summaryrefslogtreecommitdiff
path: root/channels.c
diff options
context:
space:
mode:
Diffstat (limited to 'channels.c')
-rw-r--r--channels.c263
1 files changed, 187 insertions, 76 deletions
diff --git a/channels.c b/channels.c
index 218744d1a..65a6a7f00 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $"); 42RCSID("$OpenBSD: channels.c,v 1.194 2003/08/29 10:04:36 markus Exp $");
43 43
44#include "ssh.h" 44#include "ssh.h"
45#include "ssh1.h" 45#include "ssh1.h"
@@ -54,7 +54,7 @@ RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $");
54#include "key.h" 54#include "key.h"
55#include "authfd.h" 55#include "authfd.h"
56#include "pathnames.h" 56#include "pathnames.h"
57 57#include "bufaux.h"
58 58
59/* -- channel core */ 59/* -- channel core */
60 60
@@ -142,12 +142,12 @@ channel_lookup(int id)
142 Channel *c; 142 Channel *c;
143 143
144 if (id < 0 || id >= channels_alloc) { 144 if (id < 0 || id >= channels_alloc) {
145 log("channel_lookup: %d: bad id", id); 145 logit("channel_lookup: %d: bad id", id);
146 return NULL; 146 return NULL;
147 } 147 }
148 c = channels[id]; 148 c = channels[id];
149 if (c == NULL) { 149 if (c == NULL) {
150 log("channel_lookup: %d: bad id: channel free", id); 150 logit("channel_lookup: %d: bad id: channel free", id);
151 return NULL; 151 return NULL;
152 } 152 }
153 return c; 153 return c;
@@ -177,7 +177,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
177 177
178 /* XXX ugly hack: nonblock is only set by the server */ 178 /* XXX ugly hack: nonblock is only set by the server */
179 if (nonblock && isatty(c->rfd)) { 179 if (nonblock && isatty(c->rfd)) {
180 debug("channel %d: rfd %d isatty", c->self, c->rfd); 180 debug2("channel %d: rfd %d isatty", c->self, c->rfd);
181 c->isatty = 1; 181 c->isatty = 1;
182 if (!isatty(c->wfd)) { 182 if (!isatty(c->wfd)) {
183 error("channel %d: wfd %d is not a tty?", 183 error("channel %d: wfd %d is not a tty?",
@@ -229,13 +229,12 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
229 if (found == -1) { 229 if (found == -1) {
230 /* There are no free slots. Take last+1 slot and expand the array. */ 230 /* There are no free slots. Take last+1 slot and expand the array. */
231 found = channels_alloc; 231 found = channels_alloc;
232 channels_alloc += 10;
232 if (channels_alloc > 10000) 233 if (channels_alloc > 10000)
233 fatal("channel_new: internal error: channels_alloc %d " 234 fatal("channel_new: internal error: channels_alloc %d "
234 "too big.", channels_alloc); 235 "too big.", channels_alloc);
235 channels = xrealloc(channels,
236 (channels_alloc + 10) * sizeof(Channel *));
237 channels_alloc += 10;
238 debug2("channel: expanding %d", channels_alloc); 236 debug2("channel: expanding %d", channels_alloc);
237 channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
239 for (i = found; i < channels_alloc; i++) 238 for (i = found; i < channels_alloc; i++)
240 channels[i] = NULL; 239 channels[i] = NULL;
241 } 240 }
@@ -257,7 +256,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
257 c->local_consumed = 0; 256 c->local_consumed = 0;
258 c->local_maxpacket = maxpack; 257 c->local_maxpacket = maxpack;
259 c->remote_id = -1; 258 c->remote_id = -1;
260 c->remote_name = remote_name; 259 c->remote_name = xstrdup(remote_name);
261 c->remote_window = 0; 260 c->remote_window = 0;
262 c->remote_maxpacket = 0; 261 c->remote_maxpacket = 0;
263 c->force_drain = 0; 262 c->force_drain = 0;
@@ -305,7 +304,7 @@ channel_close_fd(int *fdp)
305static void 304static void
306channel_close_fds(Channel *c) 305channel_close_fds(Channel *c)
307{ 306{
308 debug3("channel_close_fds: channel %d: r %d w %d e %d", 307 debug3("channel %d: close_fds r %d w %d e %d",
309 c->self, c->rfd, c->wfd, c->efd); 308 c->self, c->rfd, c->wfd, c->efd);
310 309
311 channel_close_fd(&c->sock); 310 channel_close_fd(&c->sock);
@@ -325,11 +324,11 @@ channel_free(Channel *c)
325 for (n = 0, i = 0; i < channels_alloc; i++) 324 for (n = 0, i = 0; i < channels_alloc; i++)
326 if (channels[i]) 325 if (channels[i])
327 n++; 326 n++;
328 debug("channel_free: channel %d: %s, nchannels %d", c->self, 327 debug("channel %d: free: %s, nchannels %d", c->self,
329 c->remote_name ? c->remote_name : "???", n); 328 c->remote_name ? c->remote_name : "???", n);
