From d558092522153caa627e33e4a76c6f64332bc609 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 14 May 2003 13:40:06 +1000 Subject: - (djm) RCSID sync w/ OpenBSD --- channels.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'channels.c') diff --git a/channels.c b/channels.c index e27ae1fa3..41abb8d6b 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.188 2003/04/08 20:21:28 itojun Exp $"); #include "ssh.h" #include "ssh1.h" -- cgit v1.2.3 From 2372ace57287c6963a5790fb254e47de57537e0a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 14 May 2003 13:42:23 +1000 Subject: - markus@cvs.openbsd.org 2003/04/14 14:17:50 [channels.c sshconnect.c sshd.c ssh-keyscan.c] avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP --- ChangeLog | 5 ++++- channels.c | 11 ++++++----- ssh-keyscan.c | 4 ++-- sshconnect.c | 18 ++++++++++-------- sshd.c | 5 +++-- 5 files changed, 25 insertions(+), 18 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index d1661c6d2..0d22a9f81 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ - naddy@cvs.openbsd.org 2003/04/12 11:40:15 [ssh.1] document -V switch, fix wording; ok markus@ + - markus@cvs.openbsd.org 2003/04/14 14:17:50 + [channels.c sshconnect.c sshd.c ssh-keyscan.c] + avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP 20030512 - (djm) Redhat spec: Don't install profile.d scripts when not @@ -1402,4 +1405,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2681 2003/05/14 03:42:08 djm Exp $ +$Id: ChangeLog,v 1.2682 2003/05/14 03:42:23 djm Exp $ diff --git a/channels.c b/channels.c index 41abb8d6b..27707a128 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.188 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: channels.c,v 1.189 2003/04/14 14:17:50 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2058,7 +2058,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por continue; } /* Create a port to listen for the host. */ - sock = socket(ai->ai_family, SOCK_STREAM, 0); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { /* this is no error since kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); @@ -2280,7 +2280,7 @@ connect_to(const char *host, u_short port) error("connect_to: getnameinfo failed"); continue; } - sock = socket(ai->ai_family, SOCK_STREAM, 0); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { if (ai->ai_next == NULL) error("socket: %.100s", strerror(errno)); @@ -2381,7 +2381,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; - sock = socket(ai->ai_family, SOCK_STREAM, 0); + sock = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol); if (sock < 0) { if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { error("socket: %.100s", strerror(errno)); @@ -2547,7 +2548,7 @@ x11_connect_display(void) } for (ai = aitop; ai; ai = ai->ai_next) { /* Create a socket. */ - sock = socket(ai->ai_family, SOCK_STREAM, 0); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { debug("socket: %.100s", strerror(errno)); continue; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 5b4eb82d1..ac3056ff2 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.41 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.42 2003/04/14 14:17:50 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -397,7 +397,7 @@ tcpconnect(char *host) if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr)); for (ai = aitop; ai; ai = ai->ai_next) { - s = socket(ai->ai_family, SOCK_STREAM, 0); + s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (s < 0) { error("socket: %s", strerror(errno)); continue; diff --git a/sshconnect.c b/sshconnect.c index 16db13fa1..33d9c727f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.138 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.139 2003/04/14 14:17:50 markus Exp $"); #include @@ -163,7 +163,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) * Creates a (possibly privileged) socket for use as the ssh connection. */ static int -ssh_create_socket(int privileged, int family) +ssh_create_socket(int privileged, struct addrinfo *ai) { int sock, gaierr; struct addrinfo hints, *res; @@ -175,15 +175,16 @@ ssh_create_socket(int privileged, int family) if (privileged) { int p = IPPORT_RESERVED - 1; PRIV_START; - sock = rresvport_af(&p, family); + sock = rresvport_af(&p, ai->ai_family); PRIV_END; if (sock < 0) - error("rresvport: af=%d %.100s", family, strerror(errno)); + error("rresvport: af=%d %.100s", ai->ai_family, + strerror(errno)); else debug("Allocated local port %d.", p); return sock; } - sock = socket(family, SOCK_STREAM, 0); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) error("socket: %.100s", strerror(errno)); @@ -192,8 +193,9 @@ ssh_create_socket(int privileged, int family) return sock; memset(&hints, 0, sizeof(hints)); - hints.ai_family = family; - hints.ai_socktype = SOCK_STREAM; + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; + hints.ai_protocol = ai->ai_protocol; hints.ai_flags = AI_PASSIVE; gaierr = getaddrinfo(options.bind_address, "0", &hints, &res); if (gaierr) { @@ -295,7 +297,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, host, ntop, strport); /* Create a socket for connecting. */ - sock = ssh_create_socket(needpriv, ai->ai_family); + sock = ssh_create_socket(needpriv, ai); if (sock < 0) /* Any error is already output */ continue; diff --git a/sshd.c b/sshd.c index 0f3fbb230..9e2e218c6 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.264 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.265 2003/04/14 14:17:50 markus Exp $"); #include #include @@ -1153,7 +1153,8 @@ main(int ac, char **av) continue; } /* Create socket for listening. */ - listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); + listen_sock = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol); if (listen_sock < 0) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); -- cgit v1.2.3 From b1ca8bb159bba7cedebe8fa467bf29e4ab1a65be Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 14 May 2003 13:45:42 +1000 Subject: - markus@cvs.openbsd.org 2003/05/11 20:30:25 [channels.c clientloop.c serverloop.c session.c ssh.c] make channel_new() strdup the 'remote_name' (not the caller); ok