:24 markus Exp $");
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
+RCSID("$OpenBSD: channels.c,v 1.121 2001/05/31 10:30:14 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
 #include "ssh2.h"
 #include "packet.h"
 #include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
 #include "uidswap.h"
 #include "log.h"
 #include "misc.h"
 #include "channels.h"
-#include "nchan.h"
 #include "compat.h"
 #include "canohost.h"
 #include "key.h"
 #include "authfd.h"
 
-/* Maximum number of fake X11 displays to try. */
-#define MAX_DISPLAYS  1000
 
-/* Max len of agent socket */
-#define MAX_SOCKET_NAME 100
+/* -- channel core */
 
 /*
  * Pointer to an array containing all allocated channels.  The array is
@@ -86,23 +77,8 @@ static int channels_alloc = 0;
  */
 static int channel_max_fd = 0;
 
-/* Name and directory of socket for authentication agent forwarding. */
-static char *channel_forwarded_auth_socket_name = NULL;
-static char *channel_forwarded_auth_socket_dir = NULL;
-
-/* Saved X11 authentication protocol name. */
-char *x11_saved_proto = NULL;
-
-/* Saved X11 authentication data.  This is the real data. */
-char *x11_saved_data = NULL;
-u_int x11_saved_data_len = 0;
 
-/*
- * Fake X11 authentication data.  This is what the server will be sending us;
- * we should replace any occurrences of this by the real data.
- */
-char *x11_fake_data = NULL;
-u_int x11_fake_data_len;
+/* -- tcp forwarding */
 
 /*
  * Data structure for storing which hosts are permitted for forward requests.
@@ -118,6 +94,7 @@ typedef struct {
 
 /* List of all permitted host/port pairs to connect. */
 static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+
 /* Number of permitted host/port pairs in the array. */
 static int num_permitted_opens = 0;
 /*
@@ -127,23 +104,43 @@ static int num_permitted_opens = 0;
  */
 static int all_opens_permitted = 0;
 
-/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */
-static int have_hostname_in_open = 0;
 
-/* AF_UNSPEC or AF_INET or AF_INET6 */
-extern int IPv4or6;
+/* -- X11 forwarding */
 
-void     port_open_helper(Channel *c, char *rtype);
+/* Maximum number of fake X11 displays to try. */
+#define MAX_DISPLAYS  1000
 
-/* Sets specific protocol options. */
+/* Saved X11 authentication protocol name. */
+static char *x11_saved_proto = NULL;
 
-void
-channel_set_options(int hostname_in_open)
-{
-        have_hostname_in_open = hostname_in_open;
-}
+/* Saved X11 authentication data.  This is the real data. */
+static char *x11_saved_data = NULL;
+static u_int x11_saved_data_len = 0;
 
-/* lookup channel by id */
+/*
+ * Fake X11 authentication data.  This is what the server will be sending us;
+ * we should replace any occurrences of this by the real data.
+ */
+static char *x11_fake_data = NULL;
+static u_int x11_fake_data_len;
+
+
+/* -- agent forwarding */
+
+#define NUM_SOCKS       10
+
+/* Name and directory of socket for authentication agent forwarding. */
+static char *auth_sock_name = NULL;
+static char *auth_sock_dir = NULL;
+
+
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
+/* helper */
+void    port_open_helper(Channel *c, char *rtype);
+
+/* -- channel core */
 
 Channel *
 channel_lookup(int id)
@@ -337,6 +334,321 @@ channel_free(Channel *c)
         xfree(c);
 }
 