330 329
331 s = channel_open_message(); 330 s = channel_open_message();
332 debug3("channel_free: status: %s", s); 331 debug3("channel %d: status: %s", c->self, s);
333 xfree(s); 332 xfree(s);
334 333
335 if (c->sock != -1) 334 if (c->sock != -1)
@@ -420,7 +419,7 @@ channel_not_very_much_buffered_data(void)
420 } 419 }
421#endif 420#endif
422 if (buffer_len(&c->output) > packet_get_maxsize()) { 421 if (buffer_len(&c->output) > packet_get_maxsize()) {
423 debug2("channel %d: big output buffer %d > %d", 422 debug2("channel %d: big output buffer %u > %u",
424 c->self, buffer_len(&c->output), 423 c->self, buffer_len(&c->output),
425 packet_get_maxsize()); 424 packet_get_maxsize());
426 return 0; 425 return 0;
@@ -576,7 +575,7 @@ channel_send_open(int id)
576 Channel *c = channel_lookup(id); 575 Channel *c = channel_lookup(id);
577 576
578 if (c == NULL) { 577 if (c == NULL) {
579 log("channel_send_open: %d: bad id", id); 578 logit("channel_send_open: %d: bad id", id);
580 return; 579 return;
581 } 580 }
582 debug2("channel %d: send open", id); 581 debug2("channel %d: send open", id);
@@ -594,10 +593,10 @@ channel_request_start(int id, char *service, int wantconfirm)
594 Channel *c = channel_lookup(id); 593 Channel *c = channel_lookup(id);
595 594
596 if (c == NULL) { 595 if (c == NULL) {
597 log("channel_request_start: %d: unknown channel id", id); 596 logit("channel_request_start: %d: unknown channel id", id);
598 return; 597 return;
599 } 598 }
600 debug("channel %d: request %s", id, service) ; 599 debug2("channel %d: request %s", id, service) ;
601 packet_start(SSH2_MSG_CHANNEL_REQUEST); 600 packet_start(SSH2_MSG_CHANNEL_REQUEST);
602 packet_put_int(c->remote_id); 601 packet_put_int(c->remote_id);
603 packet_put_cstring(service); 602 packet_put_cstring(service);
@@ -609,7 +608,7 @@ channel_register_confirm(int id, channel_callback_fn *fn)
609 Channel *c = channel_lookup(id); 608 Channel *c = channel_lookup(id);
610 609
611 if (c == NULL) { 610 if (c == NULL) {
612 log("channel_register_comfirm: %d: bad id", id); 611 logit("channel_register_comfirm: %d: bad id", id);
613 return; 612 return;
614 } 613 }
615 c->confirm = fn; 614 c->confirm = fn;
@@ -620,7 +619,7 @@ channel_register_cleanup(int id, channel_callback_fn *fn)
620 Channel *c = channel_lookup(id); 619 Channel *c = channel_lookup(id);
621 620
622 if (c == NULL) { 621 if (c == NULL) {
623 log("channel_register_cleanup: %d: bad id", id); 622 logit("channel_register_cleanup: %d: bad id", id);
624 return; 623 return;
625 } 624 }
626 c->detach_user = fn; 625 c->detach_user = fn;
@@ -631,7 +630,7 @@ channel_cancel_cleanup(int id)
631 Channel *c = channel_lookup(id); 630 Channel *c = channel_lookup(id);
632 631
633 if (c == NULL) { 632 if (c == NULL) {
634 log("channel_cancel_cleanup: %d: bad id", id); 633 logit("channel_cancel_cleanup: %d: bad id", id);
635 return; 634 return;
636 } 635 }
637 c->detach_user = NULL; 636 c->detach_user = NULL;
@@ -642,7 +641,7 @@ channel_register_filter(int id, channel_filter_fn *fn)
642 Channel *c = channel_lookup(id); 641 Channel *c = channel_lookup(id);
643 642
644 if (c == NULL) { 643 if (c == NULL) {
645 log("channel_register_filter: %d: bad id", id); 644 logit("channel_register_filter: %d: bad id", id);
646 return; 645 return;
647 } 646 }
648 c->input_filter = fn; 647 c->input_filter = fn;
@@ -740,7 +739,7 @@ channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset)
740 packet_put_int(c->remote_id); 739 packet_put_int(c->remote_id);
741 packet_send(); 740 packet_send();
742 c->type = SSH_CHANNEL_CLOSED; 741 c->type = SSH_CHANNEL_CLOSED;
743 debug("channel %d: closing after input drain.", c->self); 742 debug2("channel %d: closing after input drain.", c->self);
744 } 743 }
745} 744}
746 745
@@ -781,7 +780,7 @@ x11_open_helper(Buffer *b)
781 proto_len = ucp[6] + 256 * ucp[7]; 780 proto_len = ucp[6] + 256 * ucp[7];
782 data_len = ucp[8] + 256 * ucp[9]; 781 data_len = ucp[8] + 256 * ucp[9];
783 } else { 782 } else {
784 debug("Initial X11 packet contains bad byte order byte: 0x%x", 783 debug2("Initial X11 packet contains bad byte order byte: 0x%x",
785 ucp[0]); 784 ucp[0]);
786 return -1; 785 return -1;
787 } 786 }
