2016-10-18 19:32:54 +02:00
|
|
|
/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */
|
1999-10-27 05:42:43 +02:00
|
|
|
/*
|
1999-11-24 14:26:21 +01:00
|
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
|
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
|
* All rights reserved
|
|
|
|
|
* This file contains functions for generic socket connection forwarding.
|
|
|
|
|
* There is also code for initiating connection forwarding for X11 connections,
|
|
|
|
|
* arbitrary tcp/ip connections, and the authentication agent connection.
|
2000-04-16 03:18:38 +02:00
|
|
|
*
|
2000-09-16 04:29:08 +02:00
|
|
|
* As far as I am concerned, the code I have written for this software
|
|
|
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
|
|
|
* software must be clearly marked as such, and if the derived work is
|
|
|
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
|
|
|
* called by a name other than "ssh" or "Secure Shell".
|
|
|
|
|
*
|
2000-04-04 06:38:59 +02:00
|
|
|
* SSH2 support added by Markus Friedl.
|
2002-01-22 13:19:38 +01:00
|
|
|
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
2000-09-16 04:29:08 +02:00
|
|
|
* Copyright (c) 1999 Dug Song. All rights reserved.
|
|
|
|
|
* Copyright (c) 1999 Theo de Raadt. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
1999-11-24 14:26:21 +01:00
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
|
#include "includes.h"
|
2006-03-15 01:28:34 +01:00
|
|
|
|
2006-03-15 01:40:10 +01:00
|
|
|
#include <sys/types.h>
|
2014-07-18 06:11:24 +02:00
|
|
|
#include <sys/stat.h>
|
2006-08-05 04:39:39 +02:00
|
|
|
#include <sys/ioctl.h>
|
2006-03-15 01:40:10 +01:00
|
|
|
#include <sys/un.h>
|
2006-07-10 12:26:27 +02:00
|
|
|
#include <sys/socket.h>
|
2006-08-05 02:57:45 +02:00
|
|
|
#ifdef HAVE_SYS_TIME_H
|
|
|
|
|
# include <sys/time.h>
|
|
|
|
|
#endif
|
2006-07-10 12:26:27 +02:00
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <arpa/inet.h>
|
2006-03-15 01:11:28 +01:00
|
|
|
|
2006-07-12 14:22:46 +02:00
|
|
|
#include <errno.h>
|
2010-01-08 07:07:22 +01:00
|
|
|
#include <fcntl.h>
|
2006-07-24 06:51:00 +02:00
|
|
|
#include <netdb.h>
|
2015-02-22 17:07:24 +01:00
|
|
|
#ifdef HAVE_STDINT_H
|
2015-02-07 00:21:59 +01:00
|
|
|
#include <stdint.h>
|
2015-02-22 17:07:24 +01:00
|
|
|
#endif
|
2006-08-05 03:37:59 +02:00
|
|
|
#include <stdio.h>
|
2006-08-05 03:34:19 +02:00
|
|
|
#include <stdlib.h>
|
2006-07-24 06:13:33 +02:00
|
|
|
#include <string.h>
|
2006-03-15 01:11:28 +01:00
|
|
|
#include <termios.h>
|
2006-07-24 06:01:23 +02:00
|
|
|
#include <unistd.h>
|
2006-08-05 04:39:39 +02:00
|
|
|
#include <stdarg.h>
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2008-05-19 07:05:07 +02:00
|
|
|
#include "openbsd-compat/sys-queue.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "xmalloc.h"
|
1999-10-27 05:42:43 +02:00
|
|
|
#include "ssh.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "ssh1.h"
|
|
|
|
|
#include "ssh2.h"
|
2016-09-30 11:19:13 +02:00
|
|
|
#include "ssherr.h"
|
1999-10-27 05:42:43 +02:00
|
|
|
#include "packet.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "log.h"
|
|
|
|
|
#include "misc.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "buffer.h"
|
1999-10-27 05:42:43 +02:00
|
|
|
#include "channels.h"
|
|
|
|
|
#include "compat.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "canohost.h"
|
2000-07-21 02:19:44 +02:00
|
|
|
#include "key.h"
|
|
|
|
|
#include "authfd.h"
|
2001-12-21 02:39:51 +01:00
|
|
|
#include "pathnames.h"
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* -- channel core */
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Pointer to an array containing all allocated channels. The array is
|
|
|
|
|
* dynamically extended as needed.
|
|
|
|
|
*/
|
2001-05-05 06:09:47 +02:00
|
|
|
static Channel **channels = NULL;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Size of the channel array. All slots of the array must always be
|
2001-05-05 06:09:47 +02:00
|
|
|
* initialized (at least the type field); unused slots set to NULL
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2004-08-13 13:18:00 +02:00
|
|
|
static u_int channels_alloc = 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Maximum file descriptor value used in any of the channels. This is
|
2001-05-05 06:09:47 +02:00
|
|
|
* updated in channel_new.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2001-01-29 23:14:00 +01:00
|
|
|
static int channel_max_fd = 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* -- tcp forwarding */
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Data structure for storing which hosts are permitted for forward requests.
|
|
|
|
|
* The local sides of any remote forwards are stored in this array to prevent
|
|
|
|
|
* a corrupt remote server from accessing arbitrary TCP/IP ports on our local
|
|
|
|
|
* network (which might be behind a firewall).
|
|
|
|
|
*/
|
2014-07-18 06:11:24 +02:00
|
|
|
/* XXX: streamlocal wants a path instead of host:port */
|
|
|
|
|
/* Overload host_to_connect; we could just make this match Forward */
|
|
|
|
|
/* XXX - can we use listen_host instead of listen_path? */
|
1999-11-24 14:26:21 +01:00
|
|
|
typedef struct {
|
2000-04-01 03:09:21 +02:00
|
|
|
char *host_to_connect; /* Connect to 'host'. */
|
2014-07-18 06:11:24 +02:00
|
|
|
int port_to_connect; /* Connect to 'port'. */
|
2014-07-02 07:29:40 +02:00
|
|
|
char *listen_host; /* Remote side should listen address. */
|
2014-07-18 06:11:24 +02:00
|
|
|
char *listen_path; /* Remote side should listen path. */
|
|
|
|
|
int listen_port; /* Remote side should listen port. */
|
2016-09-30 11:19:13 +02:00
|
|
|
Channel *downstream; /* Downstream mux*/
|
1999-10-27 05:42:43 +02:00
|
|
|
} ForwardPermission;
|
|
|
|
|
|
2006-07-24 06:04:00 +02:00
|
|
|
/* List of all permitted host/port pairs to connect by the user. */
|
2010-06-26 01:50:30 +02:00
|
|
|
static ForwardPermission *permitted_opens = NULL;
|
2001-06-09 02:41:05 +02:00
|
|
|
|
2006-07-24 06:04:00 +02:00
|
|
|
/* List of all permitted host/port pairs to connect by the admin. */
|
2010-06-26 01:50:30 +02:00
|
|
|
static ForwardPermission *permitted_adm_opens = NULL;
|
2006-07-24 06:04:00 +02:00
|
|
|
|
|
|
|
|
/* Number of permitted host/port pairs in the array permitted by the user. */
|
1999-10-27 05:42:43 +02:00
|
|
|
static int num_permitted_opens = 0;
|
2006-07-24 06:04:00 +02:00
|
|
|
|
|
|
|
|
/* Number of permitted host/port pair in the array permitted by the admin. */
|
|
|
|
|
static int num_adm_permitted_opens = 0;
|
|
|
|
|
|
2011-10-02 09:57:35 +02:00
|
|
|
/* special-case port number meaning allow any port */
|
|
|
|
|
#define FWD_PERMIT_ANY_PORT 0
|
|
|
|
|
|
2016-07-19 13:38:53 +02:00
|
|
|
/* special-case wildcard meaning allow any host */
|
|
|
|
|
#define FWD_PERMIT_ANY_HOST "*"
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* If this is true, all opens are permitted. This is the case on the server
|
|
|
|
|
* on which we have to trust the client anyway, and the user could do
|
|
|
|
|
* anything after logging in anyway.
|
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
static int all_opens_permitted = 0;
|
|
|
|
|
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* -- X11 forwarding */
|
2001-01-22 06:34:40 +01:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* Maximum number of fake X11 displays to try. */
|
|
|
|
|
#define MAX_DISPLAYS 1000
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2005-07-06 01:44:19 +02:00
|
|
|
/* Saved X11 local (client) display. */
|
|
|
|
|
static char *x11_saved_display = NULL;
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* Saved X11 authentication protocol name. */
|
|
|
|
|
static char *x11_saved_proto = NULL;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* Saved X11 authentication data. This is the real data. */
|
|
|
|
|
static char *x11_saved_data = NULL;
|
|
|
|
|
static u_int x11_saved_data_len = 0;
|
|
|
|
|
|
2015-07-01 04:26:31 +02:00
|
|
|
/* Deadline after which all X11 connections are refused */
|
|
|
|
|
static u_int x11_refuse_time;
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/*
|
|
|
|
|
* Fake X11 authentication data. This is what the server will be sending us;
|
|
|
|
|
* we should replace any occurrences of this by the real data.
|
|
|
|
|
*/
|
2006-03-26 05:08:10 +02:00
|
|
|
static u_char *x11_fake_data = NULL;
|
2001-06-09 02:41:05 +02:00
|
|
|
static u_int x11_fake_data_len;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* -- agent forwarding */
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
#define NUM_SOCKS 10
|
|
|
|
|
|
|
|
|
|
/* AF_UNSPEC or AF_INET or AF_INET6 */
|
2001-10-03 19:34:59 +02:00
|
|
|
static int IPv4or6 = AF_UNSPEC;
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
/* helper */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void port_open_helper(Channel *c, char *rtype);
|
2016-09-30 11:19:13 +02:00
|
|
|
static const char *channel_rfwd_bind_host(const char *listen_host);
|
2001-06-09 02:41:05 +02:00
|
|
|
|
2008-05-19 07:37:09 +02:00
|
|
|
/* non-blocking connect helpers */
|
|
|
|
|
static int connect_next(struct channel_connect *);
|
|
|
|
|
static void channel_connect_ctx_free(struct channel_connect *);
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* -- channel core */
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
Channel *
|
2005-12-13 09:33:57 +01:00
|
|
|
channel_by_id(int id)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
Channel *c;
|
2001-05-05 06:09:47 +02:00
|
|
|
|
2004-08-13 13:18:00 +02:00
|
|
|
if (id < 0 || (u_int)id >= channels_alloc) {
|
2005-12-13 09:33:57 +01:00
|
|
|
logit("channel_by_id: %d: bad id", id);
|
2000-04-01 03:09:21 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2001-05-05 06:09:47 +02:00
|
|
|
c = channels[id];
|
|
|
|
|
if (c == NULL) {
|
2005-12-13 09:33:57 +01:00
|
|
|
logit("channel_by_id: %d: bad id: channel free", id);
|
2000-04-01 03:09:21 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
return c;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-30 11:19:13 +02:00
|
|
|
Channel *
|
|
|
|
|
channel_by_remote_id(int remote_id)
|
|
|
|
|
{
|
|
|
|
|
Channel *c;
|
|
|
|
|
u_int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
c = channels[i];
|
|
|
|
|
if (c != NULL && c->remote_id == remote_id)
|
|
|
|
|
return c;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2005-12-13 09:33:57 +01:00
|
|
|
/*
|
|
|
|
|
* Returns the channel if it is allowed to receive protocol messages.
|
|
|
|
|
* Private channels, like listening sockets, may not receive messages.
|
|
|
|
|
*/
|
|
|
|
|
Channel *
|
|
|
|
|
channel_lookup(int id)
|
|
|
|
|
{
|
|
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
if ((c = channel_by_id(id)) == NULL)
|
|
|
|
|
return (NULL);
|
|
|
|
|
|
2006-03-26 04:57:41 +02:00
|
|
|
switch (c->type) {
|
2005-12-13 09:33:57 +01:00
|
|
|
case SSH_CHANNEL_X11_OPEN:
|
|
|
|
|
case SSH_CHANNEL_LARVAL:
|
|
|
|
|
case SSH_CHANNEL_CONNECTING:
|
|
|
|
|
case SSH_CHANNEL_DYNAMIC:
|
|
|
|
|
case SSH_CHANNEL_OPENING:
|
|
|
|
|
case SSH_CHANNEL_OPEN:
|
|
|
|
|
case SSH_CHANNEL_INPUT_DRAINING:
|
|
|
|
|
case SSH_CHANNEL_OUTPUT_DRAINING:
|
2013-06-10 05:07:11 +02:00
|
|
|
case SSH_CHANNEL_ABANDONED:
|
2016-09-30 11:19:13 +02:00
|
|
|
case SSH_CHANNEL_MUX_PROXY:
|
2005-12-13 09:33:57 +01:00
|
|
|
return (c);
|
|
|
|
|
}
|
|
|
|
|
logit("Non-public channel %d, type %d.", id, c->type);
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
* Register filedescriptors for a channel, used when allocating a channel or
|
2000-05-02 01:23:45 +02:00
|
|
|
* when the channel consumer/producer is ready, e.g. shell exec'd
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-10-28 05:19:58 +02:00
|
|
|
channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
2008-06-16 15:29:18 +02:00
|
|
|
int extusage, int nonblock, int is_tty)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
/* Update the maximum file descriptor value. */
|
2016-09-12 03:22:38 +02:00
|
|
|
channel_max_fd = MAXIMUM(channel_max_fd, rfd);
|
|
|
|
|
channel_max_fd = MAXIMUM(channel_max_fd, wfd);
|
|
|
|
|
channel_max_fd = MAXIMUM(channel_max_fd, efd);
|
2001-01-29 23:14:00 +01:00
|
|
|
|
2010-01-08 07:07:22 +01:00
|
|
|
if (rfd != -1)
|
|
|
|
|
fcntl(rfd, F_SETFD, FD_CLOEXEC);
|
|
|
|
|
if (wfd != -1 && wfd != rfd)
|
|
|
|
|
fcntl(wfd, F_SETFD, FD_CLOEXEC);
|
|
|
|
|
if (efd != -1 && efd != rfd && efd != wfd)
|
|
|
|
|
fcntl(efd, F_SETFD, FD_CLOEXEC);
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
|
2000-05-02 01:23:45 +02:00
|
|
|
c->rfd = rfd;
|
|
|
|
|
c->wfd = wfd;
|
|
|
|
|
c->sock = (rfd == wfd) ? rfd : -1;
|
|
|
|
|
c->efd = efd;
|
|
|
|
|
c->extended_usage = extusage;
|
2000-10-28 05:19:58 +02:00
|
|
|
|
2008-06-16 15:29:18 +02:00
|
|
|
if ((c->isatty = is_tty) != 0)
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: rfd %d isatty", c->self, c->rfd);
|
2013-08-01 06:29:20 +02:00
|
|
|
#ifdef _AIX
|
|
|
|
|
/* XXX: Later AIX versions can't push as much data to tty */
|
2008-06-16 15:35:56 +02:00
|
|
|
c->wfd_isatty = is_tty || isatty(c->wfd);
|
2013-08-01 06:29:20 +02:00
|
|
|
#endif
|
2001-02-16 02:34:57 +01:00
|
|
|
|
2000-10-28 05:19:58 +02:00
|
|
|
/* enable nonblocking mode */
|
|
|
|
|
if (nonblock) {
|
|
|
|
|
if (rfd != -1)
|
|
|
|
|
set_nonblock(rfd);
|
|
|
|
|
if (wfd != -1)
|
|
|
|
|
set_nonblock(wfd);
|
|
|
|
|
if (efd != -1)
|
|
|
|
|
set_nonblock(efd);
|
|
|
|
|
}
|
2000-05-02 01:23:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Allocate a new channel object and set its type and socket. This will cause
|
|
|
|
|
* remote_name to be freed.
