diff options
Diffstat (limited to 'clientloop.c')
-rw-r--r-- | clientloop.c | 55 |
1 files changed, 36 insertions, 19 deletions
diff --git a/clientloop.c b/clientloop.c index f10fab769..52667017c 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.201 2008/07/16 11:51:14 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.209 2009/02/12 03:00:56 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -107,10 +107,13 @@ | |||
107 | #include "atomicio.h" | 107 | #include "atomicio.h" |
108 | #include "sshpty.h" | 108 | #include "sshpty.h" |
109 | #include "misc.h" | 109 | #include "misc.h" |
110 | #include "monitor_fdpass.h" | ||
111 | #include "match.h" | 110 | #include "match.h" |
112 | #include "msg.h" | 111 | #include "msg.h" |
113 | 112 | ||
113 | #ifdef GSSAPI | ||
114 | #include "ssh-gss.h" | ||
115 | #endif | ||
116 | |||
114 | /* import options */ | 117 | /* import options */ |
115 | extern Options options; | 118 | extern Options options; |
116 | 119 | ||
@@ -765,8 +768,8 @@ process_cmdline(void) | |||
765 | void (*handler)(int); | 768 | void (*handler)(int); |
766 | char *s, *cmd, *cancel_host; | 769 | char *s, *cmd, *cancel_host; |
767 | int delete = 0; | 770 | int delete = 0; |
768 | int local = 0; | 771 | int local = 0, remote = 0, dynamic = 0; |
769 | u_short cancel_port; | 772 | int cancel_port; |
770 | Forward fwd; | 773 | Forward fwd; |
771 | 774 | ||
772 | bzero(&fwd, sizeof(fwd)); | 775 | bzero(&fwd, sizeof(fwd)); |
@@ -790,6 +793,8 @@ process_cmdline(void) | |||
790 | "Request local forward"); | 793 | "Request local forward"); |
791 | logit(" -R[bind_address:]port:host:hostport " | 794 | logit(" -R[bind_address:]port:host:hostport " |
792 | "Request remote forward"); | 795 | "Request remote forward"); |
796 | logit(" -D[bind_address:]port " | ||
797 | "Request dynamic forward"); | ||
793 | logit(" -KR[bind_address:]port " | 798 | logit(" -KR[bind_address:]port " |
794 | "Cancel remote forward"); | 799 | "Cancel remote forward"); |
795 | if (!options.permit_local_command) | 800 | if (!options.permit_local_command) |
@@ -809,17 +814,22 @@ process_cmdline(void) | |||
809 | delete = 1; | 814 | delete = 1; |
810 | s++; | 815 | s++; |
811 | } | 816 | } |
812 | if (*s != 'L' && *s != 'R') { | 817 | if (*s == 'L') |
818 | local = 1; | ||
819 | else if (*s == 'R') | ||
820 | remote = 1; | ||
821 | else if (*s == 'D') | ||
822 | dynamic = 1; | ||
823 | else { | ||
813 | logit("Invalid command."); | 824 | logit("Invalid command."); |
814 | goto out; | 825 | goto out; |
815 | } | 826 | } |
816 | if (*s == 'L') | 827 | |
817 | local = 1; | 828 | if ((local || dynamic) && delete) { |
818 | if (local && delete) { | ||
819 | logit("Not supported."); | 829 | logit("Not supported."); |
820 | goto out; | 830 | goto out; |
821 | } | 831 | } |
822 | if ((!local || delete) && !compat20) { | 832 | if (remote && delete && !compat20) { |
823 | logit("Not supported for SSH protocol version 1."); | 833 | logit("Not supported for SSH protocol version 1."); |
824 | goto out; | 834 | goto out; |
825 | } | 835 | } |
@@ -837,17 +847,17 @@ process_cmdline(void) | |||
837 | cancel_port = a2port(cancel_host); | 847 | cancel_port = a2port(cancel_host); |
838 | cancel_host = NULL; | 848 | cancel_host = NULL; |
839 | } | 849 | } |
840 | if (cancel_port == 0) { | 850 | if (cancel_port <= 0) { |
841 | logit("Bad forwarding close port"); | 851 | logit("Bad forwarding close port"); |
842 | goto out; | 852 | goto out; |
843 | } | 853 | } |
844 | channel_request_rforward_cancel(cancel_host, cancel_port); | 854 | channel_request_rforward_cancel(cancel_host, cancel_port); |
845 | } else { | 855 | } else { |
846 | if (!parse_forward(&fwd, s)) { | 856 | if (!parse_forward(&fwd, s, dynamic, remote)) { |
847 | logit("Bad forwarding specification."); | 857 | logit("Bad forwarding specification."); |
848 | goto out; | 858 | goto out; |
849 | } | 859 | } |
850 | if (local) { | 860 | if (local || dynamic) { |
851 | if (channel_setup_local_fwd_listener(fwd.listen_host, | 861 | if (channel_setup_local_fwd_listener(fwd.listen_host, |
852 | fwd.listen_port, fwd.connect_host, | 862 | fwd.listen_port, fwd.connect_host, |
853 | fwd.connect_port, options.gateway_ports) < 0) { | 863 | fwd.connect_port, options.gateway_ports) < 0) { |