+
+/*
+ * Stops listening for channels, and removes any unix domain sockets that we
+ * might have.
+ */
+
+void
+channel_stop_listening()
+{
+        int i;
+        Channel *c;
+
+        for (i = 0; i < channels_alloc; i++) {
+                c = channels[i];
+                if (c != NULL) {
+                        switch (c->type) {
+                        case SSH_CHANNEL_AUTH_SOCKET:
+                                close(c->sock);
+                                unlink(c->path);
+                                channel_free(c);
+                                break;
+                        case SSH_CHANNEL_PORT_LISTENER:
+                        case SSH_CHANNEL_RPORT_LISTENER:
+                        case SSH_CHANNEL_X11_LISTENER:
+                                close(c->sock);
+                                channel_free(c);
+                                break;
+                        default:
+                                break;
+                        }
+                }
+        }
+}
+
+/*
+ * Closes the sockets/fds of all channels.  This is used to close extra file
+ * descriptors after a fork.
+ */
+
+void
+channel_close_all()
+{
+        int i;
+
+        for (i = 0; i < channels_alloc; i++)
+                if (channels[i] != NULL)
+                        channel_close_fds(channels[i]);
+}
+
+/*
+ * Returns true if no channel has too much buffered data, and false if one or
+ * more channel is overfull.
+ */
+
+int
+channel_not_very_much_buffered_data()
+{
+        u_int i;
+        Channel *c;
+
+        for (i = 0; i < channels_alloc; i++) {
+                c = channels[i];
+                if (c != NULL && c->type == SSH_CHANNEL_OPEN) {
+                        if (!compat20 && buffer_len(&c->input) > packet_get_maxsize()) {
+                                debug("channel %d: big input buffer %d",
+                                    c->self, buffer_len(&c->input));
+                                return 0;
+                        }
+                        if (buffer_len(&c->output) > packet_get_maxsize()) {
+                                debug("channel %d: big output buffer %d",
+                                    c->self, buffer_len(&c->output));
+                                return 0;
+                        }
+                }
+        }
+        return 1;
+}
+
+/* Returns true if any channel is still open. */
+
+int
+channel_still_open()
+{
+        int i;
+        Channel *c;
+
+        for (i = 0; i < channels_alloc; i++) {
+                c = channels[i];
+                if (c == NULL)
+                        continue;
+                switch (c->type) {
+                case SSH_CHANNEL_X11_LISTENER:
+                case SSH_CHANNEL_PORT_LISTENER:
+                case SSH_CHANNEL_RPORT_LISTENER:
+                case SSH_CHANNEL_CLOSED:
+                case SSH_CHANNEL_AUTH_SOCKET:
+                case SSH_CHANNEL_DYNAMIC:
+                case SSH_CHANNEL_CONNECTING:
+                case SSH_CHANNEL_ZOMBIE:
+                        continue;
+                case SSH_CHANNEL_LARVAL:
+                        if (!compat20)
+                                fatal("cannot happen: SSH_CHANNEL_LARVAL");
+                        continue;
+                case SSH_CHANNEL_OPENING:
+                case SSH_CHANNEL_OPEN:
+                case SSH_CHANNEL_X11_OPEN:
+                        return 1;
+                case SSH_CHANNEL_INPUT_DRAINING:
+                case SSH_CHANNEL_OUTPUT_DRAINING:
+                        if (!compat13)
+                                fatal("cannot happen: OUT_DRAIN");
+                        return 1;
+                default:
+                        fatal("channel_still_open: bad channel type %d", c->type);
+                        /* NOTREACHED */
+                }
+        }
+        return 0;
+}
+
+/* Returns the id of an open channel suitable for keepaliving */
+
+int
+channel_find_open()
+{
+        int i;
+        Channel *c;
+
+        for (i = 0; i < channels_alloc; i++) {
+                c = channels[i];
+                if (c == NULL)
+                        continue;
+                switch (c->type) {
+                case SSH_CHANNEL_CLOSED:
+                case SSH_CHANNEL_DYNAMIC:
+                case SSH_CHANNEL_X11_LISTENER:
+                case SSH_CHANNEL_PORT_LISTENER:
+                case SSH_CHANNEL_RPORT_LISTENER:
+                case SSH_CHANNEL_OPENING:
+                case SSH_CHANNEL_CONNECTING:
+                case SSH_CHANNEL_ZOMBIE:
+                        continue;
+                case SSH_CHANNEL_LARVAL:
+                case SSH_CHANNEL_AUTH_SOCKET:
+                case SSH_CHANNEL_OPEN:
+                case SSH_CHANNEL_X11_OPEN:
+                        return i;
+                case SSH_CHANNEL_INPUT_DRAINING:
+                case SSH_CHANNEL_OUTPUT_DRAINING:
+                        if (!compat13)
+                                fatal("cannot happen: OUT_DRAIN");
+                        return i;
+                default:
+                        fatal("channel_find_open: bad channel type %d", c->type);
+                        /* NOTREACHED */
+                }
+        }
+        return -1;
+}
+
+
+/*
+ * Returns a message describing the currently open forwarded connections,
+ * suitable for sending to the client.  The message contains crlf pairs for
+ * newlines.
+ */
+
+char *
+channel_open_message()
+{
+        Buffer buffer;
+        Channel *c;
+        char buf[1024], *cp;
+        int i;
+
+        buffer_init(&buffer);
+        snprintf(buf, sizeof buf, "The following connections are open:\r\n");
+        buffer_append(&buffer, buf, strlen(buf));
+        for (i = 0; i < channels_alloc; i++) {
+                c = channels[i];
+                if (c == NULL)
+                        continue;
+                switch (c->type) {
+                case SSH_CHANNEL_X11_LISTENER:
+                case SSH_CHANNEL_PORT_LISTENER:
+                case SSH_CHANNEL_RPORT_LISTENER:
+                case SSH_CHANNEL_CLOSED:
+                case SSH_CHANNEL_AUTH_SOCKET:
+                case SSH_CHANNEL_ZOMBIE:
+                        continue;
+                case SSH_CHANNEL_LARVAL:
+                case SSH_CHANNEL_OPENING:
+                case SSH_CHANNEL_CONNECTING:
+                case SSH_CHANNEL_DYNAMIC:
+                case SSH_CHANNEL_OPEN:
+                case SSH_CHANNEL_X11_OPEN:
+                case SSH_CHANNEL_INPUT_DRAINING:
+                case SSH_CHANNEL_OUTPUT_DRAINING:
+                        snprintf(buf, sizeof buf, "  #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d)\r\n",
+                            c->self, c->remote_name,
+                            c->type, c->remote_id,
+                            c->istate, buffer_len(&c->input),
+                            c->ostate, buffer_len(&c->output),
+                            c->rfd, c->wfd);
+                        buffer_append(&buffer, buf, strlen(buf));
+                        continue;
+                default:
+                        fatal("channel_open_message: bad channel type %d", c->type);
+                        /* NOTREACHED */
+                }
+        }
+        buffer_append(&buffer, "\0", 1);
+        cp = xstrdup(buffer_ptr(&buffer));
+        buffer_free(&buffer);
+        return cp;
+}
+
+void
+channel_send_open(int id)
+{
+        Channel *c = channel_lookup(id);
+        if (c == NULL) {
+                log("channel_send_open: %d: bad id", id);
+                return;
+        }
+        debug("send channel open %d", id);
+        packet_start(SSH2_MSG_CHANNEL_OPEN);
+        packet_put_cstring(c->ctype);
+        packet_put_int(c->self);
+        packet_put_int(c->local_window);
+        packet_put_int(c->local_maxpacket);
+        packet_send();
+}
+
+void
+channel_request(int id, char *service, int wantconfirm)
+{
+        channel_request_start(id, service, wantconfirm);
+        packet_send();
+        debug("channel request %d: %s", id, service) ;
+}
+void
+channel_request_start(int id, char *service, int wantconfirm)
+{
+        Channel *c = channel_lookup(id);
+        if (c == NULL) {
+                log("channel_request: %d: bad id", id);
+                return;
+        }
+        packet_start(SSH2_MSG_CHANNEL_REQUEST);
+        packet_put_int(c->remote_id);
+        packet_put_cstring(service);
+        packet_put_char(wantconfirm);
+}
+void
+channel_register_callback(int id, int mtype, channel_callback_fn *fn, void *arg)
+{
+        Channel *c = channel_lookup(id);
+        if (c == NULL) {
+                log("channel_register_callback: %d: bad id", id);
+                return;
+        }
+        c->cb_event = mtype;
+        c->cb_fn = fn;
+        c->cb_arg = arg;
+}
+void
+channel_register_cleanup(int id, channel_callback_fn *fn)
+{
+        Channel *c = channel_lookup(id);
+        if (c == NULL) {
+                log("channel_register_cleanup: %d: bad id", id);
+                return;
+        }
+        c->dettach_user = fn;
+}
+void
+channel_cancel_cleanup(int id)
+{
+        Channel *c = channel_lookup(id);
+        if (c == NULL) {
+                log("channel_cancel_cleanup: %d: bad id", id);
+                return;
+        }
+        c->dettach_user = NULL;
+}
+void
+channel_register_filter(int id, channel_filter_fn *fn)
+{
+        Channel *c = channel_lookup(id);
+        if (c == NULL) {
+                log("channel_register_filter: %d: bad id", id);
+                return;
+        }
+        c->input_filter = fn;
+}
+
+void
+channel_set_fds(int id, int rfd, int wfd, int efd,
+    int extusage, int nonblock)
+{
+        Channel *c = channel_lookup(id);
+        if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
+                fatal("channel_activate for non-larval channel %d.", id);
+        channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
+        c->type = SSH_CHANNEL_OPEN;
+        /* XXX window size? */
+        c->local_window = c->local_window_max = c->local_maxpacket * 2;
+        packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
+        packet_put_int(c->remote_id);
+        packet_put_int(c->local_window);
+        packet_send();
+}
+
 /*
  * 'channel_pre*' are called just before select() to add any bits relevant to
  * channels in the select bitmasks.
@@ -442,19 +754,20 @@ channel_pre_output_draining(Channel *c, fd_set * readset, fd_set * writeset)
  * data in that packet is then substituted by the real data if it matches the
  * fake data, and the channel is put into normal mode.
  * XXX All this happens at the client side.
+ * Returns: 0 = need more data, -1 = wrong cookie, 1 = ok
  */
 int
-x11_open_helper(Channel *c)
+x11_open_helper(Buffer *b)
 {
         u_char *ucp;
         u_int proto_len, data_len;
 