|
|
|
|
|
*/
|
2001-05-05 06:09:47 +02:00
|
|
|
Channel *
|
2000-05-02 01:23:45 +02:00
|
|
|
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
2002-06-26 01:17:36 +02:00
|
|
|
u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
|
2000-05-02 01:23:45 +02:00
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
int found;
|
|
|
|
|
u_int i;
|
2000-05-02 01:23:45 +02:00
|
|
|
Channel *c;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* Do initial allocation if this is the first call. */
|
|
|
|
|
if (channels_alloc == 0) {
|
|
|
|
|
channels_alloc = 10;
|
2006-03-26 05:19:21 +02:00
|
|
|
channels = xcalloc(channels_alloc, sizeof(Channel *));
|
1999-11-24 14:26:21 +01:00
|
|
|
for (i = 0; i < channels_alloc; i++)
|
2001-05-05 06:09:47 +02:00
|
|
|
channels[i] = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
|
/* Try to find a free slot where to put the new channel. */
|
|
|
|
|
for (found = -1, i = 0; i < channels_alloc; i++)
|
2001-05-05 06:09:47 +02:00
|
|
|
if (channels[i] == NULL) {
|
1999-11-24 14:26:21 +01:00
|
|
|
/* Found a free slot. */
|
2004-08-13 13:18:00 +02:00
|
|
|
found = (int)i;
|
1999-11-24 14:26:21 +01:00
|
|
|
break;
|
|
|
|
|
}
|
2004-08-13 13:18:00 +02:00
|
|
|
if (found < 0) {
|
1999-11-25 01:54:57 +01:00
|
|
|
/* There are no free slots. Take last+1 slot and expand the array. */
|
1999-11-24 14:26:21 +01:00
|
|
|
found = channels_alloc;
|
2002-06-26 11:14:43 +02:00
|
|
|
if (channels_alloc > 10000)
|
|
|
|
|
fatal("channel_new: internal error: channels_alloc %d "
|
|
|
|
|
"too big.", channels_alloc);
|
2015-04-24 03:36:00 +02:00
|
|
|
channels = xreallocarray(channels, channels_alloc + 10,
|
2006-03-26 05:22:47 +02:00
|
|
|
sizeof(Channel *));
|
2003-09-16 23:31:14 +02:00
|
|
|
channels_alloc += 10;
|
2000-09-30 05:20:03 +02:00
|
|
|
debug2("channel: expanding %d", channels_alloc);
|
1999-11-24 14:26:21 +01:00
|
|
|
for (i = found; i < channels_alloc; i++)
|
2001-05-05 06:09:47 +02:00
|
|
|
channels[i] = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2001-05-05 06:09:47 +02:00
|
|
|
/* Initialize and return new channel. */
|
2006-03-26 05:19:21 +02:00
|
|
|
c = channels[found] = xcalloc(1, sizeof(Channel));
|
1999-11-24 14:26:21 +01:00
|
|
|
buffer_init(&c->input);
|
|
|
|
|
buffer_init(&c->output);
|
2000-04-01 03:09:21 +02:00
|
|
|
buffer_init(&c->extended);
|
2009-01-28 06:29:49 +01:00
|
|
|
c->path = NULL;
|
2011-09-22 13:38:52 +02:00
|
|
|
c->listening_addr = NULL;
|
|
|
|
|
c->listening_port = 0;
|
2002-01-22 13:28:45 +01:00
|
|
|
c->ostate = CHAN_OUTPUT_OPEN;
|
|
|
|
|
c->istate = CHAN_INPUT_OPEN;
|
|
|
|
|
c->flags = 0;
|
2008-06-15 23:59:23 +02:00
|
|
|
channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0);
|
2012-04-22 03:21:10 +02:00
|
|
|
c->notbefore = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
c->self = found;
|
|
|
|
|
c->type = type;
|
2000-04-01 03:09:21 +02:00
|
|
|
c->ctype = ctype;
|
2000-04-30 02:00:53 +02:00
|
|
|
c->local_window = window;
|
|
|
|
|
c->local_window_max = window;
|
|
|
|
|
c->local_consumed = 0;
|
|
|
|
|
c->local_maxpacket = maxpack;
|
1999-11-24 14:26:21 +01:00
|
|
|
c->remote_id = -1;
|
2003-05-14 05:45:42 +02:00
|
|
|
c->remote_name = xstrdup(remote_name);
|
2000-04-01 03:09:21 +02:00
|
|
|
c->remote_window = 0;
|
|
|
|
|
c->remote_maxpacket = 0;
|
2001-09-18 07:51:13 +02:00
|
|
|
c->force_drain = 0;
|
2001-12-21 04:58:35 +01:00
|
|
|
c->single_connection = 0;
|
2001-07-04 07:26:06 +02:00
|
|
|
c->detach_user = NULL;
|
2005-11-05 04:52:50 +01:00
|
|
|
c->detach_close = 0;
|
2008-05-19 07:05:07 +02:00
|
|
|
c->open_confirm = NULL;
|
|
|
|
|
c->open_confirm_ctx = NULL;
|
2000-08-23 02:46:23 +02:00
|
|
|
c->input_filter = NULL;
|
2005-12-31 06:22:32 +01:00
|
|
|
c->output_filter = NULL;
|
2008-06-12 20:55:46 +02:00
|
|
|
c->filter_ctx = NULL;
|
|
|
|
|
c->filter_cleanup = NULL;
|
2010-01-26 03:26:22 +01:00
|
|
|
c->ctl_chan = -1;
|
|
|
|
|
c->mux_rcb = NULL;
|
|
|
|
|
c->mux_ctx = NULL;
|
2010-05-21 06:57:10 +02:00
|
|
|
c->mux_pause = 0;
|
2010-01-08 07:08:00 +01:00
|
|
|
c->delayed = 1; /* prevent call to channel_post handler */
|
2008-05-19 07:05:07 +02:00
|
|
|
TAILQ_INIT(&c->status_confirms);
|
1999-11-24 14:26:21 +01:00
|
|
|
debug("channel %d: new [%s]", found, remote_name);
|
2001-05-05 06:09:47 +02:00
|
|
|
return c;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-07-18 18:01:46 +02:00
|
|
|
static int
|
|
|
|
|
channel_find_maxfd(void)
|
|
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
|
|
|
|
int max = 0;
|
2001-07-18 18:01:46 +02:00
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
c = channels[i];
|
|
|
|
|
if (c != NULL) {
|
2016-09-12 03:22:38 +02:00
|
|
|
max = MAXIMUM(max, c->rfd);
|
|
|
|
|
max = MAXIMUM(max, c->wfd);
|
|
|
|
|
max = MAXIMUM(max, c->efd);
|
2001-07-18 18:01:46 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return max;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
channel_close_fd(int *fdp)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0, fd = *fdp;
|
|
|
|
|
|
|
|
|
|
if (fd != -1) {
|
|
|
|
|
ret = close(fd);
|
|
|
|
|
*fdp = -1;
|
|
|
|
|
if (fd == channel_max_fd)
|
|
|
|
|
channel_max_fd = channel_find_maxfd();
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2000-05-02 01:23:45 +02:00
|
|
|
/* Close all channel fd/socket. */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-05-02 01:23:45 +02:00
|
|
|
channel_close_fds(Channel *c)
|
|
|
|
|
{
|
2001-07-18 18:01:46 +02:00
|
|
|
channel_close_fd(&c->sock);
|
|
|
|
|
channel_close_fd(&c->rfd);
|
|
|
|
|
channel_close_fd(&c->wfd);
|
|
|
|
|
channel_close_fd(&c->efd);
|
2000-05-02 01:23:45 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* Free the channel and close its fd/socket. */
|
|
|
|
|
void
|
|
|
|
|
channel_free(Channel *c)
|
|
|
|
|
{
|
|
|
|
|
char *s;
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i, n;
|
2016-09-30 11:19:13 +02:00
|
|
|
Channel *other;
|
2008-05-19 07:05:07 +02:00
|
|
|
struct channel_confirm *cc;
|
2001-06-09 02:41:05 +02:00
|
|
|
|
2016-09-30 11:19:13 +02:00
|
|
|
for (n = 0, i = 0; i < channels_alloc; i++) {
|
|
|
|
|
if ((other = channels[i]) != NULL) {
|
2001-06-09 02:41:05 +02:00
|
|
|
n++;
|
2016-09-30 11:19:13 +02:00
|
|
|
|
|
|
|
|
/* detach from mux client and prepare for closing */
|
|
|
|
|
if (c->type == SSH_CHANNEL_MUX_CLIENT &&
|
|
|
|
|
other->type == SSH_CHANNEL_MUX_PROXY &&
|
|
|
|
|
other->mux_ctx == c) {
|
|
|
|
|
other->mux_ctx = NULL;
|
|
|
|
|
other->type = SSH_CHANNEL_OPEN;
|
|
|
|
|
other->istate = CHAN_INPUT_CLOSED;
|
|
|
|
|
other->ostate = CHAN_OUTPUT_CLOSED;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-08-13 13:18:00 +02:00
|
|
|
debug("channel %d: free: %s, nchannels %u", c->self,
|
2001-06-09 02:41:05 +02:00
|
|
|
c->remote_name ? c->remote_name : "???", n);
|
|
|
|
|
|
2016-09-30 11:19:13 +02:00
|
|
|
/* XXX more MUX cleanup: remove remote forwardings */
|
|
|
|
|
if (c->type == SSH_CHANNEL_MUX_CLIENT) {
|
|
|
|
|
for (i = 0; i < (u_int)num_permitted_opens; i++) {
|
|
|
|
|
if (permitted_opens[i].downstream != c)
|
|
|
|
|
continue;
|
|
|
|
|
/* cancel on the server, since mux client is gone */
|
|
|
|
|
debug("channel %d: cleanup remote forward for %s:%u",
|
|
|
|
|
c->self,
|
|
|
|
|
permitted_opens[i].listen_host,
|
|
|
|
|
permitted_opens[i].listen_port);
|
|
|
|
|
packet_start(SSH2_MSG_GLOBAL_REQUEST);
|
|
|
|
|
packet_put_cstring("cancel-tcpip-forward");
|
|
|
|
|
packet_put_char(0);
|
|
|
|
|
packet_put_cstring(channel_rfwd_bind_host(
|
|
|
|
|
permitted_opens[i].listen_host));
|
|
|
|
|
packet_put_int(permitted_opens[i].listen_port);
|
|
|
|
|
packet_send();
|
|
|
|
|
/* unregister */
|
|
|
|
|
permitted_opens[i].listen_port = 0;
|
|
|
|
|
permitted_opens[i].port_to_connect = 0;
|
|
|
|
|
free(permitted_opens[i].host_to_connect);
|
|
|
|
|
permitted_opens[i].host_to_connect = NULL;
|
|
|
|
|
free(permitted_opens[i].listen_host);
|
|
|
|
|
permitted_opens[i].listen_host = NULL;
|
|
|
|
|
permitted_opens[i].listen_path = NULL;
|
|
|
|
|
permitted_opens[i].downstream = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
s = channel_open_message();
|
2003-09-02 14:52:31 +02:00
|
|
|
debug3("channel %d: status: %s", c->self, s);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s);
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
if (c->sock != -1)
|
|
|
|
|
shutdown(c->sock, SHUT_RDWR);
|
|
|
|
|
channel_close_fds(c);
|
|
|
|
|
buffer_free(&c->input);
|
|
|
|
|
buffer_free(&c->output);
|
|
|
|
|
buffer_free(&c->extended);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(c->remote_name);
|
|
|
|
|
c->remote_name = NULL;
|
|
|
|
|
free(c->path);
|
|
|
|
|
c->path = NULL;
|
|
|
|
|
free(c->listening_addr);
|
|
|
|
|
c->listening_addr = NULL;
|
2008-05-19 07:05:07 +02:00
|
|
|
while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
|
|
|
|
|
if (cc->abandon_cb != NULL)
|
|
|
|
|
cc->abandon_cb(c, cc->ctx);
|
|
|
|
|
TAILQ_REMOVE(&c->status_confirms, cc, entry);
|
2014-02-04 01:18:20 +01:00
|
|
|
explicit_bzero(cc, sizeof(*cc));
|
2013-06-01 23:31:17 +02:00
|
|
|
free(cc);
|
2008-05-19 07:05:07 +02:00
|
|
|
}
|
2008-06-12 20:55:46 +02:00
|
|
|
if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
|
|
|
|
|
c->filter_cleanup(c->self, c->filter_ctx);
|
2001-06-09 02:41:05 +02:00
|
|
|
channels[c->self] = NULL;
|
2013-06-01 23:31:17 +02:00
|
|
|
free(c);
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2001-06-21 05:19:23 +02:00
|
|
|
channel_free_all(void)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
2001-06-09 02:41:05 +02:00
|
|
|
|
2001-06-21 05:19:23 +02:00
|
|
|
for (i = 0; i < channels_alloc; i++)
|
|
|
|
|
if (channels[i] != NULL)
|
|
|
|
|
channel_free(channels[i]);
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Closes the sockets/fds of all channels. This is used to close extra file
|
|
|
|
|
* descriptors after a fork.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2001-12-06 18:55:26 +01:00
|
|
|
channel_close_all(void)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++)
|
|
|
|
|
if (channels[i] != NULL)
|
|
|
|
|
channel_close_fds(channels[i]);
|
|
|
|
|
}
|
|
|
|
|
|
2001-07-04 07:26:06 +02:00
|
|
|
/*
|
|
|
|
|
* Stop listening to channels.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
channel_stop_listening(void)
|
|
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
2001-07-04 07:26:06 +02:00
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
c = channels[i];
|
|
|
|
|
if (c != NULL) {
|
|
|
|
|
switch (c->type) {
|
|
|
|
|
case SSH_CHANNEL_AUTH_SOCKET:
|
|
|
|
|
case SSH_CHANNEL_PORT_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RPORT_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_X11_LISTENER:
|
2014-07-18 06:11:24 +02:00
|
|
|
case SSH_CHANNEL_UNIX_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RUNIX_LISTENER:
|
2001-07-18 18:01:46 +02:00
|
|
|
channel_close_fd(&c->sock);
|
2001-07-04 07:26:06 +02:00
|
|
|
channel_free(c);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/*
|
|
|
|
|
* Returns true if no channel has too much buffered data, and false if one or
|
|
|
|
|
* more channel is overfull.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2001-12-06 18:55:26 +01:00
|
|
|
channel_not_very_much_buffered_data(void)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
c = channels[i];
|
|
|
|
|
if (c != NULL && c->type == SSH_CHANNEL_OPEN) {
|
2001-10-10 07:01:16 +02:00
|
|
|
#if 0
|
|
|
|
|
if (!compat20 &&
|
|
|
|
|
buffer_len(&c->input) > packet_get_maxsize()) {
|
2003-01-08 04:04:09 +01:00
|
|
|
debug2("channel %d: big input buffer %d",
|
2001-06-09 02:41:05 +02:00
|
|
|
c->self, buffer_len(&c->input));
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2001-10-10 07:01:16 +02:00
|
|
|
#endif
|
2001-06-09 02:41:05 +02:00
|
|
|
if (buffer_len(&c->output) > packet_get_maxsize()) {
|
2003-06-28 04:38:01 +02:00
|
|
|
debug2("channel %d: big output buffer %u > %u",
|
2001-10-10 07:01:16 +02:00
|
|
|
c->self, buffer_len(&c->output),
|
|
|
|
|
packet_get_maxsize());
|
2001-06-09 02:41:05 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Returns true if any channel is still open. */
|
|
|
|
|
int
|
2001-12-06 18:55:26 +01:00
|
|
|
channel_still_open(void)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
2001-06-09 02:41:05 +02:00
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
c = channels[i];
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
switch (c->type) {
|
|
|
|
|
case SSH_CHANNEL_X11_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_PORT_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RPORT_LISTENER:
|
2010-01-26 03:26:22 +01:00
|
|
|
case SSH_CHANNEL_MUX_LISTENER:
|
2001-06-09 02:41:05 +02:00
|
|
|
case SSH_CHANNEL_CLOSED:
|
|
|
|
|
case SSH_CHANNEL_AUTH_SOCKET:
|
|
|
|
|
case SSH_CHANNEL_DYNAMIC:
|
|
|
|
|
case SSH_CHANNEL_CONNECTING:
|
|
|
|
|
case SSH_CHANNEL_ZOMBIE:
|
2013-06-10 05:07:11 +02:00
|
|
|
case SSH_CHANNEL_ABANDONED:
|
2014-07-18 06:11:24 +02:00
|
|
|
case SSH_CHANNEL_UNIX_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RUNIX_LISTENER:
|
2001-06-09 02:41:05 +02:00
|
|
|
continue;
|
|
|
|
|
case SSH_CHANNEL_LARVAL:
|
|
|
|
|
if (!compat20)
|
|
|
|
|
fatal("cannot happen: SSH_CHANNEL_LARVAL");
|
|
|
|
|
continue;
|
|
|
|
|
case SSH_CHANNEL_OPENING:
|
|
|
|
|
case SSH_CHANNEL_OPEN:
|
|
|
|
|
case SSH_CHANNEL_X11_OPEN:
|
2010-01-26 03:26:22 +01:00
|
|
|
case SSH_CHANNEL_MUX_CLIENT:
|
2016-09-30 11:19:13 +02:00
|
|
|
case SSH_CHANNEL_MUX_PROXY:
|
2001-06-09 02:41:05 +02:00
|
|
|
return 1;
|
|
|
|
|
case SSH_CHANNEL_INPUT_DRAINING:
|
|
|
|
|
case SSH_CHANNEL_OUTPUT_DRAINING:
|
|
|
|
|
if (!compat13)
|
|
|
|
|
fatal("cannot happen: OUT_DRAIN");
|
|
|
|
|
return 1;
|
|
|
|
|
default:
|
|
|
|
|
fatal("channel_still_open: bad channel type %d", c->type);
|
|
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Returns the id of an open channel suitable for keepaliving */
|
|
|
|
|
int
|
2001-12-06 18:55:26 +01:00
|
|
|
channel_find_open(void)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
2001-06-09 02:41:05 +02:00
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
c = channels[i];
|
2004-06-18 14:23:22 +02:00
|
|
|
if (c == NULL || c->remote_id < 0)
|
2001-06-09 02:41:05 +02:00
|
|
|
continue;
|
|
|
|
|
switch (c->type) {
|
|
|
|
|
case SSH_CHANNEL_CLOSED:
|
|
|
|
|
case SSH_CHANNEL_DYNAMIC:
|
|
|
|
|
case SSH_CHANNEL_X11_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_PORT_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RPORT_LISTENER:
|
2010-01-26 03:26:22 +01:00
|
|
|
case SSH_CHANNEL_MUX_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_MUX_CLIENT:
|
2016-09-30 11:19:13 +02:00
|
|
|
case SSH_CHANNEL_MUX_PROXY:
|
2001-06-09 02:41:05 +02:00
|
|
|
case SSH_CHANNEL_OPENING:
|
|
|
|
|
case SSH_CHANNEL_CONNECTING:
|
|
|
|
|
case SSH_CHANNEL_ZOMBIE:
|
2013-06-10 05:07:11 +02:00
|
|
|
case SSH_CHANNEL_ABANDONED:
|
2014-07-18 06:11:24 +02:00
|
|
|
case SSH_CHANNEL_UNIX_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RUNIX_LISTENER:
|
2001-06-09 02:41:05 +02:00
|
|
|
continue;
|
|
|
|
|
case SSH_CHANNEL_LARVAL:
|
|
|
|
|
case SSH_CHANNEL_AUTH_SOCKET:
|
|
|
|
|
case SSH_CHANNEL_OPEN:
|
|
|
|
|
case SSH_CHANNEL_X11_OPEN:
|
|
|
|
|
return i;
|
|
|
|
|
case SSH_CHANNEL_INPUT_DRAINING:
|
|
|
|
|
case SSH_CHANNEL_OUTPUT_DRAINING:
|
|
|
|
|
if (!compat13)
|
|
|
|
|
fatal("cannot happen: OUT_DRAIN");
|
|
|
|
|
return i;
|
|
|
|
|
default:
|
|
|
|
|
fatal("channel_find_open: bad channel type %d", c->type);
|
|
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Returns a message describing the currently open forwarded connections,
|
|
|
|
|
* suitable for sending to the client. The message contains crlf pairs for
|
|
|
|
|
* newlines.
