From 4abde771b73f3a54780ff3dedf59f57f94298870 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 29 Dec 2007 02:43:51 +1100 Subject: - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c sshd.c] Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@ --- channels.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'channels.c') diff --git a/channels.c b/channels.c index 2006353d4..25ebe1294 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.271 2007/12/27 14:22:08 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2409,10 +2409,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por if (addr == NULL) { /* This really shouldn't happen */ packet_disconnect("getaddrinfo: fatal error: %s", - gai_strerror(r)); + ssh_gai_strerror(r)); } else { error("channel_setup_fwd_listener: " - "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); + "getaddrinfo(%.64s): %s", addr, + ssh_gai_strerror(r)); } return 0; } @@ -2732,7 +2733,7 @@ connect_to(const char *host, u_short port) snprintf(strport, sizeof strport, "%d", port); if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) { error("connect_to %.100s: unknown host (%s)", host, - gai_strerror(gaierr)); + ssh_gai_strerror(gaierr)); return -1; } for (ai = aitop; ai; ai = ai->ai_next) { @@ -2874,7 +2875,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", port); if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) { - error("getaddrinfo: %.100s", gai_strerror(gaierr)); + error("getaddrinfo: %.100s", ssh_gai_strerror(gaierr)); return -1; } for (ai = aitop; ai; ai = ai->ai_next) { @@ -3047,7 +3048,8 @@ x11_connect_display(void) hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%u", 6000 + display_number); if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) { - error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); + error("%.100s: unknown host. (%s)", buf, + ssh_gai_strerror(gaierr)); return -1; } for (ai = aitop; ai; ai = ai->ai_next) { -- cgit v1.2.3 From 3de49f8951d8ea4401b0a8ec053fd51d6f309cbe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 10 Feb 2008 22:25:24 +1100 Subject: - djm@cvs.openbsd.org 2008/01/19 23:02:40 [channels.c] When we added support for specified bind addresses for port forwards, we added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of this for -L port forwards that causes the client to listen on both v4 and v6 addresses when connected to a server with this quirk, despite having set 0.0.0.0 as a bind_address. report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@ --- ChangeLog | 10 +++++++++- channels.c | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 066349f4b..3843aeee9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,14 @@ - djm@cvs.openbsd.org 2008/01/19 22:37:19 [ssh-keygen.c] unbreak line numbering (broken in revision 1.164), fix error message + - djm@cvs.openbsd.org 2008/01/19 23:02:40 + [channels.c] + When we added support for specified bind addresses for port forwards, we + added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of + this for -L port forwards that causes the client to listen on both v4 + and v6 addresses when connected to a server with this quirk, despite + having set 0.0.0.0 as a bind_address. + report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@ 20080119 - (djm) Silence noice from expr in ssh-copy-id; patch from @@ -3560,4 +3568,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4826 2008/02/10 11:24:55 djm Exp $ +$Id: ChangeLog,v 1.4827 2008/02/10 11:25:24 djm Exp $ diff --git a/channels.c b/channels.c index 25ebe1294..c766cc275 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.271 2007/12/27 14:22:08 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.272 2008/01/19 23:02:40 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2385,7 +2385,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por wildcard = 1; } else if (gateway_ports || is_client) { if (((datafellows & SSH_OLD_FORWARD_ADDR) && - strcmp(listen_addr, "0.0.0.0") == 0) || + strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || (!is_client && gateway_ports == 1)) wildcard = 1; -- cgit v1.2.3 From 5f5cd746f357a87637a6a91605a44e1ed9a6dab1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 3 Apr 2008 08:43:57 +1100 Subject: - markus@cvs.openbsd.org 2008/04/02 15:36:51 [channels.c] avoid possible hijacking of x11-forwarded connections (back out 1.183) CVE-2008-1483; ok djm@ --- ChangeLog | 9 ++++++++- channels.c | 5 +---- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index b26116e65..8e116c9f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20080403 + - (djm) OpenBSD CVS sync: + - markus@cvs.openbsd.org 2008/04/02 15:36:51 + [channels.c] + avoid possible hijacking of x11-forwarded connections (back out 1.183) + CVE-2008-1483; ok djm@ + 20080327 - (dtucker) Cache selinux status earlier so we know if it's enabled after a chroot. Allows ChrootDirectory to work with selinux support compiled in @@ -3825,4 +3832,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4897 2008/03/27 06:53:09 djm Exp $ +$Id: ChangeLog,v 1.4898 2008/04/02 21:43:57 djm Exp $ diff --git a/channels.c b/channels.c index c766cc275..b6bd901f0 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.272 2008/01/19 23:02:40 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2906,9 +2906,6 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); - if (ai->ai_next) - continue; - for (n = 0; n < num_socks; n++) { close(socks[n]); } -- cgit v1.2.3 From db255cad0531047a3e35a95af74ad2e03b054412 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 19 May 2008 14:59:37 +1000 Subject: - markus@cvs.openbsd.org 2008/05/08 06:59:01 [bufaux.c buffer.h channels.c packet.c packet.h] avoid extra malloc/copy/free when receiving data over the net; ~10% speedup for localhost-scp; ok djm@ --- ChangeLog | 6 +++++- bufaux.c | 18 +++++++++++++++++- buffer.h | 3 ++- channels.c | 9 +++------ packet.c | 8 +++++++- packet.h | 3 ++- 6 files changed, 36 insertions(+), 11 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 4ac32e57f..e7fd87ba8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,10 @@ - jmc@cvs.openbsd.org 2008/05/07 08:00:14 [sshd_config.5] sort; + - markus@cvs.openbsd.org 2008/05/08 06:59:01 + [bufaux.c buffer.h channels.c packet.c packet.h] + avoid extra malloc/copy/free when receiving data over the net; + ~10% speedup for localhost-scp; ok djm@ 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- @@ -3918,4 +3922,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4918 2008/05/19 04:59:02 djm Exp $ +$Id: ChangeLog,v 1.4919 2008/05/19 04:59:37 djm Exp $ diff --git a/bufaux.c b/bufaux.c index cbdc22c64..f03363994 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.44 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: bufaux.c,v 1.45 2008/05/08 06:59:01 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -197,6 +197,22 @@ buffer_get_string(Buffer *buffer, u_int *length_ptr) return (ret); } +void * +buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr) +{ + void *ptr; + u_int len; + + len = buffer_get_int(buffer); + if (len > 256 * 1024) + fatal("buffer_get_string_ptr: bad string length %u", len); + ptr = buffer_ptr(buffer); + buffer_consume(buffer, len); + if (length_ptr) + *length_ptr = len; + return (ptr); +} + /* * Stores and arbitrary binary string in the buffer. */ diff --git a/buffer.h b/buffer.h index ecc4aea83..d0f354ee7 100644 --- a/buffer.h +++ b/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: buffer.h,v 1.17 2008/05/08 06:59:01 markus Exp $ */ /* * Author: Tatu Ylonen @@ -66,6 +66,7 @@ int buffer_get_char(Buffer *); void buffer_put_char(Buffer *, int); void *buffer_get_string(Buffer *, u_int *); +void *buffer_get_string_ptr(Buffer *, u_int *); void buffer_put_string(Buffer *, const void *, u_int); void buffer_put_cstring(Buffer *, const char *); diff --git a/channels.c b/channels.c index b6bd901f0..05c23e59c 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.274 2008/05/08 06:59:01 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2012,7 +2012,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) return; /* Get the data. */ - data = packet_get_string(&data_len); + data = packet_get_string_ptr(&data_len); /* * Ignore data for protocol > 1.3 if output end is no longer open. @@ -2026,7 +2026,6 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) c->local_window -= data_len; c->local_consumed += data_len; } - xfree(data); return; } @@ -2038,17 +2037,15 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) if (data_len > c->local_window) { logit("channel %d: rcvd too much data %d, win %d", c->self, data_len, c->local_window); - xfree(data); return; } c->local_window -= data_len; } - packet_check_eom(); if (c->datagram) buffer_put_string(&c->output, data, data_len); else buffer_append(&c->output, data, data_len); - xfree(data); + packet_check_eom(); } /* ARGSUSED */ diff --git a/packet.c b/packet.c index 6afe24b9f..a34c040d6 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.151 2008/02/22 20:44:02 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.152 2008/05/08 06:59:01 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1332,6 +1332,12 @@ packet_get_string(u_int *length_ptr) return buffer_get_string(&incoming_packet, length_ptr); } +void * +packet_get_string_ptr(u_int *length_ptr) +{ + return buffer_get_string_ptr(&incoming_packet, length_ptr); +} + /* * Sends a diagnostic message from the server to the client. This message * can be sent at any time (but not while constructing another message). The diff --git a/packet.h b/packet.h index c1b9b3bd1..927e0831c 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.46 2008/02/22 20:44:02 dtucker Exp $ */ +/* $OpenBSD: packet.h,v 1.47 2008/05/08 06:59:01 markus Exp $ */ /* * Author: Tatu Ylonen @@ -58,6 +58,7 @@ void packet_get_bignum(BIGNUM * value); void packet_get_bignum2(BIGNUM * value); void *packet_get_raw(u_int *length_ptr); void *packet_get_string(u_int *length_ptr); +void *packet_get_string_ptr(u_int *length_ptr); void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); -- cgit v1.2.3 From b84886ba3e362f54b70aefcbe1aa10606309b7d7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 19 May 2008 15:05:07 +1000 Subject: - djm@cvs.openbsd.org 2008/05/08 12:02:23 [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] [ssh.c sshd.c] Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff) --- ChangeLog | 15 +++++++++++- auth-options.c | 3 ++- auth1.c | 3 ++- channels.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- channels.h | 26 +++++++++++++++++---- clientloop.c | 10 +++++--- gss-serv.c | 3 ++- monitor.c | 3 ++- monitor_wrap.c | 3 ++- nchan.c | 3 ++- servconf.c | 3 ++- serverloop.c | 6 +++-- session.c | 3 ++- ssh.c | 6 +++-- sshd.c | 3 ++- 15 files changed, 132 insertions(+), 31 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index e7fd87ba8..567222e96 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,19 @@ [bufaux.c buffer.h channels.c packet.c packet.h] avoid extra malloc/copy/free when receiving data over the net; ~10% speedup for localhost-scp; ok djm@ + - djm@cvs.openbsd.org 2008/05/08 12:02:23 + [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] + [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] + [ssh.c sshd.c] + Implement a channel success/failure status confirmation callback + mechanism. Each channel maintains a queue of callbacks, which will + be drained in order (RFC4253 guarantees confirm messages are not + reordered within an channel). + Also includes a abandonment callback to clean up if a channel is + closed without sending confirmation messages. This probably + shouldn't happen in compliant implementations, but it could be + abused to leak memory. + ok markus@ (as part of a larger diff) 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- @@ -3922,4 +3935,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4919 2008/05/19 04:59:37 djm Exp $ +$Id: ChangeLog,v 1.4920 2008/05/19 05:05:07 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 6e2256961..3a6c3c0f3 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.41 2008/03/26 21:28:14 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.42 2008/05/08 12:02:23 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -20,6 +20,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "match.h" #include "log.h" diff --git a/auth1.c b/auth1.c index c17cc9133..b5798f634 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.71 2007/09/21 08:15:29 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.72 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -20,6 +20,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" diff --git a/channels.c b/channels.c index 05c23e59c..b5e28dabf 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.274 2008/05/08 06:59:01 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.275 2008/05/08 12:02:23 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -61,6 +61,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" @@ -319,10 +320,11 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->single_connection = 0; c->detach_user = NULL; c->detach_close = 0; - c->confirm = NULL; - c->confirm_ctx = NULL; + c->open_confirm = NULL; + c->open_confirm_ctx = NULL; c->input_filter = NULL; c->output_filter = NULL; + TAILQ_INIT(&c->status_confirms); debug("channel %d: new [%s]", found, remote_name); return c; } @@ -379,6 +381,7 @@ channel_free(Channel *c) { char *s; u_int i, n; + struct channel_confirm *cc; for (n = 0, i = 0; i < channels_alloc; i++) if (channels[i]) @@ -402,6 +405,13 @@ channel_free(Channel *c) xfree(c->remote_name); c->remote_name = NULL; } + while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { + if (cc->abandon_cb != NULL) + cc->abandon_cb(c, cc->ctx); + TAILQ_REMOVE(&c->status_confirms, cc, entry); + bzero(cc, sizeof(*cc)); + xfree(cc); + } channels[c->self] = NULL; xfree(c); } @@ -660,16 +670,33 @@ channel_request_start(int id, char *service, int wantconfirm) } void -channel_register_confirm(int id, channel_callback_fn *fn, void *ctx) +channel_register_status_confirm(int id, channel_confirm_cb *cb, + channel_confirm_abandon_cb *abandon_cb, void *ctx) +{ + struct channel_confirm *cc; + Channel *c; + + if ((c = channel_lookup(id)) == NULL) + fatal("channel_register_expect: %d: bad id", id); + + cc = xmalloc(sizeof(*cc)); + cc->cb = cb; + cc->abandon_cb = abandon_cb; + cc->ctx = ctx; + TAILQ_INSERT_TAIL(&c->status_confirms, cc, entry); +} + +void +channel_register_open_confirm(int id, channel_callback_fn *fn, void *ctx) { Channel *c = channel_lookup(id); if (c == NULL) { - logit("channel_register_comfirm: %d: bad id", id); + logit("channel_register_open_comfirm: %d: bad id", id); return; } - c->confirm = fn; - c->confirm_ctx = ctx; + c->open_confirm = fn; + c->open_confirm_ctx = ctx; } void @@ -2209,9 +2236,9 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) if (compat20) { c->remote_window = packet_get_int(); c->remote_maxpacket = packet_get_int(); - if (c->confirm) { + if (c->open_confirm) { debug2("callback start"); - c->confirm(c->self, c->confirm_ctx); + c->open_confirm(c->self, c->open_confirm_ctx); debug2("callback done"); } debug2("channel %d: open confirm rwindow %u rmax %u", c->self, @@ -2328,6 +2355,34 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) xfree(host); } +/* ARGSUSED */ +void +channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) +{ + Channel *c; + struct channel_confirm *cc; + int remote_id; + + /* Reset keepalive timeout */ + keep_alive_timeouts = 0; + + remote_id = packet_get_int(); + packet_check_eom(); + + debug2("channel_input_confirm: type %d id %d", type, remote_id); + + if ((c = channel_lookup(remote_id)) == NULL) { + logit("channel_input_success_failure: %d: unknown", remote_id); + return; + } + ; + if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL) + return; + cc->cb(type, c, cc->ctx); + TAILQ_REMOVE(&c->status_confirms, cc, entry); + bzero(cc, sizeof(*cc)); + xfree(cc); +} /* -- tcp forwarding */ diff --git a/channels.h b/channels.h index b632a86af..46cde0309 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.89 2007/06/11 09:14:00 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.90 2008/05/08 12:02:23 djm Exp $ */ /* * Author: Tatu Ylonen @@ -64,6 +64,17 @@ typedef void channel_callback_fn(int, void *); typedef int channel_infilter_fn(struct Channel *, char *, int); typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *); +/* Channel success/failure callbacks */ +typedef void channel_confirm_cb(int, struct Channel *, void *); +typedef void channel_confirm_abandon_cb(struct Channel *, void *); +struct channel_confirm { + TAILQ_ENTRY(channel_confirm) entry; + channel_confirm_cb *cb; + channel_confirm_abandon_cb *abandon_cb; + void *ctx; +}; +TAILQ_HEAD(channel_confirms, channel_confirm); + struct Channel { int type; /* channel type/state */ int self; /* my own channel identifier */ @@ -104,10 +115,11 @@ struct Channel { char *ctype; /* type */ /* callback */ - channel_callback_fn *confirm; - void *confirm_ctx; + channel_callback_fn *open_confirm; + void *open_confirm_ctx; channel_callback_fn *detach_user; int detach_close; + struct channel_confirms status_confirms; /* filter */ channel_infilter_fn *input_filter; @@ -170,8 +182,11 @@ void channel_stop_listening(void); void channel_send_open(int); void channel_request_start(int, char *, int); void channel_register_cleanup(int, channel_callback_fn *, int); -void channel_register_confirm(int, channel_callback_fn *, void *); -void channel_register_filter(int, channel_infilter_fn *, channel_outfilter_fn *); +void channel_register_open_confirm(int, channel_callback_fn *, void *); +void channel_register_filter(int, channel_infilter_fn *, + channel_outfilter_fn *); +void channel_register_status_confirm(int, channel_confirm_cb *, + channel_confirm_abandon_cb *, void *); void channel_cancel_cleanup(int); int channel_close_fd(int *); void channel_send_window_changes(void); @@ -188,6 +203,7 @@ void channel_input_open_confirmation(int, u_int32_t, void *); void channel_input_open_failure(int, u_int32_t, void *); void channel_input_port_open(int, u_int32_t, void *); void channel_input_window_adjust(int, u_int32_t, void *); +void channel_input_status_confirm(int, u_int32_t, void *); /* file descriptor handling (read/write) */ diff --git a/clientloop.c b/clientloop.c index 8a40bc71e..edd801440 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.188 2008/02/22 20:44:02 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.189 2008/05/08 12:02:23 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -86,6 +86,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" @@ -700,7 +701,7 @@ client_extra_session2_setup(int id, void *arg) cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); - c->confirm_ctx = NULL; + c->open_confirm_ctx = NULL; buffer_free(&cctx->cmd); xfree(cctx->term); if (cctx->env != NULL) { @@ -940,7 +941,8 @@ client_process_control(fd_set *readset) debug3("%s: channel_new: %d", __func__, c->self); channel_send_open(c->self); - channel_register_confirm(c->self, client_extra_session2_setup, cctx); + channel_register_open_confirm(c->self, + client_extra_session2_setup, cctx); } static void @@ -2068,6 +2070,8 @@ client_init_dispatch_20(void) dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req); dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); + dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm); + dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm); dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request); /* rekeying */ diff --git a/gss-serv.c b/gss-serv.c index bc498fd47..2ec7ea19c 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -35,6 +35,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "buffer.h" #include "key.h" diff --git a/monitor.c b/monitor.c index cc0e0fcac..04f6924b6 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.94 2007/10/29 04:08:08 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.95 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -51,6 +51,7 @@ #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "key.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index e895f1924..72fd5c83c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.60 2007/10/29 04:08:08 dtucker Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.61 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -41,6 +41,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "dh.h" diff --git a/nchan.c b/nchan.c index ad461f4af..0d0faddb3 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.57 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: nchan.c,v 1.58 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -32,6 +32,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "ssh1.h" #include "ssh2.h" #include "buffer.h" diff --git a/servconf.c b/servconf.c index e6d49099b..b8a968aa3 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.178 2008/05/07 05:49:37 pyr Exp $ */ +/* $OpenBSD: servconf.c,v 1.179 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -24,6 +24,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "log.h" diff --git a/serverloop.c b/serverloop.c index bf3f9c9f0..20991c3ce 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.148 2008/02/22 20:44:02 dtucker Exp $ */ +/* $OpenBSD: serverloop.c,v 1.149 2008/05/08 12:02:23 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -56,6 +56,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "packet.h" #include "buffer.h" @@ -1188,8 +1189,9 @@ server_init_dispatch_20(void) dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req); dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request); + dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm); + dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm); /* client_alive */ - dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive); dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive); dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive); /* rekeying */ diff --git a/session.c b/session.c index 16e455588..ca04a4532 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.235 2008/05/07 05:49:37 pyr Exp $ */ +/* $OpenBSD: session.c,v 1.236 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -59,6 +59,7 @@ #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" diff --git a/ssh.c b/ssh.c index 2ed76c9a1..b144a7130 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.309 2008/01/19 20:51:26 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.310 2008/05/08 12:02:23 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -73,6 +73,7 @@ #include #include #include "openbsd-compat/openssl-compat.h" +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" @@ -1195,7 +1196,8 @@ ssh_session2_open(void) channel_send_open(c->self); if (!no_shell_flag) - channel_register_confirm(c->self, ssh_session2_setup, NULL); + channel_register_open_confirm(c->self, + ssh_session2_setup, NULL); return c->self; } diff --git a/sshd.c b/sshd.c index 796310b03..aefbaaa42 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.356 2008/04/13 00:22:17 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.357 2008/05/08 12:02:23 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,7 @@ # include #endif #include "openbsd-compat/sys-tree.h" +#include "openbsd-compat/sys-queue.h" #include #include -- cgit v1.2.3 From bd74025c7b08104828986d01e60f04372b3d5337 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 19 May 2008 15:37:09 +1000 Subject: - djm@cvs.openbsd.org 2008/05/09 04:55:56 [channels.c channels.h clientloop.c serverloop.c] Try additional addresses when connecting to a port forward destination whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@ --- ChangeLog | 9 +++- channels.c | 167 +++++++++++++++++++++++++++++++++++++++-------------------- channels.h | 21 ++++++-- clientloop.c | 21 +++----- serverloop.c | 19 +++---- 5 files changed, 149 insertions(+), 88 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index bd6b640b1..9e683143a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,13 @@ client stderr (subject to LogLevel in the mux master) - better than silently failing. most bits ok markus@ (as part of a larger diff) + - djm@cvs.openbsd.org 2008/05/09 04:55:56 + [channels.c channels.h clientloop.c serverloop.c] + Try additional addresses when connecting to a port forward destination + whose DNS name resolves to more than one address. The previous behaviour + was to try the first address and give up. + Reported by stig AT venaas.com in bz#343 + great feedback and ok markus@ 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- @@ -3964,4 +3971,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4924 2008/05/19 05:36:08 djm Exp $ +$Id: ChangeLog,v 1.4925 2008/05/19 05:37:09 djm Exp $ diff --git a/channels.c b/channels.c index b5e28dabf..1e57951dc 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.275 2008/05/08 12:02:23 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.276 2008/05/09 04:55:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -165,6 +165,10 @@ static int IPv4or6 = AF_UNSPEC; /* helper */ static void port_open_helper(Channel *c, char *rtype); +/* non-blocking connect helpers */ +static int connect_next(struct channel_connect *); +static void channel_connect_ctx_free(struct channel_connect *); + /* -- channel core */ Channel * @@ -1425,7 +1429,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) static void channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset) { - int err = 0; + int err = 0, sock; socklen_t sz = sizeof(err); if (FD_ISSET(c->sock, writeset)) { @@ -1434,7 +1438,9 @@ channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset) error("getsockopt SO_ERROR failed"); } if (err == 0) { - debug("channel %d: connected", c->self); + debug("channel %d: connected to %s port %d", + c->self, c->connect_ctx.host, c->connect_ctx.port); + channel_connect_ctx_free(&c->connect_ctx); c->type = SSH_CHANNEL_OPEN; if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); @@ -1448,8 +1454,19 @@ channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset) packet_put_int(c->self); } } else { - debug("channel %d: not connected: %s", + debug("channel %d: connection failed: %s", c->self, strerror(err)); + /* Try next address, if any */ + if ((sock = connect_next(&c->connect_ctx)) > 0) { + close(c->sock); + c->sock = c->rfd = c->wfd = sock; + channel_max_fd = channel_find_maxfd(); + return; + } + /* Exhausted all addresses */ + error("connect_to %.100s port %d: failed.", + c->connect_ctx.host, c->connect_ctx.port); + channel_connect_ctx_free(&c->connect_ctx); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(c->remote_id); @@ -2327,7 +2344,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) Channel *c = NULL; u_short host_port; char *host, *originator_string; - int remote_id, sock = -1; + int remote_id; remote_id = packet_get_int(); host = packet_get_string(NULL); @@ -2339,20 +2356,16 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) originator_string = xstrdup("unknown (remote did not supply name)"); } packet_check_eom(); - sock = channel_connect_to(host, host_port); - if (sock != -1) { - c = channel_new("connected socket", - SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0, - originator_string, 1); - c->remote_id = remote_id; - } + c = channel_connect_to(host, host_port, + "connected socket", originator_string); xfree(originator_string); + xfree(host); if (c == NULL) { packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); packet_send(); - } - xfree(host); + } else + c->remote_id = remote_id; } /* ARGSUSED */ @@ -2770,35 +2783,26 @@ channel_clear_adm_permitted_opens(void) num_adm_permitted_opens = 0; } -/* return socket to remote host, port */ +/* Try to start non-blocking connect to next host in cctx list */ static int -connect_to(const char *host, u_short port) +connect_next(struct channel_connect *cctx) { - struct addrinfo hints, *ai, *aitop; + int sock, saved_errno; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - int gaierr; - int sock = -1; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = IPv4or6; - hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%d", port); - if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) { - error("connect_to %.100s: unknown host (%s)", host, - ssh_gai_strerror(gaierr)); - return -1; - } - for (ai = aitop; ai; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + for (; cctx->ai; cctx->ai = cctx->ai->ai_next) { + if (cctx->ai->ai_family != AF_INET && + cctx->ai->ai_family != AF_INET6) continue; - if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), - strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("connect_to: getnameinfo failed"); + if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen, + ntop, sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV) != 0) { + error("connect_next: getnameinfo failed"); continue; } - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { - if (ai->ai_next == NULL) + if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, + cctx->ai->ai_protocol)) == -1) { + if (cctx->ai->ai_next == NULL) error("socket: %.100s", strerror(errno)); else verbose("socket: %.100s", strerror(errno)); @@ -2806,45 +2810,94 @@ connect_to(const char *host, u_short port) } if (set_nonblock(sock) == -1) fatal("%s: set_nonblock(%d)", __func__, sock); - if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 && - errno != EINPROGRESS) { - error("connect_to %.100s port %s: %.100s", ntop, strport, + if (connect(sock, cctx->ai->ai_addr, + cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) { + debug("connect_next: host %.100s ([%.100s]:%s): " + "%.100s", cctx->host, ntop, strport, strerror(errno)); + saved_errno = errno; close(sock); + errno = saved_errno; continue; /* fail -- try next */ } - break; /* success */ + debug("connect_next: host %.100s ([%.100s]:%s) " + "in progress, fd=%d", cctx->host, ntop, strport, sock); + cctx->ai = cctx->ai->ai_next; + set_nodelay(sock); + return sock; + } + return -1; +} + +static void +channel_connect_ctx_free(struct channel_connect *cctx) +{ + xfree(cctx->host); + if (cctx->aitop) + freeaddrinfo(cctx->aitop); + bzero(cctx, sizeof(*cctx)); + cctx->host = NULL; + cctx->ai = cctx->aitop = NULL; +} +/* Return CONNECTING channel to remote host, port */ +static Channel * +connect_to(const char *host, u_short port, char *ctype, char *rname) +{ + struct addrinfo hints; + int gaierr; + int sock = -1; + char strport[NI_MAXSERV]; + struct channel_connect cctx; + Channel *c; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = IPv4or6; + hints.ai_socktype = SOCK_STREAM; + snprintf(strport, sizeof strport, "%d", port); + if ((gaierr = getaddrinfo(host, strport, &hints, &cctx.aitop)) != 0) { + error("connect_to %.100s: unknown host (%s)", host, + ssh_gai_strerror(gaierr)); + return NULL; } - freeaddrinfo(aitop); - if (!ai) { - error("connect_to %.100s port %d: failed.", host, port); - return -1; + + cctx.host = xstrdup(host); + cctx.port = port; + cctx.ai = cctx.aitop; + + if ((sock = connect_next(&cctx)) == -1) { + error("connect to %.100s port %d failed: %s", + host, port, strerror(errno)); + channel_connect_ctx_free(&cctx); + return NULL; } - /* success */ - set_nodelay(sock); - return sock; + c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1); + c->connect_ctx = cctx; + return c; } -int -channel_connect_by_listen_address(u_short listen_port) +Channel * +channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) { int i; - for (i = 0; i < num_permitted_opens; i++) + for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && - permitted_opens[i].listen_port == listen_port) + permitted_opens[i].listen_port == listen_port) { return connect_to( permitted_opens[i].host_to_connect, - permitted_opens[i].port_to_connect); + permitted_opens[i].port_to_connect, ctype, rname); + } + } error("WARNING: Server requests forwarding for unknown listen_port %d", listen_port); - return -1; + return NULL; } /* Check if connecting to that port is permitted and connect. */ -int -channel_connect_to(const char *host, u_short port) +Channel * +channel_connect_to(const char *host, u_short port, char *ctype, char *rname) { int i, permit, permit_adm = 1; @@ -2870,9 +2923,9 @@ channel_connect_to(const char *host, u_short port) if (!permit || !permit_adm) { logit("Received request to connect to host %.100s port %d, " "but the request was denied.", host, port); - return -1; + return NULL; } - return connect_to(host, port); + return connect_to(host, port, ctype, rname); } void diff --git a/channels.h b/channels.h index 46cde0309..d4ac24a51 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.90 2008/05/08 12:02:23 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.91 2008/05/09 04:55:56 djm Exp $ */ /* * Author: Tatu Ylonen @@ -75,6 +75,13 @@ struct channel_confirm { }; TAILQ_HEAD(channel_confirms, channel_confirm); +/* Context for non-blocking connects */ +struct channel_connect { + char *host; + int port; + struct addrinfo *ai, *aitop; +}; + struct Channel { int type; /* channel type/state */ int self; /* my own channel identifier */ @@ -125,7 +132,11 @@ struct Channel { channel_infilter_fn *input_filter; channel_outfilter_fn *output_filter; - int datagram; /* keep boundaries */ + /* keep boundaries */ + int datagram; + + /* non-blocking connect */ + struct channel_connect connect_ctx; }; #define CHAN_EXTENDED_IGNORE 0 @@ -225,8 +236,8 @@ int channel_add_adm_permitted_opens(char *, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); int channel_input_port_forward_request(int, int); -int channel_connect_to(const char *, u_short); -int channel_connect_by_listen_address(u_short); +Channel *channel_connect_to(const char *, u_short, char *, char *); +Channel *channel_connect_by_listen_address(u_short, char *, char *); int channel_request_remote_forwarding(const char *, u_short, const char *, u_short); int channel_setup_local_fwd_listener(const char *, u_short, @@ -241,7 +252,7 @@ int x11_connect_display(void); int x11_create_display_inet(int, int, int, u_int *, int **); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *, - const char *); + const char *); void deny_input_open(int, u_int32_t, void *); /* agent forwarding */ diff --git a/clientloop.c b/clientloop.c index c40f2c303..7bd1af60c 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.190 2008/05/08 13:06:10 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.191 2008/05/09 04:55:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1762,7 +1762,6 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) Channel *c = NULL; char *listen_address, *originator_address; int listen_port, originator_port; - int sock; /* Get rest of the packet */ listen_address = packet_get_string(NULL); @@ -1771,19 +1770,13 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) originator_port = packet_get_int(); packet_check_eom(); - debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d", - listen_address, listen_port, originator_address, originator_port); + debug("client_request_forwarded_tcpip: listen %s port %d, " + "originator %s port %d", listen_address, listen_port, + originator_address, originator_port); + + c = channel_connect_by_listen_address(listen_port, + "forwarded-tcpip", originator_address); - sock = channel_connect_by_listen_address(listen_port); - if (sock < 0) { - xfree(originator_address); - xfree(listen_address); - return NULL; - } - c = channel_new("forwarded-tcpip", - SSH_CHANNEL_CONNECTING, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, - originator_address, 1); xfree(originator_address); xfree(listen_address); return c; diff --git a/serverloop.c b/serverloop.c index 20991c3ce..2142f3809 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.149 2008/05/08 12:02:23 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.150 2008/05/09 04:55:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -938,7 +938,6 @@ static Channel * server_request_direct_tcpip(void) { Channel *c; - int sock; char *target, *originator; int target_port, originator_port; @@ -948,18 +947,16 @@ server_request_direct_tcpip(void) originator_port = packet_get_int(); packet_check_eom(); - debug("server_request_direct_tcpip: originator %s port %d, target %s port %d", - originator, originator_port, target, target_port); + debug("server_request_direct_tcpip: originator %s port %d, target %s " + "port %d", originator, originator_port, target, target_port); /* XXX check permission */ - sock = channel_connect_to(target, target_port); - xfree(target); + c = channel_connect_to(target, target_port, + "direct-tcpip", "direct-tcpip"); + xfree(originator); - if (sock < 0) - return NULL; - c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, - sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, - CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); + xfree(target); + return c; } -- cgit v1.2.3 From d654dd27b5774575edd341827c38735ac9222174 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 19 May 2008 16:05:41 +1000 Subject: - markus@cvs.openbsd.org 2008/05/09 16:17:51 [channels.c] error-fd race: don't enable the error fd in the select bitmask for channels with both in- and output closed, since the channel will go away before we call select(); report, lots of debugging help and ok djm@ --- ChangeLog | 8 +++++++- channels.c | 5 +++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 513fbe243..fd75c3404 100644 --- a/ChangeLog +++ b/ChangeLog @@ -127,6 +127,12 @@ a SIGPIPE when the forked program does a write. ok djm@ (Id sync only, USE_PIPES never left portable OpenSSH) + - markus@cvs.openbsd.org 2008/05/09 16:17:51 + [channels.c] + error-fd race: don't enable the error fd in the select bitmask + for channels with both in- and output closed, since the channel + will go away before we call select(); + report, lots of debugging help and ok djm@ 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- @@ -3987,4 +3993,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4928 2008/05/19 06:04:56 djm Exp $ +$Id: ChangeLog,v 1.4929 2008/05/19 06:05:41 djm Exp $ diff --git a/channels.c b/channels.c index 1e57951dc..99b23d75f 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.276 2008/05/09 04:55:56 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.277 2008/05/09 16:17:51 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -819,7 +819,8 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) } } /** XXX check close conditions, too */ - if (compat20 && c->efd != -1) { + if (compat20 && c->efd != -1 && + !(c->istate == CHAN_INPUT_CLOSED && c->ostate == CHAN_OUTPUT_CLOSED)) { if (c->extended_usage == CHAN_EXTENDED_WRITE && buffer_len(&c->extended) > 0) FD_SET(c->efd, writeset); -- cgit v1.2.3 From e7140f20cb2da1456e6080059eef54cf0f3533f2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 10 Jun 2008 23:01:51 +1000 Subject: - dtucker@cvs.openbsd.org 2008/06/10 04:50:25 [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8] Add extended test mode (-T) and connection parameters for test mode (-C). -T causes sshd to write its effective configuration to stdout and exit. -C causes any relevant Match rules to be applied before output. The combination allows tesing of the parser and config files. ok deraadt djm --- ChangeLog | 8 +- channels.c | 13 +++- channels.h | 3 +- log.c | 24 +++++- log.h | 6 +- servconf.c | 241 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- servconf.h | 3 +- sshd.8 | 34 ++++++++- sshd.c | 47 +++++++++++- 9 files changed, 355 insertions(+), 24 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index e16603175..3c2cc2168 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,12 @@ - djm@cvs.openbsd.org 2008/06/10 04:17:46 [sshd_config.5] better reference for pattern-list + - dtucker@cvs.openbsd.org 2008/06/10 04:50:25 + [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8] + Add extended test mode (-T) and connection parameters for test mode (-C). + -T causes sshd to write its effective configuration to stdout and exit. + -C causes any relevant Match rules to be applied before output. The + combination allows tesing of the parser and config files. ok deraadt djm 20080609 - (dtucker) OpenBSD CVS Sync @@ -4098,4 +4104,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4950 2008/06/10 12:59:53 dtucker Exp $ +$Id: ChangeLog,v 1.4951 2008/06/10 13:01:51 dtucker Exp $ diff --git a/channels.c b/channels.c index 99b23d75f..6808d3a05 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.277 2008/05/09 16:17:51 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.278 2008/06/10 04:50:25 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2784,6 +2784,17 @@ channel_clear_adm_permitted_opens(void) num_adm_permitted_opens = 0; } +void +channel_print_adm_permitted_opens(void) +{ + static int i; + + for (i = 0; i < num_adm_permitted_opens; i++) + if (permitted_adm_opens[i].host_to_connect != NULL) + printf(" %s:%d", permitted_adm_opens[i].host_to_connect, + permitted_adm_opens[i].port_to_connect); +} + /* Try to start non-blocking connect to next host in cctx list */ static int connect_next(struct channel_connect *cctx) diff --git a/channels.h b/channels.h index ec2435df0..dc1f483ed 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.92 