theo --- ChangeLog | 5 ++++- channels.c | 29 +++++++++++------------------ clientloop.c | 9 ++++----- serverloop.c | 6 +++--- session.c | 4 ++-- ssh.c | 4 ++-- 6 files changed, 26 insertions(+), 31 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 3f6e36681..795bae3c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ rsa1 private or rsa1 public and ssh2 keys. this makes ssh-keygen -e fail for ssh1 keys more gracefully for example; report from itojun (netbsd pr 20550). + - markus@cvs.openbsd.org 2003/05/11 20:30:25 + [channels.c clientloop.c serverloop.c session.c ssh.c] + make channel_new() strdup the 'remote_name' (not the caller); ok theo 20030512 - (djm) Redhat spec: Don't install profile.d scripts when not @@ -1429,4 +1432,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2687 2003/05/14 03:45:22 djm Exp $ +$Id: ChangeLog,v 1.2688 2003/05/14 03:45:42 djm Exp $ diff --git a/channels.c b/channels.c index 27707a128..ad879cc61 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.189 2003/04/14 14:17:50 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.190 2003/05/11 20:30:24 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -256,7 +256,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->local_consumed = 0; c->local_maxpacket = maxpack; c->remote_id = -1; - c->remote_name = remote_name; + c->remote_name = xstrdup(remote_name); c->remote_window = 0; c->remote_maxpacket = 0; c->force_drain = 0; @@ -1013,8 +1013,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) nc = channel_new("accepted x11 socket", SSH_CHANNEL_OPENING, newsock, newsock, -1, - c->local_window_max, c->local_maxpacket, - 0, xstrdup(buf), 1); + c->local_window_max, c->local_maxpacket, 0, buf, 1); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring("x11"); @@ -1129,10 +1128,8 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) return; } set_nodelay(newsock); - nc = channel_new(rtype, - nextstate, newsock, newsock, -1, - c->local_window_max, c->local_maxpacket, - 0, xstrdup(rtype), 1); + nc = channel_new(rtype, nextstate, newsock, newsock, -1, + c->local_window_max, c->local_maxpacket, 0, rtype, 1); nc->listening_port = c->listening_port; nc->host_port = c->host_port; strlcpy(nc->path, c->path, sizeof(nc->path)); @@ -1158,7 +1155,6 @@ static void channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset) { Channel *nc; - char *name; int newsock; struct sockaddr addr; socklen_t addrlen; @@ -1170,11 +1166,10 @@ channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset) error("accept from auth socket: %.100s", strerror(errno)); return; } - name = xstrdup("accepted auth socket"); nc = channel_new("accepted auth socket", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, - 0, name, 1); + 0, "accepted auth socket", 1); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring("auth-agent@openssh.com"); @@ -1996,8 +1991,8 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) originator_string, 1); c->remote_id = remote_id; } + xfree(originator_string); if (c == NULL) { - xfree(originator_string); packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); packet_send(); @@ -2094,7 +2089,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por /* Allocate a channel number for the socket. */ c = channel_new("port listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, xstrdup("port listener"), 1); + 0, "port listener", 1); strlcpy(c->path, host, sizeof(c->path)); c->host_port = port_to_connect; c->listening_port = listen_port; @@ -2450,7 +2445,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, nc = channel_new("x11 listener", SSH_CHANNEL_X11_LISTENER, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, xstrdup("X11 inet listener"), 1); + 0, "X11 inet listener", 1); nc->single_connection = single_connection; } @@ -2607,11 +2602,11 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) c->remote_id = remote_id; c->force_drain = 1; } + xfree(remote_host); if (c == NULL) { /* Send refusal to the remote host. */ packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); - xfree(remote_host); } else { /* Send a confirmation to the remote host. */ packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); @@ -2733,7 +2728,6 @@ auth_input_open_request(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; int remote_id, sock; - char *name; /* Read the remote channel number from the message. */ remote_id = packet_get_int(); @@ -2752,9 +2746,8 @@ auth_input_open_request(int type, u_int32_t seq, void *ctxt) * agent. */ if (sock >= 0) { - name = xstrdup("authentication agent connection"); c = channel_new("", SSH_CHANNEL_OPEN, sock, sock, - -1, 0, 0, 0, name, 1); + -1, 0, 0, 0, "authentication agent connection", 1); c->remote_id = remote_id; c->force_drain = 1; } diff --git a/clientloop.c b/clientloop.c index e4ef71632..e5270aa57 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.109 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.110 2003/05/11 20:30:24 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1145,7 +1145,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) c = channel_new("forwarded-tcpip", SSH_CHANNEL_CONNECTING, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, - xstrdup(originator_address), 1); + originator_address, 1); xfree(originator_address); xfree(listen_address); return c; @@ -1181,8 +1181,7 @@ client_request_x11(const char *request_type, int rchan) return NULL; c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, - xstrdup("x11"), 1); + CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); c->force_drain = 1; return c; } @@ -1204,7 +1203,7 @@ client_request_agent(const char *request_type, int rchan) c = channel_new("authentication agent connection", SSH_CHANNEL_OPEN, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, - xstrdup("authentication agent connection"), 1); + "authentication agent connection", 1); c->force_drain = 1; return c; } diff --git a/serverloop.c b/serverloop.c index 187afc716..39c2a488c 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.107 2003/04/02 09:48:07 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.108 2003/05/11 20:30:24 