1 files changed, 98 insertions, 24 deletions
diff --git a/clientloop.c b/clientloop.c
index bccb9be2f..8f16d2fb9 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.40 2000/11/06 23:04:56 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
@@ -75,6 +75,10 @@ RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $");
 #include "buffer.h"
 #include "bufaux.h"
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include "key.h"
+#include "authfd.h"
 /* import options */
 extern Options options;
@@ -1016,13 +1020,99 @@ client_input_exit_status(int type, int plen, void *ctxt)
        quit_pending = 1;
 }
+Channel *
+client_request_forwarded_tcpip(const char *request_type, int rchan)
+{
+        Channel* c = NULL;
+        char *listen_address, *originator_address;
+        int listen_port, originator_port;
+        int sock, newch;
+        /* Get rest of the packet */
+        listen_address = packet_get_string(NULL);
+        listen_port = packet_get_int();
+        originator_address = packet_get_string(NULL);
+        originator_port = packet_get_int();
+        packet_done();
+        debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
+            listen_address, listen_port, originator_address, originator_port);
+        sock = channel_connect_by_listen_adress(listen_port);
+        if (sock >= 0) {
+                newch = channel_new("forwarded-tcpip",
+                    SSH_CHANNEL_OPEN, sock, sock, -1,
+                    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+                    xstrdup(originator_address), 1);
+                c = channel_lookup(newch);
+        }
+        xfree(originator_address);
+        xfree(listen_address);
+        return c;
+}
+Channel*
+client_request_x11(const char *request_type, int rchan)
+{
+        Channel *c = NULL;
+        char *originator;
+        int originator_port;
+        int sock, newch;
+        if (!options.forward_x11) {
+                error("Warning: ssh server tried X11 forwarding.");
+                error("Warning: this is probably a break in attempt by a malicious server.");
+                return NULL;
+        }
+        originator = packet_get_string(NULL);
+        if (datafellows & SSH_BUG_X11FWD) {
+                debug2("buggy server: x11 request w/o originator_port");
+                originator_port = 0;
+        } else {
+                originator_port = packet_get_int();
+        }
+        packet_done();
+        /* XXX check permission */
+        sock = x11_connect_display();
+        if (sock >= 0) {
+                newch = channel_new("x11",
+                    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+                    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0,
+                    xstrdup("x11"), 1);
+                c = channel_lookup(newch);
+        }
+        xfree(originator);
+        return c;
+}
+Channel*
+client_request_agent(const char *request_type, int rchan)
+{
+        Channel *c = NULL;
+        int sock, newch;
+        if (!options.forward_agent) {
+                error("Warning: ssh server tried agent forwarding.");
+                error("Warning: this is probably a break in attempt by a malicious server.");
+                return NULL;
+        }
+        sock =  ssh_get_authentication_socket();
+        if (sock >= 0) {
+                newch = channel_new("authentication agent connection",
+                    SSH_CHANNEL_OPEN, sock, sock, -1,
+                    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+                    xstrdup("authentication agent connection"), 1);
+                c = channel_lookup(newch);
+        }
+        return c;
+}
 /* XXXX move to generic input handler */
 void
 client_input_channel_open(int type, int plen, void *ctxt)
 {
        Channel *c = NULL;
        char *ctype;
-        int id;
        unsigned int len;
        int rchan;
        int rmaxpack;
@@ -1036,28 +1126,12 @@ client_input_channel_open(int type, int plen, void *ctxt)
        debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
            ctype, rchan, rwindow, rmaxpack);
-        if (strcmp(ctype, "x11") == 0 && options.forward_x11) {
+        if (strcmp(ctype, "forwarded-tcpip") == 0) {
-                int sock;
+                c = client_request_forwarded_tcpip(ctype, rchan);
-                char *originator;
+        } else if (strcmp(ctype, "x11") == 0) {
-                int originator_port;
+                c = client_request_x11(ctype, rchan);
-                originator = packet_get_string(NULL);
+        } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
-                if (datafellows & SSH_BUG_X11FWD) {
+                c = client_request_agent(ctype, rchan);
-                        debug2("buggy server: x11 request w/o originator_port");
-                        originator_port = 0;
-                } else {
-                        originator_port = packet_get_int();
-                }
-                packet_done();
-                /* XXX check permission */
-                xfree(originator);
-                /* XXX move to channels.c */
-                sock = x11_connect_display();
-                if (sock >= 0) {
-                        id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
-                            sock, sock, -1, CHAN_X11_WINDOW_DEFAULT,
-                            CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"), 1);
-                        c = channel_lookup(id);
-                }
        }
 /* XXX duplicate : */
        if (c != NULL) {

diff --git a/clientloop.c b/clientloop.c index bccb9be2f..8f16d2fb9 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -59,7 +59,7 @@