2008/05/09 16:21:13 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.93 2008/06/10 04:50:25 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -235,6 +235,7 @@ void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); +void channel_print_adm_permitted_opens(void); int channel_input_port_forward_request(int, int); Channel *channel_connect_to(const char *, u_short, char *, char *); Channel *channel_connect_by_listen_address(u_short, char *, char *); diff --git a/log.c b/log.c index fae5b043f..4a8239b93 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.40 2007/05/17 07:50:31 djm Exp $ */ +/* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -114,6 +114,17 @@ log_facility_number(char *name) return SYSLOG_FACILITY_NOT_SET; } +const char * +log_facility_name(SyslogFacility facility) +{ + u_int i; + + for (i = 0; log_facilities[i].name; i++) + if (log_facilities[i].val == facility) + return log_facilities[i].name; + return NULL; +} + LogLevel log_level_number(char *name) { @@ -126,6 +137,17 @@ log_level_number(char *name) return SYSLOG_LEVEL_NOT_SET; } +const char * +log_level_name(LogLevel level) +{ + u_int i; + + for (i = 0; log_levels[i].name != NULL; i++) + if (log_levels[i].val == level) + return log_levels[i].name; + return NULL; +} + /* Error messages that should be logged. */ void diff --git a/log.h b/log.h index 7a8c57079..fa0996ad5 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.15 2006/08/18 09:13:25 deraadt Exp $ */ +/* $OpenBSD: log.h,v 1.16 2008/06/10 04:50:25 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -49,7 +49,9 @@ typedef enum { void log_init(char *, LogLevel, SyslogFacility, int); SyslogFacility log_facility_number(char *); -LogLevel log_level_number(char *); +const char * log_facility_name(SyslogFacility); +LogLevel log_level_number(char *); +const char * log_level_name(LogLevel); void fatal(const char *, ...) __dead __attribute__((format(printf, 1, 2))); void error(const char *, ...) __attribute__((format(printf, 1, 2))); diff --git a/servconf.c b/servconf.c index 07a201034..63704fb33 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.181 2008/06/10 03:57:27 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.182 2008/06/10 04:50:25 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -23,6 +23,7 @@ #include #include #include +#include #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" @@ -417,6 +418,17 @@ static struct { { NULL, sBadOption, 0 } }; +static struct { + int val; + char *text; +} tunmode_desc[] = { + { SSH_TUNMODE_NO, "no" }, + { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, + { SSH_TUNMODE_ETHERNET, "ethernet" }, + { SSH_TUNMODE_YES, "yes" }, + { -1, NULL } +}; + /* * Returns the number of the token pointed to by cp or sBadOption. */ @@ -1211,16 +1223,13 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: Missing yes/point-to-point/" "ethernet/no argument.", filename, linenum); - value = 0; /* silence compiler */ - if (strcasecmp(arg, "ethernet") == 0) - value = SSH_TUNMODE_ETHERNET; - else if (strcasecmp(arg, "point-to-point") == 0) - value = SSH_TUNMODE_POINTOPOINT; - else if (strcasecmp(arg, "yes") == 0) - value = SSH_TUNMODE_YES; - else if (strcasecmp(arg, "no") == 0) - value = SSH_TUNMODE_NO; - else + value = -1; + for (i = 0; tunmode_desc[i].val != -1; i++) + if (strcmp(tunmode_desc[i].text, arg) == 0) { + value = tunmode_desc[i].val; + break; + } + if (value == -1) fatal("%s line %d: Bad yes/point-to-point/ethernet/" "no argument: %s", filename, linenum, arg); if (*intptr == -1) @@ -1426,3 +1435,213 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, fatal("%s: terminating, %d bad configuration options", filename, bad_options); } + +static const char * +fmt_intarg(ServerOpCodes code, int val) +{ + if (code == sAddressFamily) { + switch (val) { + case AF_INET: + return "inet"; + case AF_INET6: + return "inet6"; + case AF_UNSPEC: + return "any"; + default: + return "UNKNOWN"; + } + } + if (code == sPermitRootLogin) { + switch (val) { + case PERMIT_NO_PASSWD: + return "without-passord"; + case PERMIT_FORCED_ONLY: + return "forced-commands-only"; + case PERMIT_YES: + return "yes"; + } + } + if (code == sProtocol) { + switch (val) { + case SSH_PROTO_1: + return "1"; + case SSH_PROTO_2: + return "2"; + case (SSH_PROTO_1|SSH_PROTO_2): + return "2,1"; + default: + return "UNKNOWN"; + } + } + if (code == sGatewayPorts && val == 2) + return "clientspecified"; + if (code == sCompression && val == COMP_DELAYED) + return "delayed"; + switch (val) { + case -1: + return "unset"; + case 0: + return "no"; + case 1: + return "yes"; + } + return "UNKNOWN"; +} + +static const char * +lookup_opcode_name(ServerOpCodes code) +{ + u_int i; + + for (i = 0; keywords[i].name != NULL; i++) + if (keywords[i].opcode == code) + return(keywords[i].name); + return "UNKNOWN"; +} + +static void +dump_cfg_int(ServerOpCodes code, int val) +{ + printf("%s %d\n", lookup_opcode_name(code), val); +} + +static void +dump_cfg_fmtint(ServerOpCodes code, int val) +{ + printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); +} + +static void +dump_cfg_string(ServerOpCodes code, const char *val) +{ + if (val == NULL) + return; + printf("%s %s\n", lookup_opcode_name(code), val); +} + +static void +dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) +{ + u_int i; + + for (i = 0; i < count; i++) + printf("%s %s\n", lookup_opcode_name(code), vals[i]); +} + +void +dump_config(ServerOptions *o) +{ + u_int i; + int ret; + struct addrinfo *ai; + char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; + + /* these are usually at the top of the config */ + for (i = 0; i < o->num_ports; i++) + printf("port %d\n", o->ports[i]); + dump_cfg_fmtint(sProtocol, o->protocol); + dump_cfg_fmtint(sAddressFamily, o->address_family); + + /* ListenAddress must be after Port */ + for (ai = o->listen_addrs; ai; ai = ai->ai_next) { + if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, + sizeof(addr), port, sizeof(port), + NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { + error("getnameinfo failed: %.100s", + (ret != EAI_SYSTEM) ? gai_strerror(ret) : + strerror(errno)); + } else { + if (ai->ai_family == AF_INET6) + printf("listenaddress [%s]:%s\n", addr, port); + else + printf("listenaddress %s:%s\n", addr, port); + } + } + + /* integer arguments */ + dump_cfg_int(sServerKeyBits, o->server_key_bits); + dump_cfg_int(sLoginGraceTime, o->login_grace_time); + dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); + dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); + dump_cfg_int(sMaxAuthTries, o->max_authtries); + dump_cfg_int(sClientAliveInterval, o->client_alive_interval); + dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); + + /* formatted integer arguments */ + dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); + dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); + dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); + dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); + dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); + dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, + o->hostbased_uses_name_from_packet_only); + dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); + dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); + dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); + dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); + dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); + dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); + dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); + dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); + dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); + dump_cfg_fmtint(sKbdInteractiveAuthentication, + o->kbd_interactive_authentication); + dump_cfg_fmtint(sChallengeResponseAuthentication, + o->challenge_response_authentication); + dump_cfg_fmtint(sPrintMotd, o->print_motd); + dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); + dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); + dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); + dump_cfg_fmtint(sStrictModes, o->strict_modes); + dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); + dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); + dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); + dump_cfg_fmtint(sUseLogin, o->use_login); + dump_cfg_fmtint(sCompression, o->compression); + dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); + dump_cfg_fmtint(sUseDNS, o->use_dns); + dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); + dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); + + /* string arguments */ + dump_cfg_string(sPidFile, o->pid_file); + dump_cfg_string(sXAuthLocation, o->xauth_location); + dump_cfg_string(sCiphers, o->ciphers); + dump_cfg_string(sMacs, o->macs); + dump_cfg_string(sBanner, o->banner); + dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); + dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2); + dump_cfg_string(sForceCommand, o->adm_forced_command); + + /* string arguments requiring a lookup */ + dump_cfg_string(sLogLevel, log_level_name(o->log_level)); + dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); + + /* string array arguments */ + dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, + o->host_key_files); + dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); + dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); + dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); + dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); + dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); + + /* other arguments */ + for (i = 0; i < o->num_subsystems; i++) + printf("subsystem %s %s\n", o->subsystem_name[i], + o->subsystem_args[i]); + + printf("maxstartups %d:%d:%d\n", o->max_startups_begin, + o->max_startups_rate, o->max_startups); + + for (i = 0; tunmode_desc[i].val != -1; i++) + if (tunmode_desc[i].val == o->permit_tun) { + s = tunmode_desc[i].text; + break; + } + dump_cfg_string(sPermitTunnel, s); + + printf("permitopen"); + channel_print_adm_permitted_opens(); + printf("\n"); +} diff --git a/servconf.h b/servconf.h index 819a028c8..40ac64f13 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.84 2008/05/08 12:21:16 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.85 2008/06/10 04:50:25 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -161,5 +161,6 @@ void parse_server_config(ServerOptions *, const char *, Buffer *, void parse_server_match_config(ServerOptions *, const char *, const char *, const char *); void copy_set_server_options(ServerOptions *, ServerOptions *, int); +void dump_config(ServerOptions *); #endif /* SERVCONF_H */ diff --git a/sshd.8 b/sshd.8 index 750d64c3e..7274d0928 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.241 2008/03/27 22:37:57 jmc Exp $ -.Dd $Mdocdate: March 27 2008 $ +.\" $OpenBSD: sshd.8,v 1.242 2008/06/10 04:50:25 dtucker Exp $ +.Dd $Mdocdate: June 10 2008 $ .Dt SSHD 8 .Os .Sh NAME @@ -44,8 +44,9 @@ .Sh SYNOPSIS .Nm sshd .Bk -words -.Op Fl 46Ddeiqt +.Op Fl 46DTdeiqt .Op Fl b Ar bits +.Op Fl C Ar connection_spec .Op Fl f Ar config_file .Op Fl g Ar login_grace_time .Op Fl h Ar host_key_file @@ -197,6 +198,33 @@ Only check the validity of the configuration file and sanity of the keys. This is useful for updating .Nm reliably as configuration options may change. +.It Fl T +Extended test mode. +Check the validity of the configuration file, output the effective configuration +to stdout and then exit. +Optionally, +.Cm Match +rules may be applied by specifying the connection parameters using one or more +.Fl C +options. +.It Fl C +Specify the connection parameters to use for the the +.Fl T +extended test mode. +If provided, any +.Cm Match +directives in the configuration file +that would apply to the specified user, host and address will be set before +the configuration is written to standard output. +The connection parameters are supplied as keyword=value pairs. +The keywords are +.Dq user , +.Dq host +and +.Dq addr +All are required and may be supplied in any order, either with multiple +.Fl C +options or as a comma-separated list. .It Fl u Ar len This option is used to specify the size of the field in the diff --git a/sshd.c b/sshd.c index aefbaaa42..ccff65d06 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.357 2008/05/08 12:02:23 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.358 2008/06/10 04:50:25 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1240,8 +1240,9 @@ main(int ac, char **av) int opt, i, on = 1; int sock_in = -1, sock_out = -1, newsock = -1; const char *remote_ip; + char *test_user = NULL, *test_host = NULL, *test_addr = NULL; int remote_port; - char *line; + char *line, *p, *cp; int config_s[2] = { -1 , -1 }; Key *key; Authctxt *authctxt; @@ -1276,7 +1277,7 @@ main(int ac, char **av) initialize_server_options(&options); /* Parse command-line arguments. */ - while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { + while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) { switch (opt) { case '4': options.address_family = AF_INET; @@ -1354,6 +1355,25 @@ main(int ac, char **av) case 't': test_flag = 1; break; + case 'T': + test_flag = 2; + break; + case 'C': + cp = optarg; + while ((p = strsep(&cp, ",")) && *p != '\0') { + if (strncmp(p, "addr=", 5) == 0) + test_addr = xstrdup(p + 5); + else if (strncmp(p, "host=", 5) == 0) + test_host = xstrdup(p + 5); + else if (strncmp(p, "user=", 5) == 0) + test_user = xstrdup(p + 5); + else { + fprintf(stderr, "Invalid test " + "mode specification %s\n", p); + exit(1); + } + } + break; case 'u': utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); if (utmp_len > MAXHOSTNAMELEN) { @@ -1415,6 +1435,20 @@ main(int ac, char **av) sensitive_data.have_ssh1_key = 0; sensitive_data.have_ssh2_key = 0; + /* + * If we're doing an extended config test, make sure we have all of + * the parameters we need. If we're not doing an extended test, + * do not silently ignore connection test params. + */ + if (test_flag >= 2 && (test_user != NULL || test_host != NULL || test_addr != NULL) + && (test_user == NULL || test_host == NULL || test_addr == NULL)) + fatal("user, host and addr are all required when testing " + "Match configs"); + if (test_flag < 2 && (test_user != NULL || test_host != NULL || + test_addr != NULL)) + fatal("Config test connection parameter (-C) provided without " + "test mode (-T)"); + /* Fetch our configuration */ buffer_init(&cfg); if (rexeced_flag) @@ -1543,6 +1577,13 @@ main(int ac, char **av) "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); } + if (test_flag > 1) { + if (test_user != NULL && test_addr != NULL && test_host != NULL) + parse_server_match_config(&options, test_user, + test_host, test_addr); + dump_config(&options); + } + /* Configuration looks good, so exit if in test mode. */ if (test_flag) exit(0); -- cgit v1.2.3 From 4401e45be6a89f8b2b9f9ba96137107bce39943d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 12 Jun 2008 06:05:12 +1000 Subject: - (djm) [channels.c configure.ac] Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) bz#1464; ok dtucker --- ChangeLog | 7 ++++++- channels.c | 12 ++---------- configure.ac | 5 ++--- 3 files changed, 10 insertions(+), 14 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index d4dfd8801..9609b4d61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20080611 + - (djm) [channels.c configure.ac] + Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) + bz#1464; ok dtucker + 20080610 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2008/06/10 03:57:27 @@ -4154,4 +4159,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4966 2008/06/10 23:47:59 dtucker Exp $ +$Id: ChangeLog,v 1.4967 2008/06/11 20:05:12 djm Exp $ diff --git a/channels.c b/channels.c index 6808d3a05..233c2247b 100644 --- a/channels.c +++ b/channels.c @@ -3018,7 +3018,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); } #endif - channel_set_reuseaddr(sock); + if (x11_use_localhost) + channel_set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); @@ -3030,17 +3031,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, break; } socks[num_socks++] = sock; -#ifndef DONT_TRY_OTHER_AF if (num_socks == NUM_SOCKS) break; -#else - if (x11_use_localhost) { - if (num_socks == NUM_SOCKS) - break; - } else { - break; - } -#endif } freeaddrinfo(aitop); if (num_socks > 0) diff --git a/configure.ac b/configure.ac index 130ef6bc0..7ad732657 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.403 2008/06/10 18:15:05 dtucker Exp $ +# $Id: configure.ac,v 1.404 2008/06/11 20:05:12 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.403 $) +AC_REVISION($Revision: 1.404 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -553,7 +553,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) no_dev_ptmx=1 check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 - AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks]) AC_DEFINE(PAM_TTY_KLUDGE, 1, [Work around problematic Linux PAM modules handling of PAM_TTY]) AC_DEFINE(LOCKED_PASSWD_PREFIX, "!", -- cgit v1.2.3 From 2fb66caca2c9e69c6a0584060114fcd52e59d5ff Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:49:33 +1000 Subject: - djm@cvs.openbsd.org 2008/06/12 03:40:52 [clientloop.h mux.c channels.c clientloop.c channels.h] Enable ~ escapes for multiplex slave sessions; give each channel its own escape state and hook the escape filters up to muxed channels. bz #1331 Mux slaves do not currently support the ~^Z and ~& escapes. NB. this change cranks the mux protocol version, so a new ssh mux client will not be able to connect to a running old ssh mux master. ok dtucker@ --- ChangeLog | 12 ++++- channels.c | 5 +- channels.h | 5 +- clientloop.c | 154 +++++++++++++++++++++++++++++++++++++++++++++-------------- clientloop.h | 22 +++------ mux.c | 93 ++++++++++++++++++++++++------------ 6 files changed, 202 insertions(+), 89 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 27a2a7abc..ca0d8ea57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -68,6 +68,16 @@ [key.c] use an odd number of rows and columns and a separate start marker, looks better; ok grunk@ + - djm@cvs.openbsd.org 2008/06/12 03:40:52 + [clientloop.h mux.c channels.c clientloop.c channels.h] + Enable ~ escapes for multiplex slave sessions; give each channel + its own escape state and hook the escape filters up to muxed + channels. bz #1331 + Mux slaves do not currently support the ~^Z and ~& escapes. + NB. this change cranks the mux protocol version, so a new ssh + mux client will not be able to connect to a running old ssh + mux master. + ok dtucker@ 20080611 - (djm) [channels.c configure.ac] @@ -4230,4 +4240,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4976 2008/06/12 18:48:11 dtucker Exp $ +$Id: ChangeLog,v 1.4977 2008/06/12 18:49:33 dtucker Exp $ diff --git a/channels.c b/channels.c index 233c2247b..c539990f6 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.278 2008/06/10 04:50:25 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.279 2008/06/12 03:40:52 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -731,7 +731,7 @@ channel_cancel_cleanup(int id) void channel_register_filter(int id, channel_infilter_fn *ifn, - channel_outfilter_fn *ofn) + channel_outfilter_fn *ofn, void *ctx) { Channel *c = channel_lookup(id); @@ -741,6 +741,7 @@ channel_register_filter(int id, channel_infilter_fn *ifn, } c->input_filter = ifn; c->output_filter = ofn; + c->filter_ctx = ctx; } void diff --git a/channels.h b/channels.h index dc1f483ed..450321d43 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.93 2008/06/10 04:50:25 dtucker Exp $ */ +/* $OpenBSD: channels.h,v 1.94 2008/06/12 03:40:52 djm Exp $ */ /* * Author: Tatu Ylonen @@ -131,6 +131,7 @@ struct Channel { /* filter */ channel_infilter_fn *input_filter; channel_outfilter_fn *output_filter; + void *filter_ctx; /* keep boundaries */ int datagram; @@ -195,7 +196,7 @@ void channel_request_start(int, char *, int); void channel_register_cleanup(int, channel_callback_fn *, int); void channel_register_open_confirm(int, channel_callback_fn *, void *); void channel_register_filter(int, channel_infilter_fn *, - channel_outfilter_fn *); + channel_outfilter_fn *, void *); void channel_register_status_confirm(int, channel_confirm_cb *, channel_confirm_abandon_cb *, void *); void channel_cancel_cleanup(int); diff --git a/clientloop.c b/clientloop.c index 3bc8bb8d0..b45e7298a 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.194 2008/05/19 20:53:52 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.195 2008/06/12 03:40:52 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -144,8 +144,8 @@ static int in_non_blocking_mode = 0; /* Common data for the client loop code. */ static volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */ -static int escape_char; /* Escape character. */ -static int escape_pending; /* Last character was the escape character */ +static int escape_char1; /* Escape character. (proto1 only) */ +static int escape_pending1; /* Last character was an escape (proto1 only) */ static int last_was_cr; /* Last character was a newline. */ static int exit_status; /* Used to store the exit status of the command. */ static int stdin_eof; /* EOF has been encountered on standard error. */ @@ -162,6 +162,13 @@ static int session_closed = 0; /* In SSH2: login session closed. */ static void client_init_dispatch(void); int session_ident = -1; +/* Track escape per proto2 channel */ +struct escape_filter_ctx { + int escape_pending; + int escape_char; +}; + +/* Context for channel confirmation replies */ struct channel_reply_ctx { const char *request_type; int id, do_close; @@ -385,8 +392,8 @@ client_check_initial_eof_on_stdin(void) * and also process it as an escape character if * appropriate. */ - if ((u_char) buf[0] == escape_char) - escape_pending = 1; + if ((u_char) buf[0] == escape_char1) + escape_pending1 = 1; else buffer_append(&stdin_buffer, buf, 1); } @@ -813,9 +820,12 @@ out: xfree(fwd.connect_host); } -/* process the characters one by one */ +/* + * Process the characters one by one, call with c==NULL for proto1 case. + */ static int -process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) +process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, + char *buf, int len) { char string[1024]; pid_t pid; @@ -823,7 +833,20 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) u_int i; u_char ch; char *s; + int *escape_pendingp, escape_char; + struct escape_filter_ctx *efc; + if (c == NULL) { + escape_pendingp = &escape_pending1; + escape_char = escape_char1; + } else { + if (c->filter_ctx == NULL) + return 0; + efc = (struct escape_filter_ctx *)c->filter_ctx; + escape_pendingp = &efc->escape_pending; + escape_char = efc->escape_char; + } + if (len <= 0) return (0); @@ -831,25 +854,43 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) /* Get one character at a time. */ ch = buf[i]; - if (escape_pending) { + if (*escape_pendingp) { /* We have previously seen an escape character. */ /* Clear the flag now. */ - escape_pending = 0; + *escape_pendingp = 0; /* Process the escaped character. */ switch (ch) { case '.': /* Terminate the connection. */ - snprintf(string, sizeof string, "%c.\r\n", escape_char); + snprintf(string, sizeof string, "%c.\r\n", + escape_char); buffer_append(berr, string, strlen(string)); - quit_pending = 1; + if (c && c->ctl_fd != -1) { + chan_read_failed(c); + chan_write_failed(c); + return 0; + } else + quit_pending = 1; return -1; case 'Z' - 64: + /* XXX support this for mux clients */ + if (c && c->ctl_fd != -1) { + noescape: + snprintf(string, sizeof string, + "%c%c escape not available to " + "multiplexed sessions\r\n", + escape_char, ch); + buffer_append(berr, string, + strlen(string)); + continue; + } /* Suspend the program. */ /* Print a message to that effect to the user. */ - snprintf(string, sizeof string, "%c^Z [suspend ssh]\r\n", escape_char); + snprintf(string, sizeof string, + "%c^Z [suspend ssh]\r\n", escape_char); buffer_append(berr, string, strlen(string)); /* Restore terminal modes and suspend. */ @@ -881,6 +922,8 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) continue; case '&': + if (c && c->ctl_fd != -1) + goto noescape; /* * Detach the program (continue to serve connections, * but put in background and no more new connections). @@ -929,27 +972,50 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) continue; case '?': - snprintf(string, sizeof string, + if (c && c->ctl_fd != -1) { + snprintf(string, sizeof string, "%c?\r\n\ Supported escape sequences:\r\n\ -%c. - terminate connection\r\n\ -%cB - send a BREAK to the remote system\r\n\ -%cC - open a command line\r\n\ -%cR - Request rekey (SSH protocol 2 only)\r\n\ -%c^Z - suspend ssh\r\n\ -%c# - list forwarded connections\r\n\ -%c& - background ssh (when waiting for connections to terminate)\r\n\ -%c? - this message\r\n\ -%c%c - send the escape character by typing it twice\r\n\ + %c. - terminate session\r\n\ + %cB - send a BREAK to the remote system\r\n\ + %cC - open a command line\r\n\ + %cR - Request rekey (SSH protocol 2 only)\r\n\ + %c# - list forwarded connections\r\n\ + %c? - this message\r\n\ + %c%c - send the escape character by typing it twice\r\n\ (Note that escapes are only recognized immediately after newline.)\r\n", - escape_char, escape_char, escape_char, escape_char, - escape_char, escape_char, escape_char, escape_char, - escape_char, escape_char, escape_char); + escape_char, escape_char, + escape_char, escape_char, + escape_char, escape_char, + escape_char, escape_char, + escape_char); + } else { + snprintf(string, sizeof string, +"%c?\r\n\ +Supported escape sequences:\r\n\ + %c. - terminate connection (and any multiplexed sessions)\r\n\ + %cB - send a BREAK to the remote system\r\n\ + %cC - open a command line\r\n\ + %cR - Request rekey (SSH protocol 2 only)\r\n\ + %c^Z - suspend ssh\r\n\ + %c# - list forwarded connections\r\n\ + %c& - background ssh (when waiting for connections to terminate)\r\n\ + %c? - this message\r\n\ + %c%c - send the escape character by typing it twice\r\n\ +(Note that escapes are only recognized immediately after newline.)