         /* Check if the fixed size part of the packet is in buffer. */
-        if (buffer_len(&c->output) < 12)
+        if (buffer_len(b) < 12)
                 return 0;
 
         /* Parse the lengths of variable-length fields. */
-        ucp = (u_char *) buffer_ptr(&c->output);
+        ucp = (u_char *) buffer_ptr(b);
         if (ucp[0] == 0x42) {   /* Byte order MSB first. */
                 proto_len = 256 * ucp[6] + ucp[7];
                 data_len = 256 * ucp[8] + ucp[9];
@@ -468,7 +781,7 @@ x11_open_helper(Channel *c)
         }
 
         /* Check if the whole packet is in buffer. */
-        if (buffer_len(&c->output) <
+        if (buffer_len(b) <
             12 + ((proto_len + 3) & ~3) + ((data_len + 3) & ~3))
                 return 0;
 
@@ -504,7 +817,7 @@ x11_open_helper(Channel *c)
 void
 channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
 {
-        int ret = x11_open_helper(c);
+        int ret = x11_open_helper(&c->output);
         if (ret == 1) {
                 /* Start normal processing for the channel. */
                 c->type = SSH_CHANNEL_OPEN;
@@ -529,7 +842,7 @@ channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
 void
 channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
 {
-        int ret = x11_open_helper(c);
+        int ret = x11_open_helper(&c->output);
         if (ret == 1) {
                 c->type = SSH_CHANNEL_OPEN;
                 if (compat20)
@@ -704,7 +1017,8 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
                 } else {
                         packet_start(SSH_SMSG_X11_OPEN);
                         packet_put_int(nc->self);
-                        if (have_hostname_in_open)
+                        if (packet_get_protocol_flags() &
+                            SSH_PROTOFLAG_HOST_IN_FWD_OPEN)
                                 packet_put_string(buf, strlen(buf));
                         packet_send();
                 }
@@ -755,7 +1069,8 @@ port_open_helper(Channel *c, char *rtype)
                 packet_put_int(c->self);
                 packet_put_cstring(c->path);
                 packet_put_int(c->host_port);
-                if (have_hostname_in_open)
+                if (packet_get_protocol_flags() &
+                    SSH_PROTOFLAG_HOST_IN_FWD_OPEN)
                         packet_put_cstring(c->remote_name);
                 packet_send();
         }
@@ -817,6 +1132,7 @@ void
 channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
 {
         Channel *nc;
+        char *name;
         int newsock;
         struct sockaddr addr;
         socklen_t addrlen;
@@ -828,12 +1144,14 @@ channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
                         error("accept from auth socket: %.100s", strerror(errno));
                         return;
                 }
+                name = xstrdup("accepted auth socket");
                 nc = channel_new("accepted auth socket",
                     SSH_CHANNEL_OPENING, newsock, newsock, -1,
                     c->local_window_max, c->local_maxpacket,
-                    0, xstrdup("accepted auth socket"), 1);
+                    0, name, 1);
                 if (nc == NULL) {
                         error("channel_post_auth_listener: channel_new failed");
+                        xfree(name);
                         close(newsock);
                 }
                 if (compat20) {
@@ -918,7 +1236,7 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
                         } else if (compat13) {
                                 buffer_consume(&c->output, buffer_len(&c->output));
                                 c->type = SSH_CHANNEL_INPUT_DRAINING;
-                                debug("channel %d: status set to input draining.", c->self);
+                                debug("channel %d: input draining.", c->self);
                         } else {
                                 chan_read_failed(c);
                         }
@@ -956,7 +1274,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
                                 return -1;
                         } else if (compat13) {
                                 buffer_consume(&c->output, buffer_len(&c->output));
-                                debug("channel %d: status set to input draining.", c->self);
+                                debug("channel %d: input draining.", c->self);
                                 c->type = SSH_CHANNEL_INPUT_DRAINING;
                         } else {
                                 chan_write_failed(c);
@@ -1196,6 +1514,10 @@ channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
         }
 }
 
+/*
+ * Allocate/update select bitmasks and add any bits relevant to channels in
+ * select bitmasks.
+ */
 void
 channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
     int rekeying)
@@ -1222,12 +1544,17 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
                 channel_handler(channel_pre, *readsetp, *writesetp);
 }
 