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -880,7 +880,7 @@ server_request_direct_tcpip(char *ctype) return NULL; c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, - CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"), 1); + CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); return c; } @@ -899,7 +899,7 @@ server_request_session(char *ctype) */ c = channel_new(ctype, SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, - 0, xstrdup("server-session"), 1); + 0, "server-session", 1); if (session_open(xxx_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); channel_free(c); diff --git a/session.c b/session.c index f52bc6585..1a86f5f81 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.155 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: session.c,v 1.156 2003/05/11 20:30:25 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -192,7 +192,7 @@ auth_input_request_forwarding(struct passwd * pw) nc = channel_new("auth socket", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, xstrdup("auth socket"), 1); + 0, "auth socket", 1); strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); return 1; } diff --git a/ssh.c b/ssh.c index 307b5f26a..6f5a146fe 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.191 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.192 2003/05/11 20:30:25 markus Exp $"); #include #include @@ -1132,7 +1132,7 @@ ssh_session2_open(void) c = channel_new( "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, - xstrdup("client-session"), /*nonblock*/0); + "client-session", /*nonblock*/0); debug3("ssh_session2_open: channel_new: %d", c->self); -- cgit v1.2.3 From 502d384b74fae68dd9e265f48c2026cef6c12806 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 28 Jun 2003 12:38:01 +1000 Subject: - markus@cvs.openbsd.org 2003/06/24 08:23:46 [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] int -> u_int; ok djm@, deraadt@, mouring@ --- ChangeLog | 6 +++++- auth2-hostbased.c | 4 ++-- auth2-pubkey.c | 4 ++-- auth2.c | 4 ++-- channels.c | 4 ++-- key.c | 6 +++--- key.h | 4 ++-- monitor.c | 4 ++-- packet.c | 8 ++++---- packet.h | 6 +++--- serverloop.c | 6 +++--- sshconnect2.c | 6 +++--- sshd.c | 4 ++-- 13 files changed, 35 insertions(+), 31 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index e6d0ce878..e64ef5b33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - markus@cvs.openbsd.org 2003/06/23 09:02:44 [ssh_config.5] document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@ + - markus@cvs.openbsd.org 2003/06/24 08:23:46 + [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h + monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] + int -> u_int; ok djm@, deraadt@, mouring@ 20030624 - (dtucker) Have configure refer the user to config.log and @@ -589,4 +593,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2824 2003/06/28 02:33:12 dtucker Exp $ +$Id: ChangeLog,v 1.2825 2003/06/28 02:38:01 dtucker Exp $ diff --git a/auth2-hostbased.c b/auth2-hostbased.c index bbc7d8a4d..505d3eff4 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-hostbased.c,v 1.4 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth2-hostbased.c,v 1.5 2003/06/24 08:23:46 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -42,7 +42,7 @@ RCSID("$OpenBSD: auth2-hostbased.c,v 1.4 2003/06/02 09:17:34 markus Exp $"); /* import */ extern ServerOptions options; extern u_char *session_id2; -extern int session_id2_len; +extern u_int session_id2_len; static int userauth_hostbased(Authctxt *authctxt) diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 85ee33eed..d51e939f1 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.3 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -44,7 +44,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.3 2003/04/08 20:21:28 itojun Exp $"); /* import */ extern ServerOptions options; extern u_char *session_id2; -extern int session_id2_len; +extern u_int session_id2_len; static int userauth_pubkey(Authctxt *authctxt) diff --git a/auth2.c b/auth2.c index 5ca020001..639bf9117 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.98 2003/05/14 02:15:47 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.99 2003/06/24 08:23:46 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -39,7 +39,7 @@ RCSID("$OpenBSD: auth2.c,v 1.98 2003/05/14 02:15:47 markus Exp $"); /* import */ extern ServerOptions options; extern u_char *session_id2; -extern int session_id2_len; +extern u_int session_id2_len; Authctxt *x_authctxt = NULL; diff --git a/channels.c b/channels.c index ad879cc61..04ef6575c 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.190 2003/05/11 20:30:24 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.191 2003/06/24 08:23:46 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -419,7 +419,7 @@ channel_not_very_much_buffered_data(void) } #endif if (buffer_len(&c->output) > packet_get_maxsize()) { - debug2("channel %d: big output buffer %d > %d", + debug2("channel %d: big output buffer %u > %u", c->self, buffer_len(&c->output), packet_get_maxsize()); return 0; diff --git a/key.c b/key.c index d918cfd0a..b101e1b27 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.52 2003/05/14 18:16:20 jakob Exp $"); +RCSID("$OpenBSD: key.c,v 1.53 2003/06/24 08:23:46 markus Exp $"); #include @@ -438,7 +438,7 @@ key_read(Key *ret, char **cpp) xfree(blob); return -1; } - k = key_from_blob(blob, n); + k = key_from_blob(blob, (u_int)n); xfree(blob); if (k == NULL) { error("key_read: key_from_blob %s failed", cp); @@ -674,7 +674,7 @@ key_names_valid2(const char *names) } Key * -key_from_blob(u_char *blob, int blen) +key_from_blob(u_char *blob, u_int blen) { Buffer b; char *ktype; diff --git a/key.h b/key.h index a7b6afe86..28753fdfa 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.21 2003/05/14 18:16:20 jakob Exp $ */ +/* $OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -71,7 +71,7 @@ Key *key_generate(int, u_int); Key *key_from_private(Key *); int key_type_from_name(char *); -Key *key_from_blob(u_char *, int); +Key *key_from_blob(u_char *, u_int); int key_to_blob(Key *, u_char **, u_int *); char *key_ssh_name(Key *); int