|
|
|
|
|
*/
|
|
|
|
|
char *
|
2001-12-06 18:55:26 +01:00
|
|
|
channel_open_message(void)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
|
|
|
|
Buffer buffer;
|
|
|
|
|
Channel *c;
|
|
|
|
|
char buf[1024], *cp;
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
buffer_init(&buffer);
|
|
|
|
|
snprintf(buf, sizeof buf, "The following connections are open:\r\n");
|
|
|
|
|
buffer_append(&buffer, buf, strlen(buf));
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
c = channels[i];
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
switch (c->type) {
|
|
|
|
|
case SSH_CHANNEL_X11_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_PORT_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RPORT_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_CLOSED:
|
|
|
|
|
case SSH_CHANNEL_AUTH_SOCKET:
|
|
|
|
|
case SSH_CHANNEL_ZOMBIE:
|
2013-06-10 05:07:11 +02:00
|
|
|
case SSH_CHANNEL_ABANDONED:
|
2010-01-26 03:26:22 +01:00
|
|
|
case SSH_CHANNEL_MUX_LISTENER:
|
2014-07-18 06:11:24 +02:00
|
|
|
case SSH_CHANNEL_UNIX_LISTENER:
|
|
|
|
|
case SSH_CHANNEL_RUNIX_LISTENER:
|
2001-06-09 02:41:05 +02:00
|
|
|
continue;
|
|
|
|
|
case SSH_CHANNEL_LARVAL:
|
|
|
|
|
case SSH_CHANNEL_OPENING:
|
|
|
|
|
case SSH_CHANNEL_CONNECTING:
|
|
|
|
|
case SSH_CHANNEL_DYNAMIC:
|
|
|
|
|
case SSH_CHANNEL_OPEN:
|
|
|
|
|
case SSH_CHANNEL_X11_OPEN:
|
|
|
|
|
case SSH_CHANNEL_INPUT_DRAINING:
|
|
|
|
|
case SSH_CHANNEL_OUTPUT_DRAINING:
|
2016-09-30 11:19:13 +02:00
|
|
|
case SSH_CHANNEL_MUX_PROXY:
|
|
|
|
|
case SSH_CHANNEL_MUX_CLIENT:
|
2004-06-15 02:34:08 +02:00
|
|
|
snprintf(buf, sizeof buf,
|
2015-10-16 01:51:40 +02:00
|
|
|
" #%d %.300s (t%d r%d i%u/%d o%u/%d fd %d/%d cc %d)\r\n",
|
2001-06-09 02:41:05 +02:00
|
|
|
c->self, c->remote_name,
|
|
|
|
|
c->type, c->remote_id,
|
|
|
|
|
c->istate, buffer_len(&c->input),
|
|
|
|
|
c->ostate, buffer_len(&c->output),
|
2010-01-26 03:26:22 +01:00
|
|
|
c->rfd, c->wfd, c->ctl_chan);
|
2001-06-09 02:41:05 +02:00
|
|
|
buffer_append(&buffer, buf, strlen(buf));
|
|
|
|
|
continue;
|
|
|
|
|
default:
|
|
|
|
|
fatal("channel_open_message: bad channel type %d", c->type);
|
|
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
buffer_append(&buffer, "\0", 1);
|
2014-10-09 00:15:06 +02:00
|
|
|
cp = xstrdup((char *)buffer_ptr(&buffer));
|
2001-06-09 02:41:05 +02:00
|
|
|
buffer_free(&buffer);
|
|
|
|
|
return cp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
channel_send_open(int id)
|
|
|
|
|
{
|
|
|
|
|
Channel *c = channel_lookup(id);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel_send_open: %d: bad id", id);
|
2001-06-09 02:41:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2002-12-23 03:44:36 +01:00
|
|
|
debug2("channel %d: send open", id);
|
2001-06-09 02:41:05 +02:00
|
|
|
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
|
|
|
|
packet_put_cstring(c->ctype);
|
|
|
|
|
packet_put_int(c->self);
|
|
|
|
|
packet_put_int(c->local_window);
|
|
|
|
|
packet_put_int(c->local_maxpacket);
|
|
|
|
|
packet_send();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2002-12-23 03:44:36 +01:00
|
|
|
channel_request_start(int id, char *service, int wantconfirm)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
2002-12-23 03:44:36 +01:00
|
|
|
Channel *c = channel_lookup(id);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel_request_start: %d: unknown channel id", id);
|
2001-06-09 02:41:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2004-06-15 02:34:08 +02:00
|
|
|
debug2("channel %d: request %s confirm %d", id, service, wantconfirm);
|
2001-06-09 02:41:05 +02:00
|
|
|
packet_start(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_cstring(service);
|
|
|
|
|
packet_put_char(wantconfirm);
|
|
|
|
|
}
|
2006-03-26 05:10:14 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
void
|
2008-05-19 07:05:07 +02:00
|
|
|
channel_register_status_confirm(int id, channel_confirm_cb *cb,
|
|
|
|
|
channel_confirm_abandon_cb *abandon_cb, void *ctx)
|
|
|
|
|
{
|
|
|
|
|
struct channel_confirm *cc;
|
|
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
if ((c = channel_lookup(id)) == NULL)
|
|
|
|
|
fatal("channel_register_expect: %d: bad id", id);
|
|
|
|
|
|
2013-11-08 02:19:55 +01:00
|
|
|
cc = xcalloc(1, sizeof(*cc));
|
2008-05-19 07:05:07 +02:00
|
|
|
cc->cb = cb;
|
|
|
|
|
cc->abandon_cb = abandon_cb;
|
|
|
|
|
cc->ctx = ctx;
|
|
|
|
|
TAILQ_INSERT_TAIL(&c->status_confirms, cc, entry);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2010-05-21 06:57:10 +02:00
|
|
|
channel_register_open_confirm(int id, channel_open_fn *fn, void *ctx)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
|
|
|
|
Channel *c = channel_lookup(id);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL) {
|
2008-11-03 09:26:35 +01:00
|
|
|
logit("channel_register_open_confirm: %d: bad id", id);
|
2001-06-09 02:41:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2008-05-19 07:05:07 +02:00
|
|
|
c->open_confirm = fn;
|
|
|
|
|
c->open_confirm_ctx = ctx;
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
2006-03-26 05:10:14 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
void
|
2005-11-05 04:52:50 +01:00
|
|
|
channel_register_cleanup(int id, channel_callback_fn *fn, int do_close)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
2005-12-13 09:33:57 +01:00
|
|
|
Channel *c = channel_by_id(id);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel_register_cleanup: %d: bad id", id);
|
2001-06-09 02:41:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2001-07-04 07:26:06 +02:00
|
|
|
c->detach_user = fn;
|
2005-11-05 04:52:50 +01:00
|
|
|
c->detach_close = do_close;
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
2006-03-26 05:10:14 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
void
|
|
|
|
|
channel_cancel_cleanup(int id)
|
|
|
|
|
{
|
2005-12-13 09:33:57 +01:00
|
|
|
Channel *c = channel_by_id(id);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel_cancel_cleanup: %d: bad id", id);
|
2001-06-09 02:41:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2001-07-04 07:26:06 +02:00
|
|
|
c->detach_user = NULL;
|
2005-11-05 04:52:50 +01:00
|
|
|
c->detach_close = 0;
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
2006-03-26 05:10:14 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
void
|
2005-12-31 06:22:32 +01:00
|
|
|
channel_register_filter(int id, channel_infilter_fn *ifn,
|
2008-06-12 20:55:46 +02:00
|
|
|
channel_outfilter_fn *ofn, channel_filter_cleanup_fn *cfn, void *ctx)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
|
|
|
|
Channel *c = channel_lookup(id);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel_register_filter: %d: bad id", id);
|
2001-06-09 02:41:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2005-12-31 06:22:32 +01:00
|
|
|
c->input_filter = ifn;
|
|
|
|
|
c->output_filter = ofn;
|
2008-06-12 20:49:33 +02:00
|
|
|
c->filter_ctx = ctx;
|
2008-06-12 20:55:46 +02:00
|
|
|
c->filter_cleanup = cfn;
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
|
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2001-06-09 02:41:05 +02:00
|
|
|
channel_set_fds(int id, int rfd, int wfd, int efd,
|
2008-06-16 15:29:18 +02:00
|
|
|
int extusage, int nonblock, int is_tty, u_int window_max)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2001-06-09 02:41:05 +02:00
|
|
|
Channel *c = channel_lookup(id);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
|
|
|
|
|
fatal("channel_activate for non-larval channel %d.", id);
|
2008-06-16 15:29:18 +02:00
|
|
|
channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, is_tty);
|
2001-06-09 02:41:05 +02:00
|
|
|
c->type = SSH_CHANNEL_OPEN;
|
2002-02-19 05:20:08 +01:00
|
|
|
c->local_window = c->local_window_max = window_max;
|
2001-06-09 02:41:05 +02:00
|
|
|
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_int(c->local_window);
|
|
|
|
|
packet_send();
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
2000-04-01 03:09:21 +02:00
|
|
|
* 'channel_pre*' are called just before select() to add any bits relevant to
|
|
|
|
|
* channels in the select bitmasks.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* 'channel_post*': perform any appropriate operations for channels which
|
|
|
|
|
* have events pending.
|
|
|
|
|
*/
|
2006-03-26 04:57:41 +02:00
|
|
|
typedef void chan_fn(Channel *c, fd_set *readset, fd_set *writeset);
|
2000-04-01 03:09:21 +02:00
|
|
|
chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE];
|
|
|
|
|
chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE];
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-04-01 03:09:21 +02:00
|
|
|
FD_SET(c->sock, readset);
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_connecting(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-12-06 02:42:49 +01:00
|
|
|
{
|
|
|
|
|
debug3("channel %d: waiting for connection", c->self);
|
|
|
|
|
FD_SET(c->sock, writeset);
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
if (buffer_len(&c->input) < packet_get_maxsize())
|
|
|
|
|
FD_SET(c->sock, readset);
|
|
|
|
|
if (buffer_len(&c->output) > 0)
|
|
|
|
|
FD_SET(c->sock, writeset);
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2002-01-22 13:20:40 +01:00
|
|
|
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-04 06:38:59 +02:00
|
|
|
if (c->istate == CHAN_INPUT_OPEN &&
|
2002-01-22 13:20:40 +01:00
|
|
|
limit > 0 &&
|
2006-04-23 04:06:03 +02:00
|
|
|
buffer_len(&c->input) < limit &&
|
|
|
|
|
buffer_check_alloc(&c->input, CHAN_RBUF))
|
2000-04-04 06:38:59 +02:00
|
|
|
FD_SET(c->rfd, readset);
|
|
|
|
|
if (c->ostate == CHAN_OUTPUT_OPEN ||
|
|
|
|
|
c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
|
|
|
|
if (buffer_len(&c->output) > 0) {
|
|
|
|
|
FD_SET(c->wfd, writeset);
|
|
|
|
|
} else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
2002-03-26 04:26:24 +01:00
|
|
|
if (CHANNEL_EFD_OUTPUT_ACTIVE(c))
|
2005-07-17 09:22:45 +02:00
|
|
|
debug2("channel %d: obuf_empty delayed efd %d/(%d)",
|
|
|
|
|
c->self, c->efd, buffer_len(&c->extended));
|
2002-03-26 04:26:24 +01:00
|
|
|
else
|
|
|
|
|
chan_obuf_empty(c);
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/** XXX check close conditions, too */
|
2008-05-19 08:05:41 +02:00
|
|
|
if (compat20 && c->efd != -1 &&
|
|
|
|
|
!(c->istate == CHAN_INPUT_CLOSED && c->ostate == CHAN_OUTPUT_CLOSED)) {
|
2000-04-04 06:38:59 +02:00
|
|
|
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
|
|
|
|
|
buffer_len(&c->extended) > 0)
|
|
|
|
|
FD_SET(c->efd, writeset);
|
2010-06-26 02:00:14 +02:00
|
|
|
else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) &&
|
|
|
|
|
(c->extended_usage == CHAN_EXTENDED_READ ||
|
|
|
|
|
c->extended_usage == CHAN_EXTENDED_IGNORE) &&
|
2000-04-04 06:38:59 +02:00
|
|
|
buffer_len(&c->extended) < c->remote_window)
|
|
|
|
|
FD_SET(c->efd, readset);
|
|
|
|
|
}
|
2004-06-15 02:34:08 +02:00
|
|
|
/* XXX: What about efd? races? */
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
|
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_input_draining(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
if (buffer_len(&c->input) == 0) {
|
|
|
|
|
packet_start(SSH_MSG_CHANNEL_CLOSE);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_send();
|
|
|
|
|
c->type = SSH_CHANNEL_CLOSED;
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: closing after input drain.", c->self);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_output_draining(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
if (buffer_len(&c->output) == 0)
|
2001-05-05 06:09:47 +02:00
|
|
|
chan_mark_dead(c);
|
2000-04-16 03:18:38 +02:00
|
|
|
else
|
2000-04-01 03:09:21 +02:00
|
|
|
FD_SET(c->sock, writeset);
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* This is a special state for X11 authentication spoofing. An opened X11
|
|
|
|
|
* connection (when authentication spoofing is being done) remains in this
|
|
|
|
|
* state until the first packet has been completely read. The authentication
|
|
|
|
|
* data in that packet is then substituted by the real data if it matches the
|
|
|
|
|
* fake data, and the channel is put into normal mode.
|
2000-04-30 02:00:53 +02:00
|
|
|
* XXX All this happens at the client side.
|
2001-06-09 02:41:05 +02:00
|
|
|
* Returns: 0 = need more data, -1 = wrong cookie, 1 = ok
|
2000-04-01 03:09:21 +02:00
|
|
|
*/
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2001-06-09 02:41:05 +02:00
|
|
|
x11_open_helper(Buffer *b)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2000-12-22 02:43:59 +01:00
|
|
|
u_char *ucp;
|
|
|
|
|
u_int proto_len, data_len;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2015-07-01 04:26:31 +02:00
|
|
|
/* Is this being called after the refusal deadline? */
|
|
|
|
|
if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
|
|
|
|
|
verbose("Rejected X11 connection after ForwardX11Timeout "
|
|
|
|
|
"expired");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Check if the fixed size part of the packet is in buffer. */
|
2001-06-09 02:41:05 +02:00
|
|
|
if (buffer_len(b) < 12)
|
2000-04-01 03:09:21 +02:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Parse the lengths of variable-length fields. */
|
2002-01-22 13:18:15 +01:00
|
|
|
ucp = buffer_ptr(b);
|
2000-04-01 03:09:21 +02:00
|
|
|
if (ucp[0] == 0x42) { /* Byte order MSB first. */
|
|
|
|
|
proto_len = 256 * ucp[6] + ucp[7];
|
|
|
|
|
data_len = 256 * ucp[8] + ucp[9];
|
|
|
|
|
} else if (ucp[0] == 0x6c) { /* Byte order LSB first. */
|
|
|
|
|
proto_len = ucp[6] + 256 * ucp[7];
|
|
|
|
|
data_len = ucp[8] + 256 * ucp[9];
|
|
|
|
|
} else {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("Initial X11 packet contains bad byte order byte: 0x%x",
|
2001-12-21 04:45:46 +01:00
|
|
|
ucp[0]);
|
2000-04-01 03:09:21 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Check if the whole packet is in buffer. */
|
2001-06-09 02:41:05 +02:00
|
|
|
if (buffer_len(b) <
|
2000-04-01 03:09:21 +02:00
|
|
|
12 + ((proto_len + 3) & ~3) + ((data_len + 3) & ~3))
|
|
|
|
|
return 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Check if authentication protocol matches. */
|
|
|
|
|
if (proto_len != strlen(x11_saved_proto) ||
|
|
|
|
|
memcmp(ucp + 12, x11_saved_proto, proto_len) != 0) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("X11 connection uses different authentication protocol.");
|
2000-04-01 03:09:21 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
/* Check if authentication data matches our fake data. */
|
|
|
|
|
if (data_len != x11_fake_data_len ||
|
2010-07-16 05:58:37 +02:00
|
|
|
timingsafe_bcmp(ucp + 12 + ((proto_len + 3) & ~3),
|
2000-04-01 03:09:21 +02:00
|
|
|
x11_fake_data, x11_fake_data_len) != 0) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("X11 auth data does not match fake data.");
|
2000-04-01 03:09:21 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
/* Check fake data length */
|
|
|
|
|
if (x11_fake_data_len != x11_saved_data_len) {
|
|
|
|
|
error("X11 fake_data_len %d != saved_data_len %d",
|
|
|
|
|
x11_fake_data_len, x11_saved_data_len);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* Received authentication protocol and data match
|
|
|
|
|
* our fake data. Substitute the fake data with real
|
|
|
|
|
* data.
|
|
|
|
|
*/
|
|
|
|
|
memcpy(ucp + 12 + ((proto_len + 3) & ~3),
|
|
|
|
|
x11_saved_data, x11_saved_data_len);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_x11_open_13(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2001-06-09 02:41:05 +02:00
|
|
|
int ret = x11_open_helper(&c->output);
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
if (ret == 1) {
|
|
|
|
|
/* Start normal processing for the channel. */
|
|
|
|
|
c->type = SSH_CHANNEL_OPEN;
|
2000-04-12 12:17:38 +02:00
|
|
|
channel_pre_open_13(c, readset, writeset);
|
2000-04-01 03:09:21 +02:00
|
|
|
} else if (ret == -1) {
|
|
|
|
|
/*
|
|
|
|
|
* We have received an X11 connection that has bad
|
|
|
|
|
* authentication information.