+/*
+ * After select, perform any appropriate operations for channels which have
+ * events pending.
+ */
 void
 channel_after_select(fd_set * readset, fd_set * writeset)
 {
         channel_handler(channel_post, readset, writeset);
 }
 
+
 /* If there is data to send to the connection, enqueue some of it now. */
 
 void
@@ -1237,12 +1564,14 @@ channel_output_poll()
         Channel *c;
 
         for (i = 0; i < channels_alloc; i++) {
-
                 c = channels[i];
                 if (c == NULL)
                         continue;
 
-                /* We are only interested in channels that can have buffered incoming data. */
+                /*
+                 * We are only interested in channels that can have buffered
+                 * incoming data.
+                 */
                 if (compat13) {
                         if (c->type != SSH_CHANNEL_OPEN &&
                             c->type != SSH_CHANNEL_INPUT_DRAINING)
@@ -1262,7 +1591,10 @@ channel_output_poll()
                 if ((c->istate == CHAN_INPUT_OPEN ||
                     c->istate == CHAN_INPUT_WAIT_DRAIN) &&
                     (len = buffer_len(&c->input)) > 0) {
-                        /* Send some data for the other side over the secure connection. */
+                        /*
+                         * Send some data for the other side over the secure
+                         * connection.
+                         */
                         if (compat20) {
                                 if (len > c->remote_window)
                                         len = c->remote_window;
@@ -1320,11 +1652,8 @@ channel_output_poll()
         }
 }
 
-/*
- * This is called when a packet of type CHANNEL_DATA has just been received.
- * The message type has already been consumed, but channel number and data is
- * still there.
- */
+
+/* -- protocol input */
 
 void
 channel_input_data(int type, int plen, void *ctxt)
@@ -1371,6 +1700,7 @@ channel_input_data(int type, int plen, void *ctxt)
         buffer_append(&c->output, data, data_len);
         xfree(data);
 }
+
 void
 channel_input_extended_data(int type, int plen, void *ctxt)
 {
@@ -1411,36 +1741,6 @@ channel_input_extended_data(int type, int plen, void *ctxt)
         xfree(data);
 }
 
-
-/*
- * Returns true if no channel has too much buffered data, and false if one or
- * more channel is overfull.
- */
-
-int
-channel_not_very_much_buffered_data()
-{
-        u_int i;
-        Channel *c;
-
-        for (i = 0; i < channels_alloc; i++) {
-                c = channels[i];
-                if (c != NULL && c->type == SSH_CHANNEL_OPEN) {
-                        if (!compat20 && buffer_len(&c->input) > packet_get_maxsize()) {
-                                debug("channel %d: big input buffer %d",
-                                    c->self, buffer_len(&c->input));
-                                return 0;
-                        }
-                        if (buffer_len(&c->output) > packet_get_maxsize()) {
-                                debug("channel %d: big output buffer %d",
-                                    c->self, buffer_len(&c->output));
-                                return 0;
-                        }
-                }
-        }
-        return 1;
-}
-
 void
 channel_input_ieof(int type, int plen, void *ctxt)
 {
@@ -1655,193 +1955,46 @@ channel_input_window_adjust(int type, int plen, void *ctxt)
         c->remote_window += adjust;
 }
 
-/*
- * Stops listening for channels, and removes any unix domain sockets that we
- * might have.
- */
-
-void
-channel_stop_listening()
-{
-        int i;
-        Channel *c;
-
-        for (i = 0; i < channels_alloc; i++) {
-                c = channels[i];
-                if (c != NULL) {
-                        switch (c->type) {
-                        case SSH_CHANNEL_AUTH_SOCKET:
-                                close(c->sock);
-                                unlink(c->path);
-                                channel_free(c);
-                                break;
-                        case SSH_CHANNEL_PORT_LISTENER:
-                        case SSH_CHANNEL_RPORT_LISTENER:
-                        case SSH_CHANNEL_X11_LISTENER:
-                                close(c->sock);
-                                channel_free(c);
-                                break;
-                        default:
-                                break;
-                        }
-                }
-        }
-}
-
-/*
- * Closes the sockets/fds of all channels.  This is used to close extra file
- * descriptors after a fork.
- */
-
 void
-channel_close_all()
+channel_input_port_open(int type, int plen, void *ctxt)
 {
-        int i;
-
-        for (i = 0; i < channels_alloc; i++)
-                if (channels[i] != NULL)
-                        channel_close_fds(channels[i]);
-}
-
-/* Returns true if any channel is still open. */
+        Channel *c = NULL;
+        u_short host_port;
+        char *host, *originator_string;
+        int remote_id, sock = -1;
 
-int
-channel_still_open()
-{
-        int i;
-        Channel *c;
+        remote_id = packet_get_int();
+        host = packet_get_string(NULL);
+        host_port = packet_get_int();
 