key_names_valid2(const char *); diff --git a/monitor.c b/monitor.c index f306794d4..3a8735f58 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.43 2003/06/12 07:57:38 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.44 2003/06/24 08:23:46 markus Exp $"); #include @@ -141,7 +141,7 @@ static int key_blobtype = MM_NOKEY; static char *hostbased_cuser = NULL; static char *hostbased_chost = NULL; static char *auth_method = "unknown"; -static int session_id2_len = 0; +static u_int session_id2_len = 0; static u_char *session_id2 = NULL; static pid_t monitor_child_pid; diff --git a/packet.c b/packet.c index 07e90b899..022212074 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.107 2003/06/10 22:20:52 deraadt Exp $"); +RCSID("$OpenBSD: packet.c,v 1.108 2003/06/24 08:23:46 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -108,7 +108,7 @@ static int compression_buffer_ready = 0; static int packet_compression = 0; /* default maximum packet size */ -int max_packet_size = 32768; +u_int max_packet_size = 32768; /* Flag indicating whether this module has been initialized. */ static int initialized = 0; @@ -1446,8 +1446,8 @@ packet_is_interactive(void) return interactive_mode; } -int -packet_set_maxsize(int s) +u_int +packet_set_maxsize(u_int s) { static int called = 0; diff --git a/packet.h b/packet.h index fa000d686..7732fafb7 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.39 2003/04/08 20:21:29 itojun Exp $ */ +/* $OpenBSD: packet.h,v 1.40 2003/06/24 08:23:46 markus Exp $ */ /* * Author: Tatu Ylonen @@ -81,8 +81,8 @@ void packet_add_padding(u_char); void tty_make_modes(int, struct termios *); void tty_parse_modes(int, int *); -extern int max_packet_size; -int packet_set_maxsize(int); +extern u_int max_packet_size; +u_int packet_set_maxsize(u_int); #define packet_get_maxsize() max_packet_size /* don't allow remaining bytes after the end of the message */ diff --git a/serverloop.c b/serverloop.c index 90eec0855..a95390273 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.109 2003/06/04 12:03:59 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.110 2003/06/24 08:23:46 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -158,7 +158,7 @@ sigchld_handler(int sig) static void make_packets_from_stderr_data(void) { - int len; + u_int len; /* Send buffered stderr data to the client. */ while (buffer_len(&stderr_buffer) > 0 && @@ -187,7 +187,7 @@ make_packets_from_stderr_data(void) static void make_packets_from_stdout_data(void) { - int len; + u_int len; /* Send buffered stdout data to the client. */ while (buffer_len(&stdout_buffer) > 0 && diff --git a/sshconnect2.c b/sshconnect2.c index 1b85730fe..6a0bd409a 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.119 2003/05/15 00:28:28 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.120 2003/06/24 08:23:46 markus Exp $"); #ifdef KRB5 #include @@ -67,7 +67,7 @@ extern Options options; */ u_char *session_id2 = NULL; -int session_id2_len = 0; +u_int session_id2_len = 0; char *xxx_host; struct sockaddr *xxx_hostaddr; @@ -591,7 +591,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) Buffer b; u_char *blob, *signature; u_int bloblen, slen; - int skip = 0; + u_int skip = 0; int ret = -1; int have_sig = 1; diff --git a/sshd.c b/sshd.c index bc458488b..b8f360841 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.268 2003/06/04 10:23:48 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.269 2003/06/24 08:23:46 markus Exp $"); #include #include @@ -188,7 +188,7 @@ u_char session_id[16]; /* same for ssh2 */ u_char *session_id2 = NULL; -int session_id2_len = 0; +u_int session_id2_len = 0; /* record remote hostname or ip */ u_int utmp_len = MAXHOSTNAMELEN; -- cgit v1.2.3 From 9189ff89c3c15f152d8daedb09c4101a96365da4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 3 Jul 2003 13:52:04 +1000 Subject: - markus@cvs.openbsd.org 2003/07/02 12:56:34 [channels.c] deny dynamic forwarding with -R for v1, too; ok djm@ --- ChangeLog | 5 ++++- channels.c | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index ee5276502..40cf07d41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ - markus@cvs.openbsd.org 2003/06/29 12:44:38 [sshconnect.c] memset 0, not \0; andrushock@korovino.net + - markus@cvs.openbsd.org 2003/07/02 12:56:34 + [channels.c] + deny dynamic forwarding with -R for v1, too; ok djm@ 20030630 - (djm) Search for support functions necessary to build our @@ -632,4 +635,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2838 2003/07/03 03:48:04 dtucker Exp $ +$Id: ChangeLog,v 1.2839 2003/07/03 03:52:04 dtucker Exp $ diff --git a/channels.c b/channels.c index 04ef6575c..ce07db5c0 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.191 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.192 2003/07/02 12:56:34 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2201,9 +2201,13 @@ channel_input_port_forward_request(int is_root, int gateway_ports) * privileged port. */ if (port < IPPORT_RESERVED && !is_root) - packet_disconnect("Requested forwarding of port %d but user is not root.", - port); + packet_disconnect( + "Requested forwarding of port %d but user is not root.", + port); + if (host_port == 0) + packet_disconnect("Dynamic forwarding denied."); #endif + /* Initiate forwarding */ channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports); -- cgit v1.2.3 From 46471c9a81bdd0d797149a20364645bc6ffcf2cc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 3 Jul 2003 13:55:19 +1000 Subject: - markus@cvs.openbsd.org 2003/07/02 14:51:16 [channels.c ssh.1 ssh_config.5] (re)add socks5 suppport to -D; ok djm@ now ssh(1) can act both as a socks 4 and socks 5 server and dynamically forward ports. --- ChangeLog | 7 +++- channels.c | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- ssh.1 | 6 +-- ssh_config.5 | 6 +-- 4 files changed, 129 insertions(+), 10 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 40cf07d41..9c960f13d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,11 @@ - markus@cvs.openbsd.org 2003/07/02 12:56:34 [channels.c] deny dynamic forwarding with -R for v1, too; ok djm@ + - markus@cvs.openbsd.org 2003/07/02 14:51:16 + [channels.c ssh.1 ssh_config.5] + (re)add socks5 suppport to -D; ok djm@ + now ssh(1) can act both as a socks 4 and socks 5 server and + dynamically forward ports. 