@@ -794,14 +793,14 @@ x11_open_helper(Buffer *b)
794 /* Check if authentication protocol matches. */ 793 /* Check if authentication protocol matches. */
795 if (proto_len != strlen(x11_saved_proto) || 794 if (proto_len != strlen(x11_saved_proto) ||
796 memcmp(ucp + 12, x11_saved_proto, proto_len) != 0) { 795 memcmp(ucp + 12, x11_saved_proto, proto_len) != 0) {
797 debug("X11 connection uses different authentication protocol."); 796 debug2("X11 connection uses different authentication protocol.");
798 return -1; 797 return -1;
799 } 798 }
800 /* Check if authentication data matches our fake data. */ 799 /* Check if authentication data matches our fake data. */
801 if (data_len != x11_fake_data_len || 800 if (data_len != x11_fake_data_len ||
802 memcmp(ucp + 12 + ((proto_len + 3) & ~3), 801 memcmp(ucp + 12 + ((proto_len + 3) & ~3),
803 x11_fake_data, x11_fake_data_len) != 0) { 802 x11_fake_data, x11_fake_data_len) != 0) {
804 debug("X11 auth data does not match fake data."); 803 debug2("X11 auth data does not match fake data.");
805 return -1; 804 return -1;
806 } 805 }
807 /* Check fake data length */ 806 /* Check fake data length */
@@ -834,7 +833,7 @@ channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
834 * We have received an X11 connection that has bad 833 * We have received an X11 connection that has bad
835 * authentication information. 834 * authentication information.
836 */ 835 */
837 log("X11 connection rejected because of wrong authentication."); 836 logit("X11 connection rejected because of wrong authentication.");
838 buffer_clear(&c->input); 837 buffer_clear(&c->input);
839 buffer_clear(&c->output); 838 buffer_clear(&c->output);
840 channel_close_fd(&c->sock); 839 channel_close_fd(&c->sock);
@@ -857,8 +856,8 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
857 c->type = SSH_CHANNEL_OPEN; 856 c->type = SSH_CHANNEL_OPEN;
858 channel_pre_open(c, readset, writeset); 857 channel_pre_open(c, readset, writeset);
859 } else if (ret == -1) { 858 } else if (ret == -1) {
860 log("X11 connection rejected because of wrong authentication."); 859 logit("X11 connection rejected because of wrong authentication.");
861 debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); 860 debug2("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
862 chan_read_failed(c); 861 chan_read_failed(c);
863 buffer_clear(&c->input); 862 buffer_clear(&c->input);
864 chan_ibuf_empty(c); 863 chan_ibuf_empty(c);
@@ -868,7 +867,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
868 chan_write_failed(c); 867 chan_write_failed(c);
869 else 868 else
870 c->type = SSH_CHANNEL_OPEN; 869 c->type = SSH_CHANNEL_OPEN;
871 debug("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate); 870 debug2("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate);
872 } 871 }
873} 872}
874 873
@@ -926,7 +925,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
926 strlcpy(c->path, host, sizeof(c->path)); 925 strlcpy(c->path, host, sizeof(c->path));
927 c->host_port = ntohs(s4_req.dest_port); 926 c->host_port = ntohs(s4_req.dest_port);
928 927
929 debug("channel %d: dynamic request: socks4 host %s port %u command %u", 928 debug2("channel %d: dynamic request: socks4 host %s port %u command %u",
930 c->self, host, c->host_port, s4_req.command); 929 c->self, host, c->host_port, s4_req.command);
931 930
932 if (s4_req.command != 1) { 931 if (s4_req.command != 1) {
@@ -942,6 +941,117 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
942 return 1; 941 return 1;
943} 942}
944 943
944/* try to decode a socks5 header */
945#define SSH_SOCKS5_AUTHDONE 0x1000
946#define SSH_SOCKS5_NOAUTH 0x00
947#define SSH_SOCKS5_IPV4 0x01
948#define SSH_SOCKS5_DOMAIN 0x03
949#define SSH_SOCKS5_IPV6 0x04
950#define SSH_SOCKS5_CONNECT 0x01
951#define SSH_SOCKS5_SUCCESS 0x00
952
953static int
954channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
955{
956 struct {
957 u_int8_t version;
958 u_int8_t command;
959 u_int8_t reserved;
960 u_int8_t atyp;
961 } s5_req, s5_rsp;
962 u_int16_t dest_port;
963 u_char *p, dest_addr[255+1];
964 int i, have, found, nmethods, addrlen, af;
965
966 debug2("channel %d: decode socks5", c->self);
967 p = buffer_ptr(&c->input);
968 if (p[0] != 0x05)
