summaryrefslogtreecommitdiff
path: root/serverloop.c
diff options
context:
space:
mode:
Diffstat (limited to 'serverloop.c')
-rw-r--r--serverloop.c33
1 files changed, 22 insertions, 11 deletions
diff --git a/serverloop.c b/serverloop.c
index d6fe24cc1..7be83e2d3 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -58,7 +58,7 @@
58#include "openbsd-compat/sys-queue.h" 58#include "openbsd-compat/sys-queue.h"
59#include "xmalloc.h" 59#include "xmalloc.h"
60#include "packet.h" 60#include "packet.h"
61#include "buffer.h" 61#include "sshbuf.h"
62#include "log.h" 62#include "log.h"
63#include "misc.h" 63#include "misc.h"
64#include "servconf.h" 64#include "servconf.h"
@@ -67,7 +67,7 @@
67#include "channels.h" 67#include "channels.h"
68#include "compat.h" 68#include "compat.h"
69#include "ssh2.h" 69#include "ssh2.h"
70#include "key.h" 70#include "sshkey.h"
71#include "cipher.h" 71#include "cipher.h"
72#include "kex.h" 72#include "kex.h"
73#include "hostfile.h" 73#include "hostfile.h"
@@ -103,6 +103,17 @@ static void server_init_dispatch(void);
103/* requested tunnel forwarding interface(s), shared with session.c */ 103/* requested tunnel forwarding interface(s), shared with session.c */
104char *tun_fwd_ifnames = NULL; 104char *tun_fwd_ifnames = NULL;
105 105
106/* returns 1 if bind to specified port by specified user is permitted */
107static int
108bind_permitted(int port, uid_t uid)
109{
110 if (use_privsep)
111 return 1; /* allow system to decide */
112 if (port < IPPORT_RESERVED && uid != 0)
113 return 0;
114 return 1;
115}
116
106/* 117/*
107 * we write to this pipe if a SIGCHLD is caught in order to avoid 118 * we write to this pipe if a SIGCHLD is caught in order to avoid
108 * the race between select() and child_terminated 119 * the race between select() and child_terminated
@@ -145,7 +156,7 @@ notify_done(fd_set *readset)
145 156
146 if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) 157 if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
147 while (read(notify_pipe[0], &c, 1) != -1) 158 while (read(notify_pipe[0], &c, 1) != -1)
148 debug2("notify_done: reading"); 159 debug2("%s: reading", __func__);
149} 160}
150 161
151/*ARGSUSED*/ 162/*ARGSUSED*/
@@ -623,7 +634,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
623 rwindow = packet_get_int(); 634 rwindow = packet_get_int();
624 rmaxpack = packet_get_int(); 635 rmaxpack = packet_get_int();
625 636
626 debug("server_input_channel_open: ctype %s rchan %d win %d max %d", 637 debug("%s: ctype %s rchan %d win %d max %d", __func__,
627 ctype, rchan, rwindow, rmaxpack); 638 ctype, rchan, rwindow, rmaxpack);
628 639
629 if (strcmp(ctype, "session") == 0) { 640 if (strcmp(ctype, "session") == 0) {
@@ -636,7 +647,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
636 c = server_request_tun(ssh); 647 c = server_request_tun(ssh);
637 } 648 }
638 if (c != NULL) { 649 if (c != NULL) {
639 debug("server_input_channel_open: confirm %s", ctype); 650 debug("%s: confirm %s", __func__, ctype);
640 c->remote_id = rchan; 651 c->remote_id = rchan;
641 c->have_remote_id = 1; 652 c->have_remote_id = 1;
642 c->remote_window = rwindow; 653 c->remote_window = rwindow;
@@ -650,7 +661,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
650 packet_send(); 661 packet_send();
651 } 662 }
652 } else { 663 } else {
653 debug("server_input_channel_open: failure %s", ctype); 664 debug("%s: failure %s", __func__, ctype);
654 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); 665 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
655 packet_put_int(rchan); 666 packet_put_int(rchan);
656 packet_put_int(reason); 667 packet_put_int(reason);
@@ -750,11 +761,11 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
750 struct passwd *pw = the_authctxt->pw; 761 struct passwd *pw = the_authctxt->pw;
751 762
752 if (pw == NULL || !the_authctxt->valid) 763 if (pw == NULL || !the_authctxt->valid)
753 fatal("server_input_global_request: no/invalid user"); 764 fatal("%s: no/invalid user", __func__);
754 765
755 rtype = packet_get_string(NULL); 766 rtype = packet_get_string(NULL);
756 want_reply = packet_get_char(); 767 want_reply = packet_get_char();
757 debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply); 768 debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply);
758 769
759 /* -R style forwarding */ 770 /* -R style forwarding */
760 if (strcmp(rtype, "tcpip-forward") == 0) { 771 if (strcmp(rtype, "tcpip-forward") == 0) {
@@ -763,7 +774,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
763 memset(&fwd, 0, sizeof(fwd)); 774 memset(&fwd, 0, sizeof(fwd));
764 fwd.listen_host = packet_get_string(NULL); 775 fwd.listen_host = packet_get_string(NULL);
765 fwd.listen_port = (u_short)packet_get_int(); 776 fwd.listen_port = (u_short)packet_get_int();
766 debug("server_input_global_request: tcpip-forward listen %s port %d", 777 debug("%s: tcpip-forward listen %s port %d", __func__,
767 fwd.listen_host, fwd.listen_port); 778 fwd.listen_host, fwd.listen_port);
768 779
769 /* check permissions */ 780 /* check permissions */
@@ -802,7 +813,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
802 813
803 memset(&fwd, 0, sizeof(fwd)); 814 memset(&fwd, 0, sizeof(fwd));
804 fwd.listen_path = packet_get_string(NULL); 815 fwd.listen_path = packet_get_string(NULL);
805 debug("server_input_global_request: streamlocal-forward listen path %s", 816 debug("%s: streamlocal-forward listen path %s", __func__,
806 fwd.listen_path); 817 fwd.listen_path);
807 818
808 /* check permissions */ 819 /* check permissions */