20030630 - (djm) Search for support functions necessary to build our @@ -635,4 +640,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2839 2003/07/03 03:52:04 dtucker Exp $ +$Id: ChangeLog,v 1.2840 2003/07/03 03:55:19 dtucker Exp $ diff --git a/channels.c b/channels.c index ce07db5c0..e5b2b8c51 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.192 2003/07/02 12:56:34 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.193 2003/07/02 14:51:16 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -54,7 +54,7 @@ RCSID("$OpenBSD: channels.c,v 1.192 2003/07/02 12:56:34 markus Exp $"); #include "key.h" #include "authfd.h" #include "pathnames.h" - +#include "bufaux.h" /* -- channel core */ @@ -941,6 +941,117 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) return 1; } +/* try to decode a socks5 header */ +#define SSH_SOCKS5_AUTHDONE 0x1000 +#define SSH_SOCKS5_NOAUTH 0x00 +#define SSH_SOCKS5_IPV4 0x01 +#define SSH_SOCKS5_DOMAIN 0x03 +#define SSH_SOCKS5_IPV6 0x04 +#define SSH_SOCKS5_CONNECT 0x01 +#define SSH_SOCKS5_SUCCESS 0x00 + +static int +channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) +{ + struct { + u_int8_t version; + u_int8_t command; + u_int8_t reserved; + u_int8_t atyp; + } s5_req, s5_rsp; + u_int16_t dest_port; + u_char *p, dest_addr[255+1]; + int i, have, found, nmethods, addrlen, af; + + debug2("channel %d: decode socks5", c->self); + p = buffer_ptr(&c->input); + if (p[0] != 0x05) + return -1; + have = buffer_len(&c->input); + if (!(c->flags & SSH_SOCKS5_AUTHDONE)) { + /* format: ver | nmethods | methods */ + if (have < 2) + return 0; + nmethods = p[1]; + if (have < nmethods + 2) + return 0; + /* look for method: "NO AUTHENTICATION REQUIRED" */ + for (found = 0, i = 2 ; i < nmethods + 2; i++) { + if (p[i] == SSH_SOCKS5_NOAUTH ) { + found = 1; + break; + } + } + if (!found) { + debug("channel %d: method SSH_SOCKS5_NOAUTH not found", + c->self); + return -1; + } + buffer_consume(&c->input, nmethods + 2); + buffer_put_char(&c->output, 0x05); /* version */ + buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */ + FD_SET(c->sock, writeset); + c->flags |= SSH_SOCKS5_AUTHDONE; + debug2("channel %d: socks5 auth done", c->self); + return 0; /* need more */ + } + debug2("channel %d: socks5 post auth", c->self); + if (have < sizeof(s5_req)+1) + return 0; /* need more */ + memcpy((char *)&s5_req, p, sizeof(s5_req)); + if (s5_req.version != 0x05 || + s5_req.command != SSH_SOCKS5_CONNECT || + s5_req.reserved != 0x00) { + debug("channel %d: only socks5 connect supported", c->self); + return -1; + } + switch(s5_req.atyp){ + case SSH_SOCKS5_IPV4: + addrlen = 4; + af = AF_INET; + break; + case SSH_SOCKS5_DOMAIN: + addrlen = p[sizeof(s5_req)]; + af = -1; + break; + case SSH_SOCKS5_IPV6: + addrlen = 16; + af = AF_INET6; + break; + default: + debug("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp); + return -1; + } + if (have < 4 + addrlen + 2) + return 0; + buffer_consume(&c->input, sizeof(s5_req)); + if (s5_req.atyp == SSH_SOCKS5_DOMAIN) + buffer_consume(&c->input, 1); /* host string length */ + buffer_get(&c->input, (char *)&dest_addr, addrlen); + buffer_get(&c->input, (char *)&dest_port, 2); + dest_addr[addrlen] = '\0'; + if (s5_req.atyp == SSH_SOCKS5_DOMAIN) + strlcpy(c->path, dest_addr, sizeof(c->path)); + else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL) + return -1; + c->host_port = ntohs(dest_port); + + debug("channel %d: dynamic request: socks5 host %s port %u command %u", + c->self, c->path, c->host_port, s5_req.command); + + s5_rsp.version = 0x05; + s5_rsp.command = SSH_SOCKS5_SUCCESS; + s5_rsp.reserved = 0; /* ignored */ + s5_rsp.atyp = SSH_SOCKS5_IPV4; + ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY; + dest_port = 0; /* ignored */ + + buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp)); + buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr)); + buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port)); + return 1; +} + /* dynamic port forwarding */ static void channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) @@ -953,7 +1064,7 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) debug2("channel %d: pre_dynamic: have %d", c->self, have); /* buffer_dump(&c->input); */ /* check if the fixed size part of the packet is in buffer. */ - if (have < 4) { + if (have < 3) { /* need more */ FD_SET(c->sock, readset); return; @@ -964,6 +1075,9 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) case 0x04: ret = channel_decode_socks4(c, readset, writeset); break; + case 0x05: + ret = channel_decode_socks5(c, readset, writeset); + break; default: ret = -1; break; diff --git a/ssh.1 b/ssh.1 index defc0e640..8a7d2f428 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.173 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.174 2003/07/02 14:51:16 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -649,9 +649,9 @@ on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. -Currently the SOCKS4 protocol is supported, and +Currently the SOCKS4 and SOCKS5 protocols are supported, and .Nm -will act as a SOCKS4 server. +will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. .It Fl 1 diff --git a/ssh_config.5 b/ssh_config.5 index 56df3acec..79d05f018 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.14 2003/06/23 09:02:44 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.15 2003/07/02 14:51:16 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -246,9 +246,9 @@ over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. The argument must be a port number. -Currently the SOCKS4 protocol is supported, and +Currently the SOCKS4 and SOCKS5 protocols are supported, and .Nm ssh -will act as a SOCKS4 server. +will act as a SOCKS server. Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. -- cgit v1.2.3 From fbdeecef92bbf5b265bdb8d8c876c6989a0e8c9e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 2 Sep 2003 22:52:31 +1000 Subject: - markus@cvs.openbsd.org 2003/08/29 10:04:36 [channels.c nchan.c] be less chatty; debug -> debug2, cleanup; ok henning@ --- ChangeLog | 5 ++++- channels.c | 62 +++++++++++++++++++++++++++++++------------------------------- nchan.c | 46 +++++++++++++++++++++++----------------------- 3 files changed, 58 insertions(+), 55 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 55b2975ba..8ef52dc25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ - markus@cvs.openbsd.org 2003/08/29 10:03:15 [compat.c compat.h] SSH_BUG_K5USER is unused; ok henning@ + - markus@cvs.openbsd.org 2003/08/29 10:04:36 + [channels.c nchan.c] + be less chatty; debug -> debug2, cleanup; ok henning@ 20030829 - (bal) openbsd-compat/ clean up. Considate headers, add in Id on our @@ -927,4 +930,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2922 2003/09/02 12:52:00 djm Exp $ +$Id: ChangeLog,v 1.2923 2003/09/02 12:52:31 djm Exp $ diff --git a/channels.c b/channels.c index e5b2b8c51..65a6a7f00 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.193 2003/07/02 14:51:16 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.194 2003/08/29 10:04:36 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -177,7 +177,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, /* XXX ugly hack: nonblock is only set by the server */ if (nonblock && isatty(c->rfd)) { - debug("channel %d: rfd %d isatty", c->self, c->rfd); + debug2("channel %d: rfd %d isatty", c->self, c->rfd); c->isatty = 1; if (!isatty(c->wfd)) { error("channel %d: wfd %d is not a tty?", @@ -304,7 +304,7 @@ channel_close_fd(int *fdp) static void channel_close_fds(Channel *c) { - debug3("channel_close_fds: channel %d: r %d w %d e %d", + debug3("channel %d: close_fds r %d w %d e %d", c->self, c->rfd, c->wfd, c->efd); channel_close_fd(&c->sock); @@ -324,11 +324,11 @@ channel_free(Channel *c) for (n = 0, i = 0; i < channels_alloc; i++) if (channels[i]) n++; - debug("channel_free: channel %d: %s, nchannels %d", c->self, + debug("channel %d: free: %s, nchannels %d", c->self, c->remote_name ? c->remote_name : "???", n); s = channel_open_message(); - debug3("channel_free: status: %s", s); + debug3("channel %d: status: %s", c->self, s); xfree(s); if (c->sock != -1) @@ -596,7 +596,7 @@ channel_request_start(int id, char *service, int wantconfirm) logit("channel_request_start: %d: unknown channel id", id); return; } - debug("channel %d: request %s", id, service) ; + debug2("channel %d: request %s", id, service) ; packet_start(SSH2_MSG_CHANNEL_REQUEST); packet_put_int(c->remote_id); packet_put_cstring(service); @@ -739,7 +739,7 @@ channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset) packet_put_int(c->remote_id); packet_send(); c->type = SSH_CHANNEL_CLOSED; - debug("channel %d: closing after input drain.", c->self); + debug2("channel %d: closing after input drain.", c->self); } } @@ -780,7 +780,7 @@ x11_open_helper(Buffer *b) proto_len = ucp[6] + 256 * ucp[7]; data_len = ucp[8] + 256 * ucp[9]; } else { - debug("Initial X11 packet contains bad byte order byte: 0x%x", + debug2("Initial X11 packet contains bad byte order byte: 0x%x", ucp[0]); return -1; } @@ -793,14 +793,14 @@ x11_open_helper(Buffer *b) /* Check if authentication protocol matches. */ if (proto_len != strlen(x11_saved_proto) || memcmp(ucp + 12, x11_saved_proto, proto_len) != 0) { - debug("X11 connection uses different authentication protocol."); + debug2("X11 connection uses different authentication protocol."); return -1; } /* Check if authentication data matches our fake data. */ if (data_len != x11_fake_data_len || memcmp(ucp + 12 + ((proto_len + 3) & ~3), x11_fake_data, x11_fake_data_len) != 0) { - debug("X11 auth data does not match fake data."); + debug2("X11 auth data does not match fake data."); return -1; } /* Check fake data length */ @@ -857,7 +857,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) channel_pre_open(c, readset, writeset); } else if (ret == -1) { logit("X11 connection rejected because of wrong authentication."); - debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); + debug2("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); chan_read_failed(c); buffer_clear(&c->input); chan_ibuf_empty(c); @@ -867,7 +867,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) chan_write_failed(c); else c->type = SSH_CHANNEL_OPEN; - debug("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate); + debug2("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate); } } @@ -925,7 +925,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) strlcpy(c->path, host, sizeof(c->path)); c->host_port = ntohs(s4_req.dest_port); - debug("channel %d: dynamic request: socks4 host %s port %u command %u", + debug2("channel %d: dynamic request: socks4 host %s port %u command %u", c->self, host, c->host_port, s4_req.command); if (s4_req.command != 1) { @@ -1002,7 +1002,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) if (s5_req.version != 0x05 || s5_req.command != SSH_SOCKS5_CONNECT || s5_req.reserved != 0x00) { - debug("channel %d: only socks5 connect supported", c->self); + debug2("channel %d: only socks5 connect supported", c->self); return -1; } switch(s5_req.atyp){ @@ -1019,7 +1019,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) af = AF_INET6; break; default: - debug("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp); + debug2("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp); return -1; } if (have < 4 + addrlen + 2) @@ -1036,7 +1036,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) return -1; c->host_port = ntohs(dest_port); - debug("channel %d: dynamic request: socks5 host %s port %u command %u", + debug2("channel %d: dynamic request: socks5 host %s port %u command %u", c->self, c->path, c->host_port, s5_req.command); s5_rsp.version = 0x05; @@ -1111,7 +1111,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) addrlen = sizeof(addr); newsock = accept(c->sock, &addr, &addrlen); if (c->single_connection) { - debug("single_connection: closing X11 listener."); + debug2("single_connection: closing X11 listener."); channel_close_fd(&c->sock); chan_mark_dead(c); } @@ -1137,7 +1137,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) /* originator