-        for (i = 0; i < channels_alloc; i++) {
-                c = channels[i];
-                if (c == NULL)
-                        continue;
-                switch (c->type) {
-                case SSH_CHANNEL_X11_LISTENER:
-                case SSH_CHANNEL_PORT_LISTENER:
-                case SSH_CHANNEL_RPORT_LISTENER:
-                case SSH_CHANNEL_CLOSED:
-                case SSH_CHANNEL_AUTH_SOCKET:
-                case SSH_CHANNEL_DYNAMIC:
-                case SSH_CHANNEL_CONNECTING:
-                case SSH_CHANNEL_ZOMBIE:
-                        continue;
-                case SSH_CHANNEL_LARVAL:
-                        if (!compat20)
-                                fatal("cannot happen: SSH_CHANNEL_LARVAL");
-                        continue;
-                case SSH_CHANNEL_OPENING:
-                case SSH_CHANNEL_OPEN:
-                case SSH_CHANNEL_X11_OPEN:
-                        return 1;
-                case SSH_CHANNEL_INPUT_DRAINING:
-                case SSH_CHANNEL_OUTPUT_DRAINING:
-                        if (!compat13)
-                                fatal("cannot happen: OUT_DRAIN");
-                        return 1;
-                default:
-                        fatal("channel_still_open: bad channel type %d", c->type);
-                        /* NOTREACHED */
-                }
+        if (packet_get_protocol_flags() & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) {
+                originator_string = packet_get_string(NULL);
+        } else {
+                originator_string = xstrdup("unknown (remote did not supply name)");
         }
-        return 0;
-}
-
-/* Returns the id of an open channel suitable for keepaliving */
-
-int
-channel_find_open()
-{
-        int i;
-        Channel *c;
-
-        for (i = 0; i < channels_alloc; i++) {
-                c = channels[i];
-                if (c == NULL)
-                        continue;
-                switch (c->type) {
-                case SSH_CHANNEL_CLOSED:
-                case SSH_CHANNEL_DYNAMIC:
-                case SSH_CHANNEL_X11_LISTENER:
-                case SSH_CHANNEL_PORT_LISTENER:
-                case SSH_CHANNEL_RPORT_LISTENER:
-                case SSH_CHANNEL_OPENING:
-                case SSH_CHANNEL_CONNECTING:
-                case SSH_CHANNEL_ZOMBIE:
-                        continue;
-                case SSH_CHANNEL_LARVAL:
-                case SSH_CHANNEL_AUTH_SOCKET:
-                case SSH_CHANNEL_OPEN:
-                case SSH_CHANNEL_X11_OPEN:
-                        return i;
-                case SSH_CHANNEL_INPUT_DRAINING:
-                case SSH_CHANNEL_OUTPUT_DRAINING:
-                        if (!compat13)
-                                fatal("cannot happen: OUT_DRAIN");
-                        return i;
-                default:
-                        fatal("channel_find_open: bad channel type %d", c->type);
-                        /* NOTREACHED */
+        packet_done();
+        sock = channel_connect_to(host, host_port);
+        if (sock != -1) {
+                c = channel_new("connected socket",
+                    SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0,
+                    originator_string, 1);
+                if (c == NULL) {
+                        error("channel_input_port_open: channel_new failed");
+                        close(sock);
+                } else {
+                        c->remote_id = remote_id;
                 }
         }
-        return -1;
+        if (c == NULL) {
+                packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
+                packet_put_int(remote_id);
+                packet_send();
+        }
+        xfree(host);
 }
 
 
-/*
- * Returns a message describing the currently open forwarded connections,
- * suitable for sending to the client.  The message contains crlf pairs for
- * newlines.
- */
-
-char *
-channel_open_message()
-{
-        Buffer buffer;
-        Channel *c;
-        char buf[1024], *cp;
-        int i;
-
-        buffer_init(&buffer);
-        snprintf(buf, sizeof buf, "The following connections are open:\r\n");
-        buffer_append(&buffer, buf, strlen(buf));
-        for (i = 0; i < channels_alloc; i++) {
-                c = channels[i];
-                if (c == NULL)
-                        continue;
-                switch (c->type) {
-                case SSH_CHANNEL_X11_LISTENER:
-                case SSH_CHANNEL_PORT_LISTENER:
-                case SSH_CHANNEL_RPORT_LISTENER:
-                case SSH_CHANNEL_CLOSED:
-                case SSH_CHANNEL_AUTH_SOCKET:
-                case SSH_CHANNEL_ZOMBIE:
-                        continue;
-                case SSH_CHANNEL_LARVAL:
-                case SSH_CHANNEL_OPENING:
-                case SSH_CHANNEL_CONNECTING:
-                case SSH_CHANNEL_DYNAMIC:
-                case SSH_CHANNEL_OPEN:
-                case SSH_CHANNEL_X11_OPEN:
-                case SSH_CHANNEL_INPUT_DRAINING:
-                case SSH_CHANNEL_OUTPUT_DRAINING:
-                        snprintf(buf, sizeof buf, "  #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d)\r\n",
-                            c->self, c->remote_name,
-                            c->type, c->remote_id,
-                            c->istate, buffer_len(&c->input),
-                            c->ostate, buffer_len(&c->output),
-                            c->rfd, c->wfd);
-                        buffer_append(&buffer, buf, strlen(buf));
-                        continue;
-                default:
-                        fatal("channel_open_message: bad channel type %d", c->type);
-                        /* NOTREACHED */
-                }
-        }
-        buffer_append(&buffer, "\0", 1);
-        cp = xstrdup(buffer_ptr(&buffer));
-        buffer_free(&buffer);
-        return cp;
-}
+/* -- tcp forwarding */
 
 /*
  * Initiate forwarding of connections to local port "port" through the secure
@@ -1868,7 +2021,7 @@ channel_request_forwarding(
     int gateway_ports, int remote_fwd)
 {
         Channel *c;
-        int success, sock, on = 1, ctype;
+        int success, sock, on = 1, type;
         struct addrinfo hints, *ai, *aitop;
         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
         const char *host;
@@ -1878,10 +2031,10 @@ channel_request_forwarding(
 
         if (remote_fwd) {
                 host = listen_address;
-                ctype = SSH_CHANNEL_RPORT_LISTENER;
+                type = SSH_CHANNEL_RPORT_LISTENER;
         } else {
                 host = host_to_connect;
-                ctype  =SSH_CHANNEL_PORT_LISTENER;
+                type = SSH_CHANNEL_PORT_LISTENER;
         }
 
         if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) {
@@ -1945,7 +2098,7 @@ channel_request_forwarding(
                         continue;
                 }
                 /* Allocate a channel number for the socket. */
-                c = channel_new("port listener", ctype, sock, sock, -1,
+                c = channel_new("port listener", type, sock, sock, -1,
                     CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
                     0, xstrdup("port listener"), 1);
                 if (c == NULL) {
@@ -2183,58 +2336,13 @@ channel_connect_to(const char *host, u_short port)
         return connect_to(host, port);
 }
 