969 return -1;
970 have = buffer_len(&c->input);
971 if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {
972 /* format: ver | nmethods | methods */
973 if (have < 2)
974 return 0;
975 nmethods = p[1];
976 if (have < nmethods + 2)
977 return 0;
978 /* look for method: "NO AUTHENTICATION REQUIRED" */
979 for (found = 0, i = 2 ; i < nmethods + 2; i++) {
980 if (p[i] == SSH_SOCKS5_NOAUTH ) {
981 found = 1;
982 break;
983 }
984 }
985 if (!found) {
986 debug("channel %d: method SSH_SOCKS5_NOAUTH not found",
987 c->self);
988 return -1;
989 }
990 buffer_consume(&c->input, nmethods + 2);
991 buffer_put_char(&c->output, 0x05); /* version */
992 buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */
993 FD_SET(c->sock, writeset);
994 c->flags |= SSH_SOCKS5_AUTHDONE;
995 debug2("channel %d: socks5 auth done", c->self);
996 return 0; /* need more */
997 }
998 debug2("channel %d: socks5 post auth", c->self);
999 if (have < sizeof(s5_req)+1)
1000 return 0; /* need more */
1001 memcpy((char *)&s5_req, p, sizeof(s5_req));
1002 if (s5_req.version != 0x05 ||
1003 s5_req.command != SSH_SOCKS5_CONNECT ||
1004 s5_req.reserved != 0x00) {
1005 debug2("channel %d: only socks5 connect supported", c->self);
1006 return -1;
1007 }
1008 switch(s5_req.atyp){
1009 case SSH_SOCKS5_IPV4:
1010 addrlen = 4;
1011 af = AF_INET;
1012 break;
1013 case SSH_SOCKS5_DOMAIN:
1014 addrlen = p[sizeof(s5_req)];
1015 af = -1;
1016 break;
1017 case SSH_SOCKS5_IPV6:
1018 addrlen = 16;
1019 af = AF_INET6;
1020 break;
1021 default:
1022 debug2("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);
1023 return -1;
1024 }
1025 if (have < 4 + addrlen + 2)
1026 return 0;
1027 buffer_consume(&c->input, sizeof(s5_req));
1028 if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
1029 buffer_consume(&c->input, 1); /* host string length */
1030 buffer_get(&c->input, (char *)&dest_addr, addrlen);
1031 buffer_get(&c->input, (char *)&dest_port, 2);
1032 dest_addr[addrlen] = '\0';
1033 if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
1034 strlcpy(c->path, dest_addr, sizeof(c->path));
1035 else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)
1036 return -1;
1037 c->host_port = ntohs(dest_port);
1038
1039 debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
1040 c->self, c->path, c->host_port, s5_req.command);
1041
1042 s5_rsp.version = 0x05;
1043 s5_rsp.command = SSH_SOCKS5_SUCCESS;
1044 s5_rsp.reserved = 0; /* ignored */
1045 s5_rsp.atyp = SSH_SOCKS5_IPV4;
1046 ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;
1047 dest_port = 0; /* ignored */
1048
1049 buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp));
1050 buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr));
1051 buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port));
1052 return 1;
1053}
1054
945/* dynamic port forwarding */ 1055/* dynamic port forwarding */
946static void 1056static void
947channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) 1057channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
@@ -954,7 +1064,7 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
954 debug2("channel %d: pre_dynamic: have %d", c->self, have); 1064 debug2("channel %d: pre_dynamic: have %d", c->self, have);
955 /* buffer_dump(&c->input); */ 1065 /* buffer_dump(&c->input); */
956 /* check if the fixed size part of the packet is in buffer. */ 1066 /* check if the fixed size part of the packet is in buffer. */
957 if (have < 4) { 1067 if (have < 3) {
958 /* need more */ 1068 /* need more */
959 FD_SET(c->sock, readset); 1069 FD_SET(c->sock, readset);
960 return; 1070 return;
@@ -965,6 +1075,9 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
965 case 0x04: 1075 case 0x04:
966 ret = channel_decode_socks4(c, readset, writeset); 1076 ret = channel_decode_socks4(c, readset, writeset);
967 break; 1077 break;
1078 case 0x05:
1079 ret = channel_decode_socks5(c, readset, writeset);
1080 break;
968 default: 1081 default:
969 ret = -1; 1082 ret = -1;
970 break; 1083 break;
@@ -998,7 +1111,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
998 addrlen = sizeof(addr); 1111 addrlen = sizeof(addr);
999 newsock = accept(c->sock, &addr, &addrlen); 1112 newsock = accept(c->sock, &addr, &addrlen);