@@ -1036,7 +1046,6 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, | |||
1036 | Supported escape sequences:\r\n\ | 1046 | Supported escape sequences:\r\n\ |
1037 | %c. - terminate session\r\n\ | 1047 | %c. - terminate session\r\n\ |
1038 | %cB - send a BREAK to the remote system\r\n\ | 1048 | %cB - send a BREAK to the remote system\r\n\ |
1039 | %cC - open a command line\r\n\ | ||
1040 | %cR - Request rekey (SSH protocol 2 only)\r\n\ | 1049 | %cR - Request rekey (SSH protocol 2 only)\r\n\ |
1041 | %c# - list forwarded connections\r\n\ | 1050 | %c# - list forwarded connections\r\n\ |
1042 | %c? - this message\r\n\ | 1051 | %c? - this message\r\n\ |
@@ -1045,8 +1054,7 @@ Supported escape sequences:\r\n\ | |||
1045 | escape_char, escape_char, | 1054 | escape_char, escape_char, |
1046 | escape_char, escape_char, | 1055 | escape_char, escape_char, |
1047 | escape_char, escape_char, | 1056 | escape_char, escape_char, |
1048 | escape_char, escape_char, | 1057 | escape_char, escape_char); |
1049 | escape_char); | ||
1050 | } else { | 1058 | } else { |
1051 | snprintf(string, sizeof string, | 1059 | snprintf(string, sizeof string, |
1052 | "%c?\r\n\ | 1060 | "%c?\r\n\ |
@@ -1081,6 +1089,8 @@ Supported escape sequences:\r\n\ | |||
1081 | continue; | 1089 | continue; |
1082 | 1090 | ||
1083 | case 'C': | 1091 | case 'C': |
1092 | if (c && c->ctl_fd != -1) | ||
1093 | goto noescape; | ||
1084 | process_cmdline(); | 1094 | process_cmdline(); |
1085 | continue; | 1095 | continue; |
1086 | 1096 | ||
@@ -1423,6 +1433,13 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1423 | /* Do channel operations unless rekeying in progress. */ | 1433 | /* Do channel operations unless rekeying in progress. */ |
1424 | if (!rekeying) { | 1434 | if (!rekeying) { |
1425 | channel_after_select(readset, writeset); | 1435 | channel_after_select(readset, writeset); |
1436 | |||
1437 | if (options.gss_renewal_rekey && | ||
1438 | ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { | ||
1439 | debug("credentials updated - forcing rekey"); | ||
1440 | need_rekeying = 1; | ||
1441 | } | ||
1442 | |||
1426 | if (need_rekeying || packet_need_rekeying()) { | 1443 | if (need_rekeying || packet_need_rekeying()) { |
1427 | debug("need rekeying"); | 1444 | debug("need rekeying"); |
1428 | xxx_kex->done = 0; | 1445 | xxx_kex->done = 0; |
@@ -1632,7 +1649,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) | |||
1632 | { | 1649 | { |
1633 | Channel *c = NULL; | 1650 | Channel *c = NULL; |
1634 | char *listen_address, *originator_address; | 1651 | char *listen_address, *originator_address; |
1635 | int listen_port, originator_port; | 1652 | u_short listen_port, originator_port; |
1636 | 1653 | ||
1637 | /* Get rest of the packet */ | 1654 | /* Get rest of the packet */ |
1638 | listen_address = packet_get_string(NULL); | 1655 | listen_address = packet_get_string(NULL); |
@@ -1658,7 +1675,7 @@ client_request_x11(const char *request_type, int rchan) | |||
1658 | { | 1675 | { |
1659 | Channel *c = NULL; | 1676 | Channel *c = NULL; |
1660 | char *originator; | 1677 | char *originator; |
1661 | int originator_port; | 1678 | u_short originator_port; |
1662 | int sock; | 1679 | int sock; |
1663 | 1680 | ||
1664 | if (!options.forward_x11) { | 1681 | if (!options.forward_x11) { |
@@ -1722,7 +1739,7 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) | |||
1722 | return 0; | 1739 | return 0; |
1723 | 1740 | ||
1724 | if (!compat20) { | 1741 | if (!compat20) { |
1725 | error("Tunnel forwarding is not support for protocol 1"); | 1742 | error("Tunnel forwarding is not supported for protocol 1"); |
1726 | return -1; | 1743 | return -1; |
1727 | } | 1744 | } |
1728 | 1745 | ||
@@ -1846,7 +1863,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
1846 | if (reply) { | 1863 | if (reply) { |
1847 | packet_start(success ? | 1864 | packet_start(success ? |
1848 | SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); | 1865 | SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); |
1849 | packet_put_int(id); | 1866 | packet_put_int(c->remote_id); |
1850 | packet_send(); | 1867 | packet_send(); |
1851 | } | 1868 | } |
1852 | xfree(rtype); | 1869 | xfree(rtype); |