-/*
- * This is called after receiving PORT_OPEN message.  This attempts to
- * connect to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION
- * or CHANNEL_OPEN_FAILURE.
- */
-
-void
-channel_input_port_open(int type, int plen, void *ctxt)
-{
-        Channel *c = NULL;
-        u_short host_port;
-        char *host, *originator_string;
-        int remote_id, sock = -1;
-
-        remote_id = packet_get_int();
-        host = packet_get_string(NULL);
-        host_port = packet_get_int();
-
-        if (have_hostname_in_open) {
-                originator_string = packet_get_string(NULL);
-        } else {
-                originator_string = xstrdup("unknown (remote did not supply name)");
-        }
-        packet_done();
-        sock = channel_connect_to(host, host_port);
-        if (sock != -1) {
-                c = channel_new("connected socket",
-                    SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0,
-                    originator_string, 1);
-                if (c == NULL) {
-                        error("channel_input_port_open: channel_new failed");
-                        close(sock);
-                } else {
-                        c->remote_id = remote_id;
-                }
-        }
-        if (c == NULL) {
-                packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
-                packet_put_int(remote_id);
-                packet_send();
-        }
-        xfree(host);
-}
+/* -- X11 forwarding */
 
 /*
  * Creates an internet domain socket for listening for X11 connections.
  * Returns a suitable value for the DISPLAY variable, or NULL if an error
  * occurs.
  */
-
-#define NUM_SOCKS       10
-
 char *
 x11_create_display_inet(int screen_number, int x11_display_offset)
 {
@@ -2515,7 +2623,8 @@ x11_input_open(int type, int plen, void *ctxt)
         debug("Received X11 open request.");
 
         remote_id = packet_get_int();
-        if (have_hostname_in_open) {
+
+        if (packet_get_protocol_flags() & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) {
                 remote_host = packet_get_string(NULL);
         } else {
                 remote_host = xstrdup("unknown (remote did not supply name)");
@@ -2574,8 +2683,8 @@ deny_input_open(int type, int plen, void *ctxt)
 /*
  * Requests forwarding of X11 connections, generates fake authentication
  * data, and enables authentication spoofing.
+ * This should be called in the client only.
  */
-
 void
 x11_request_forwarding_with_spoofing(int client_session_id,
     const char *proto, const char *data)
@@ -2640,6 +2749,9 @@ x11_request_forwarding_with_spoofing(int client_session_id,
         xfree(new_data);
 }
 
+
+/* -- agent forwarding */
+
 /* Sends a message to the server to request authentication fd forwarding. */
 
 void
@@ -2659,7 +2771,7 @@ auth_request_forwarding()
 char *
 auth_get_socket_name()
 {
-        return channel_forwarded_auth_socket_name;
+        return auth_sock_name;
 }
 
 /* removes the agent forwarding socket */
@@ -2667,8 +2779,8 @@ auth_get_socket_name()
 void
 cleanup_socket(void)
 {
-        unlink(channel_forwarded_auth_socket_name);
-        rmdir(channel_forwarded_auth_socket_dir);
+        unlink(auth_sock_name);
+        rmdir(auth_sock_dir);
 }
 
 /*
@@ -2683,30 +2795,32 @@ auth_input_request_forwarding(struct passwd * pw)
         int sock;
         struct sockaddr_un sunaddr;
 
-        if (auth_get_socket_name() != NULL)
-                fatal("Protocol error: authentication forwarding requested twice.");
+        if (auth_get_socket_name() != NULL) {
+                error("authentication forwarding requested twice.");
+                return 0;
+        }
 
         /* Temporarily drop privileged uid for mkdir/bind. */
         temporarily_use_uid(pw);
 
         /* Allocate a buffer for the socket name, and format the name. */
-        channel_forwarded_auth_socket_name = xmalloc(MAX_SOCKET_NAME);
-        channel_forwarded_auth_socket_dir = xmalloc(MAX_SOCKET_NAME);
-        strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME);
+        auth_sock_name = xmalloc(MAXPATHLEN);
+        auth_sock_dir = xmalloc(MAXPATHLEN);
+        strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
 
         /* Create private directory for socket */
-        if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) {
-                packet_send_debug("Agent forwarding disabled: mkdtemp() failed: %.100s",
-                    strerror(errno));
+        if (mkdtemp(auth_sock_dir) == NULL) {
+                packet_send_debug("Agent forwarding disabled: "
+                    "mkdtemp() failed: %.100s", strerror(errno));
                 restore_uid();
-                xfree(channel_forwarded_auth_socket_name);
-                xfree(channel_forwarded_auth_socket_dir);
-                channel_forwarded_auth_socket_name = NULL;
-                channel_forwarded_auth_socket_dir = NULL;
+                xfree(auth_sock_name);
+                xfree(auth_sock_dir);
+                auth_sock_name = NULL;
+                auth_sock_dir = NULL;
                 return 0;
         }
-        snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d",
-                 channel_forwarded_auth_socket_dir, (int) getpid());
+        snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d",
+                 auth_sock_dir, (int) getpid());
 
         if (atexit(cleanup_socket) < 0) {
                 int saved = errno;
@@ -2721,7 +2835,7 @@ auth_input_request_forwarding(struct passwd * pw)
         /* Bind it to the name. */
         memset(&sunaddr, 0, sizeof(sunaddr));
         sunaddr.sun_family = AF_UNIX;
-        strncpy(sunaddr.sun_path, channel_forwarded_auth_socket_name,
+        strncpy(sunaddr.sun_path, auth_sock_name,
                 sizeof(sunaddr.sun_path));
 
         if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0)
@@ -2744,7 +2858,7 @@ auth_input_request_forwarding(struct passwd * pw)
                 close(sock);
                 return 0;
         }
-        strlcpy(nc->path, channel_forwarded_auth_socket_name, sizeof(nc->path));
+        strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
         return 1;
 }
 
@@ -2755,7 +2869,7 @@ auth_input_open_request(int type, int plen, void *ctxt)
 {
         Channel *c = NULL;
         int remote_id, sock;
-        char *dummyname;
+        char *name;
 
         packet_integrity_check(plen, 4, type);
 