1000 if (c->single_connection) { 1113 if (c->single_connection) {
1001 debug("single_connection: closing X11 listener."); 1114 debug2("single_connection: closing X11 listener.");
1002 channel_close_fd(&c->sock); 1115 channel_close_fd(&c->sock);
1003 chan_mark_dead(c); 1116 chan_mark_dead(c);
1004 } 1117 }
@@ -1014,8 +1127,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
1014 1127
1015 nc = channel_new("accepted x11 socket", 1128 nc = channel_new("accepted x11 socket",
1016 SSH_CHANNEL_OPENING, newsock, newsock, -1, 1129 SSH_CHANNEL_OPENING, newsock, newsock, -1,
1017 c->local_window_max, c->local_maxpacket, 1130 c->local_window_max, c->local_maxpacket, 0, buf, 1);
1018 0, xstrdup(buf), 1);
1019 if (compat20) { 1131 if (compat20) {
1020 packet_start(SSH2_MSG_CHANNEL_OPEN); 1132 packet_start(SSH2_MSG_CHANNEL_OPEN);
1021 packet_put_cstring("x11"); 1133 packet_put_cstring("x11");
@@ -1025,7 +1137,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
1025 /* originator ipaddr and port */ 1137 /* originator ipaddr and port */
1026 packet_put_cstring(remote_ipaddr); 1138 packet_put_cstring(remote_ipaddr);
1027 if (datafellows & SSH_BUG_X11FWD) { 1139 if (datafellows & SSH_BUG_X11FWD) {
1028 debug("ssh2 x11 bug compat mode"); 1140 debug2("ssh2 x11 bug compat mode");
1029 } else { 1141 } else {
1030 packet_put_int(remote_port); 1142 packet_put_int(remote_port);
1031 } 1143 }
@@ -1130,10 +1242,8 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
1130 return; 1242 return;
1131 } 1243 }
1132 set_nodelay(newsock); 1244 set_nodelay(newsock);
1133 nc = channel_new(rtype, 1245 nc = channel_new(rtype, nextstate, newsock, newsock, -1,
1134 nextstate, newsock, newsock, -1, 1246 c->local_window_max, c->local_maxpacket, 0, rtype, 1);
1135 c->local_window_max, c->local_maxpacket,
1136 0, xstrdup(rtype), 1);
1137 nc->listening_port = c->listening_port; 1247 nc->listening_port = c->listening_port;
1138 nc->host_port = c->host_port; 1248 nc->host_port = c->host_port;
1139 strlcpy(nc->path, c->path, sizeof(nc->path)); 1249 strlcpy(nc->path, c->path, sizeof(nc->path));
@@ -1159,7 +1269,6 @@ static void
1159channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset) 1269channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
1160{ 1270{
1161 Channel *nc; 1271 Channel *nc;
1162 char *name;
1163 int newsock; 1272 int newsock;
1164 struct sockaddr addr; 1273 struct sockaddr addr;
1165 socklen_t addrlen; 1274 socklen_t addrlen;
@@ -1171,11 +1280,10 @@ channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
1171 error("accept from auth socket: %.100s", strerror(errno)); 1280 error("accept from auth socket: %.100s", strerror(errno));
1172 return; 1281 return;
1173 } 1282 }
1174 name = xstrdup("accepted auth socket");
1175 nc = channel_new("accepted auth socket", 1283 nc = channel_new("accepted auth socket",
1176 SSH_CHANNEL_OPENING, newsock, newsock, -1, 1284 SSH_CHANNEL_OPENING, newsock, newsock, -1,
1177 c->local_window_max, c->local_maxpacket, 1285 c->local_window_max, c->local_maxpacket,
1178 0, name, 1); 1286 0, "accepted auth socket", 1);
1179 if (compat20) { 1287 if (compat20) {
1180 packet_start(SSH2_MSG_CHANNEL_OPEN); 1288 packet_start(SSH2_MSG_CHANNEL_OPEN);
1181 packet_put_cstring("auth-agent@openssh.com"); 1289 packet_put_cstring("auth-agent@openssh.com");
@@ -1248,16 +1356,16 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
1248 if (len < 0 && (errno == EINTR || errno == EAGAIN)) 1356 if (len < 0 && (errno == EINTR || errno == EAGAIN))
1249 return 1; 1357 return 1;
1250 if (len <= 0) { 1358 if (len <= 0) {
1251 debug("channel %d: read<=0 rfd %d len %d", 1359 debug2("channel %d: read<=0 rfd %d len %d",
1252 c->self, c->rfd, len); 1360 c->self, c->rfd, len);
1253 if (c->type != SSH_CHANNEL_OPEN) { 1361 if (c->type != SSH_CHANNEL_OPEN) {
1254 debug("channel %d: not open", c->self); 1362 debug2("channel %d: not open", c->self);
1255 chan_mark_dead(c); 1363 chan_mark_dead(c);
1256 return -1; 1364 return -1;
1257 } else if (compat13) { 1365 } else if (compat13) {
1258 buffer_clear(&c->output); 1366 buffer_clear(&c->output);
1259 c->type = SSH_CHANNEL_INPUT_DRAINING; 1367 c->type = SSH_CHANNEL_INPUT_DRAINING;