\r\n", + escape_char, escape_char, + escape_char, escape_char, + escape_char, escape_char, + escape_char, escape_char, + escape_char, escape_char, + escape_char); + } buffer_append(berr, string, strlen(string)); continue; case '#': - snprintf(string, sizeof string, "%c#\r\n", escape_char); + snprintf(string, sizeof string, "%c#\r\n", + escape_char); buffer_append(berr, string, strlen(string)); s = channel_open_message(); buffer_append(berr, s, strlen(s)); @@ -975,7 +1041,7 @@ Supported escape sequences:\r\n\ */ if (last_was_cr && ch == escape_char) { /* It is. Set the flag and continue to next character. */ - escape_pending = 1; + *escape_pendingp = 1; continue; } } @@ -1026,7 +1092,7 @@ client_process_input(fd_set *readset) packet_start(SSH_CMSG_EOF); packet_send(); } - } else if (escape_char == SSH_ESCAPECHAR_NONE) { + } else if (escape_char1 == SSH_ESCAPECHAR_NONE) { /* * Normal successful read, and no escape character. * Just append the data to buffer. @@ -1037,8 +1103,8 @@ client_process_input(fd_set *readset) * Normal, successful read. But we have an escape character * and have to process the characters one by one. */ - if (process_escapes(&stdin_buffer, &stdout_buffer, - &stderr_buffer, buf, len) == -1) + if (process_escapes(NULL, &stdin_buffer, + &stdout_buffer, &stderr_buffer, buf, len) == -1) return; } } @@ -1113,13 +1179,26 @@ client_process_buffered_input_packets(void) /* scan buf[] for '~' before sending data to the peer */ -static int -simple_escape_filter(Channel *c, char *buf, int len) +/* Helper: allocate a new escape_filter_ctx and fill in its escape char */ +void * +client_new_escape_filter_ctx(int escape_char) +{ + struct escape_filter_ctx *ret; + + ret = xmalloc(sizeof(*ret)); + ret->escape_pending = 0; + ret->escape_char = escape_char; + return (void *)ret; +} + +int +client_simple_escape_filter(Channel *c, char *buf, int len) { if (c->extended_usage != CHAN_EXTENDED_WRITE) return 0; - return process_escapes(&c->input, &c->output, &c->extended, buf, len); + return process_escapes(c, &c->input, &c->output, &c->extended, + buf, len); } static void @@ -1151,7 +1230,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) start_time = get_current_time(); /* Initialize variables. */ - escape_pending = 0; + escape_pending1 = 0; last_was_cr = 1; exit_status = -1; stdin_eof = 0; @@ -1178,7 +1257,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) stdout_bytes = 0; stderr_bytes = 0; quit_pending = 0; - escape_char = escape_char_arg; + escape_char1 = escape_char_arg; /* Initialize buffers. */ buffer_init(&stdin_buffer); @@ -1206,9 +1285,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) if (compat20) { session_ident = ssh2_chan_id; - if (escape_char != SSH_ESCAPECHAR_NONE) + if (escape_char_arg != SSH_ESCAPECHAR_NONE) channel_register_filter(session_ident, - simple_escape_filter, NULL); + client_simple_escape_filter, NULL, + client_new_escape_filter_ctx(escape_char_arg)); if (session_ident != -1) channel_register_cleanup(session_ident, client_channel_closed, 0); diff --git a/clientloop.h b/clientloop.h index 6f8e70123..cecbfb1a8 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.19 2008/05/09 14:18:44 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.20 2008/06/12 03:40:52 djm Exp $ */ /* * Author: Tatu Ylonen @@ -46,8 +46,12 @@ void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **); int client_request_tun_fwd(int, int, int); +/* Escape filter for protocol 2 sessions */ +void *client_new_escape_filter_ctx(int); +int client_simple_escape_filter(Channel *, char *, int); + /* Multiplexing protocol version */ -#define SSHMUX_VER 1 +#define SSHMUX_VER 2 /* Multiplexing control protocol flags */ #define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ @@ -59,20 +63,6 @@ int client_request_tun_fwd(int, int, int); #define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */ #define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */ -/* Multiplexing routines */ - -struct mux_session_confirm_ctx { - int want_tty; - int want_subsys; - int want_x_fwd; - int want_agent_fwd; - Buffer cmd; - char *term; - struct termios tio; - char **env; -}; - -/* mux.c */ void muxserver_listen(void); int muxserver_accept_control(void); void muxclient(const char *); diff --git a/mux.c b/mux.c index 8b9105b04..efc3840cb 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.1 2008/05/09 14:18:44 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.2 2008/06/12 03:40:52 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -19,6 +19,20 @@ #include "includes.h" +/* + * TODO: + * 1. partial reads in muxserver_accept_control (maybe make channels + * from accepted connections) + * 2. Better signalling from master to slave, especially passing of + * error messages + * 3. Better fall-back from mux slave error to new connection. + * 3. Add/delete forwardings via slave + * 4. ExitOnForwardingFailure (after #3 obviously) + * 5. Maybe extension mechanisms for multi-X11/multi-agent forwarding + * 6. Document the mux mini-protocol somewhere. + * 6. Support ~^Z in mux slaves. + */ + #include #include #include @@ -71,6 +85,18 @@ extern char *host; int subsystem_flag; extern Buffer command; +/* Context for session open confirmation callback */ +struct mux_session_confirm_ctx { + int want_tty; + int want_subsys; + int want_x_fwd; + int want_agent_fwd; + Buffer cmd; + char *term; + struct termios tio; + char **env; +}; + /* fd to control socket */ int muxserver_sock = -1; @@ -131,7 +157,7 @@ muxserver_listen(void) /* Callback on open confirmation in mux master for a mux client session. */ static void -client_extra_session2_setup(int id, void *arg) +mux_session_confirm(int id, void *arg) { struct mux_session_confirm_ctx *cctx = arg; const char *display; @@ -190,7 +216,7 @@ muxserver_accept_control(void) struct sockaddr_storage addr; struct mux_session_confirm_ctx *cctx; char *cmd; - u_int i, j, len, env_len, mux_command, flags; + u_int i, j, len, env_len, mux_command, flags, escape_char; uid_t euid; gid_t egid; int start_close = 0; @@ -317,6 +343,7 @@ muxserver_accept_control(void) cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0; cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0; cctx->term = buffer_get_string(&m, &len); + escape_char = buffer_get_int(&m); cmd = buffer_get_string(&m, &len); buffer_init(&cctx->cmd); @@ -402,14 +429,17 @@ muxserver_accept_control(void) new_fd[0], new_fd[1], new_fd[2], window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); - /* XXX */ c->ctl_fd = client_fd; + if (cctx->want_tty && escape_char != 0xffffffff) { + channel_register_filter(c->self, + client_simple_escape_filter, NULL, + client_new_escape_filter_ctx((int)escape_char)); + } debug3("%s: channel_new: %d", __func__, c->self); channel_send_open(c->self); - channel_register_open_confirm(c->self, - client_extra_session2_setup, cctx); + channel_register_open_confirm(c->self, mux_session_confirm, cctx); return 0; } @@ -561,33 +591,34 @@ muxclient(const char *path) fprintf(stderr, "Exit request sent.\r\n"); exit(0); case SSHMUX_COMMAND_OPEN: - /* continue below */ + buffer_put_cstring(&m, term ? term : ""); + if (options.escape_char == SSH_ESCAPECHAR_NONE) + buffer_put_int(&m, 0xffffffff); + else + buffer_put_int(&m, options.escape_char); + buffer_append(&command, "\0", 1); + buffer_put_cstring(&m, buffer_ptr(&command)); + + if (options.num_send_env == 0 || environ == NULL) { + buffer_put_int(&m, 0); + } else { + /* Pass environment */ + num_env = 0; + for (i = 0; environ[i] != NULL; i++) { + if (env_permitted(environ[i])) + num_env++; /* Count */ + } + buffer_put_int(&m, num_env); + for (i = 0; environ[i] != NULL && num_env >= 0; i++) { + if (env_permitted(environ[i])) { + num_env--; + buffer_put_cstring(&m, environ[i]); + } + } + } break; default: - fatal("silly muxclient_command %d", muxclient_command); - } - - /* SSHMUX_COMMAND_OPEN */ - buffer_put_cstring(&m, term ? term : ""); - buffer_append(&command, "\0", 1); - buffer_put_cstring(&m, buffer_ptr(&command)); - - if (options.num_send_env == 0 || environ == NULL) { - buffer_put_int(&m, 0); - } else { - /* Pass environment */ - num_env = 0; - for (i = 0; environ[i] != NULL; i++) - if (env_permitted(environ[i])) - num_env++; /* Count */ - - buffer_put_int(&m, num_env); - - for (i = 0; environ[i] != NULL && num_env >= 0; i++) - if (env_permitted(environ[i])) { - num_env--; - buffer_put_cstring(&m, environ[i]); - } + fatal("unrecognised muxclient_command %d", muxclient_command); } if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) -- cgit v1.2.3 From 84c56f536ca664f79172d595e088fce6aa84be21 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:55:46 +1000 Subject: - djm@cvs.openbsd.org 2008/06/12 15:19:17 [clientloop.h channels.h clientloop.c channels.c mux.c] The multiplexing escape char handler commit last night introduced a small memory leak per session; plug it. --- ChangeLog | 6 +++++- channels.c | 9 +++++++-- channels.h | 6 ++++-- clientloop.c | 10 +++++++++- clientloop.h | 3 ++- mux.c | 3 ++- 6 files changed, 29 insertions(+), 8 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 12471ba3b..0aec356d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -108,6 +108,10 @@ We already mark the start of the worm, now also mark the end of the worm in our random art drawings. ok djm@ + - djm@cvs.openbsd.org 2008/06/12 15:19:17 + [clientloop.h channels.h clientloop.c channels.c mux.c] + The multiplexing escape char handler commit last night introduced a + small memory leak per session; plug it. 20080611 - (djm) [channels.c configure.ac] @@ -4270,4 +4274,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4983 2008/06/12 18:55:10 dtucker Exp $ +$Id: ChangeLog,v 1.4984 2008/06/12 18:55:46 dtucker Exp $ diff --git a/channels.c b/channels.c index c539990f6..04cd6b0a7 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.279 2008/06/12 03:40:52 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.280 2008/06/12 15:19:17 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -328,6 +328,8 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->open_confirm_ctx = NULL; c->input_filter = NULL; c->output_filter = NULL; + c->filter_ctx = NULL; + c->filter_cleanup = NULL; TAILQ_INIT(&c->status_confirms); debug("channel %d: new [%s]", found, remote_name); return c; @@ -416,6 +418,8 @@ channel_free(Channel *c) bzero(cc, sizeof(*cc)); xfree(cc); } + if (c->filter_cleanup != NULL && c->filter_ctx != NULL) + c->filter_cleanup(c->self, c->filter_ctx); channels[c->self] = NULL; xfree(c); } @@ -731,7 +735,7 @@ channel_cancel_cleanup(int id) void channel_register_filter(int id, channel_infilter_fn *ifn, - channel_outfilter_fn *ofn, void *ctx) + channel_outfilter_fn *ofn, channel_filter_cleanup_fn *cfn, void *ctx) { Channel *c = channel_lookup(id); @@ -742,6 +746,7 @@ channel_register_filter(int id, channel_infilter_fn *ifn, c->input_filter = ifn; c->output_filter = ofn; c->filter_ctx = ctx; + c->filter_cleanup = cfn; } void diff --git a/channels.h b/channels.h index 450321d43..ec8ea1c40 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.94 2008/06/12 03:40:52 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.95 2008/06/12 15:19:17 djm Exp $ */ /* * Author: Tatu Ylonen @@ -62,6 +62,7 @@ typedef struct Channel Channel; typedef void channel_callback_fn(int, void *); typedef int channel_infilter_fn(struct Channel *, char *, int); +typedef void channel_filter_cleanup_fn(int, void *); typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *); /* Channel success/failure callbacks */ @@ -132,6 +133,7 @@ struct Channel { channel_infilter_fn *input_filter; channel_outfilter_fn *output_filter; void *filter_ctx; + channel_filter_cleanup_fn *filter_cleanup; /* keep boundaries */ int datagram; @@ -196,7 +198,7 @@ void channel_request_start(int, char *, int); void channel_register_cleanup(int, channel_callback_fn *, int); void channel_register_open_confirm(int, channel_callback_fn *, void *); void channel_register_filter(int, channel_infilter_fn *, - channel_outfilter_fn *, void *); + channel_outfilter_fn *, channel_filter_cleanup_fn *, void *); void channel_register_status_confirm(int, channel_confirm_cb *, channel_confirm_abandon_cb *, void *); void channel_cancel_cleanup(int); diff --git a/clientloop.c b/clientloop.c index 663daae76..d2407ed7e 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.197 2008/06/12 04:17:47 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.198 2008/06/12 15:19:17 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1260,6 +1260,13 @@ client_new_escape_filter_ctx(int escape_char) return (void *)ret; } +/* Free the escape filter context on channel free */ +void +client_filter_cleanup(int cid, void *ctx) +{ + xfree(ctx); +} + int client_simple_escape_filter(Channel *c, char *buf, int len) { @@ -1357,6 +1364,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) if (escape_char_arg != SSH_ESCAPECHAR_NONE) channel_register_filter(session_ident, client_simple_escape_filter, NULL, + client_filter_cleanup, client_new_escape_filter_ctx(escape_char_arg)); if (session_ident != -1) channel_register_cleanup(session_ident, diff --git a/clientloop.h b/clientloop.h index 3353a9a80..8bb874b38 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.21 2008/06/12 04:06:00 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.22 2008/06/12 15:19:17 djm Exp $ */ /* * Author: Tatu Ylonen @@ -48,6 +48,7 @@ int client_request_tun_fwd(int, int, int); /* Escape filter for protocol 2 sessions */ void *client_new_escape_filter_ctx(int); +void client_filter_cleanup(int, void *); int client_simple_escape_filter(Channel *, char *, int); /* Global request confirmation callbacks */ diff --git a/mux.c b/mux.c index f5e68f653..8f7bfb793 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.3 2008/06/12 05:32:30 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.4 2008/06/12 15:19:17 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -436,6 +436,7 @@ muxserver_accept_control(void) if (cctx->want_tty && escape_char != 0xffffffff) { channel_register_filter(c->self, client_simple_escape_filter, NULL, + client_filter_cleanup, client_new_escape_filter_ctx((int)escape_char)); } -- cgit v1.2.3 From d310d51badf6bbd1df56c8a0971d24e2d3e61887 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 16 Jun 2008 07:59:23 +1000 Subject: - djm@cvs.openbsd.org 2008/06/15 20:06:26 [channels.c channels.h session.c] don't call isatty() on a pty master, instead pass a flag down to channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus --- ChangeLog | 8 +++++++- channels.c | 23 +++++++---------------- channels.h | 4 ++-- session.c | 15 +++++++-------- 4 files changed, 23 insertions(+), 27 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 1a3b3b1a8..77d7739dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,12 @@ - dtucker@cvs.openbsd.org 2008/06/15 16:58:40 [servconf.c sshd_config.5] Allow MaxAuthTries within a Match block. ok djm@ + - djm@cvs.openbsd.org 2008/06/15 20:06:26 + [channels.c channels.h