@@ -2775,10 +2889,12 @@ auth_input_open_request(int type, int plen, void *ctxt)
          * agent.
          */
         if (sock >= 0) {
-                dummyname = xstrdup("authentication agent connection");
-                c = channel_new("", SSH_CHANNEL_OPEN, sock, sock, -1, 0, 0, 0, dummyname, 1);
+                name = xstrdup("authentication agent connection");
+                c = channel_new("", SSH_CHANNEL_OPEN, sock, sock,
+                    -1, 0, 0, 0, name, 1);
                 if (c == NULL) {
                         error("auth_input_open_request: channel_new failed");
+                        xfree(name);
                         close(sock);
                 } else {
                         c->remote_id = remote_id;
@@ -2796,105 +2912,3 @@ auth_input_open_request(int type, int plen, void *ctxt)
         }
         packet_send();
 }
-
-void
-channel_start_open(int id)
-{
-        Channel *c = channel_lookup(id);
-        if (c == NULL) {
-                log("channel_open: %d: bad id", id);
-                return;
-        }
-        debug("send channel open %d", id);
-        packet_start(SSH2_MSG_CHANNEL_OPEN);
-        packet_put_cstring(c->ctype);
-        packet_put_int(c->self);
-        packet_put_int(c->local_window);
-        packet_put_int(c->local_maxpacket);
-}
-void
-channel_open(int id)
-{
-        /* XXX REMOVE ME */
-        channel_start_open(id);
-        packet_send();
-}
-void
-channel_request(int id, char *service, int wantconfirm)
-{
-        channel_request_start(id, service, wantconfirm);
-        packet_send();
-        debug("channel request %d: %s", id, service) ;
-}
-void
-channel_request_start(int id, char *service, int wantconfirm)
-{
-        Channel *c = channel_lookup(id);
-        if (c == NULL) {
-                log("channel_request: %d: bad id", id);
-                return;
-        }
-        packet_start(SSH2_MSG_CHANNEL_REQUEST);
-        packet_put_int(c->remote_id);
-        packet_put_cstring(service);
-        packet_put_char(wantconfirm);
-}
-void
-channel_register_callback(int id, int mtype, channel_callback_fn *fn, void *arg)
-{
-        Channel *c = channel_lookup(id);
-        if (c == NULL) {
-                log("channel_register_callback: %d: bad id", id);
-                return;
-        }
-        c->cb_event = mtype;
-        c->cb_fn = fn;
-        c->cb_arg = arg;
-}
-void
-channel_register_cleanup(int id, channel_callback_fn *fn)
-{
-        Channel *c = channel_lookup(id);
-        if (c == NULL) {
-                log("channel_register_cleanup: %d: bad id", id);
-                return;
-        }
-        c->dettach_user = fn;
-}
-void
-channel_cancel_cleanup(int id)
-{
-        Channel *c = channel_lookup(id);
-        if (c == NULL) {
-                log("channel_cancel_cleanup: %d: bad id", id);
-                return;
-        }
-        c->dettach_user = NULL;
-}
-void
-channel_register_filter(int id, channel_filter_fn *fn)
-{
-        Channel *c = channel_lookup(id);
-        if (c == NULL) {
-                log("channel_register_filter: %d: bad id", id);
-                return;
-        }
-        c->input_filter = fn;
-}
-
-void
-channel_set_fds(int id, int rfd, int wfd, int efd,
-    int extusage, int nonblock)
-{
-        Channel *c = channel_lookup(id);
-        if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
-                fatal("channel_activate for non-larval channel %d.", id);
-        channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
-        c->type = SSH_CHANNEL_OPEN;
-        /* XXX window size? */
-        c->local_window = c->local_window_max = c->local_maxpacket * 2;
-        packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
-        packet_put_int(c->remote_id);
-        packet_put_int(c->local_window);
-        packet_send();
-}
diff --git a/channels.h b/channels.h
index 55d31854e..e9d583656 100644
--- a/channels.h
+++ b/channels.h
@@ -32,10 +32,10 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$OpenBSD: channels.h,v 1.33 2001/05/28 23:14:49 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.35 2001/05/31 10:30:15 markus Exp $"); */
 
-#ifndef CHANNELS_H
-#define CHANNELS_H
+#ifndef CHANNEL_H
+#define CHANNEL_H
 
 #include "buffer.h"
 
@@ -124,21 +124,42 @@ struct Channel {
 #define CHAN_X11_WINDOW_DEFAULT (4*1024)
 #define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2)
 
+/* possible input states */
+#define CHAN_INPUT_OPEN                 0x01
+#define CHAN_INPUT_WAIT_DRAIN           0x02
+#define CHAN_INPUT_WAIT_OCLOSE          0x04
+#define CHAN_INPUT_CLOSED               0x08
 
-void    channel_open(int id);
+/* possible output states */
+#define CHAN_OUTPUT_OPEN                0x10
+#define CHAN_OUTPUT_WAIT_DRAIN          0x20
+#define CHAN_OUTPUT_WAIT_IEOF           0x40
+#define CHAN_OUTPUT_CLOSED              0x80
+
+#define CHAN_CLOSE_SENT                 0x01
+#define CHAN_CLOSE_RCVD                 0x02
+
+
+/* channel management */
+
+Channel *channel_lookup(int id);
+Channel *
+channel_new(char *ctype, int type, int rfd, int wfd, int efd,
+    int window, int maxpack, int extusage, char *remote_name, int nonblock);
+void
+channel_set_fds(int id, int rfd, int wfd, int efd,
+    int extusage, int nonblock);
+void    channel_free(Channel *c);
+
+void    channel_send_open(int id);
 void    channel_request(int id, char *service, int wantconfirm);
 void    channel_request_start(int id, char *service, int wantconfirm);
 void    channel_register_callback(int id, int mtype, channel_callback_fn *fn, void *arg);
 void    channel_register_cleanup(int id, channel_callback_fn *fn);
 void    channel_register_filter(int id, channel_filter_fn *fn);
 void    channel_cancel_cleanup(int id);
-Channel *channel_lookup(int id);
 
-void
-channel_set_fds(int id, int rfd, int wfd, int efd,
-    int extusage, int nonblock);
-
-void    deny_input_open(int type, int plen, void *ctxt);
+/* protocol handler */
 
 void    channel_input_channel_request(int type, int plen, void *ctxt);
 void    channel_input_close(int type, int plen, void *ctxt);
@@ -152,66 +173,22 @@ void	channel_input_open_failure(int type, int plen, void *ctxt);
 void    channel_input_port_open(int type, int plen, void *ctxt);
 void    channel_input_window_adjust(int type, int plen, void *ctxt);
 