1260 debug("channel %d: input draining.", c->self); 1368 debug2("channel %d: input draining.", c->self);
1261 } else { 1369 } else {
1262 chan_read_failed(c); 1370 chan_read_failed(c);
1263 } 1371 }
@@ -1265,7 +1373,7 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
1265 } 1373 }
1266 if (c->input_filter != NULL) { 1374 if (c->input_filter != NULL) {
1267 if (c->input_filter(c, buf, len) == -1) { 1375 if (c->input_filter(c, buf, len) == -1) {
1268 debug("channel %d: filter stops", c->self); 1376 debug2("channel %d: filter stops", c->self);
1269 chan_read_failed(c); 1377 chan_read_failed(c);
1270 } 1378 }
1271 } else { 1379 } else {
@@ -1298,12 +1406,12 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
1298 return 1; 1406 return 1;
1299 if (len <= 0) { 1407 if (len <= 0) {
1300 if (c->type != SSH_CHANNEL_OPEN) { 1408 if (c->type != SSH_CHANNEL_OPEN) {
1301 debug("channel %d: not open", c->self); 1409 debug2("channel %d: not open", c->self);
1302 chan_mark_dead(c); 1410 chan_mark_dead(c);
1303 return -1; 1411 return -1;
1304 } else if (compat13) { 1412 } else if (compat13) {
1305 buffer_clear(&c->output); 1413 buffer_clear(&c->output);
1306 debug("channel %d: input draining.", c->self); 1414 debug2("channel %d: input draining.", c->self);
1307 c->type = SSH_CHANNEL_INPUT_DRAINING; 1415 c->type = SSH_CHANNEL_INPUT_DRAINING;
1308 } else { 1416 } else {
1309 chan_write_failed(c); 1417 chan_write_failed(c);
@@ -1510,16 +1618,16 @@ channel_garbage_collect(Channel *c)
1510 if (c->detach_user != NULL) { 1618 if (c->detach_user != NULL) {
1511 if (!chan_is_dead(c, 0)) 1619 if (!chan_is_dead(c, 0))
1512 return; 1620 return;
1513 debug("channel %d: gc: notify user", c->self); 1621 debug2("channel %d: gc: notify user", c->self);
1514 c->detach_user(c->self, NULL); 1622 c->detach_user(c->self, NULL);
1515 /* if we still have a callback */ 1623 /* if we still have a callback */
1516 if (c->detach_user != NULL) 1624 if (c->detach_user != NULL)
1517 return; 1625 return;
1518 debug("channel %d: gc: user detached", c->self); 1626 debug2("channel %d: gc: user detached", c->self);
1519 } 1627 }
1520 if (!chan_is_dead(c, 1)) 1628 if (!chan_is_dead(c, 1))
1521 return; 1629 return;
1522 debug("channel %d: garbage collecting", c->self); 1630 debug2("channel %d: garbage collecting", c->self);
1523 channel_free(c); 1631 channel_free(c);
1524} 1632}
1525 1633
@@ -1718,11 +1826,11 @@ channel_input_data(int type, u_int32_t seq, void *ctxt)
1718 1826
1719 if (compat20) { 1827 if (compat20) {
1720 if (data_len > c->local_maxpacket) { 1828 if (data_len > c->local_maxpacket) {
1721 log("channel %d: rcvd big packet %d, maxpack %d", 1829 logit("channel %d: rcvd big packet %d, maxpack %d",
1722 c->self, data_len, c->local_maxpacket); 1830 c->self, data_len, c->local_maxpacket);
1723 } 1831 }
1724 if (data_len > c->local_window) { 1832 if (data_len > c->local_window) {
1725 log("channel %d: rcvd too much data %d, win %d", 1833 logit("channel %d: rcvd too much data %d, win %d",
1726 c->self, data_len, c->local_window); 1834 c->self, data_len, c->local_window);
1727 xfree(data); 1835 xfree(data);
1728 return; 1836 return;
@@ -1749,7 +1857,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
1749 if (c == NULL) 1857 if (c == NULL)
1750 packet_disconnect("Received extended_data for bad channel %d.", id); 1858 packet_disconnect("Received extended_data for bad channel %d.", id);
1751 if (c->type != SSH_CHANNEL_OPEN) { 1859 if (c->type != SSH_CHANNEL_OPEN) {
1752 log("channel %d: ext data for non open", id); 1860 logit("channel %d: ext data for non open", id);
1753 return; 1861 return;
1754 } 1862 }
1755 if (c->flags & CHAN_EOF_RCVD) { 1863 if (c->flags & CHAN_EOF_RCVD) {
@@ -1763,13 +1871,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
1763 if (c->efd == -1 || 1871 if (c->efd == -1 ||
1764 c->extended_usage != CHAN_EXTENDED_WRITE || 1872 c->extended_usage != CHAN_EXTENDED_WRITE ||
1765 tcode != SSH2_EXTENDED_DATA_STDERR) { 1873 tcode != SSH2_EXTENDED_DATA_STDERR) {
1766 log("channel %d: bad ext data", c->self); 1874 logit("channel %d: bad ext data", c->self);
1767 return; 1875 return;
1768 } 1876 }
1769 data = packet_get_string(&data_len); 1877 data = packet_get_string(&data_len);