|
|
|
|
|
*/
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("X11 connection rejected because of wrong authentication.");
|
2000-04-01 03:09:21 +02:00
|
|
|
buffer_clear(&c->input);
|
|
|
|
|
buffer_clear(&c->output);
|
2001-07-18 18:01:46 +02:00
|
|
|
channel_close_fd(&c->sock);
|
2000-04-01 03:09:21 +02:00
|
|
|
c->sock = -1;
|
|
|
|
|
c->type = SSH_CHANNEL_CLOSED;
|
|
|
|
|
packet_start(SSH_MSG_CHANNEL_CLOSE);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_send();
|
|
|
|
|
}
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_x11_open(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2001-06-09 02:41:05 +02:00
|
|
|
int ret = x11_open_helper(&c->output);
|
2001-09-18 07:51:13 +02:00
|
|
|
|
|
|
|
|
/* c->force_drain = 1; */
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
if (ret == 1) {
|
|
|
|
|
c->type = SSH_CHANNEL_OPEN;
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_pre_open(c, readset, writeset);
|
2000-04-01 03:09:21 +02:00
|
|
|
} else if (ret == -1) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("X11 connection rejected because of wrong authentication.");
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
|
2002-01-22 13:19:38 +01:00
|
|
|
chan_read_failed(c);
|
|
|
|
|
buffer_clear(&c->input);
|
|
|
|
|
chan_ibuf_empty(c);
|
|
|
|
|
buffer_clear(&c->output);
|
|
|
|
|
/* for proto v1, the peer will send an IEOF */
|
|
|
|
|
if (compat20)
|
|
|
|
|
chan_write_failed(c);
|
|
|
|
|
else
|
|
|
|
|
c->type = SSH_CHANNEL_OPEN;
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2010-01-26 03:26:22 +01:00
|
|
|
static void
|
|
|
|
|
channel_pre_mux_client(Channel *c, fd_set *readset, fd_set *writeset)
|
|
|
|
|
{
|
2010-05-21 06:57:10 +02:00
|
|
|
if (c->istate == CHAN_INPUT_OPEN && !c->mux_pause &&
|
2010-01-26 03:26:22 +01:00
|
|
|
buffer_check_alloc(&c->input, CHAN_RBUF))
|
|
|
|
|
FD_SET(c->rfd, readset);
|
|
|
|
|
if (c->istate == CHAN_INPUT_WAIT_DRAIN) {
|
|
|
|
|
/* clear buffer immediately (discard any partial packet) */
|
|
|
|
|
buffer_clear(&c->input);
|
|
|
|
|
chan_ibuf_empty(c);
|
|
|
|
|
/* Start output drain. XXX just kill chan? */
|
|
|
|
|
chan_rcvd_oclose(c);
|
|
|
|
|
}
|
|
|
|
|
if (c->ostate == CHAN_OUTPUT_OPEN ||
|
|
|
|
|
c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
|
|
|
|
if (buffer_len(&c->output) > 0)
|
|
|
|
|
FD_SET(c->wfd, writeset);
|
|
|
|
|
else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN)
|
|
|
|
|
chan_obuf_empty(c);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-04-11 17:57:50 +02:00
|
|
|
/* try to decode a socks4 header */
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
|
2001-04-08 20:30:26 +02:00
|
|
|
{
|
2002-09-12 01:49:15 +02:00
|
|
|
char *p, *host;
|
2009-01-28 06:24:41 +01:00
|
|
|
u_int len, have, i, found, need;
|
2001-12-21 04:45:46 +01:00
|
|
|
char username[256];
|
2001-04-08 20:30:26 +02:00
|
|
|
struct {
|
|
|
|
|
u_int8_t version;
|
|
|
|
|
u_int8_t command;
|
|
|
|
|
u_int16_t dest_port;
|
2001-04-11 17:57:50 +02:00
|
|
|
struct in_addr dest_addr;
|
2001-04-08 20:30:26 +02:00
|
|
|
} s4_req, s4_rsp;
|
|
|
|
|
|
2001-04-11 17:57:50 +02:00
|
|
|
debug2("channel %d: decode socks4", c->self);
|
2001-04-17 20:14:34 +02:00
|
|
|
|
|
|
|
|
have = buffer_len(&c->input);
|
|
|
|
|
len = sizeof(s4_req);
|
|
|
|
|
if (have < len)
|
|
|
|
|
return 0;
|
2014-10-09 00:15:06 +02:00
|
|
|
p = (char *)buffer_ptr(&c->input);
|
2009-01-28 06:24:41 +01:00
|
|
|
|
|
|
|
|
need = 1;
|
|
|
|
|
/* SOCKS4A uses an invalid IP address 0.0.0.x */
|
|
|
|
|
if (p[4] == 0 && p[5] == 0 && p[6] == 0 && p[7] != 0) {
|
|
|
|
|
debug2("channel %d: socks4a request", c->self);
|
|
|
|
|
/* ... and needs an extra string (the hostname) */
|
|
|
|
|
need = 2;
|
|
|
|
|
}
|
|
|
|
|
/* Check for terminating NUL on the string(s) */
|
2001-04-17 20:14:34 +02:00
|
|
|
for (found = 0, i = len; i < have; i++) {
|
|
|
|
|
if (p[i] == '\0') {
|
2009-01-28 06:24:41 +01:00
|
|
|
found++;
|
|
|
|
|
if (found == need)
|
|
|
|
|
break;
|
2001-04-17 20:14:34 +02:00
|
|
|
}
|
|
|
|
|
if (i > 1024) {
|
|
|
|
|
/* the peer is probably sending garbage */
|
|
|
|
|
debug("channel %d: decode socks4: too long",
|
|
|
|
|
c->self);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-01-28 06:24:41 +01:00
|
|
|
if (found < need)
|
2001-04-17 20:14:34 +02:00
|
|
|
return 0;
|
2001-04-08 20:30:26 +02:00
|
|
|
buffer_get(&c->input, (char *)&s4_req.version, 1);
|
|
|
|
|
buffer_get(&c->input, (char *)&s4_req.command, 1);
|
|
|
|
|
buffer_get(&c->input, (char *)&s4_req.dest_port, 2);
|
2001-04-11 17:57:50 +02:00
|
|
|
buffer_get(&c->input, (char *)&s4_req.dest_addr, 4);
|
2001-04-17 20:14:34 +02:00
|
|
|
have = buffer_len(&c->input);
|
2014-10-09 00:15:06 +02:00
|
|
|
p = (char *)buffer_ptr(&c->input);
|
2014-02-27 00:18:32 +01:00
|
|
|
if (memchr(p, '\0', have) == NULL)
|
|
|
|
|
fatal("channel %d: decode socks4: user not nul terminated",
|
|
|
|
|
c->self);
|
2001-04-08 20:30:26 +02:00
|
|
|
len = strlen(p);
|
2001-04-12 01:08:17 +02:00
|
|
|
debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);
|
2009-01-28 06:24:41 +01:00
|
|
|
len++; /* trailing '\0' */
|
2001-04-08 20:30:26 +02:00
|
|
|
if (len > have)
|
2001-04-11 17:57:50 +02:00
|
|
|
fatal("channel %d: decode socks4: len %d > have %d",
|
2001-04-08 20:30:26 +02:00
|
|
|
c->self, len, have);
|
|
|
|
|
strlcpy(username, p, sizeof(username));
|
|
|
|
|
buffer_consume(&c->input, len);
|
|
|
|
|
|
2013-06-01 23:31:17 +02:00
|
|
|
free(c->path);
|
|
|
|
|
c->path = NULL;
|
2009-01-28 06:24:41 +01:00
|
|
|
if (need == 1) { /* SOCKS4: one string */
|
|
|
|
|
host = inet_ntoa(s4_req.dest_addr);
|
2009-01-28 06:29:49 +01:00
|
|
|
c->path = xstrdup(host);
|
2009-01-28 06:24:41 +01:00
|
|
|
} else { /* SOCKS4A: two strings */
|
|
|
|
|
have = buffer_len(&c->input);
|
2014-10-09 00:15:06 +02:00
|
|
|
p = (char *)buffer_ptr(&c->input);
|
2009-01-28 06:24:41 +01:00
|
|
|
len = strlen(p);
|
|
|
|
|
debug2("channel %d: decode socks4a: host %s/%d",
|
|
|
|
|
c->self, p, len);
|
|
|
|
|
len++; /* trailing '\0' */
|
|
|
|
|
if (len > have)
|
|
|
|
|
fatal("channel %d: decode socks4a: len %d > have %d",
|
|
|
|
|
c->self, len, have);
|
2009-01-28 06:29:49 +01:00
|
|
|
if (len > NI_MAXHOST) {
|
2009-01-28 06:24:41 +01:00
|
|
|
error("channel %d: hostname \"%.100s\" too long",
|
|
|
|
|
c->self, p);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2009-01-28 06:29:49 +01:00
|
|
|
c->path = xstrdup(p);
|
2009-01-28 06:24:41 +01:00
|
|
|
buffer_consume(&c->input, len);
|
|
|
|
|
}
|
2001-04-08 20:30:26 +02:00
|
|
|
c->host_port = ntohs(s4_req.dest_port);
|
2001-12-21 04:45:46 +01:00
|
|
|
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: dynamic request: socks4 host %s port %u command %u",
|
2009-01-28 06:24:41 +01:00
|
|
|
c->self, c->path, c->host_port, s4_req.command);
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2001-04-11 17:57:50 +02:00
|
|
|
if (s4_req.command != 1) {
|
2009-01-28 06:24:41 +01:00
|
|
|
debug("channel %d: cannot handle: %s cn %d",
|
|
|
|
|
c->self, need == 1 ? "SOCKS4" : "SOCKS4A", s4_req.command);
|
2001-04-11 17:57:50 +02:00
|
|
|
return -1;
|
2001-04-08 20:30:26 +02:00
|
|
|
}
|
2001-04-11 17:57:50 +02:00
|
|
|
s4_rsp.version = 0; /* vn: 0 for reply */
|
|
|
|
|
s4_rsp.command = 90; /* cd: req granted */
|
2001-04-08 20:30:26 +02:00
|
|
|
s4_rsp.dest_port = 0; /* ignored */
|
2001-04-11 17:57:50 +02:00
|
|
|
s4_rsp.dest_addr.s_addr = INADDR_ANY; /* ignored */
|
2006-03-26 05:28:50 +02:00
|
|
|
buffer_append(&c->output, &s4_rsp, sizeof(s4_rsp));
|
2001-04-11 17:57:50 +02:00
|
|
|
return 1;
|
2001-04-08 20:30:26 +02:00
|
|
|
}
|
|
|
|
|
|
2003-07-03 05:55:19 +02:00
|
|
|
/* try to decode a socks5 header */
|
|
|
|
|
#define SSH_SOCKS5_AUTHDONE 0x1000
|
|
|
|
|
#define SSH_SOCKS5_NOAUTH 0x00
|
|
|
|
|
#define SSH_SOCKS5_IPV4 0x01
|
|
|
|
|
#define SSH_SOCKS5_DOMAIN 0x03
|
|
|
|
|
#define SSH_SOCKS5_IPV6 0x04
|
|
|
|
|
#define SSH_SOCKS5_CONNECT 0x01
|
|
|
|
|
#define SSH_SOCKS5_SUCCESS 0x00
|
|
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2003-07-03 05:55:19 +02:00
|
|
|
static int
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
|
2003-07-03 05:55:19 +02:00
|
|
|
{
|
|
|
|
|
struct {
|
|
|
|
|
u_int8_t version;
|
|
|
|
|
u_int8_t command;
|
|
|
|
|
u_int8_t reserved;
|
|
|
|
|
u_int8_t atyp;
|
|
|
|
|
} s5_req, s5_rsp;
|
|
|
|
|
u_int16_t dest_port;
|
2013-07-18 08:12:44 +02:00
|
|
|
char dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
|
|
|
|
|
u_char *p;
|
2006-07-10 14:21:02 +02:00
|
|
|
u_int have, need, i, found, nmethods, addrlen, af;
|
2003-07-03 05:55:19 +02:00
|
|
|
|
|
|
|
|
debug2("channel %d: decode socks5", c->self);
|
|
|
|
|
p = buffer_ptr(&c->input);
|
|
|
|
|
if (p[0] != 0x05)
|
|
|
|
|
return -1;
|
|
|
|
|
have = buffer_len(&c->input);
|
|
|
|
|
if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {
|
|
|
|
|
/* format: ver | nmethods | methods */
|
2003-11-21 13:48:55 +01:00
|
|
|
if (have < 2)
|
2003-07-03 05:55:19 +02:00
|
|
|
return 0;
|
|
|
|
|
nmethods = p[1];
|
|
|
|
|
if (have < nmethods + 2)
|
|
|
|
|
return 0;
|
|
|
|
|
/* look for method: "NO AUTHENTICATION REQUIRED" */
|
2007-01-05 06:30:16 +01:00
|
|
|
for (found = 0, i = 2; i < nmethods + 2; i++) {
|
2006-08-05 03:38:40 +02:00
|
|
|
if (p[i] == SSH_SOCKS5_NOAUTH) {
|
2003-07-03 05:55:19 +02:00
|
|
|
found = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!found) {
|
|
|
|
|
debug("channel %d: method SSH_SOCKS5_NOAUTH not found",
|
|
|
|
|
c->self);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
buffer_consume(&c->input, nmethods + 2);
|
|
|
|
|
buffer_put_char(&c->output, 0x05); /* version */
|
|
|
|
|
buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */
|
|
|
|
|
FD_SET(c->sock, writeset);
|
|
|
|
|
c->flags |= SSH_SOCKS5_AUTHDONE;
|
|
|
|
|
debug2("channel %d: socks5 auth done", c->self);
|
|
|
|
|
return 0; /* need more */
|
|
|
|
|
}
|
|
|
|
|
debug2("channel %d: socks5 post auth", c->self);
|
|
|
|
|
if (have < sizeof(s5_req)+1)
|
|
|
|
|
return 0; /* need more */
|
2006-03-26 05:29:06 +02:00
|
|
|
memcpy(&s5_req, p, sizeof(s5_req));
|
2003-07-03 05:55:19 +02:00
|
|
|
if (s5_req.version != 0x05 ||
|
|
|
|
|
s5_req.command != SSH_SOCKS5_CONNECT ||
|
|
|
|
|
s5_req.reserved != 0x00) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: only socks5 connect supported", c->self);
|
2003-07-03 05:55:19 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2005-03-14 13:08:12 +01:00
|
|
|
switch (s5_req.atyp){
|
2003-07-03 05:55:19 +02:00
|
|
|
case SSH_SOCKS5_IPV4:
|
|
|
|
|
addrlen = 4;
|
|
|
|
|
af = AF_INET;
|
|
|
|
|
break;
|
|
|
|
|
case SSH_SOCKS5_DOMAIN:
|
|
|
|
|
addrlen = p[sizeof(s5_req)];
|
|
|
|
|
af = -1;
|
|
|
|
|
break;
|
|
|
|
|
case SSH_SOCKS5_IPV6:
|
|
|
|
|
addrlen = 16;
|
|
|
|
|
af = AF_INET6;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);
|
2003-07-03 05:55:19 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2006-07-10 14:21:02 +02:00
|
|
|
need = sizeof(s5_req) + addrlen + 2;
|
|
|
|
|
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
|
|
|
|
|
need++;
|
|
|
|
|
if (have < need)
|
2003-07-03 05:55:19 +02:00
|
|
|
return 0;
|
|
|
|
|
buffer_consume(&c->input, sizeof(s5_req));
|
|
|
|
|
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
|
|
|
|
|
buffer_consume(&c->input, 1); /* host string length */
|
2013-07-18 08:12:44 +02:00
|
|
|
buffer_get(&c->input, &dest_addr, addrlen);
|
2003-07-03 05:55:19 +02:00
|
|
|
buffer_get(&c->input, (char *)&dest_port, 2);
|
|
|
|
|
dest_addr[addrlen] = '\0';
|
2013-06-01 23:31:17 +02:00
|
|
|
free(c->path);
|
|
|
|
|
c->path = NULL;
|
2009-01-28 06:29:49 +01:00
|
|
|
if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
|
2009-01-28 06:30:33 +01:00
|
|
|
if (addrlen >= NI_MAXHOST) {
|
2009-01-28 06:29:49 +01:00
|
|
|
error("channel %d: dynamic request: socks5 hostname "
|
|
|
|
|
"\"%.100s\" too long", c->self, dest_addr);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
c->path = xstrdup(dest_addr);
|
|
|
|
|
} else {
|
|
|
|
|
if (inet_ntop(af, dest_addr, ntop, sizeof(ntop)) == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
c->path = xstrdup(ntop);
|
|
|
|
|
}
|
2003-07-03 05:55:19 +02:00
|
|
|
c->host_port = ntohs(dest_port);
|
2003-11-21 13:56:47 +01:00
|
|
|
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
|
2003-07-03 05:55:19 +02:00
|
|
|
c->self, c->path, c->host_port, s5_req.command);
|
|
|
|
|
|
|
|
|
|
s5_rsp.version = 0x05;
|
|
|
|
|
s5_rsp.command = SSH_SOCKS5_SUCCESS;
|
|
|
|
|
s5_rsp.reserved = 0; /* ignored */
|
|
|
|
|
s5_rsp.atyp = SSH_SOCKS5_IPV4;
|
|
|
|
|
dest_port = 0; /* ignored */
|
|
|
|
|
|
2006-03-26 05:28:50 +02:00
|
|
|
buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp));
|
2013-09-14 01:49:43 +02:00
|
|
|
buffer_put_int(&c->output, ntohl(INADDR_ANY)); /* bind address */
|
2006-03-26 05:28:50 +02:00
|
|
|
buffer_append(&c->output, &dest_port, sizeof(dest_port));
|
2003-07-03 05:55:19 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-12 09:40:27 +01:00
|
|
|
Channel *
|
2010-01-26 03:26:22 +01:00
|
|
|
channel_connect_stdio_fwd(const char *host_to_connect, u_short port_to_connect,
|
|
|
|
|
int in, int out)
|
2010-01-12 09:40:27 +01:00
|
|
|
{
|
|
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
debug("channel_connect_stdio_fwd %s:%d", host_to_connect,
|
|
|
|
|
port_to_connect);
|
|
|
|
|
|
|
|
|
|
c = channel_new("stdio-forward", SSH_CHANNEL_OPENING, in, out,
|
|
|
|
|
-1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
|
|
|
|
0, "stdio-forward", /*nonblock*/0);
|
|
|
|
|
|
|
|
|
|
c->path = xstrdup(host_to_connect);
|
|
|
|
|
c->host_port = port_to_connect;
|
|
|
|
|
c->listening_port = 0;
|
|
|
|
|
c->force_drain = 1;
|
|
|
|
|
|
|
|
|
|
channel_register_fds(c, in, out, -1, 0, 1, 0);
|
|
|
|
|
port_open_helper(c, "direct-tcpip");
|
|
|
|
|
|
|
|
|
|
return c;
|
|
|
|
|
}
|
|
|
|
|
|
2001-04-11 17:57:50 +02:00
|
|
|
/* dynamic port forwarding */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset)
|
2001-04-11 17:57:50 +02:00
|
|
|
{
|
|
|
|
|
u_char *p;
|
2005-06-17 04:59:34 +02:00
|
|
|
u_int have;
|
|
|
|
|
int ret;
|
2001-04-11 17:57:50 +02:00
|
|
|
|
|
|
|
|
have = buffer_len(&c->input);
|
|
|
|
|
debug2("channel %d: pre_dynamic: have %d", c->self, have);
|
2001-04-11 18:08:34 +02:00
|
|
|
/* buffer_dump(&c->input); */
|
2001-04-11 17:57:50 +02:00
|
|
|
/* check if the fixed size part of the packet is in buffer. */
|
2003-07-03 05:55:19 +02:00
|
|
|
if (have < 3) {
|
2001-04-11 17:57:50 +02:00
|
|
|
/* need more */
|
|
|
|
|
FD_SET(c->sock, readset);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
/* try to guess the protocol */
|
|
|
|
|
p = buffer_ptr(&c->input);
|
|
|
|
|
switch (p[0]) {
|
2001-04-12 01:08:17 +02:00
|
|
|
case 0x04:
|
|
|
|
|
ret = channel_decode_socks4(c, readset, writeset);
|
|
|
|
|
break;
|
2003-07-03 05:55:19 +02:00
|
|
|
case 0x05:
|
|
|
|
|
ret = channel_decode_socks5(c, readset, writeset);
|
|
|
|
|
break;
|
2001-04-11 17:57:50 +02:00
|
|
|
default:
|
|
|
|
|
ret = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (ret < 0) {
|
2001-05-05 06:09:47 +02:00
|
|
|
chan_mark_dead(c);
|
2001-04-11 17:57:50 +02:00
|
|
|
} else if (ret == 0) {
|
|
|
|
|
debug2("channel %d: pre_dynamic: need more", c->self);
|
|
|
|
|
/* need more */
|
|
|
|
|
FD_SET(c->sock, readset);
|
|
|
|
|
} else {
|
|
|
|
|
/* switch to the next state */
|
|
|
|
|
c->type = SSH_CHANNEL_OPENING;
|
|
|
|
|
port_open_helper(c, "direct-tcpip");
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* This is our fake X11 server socket. */
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2001-05-05 06:09:47 +02:00
|
|
|
Channel *nc;
|
2008-07-14 03:28:58 +02:00
|
|
|
struct sockaddr_storage addr;
|
2013-04-23 07:20:43 +02:00
|
|
|
int newsock, oerrno;
|
2000-04-01 03:09:21 +02:00
|
|
|
socklen_t addrlen;
|
2001-01-29 23:19:34 +01:00
|
|
|
char buf[16384], *remote_ipaddr;
|
2000-04-30 02:00:53 +02:00
|
|
|
int remote_port;
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
if (FD_ISSET(c->sock, readset)) {
|
|
|
|
|
debug("X11 connection requested.");
|
|
|
|
|
addrlen = sizeof(addr);
|
2008-07-14 03:28:58 +02:00
|
|
|
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
|
2001-12-21 04:58:35 +01:00
|
|
|
if (c->single_connection) {
|
2013-04-23 07:20:43 +02:00
|
|
|
oerrno = errno;
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("single_connection: closing X11 listener.");
|
2001-12-21 04:58:35 +01:00
|
|
|
channel_close_fd(&c->sock);
|
|
|
|
|
chan_mark_dead(c);
|
2013-04-23 07:20:43 +02:00
|
|
|
errno = oerrno;
|
2001-12-21 04:58:35 +01:00
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
if (newsock < 0) {
|
2013-04-23 07:20:43 +02:00
|
|
|
if (errno != EINTR && errno != EWOULDBLOCK &&
|
|
|
|
|
errno != ECONNABORTED)
|
|
|
|
|
error("accept: %.100s", strerror(errno));
|
2012-04-22 03:21:10 +02:00
|
|
|
if (errno == EMFILE || errno == ENFILE)
|
2013-06-01 23:46:16 +02:00
|
|
|
c->notbefore = monotime() + 1;
|
2000-04-01 03:09:21 +02:00
|
|
|
return;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2002-02-05 01:52:13 +01:00
|
|
|
set_nodelay(newsock);
|
2001-01-29 23:19:34 +01:00
|
|
|
remote_ipaddr = get_peer_ipaddr(newsock);
|
2000-04-30 02:00:53 +02:00
|
|
|
remote_port = get_peer_port(newsock);
|
2000-04-01 03:09:21 +02:00
|
|
|
snprintf(buf, sizeof buf, "X11 connection from %.200s port %d",
|
2001-01-29 23:19:34 +01:00
|
|
|
remote_ipaddr, remote_port);
|
2000-04-30 02:00:53 +02:00
|
|
|
|