-/* Sets specific protocol options. */
-void    channel_set_options(int hostname_in_open);
-
-/*
- * Allocate a new channel object and set its type and socket.  Remote_name
- * must have been allocated with xmalloc; this will free it when the channel
- * is freed.
- */
-Channel *
-channel_new(char *ctype, int type, int rfd, int wfd, int efd,
-    int window, int maxpack, int extended_usage, char *remote_name,
-    int nonblock);
-
-/* Free the channel and close its socket. */
-void    channel_free(Channel *c);
+/* file descriptor handling (read/write) */
 
-/*
- * Allocate/update select bitmasks and add any bits relevant to channels in
- * select bitmasks.
- */
 void
 channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
     int rekeying);
-
-/*
- * After select, perform any appropriate operations for channels which have
- * events pending.
- */
 void    channel_after_select(fd_set * readset, fd_set * writeset);
-
-/* If there is data to send to the connection, send some of it now. */
 void    channel_output_poll(void);
 
-/* Returns true if no channel has too much buffered data. */
 int     channel_not_very_much_buffered_data(void);
-
-/* This closes any sockets that are listening for connections; this removes
-   any unix domain sockets. */
 void    channel_stop_listening(void);
-
-/*
- * Closes the sockets of all channels.  This is used to close extra file
- * descriptors after a fork.
- */
 void    channel_close_all(void);
-
-/* Returns true if there is still an open channel over the connection. */
 int     channel_still_open(void);
-
-/*
- * Returns a string containing a list of all open channels.  The list is
- * suitable for displaying to the user.  It uses crlf instead of newlines.
- * The caller should free the string with xfree.
- */
 char   *channel_open_message(void);
+int     channel_find_open(void);
 
-/*
- * Initiate forwarding of connections to local port "port" through the secure
- * channel to host:port from remote side.
- */
+/* channel_tcpfwd.c */
 int
 channel_request_local_forwarding(u_short listen_port,
     const char *host_to_connect, u_short port_to_connect, int gateway_ports);
@@ -219,95 +196,53 @@ int
 channel_request_forwarding(const char *listen_address, u_short listen_port,
     const char *host_to_connect, u_short port_to_connect, int gateway_ports,
     int remote_fwd);
-
-/*
- * Initiate forwarding of connections to port "port" on remote host through
- * the secure channel to host:port from local side.  This never returns if
- * there was an error.  This registers that open requests for that port are
- * permitted.
- */
 void
 channel_request_remote_forwarding(u_short port, const char *host,
     u_short remote_port);
-
-/*
- * Permits opening to any host/port if permitted_opens[] is empty.  This is
- * usually called by the server, because the user could connect to any port
- * anyway, and the server has no way to know but to trust the client anyway.
- */
 void    channel_permit_all_opens(void);
-
-/* Add host/port to list of allowed targets for port forwarding */
 void    channel_add_permitted_opens(char *host, int port);
-
-/* Flush list */
 void    channel_clear_permitted_opens(void);
-
-/*
- * This is called after receiving CHANNEL_FORWARDING_REQUEST.  This initates
- * listening for the port, and sends back a success reply (or disconnect
- * message if there was an error).  This never returns if there was an error.
- */
 void    channel_input_port_forward_request(int is_root, int gateway_ports);
+int     channel_connect_to(const char *host, u_short host_port);
+int     channel_connect_by_listen_adress(u_short listen_port);
 
-/*
- * Creates a port for X11 connections, and starts listening for it. Returns
- * the display name, or NULL if an error was encountered.
- */
-char   *x11_create_display(int screen);
+/* x11 forwarding */
 
-/*
- * Creates an internet domain socket for listening for X11 connections.
- * Returns a suitable value for the DISPLAY variable, or NULL if an error
- * occurs.
- */
+int     x11_connect_display(void);
+//int   x11_check_cookie(Buffer *b);
+char   *x11_create_display(int screen);
 char   *x11_create_display_inet(int screen, int x11_display_offset);
-
-/*
- * This is called when SSH_SMSG_X11_OPEN is received.  The packet contains
- * the remote channel number.  We should do whatever we want, and respond
- * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.
- */
 void    x11_input_open(int type, int plen, void *ctxt);
-
-/*
- * Requests forwarding of X11 connections.  This should be called on the
- * client only.
- */
 void    x11_request_forwarding(void);
-
-/*
- * Requests forwarding for X11 connections, with authentication spoofing.
- * This should be called in the client only.
- */
 void
 x11_request_forwarding_with_spoofing(int client_session_id,
     const char *proto, const char *data);
+void    deny_input_open(int type, int plen, void *ctxt);
 
-/* Sends a message to the server to request authentication fd forwarding. */
-void    auth_request_forwarding(void);
+/* agent forwarding */
 
-/*
- * Returns the name of the forwarded authentication socket.  Returns NULL if
- * there is no forwarded authentication socket.  The returned value points to
- * a static buffer.
- */
+void    auth_request_forwarding(void);
 char   *auth_get_socket_name(void);
-
-/*
- * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
- * This starts forwarding authentication requests.
- */
 int     auth_input_request_forwarding(struct passwd * pw);
-
-/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
 void    auth_input_open_request(int type, int plen, void *ctxt);
 
-/* XXX */
-int     channel_connect_to(const char *host, u_short host_port);
-int     channel_connect_by_listen_adress(u_short listen_port);
-int     x11_connect_display(void);
+/* channel close */
 
-int     channel_find_open(void);
+typedef void    chan_event_fn(Channel * c);
+
+/* for the input state */
+extern chan_event_fn    *chan_rcvd_oclose;
+extern chan_event_fn    *chan_read_failed;
+extern chan_event_fn    *chan_ibuf_empty;
+
+/* for the output state */
+extern chan_event_fn    *chan_rcvd_ieof;
+extern chan_event_fn    *chan_write_failed;
+extern chan_event_fn    *chan_obuf_empty;
+
+int     chan_is_dead(Channel * c);
+void    chan_mark_dead(Channel * c);
+void    chan_init_iostates(Channel * c);
+void    chan_init(void);
 
 #endif