1770 packet_check_eom(); 1878 packet_check_eom();
1771 if (data_len > c->local_window) { 1879 if (data_len > c->local_window) {
1772 log("channel %d: rcvd too much extended_data %d, win %d", 1880 logit("channel %d: rcvd too much extended_data %d, win %d",
1773 c->self, data_len, c->local_window); 1881 c->self, data_len, c->local_window);
1774 xfree(data); 1882 xfree(data);
1775 return; 1883 return;
@@ -1894,7 +2002,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
1894 c->confirm(c->self, NULL); 2002 c->confirm(c->self, NULL);
1895 debug2("callback done"); 2003 debug2("callback done");
1896 } 2004 }
1897 debug("channel %d: open confirm rwindow %u rmax %u", c->self, 2005 debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
1898 c->remote_window, c->remote_maxpacket); 2006 c->remote_window, c->remote_maxpacket);
1899 } 2007 }
1900 packet_check_eom(); 2008 packet_check_eom();
@@ -1935,7 +2043,7 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
1935 msg = packet_get_string(NULL); 2043 msg = packet_get_string(NULL);
1936 lang = packet_get_string(NULL); 2044 lang = packet_get_string(NULL);
1937 } 2045 }
1938 log("channel %d: open failed: %s%s%s", id, 2046 logit("channel %d: open failed: %s%s%s", id,
1939 reason2txt(reason), msg ? ": ": "", msg ? msg : ""); 2047 reason2txt(reason), msg ? ": ": "", msg ? msg : "");
1940 if (msg != NULL) 2048 if (msg != NULL)
1941 xfree(msg); 2049 xfree(msg);
@@ -1962,7 +2070,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
1962 c = channel_lookup(id); 2070 c = channel_lookup(id);
1963 2071
1964 if (c == NULL || c->type != SSH_CHANNEL_OPEN) { 2072 if (c == NULL || c->type != SSH_CHANNEL_OPEN) {
1965 log("Received window adjust for " 2073 logit("Received window adjust for "
1966 "non-open channel %d.", id); 2074 "non-open channel %d.", id);
1967 return; 2075 return;
1968 } 2076 }
@@ -1997,8 +2105,8 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
1997 originator_string, 1); 2105 originator_string, 1);
1998 c->remote_id = remote_id; 2106 c->remote_id = remote_id;
1999 } 2107 }
2108 xfree(originator_string);
2000 if (c == NULL) { 2109 if (c == NULL) {
2001 xfree(originator_string);
2002 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); 2110 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
2003 packet_put_int(remote_id); 2111 packet_put_int(remote_id);
2004 packet_send(); 2112 packet_send();
@@ -2059,7 +2167,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2059 continue; 2167 continue;
2060 } 2168 }
2061 /* Create a port to listen for the host. */ 2169 /* Create a port to listen for the host. */
2062 sock = socket(ai->ai_family, SOCK_STREAM, 0); 2170 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2063 if (sock < 0) { 2171 if (sock < 0) {
2064 /* this is no error since kernel may not support ipv6 */ 2172 /* this is no error since kernel may not support ipv6 */
2065 verbose("socket: %.100s", strerror(errno)); 2173 verbose("socket: %.100s", strerror(errno));
@@ -2095,7 +2203,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2095 /* Allocate a channel number for the socket. */ 2203 /* Allocate a channel number for the socket. */
2096 c = channel_new("port listener", type, sock, sock, -1, 2204 c = channel_new("port listener", type, sock, sock, -1,
2097 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 2205 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
2098 0, xstrdup("port listener"), 1); 2206 0, "port listener", 1);
2099 strlcpy(c->path, host, sizeof(c->path)); 2207 strlcpy(c->path, host, sizeof(c->path));
2100 c->host_port = port_to_connect; 2208 c->host_port = port_to_connect;
2101 c->listening_port = listen_port; 2209 c->listening_port = listen_port;
@@ -2168,7 +2276,7 @@ channel_request_remote_forwarding(u_short listen_port,
2168 success = 1; 2276 success = 1;
2169 break; 2277 break;
2170 case SSH_SMSG_FAILURE: 2278 case SSH_SMSG_FAILURE:
2171 log("Warning: Server denied remote port forwarding."); 2279 logit("Warning: Server denied remote port forwarding.");
2172 break; 2280 break;
2173 default: 2281 default:
2174 /* Unknown packet */ 2282 /* Unknown packet */
@@ -2207,9 +2315,13 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
2207 * privileged port. 2315 * privileged port.