2001-05-05 06:09:47 +02:00
|
|
|
nc = channel_new("accepted x11 socket",
|
2000-04-30 02:00:53 +02:00
|
|
|
SSH_CHANNEL_OPENING, newsock, newsock, -1,
|
2003-05-14 05:45:42 +02:00
|
|
|
c->local_window_max, c->local_maxpacket, 0, buf, 1);
|
2000-04-30 02:00:53 +02:00
|
|
|
if (compat20) {
|
|
|
|
|
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
|
|
|
|
packet_put_cstring("x11");
|
2001-05-05 06:09:47 +02:00
|
|
|
packet_put_int(nc->self);
|
2001-12-21 04:58:35 +01:00
|
|
|
packet_put_int(nc->local_window_max);
|
|
|
|
|
packet_put_int(nc->local_maxpacket);
|
2001-01-29 23:19:34 +01:00
|
|
|
/* originator ipaddr and port */
|
|
|
|
|
packet_put_cstring(remote_ipaddr);
|
2000-05-09 03:02:59 +02:00
|
|
|
if (datafellows & SSH_BUG_X11FWD) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("ssh2 x11 bug compat mode");
|
2000-05-09 03:02:59 +02:00
|
|
|
} else {
|
|
|
|
|
packet_put_int(remote_port);
|
|
|
|
|
}
|
2000-04-30 02:00:53 +02:00
|
|
|
packet_send();
|
|
|
|
|
} else {
|
|
|
|
|
packet_start(SSH_SMSG_X11_OPEN);
|
2001-05-05 06:09:47 +02:00
|
|
|
packet_put_int(nc->self);
|
2001-06-09 02:41:05 +02:00
|
|
|
if (packet_get_protocol_flags() &
|
|
|
|
|
SSH_PROTOFLAG_HOST_IN_FWD_OPEN)
|
2001-06-09 03:42:01 +02:00
|
|
|
packet_put_cstring(buf);
|
2000-04-30 02:00:53 +02:00
|
|
|
packet_send();
|
|
|
|
|
}
|
2013-06-01 23:31:17 +02:00
|
|
|
free(remote_ipaddr);
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2001-04-08 20:30:26 +02:00
|
|
|
port_open_helper(Channel *c, char *rtype)
|
|
|
|
|
{
|
|
|
|
|
char buf[1024];
|
2013-12-29 07:45:26 +01:00
|
|
|
char *local_ipaddr = get_local_ipaddr(c->sock);
|
2016-03-07 20:02:43 +01:00
|
|
|
int local_port = c->sock == -1 ? 65536 : get_local_port(c->sock);
|
2001-04-08 20:30:26 +02:00
|
|
|
char *remote_ipaddr = get_peer_ipaddr(c->sock);
|
2005-06-17 04:55:03 +02:00
|
|
|
int remote_port = get_peer_port(c->sock);
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2010-02-02 07:02:07 +01:00
|
|
|
if (remote_port == -1) {
|
|
|
|
|
/* Fake addr/port to appease peers that validate it (Tectia) */
|
2013-06-01 23:31:17 +02:00
|
|
|
free(remote_ipaddr);
|
2010-02-02 07:02:07 +01:00
|
|
|
remote_ipaddr = xstrdup("127.0.0.1");
|
|
|
|
|
remote_port = 65535;
|
|
|
|
|
}
|
|
|
|
|
|
2001-04-08 20:30:26 +02:00
|
|
|
snprintf(buf, sizeof buf,
|
|
|
|
|
"%s: listening port %d for %.100s port %d, "
|
2013-12-29 07:45:26 +01:00
|
|
|
"connect from %.200s port %d to %.100s port %d",
|
2001-04-08 20:30:26 +02:00
|
|
|
rtype, c->listening_port, c->path, c->host_port,
|
2013-12-29 07:45:26 +01:00
|
|
|
remote_ipaddr, remote_port, local_ipaddr, local_port);
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2013-06-01 23:31:17 +02:00
|
|
|
free(c->remote_name);
|
2001-04-08 20:30:26 +02:00
|
|
|
c->remote_name = xstrdup(buf);
|
|
|
|
|
|
|
|
|
|
if (compat20) {
|
|
|
|
|
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
|
|
|
|
packet_put_cstring(rtype);
|
|
|
|
|
packet_put_int(c->self);
|
|
|
|
|
packet_put_int(c->local_window_max);
|
|
|
|
|
packet_put_int(c->local_maxpacket);
|
2014-07-18 06:11:24 +02:00
|
|
|
if (strcmp(rtype, "direct-tcpip") == 0) {
|
2001-04-08 20:30:26 +02:00
|
|
|
/* target host, port */
|
|
|
|
|
packet_put_cstring(c->path);
|
|
|
|
|
packet_put_int(c->host_port);
|
2014-07-18 06:11:24 +02:00
|
|
|
} else if (strcmp(rtype, "direct-streamlocal@openssh.com") == 0) {
|
|
|
|
|
/* target path */
|
|
|
|
|
packet_put_cstring(c->path);
|
|
|
|
|
} else if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) {
|
|
|
|
|
/* listen path */
|
|
|
|
|
packet_put_cstring(c->path);
|
2001-04-08 20:30:26 +02:00
|
|
|
} else {
|
|
|
|
|
/* listen address, port */
|
|
|
|
|
packet_put_cstring(c->path);
|
2013-12-29 07:45:26 +01:00
|
|
|
packet_put_int(local_port);
|
2001-04-08 20:30:26 +02:00
|
|
|
}
|
2014-07-18 06:11:24 +02:00
|
|
|
if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) {
|
|
|
|
|
/* reserved for future owner/mode info */
|
|
|
|
|
packet_put_cstring("");
|
|
|
|
|
} else {
|
|
|
|
|
/* originator host and port */
|
|
|
|
|
packet_put_cstring(remote_ipaddr);
|
|
|
|
|
packet_put_int((u_int)remote_port);
|
|
|
|
|
}
|
2001-04-08 20:30:26 +02:00
|
|
|
packet_send();
|
|
|
|
|
} else {
|
|
|
|
|
packet_start(SSH_MSG_PORT_OPEN);
|
|
|
|
|
packet_put_int(c->self);
|
|
|
|
|
packet_put_cstring(c->path);
|
|
|
|
|
packet_put_int(c->host_port);
|
2001-06-09 02:41:05 +02:00
|
|
|
if (packet_get_protocol_flags() &
|
|
|
|
|
SSH_PROTOFLAG_HOST_IN_FWD_OPEN)
|
2001-04-08 20:30:26 +02:00
|
|
|
packet_put_cstring(c->remote_name);
|
|
|
|
|
packet_send();
|
|
|
|
|
}
|
2013-06-01 23:31:17 +02:00
|
|
|
free(remote_ipaddr);
|
2013-12-29 07:45:26 +01:00
|
|
|
free(local_ipaddr);
|
2001-04-08 20:30:26 +02:00
|
|
|
}
|
|
|
|
|
|
2005-11-05 04:53:39 +01:00
|
|
|
static void
|
|
|
|
|
channel_set_reuseaddr(int fd)
|
|
|
|
|
{
|
|
|
|
|
int on = 1;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set socket options.
|
|
|
|
|
* Allow local port reuse in TIME_WAIT.
|
|
|
|
|
*/
|
|
|
|
|
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
|
|
|
|
|
error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-01 04:26:31 +02:00
|
|
|
void
|
|
|
|
|
channel_set_x11_refuse_time(u_int refuse_time)
|
|
|
|
|
{
|
|
|
|
|
x11_refuse_time = refuse_time;
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
2000-04-01 03:09:21 +02:00
|
|
|
* This socket is listening for connections to a forwarded TCP/IP port.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2001-04-08 20:30:26 +02:00
|
|
|
Channel *nc;
|
2008-07-14 03:28:58 +02:00
|
|
|
struct sockaddr_storage addr;
|
2001-05-05 06:09:47 +02:00
|
|
|
int newsock, nextstate;
|
2000-04-01 03:09:21 +02:00
|
|
|
socklen_t addrlen;
|
2001-04-08 20:30:26 +02:00
|
|
|
char *rtype;
|
2000-11-13 12:57:25 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
if (FD_ISSET(c->sock, readset)) {
|
|
|
|
|
debug("Connection to port %d forwarding "
|
|
|
|
|
"to %.100s port %d requested.",
|
|
|
|
|
c->listening_port, c->path, c->host_port);
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2001-10-10 07:03:58 +02:00
|
|
|
if (c->type == SSH_CHANNEL_RPORT_LISTENER) {
|
|
|
|
|
nextstate = SSH_CHANNEL_OPENING;
|
|
|
|
|
rtype = "forwarded-tcpip";
|
2014-07-18 06:11:24 +02:00
|
|
|
} else if (c->type == SSH_CHANNEL_RUNIX_LISTENER) {
|
|
|
|
|
nextstate = SSH_CHANNEL_OPENING;
|
|
|
|
|
rtype = "forwarded-streamlocal@openssh.com";
|
|
|
|
|
} else if (c->host_port == PORT_STREAMLOCAL) {
|
|
|
|
|
nextstate = SSH_CHANNEL_OPENING;
|
|
|
|
|
rtype = "direct-streamlocal@openssh.com";
|
|
|
|
|
} else if (c->host_port == 0) {
|
|
|
|
|
nextstate = SSH_CHANNEL_DYNAMIC;
|
|
|
|
|
rtype = "dynamic-tcpip";
|
2001-10-10 07:03:58 +02:00
|
|
|
} else {
|
2014-07-18 06:11:24 +02:00
|
|
|
nextstate = SSH_CHANNEL_OPENING;
|
|
|
|
|
rtype = "direct-tcpip";
|
2001-10-10 07:03:58 +02:00
|
|
|
}
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
addrlen = sizeof(addr);
|
2008-07-14 03:28:58 +02:00
|
|
|
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
|
2000-04-01 03:09:21 +02:00
|
|
|
if (newsock < 0) {
|
2013-04-23 07:20:43 +02:00
|
|
|
if (errno != EINTR && errno != EWOULDBLOCK &&
|
|
|
|
|
errno != ECONNABORTED)
|
|
|
|
|
error("accept: %.100s", strerror(errno));
|
2012-04-22 03:21:10 +02:00
|
|
|
if (errno == EMFILE || errno == ENFILE)
|
2013-06-01 23:46:16 +02:00
|
|
|
c->notbefore = monotime() + 1;
|
2000-04-01 03:09:21 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2014-07-18 06:11:24 +02:00
|
|
|
if (c->host_port != PORT_STREAMLOCAL)
|
|
|
|
|
set_nodelay(newsock);
|
2003-05-14 05:45:42 +02:00
|
|
|
nc = channel_new(rtype, nextstate, newsock, newsock, -1,
|
|
|
|
|
c->local_window_max, c->local_maxpacket, 0, rtype, 1);
|
2001-04-08 20:30:26 +02:00
|
|
|
nc->listening_port = c->listening_port;
|
|
|
|
|
nc->host_port = c->host_port;
|
2009-01-28 06:29:49 +01:00
|
|
|
if (c->path != NULL)
|
|
|
|
|
nc->path = xstrdup(c->path);
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2010-01-08 07:08:00 +01:00
|
|
|
if (nextstate != SSH_CHANNEL_DYNAMIC)
|
2001-04-08 20:30:26 +02:00
|
|
|
port_open_helper(nc, rtype);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
}
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* This is the authentication agent socket listening for connections from
|
|
|
|
|
* clients.
|
|
|
|
|
*/
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2001-05-05 06:09:47 +02:00
|
|
|
Channel *nc;
|
|
|
|
|
int newsock;
|
2008-07-14 03:28:58 +02:00
|
|
|
struct sockaddr_storage addr;
|
2000-01-14 05:45:46 +01:00
|
|
|
socklen_t addrlen;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
if (FD_ISSET(c->sock, readset)) {
|
|
|
|
|
addrlen = sizeof(addr);
|
2008-07-14 03:28:58 +02:00
|
|
|
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
|
2000-04-01 03:09:21 +02:00
|
|
|
if (newsock < 0) {
|
2012-04-22 03:21:10 +02:00
|
|
|
error("accept from auth socket: %.100s",
|
|
|
|
|
strerror(errno));
|
|
|
|
|
if (errno == EMFILE || errno == ENFILE)
|
2013-06-01 23:46:16 +02:00
|
|
|
c->notbefore = monotime() + 1;
|
2000-04-01 03:09:21 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2001-05-05 06:09:47 +02:00
|
|
|
nc = channel_new("accepted auth socket",
|
2000-11-13 12:57:25 +01:00
|
|
|
SSH_CHANNEL_OPENING, newsock, newsock, -1,
|
|
|
|
|
c->local_window_max, c->local_maxpacket,
|
2003-05-14 05:45:42 +02:00
|
|
|
0, "accepted auth socket", 1);
|
2000-11-13 12:57:25 +01:00
|
|
|
if (compat20) {
|
|
|
|
|
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
|
|
|
|
packet_put_cstring("auth-agent@openssh.com");
|
2001-05-05 06:09:47 +02:00
|
|
|
packet_put_int(nc->self);
|
2000-11-13 12:57:25 +01:00
|
|
|
packet_put_int(c->local_window_max);
|
|
|
|
|
packet_put_int(c->local_maxpacket);
|
|
|
|
|
} else {
|
|
|
|
|
packet_start(SSH_SMSG_AGENT_OPEN);
|
2001-05-05 06:09:47 +02:00
|
|
|
packet_put_int(nc->self);
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
packet_send();
|
|
|
|
|
}
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-12-06 02:42:49 +01:00
|
|
|
{
|
2008-05-19 07:37:09 +02:00
|
|
|
int err = 0, sock;
|
2001-07-04 07:13:35 +02:00
|
|
|
socklen_t sz = sizeof(err);
|
2001-05-08 22:07:39 +02:00
|
|
|
|
2000-12-06 02:42:49 +01:00
|
|
|
if (FD_ISSET(c->sock, writeset)) {
|
2002-03-05 02:31:28 +01:00
|
|
|
if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) {
|
2001-05-08 22:07:39 +02:00
|
|
|
err = errno;
|
|
|
|
|
error("getsockopt SO_ERROR failed");
|
|
|
|
|
}
|
|
|
|
|
if (err == 0) {
|
2008-05-19 07:37:09 +02:00
|
|
|
debug("channel %d: connected to %s port %d",
|
|
|
|
|
c->self, c->connect_ctx.host, c->connect_ctx.port);
|
|
|
|
|
channel_connect_ctx_free(&c->connect_ctx);
|
2001-05-08 22:07:39 +02:00
|
|
|
c->type = SSH_CHANNEL_OPEN;
|
|
|
|
|
if (compat20) {
|
|
|
|
|
packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_int(c->self);
|
|
|
|
|
packet_put_int(c->local_window);
|
|
|
|
|
packet_put_int(c->local_maxpacket);
|
|
|
|
|
} else {
|
|
|
|
|
packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_int(c->self);
|
|
|
|
|
}
|
2000-12-06 02:42:49 +01:00
|
|
|
} else {
|
2008-05-19 07:37:09 +02:00
|
|
|
debug("channel %d: connection failed: %s",
|
2001-05-08 22:07:39 +02:00
|
|
|
c->self, strerror(err));
|
2008-05-19 07:37:09 +02:00
|
|
|
/* Try next address, if any */
|
|
|
|
|
if ((sock = connect_next(&c->connect_ctx)) > 0) {
|
|
|
|
|
close(c->sock);
|
|
|
|
|
c->sock = c->rfd = c->wfd = sock;
|
|
|
|
|
channel_max_fd = channel_find_maxfd();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
/* Exhausted all addresses */
|
|
|
|
|
error("connect_to %.100s port %d: failed.",
|
|
|
|
|
c->connect_ctx.host, c->connect_ctx.port);
|
|
|
|
|
channel_connect_ctx_free(&c->connect_ctx);
|
2001-05-08 22:07:39 +02:00
|
|
|
if (compat20) {
|
|
|
|
|
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_int(SSH2_OPEN_CONNECT_FAILED);
|
|
|
|
|
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
|
|
|
|
|
packet_put_cstring(strerror(err));
|
|
|
|
|
packet_put_cstring("");
|
|
|
|
|
}
|
2000-12-06 02:42:49 +01:00
|
|
|
} else {
|
2001-05-08 22:07:39 +02:00
|
|
|
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
|
|
|
|
|
packet_put_int(c->remote_id);
|
2000-12-06 02:42:49 +01:00
|
|
|
}
|
2001-05-08 22:07:39 +02:00
|
|
|
chan_mark_dead(c);
|
2000-12-06 02:42:49 +01:00
|
|
|
}
|
2001-05-08 22:07:39 +02:00
|
|
|
packet_send();
|
2000-12-06 02:42:49 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2005-03-14 13:22:25 +01:00
|
|
|
char buf[CHAN_RBUF];
|
2007-06-11 05:03:16 +02:00
|
|
|
int len, force;
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2007-06-11 05:03:16 +02:00
|
|
|
force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED;
|
|
|
|
|
if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) {
|
2006-06-23 13:24:12 +02:00
|
|
|
errno = 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
len = read(c->rfd, buf, sizeof(buf));
|
2008-07-04 15:10:49 +02:00
|
|
|
if (len < 0 && (errno == EINTR ||
|
|
|
|
|
((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
|
2000-05-02 01:23:45 +02:00
|
|
|
return 1;
|
2006-06-23 13:24:12 +02:00
|
|
|
#ifndef PTY_ZEROREAD
|
2000-04-01 03:09:21 +02:00
|
|
|
if (len <= 0) {
|
2006-06-23 13:24:12 +02:00
|
|
|
#else
|
2006-06-25 00:25:25 +02:00
|
|
|
if ((!c->isatty && len <= 0) ||
|
|
|
|
|
(c->isatty && (len < 0 || (len == 0 && errno != 0)))) {
|
2006-06-23 13:24:12 +02:00
|
|
|
#endif
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: read<=0 rfd %d len %d",
|
2000-04-01 03:09:21 +02:00
|
|
|
c->self, c->rfd, len);
|
2001-04-11 17:57:50 +02:00
|
|
|
if (c->type != SSH_CHANNEL_OPEN) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: not open", c->self);
|
2001-05-05 06:09:47 +02:00
|
|
|
chan_mark_dead(c);
|
2001-04-08 20:30:26 +02:00
|
|
|
return -1;
|
2001-04-11 17:57:50 +02:00
|
|
|
} else if (compat13) {
|
2002-01-22 13:21:15 +01:00
|
|
|
buffer_clear(&c->output);
|
2000-04-01 03:09:21 +02:00
|
|
|
c->type = SSH_CHANNEL_INPUT_DRAINING;
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: input draining.", c->self);
|
2000-04-01 03:09:21 +02:00
|
|
|
} else {
|
|
|
|
|
chan_read_failed(c);
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2001-12-06 19:00:18 +01:00
|
|
|
if (c->input_filter != NULL) {
|
2000-08-23 02:46:23 +02:00
|
|
|
if (c->input_filter(c, buf, len) == -1) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: filter stops", c->self);
|
2000-08-23 02:46:23 +02:00
|
|
|
chan_read_failed(c);
|
|
|
|
|
}
|
2005-12-13 09:29:02 +01:00
|
|
|
} else if (c->datagram) {
|
|
|
|
|
buffer_put_string(&c->input, buf, len);
|
2000-08-23 02:46:23 +02:00
|
|
|
} else {
|
|
|
|
|
buffer_append(&c->input, buf, len);
|
|
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2006-03-26 05:10:14 +02:00
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2001-03-05 07:28:06 +01:00
|
|
|
struct termios tio;
|
2005-12-31 06:22:32 +01:00
|
|
|
u_char *data = NULL, *buf;
|
2010-08-05 15:09:48 +02:00
|
|
|
u_int dlen, olen = 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
int len;
|
|
|
|
|
|
|
|
|
|
/* Send buffered output data to the socket. */
|
2001-06-05 22:52:50 +02:00
|
|
|
if (c->wfd != -1 &&
|
2000-04-01 03:09:21 +02:00
|
|
|
FD_ISSET(c->wfd, writeset) &&
|
|
|
|
|
buffer_len(&c->output) > 0) {
|
2010-08-05 15:09:48 +02:00
|
|
|
olen = buffer_len(&c->output);
|
2005-12-31 06:22:32 +01:00
|
|
|
if (c->output_filter != NULL) {
|
|
|
|
|
if ((buf = c->output_filter(c, &data, &dlen)) == NULL) {
|
|
|
|
|
debug2("channel %d: filter stops", c->self);
|
2006-01-31 11:47:15 +01:00
|
|
|
if (c->type != SSH_CHANNEL_OPEN)
|
|
|
|
|
chan_mark_dead(c);
|
|
|
|
|
else
|
|
|
|
|
chan_write_failed(c);
|
|
|
|
|
return -1;
|
2005-12-31 06:22:32 +01:00
|
|
|
}
|
|
|
|
|
} else if (c->datagram) {
|
|
|
|
|
buf = data = buffer_get_string(&c->output, &dlen);
|
|
|
|
|
} else {
|
|
|
|
|
buf = data = buffer_ptr(&c->output);
|
|
|
|
|
dlen = buffer_len(&c->output);
|
|
|
|
|
}
|
|
|
|
|
|
2005-12-13 09:29:02 +01:00
|
|
|
if (c->datagram) {
|
|
|
|
|
/* ignore truncated writes, datagrams might get lost */
|
2005-12-31 06:22:32 +01:00
|
|
|
len = write(c->wfd, buf, dlen);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(data);
|
2008-07-04 15:10:49 +02:00
|
|
|
if (len < 0 && (errno == EINTR || errno == EAGAIN ||
|
|
|
|
|
errno == EWOULDBLOCK))
|
2005-12-13 09:29:02 +01:00
|
|
|
return 1;
|
|
|
|
|
if (len <= 0) {
|
|
|
|
|
if (c->type != SSH_CHANNEL_OPEN)
|
|
|
|
|
chan_mark_dead(c);
|
|
|
|
|
else
|
|
|
|
|
chan_write_failed(c);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2010-08-05 15:09:48 +02:00
|
|
|
goto out;
|
2005-12-13 09:29:02 +01:00
|
|
|
}
|
2002-07-04 20:11:09 +02:00
|
|
|
#ifdef _AIX
|
2003-11-21 13:48:55 +01:00
|
|
|
/* XXX: Later AIX versions can't push as much data to tty */
|
2003-11-22 04:10:02 +01:00
|
|
|
if (compat20 && c->wfd_isatty)
|
|
|
|
|
dlen = MIN(dlen, 8*1024);
|
2002-07-04 20:11:09 +02:00
|
|
|
#endif
|
2005-12-31 06:22:32 +01:00
|
|
|
|
|
|
|
|
len = write(c->wfd, buf, dlen);
|
2008-07-04 15:10:49 +02:00
|
|
|
if (len < 0 &&
|
|
|
|
|
(errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
|
2000-05-02 01:23:45 +02:00
|
|
|
return 1;
|
2000-04-01 03:09:21 +02:00
|
|
|
if (len <= 0) {
|
2001-04-11 17:57:50 +02:00
|
|
|
if (c->type != SSH_CHANNEL_OPEN) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: not open", c->self);
|
2001-05-05 06:09:47 +02:00
|
|
|
chan_mark_dead(c);
|
