diff options
Diffstat (limited to 'serverloop.c')
-rw-r--r-- | serverloop.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/serverloop.c b/serverloop.c index d6fe24cc1..7be83e2d3 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -58,7 +58,7 @@ | |||
58 | #include "openbsd-compat/sys-queue.h" | 58 | #include "openbsd-compat/sys-queue.h" |
59 | #include "xmalloc.h" | 59 | #include "xmalloc.h" |
60 | #include "packet.h" | 60 | #include "packet.h" |
61 | #include "buffer.h" | 61 | #include "sshbuf.h" |
62 | #include "log.h" | 62 | #include "log.h" |
63 | #include "misc.h" | 63 | #include "misc.h" |
64 | #include "servconf.h" | 64 | #include "servconf.h" |
@@ -67,7 +67,7 @@ | |||
67 | #include "channels.h" | 67 | #include "channels.h" |
68 | #include "compat.h" | 68 | #include "compat.h" |
69 | #include "ssh2.h" | 69 | #include "ssh2.h" |
70 | #include "key.h" | 70 | #include "sshkey.h" |
71 | #include "cipher.h" | 71 | #include "cipher.h" |
72 | #include "kex.h" | 72 | #include "kex.h" |
73 | #include "hostfile.h" | 73 | #include "hostfile.h" |
@@ -103,6 +103,17 @@ static void server_init_dispatch(void); | |||
103 | /* requested tunnel forwarding interface(s), shared with session.c */ | 103 | /* requested tunnel forwarding interface(s), shared with session.c */ |
104 | char *tun_fwd_ifnames = NULL; | 104 | char *tun_fwd_ifnames = NULL; |
105 | 105 | ||
106 | /* returns 1 if bind to specified port by specified user is permitted */ | ||
107 | static int | ||
108 | bind_permitted(int port, uid_t uid) | ||
109 | { | ||
110 | if (use_privsep) | ||
111 | return 1; /* allow system to decide */ | ||
112 | if (port < IPPORT_RESERVED && uid != 0) | ||
113 | return 0; | ||
114 | return 1; | ||
115 | } | ||
116 | |||
106 | /* | 117 | /* |
107 | * we write to this pipe if a SIGCHLD is caught in order to avoid | 118 | * we write to this pipe if a SIGCHLD is caught in order to avoid |
108 | * the race between select() and child_terminated | 119 | * the race between select() and child_terminated |
@@ -145,7 +156,7 @@ notify_done(fd_set *readset) | |||
145 | 156 | ||
146 | if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) | 157 | if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) |
147 | while (read(notify_pipe[0], &c, 1) != -1) | 158 | while (read(notify_pipe[0], &c, 1) != -1) |
148 | debug2("notify_done: reading"); | 159 | debug2("%s: reading", __func__); |
149 | } | 160 | } |
150 | 161 | ||
151 | /*ARGSUSED*/ | 162 | /*ARGSUSED*/ |
@@ -623,7 +634,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
623 | rwindow = packet_get_int(); | 634 | rwindow = packet_get_int(); |
624 | rmaxpack = packet_get_int(); | 635 | rmaxpack = packet_get_int(); |
625 | 636 | ||
626 | debug("server_input_channel_open: ctype %s rchan %d win %d max %d", | 637 | debug("%s: ctype %s rchan %d win %d max %d", __func__, |
627 | ctype, rchan, rwindow, rmaxpack); | 638 | ctype, rchan, rwindow, rmaxpack); |
628 | 639 | ||
629 | if (strcmp(ctype, "session") == 0) { | 640 | if (strcmp(ctype, "session") == 0) { |
@@ -636,7 +647,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
636 | c = server_request_tun(ssh); | 647 | c = server_request_tun(ssh); |
637 | } | 648 | } |
638 | if (c != NULL) { | 649 | if (c != NULL) { |
639 | debug("server_input_channel_open: confirm %s", ctype); | 650 | debug("%s: confirm %s", __func__, ctype); |
640 | c->remote_id = rchan; | 651 | c->remote_id = rchan; |
641 | c->have_remote_id = 1; | 652 | c->have_remote_id = 1; |
642 | c->remote_window = rwindow; | 653 | c->remote_window = rwindow; |
@@ -650,7 +661,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
650 | packet_send(); | 661 | packet_send(); |
651 | } | 662 | } |
652 | } else { | 663 | } else { |
653 | debug("server_input_channel_open: failure %s", ctype); | 664 | debug("%s: failure %s", __func__, ctype); |
654 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); | 665 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); |
655 | packet_put_int(rchan); | 666 | packet_put_int(rchan); |
656 | packet_put_int(reason); | 667 | packet_put_int(reason); |
@@ -750,11 +761,11 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) | |||
750 | struct passwd *pw = the_authctxt->pw; | 761 | struct passwd *pw = the_authctxt->pw; |
751 | 762 | ||
752 | if (pw == NULL || !the_authctxt->valid) | 763 | if (pw == NULL || !the_authctxt->valid) |
753 | fatal("server_input_global_request: no/invalid user"); | 764 | fatal("%s: no/invalid user", __func__); |
754 | 765 | ||
755 | rtype = packet_get_string(NULL); | 766 | rtype = packet_get_string(NULL); |
756 | want_reply = packet_get_char(); | 767 | want_reply = packet_get_char(); |
757 | debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply); | 768 | debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply); |
758 | 769 | ||
759 | /* -R style forwarding */ | 770 | /* -R style forwarding */ |
760 | if (strcmp(rtype, "tcpip-forward") == 0) { | 771 | if (strcmp(rtype, "tcpip-forward") == 0) { |
@@ -763,7 +774,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) | |||
763 | memset(&fwd, 0, sizeof(fwd)); | 774 | memset(&fwd, 0, sizeof(fwd)); |
764 | fwd.listen_host = packet_get_string(NULL); | 775 | fwd.listen_host = packet_get_string(NULL); |
765 | fwd.listen_port = (u_short)packet_get_int(); | 776 | fwd.listen_port = (u_short)packet_get_int(); |
766 | debug("server_input_global_request: tcpip-forward listen %s port %d", | 777 | debug("%s: tcpip-forward listen %s port %d", __func__, |
767 | fwd.listen_host, fwd.listen_port); | 778 | fwd.listen_host, fwd.listen_port); |
768 | 779 | ||
769 | /* check permissions */ | 780 | /* check permissions */ |
@@ -802,7 +813,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) | |||
802 | 813 | ||
803 | memset(&fwd, 0, sizeof(fwd)); | 814 | memset(&fwd, 0, sizeof(fwd)); |
804 | fwd.listen_path = packet_get_string(NULL); | 815 | fwd.listen_path = packet_get_string(NULL); |
805 | debug("server_input_global_request: streamlocal-forward listen path %s", | 816 | debug("%s: streamlocal-forward listen path %s", __func__, |
806 | fwd.listen_path); | 817 | fwd.listen_path); |
807 | 818 | ||
808 | /* check permissions */ | 819 | /* check permissions */ |