2208 */ 2316 */
2209 if (port < IPPORT_RESERVED && !is_root) 2317 if (port < IPPORT_RESERVED && !is_root)
2210 packet_disconnect("Requested forwarding of port %d but user is not root.", 2318 packet_disconnect(
2211 port); 2319 "Requested forwarding of port %d but user is not root.",
2320 port);
2321 if (host_port == 0)
2322 packet_disconnect("Dynamic forwarding denied.");
2212#endif 2323#endif
2324
2213 /* Initiate forwarding */ 2325 /* Initiate forwarding */
2214 channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports); 2326 channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports);
2215 2327
@@ -2281,7 +2393,7 @@ connect_to(const char *host, u_short port)
2281 error("connect_to: getnameinfo failed"); 2393 error("connect_to: getnameinfo failed");
2282 continue; 2394 continue;
2283 } 2395 }
2284 sock = socket(ai->ai_family, SOCK_STREAM, 0); 2396 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2285 if (sock < 0) { 2397 if (sock < 0) {
2286 if (ai->ai_next == NULL) 2398 if (ai->ai_next == NULL)
2287 error("socket: %.100s", strerror(errno)); 2399 error("socket: %.100s", strerror(errno));
@@ -2341,7 +2453,7 @@ channel_connect_to(const char *host, u_short port)
2341 2453
2342 } 2454 }
2343 if (!permit) { 2455 if (!permit) {
2344 log("Received request to connect to host %.100s port %d, " 2456 logit("Received request to connect to host %.100s port %d, "
2345 "but the request was denied.", host, port); 2457 "but the request was denied.", host, port);
2346 return -1; 2458 return -1;
2347 } 2459 }
@@ -2382,7 +2494,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2382 for (ai = aitop; ai; ai = ai->ai_next) { 2494 for (ai = aitop; ai; ai = ai->ai_next) {
2383 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2495 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2384 continue; 2496 continue;
2385 sock = socket(ai->ai_family, SOCK_STREAM, 0); 2497 sock = socket(ai->ai_family, ai->ai_socktype,
2498 ai->ai_protocol);
2386 if (sock < 0) { 2499 if (sock < 0) {
2387 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { 2500 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
2388 error("socket: %.100s", strerror(errno)); 2501 error("socket: %.100s", strerror(errno));
@@ -2401,7 +2514,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2401 } 2514 }
2402#endif 2515#endif
2403 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2516 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2404 debug("bind port %d: %.100s", port, strerror(errno)); 2517 debug2("bind port %d: %.100s", port, strerror(errno));
2405 close(sock); 2518 close(sock);
2406 2519
2407 if (ai->ai_next) 2520 if (ai->ai_next)
@@ -2450,7 +2563,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2450 nc = channel_new("x11 listener", 2563 nc = channel_new("x11 listener",
2451 SSH_CHANNEL_X11_LISTENER, sock, sock, -1, 2564 SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
2452 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 2565 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
2453 0, xstrdup("X11 inet listener"), 1); 2566 0, "X11 inet listener", 1);
2454 nc->single_connection = single_connection; 2567 nc->single_connection = single_connection;
2455 } 2568 }
2456 2569
@@ -2548,14 +2661,14 @@ x11_connect_display(void)
2548 } 2661 }
2549 for (ai = aitop; ai; ai = ai->ai_next) { 2662 for (ai = aitop; ai; ai = ai->ai_next) {
2550 /* Create a socket. */ 2663 /* Create a socket. */
2551 sock = socket(ai->ai_family, SOCK_STREAM, 0); 2664 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2552 if (sock < 0) { 2665 if (sock < 0) {
2553 debug("socket: %.100s", strerror(errno)); 2666 debug2("socket: %.100s", strerror(errno));
2554 continue; 2667 continue;
2555 } 2668 }
2556 /* Connect it to the display. */ 2669 /* Connect it to the display. */
2557 if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2670 if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2558 debug("connect %.100s port %d: %.100s", buf, 2671 debug2("connect %.100s port %d: %.100s", buf,
2559 6000 + display_number, strerror(errno)); 2672 6000 + display_number, strerror(errno));
2560 close(sock); 2673 close(sock);
2561 continue; 2674 continue;
@@ -2607,11 +2720,11 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
2607 c->remote_id = remote_id; 2720 c->remote_id = remote_id;
2608 c->force_drain = 1; 2721 c->force_drain = 1;
2609 } 2722 }
2723 xfree(remote_host);
2610 if (c == NULL) { 2724 if (c == NULL) {
2611 /* Send refusal to the remote host. */ 2725 /* Send refusal to the remote host. */
2612 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); 2726 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
2613 packet_put_int(remote_id); 2727 packet_put_int(remote_id);
2614 xfree(remote_host);
2615 } else { 2728 } else {
2616 /* Send a confirmation to the remote host. */ 2729 /* Send a confirmation to the remote host. */
2617 packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); 2730 packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
@@ -2733,7 +2846,6 @@ auth_input_open_request(int type, u_int32_t seq, void *ctxt)
2733{ 2846{
2734 Channel *c = NULL; 2847 Channel *c = NULL;
2735 int remote_id, sock; 2848 int remote_id, sock;
2736 char *name;
2737 2849
2738 /* Read the remote channel number from the message. */ 2850 /* Read the remote channel number from the message. */
2739 remote_id = packet_get_int(); 2851 remote_id = packet_get_int();
@@ -2752,9 +2864,8 @@ auth_input_open_request(int type, u_int32_t seq, void *ctxt)
2752 * agent. 2864 * agent.
2753 */ 2865 */
2754 if (sock >= 0) { 2866 if (sock >= 0) {
2755 name = xstrdup("authentication agent connection");
2756 c = channel_new("", SSH_CHANNEL_OPEN, sock, sock, 2867 c = channel_new("", SSH_CHANNEL_OPEN, sock, sock,
2757 -1, 0, 0, 0, name, 1); 2868 -1, 0, 0, 0, "authentication agent connection", 1);
2758 c->remote_id = remote_id; 2869 c->remote_id = remote_id;
2759 c->force_drain = 1; 2870 c->force_drain = 1;
2760 } 2871 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 12:42:44 +0000