2001-04-11 17:57:50 +02:00
|
|
|
return -1;
|
|
|
|
|
} else if (compat13) {
|
2002-01-22 13:21:15 +01:00
|
|
|
buffer_clear(&c->output);
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: input draining.", c->self);
|
2000-04-01 03:09:21 +02:00
|
|
|
c->type = SSH_CHANNEL_INPUT_DRAINING;
|
|
|
|
|
} else {
|
|
|
|
|
chan_write_failed(c);
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2009-08-28 03:02:37 +02:00
|
|
|
#ifndef BROKEN_TCGETATTR_ICANON
|
2005-12-31 06:22:32 +01:00
|
|
|
if (compat20 && c->isatty && dlen >= 1 && buf[0] != '\r') {
|
2001-02-16 02:34:57 +01:00
|
|
|
if (tcgetattr(c->wfd, &tio) == 0 &&
|
|
|
|
|
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
|
|
|
|
|
/*
|
|
|
|
|
* Simulate echo to reduce the impact of
|
2001-03-05 07:29:44 +01:00
|
|
|
* traffic analysis. We need to match the
|
2001-03-05 07:28:06 +01:00
|
|
|
* size of a SSH2_MSG_CHANNEL_DATA message
|
2005-12-31 06:22:32 +01:00
|
|
|
* (4 byte channel id + buf)
|
2001-02-16 02:34:57 +01:00
|
|
|
*/
|
2001-03-05 07:28:06 +01:00
|
|
|
packet_send_ignore(4 + len);
|
2001-02-16 02:34:57 +01:00
|
|
|
packet_send();
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-08-28 03:02:37 +02:00
|
|
|
#endif
|
2000-04-01 03:09:21 +02:00
|
|
|
buffer_consume(&c->output, len);
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2010-08-05 15:09:48 +02:00
|
|
|
out:
|
|
|
|
|
if (compat20 && olen > 0)
|
|
|
|
|
c->local_consumed += olen - buffer_len(&c->output);
|
2000-04-04 06:38:59 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
2006-03-26 05:10:14 +02:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-04 06:38:59 +02:00
|
|
|
{
|
2005-03-14 13:22:25 +01:00
|
|
|
char buf[CHAN_RBUF];
|
2000-04-04 06:38:59 +02:00
|
|
|
int len;
|
|
|
|
|
|
2000-04-06 04:32:37 +02:00
|
|
|
/** XXX handle drain efd, too */
|
2000-04-04 06:38:59 +02:00
|
|
|
if (c->efd != -1) {
|
|
|
|
|
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
|
|
|
|
|
FD_ISSET(c->efd, writeset) &&
|
|
|
|
|
buffer_len(&c->extended) > 0) {
|
|
|
|
|
len = write(c->efd, buffer_ptr(&c->extended),
|
|
|
|
|
buffer_len(&c->extended));
|
2000-09-30 05:20:03 +02:00
|
|
|
debug2("channel %d: written %d to efd %d",
|
2000-04-04 06:38:59 +02:00
|
|
|
c->self, len, c->efd);
|
2008-07-04 15:10:49 +02:00
|
|
|
if (len < 0 && (errno == EINTR || errno == EAGAIN ||
|
|
|
|
|
errno == EWOULDBLOCK))
|
2001-03-05 07:16:11 +01:00
|
|
|
return 1;
|
|
|
|
|
if (len <= 0) {
|
|
|
|
|
debug2("channel %d: closing write-efd %d",
|
|
|
|
|
c->self, c->efd);
|
2001-07-18 18:01:46 +02:00
|
|
|
channel_close_fd(&c->efd);
|
2001-03-05 07:16:11 +01:00
|
|
|
} else {
|
2000-04-04 06:38:59 +02:00
|
|
|
buffer_consume(&c->extended, len);
|
|
|
|
|
c->local_consumed += len;
|
|
|
|
|
}
|
2010-06-26 02:00:14 +02:00
|
|
|
} else if (c->efd != -1 &&
|
|
|
|
|
(c->extended_usage == CHAN_EXTENDED_READ ||
|
|
|
|
|
c->extended_usage == CHAN_EXTENDED_IGNORE) &&
|
2007-01-29 00:16:28 +01:00
|
|
|
(c->detach_close || FD_ISSET(c->efd, readset))) {
|
2000-04-04 06:38:59 +02:00
|
|
|
len = read(c->efd, buf, sizeof(buf));
|
2000-09-30 05:20:03 +02:00
|
|
|
debug2("channel %d: read %d from efd %d",
|
2001-12-21 04:45:46 +01:00
|
|
|
c->self, len, c->efd);
|
2008-07-04 15:10:49 +02:00
|
|
|
if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
|
|
|
|
|
errno == EWOULDBLOCK) && !c->detach_close)))
|
2001-03-05 07:16:11 +01:00
|
|
|
return 1;
|
|
|
|
|
if (len <= 0) {
|
|
|
|
|
debug2("channel %d: closing read-efd %d",
|
2000-04-06 04:32:37 +02:00
|
|
|
c->self, c->efd);
|
2001-07-18 18:01:46 +02:00
|
|
|
channel_close_fd(&c->efd);
|
2001-03-05 07:16:11 +01:00
|
|
|
} else {
|
2010-06-26 02:00:14 +02:00
|
|
|
if (c->extended_usage == CHAN_EXTENDED_IGNORE) {
|
|
|
|
|
debug3("channel %d: discard efd",
|
|
|
|
|
c->self);
|
|
|
|
|
} else
|
|
|
|
|
buffer_append(&c->extended, buf, len);
|
2001-03-05 07:16:11 +01:00
|
|
|
}
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2006-03-26 05:10:14 +02:00
|
|
|
|
2004-06-15 02:34:08 +02:00
|
|
|
static int
|
2001-03-05 07:16:11 +01:00
|
|
|
channel_check_window(Channel *c)
|
2000-04-04 06:38:59 +02:00
|
|
|
{
|
2001-04-11 17:57:50 +02:00
|
|
|
if (c->type == SSH_CHANNEL_OPEN &&
|
|
|
|
|
!(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
|
2007-06-25 11:04:46 +02:00
|
|
|
((c->local_window_max - c->local_window >
|
2007-06-11 10:33:15 +02:00
|
|
|
c->local_maxpacket*3) ||
|
|
|
|
|
c->local_window < c->local_window_max/2) &&
|
2000-04-04 06:38:59 +02:00
|
|
|
c->local_consumed > 0) {
|
|
|
|
|
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_int(c->local_consumed);
|
|
|
|
|
packet_send();
|
2000-09-30 05:20:03 +02:00
|
|
|
debug2("channel %d: window %d sent adjust %d",
|
2000-04-04 06:38:59 +02:00
|
|
|
c->self, c->local_window,
|
|
|
|
|
c->local_consumed);
|
|
|
|
|
c->local_window += c->local_consumed;
|
|
|
|
|
c->local_consumed = 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_post_open(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
channel_handle_rfd(c, readset, writeset);
|
|
|
|
|
channel_handle_wfd(c, readset, writeset);
|
2002-01-22 13:20:40 +01:00
|
|
|
if (!compat20)
|
2001-10-10 07:03:58 +02:00
|
|
|
return;
|
2000-04-04 06:38:59 +02:00
|
|
|
channel_handle_efd(c, readset, writeset);
|
2001-03-05 07:16:11 +01:00
|
|
|
channel_check_window(c);
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
|
|
|
|
|
2010-01-26 03:26:22 +01:00
|
|
|
static u_int
|
|
|
|
|
read_mux(Channel *c, u_int need)
|
|
|
|
|
{
|
|
|
|
|
char buf[CHAN_RBUF];
|
|
|
|
|
int len;
|
|
|
|
|
u_int rlen;
|
|
|
|
|
|
|
|
|
|
if (buffer_len(&c->input) < need) {
|
|
|
|
|
rlen = need - buffer_len(&c->input);
|
2016-09-12 03:22:38 +02:00
|
|
|
len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF));
|
2016-02-05 14:28:19 +01:00
|
|
|
if (len < 0 && (errno == EINTR || errno == EAGAIN))
|
|
|
|
|
return buffer_len(&c->input);
|
2010-01-26 03:26:22 +01:00
|
|
|
if (len <= 0) {
|
2016-02-05 14:28:19 +01:00
|
|
|
debug2("channel %d: ctl read<=0 rfd %d len %d",
|
|
|
|
|
c->self, c->rfd, len);
|
|
|
|
|
chan_read_failed(c);
|
|
|
|
|
return 0;
|
2010-01-26 03:26:22 +01:00
|
|
|
} else
|
|
|
|
|
buffer_append(&c->input, buf, len);
|
|
|
|
|
}
|
|
|
|
|
return buffer_len(&c->input);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
channel_post_mux_client(Channel *c, fd_set *readset, fd_set *writeset)
|
|
|
|
|
{
|
|
|
|
|
u_int need;
|
|
|
|
|
ssize_t len;
|
|
|
|
|
|
|
|
|
|
if (!compat20)
|
|
|
|
|
fatal("%s: entered with !compat20", __func__);
|
|
|
|
|
|
2010-05-21 06:57:10 +02:00
|
|
|
if (c->rfd != -1 && !c->mux_pause && FD_ISSET(c->rfd, readset) &&
|
2010-01-26 03:26:22 +01:00
|
|
|
(c->istate == CHAN_INPUT_OPEN ||
|
|
|
|
|
c->istate == CHAN_INPUT_WAIT_DRAIN)) {
|
|
|
|
|
/*
|
|
|
|
|
* Don't not read past the precise end of packets to
|
|
|
|
|
* avoid disrupting fd passing.
|
|
|
|
|
*/
|
|
|
|
|
if (read_mux(c, 4) < 4) /* read header */
|
|
|
|
|
return;
|
|
|
|
|
need = get_u32(buffer_ptr(&c->input));
|
|
|
|
|
#define CHANNEL_MUX_MAX_PACKET (256 * 1024)
|
|
|
|
|
if (need > CHANNEL_MUX_MAX_PACKET) {
|
|
|
|
|
debug2("channel %d: packet too big %u > %u",
|
|
|
|
|
c->self, CHANNEL_MUX_MAX_PACKET, need);
|
|
|
|
|
chan_rcvd_oclose(c);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (read_mux(c, need + 4) < need + 4) /* read body */
|
|
|
|
|
return;
|
|
|
|
|
if (c->mux_rcb(c) != 0) {
|
|
|
|
|
debug("channel %d: mux_rcb failed", c->self);
|
|
|
|
|
chan_mark_dead(c);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (c->wfd != -1 && FD_ISSET(c->wfd, writeset) &&
|
|
|
|
|
buffer_len(&c->output) > 0) {
|
|
|
|
|
len = write(c->wfd, buffer_ptr(&c->output),
|
|
|
|
|
buffer_len(&c->output));
|
|
|
|
|
if (len < 0 && (errno == EINTR || errno == EAGAIN))
|
|
|
|
|
return;
|
|
|
|
|
if (len <= 0) {
|
|
|
|
|
chan_mark_dead(c);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
buffer_consume(&c->output, len);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
|
|
|
|
{
|
|
|
|
|
Channel *nc;
|
|
|
|
|
struct sockaddr_storage addr;
|
|
|
|
|
socklen_t addrlen;
|
|
|
|
|
int newsock;
|
|
|
|
|
uid_t euid;
|
|
|
|
|
gid_t egid;
|
|
|
|
|
|
|
|
|
|
if (!FD_ISSET(c->sock, readset))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
debug("multiplexing control connection");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Accept connection on control socket
|
|
|
|
|
*/
|
|
|
|
|
memset(&addr, 0, sizeof(addr));
|
|
|
|
|
addrlen = sizeof(addr);
|
|
|
|
|
if ((newsock = accept(c->sock, (struct sockaddr*)&addr,
|
|
|
|
|
&addrlen)) == -1) {
|
|
|
|
|
error("%s accept: %s", __func__, strerror(errno));
|
2012-04-22 03:21:10 +02:00
|
|
|
if (errno == EMFILE || errno == ENFILE)
|
2013-06-01 23:46:16 +02:00
|
|
|
c->notbefore = monotime() + 1;
|
2010-01-26 03:26:22 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (getpeereid(newsock, &euid, &egid) < 0) {
|
|
|
|
|
error("%s getpeereid failed: %s", __func__,
|
|
|
|
|
strerror(errno));
|
|
|
|
|
close(newsock);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if ((euid != 0) && (getuid() != euid)) {
|
|
|
|
|
error("multiplex uid mismatch: peer euid %u != uid %u",
|
|
|
|
|
(u_int)euid, (u_int)getuid());
|
|
|
|
|
close(newsock);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
nc = channel_new("multiplex client", SSH_CHANNEL_MUX_CLIENT,
|
|
|
|
|
newsock, newsock, -1, c->local_window_max,
|
|
|
|
|
c->local_maxpacket, 0, "mux-control", 1);
|
|
|
|
|
nc->mux_rcb = c->mux_rcb;
|
|
|
|
|
debug3("%s: new mux channel %d fd %d", __func__,
|
|
|
|
|
nc->self, nc->sock);
|
|
|
|
|
/* establish state */
|
|
|
|
|
nc->mux_rcb(nc);
|
|
|
|
|
/* mux state transitions must not elicit protocol messages */
|
|
|
|
|
nc->flags |= CHAN_LOCAL;
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_post_output_drain_13(Channel *c, fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
int len;
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Send buffered output data to the socket. */
|
|
|
|
|
if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) {
|
|
|
|
|
len = write(c->sock, buffer_ptr(&c->output),
|
|
|
|
|
buffer_len(&c->output));
|
|
|
|
|
if (len <= 0)
|
2002-01-22 13:21:15 +01:00
|
|
|
buffer_clear(&c->output);
|
2000-04-01 03:09:21 +02:00
|
|
|
else
|
|
|
|
|
buffer_consume(&c->output, len);
|
|
|
|
|
}
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-04-04 06:38:59 +02:00
|
|
|
channel_handler_init_20(void)
|
|
|
|
|
{
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open;
|
2000-04-30 02:00:53 +02:00
|
|
|
channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open;
|
2000-04-04 06:38:59 +02:00
|
|
|
channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
|
2000-11-13 12:57:25 +01:00
|
|
|
channel_pre[SSH_CHANNEL_RPORT_LISTENER] = &channel_pre_listener;
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_pre[SSH_CHANNEL_UNIX_LISTENER] = &channel_pre_listener;
|
|
|
|
|
channel_pre[SSH_CHANNEL_RUNIX_LISTENER] = &channel_pre_listener;
|
2000-04-30 02:00:53 +02:00
|
|
|
channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
|
2000-11-13 12:57:25 +01:00
|
|
|
channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
|
2000-12-06 02:42:49 +01:00
|
|
|
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
|
2001-04-08 20:30:26 +02:00
|
|
|
channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
|
2010-01-26 03:26:22 +01:00
|
|
|
channel_pre[SSH_CHANNEL_MUX_LISTENER] = &channel_pre_listener;
|
|
|
|
|
channel_pre[SSH_CHANNEL_MUX_CLIENT] = &channel_pre_mux_client;
|
2000-04-04 06:38:59 +02:00
|
|
|
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open;
|
2000-04-04 06:38:59 +02:00
|
|
|
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
|
2000-11-13 12:57:25 +01:00
|
|
|
channel_post[SSH_CHANNEL_RPORT_LISTENER] = &channel_post_port_listener;
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_post[SSH_CHANNEL_UNIX_LISTENER] = &channel_post_port_listener;
|
|
|
|
|
channel_post[SSH_CHANNEL_RUNIX_LISTENER] = &channel_post_port_listener;
|
2000-04-30 02:00:53 +02:00
|
|
|
channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
|
2000-11-13 12:57:25 +01:00
|
|
|
channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
|
2000-12-06 02:42:49 +01:00
|
|
|
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open;
|
2010-01-26 03:26:22 +01:00
|
|
|
channel_post[SSH_CHANNEL_MUX_LISTENER] = &channel_post_mux_listener;
|
|
|
|
|
channel_post[SSH_CHANNEL_MUX_CLIENT] = &channel_post_mux_client;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-04-01 03:09:21 +02:00
|
|
|
channel_handler_init_13(void)
|
|
|
|
|
{
|
|
|
|
|
channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open_13;
|
|
|
|
|
channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open_13;
|
|
|
|
|
channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
|
|
|
|
|
channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
|
|
|
|
|
channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
|
|
|
|
|
channel_pre[SSH_CHANNEL_INPUT_DRAINING] = &channel_pre_input_draining;
|
|
|
|
|
channel_pre[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_pre_output_draining;
|
2000-12-06 02:42:49 +01:00
|
|
|
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
|
2001-04-08 20:30:26 +02:00
|
|
|
channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open;
|
2000-04-01 03:09:21 +02:00
|
|
|
channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
|
|
|
|
|
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
|
|
|
|
|
channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
|
|
|
|
|
channel_post[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_post_output_drain_13;
|
2000-12-06 02:42:49 +01:00
|
|
|
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-04-01 03:09:21 +02:00
|
|
|
channel_handler_init_15(void)
|
|
|
|
|
{
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open;
|
2000-04-30 02:00:53 +02:00
|
|
|
channel_pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open;
|
2000-04-01 03:09:21 +02:00
|
|
|
channel_pre[SSH_CHANNEL_X11_LISTENER] = &channel_pre_listener;
|
|
|
|
|
channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
|
|
|
|
|
channel_pre[SSH_CHANNEL_AUTH_SOCKET] = &channel_pre_listener;
|
2000-12-06 02:42:49 +01:00
|
|
|
channel_pre[SSH_CHANNEL_CONNECTING] = &channel_pre_connecting;
|
2001-04-08 20:30:26 +02:00
|
|
|
channel_pre[SSH_CHANNEL_DYNAMIC] = &channel_pre_dynamic;
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
|
|
|
|
|
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
|
|
|
|
|
channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open;
|
2000-12-06 02:42:49 +01:00
|
|
|
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
|
2002-01-22 13:20:40 +01:00
|
|
|
channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-04-01 03:09:21 +02:00
|
|
|
channel_handler_init(void)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-12-21 04:45:46 +01:00
|
|
|
for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
|
2000-04-01 03:09:21 +02:00
|
|
|
channel_pre[i] = NULL;
|
|
|
|
|
channel_post[i] = NULL;
|
|
|
|
|
}
|
2000-04-04 06:38:59 +02:00
|
|
|
if (compat20)
|
|
|
|
|
channel_handler_init_20();
|
|
|
|
|
else if (compat13)
|
2000-04-01 03:09:21 +02:00
|
|
|
channel_handler_init_13();
|
|
|
|
|
else
|
|
|
|
|
channel_handler_init_15();
|
|
|
|
|
}
|
|
|
|
|
|
2001-10-12 03:35:04 +02:00
|
|
|
/* gc dead channels */
|
|
|
|
|
static void
|
|
|
|
|
channel_garbage_collect(Channel *c)
|
|
|
|
|
{
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
return;
|
|
|
|
|
if (c->detach_user != NULL) {
|
2005-11-05 04:52:50 +01:00
|
|
|
if (!chan_is_dead(c, c->detach_close))
|
2001-10-12 03:35:04 +02:00
|
|
|
return;
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: gc: notify user", c->self);
|
2001-10-12 03:35:04 +02:00
|
|
|
c->detach_user(c->self, NULL);
|
|
|
|
|
/* if we still have a callback */
|
|
|
|
|
if (c->detach_user != NULL)
|
|
|
|
|
return;
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: gc: user detached", c->self);
|
2001-10-12 03:35:04 +02:00
|
|
|
}
|
|
|
|
|
if (!chan_is_dead(c, 1))
|
|
|
|
|
return;
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: garbage collecting", c->self);
|
2001-10-12 03:35:04 +02:00
|
|
|
channel_free(c);
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2012-04-22 03:21:10 +02:00
|
|
|
channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset,
|
|
|
|
|
time_t *unpause_secs)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
static int did_init = 0;
|
2010-01-08 07:08:00 +01:00
|
|
|
u_int i, oalloc;
|
2000-04-01 03:09:21 +02:00
|
|
|
Channel *c;
|
2012-04-22 03:21:10 +02:00
|
|
|
time_t now;
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
if (!did_init) {
|
|
|
|
|
channel_handler_init();
|
|
|
|
|
did_init = 1;
|
|
|
|
|
}
|
2013-06-01 23:46:16 +02:00
|
|
|
now = monotime();
|
2012-04-22 03:21:10 +02:00
|
|
|
if (unpause_secs != NULL)
|
|
|
|
|
*unpause_secs = 0;
|
2010-01-08 07:08:00 +01:00
|
|
|
for (i = 0, oalloc = channels_alloc; i < oalloc; i++) {
|
2001-05-05 06:09:47 +02:00
|
|
|
c = channels[i];
|
|
|
|
|
if (c == NULL)
|
1999-11-24 14:26:21 +01:00
|
|
|
continue;
|
2010-01-08 07:08:00 +01:00
|
|
|
if (c->delayed) {
|
|
|
|
|
if (ftab == channel_pre)
|
|
|
|
|
c->delayed = 0;
|
|
|
|
|
else
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2012-04-22 03:21:10 +02:00
|
|
|
if (ftab[c->type] != NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* Run handlers that are not paused.