59	*/	59	*/
60		60
61	#include "includes.h"	61	#include "includes.h"
62	RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $");	62	RCSID("$OpenBSD: clientloop.c,v 1.40 2000/11/06 23:04:56 markus Exp $");
63		63
64	#include "xmalloc.h"	64	#include "xmalloc.h"
65	#include "ssh.h"	65	#include "ssh.h"
@@ -75,6 +75,10 @@ RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $");
75	#include "buffer.h"	75	#include "buffer.h"
76	#include "bufaux.h"	76	#include "bufaux.h"
77		77
		78	#include <openssl/dsa.h>
		79	#include <openssl/rsa.h>
		80	#include "key.h"
		81	#include "authfd.h"
78		82
79	/* import options */	83	/* import options */
80	extern Options options;	84	extern Options options;
@@ -1016,13 +1020,99 @@ client_input_exit_status(int type, int plen, void *ctxt)
1016	quit_pending = 1;	1020	quit_pending = 1;
1017	}	1021	}
1018		1022
		1023	Channel *
		1024	client_request_forwarded_tcpip(const char *request_type, int rchan)
		1025	{
		1026	Channel* c = NULL;
		1027	char listen_address, originator_address;
		1028	int listen_port, originator_port;
		1029	int sock, newch;
		1030
		1031	/* Get rest of the packet */
		1032	listen_address = packet_get_string(NULL);
		1033	listen_port = packet_get_int();
		1034	originator_address = packet_get_string(NULL);
		1035	originator_port = packet_get_int();
		1036	packet_done();
		1037
		1038	debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
		1039	listen_address, listen_port, originator_address, originator_port);
		1040
		1041	sock = channel_connect_by_listen_adress(listen_port);
		1042	if (sock >= 0) {
		1043	newch = channel_new("forwarded-tcpip",
		1044	SSH_CHANNEL_OPEN, sock, sock, -1,
		1045	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
		1046	xstrdup(originator_address), 1);
		1047	c = channel_lookup(newch);
		1048	}
		1049	xfree(originator_address);
		1050	xfree(listen_address);
		1051	return c;
		1052	}
		1053
		1054	Channel*
		1055	client_request_x11(const char *request_type, int rchan)
		1056	{
		1057	Channel *c = NULL;
		1058	char *originator;
		1059	int originator_port;
		1060	int sock, newch;
		1061
		1062	if (!options.forward_x11) {
		1063	error("Warning: ssh server tried X11 forwarding.");
		1064	error("Warning: this is probably a break in attempt by a malicious server.");
		1065	return NULL;
		1066	}
		1067	originator = packet_get_string(NULL);
		1068	if (datafellows & SSH_BUG_X11FWD) {
		1069	debug2("buggy server: x11 request w/o originator_port");
		1070	originator_port = 0;
		1071	} else {
		1072	originator_port = packet_get_int();
		1073	}
		1074	packet_done();
		1075	/* XXX check permission */
		1076	sock = x11_connect_display();
		1077	if (sock >= 0) {
		1078	newch = channel_new("x11",
		1079	SSH_CHANNEL_X11_OPEN, sock, sock, -1,
		1080	CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0,
		1081	xstrdup("x11"), 1);
		1082	c = channel_lookup(newch);
		1083	}
		1084	xfree(originator);
		1085	return c;
		1086	}
		1087
		1088	Channel*
		1089	client_request_agent(const char *request_type, int rchan)
		1090	{
		1091	Channel *c = NULL;
		1092	int sock, newch;
		1093
		1094	if (!options.forward_agent) {
		1095	error("Warning: ssh server tried agent forwarding.");
		1096	error("Warning: this is probably a break in attempt by a malicious server.");
		1097	return NULL;
		1098	}
		1099	sock = ssh_get_authentication_socket();
		1100	if (sock >= 0) {
		1101	newch = channel_new("authentication agent connection",
		1102	SSH_CHANNEL_OPEN, sock, sock, -1,
		1103	CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
		1104	xstrdup("authentication agent connection"), 1);
		1105	c = channel_lookup(newch);
		1106	}
		1107	return c;
		1108	}
		1109
1019	/* XXXX move to generic input handler */	1110	/* XXXX move to generic input handler */
1020	void	1111	void
1021	client_input_channel_open(int type, int plen, void *ctxt)	1112	client_input_channel_open(int type, int plen, void *ctxt)
1022	{	1113	{
1023	Channel *c = NULL;	1114	Channel *c = NULL;
1024	char *ctype;	1115	char *ctype;
1025	int id;
1026	unsigned int len;	1116	unsigned int len;
1027	int rchan;	1117	int rchan;
1028	int rmaxpack;	1118	int rmaxpack;
@@ -1036,28 +1126,12 @@ client_input_channel_open(int type, int plen, void *ctxt)
1036	debug("client_input_channel_open: ctype %s rchan %d win %d max %d",	1126	debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
1037	ctype, rchan, rwindow, rmaxpack);	1127	ctype, rchan, rwindow, rmaxpack);
1038		1128
1039	if (strcmp(ctype, "x11") == 0 && options.forward_x11) {	1129	if (strcmp(ctype, "forwarded-tcpip") == 0) {
1040	int sock;	1130	c = client_request_forwarded_tcpip(ctype, rchan);
1041	char *originator;	1131	} else if (strcmp(ctype, "x11") == 0) {
1042	int originator_port;	1132	c = client_request_x11(ctype, rchan);
1043	originator = packet_get_string(NULL);	1133	} else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
1044	if (datafellows & SSH_BUG_X11FWD) {	1134	c = client_request_agent(ctype, rchan);
1045	debug2("buggy server: x11 request w/o originator_port");
1046	originator_port = 0;
1047	} else {
1048	originator_port = packet_get_int();
1049	}
1050	packet_done();
1051	/* XXX check permission */
1052	xfree(originator);
1053	/* XXX move to channels.c */
1054	sock = x11_connect_display();
1055	if (sock >= 0) {
1056	id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
1057	sock, sock, -1, CHAN_X11_WINDOW_DEFAULT,
1058	CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"), 1);
1059	c = channel_lookup(id);
1060	}
1061	}	1135	}
1062	/* XXX duplicate : */	1136	/* XXX duplicate : */
1063	if (c != NULL) {	1137	if (c != NULL) {