session.c] + don't call isatty() on a pty master, instead pass a flag down to + channel_set_fds() indicating that te fds refer to a tty. Fixes a + hang on exit on Solaris (bz#1463) in portable but is actually + a generic bug; ok dtucker deraadt markus 20080614 - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction @@ -4393,4 +4399,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5018 2008/06/15 21:56:20 djm Exp $ +$Id: ChangeLog,v 1.5019 2008/06/15 21:59:23 djm Exp $ diff --git a/channels.c b/channels.c index 04cd6b0a7..b1e544519 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.280 2008/06/12 15:19:17 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.281 2008/06/15 20:06:26 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -221,7 +221,7 @@ channel_lookup(int id) */ static void channel_register_fds(Channel *c, int rfd, int wfd, int efd, - int extusage, int nonblock) + int extusage, int nonblock, int isatty) { /* Update the maximum file descriptor value. */ channel_max_fd = MAX(channel_max_fd, rfd); @@ -237,18 +237,9 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, c->efd = efd; c->extended_usage = extusage; - /* XXX ugly hack: nonblock is only set by the server */ - if (nonblock && isatty(c->rfd)) { + if ((c->isatty = isatty) != 0) debug2("channel %d: rfd %d isatty", c->self, c->rfd); - c->isatty = 1; - if (!isatty(c->wfd)) { - error("channel %d: wfd %d is not a tty?", - c->self, c->wfd); - } - } else { - c->isatty = 0; - } - c->wfd_isatty = isatty(c->wfd); + c->wfd_isatty = isatty || isatty(c->wfd); /* enable nonblocking mode */ if (nonblock) { @@ -308,7 +299,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->ostate = CHAN_OUTPUT_OPEN; c->istate = CHAN_INPUT_OPEN; c->flags = 0; - channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); + channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0); c->self = found; c->type = type; c->ctype = ctype; @@ -751,13 +742,13 @@ channel_register_filter(int id, channel_infilter_fn *ifn, void channel_set_fds(int id, int rfd, int wfd, int efd, - int extusage, int nonblock, u_int window_max) + int extusage, int nonblock, int isatty, u_int window_max) { Channel *c = channel_lookup(id); if (c == NULL || c->type != SSH_CHANNEL_LARVAL) fatal("channel_activate for non-larval channel %d.", id); - channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); + channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, isatty); c->type = SSH_CHANNEL_OPEN; c->local_window = c->local_window_max = window_max; packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); diff --git a/channels.h b/channels.h index ec8ea1c40..108b36068 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.95 2008/06/12 15:19:17 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.96 2008/06/15 20:06:26 djm Exp $ */ /* * Author: Tatu Ylonen @@ -188,7 +188,7 @@ struct Channel { Channel *channel_by_id(int); Channel *channel_lookup(int); Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int); -void channel_set_fds(int, int, int, int, int, int, u_int); +void channel_set_fds(int, int, int, int, int, int, int, u_int); void channel_free(Channel *); void channel_free_all(void); void channel_stop_listening(void); diff --git a/session.c b/session.c index 3ea783f63..d692bc709 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.239 2008/06/14 18:33:43 djm Exp $ */ +/* $OpenBSD: session.c,v 1.240 2008/06/15 20:06:26 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -98,7 +98,7 @@ /* func */ Session *session_new(void); -void session_set_fds(Session *, int, int, int); +void session_set_fds(Session *, int, int, int, int); void session_pty_cleanup(Session *); void session_proctitle(Session *); int session_setup_x11fwd(Session *); @@ -591,7 +591,7 @@ do_exec_no_pty(Session *s, const char *command) close(perr[0]); perr[0] = -1; } - session_set_fds(s, pin[1], pout[0], perr[0]); + session_set_fds(s, pin[1], pout[0], perr[0], 0); } else { /* Enter the interactive session. */ server_loop(pid, pin[1], pout[0], perr[0]); @@ -608,7 +608,7 @@ do_exec_no_pty(Session *s, const char *command) */ if (compat20) { session_set_fds(s, inout[1], inout[1], - s->is_subsystem ? -1 : err[1]); + s->is_subsystem ? -1 : err[1], 0); if (s->is_subsystem) close(err[1]); } else { @@ -733,7 +733,7 @@ do_exec_pty(Session *s, const char *command) s->ptymaster = ptymaster; packet_set_interactive(1); if (compat20) { - session_set_fds(s, ptyfd, fdout, -1); + session_set_fds(s, ptyfd, fdout, -1, 1); } else { server_loop(pid, ptyfd, fdout, -1); /* server_loop _has_ closed ptyfd and fdout. */ @@ -2285,7 +2285,7 @@ session_input_channel_req(Channel *c, const char *rtype) } void -session_set_fds(Session *s, int fdin, int fdout, int fderr) +session_set_fds(Session *s, int fdin, int fdout, int fderr, int isatty) { if (!compat20) fatal("session_set_fds: called for proto != 2.0"); @@ -2298,8 +2298,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr) channel_set_fds(s->chanid, fdout, fdin, fderr, fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, - 1, - CHAN_SES_WINDOW_DEFAULT); + 1, isatty, CHAN_SES_WINDOW_DEFAULT); } /* -- cgit v1.2.3 From ed3cdc0a7c6e2a782c1e4a6781f11c1defa494b1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 16 Jun 2008 23:29:18 +1000 Subject: - dtucker@cvs.openbsd.org 2008/06/16 13:22:53 [session.c channels.c] Rename the isatty argument to is_tty so we don't shadow isatty(3). ok markus@ --- ChangeLog | 9 ++++++++- channels.c | 10 +++++----- session.c | 6 +++--- 3 files changed, 16 insertions(+), 9 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 77d7739dc..0cca9d1e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20080616 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2008/06/16 13:22:53 + [session.c channels.c] + Rename the isatty argument to is_tty so we don't shadow + isatty(3). ok markus@ + 20080615 - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. - OpenBSD CVS Sync @@ -4399,4 +4406,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5019 2008/06/15 21:59:23 djm Exp $ +$Id: ChangeLog,v 1.5020 2008/06/16 13:29:18 dtucker Exp $ diff --git a/channels.c b/channels.c index b1e544519..64c1ce76d 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.281 2008/06/15 20:06:26 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.282 2008/06/16 13:22:53 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -221,7 +221,7 @@ channel_lookup(int id) */ static void channel_register_fds(Channel *c, int rfd, int wfd, int efd, - int extusage, int nonblock, int isatty) + int extusage, int nonblock, int is_tty) { /* Update the maximum file descriptor value. */ channel_max_fd = MAX(channel_max_fd, rfd); @@ -237,7 +237,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, c->efd = efd; c->extended_usage = extusage; - if ((c->isatty = isatty) != 0) + if ((c->isatty = is_tty) != 0) debug2("channel %d: rfd %d isatty", c->self, c->rfd); c->wfd_isatty = isatty || isatty(c->wfd); @@ -742,13 +742,13 @@ channel_register_filter(int id, channel_infilter_fn *ifn, void channel_set_fds(int id, int rfd, int wfd, int efd, - int extusage, int nonblock, int isatty, u_int window_max) + int extusage, int nonblock, int is_tty, u_int window_max) { Channel *c = channel_lookup(id); if (c == NULL || c->type != SSH_CHANNEL_LARVAL) fatal("channel_activate for non-larval channel %d.", id); - channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, isatty); + channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, is_tty); c->type = SSH_CHANNEL_OPEN; c->local_window = c->local_window_max = window_max; packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); diff --git a/session.c b/session.c index d692bc709..93babf957 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.240 2008/06/15 20:06:26 djm Exp $ */ +/* $OpenBSD: session.c,v 1.241 2008/06/16 13:22:53 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2285,7 +2285,7 @@ session_input_channel_req(Channel *c, const char *rtype) } void -session_set_fds(Session *s, int fdin, int fdout, int fderr, int isatty) +session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) { if (!compat20) fatal("session_set_fds: called for proto != 2.0"); @@ -2298,7 +2298,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int isatty) channel_set_fds(s->chanid, fdout, fdin, fderr, fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, - 1, isatty, CHAN_SES_WINDOW_DEFAULT); + 1, is_tty, CHAN_SES_WINDOW_DEFAULT); } /* -- cgit v1.2.3 From 1a48aecfbca9459ff5bfe07952d0914fda754bcb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 16 Jun 2008 23:35:56 +1000 Subject: - (dtucker) [channels.c] isatty -> is_tty here too. --- ChangeLog | 3 ++- channels.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 0cca9d1e9..6185f4408 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ [session.c channels.c] Rename the isatty argument to is_tty so we don't shadow isatty(3). ok markus@ + - (dtucker) [channels.c] isatty -> is_tty here too. 20080615 - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. @@ -4406,4 +4407,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5020 2008/06/16 13:29:18 dtucker Exp $ +$Id: ChangeLog,v 1.5021 2008/06/16 13:35:56 dtucker Exp $ diff --git a/channels.c b/channels.c index 64c1ce76d..7f0aaadf6 100644 --- a/channels.c +++ b/channels.c @@ -239,7 +239,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, if ((c->isatty = is_tty) != 0) debug2("channel %d: rfd %d isatty", c->self, c->rfd); - c->wfd_isatty = isatty || isatty(c->wfd); + c->wfd_isatty = is_tty || isatty(c->wfd); /* enable nonblocking mode */ if (nonblock) { -- cgit v1.2.3 From d8968adb5faef58508bb5e7dab7cdbaf5b0e90d5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 4 Jul 2008 23:10:49 +1000 Subject: - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h] [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on some platforms (HP nonstop) it is a distinct errno; bz#1467 reported by sconeu AT yahoo.com; ok dtucker@ --- ChangeLog | 9 +++++++-- atomicio.c | 8 -------- channels.c | 19 ++++++++++++------- clientloop.c | 12 ++++++++---- defines.h | 6 +++++- includes.h | 2 ++ packet.c | 8 +++++--- scp.c | 2 +- serverloop.c | 14 ++++++++------ sftp-client.c | 3 ++- ssh-agent.c | 6 ++++-- ssh-keyscan.c | 2 +- sshd.c | 3 ++- 13 files changed, 57 insertions(+), 37 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index c985a7ba5..984c17008 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,7 +30,12 @@ explicitly disable conch options that could interfere with the test - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link returns EXDEV. Patch from Mike Garrison, ok djm@ -h + - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h] + [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] + [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on + some platforms (HP nonstop) it is a distinct errno; + bz#1467 reported by sconeu AT yahoo.com; ok dtucker@ + 20080702 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2008/06/30 08:05:59 @@ -4565,4 +4570,4 @@ h OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5057 2008/07/04 07:11:30 dtucker Exp $ +$Id: ChangeLog,v 1.5058 2008/07/04 13:10:49 djm Exp $ diff --git a/atomicio.c b/atomicio.c index 575bf8900..bb44c3230 100644 --- a/atomicio.c +++ b/atomicio.c @@ -63,11 +63,7 @@ atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) case -1: if (errno == EINTR) continue; -#ifdef EWOULDBLOCK if (errno == EAGAIN || errno == EWOULDBLOCK) { -#else - if (errno == EAGAIN) { -#endif (void)poll(&pfd, 1, -1); continue; } @@ -109,11 +105,7 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, case -1: if (errno == EINTR) continue; -#ifdef EWOULDBLOCK if (errno == EAGAIN || errno == EWOULDBLOCK) { -#else - if (errno == EAGAIN) { -#endif (void)poll(&pfd, 1, -1); continue; } diff --git a/channels.c b/channels.c index 7f0aaadf6..ac5134b5b 100644 --- a/channels.c +++ b/channels.c @@ -1494,7 +1494,8 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) { errno = 0; len = read(c->rfd, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || (errno == EAGAIN && !force))) + if (len < 0 && (errno == EINTR || + ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) return 1; #ifndef PTY_ZEROREAD if (len <= 0) { @@ -1565,7 +1566,8 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) c->local_consumed += dlen + 4; len = write(c->wfd, buf, dlen); xfree(data); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK)) return 1; if (len <= 0) { if (c->type != SSH_CHANNEL_OPEN) @@ -1583,7 +1585,8 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) #endif len = write(c->wfd, buf, dlen); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && + (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) { if (c->type != SSH_CHANNEL_OPEN) { @@ -1635,7 +1638,8 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) buffer_len(&c->extended)); debug2("channel %d: written %d to efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK)) return 1; if (len <= 0) { debug2("channel %d: closing write-efd %d", @@ -1650,8 +1654,8 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %d from efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || - (errno == EAGAIN && !c->detach_close))) + if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + errno == EWOULDBLOCK) && !c->detach_close))) return 1; if (len <= 0) { debug2("channel %d: closing read-efd %d", @@ -1675,7 +1679,8 @@ channel_handle_ctl(Channel *c, fd_set *readset, fd_set *writeset) /* Monitor control fd to detect if the slave client exits */ if (c->ctl_fd != -1 && FD_ISSET(c->ctl_fd, readset)) { len = read(c->ctl_fd, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && + (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) { debug2("channel %d: ctl read<=0", c->self); diff --git a/clientloop.c b/clientloop.c index 6dc870881..ba2f0b79e 100644 --- a/clientloop.c +++ b/clientloop.c @@ -663,7 +663,8 @@ client_process_net_input(fd_set *readset) * There is a kernel bug on Solaris that causes select to * sometimes wake up even though there is no data available. */ - if (len < 0 && (errno == EAGAIN || errno == EINTR)) + if (len < 0 && + (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) len = 0; if (len < 0) { @@ -1129,7 +1130,8 @@ client_process_input(fd_set *readset) if (FD_ISSET(fileno(stdin), readset)) { /* Read as much as possible. */ len = read(fileno(stdin), buf, sizeof(buf)); - if (len < 0 && (errno == EAGAIN || errno == EINTR)) + if (len < 0 && + (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) return; /* we'll try again later */ if (len <= 0) { /* @@ -1186,7 +1188,8 @@ client_process_output(fd_set *writeset) len = write(fileno(stdout), buffer_ptr(&stdout_buffer), buffer_len(&stdout_buffer)); if (len <= 0) { - if (errno == EINTR || errno == EAGAIN) + if (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK) len = 0; else { /* @@ -1210,7 +1213,8 @@ client_process_output(fd_set *writeset) len = write(fileno(stderr), buffer_ptr(&stderr_buffer), buffer_len(&stderr_buffer)); if (len <= 0) { - if (errno == EINTR || errno == EAGAIN) + if (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK) len = 0; else { /* diff --git a/defines.h b/defines.h index a2fda9969..a8203ebbb 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.150 2008/06/13 00:28:57 dtucker Exp $ */ +/* $Id: defines.h,v 1.151 2008/07/04 13:10:49 djm Exp $ */ /* Constants */ @@ -734,4 +734,8 @@ struct winsize { # endif #endif +#ifndef EWOULDBLOCK +# define EWOULDBLOCK EAGAIN +#endif + #endif /* _DEFINES_H */ diff --git a/includes.h b/includes.h index 9fcf1b023..f1b47f666 100644 --- a/includes.h +++ b/includes.h @@ -149,6 +149,8 @@ # include #endif +#include + /* * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. diff --git a/packet.c b/packet.c index 90ad5ff67..ff22be68f 100644 --- a/packet.c +++ b/packet.c @@ -956,7 +956,8 @@ packet_read_seqnr(u_int32_t *seqnr_p) if ((ret = select(connection_in + 1, setp, NULL, NULL, timeoutp)) >= 0) break; - if (errno != EAGAIN && errno != EINTR) + if (errno != EAGAIN && errno != EINTR && + errno != EWOULDBLOCK) break; if (packet_timeout_ms == -1) continue; @@ -1475,7 +1476,7 @@ packet_write_poll(void) if (len > 0) { len = write(connection_out, buffer_ptr(&output), len); if (len <= 0) { - if (errno == EAGAIN) + if (errno == EAGAIN || errno == EWOULDBLOCK) return; else fatal("Write failed: %.100s", strerror(errno)); @@ -1516,7 +1517,8 @@ packet_write_wait(void) if ((ret = select(connection_out + 1, NULL, setp, NULL, timeoutp)) >= 0) break; - if (errno != EAGAIN && errno != EINTR) + if (errno != EAGAIN && errno != EINTR && + errno != EWOULDBLOCK) break; if (packet_timeout_ms == -1) continue; diff --git a/scp.c b/scp.c index 46433a638..9f8b7a192 100644 --- a/scp.c +++ b/scp.c @@ -474,7 +474,7 @@ scpio(ssize_t (*f)(int, void *, size_t), int fd, void *_p, size_t l, off_t *c) if (r < 0) { if (errno == EINTR) continue; - if (errno == EAGAIN) { + if (errno == EAGAIN || errno == EWOULDBLOCK) { (void)poll(&pfd, 1, -1); /* Ignore errors */ continue; } diff --git a/serverloop.c b/serverloop.c index bd6f82dc1..77d9dee75 100644 --- a/serverloop.c +++ b/serverloop.c @@ -400,7 +400,8 @@ process_input(fd_set *readset) return; cleanup_exit(255); } else if (len < 0) { - if (errno != EINTR && errno != EAGAIN) { + if (errno != EINTR && errno != EAGAIN && + errno != EWOULDBLOCK) { verbose("Read error from remote host " "%.100s: %.100s", get_remote_ipaddr(), strerror(errno)); @@ -418,8 +419,8 @@ process_input(fd_set *readset) if (!fdout_eof && FD_ISSET(fdout, readset)) { errno = 0; len = read(fdout, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || - (errno == EAGAIN && !child_terminated))) { + if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + errno == EWOULDBLOCK) && !child_terminated))) { /* do nothing */ #ifndef PTY_ZEROREAD } else if (len <= 0) { @@ -437,8 +438,8 @@ process_input(fd_set *readset) if (!fderr_eof && FD_ISSET(fderr, readset)) { errno = 0; len = read(fderr, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || - (errno == EAGAIN && !child_terminated))) { + if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + errno == EWOULDBLOCK) && !child_terminated))) { /* do nothing */ #ifndef PTY_ZEROREAD } else if (len <= 0) { @@ -469,7 +470,8 @@ process_output(fd_set *writeset) data = buffer_ptr(&stdin_buffer); dlen = buffer_len(&stdin_buffer); len = write(fdin, data, dlen); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + if (len < 0 && + (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) { /* do nothing */ } else if (len <= 0) { if (fdin != fdout) diff --git a/sftp-client.c b/sftp-client.c index 42bf0c813..5e39aa7d2 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1223,7 +1223,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, len = 0; else do len = read(local_fd, data, conn->transfer_buflen); - while ((len == -1) && (errno == EINTR || errno == EAGAIN)); + while ((len == -1) && + (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)); if (len == -1) fatal("Couldn't read from \"%s\": %s", local_path, diff --git a/ssh-agent.c b/ssh-agent.c index b1c65fab6..9123cfe6b 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -961,7 +961,8 @@ after_select(fd_set *readset, fd_set *writeset) buffer_ptr(&sockets[i].output), buffer_len(&sockets[i].output)); if (len == -1 && (errno == EAGAIN || - errno == EINTR)) + errno == EINTR || + errno == EWOULDBLOCK)) continue; break; } while (1); @@ -975,7 +976,8 @@ after_select(fd_set *readset, fd_set *writeset) do { len = read(sockets[i].fd, buf, sizeof(buf)); if (len == -1 && (errno == EAGAIN || - errno == EINTR)) + errno == EINTR || + errno == EWOULDBLOCK)) continue; break; } while (1); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 304fcfde8..d81077764 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -656,7 +656,7 @@ conloop(void) memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask)); while (select(maxfd, r, NULL, e, &seltime) == -1 && - (errno == EAGAIN || errno == EINTR)) + (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) ; for (i = 0; i < maxfd; i++) { diff --git a/sshd.c b/sshd.c index c952f7ad2..a6620a05a 100644 --- a/sshd.c +++ b/sshd.c @@ -1096,7 +1096,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) *newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); if (*newsock < 0) { - if (errno != EINTR && errno != EWOULDBLOCK) + if (errno != EINTR && errno != EAGAIN && + errno != EWOULDBLOCK) error("accept: %.100s", strerror(errno)); continue; } -- cgit v1.2.3 From dda5fffb847cd98164cb4020e3287a9960c37aaa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 11 Jul 2008 17:35:37 +1000 Subject: - markus@cvs.openbsd.org 2008/07/10 18:05:58 [channels.c] missing bzero; from mickey; ok djm@ --- ChangeLog | 5 ++++- channels.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index ae8efacae..40b939018 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ /*NOTREACHED*/ for lint warning: warning: function key_equal falls off bottom without returning value ok djm@ + - markus@cvs.openbsd.org 2008/07/10 18:05:58 + [channels.c] + missing bzero; from mickey; ok djm@ 20080709 - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass @@ -4615,4 +4618,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5071 2008/07/11 07:35:09 djm Exp $ +$Id: ChangeLog,v 1.5072 2008/07/11 07:35:37 djm Exp $ diff --git a/channels.c b/channels.c index ac5134b5b..9f27fa632 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.282 2008/06/16 13:22:53 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.283 2008/07/10 18:05:58 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2875,6 +2875,7 @@ connect_to(const char *host, u_short port, char *ctype, char *rname) return NULL; } + memset(&cctx, 0, sizeof(cctx)); cctx.host = xstrdup(host); cctx.port = port; cctx.ai = cctx.aitop; -- cgit v1.2.3 From 2bcb866327ed909916c77bcb36fd4770b09fe534 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 12 Jul 2008 17:12:29 +1000 Subject: - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2008/07/12 04:52:50 [channels.c] unbreak; move clearing of cctx struct to before first use reported by dkrause@ --- ChangeLog | 9 ++++++++- channels.c | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index b3263e909..6244e39b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20080712 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2008/07/12 04:52:50 + [channels.c] + unbreak; move clearing of cctx struct to before first use + reported by dkrause@ + 20080711 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2008/07/07 00:31:41 @@ -4622,4 +4629,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5073 2008/07/11 07:36:48 djm Exp $ +$Id: ChangeLog,v 1.5074 2008/07/12 07:12:29 djm Exp $ diff --git a/channels.c b/channels.c index 9f27fa632..7be577838 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.283 2008/07/10 18:05:58 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.284 2008/07/12 04:52:50 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2865,6 +2865,7 @@ connect_to(const char *host, u_short port, char *ctype, char *rname) struct channel_connect cctx; Channel *c; + memset(&cctx, 0, sizeof(cctx)); memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; @@ -2875,7 +2876,6 @@ connect_to(const char *host, u_short port, char *ctype, char *rname) return NULL; } - memset(&cctx, 0, sizeof(cctx)); cctx.host = xstrdup(host); cctx.port = port; cctx.ai = cctx.aitop; -- cgit v1.2.3 From 163886ff7170f031b59b36d0a76165757d680070 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 14 Jul 2008 11:28:58 +1000 Subject: - djm@cvs.openbsd.org 2008/07/13 22:13:07 [channels.c] use struct sockaddr_storage instead of struct sockaddr for accept(2) address argument. from visibilis AT yahoo.com in bz#1485; ok markus@ --- ChangeLog | 6 +++++- channels.c | 14 +++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 6171fe111..45b878ad6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ -v is also specified, making it consistent with the manual and other uses of -l. ok grunk@ + - djm@cvs.openbsd.org 2008/07/13 22:13:07 + [channels.c] + use struct sockaddr_storage instead of struct sockaddr for accept(2) + address argument. from visibilis AT yahoo.com in bz#1485; ok markus@ 20080712 - (djm) OpenBSD CVS Sync @@ -4642,4 +4646,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5076 2008/07/14 01:28:29 djm Exp $ +$Id: ChangeLog,v 1.5077 2008/07/14 01:28:58 djm Exp $ diff --git a/channels.c b/channels.c index 7be577838..0156e9cb8 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.284 2008/07/12 04:52:50 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.285 2008/07/13 22:13:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1210,7 +1210,7 @@ static void channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) { Channel *nc; - struct sockaddr addr; + struct sockaddr_storage addr; int newsock; socklen_t addrlen; char buf[16384], *remote_ipaddr; @@ -1219,7 +1219,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) if (FD_ISSET(c->sock, readset)) { debug("X11 connection requested."); addrlen = sizeof(addr); - newsock = accept(c->sock, &addr, &addrlen); + newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (c->single_connection) { debug2("single_connection: closing X11 listener."); channel_close_fd(&c->sock); @@ -1336,7 +1336,7 @@ static void channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) { Channel *nc; - struct sockaddr addr; + struct sockaddr_storage addr; int newsock, nextstate; socklen_t addrlen; char *rtype; @@ -1360,7 +1360,7 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) } addrlen = sizeof(addr); - newsock = accept(c->sock, &addr, &addrlen); + newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { error("accept: %.100s", strerror(errno)); return; @@ -1395,12 +1395,12 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) { Channel *nc; int newsock; - struct sockaddr addr; + struct sockaddr_storage addr; socklen_t addrlen; if (FD_ISSET(c->sock, readset)) { addrlen = sizeof(addr); - newsock = accept(c->sock, &addr, &addrlen); + newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { error("accept from auth socket: %.100s", strerror(errno)); return; -- cgit v1.2.3 From 6ef17495e9c867ef01860a7c97fc1f24ef7aa8db Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 16 Jul 2008 22:42:06 +1000 Subject: - djm@cvs.openbsd.org 2008/07/16 11:52:19 [channels.c] this loop index should be automatic, not static --- ChangeLog | 5 ++++- channels.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 01217406f..13addb89d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ [clientloop.c] rename variable first_gc -> last_gc (since it is actually the last in the list). + - djm@cvs.openbsd.org 2008/07/16 11:52:19 + [channels.c] + this loop index should be automatic, not static 20080714 - (djm) OpenBSD CVS Sync @@ -4681,4 +4684,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5086 2008/07/16 12:40:52 djm Exp $ +$Id: ChangeLog,v 1.5087 2008/07/16 12:42:06 djm Exp $ diff --git a/channels.c b/channels.c index 0156e9cb8..69c99c9b2 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.285 2008/07/13 22:13:07 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.286 2008/07/16 11:52:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2789,7 +2789,7 @@ channel_clear_adm_permitted_opens(void) void channel_print_adm_permitted_opens(void) { - static int i; + int i; for (i = 0; i < num_adm_permitted_opens; i++) if (permitted_adm_opens[i].host_to_connect != NULL) -- cgit v1.2.3