|
|
|
|
|
*/
|
|
|
|
|
if (c->notbefore <= now)
|
|
|
|
|
(*ftab[c->type])(c, readset, writeset);
|
|
|
|
|
else if (unpause_secs != NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* Collect the time that the earliest
|
|
|
|
|
* channel comes off pause.
|
|
|
|
|
*/
|
|
|
|
|
debug3("%s: chan %d: skip for %d more seconds",
|
|
|
|
|
__func__, c->self,
|
|
|
|
|
(int)(c->notbefore - now));
|
|
|
|
|
if (*unpause_secs == 0 ||
|
|
|
|
|
(c->notbefore - now) < *unpause_secs)
|
|
|
|
|
*unpause_secs = c->notbefore - now;
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-10-12 03:35:04 +02:00
|
|
|
channel_garbage_collect(c);
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
2012-04-22 03:21:10 +02:00
|
|
|
if (unpause_secs != NULL && *unpause_secs != 0)
|
|
|
|
|
debug3("%s: first channel unpauses in %d seconds",
|
|
|
|
|
__func__, (int)*unpause_secs);
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/*
|
|
|
|
|
* Allocate/update select bitmasks and add any bits relevant to channels in
|
|
|
|
|
* select bitmasks.
|
|
|
|
|
*/
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2001-04-05 01:46:07 +02:00
|
|
|
channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
|
2012-04-23 10:21:05 +02:00
|
|
|
u_int *nallocp, time_t *minwait_secs, int rekeying)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2006-03-26 05:22:47 +02:00
|
|
|
u_int n, sz, nfdset;
|
2001-01-29 23:14:00 +01:00
|
|
|
|
2016-09-12 03:22:38 +02:00
|
|
|
n = MAXIMUM(*maxfdp, channel_max_fd);
|
2001-01-29 23:14:00 +01:00
|
|
|
|
2006-03-26 05:22:47 +02:00
|
|
|
nfdset = howmany(n+1, NFDBITS);
|
|
|
|
|
/* Explicitly test here, because xrealloc isn't always called */
|
2015-02-07 00:21:59 +01:00
|
|
|
if (nfdset && SIZE_MAX / nfdset < sizeof(fd_mask))
|
2006-03-26 05:22:47 +02:00
|
|
|
fatal("channel_prepare_select: max_fd (%d) is too large", n);
|
|
|
|
|
sz = nfdset * sizeof(fd_mask);
|
|
|
|
|
|
2001-07-18 18:01:46 +02:00
|
|
|
/* perhaps check sz < nalloc/2 and shrink? */
|
|
|
|
|
if (*readsetp == NULL || sz > *nallocp) {
|
2015-04-24 03:36:00 +02:00
|
|
|
*readsetp = xreallocarray(*readsetp, nfdset, sizeof(fd_mask));
|
|
|
|
|
*writesetp = xreallocarray(*writesetp, nfdset, sizeof(fd_mask));
|
2001-07-18 18:01:46 +02:00
|
|
|
*nallocp = sz;
|
2001-01-29 23:14:00 +01:00
|
|
|
}
|
2001-07-18 18:01:46 +02:00
|
|
|
*maxfdp = n;
|
2001-01-29 23:14:00 +01:00
|
|
|
memset(*readsetp, 0, sz);
|
|
|
|
|
memset(*writesetp, 0, sz);
|
|
|
|
|
|
2001-04-05 01:46:07 +02:00
|
|
|
if (!rekeying)
|
2012-04-22 03:21:10 +02:00
|
|
|
channel_handler(channel_pre, *readsetp, *writesetp,
|
|
|
|
|
minwait_secs);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/*
|
|
|
|
|
* After select, perform any appropriate operations for channels which have
|
|
|
|
|
* events pending.
|
|
|
|
|
*/
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2006-03-26 04:57:41 +02:00
|
|
|
channel_after_select(fd_set *readset, fd_set *writeset)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2012-04-22 03:21:10 +02:00
|
|
|
channel_handler(channel_post, readset, writeset, NULL);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
|
2001-01-29 23:14:00 +01:00
|
|
|
/* If there is data to send to the connection, enqueue some of it now. */
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2001-12-06 18:55:26 +01:00
|
|
|
channel_output_poll(void)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-04-01 03:09:21 +02:00
|
|
|
Channel *c;
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i, len;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
2001-05-05 06:09:47 +02:00
|
|
|
c = channels[i];
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
continue;
|
2000-01-14 05:45:46 +01:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/*
|
|
|
|
|
* We are only interested in channels that can have buffered
|
|
|
|
|
* incoming data.
|
|
|
|
|
*/
|
2000-01-14 05:45:46 +01:00
|
|
|
if (compat13) {
|
2000-04-01 03:09:21 +02:00
|
|
|
if (c->type != SSH_CHANNEL_OPEN &&
|
|
|
|
|
c->type != SSH_CHANNEL_INPUT_DRAINING)
|
2000-01-14 05:45:46 +01:00
|
|
|
continue;
|
|
|
|
|
} else {
|
2000-04-01 03:09:21 +02:00
|
|
|
if (c->type != SSH_CHANNEL_OPEN)
|
2000-01-14 05:45:46 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
2000-04-12 10:45:05 +02:00
|
|
|
if (compat20 &&
|
|
|
|
|
(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD))) {
|
2001-03-05 07:16:11 +01:00
|
|
|
/* XXX is this true? */
|
2001-10-12 03:35:04 +02:00
|
|
|
debug3("channel %d: will not send data after close", c->self);
|
2000-04-04 06:38:59 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* Get the amount of buffered data for this channel. */
|
2001-03-05 07:16:11 +01:00
|
|
|
if ((c->istate == CHAN_INPUT_OPEN ||
|
|
|
|
|
c->istate == CHAN_INPUT_WAIT_DRAIN) &&
|
|
|
|
|
(len = buffer_len(&c->input)) > 0) {
|
2005-12-13 09:29:02 +01:00
|
|
|
if (c->datagram) {
|
|
|
|
|
if (len > 0) {
|
|
|
|
|
u_char *data;
|
|
|
|
|
u_int dlen;
|
|
|
|
|
|
|
|
|
|
data = buffer_get_string(&c->input,
|
|
|
|
|
&dlen);
|
2010-08-05 15:09:48 +02:00
|
|
|
if (dlen > c->remote_window ||
|
|
|
|
|
dlen > c->remote_maxpacket) {
|
|
|
|
|
debug("channel %d: datagram "
|
|
|
|
|
"too big for channel",
|
|
|
|
|
c->self);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(data);
|
2010-08-05 15:09:48 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2005-12-13 09:29:02 +01:00
|
|
|
packet_start(SSH2_MSG_CHANNEL_DATA);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_string(data, dlen);
|
|
|
|
|
packet_send();
|
2015-06-30 07:23:25 +02:00
|
|
|
c->remote_window -= dlen;
|
2013-06-01 23:31:17 +02:00
|
|
|
free(data);
|
2005-12-13 09:29:02 +01:00
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2001-06-09 02:41:05 +02:00
|
|
|
/*
|
|
|
|
|
* Send some data for the other side over the secure
|
|
|
|
|
* connection.
|
|
|
|
|
*/
|
2000-04-04 06:38:59 +02:00
|
|
|
if (compat20) {
|
|
|
|
|
if (len > c->remote_window)
|
|
|
|
|
len = c->remote_window;
|
|
|
|
|
if (len > c->remote_maxpacket)
|
|
|
|
|
len = c->remote_maxpacket;
|
1999-11-24 14:26:21 +01:00
|
|
|
} else {
|
2000-04-04 06:38:59 +02:00
|
|
|
if (packet_is_interactive()) {
|
|
|
|
|
if (len > 1024)
|
|
|
|
|
len = 512;
|
|
|
|
|
} else {
|
|
|
|
|
/* Keep the packets at reasonable size. */
|
|
|
|
|
if (len > packet_get_maxsize()/2)
|
|
|
|
|
len = packet_get_maxsize()/2;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
if (len > 0) {
|
2000-04-04 06:38:59 +02:00
|
|
|
packet_start(compat20 ?
|
|
|
|
|
SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
|
2000-04-01 03:09:21 +02:00
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_string(buffer_ptr(&c->input), len);
|
|
|
|
|
packet_send();
|
|
|
|
|
buffer_consume(&c->input, len);
|
|
|
|
|
c->remote_window -= len;
|
|
|
|
|
}
|
|
|
|
|
} else if (c->istate == CHAN_INPUT_WAIT_DRAIN) {
|
1999-11-24 14:26:21 +01:00
|
|
|
if (compat13)
|
|
|
|
|
fatal("cannot happen: istate == INPUT_WAIT_DRAIN for proto 1.3");
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* input-buffer is empty and read-socket shutdown:
|
2002-03-26 04:26:24 +01:00
|
|
|
* tell peer, that we will not send more data: send IEOF.
|
|
|
|
|
* hack for extended data: delay EOF if EFD still in use.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2002-03-26 04:26:24 +01:00
|
|
|
if (CHANNEL_EFD_INPUT_ACTIVE(c))
|
2005-07-17 09:22:45 +02:00
|
|
|
debug2("channel %d: ibuf_empty delayed efd %d/(%d)",
|
|
|
|
|
c->self, c->efd, buffer_len(&c->extended));
|
2002-03-26 04:26:24 +01:00
|
|
|
else
|
|
|
|
|
chan_ibuf_empty(c);
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2000-04-04 06:38:59 +02:00
|
|
|
/* Send extended data, i.e. stderr */
|
|
|
|
|
if (compat20 &&
|
2002-03-26 04:26:24 +01:00
|
|
|
!(c->flags & CHAN_EOF_SENT) &&
|
2000-04-04 06:38:59 +02:00
|
|
|
c->remote_window > 0 &&
|
|
|
|
|
(len = buffer_len(&c->extended)) > 0 &&
|
|
|
|
|
c->extended_usage == CHAN_EXTENDED_READ) {
|
2002-06-26 01:17:36 +02:00
|
|
|
debug2("channel %d: rwin %u elen %u euse %d",
|
2001-03-05 07:16:11 +01:00
|
|
|
c->self, c->remote_window, buffer_len(&c->extended),
|
|
|
|
|
c->extended_usage);
|
2000-04-04 06:38:59 +02:00
|
|
|
if (len > c->remote_window)
|
|
|
|
|
len = c->remote_window;
|
|
|
|
|
if (len > c->remote_maxpacket)
|
|
|
|
|
len = c->remote_maxpacket;
|
|
|
|
|
packet_start(SSH2_MSG_CHANNEL_EXTENDED_DATA);
|
|
|
|
|
packet_put_int(c->remote_id);
|
|
|
|
|
packet_put_int(SSH2_EXTENDED_DATA_STDERR);
|
|
|
|
|
packet_put_string(buffer_ptr(&c->extended), len);
|
|
|
|
|
packet_send();
|
|
|
|
|
buffer_consume(&c->extended, len);
|
|
|
|
|
c->remote_window -= len;
|
2001-03-05 07:16:11 +01:00
|
|
|
debug2("channel %d: sent ext data %d", c->self, len);
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-30 11:19:13 +02:00
|
|
|
/* -- mux proxy support */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When multiplexing channel messages for mux clients we have to deal
|
|
|
|
|
* with downstream messages from the mux client and upstream messages
|
|
|
|
|
* from the ssh server:
|
|
|
|
|
* 1) Handling downstream messages is straightforward and happens
|
|
|
|
|
* in channel_proxy_downstream():
|
|
|
|
|
* - We forward all messages (mostly) unmodified to the server.
|
|
|
|
|
* - However, in order to route messages from upstream to the correct
|
|
|
|
|
* downstream client, we have to replace the channel IDs used by the
|
|
|
|
|
* mux clients with a unique channel ID because the mux clients might
|
|
|
|
|
* use conflicting channel IDs.
|
|
|
|
|
* - so we inspect and change both SSH2_MSG_CHANNEL_OPEN and
|
|
|
|
|
* SSH2_MSG_CHANNEL_OPEN_CONFIRMATION messages, create a local
|
|
|
|
|
* SSH_CHANNEL_MUX_PROXY channel and replace the mux clients ID
|
|
|
|
|
* with the newly allocated channel ID.
|
|
|
|
|
* 2) Upstream messages are received by matching SSH_CHANNEL_MUX_PROXY
|
|
|
|
|
* channels and procesed by channel_proxy_upstream(). The local channel ID
|
|
|
|
|
* is then translated back to the original mux client ID.
|
|
|
|
|
* 3) In both cases we need to keep track of matching SSH2_MSG_CHANNEL_CLOSE
|
|
|
|
|
* messages so we can clean up SSH_CHANNEL_MUX_PROXY channels.
|
|
|
|
|
* 4) The SSH_CHANNEL_MUX_PROXY channels also need to closed when the
|
|
|
|
|
* downstream mux client are removed.
|
|
|
|
|
* 5) Handling SSH2_MSG_CHANNEL_OPEN messages from the upstream server
|
|
|
|
|
* requires more work, because they are not addressed to a specific
|
|
|
|
|
* channel. E.g. client_request_forwarded_tcpip() needs to figure
|
|
|
|
|
* out whether the request is addressed to the local client or a
|
|
|
|
|
* specific downstream client based on the listen-address/port.