ipaddr and port */ packet_put_cstring(remote_ipaddr); if (datafellows & SSH_BUG_X11FWD) { - debug("ssh2 x11 bug compat mode"); + debug2("ssh2 x11 bug compat mode"); } else { packet_put_int(remote_port); } @@ -1356,16 +1356,16 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { - debug("channel %d: read<=0 rfd %d len %d", + debug2("channel %d: read<=0 rfd %d len %d", c->self, c->rfd, len); if (c->type != SSH_CHANNEL_OPEN) { - debug("channel %d: not open", c->self); + debug2("channel %d: not open", c->self); chan_mark_dead(c); return -1; } else if (compat13) { buffer_clear(&c->output); c->type = SSH_CHANNEL_INPUT_DRAINING; - debug("channel %d: input draining.", c->self); + debug2("channel %d: input draining.", c->self); } else { chan_read_failed(c); } @@ -1373,7 +1373,7 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) } if (c->input_filter != NULL) { if (c->input_filter(c, buf, len) == -1) { - debug("channel %d: filter stops", c->self); + debug2("channel %d: filter stops", c->self); chan_read_failed(c); } } else { @@ -1406,12 +1406,12 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) return 1; if (len <= 0) { if (c->type != SSH_CHANNEL_OPEN) { - debug("channel %d: not open", c->self); + debug2("channel %d: not open", c->self); chan_mark_dead(c); return -1; } else if (compat13) { buffer_clear(&c->output); - debug("channel %d: input draining.", c->self); + debug2("channel %d: input draining.", c->self); c->type = SSH_CHANNEL_INPUT_DRAINING; } else { chan_write_failed(c); @@ -1618,16 +1618,16 @@ channel_garbage_collect(Channel *c) if (c->detach_user != NULL) { if (!chan_is_dead(c, 0)) return; - debug("channel %d: gc: notify user", c->self); + debug2("channel %d: gc: notify user", c->self); c->detach_user(c->self, NULL); /* if we still have a callback */ if (c->detach_user != NULL) return; - debug("channel %d: gc: user detached", c->self); + debug2("channel %d: gc: user detached", c->self); } if (!chan_is_dead(c, 1)) return; - debug("channel %d: garbage collecting", c->self); + debug2("channel %d: garbage collecting", c->self); channel_free(c); } @@ -2002,7 +2002,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) c->confirm(c->self, NULL); debug2("callback done"); } - debug("channel %d: open confirm rwindow %u rmax %u", c->self, + debug2("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); } packet_check_eom(); @@ -2514,7 +2514,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } #endif if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - debug("bind port %d: %.100s", port, strerror(errno)); + debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); if (ai->ai_next) @@ -2663,12 +2663,12 @@ x11_connect_display(void) /* Create a socket. */ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { - debug("socket: %.100s", strerror(errno)); + debug2("socket: %.100s", strerror(errno)); continue; } /* Connect it to the display. */ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - debug("connect %.100s port %d: %.100s", buf, + debug2("connect %.100s port %d: %.100s", buf, 6000 + display_number, strerror(errno)); close(sock); continue; diff --git a/nchan.c b/nchan.c index 2935df320..3138cdd19 100644 --- a/nchan.c +++ b/nchan.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.48 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.49 2003/08/29 10:04:36 markus Exp $"); #include "ssh1.h" #include "ssh2.h" @@ -83,7 +83,7 @@ chan_set_istate(Channel *c, u_int next) { if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED) fatal("chan_set_istate: bad state %d -> %d", c->istate, next); - debug("channel %d: input %s -> %s", c->self, istates[c->istate], + debug2("channel %d: input %s -> %s", c->self, istates[c->istate], istates[next]); c->istate = next; } @@ -92,7 +92,7 @@ chan_set_ostate(Channel *c, u_int next) { if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED) fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next); - debug("channel %d: output %s -> %s", c->self, ostates[c->ostate], + debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate], ostates[next]); c->ostate = next; } @@ -104,7 +104,7 @@ chan_set_ostate(Channel *c, u_int next) static void chan_rcvd_oclose1(Channel *c) { - debug("channel %d: rcvd oclose", c->self); + debug2("channel %d: rcvd oclose", c->self); switch (c->istate) { case CHAN_INPUT_WAIT_OCLOSE: chan_set_istate(c, CHAN_INPUT_CLOSED); @@ -128,7 +128,7 @@ chan_rcvd_oclose1(Channel *c) void chan_read_failed(Channel *c) { - debug("channel %d: read failed", c->self); + debug2("channel %d: read failed", c->self); switch (c->istate) { case CHAN_INPUT_OPEN: chan_shutdown_read(c); @@ -143,7 +143,7 @@ chan_read_failed(Channel *c) void chan_ibuf_empty(Channel *c) { - debug("channel %d: ibuf empty", c->self); + debug2("channel %d: ibuf empty", c->self); if (buffer_len(&c->input)) { error("channel %d: chan_ibuf_empty for non empty buffer", c->self); @@ -169,7 +169,7 @@ chan_ibuf_empty(Channel *c) static void chan_rcvd_ieof1(Channel *c) { - debug("channel %d: rcvd ieof", c->self); + debug2("channel %d: rcvd ieof", c->self); switch (c->ostate) { case CHAN_OUTPUT_OPEN: chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); @@ -186,7 +186,7 @@ chan_rcvd_ieof1(Channel *c) static void chan_write_failed1(Channel *c) { - debug("channel %d: write failed", c->self); + debug2("channel %d: write failed", c->self); switch (c->ostate) { case CHAN_OUTPUT_OPEN: chan_shutdown_write(c); @@ -207,7 +207,7 @@ chan_write_failed1(Channel *c) void chan_obuf_empty(Channel *c) { - debug("channel %d: obuf empty", c->self); + debug2("channel %d: obuf empty", c->self); if (buffer_len(&c->output)) { error("channel %d: chan_obuf_empty for non empty buffer", c->self); @@ -229,7 +229,7 @@ chan_obuf_empty(Channel *c) static void chan_send_ieof1(Channel *c) { - debug("channel %d: send ieof", c->self); + debug2("channel %d: send ieof", c->self); switch (c->istate) { case CHAN_INPUT_OPEN: case CHAN_INPUT_WAIT_DRAIN: @@ -246,7 +246,7 @@ chan_send_ieof1(Channel *c) static void chan_send_oclose1(Channel *c) { - debug("channel %d: send oclose", c->self); + debug2("channel %d: send oclose", c->self); switch (c->ostate) { case CHAN_OUTPUT_OPEN: case CHAN_OUTPUT_WAIT_DRAIN: @@ -268,7 +268,7 @@ chan_send_oclose1(Channel *c) static void chan_rcvd_close2(Channel *c) { - debug("channel %d: rcvd close", c->self); + debug2("channel %d: rcvd close", c->self); if (c->flags & CHAN_CLOSE_RCVD) error("channel %d: protocol error: close rcvd twice", c->self); c->flags |= CHAN_CLOSE_RCVD; @@ -301,7 +301,7 @@ chan_rcvd_close2(Channel *c) static void chan_rcvd_eof2(Channel *c) { - debug("channel %d: rcvd eof", c->self); + debug2("channel %d: rcvd eof", c->self); c->flags |= CHAN_EOF_RCVD; if (c->ostate == CHAN_OUTPUT_OPEN) chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); @@ -309,7 +309,7 @@ chan_rcvd_eof2(Channel *c) static void chan_write_failed2(Channel *c) { - debug("channel %d: write failed", c->self); + debug2("channel %d: write failed", c->self); switch (c->ostate) { case CHAN_OUTPUT_OPEN: case CHAN_OUTPUT_WAIT_DRAIN: @@ -325,7 +325,7 @@ chan_write_failed2(Channel *c) static void chan_send_eof2(Channel *c) { - debug("channel %d: send eof", c->self); + debug2("channel %d: send eof", c->self); switch (c->istate) { case CHAN_INPUT_WAIT_DRAIN: packet_start(SSH2_MSG_CHANNEL_EOF); @@ -342,7 +342,7 @@ chan_send_eof2(Channel *c) static void chan_send_close2(Channel *c) { - debug("channel %d: send close", c->self); + debug2("channel %d: send close", c->self); if (c->ostate != CHAN_OUTPUT_CLOSED || c->istate != CHAN_INPUT_CLOSED) { error("channel %d: cannot send close for istate/ostate %d/%d", @@ -398,13 +398,13 @@ int chan_is_dead(Channel *c, int send) { if (c->type == SSH_CHANNEL_ZOMBIE) { - debug("channel %d: zombie", c->self); + debug2("channel %d: zombie", c->self); return 1; } if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) return 0; if (!compat20) { - debug("channel %d: is dead", c->self); + debug2("channel %d: is dead", c->self); return 1; } if ((datafellows & SSH_BUG_EXTEOF) && @@ -421,7 +421,7 @@ chan_is_dead(Channel *c, int send) } else { /* channel would be dead if we sent a close */ if (c->flags & CHAN_CLOSE_RCVD) { - debug("channel %d: almost dead", + debug2("channel %d: almost dead", c->self); return 1; } @@ -429,7 +429,7 @@ chan_is_dead(Channel *c, int send) } if ((c->flags & CHAN_CLOSE_SENT) && (c->flags & CHAN_CLOSE_RCVD)) { - debug("channel %d: is dead", c->self); + debug2("channel %d: is dead", c->self); return 1; } return 0; @@ -443,10 +443,10 @@ chan_shutdown_write(Channel *c) if (compat20 && c->type == SSH_CHANNEL_LARVAL) return; /* shutdown failure is allowed if write failed already */ - debug("channel %d: close_write", c->self); + debug2("channel %d: close_write", c->self); if (c->sock != -1) { if (shutdown(c->sock, SHUT_WR) < 0) - debug("channel %d: chan_shutdown_write: " + debug2("channel %d: chan_shutdown_write: " "shutdown() failed for fd%d: %.100s", c->self, c->sock, strerror(errno)); } else { @@ -461,7 +461,7 @@ chan_shutdown_read(Channel *c) { if (compat20 && c->type == SSH_CHANNEL_LARVAL) return; - debug("channel %d: close_read", c->self); + debug2("channel %d: close_read", c->self); if (c->sock != -1) { /* * shutdown(sock, SHUT_READ) may return ENOTCONN if the -- cgit v1.2.3 From 92dc672aac7e659192a8eb0ee401e81ce63e48b2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Sep 2003 07:34:12 +1000 Subject: - (djm) OpenBSD Sync - markus@cvs.openbsd.org 2003/09/16 21:02:40 [buffer.c channels.c version.h] more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU --- ChangeLog | 8 +++++++- buffer.c | 15 ++++++++++----- channels.c | 7 ++++--- version.h | 4 ++-- 4 files changed, 23 insertions(+), 11 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index b5505da19..8093c7abd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20030917 + - (djm) OpenBSD Sync + - markus@cvs.openbsd.org 2003/09/16 21:02:40 + [buffer.c channels.c version.h] + more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU + 20030916 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it @@ -1107,4 +1113,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994.2.4 2003/09/16 06:00:52 djm Exp $ +$Id: ChangeLog,v 1.2994.2.5 2003/09/16 21:34:12 djm Exp $ diff --git a/buffer.c b/buffer.c index 8ff8c2f48..aee293f8b 100644 --- a/buffer.c +++ b/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.18 2003/09/16 21:02:39 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -23,8 +23,11 @@ RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $"); void buffer_init(Buffer *buffer) { - buffer->alloc = 4096; - buffer->buf = xmalloc(buffer->alloc); + const u_int len = 4096; + + buffer->alloc = 0; + buffer->buf = xmalloc(len); + buffer->alloc = len; buffer->offset = 0; buffer->end = 0; } @@ -34,8 +37,10 @@ buffer_init(Buffer *buffer) void buffer_free(Buffer *buffer) { - memset(buffer->buf, 0, buffer->alloc); - xfree(buffer->buf); + if (buffer->alloc > 0) { + memset(buffer->buf, 0, buffer->alloc); + xfree(buffer->buf); + } } /* diff --git a/channels.c b/channels.c index 65a6a7f00..3d75c8f2b 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.194 2003/08/29 10:04:36 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.195 2003/09/16 21:02:40 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -229,12 +229,13 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, if (found == -1) { /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; - channels_alloc += 10; if (channels_alloc > 10000) fatal("channel_new: internal error: channels_alloc %d " "too big.", channels_alloc); + channels = xrealloc(channels, + (channels_alloc + 10) * sizeof(Channel *)); + channels_alloc += 10; debug2("channel: expanding %d", channels_alloc); - channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); for (i = found; i < channels_alloc; i++) channels[i] = NULL; } diff --git a/version.h b/version.h index 37e0c22ab..20daac42a 100644 --- a/version.h +++ b/version.h @@ -1,3 +1,3 @@ -/* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */ +/* $OpenBSD: version.h,v 1.39 2003/09/16 21:02:40 markus Exp $ */ -#define SSH_VERSION "OpenSSH_3.7p1" +#define SSH_VERSION "OpenSSH_3.7.1p1" -- cgit v1.2.3