|
|
|
|
|
* 6) Agent and X11-Forwarding have a similar problem and are currenly
|
|
|
|
|
* not supported as the matching session/channel cannot be identified
|
|
|
|
|
* easily.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* receive packets from downstream mux clients:
|
|
|
|
|
* channel callback fired on read from mux client, creates
|
|
|
|
|
* SSH_CHANNEL_MUX_PROXY channels and translates channel IDs
|
|
|
|
|
* on channel creation.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
channel_proxy_downstream(Channel *downstream)
|
|
|
|
|
{
|
|
|
|
|
Channel *c = NULL;
|
|
|
|
|
struct ssh *ssh = active_state;
|
|
|
|
|
struct sshbuf *original = NULL, *modified = NULL;
|
|
|
|
|
const u_char *cp;
|
|
|
|
|
char *ctype = NULL, *listen_host = NULL;
|
|
|
|
|
u_char type;
|
|
|
|
|
size_t have;
|
2016-09-30 22:24:46 +02:00
|
|
|
int ret = -1, r, idx;
|
|
|
|
|
u_int id, remote_id, listen_port;
|
2016-09-30 11:19:13 +02:00
|
|
|
|
|
|
|
|
/* sshbuf_dump(&downstream->input, stderr); */
|
|
|
|
|
if ((r = sshbuf_get_string_direct(&downstream->input, &cp, &have))
|
|
|
|
|
!= 0) {
|
|
|
|
|
error("%s: malformed message: %s", __func__, ssh_err(r));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (have < 2) {
|
|
|
|
|
error("%s: short message", __func__);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
type = cp[1];
|
|
|
|
|
/* skip padlen + type */
|
|
|
|
|
cp += 2;
|
|
|
|
|
have -= 2;
|
|
|
|
|
if (ssh_packet_log_type(type))
|
|
|
|
|
debug3("%s: channel %u: down->up: type %u", __func__,
|
|
|
|
|
downstream->self, type);
|
|
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
case SSH2_MSG_CHANNEL_OPEN:
|
|
|
|
|
if ((original = sshbuf_from(cp, have)) == NULL ||
|
|
|
|
|
(modified = sshbuf_new()) == NULL) {
|
|
|
|
|
error("%s: alloc", __func__);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0 ||
|
|
|
|
|
(r = sshbuf_get_u32(original, &id)) != 0) {
|
|
|
|
|
error("%s: parse error %s", __func__, ssh_err(r));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
c = channel_new("mux proxy", SSH_CHANNEL_MUX_PROXY,
|
|
|
|
|
-1, -1, -1, 0, 0, 0, ctype, 1);
|
|
|
|
|
c->mux_ctx = downstream; /* point to mux client */
|
|
|
|
|
c->mux_downstream_id = id; /* original downstream id */
|
|
|
|
|
if ((r = sshbuf_put_cstring(modified, ctype)) != 0 ||
|
|
|
|
|
(r = sshbuf_put_u32(modified, c->self)) != 0 ||
|
|
|
|
|
(r = sshbuf_putb(modified, original)) != 0) {
|
|
|
|
|
error("%s: compose error %s", __func__, ssh_err(r));
|
|
|
|
|
channel_free(c);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
|
|
|
|
|
/*
|
|
|
|
|
* Almost the same as SSH2_MSG_CHANNEL_OPEN, except then we
|
|
|
|
|
* need to parse 'remote_id' instead of 'ctype'.
|
|
|
|
|
*/
|
|
|
|
|
if ((original = sshbuf_from(cp, have)) == NULL ||
|
|
|
|
|
(modified = sshbuf_new()) == NULL) {
|
|
|
|
|
error("%s: alloc", __func__);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if ((r = sshbuf_get_u32(original, &remote_id)) != 0 ||
|
|
|
|
|
(r = sshbuf_get_u32(original, &id)) != 0) {
|
|
|
|
|
error("%s: parse error %s", __func__, ssh_err(r));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
c = channel_new("mux proxy", SSH_CHANNEL_MUX_PROXY,
|
|
|
|
|
-1, -1, -1, 0, 0, 0, "mux-down-connect", 1);
|
|
|
|
|
c->mux_ctx = downstream; /* point to mux client */
|
|
|
|
|
c->mux_downstream_id = id;
|
|
|
|
|
c->remote_id = remote_id;
|
|
|
|
|
if ((r = sshbuf_put_u32(modified, remote_id)) != 0 ||
|
|
|
|
|
(r = sshbuf_put_u32(modified, c->self)) != 0 ||
|
|
|
|
|
(r = sshbuf_putb(modified, original)) != 0) {
|
|
|
|
|
error("%s: compose error %s", __func__, ssh_err(r));
|
|
|
|
|
channel_free(c);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case SSH2_MSG_GLOBAL_REQUEST:
|
|
|
|
|
if ((original = sshbuf_from(cp, have)) == NULL) {
|
|
|
|
|
error("%s: alloc", __func__);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0) {
|
|
|
|
|
error("%s: parse error %s", __func__, ssh_err(r));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(ctype, "tcpip-forward") != 0) {
|
|
|
|
|
error("%s: unsupported request %s", __func__, ctype);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if ((r = sshbuf_get_u8(original, NULL)) != 0 ||
|
|
|
|
|
(r = sshbuf_get_cstring(original, &listen_host, NULL)) != 0 ||
|
|
|
|
|
(r = sshbuf_get_u32(original, &listen_port)) != 0) {
|
|
|
|
|
error("%s: parse error %s", __func__, ssh_err(r));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2016-09-30 22:24:46 +02:00
|
|
|
if (listen_port > 65535) {
|
|
|
|
|
error("%s: tcpip-forward for %s: bad port %u",
|
|
|
|
|
__func__, listen_host, listen_port);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2016-09-30 11:19:13 +02:00
|
|
|
/* Record that connection to this host/port is permitted. */
|
|
|
|
|
permitted_opens = xreallocarray(permitted_opens,
|
|
|
|
|
num_permitted_opens + 1, sizeof(*permitted_opens));
|
|
|
|
|
idx = num_permitted_opens++;
|
|
|
|
|
permitted_opens[idx].host_to_connect = xstrdup("<mux>");
|
|
|
|
|
permitted_opens[idx].port_to_connect = -1;
|
|
|
|
|
permitted_opens[idx].listen_host = listen_host;
|
2016-09-30 22:24:46 +02:00
|
|
|
permitted_opens[idx].listen_port = (int)listen_port;
|
2016-09-30 11:19:13 +02:00
|
|
|
permitted_opens[idx].downstream = downstream;
|
|
|
|
|
listen_host = NULL;
|
|
|
|
|
break;
|
|
|
|
|
case SSH2_MSG_CHANNEL_CLOSE:
|
|
|
|
|
if (have < 4)
|
|
|
|
|
break;
|
|
|
|
|
remote_id = PEEK_U32(cp);
|
|
|
|
|
if ((c = channel_by_remote_id(remote_id)) != NULL) {
|
|
|
|
|
if (c->flags & CHAN_CLOSE_RCVD)
|
|
|
|
|
channel_free(c);
|
|
|
|
|
else
|
|
|
|
|
c->flags |= CHAN_CLOSE_SENT;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (modified) {
|
|
|
|
|
if ((r = sshpkt_start(ssh, type)) != 0 ||
|
|
|
|
|
(r = sshpkt_putb(ssh, modified)) != 0 ||
|
|
|
|
|
(r = sshpkt_send(ssh)) != 0) {
|
|
|
|
|
error("%s: send %s", __func__, ssh_err(r));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if ((r = sshpkt_start(ssh, type)) != 0 ||
|
|
|
|
|
(r = sshpkt_put(ssh, cp, have)) != 0 ||
|
|
|
|
|
(r = sshpkt_send(ssh)) != 0) {
|
|
|
|
|
error("%s: send %s", __func__, ssh_err(r));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ret = 0;
|
|
|
|
|
out:
|
|
|
|
|
free(ctype);
|
|
|
|
|
free(listen_host);
|
|
|
|
|
sshbuf_free(original);
|
|
|
|
|
sshbuf_free(modified);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* receive packets from upstream server and de-multiplex packets
|
|
|
|
|
* to correct downstream:
|
|
|
|
|
* implemented as a helper for channel input handlers,
|
|
|
|
|
* replaces local (proxy) channel ID with downstream channel ID.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
channel_proxy_upstream(Channel *c, int type, u_int32_t seq, void *ctxt)
|
|
|
|
|
{
|
|
|
|
|
struct ssh *ssh = active_state;
|
|
|
|
|
struct sshbuf *b = NULL;
|
|
|
|
|
Channel *downstream;
|
|
|
|
|
const u_char *cp = NULL;
|
|
|
|
|
size_t len;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When receiving packets from the peer we need to check whether we
|
|
|
|
|
* need to forward the packets to the mux client. In this case we
|
|
|
|
|
* restore the orignal channel id and keep track of CLOSE messages,
|
|
|
|
|
* so we can cleanup the channel.
|
|
|
|
|
*/
|
|
|
|
|
if (c == NULL || c->type != SSH_CHANNEL_MUX_PROXY)
|
|
|
|
|
return 0;
|
|
|
|
|
if ((downstream = c->mux_ctx) == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
switch (type) {
|
|
|
|
|
case SSH2_MSG_CHANNEL_CLOSE:
|
|
|
|
|
case SSH2_MSG_CHANNEL_DATA:
|
|
|
|
|
case SSH2_MSG_CHANNEL_EOF:
|
|
|
|
|
case SSH2_MSG_CHANNEL_EXTENDED_DATA:
|
|
|
|
|
case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
|
|
|
|
|
case SSH2_MSG_CHANNEL_OPEN_FAILURE:
|
|
|
|
|
case SSH2_MSG_CHANNEL_WINDOW_ADJUST:
|
|
|
|
|
case SSH2_MSG_CHANNEL_SUCCESS:
|
|
|
|
|
case SSH2_MSG_CHANNEL_FAILURE:
|
|
|
|
|
case SSH2_MSG_CHANNEL_REQUEST:
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
debug2("%s: channel %u: unsupported type %u", __func__,
|
|
|
|
|
c->self, type);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if ((b = sshbuf_new()) == NULL) {
|
|
|
|
|
error("%s: alloc reply", __func__);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
/* get remaining payload (after id) */
|
|
|
|
|
cp = sshpkt_ptr(ssh, &len);
|
|
|
|
|
if (cp == NULL) {
|
|
|
|
|
error("%s: no packet", __func__);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
/* translate id and send to muxclient */
|
|
|
|
|
if ((r = sshbuf_put_u8(b, 0)) != 0 || /* padlen */
|
|
|
|
|
(r = sshbuf_put_u8(b, type)) != 0 ||
|
|
|
|
|
(r = sshbuf_put_u32(b, c->mux_downstream_id)) != 0 ||
|
|
|
|
|
(r = sshbuf_put(b, cp, len)) != 0 ||
|
|
|
|
|
(r = sshbuf_put_stringb(&downstream->output, b)) != 0) {
|
|
|
|
|
error("%s: compose for muxclient %s", __func__, ssh_err(r));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
/* sshbuf_dump(b, stderr); */
|
|
|
|
|
if (ssh_packet_log_type(type))
|
|
|
|
|
debug3("%s: channel %u: up->down: type %u", __func__, c->self,
|
|
|
|
|
type);
|
|
|
|
|
out:
|
|
|
|
|
/* update state */
|
|
|
|
|
switch (type) {
|
|
|
|
|
case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
|
|
|
|
|
/* record remote_id for SSH2_MSG_CHANNEL_CLOSE */
|
|
|
|
|
if (cp && len > 4)
|
|
|
|
|
c->remote_id = PEEK_U32(cp);
|
|
|
|
|
break;
|
|
|
|
|
case SSH2_MSG_CHANNEL_CLOSE:
|
|
|
|
|
if (c->flags & CHAN_CLOSE_SENT)
|
|
|
|
|
channel_free(c);
|
|
|
|
|
else
|
|
|
|
|
c->flags |= CHAN_CLOSE_RCVD;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
sshbuf_free(b);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
/* -- protocol input */
|
2006-03-31 14:11:44 +02:00
|
|
|
|
|
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_data(int type, u_int32_t seq, void *ctxt)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-01-14 05:45:46 +01:00
|
|
|
int id;
|
2014-05-15 05:48:26 +02:00
|
|
|
const u_char *data;
|
2010-08-05 15:09:48 +02:00
|
|
|
u_int data_len, win_len;
|
2000-04-01 03:09:21 +02:00
|
|
|
Channel *c;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* Get the channel number and verify it. */
|
2000-01-14 05:45:46 +01:00
|
|
|
id = packet_get_int();
|
2000-04-01 03:09:21 +02:00
|
|
|
c = channel_lookup(id);
|
|
|
|
|
if (c == NULL)
|
2000-01-14 05:45:46 +01:00
|
|
|
packet_disconnect("Received data for nonexistent channel %d.", id);
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* Ignore any data for non-open channels (might happen on close) */
|
2000-04-01 03:09:21 +02:00
|
|
|
if (c->type != SSH_CHANNEL_OPEN &&
|
|
|
|
|
c->type != SSH_CHANNEL_X11_OPEN)
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-01-14 05:45:46 +01:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
/* Get the data. */
|
2008-05-19 06:59:37 +02:00
|
|
|
data = packet_get_string_ptr(&data_len);
|
2010-08-05 15:09:48 +02:00
|
|
|
win_len = data_len;
|
|
|
|
|
if (c->datagram)
|
|
|
|
|
win_len += 4; /* string length header */
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2004-01-21 01:02:09 +01:00
|
|
|
/*
|
|
|
|
|
* Ignore data for protocol > 1.3 if output end is no longer open.
|
|
|
|
|
* For protocol 2 the sending side is reducing its window as it sends
|
|
|
|
|
* data, so we must 'fake' consumption of the data in order to ensure
|
|
|
|
|
* that window updates are sent back. Otherwise the connection might
|
|
|
|
|
* deadlock.
|
|
|
|
|
*/
|
|
|
|
|
if (!compat13 && c->ostate != CHAN_OUTPUT_OPEN) {
|
|
|
|
|
if (compat20) {
|
2010-08-05 15:09:48 +02:00
|
|
|
c->local_window -= win_len;
|
|
|
|
|
c->local_consumed += win_len;
|
2004-01-21 01:02:09 +01:00
|
|
|
}
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2004-01-21 01:02:09 +01:00
|
|
|
}
|
|
|
|
|
|
2001-12-06 19:00:18 +01:00
|
|
|
if (compat20) {
|
2010-08-05 15:09:48 +02:00
|
|
|
if (win_len > c->local_maxpacket) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel %d: rcvd big packet %d, maxpack %d",
|
2010-08-05 15:09:48 +02:00
|
|
|
c->self, win_len, c->local_maxpacket);
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2010-08-05 15:09:48 +02:00
|
|
|
if (win_len > c->local_window) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel %d: rcvd too much data %d, win %d",
|
2010-08-05 15:09:48 +02:00
|
|
|
c->self, win_len, c->local_window);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2010-08-05 15:09:48 +02:00
|
|
|
c->local_window -= win_len;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2005-12-13 09:29:02 +01:00
|
|
|
if (c->datagram)
|
|
|
|
|
buffer_put_string(&c->output, data, data_len);
|
|
|
|
|
else
|
|
|
|
|
buffer_append(&c->output, data, data_len);
|
2008-05-19 06:59:37 +02:00
|
|
|
packet_check_eom();
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
2001-06-09 02:41:05 +02:00
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
|
2000-04-04 06:38:59 +02:00
|
|
|
{
|
|
|
|
|
int id;
|
|
|
|
|
char *data;
|
2002-06-26 01:15:30 +02:00
|
|
|
u_int data_len, tcode;
|
2000-04-04 06:38:59 +02:00
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
/* Get the channel number and verify it. */
|
|
|
|
|
id = packet_get_int();
|
|
|
|
|
c = channel_lookup(id);
|
|
|
|
|
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
packet_disconnect("Received extended_data for bad channel %d.", id);
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
2000-04-04 06:38:59 +02:00
|
|
|
if (c->type != SSH_CHANNEL_OPEN) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel %d: ext data for non open", id);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2002-03-26 04:26:24 +01:00
|
|
|
if (c->flags & CHAN_EOF_RCVD) {
|
|
|
|
|
if (datafellows & SSH_BUG_EXTEOF)
|
|
|
|
|
debug("channel %d: accepting ext data after eof", id);
|
|
|
|
|
else
|
|
|
|
|
packet_disconnect("Received extended_data after EOF "
|
|
|
|
|
"on channel %d.", id);
|
|
|
|
|
}
|
2000-04-04 06:38:59 +02:00
|
|
|
tcode = packet_get_int();
|
|
|
|
|
if (c->efd == -1 ||
|
|
|
|
|
c->extended_usage != CHAN_EXTENDED_WRITE ||
|
|
|
|
|
tcode != SSH2_EXTENDED_DATA_STDERR) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel %d: bad ext data", c->self);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
|
|
|
|
data = packet_get_string(&data_len);
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2000-04-04 06:38:59 +02:00
|
|
|
if (data_len > c->local_window) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel %d: rcvd too much extended_data %d, win %d",
|
2000-04-04 06:38:59 +02:00
|
|
|
c->self, data_len, c->local_window);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(data);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2000-09-30 05:20:03 +02:00
|
|
|
debug2("channel %d: rcvd ext data %d", c->self, data_len);
|
2000-04-04 06:38:59 +02:00
|
|
|
c->local_window -= data_len;
|
|
|
|
|
buffer_append(&c->extended, data, data_len);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(data);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
|
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_ieof(int type, u_int32_t seq, void *ctxt)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
int id;
|
|
|
|
|
Channel *c;
|
|
|
|
|
|
|
|
|
|
id = packet_get_int();
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2000-04-01 03:09:21 +02:00
|
|
|
c = channel_lookup(id);
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
packet_disconnect("Received ieof for nonexistent channel %d.", id);
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
chan_rcvd_ieof(c);
|
2001-09-18 07:51:13 +02:00
|
|
|
|
|
|
|
|
/* XXX force input close */
|
2002-01-22 13:19:38 +01:00
|
|
|
if (c->force_drain && c->istate == CHAN_INPUT_OPEN) {
|
2001-09-18 07:51:13 +02:00
|
|
|
debug("channel %d: FORCE input drain", c->self);
|
|
|
|
|
c->istate = CHAN_INPUT_WAIT_DRAIN;
|
2002-01-22 13:34:52 +01:00
|
|
|
if (buffer_len(&c->input) == 0)
|
|
|
|
|
chan_ibuf_empty(c);
|
2001-09-18 07:51:13 +02:00
|
|
|
}
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_close(int type, u_int32_t seq, void *ctxt)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-04-01 03:09:21 +02:00
|
|
|
int id;
|
|
|
|
|
Channel *c;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
id = packet_get_int();
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2000-04-01 03:09:21 +02:00
|
|
|
c = channel_lookup(id);
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
packet_disconnect("Received close for nonexistent channel %d.", id);
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Send a confirmation that we have closed the channel and no more
|
|
|
|
|
* data is coming for it.
|
|
|
|
|
*/
|
1999-11-24 14:26:21 +01:00
|
|
|
packet_start(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION);
|
2000-04-01 03:09:21 +02:00
|
|
|
packet_put_int(c->remote_id);
|
1999-11-24 14:26:21 +01:00
|
|
|
packet_send();
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* If the channel is in closed state, we have sent a close request,
|
|
|
|
|
* and the other side will eventually respond with a confirmation.
|
|
|
|
|
* Thus, we cannot free the channel here, because then there would be
|
|
|
|
|
* no-one to receive the confirmation. The channel gets freed when
|
|
|
|
|
* the confirmation arrives.
|
|
|
|
|
*/
|
2000-04-01 03:09:21 +02:00
|
|
|
if (c->type != SSH_CHANNEL_CLOSED) {
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Not a closed channel - mark it as draining, which will
|
|
|
|
|
* cause it to be freed later.
|
|
|
|
|
*/
|
2002-01-22 13:21:15 +01:00
|
|
|
buffer_clear(&c->input);
|
2000-04-01 03:09:21 +02:00
|
|
|
c->type = SSH_CHANNEL_OUTPUT_DRAINING;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_oclose(int type, u_int32_t seq, void *ctxt)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-04-01 03:09:21 +02:00
|
|
|
int id = packet_get_int();
|
|
|
|
|
Channel *c = channel_lookup(id);
|
2002-01-22 13:11:38 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
if (c == NULL)
|
|
|
|
|
packet_disconnect("Received oclose for nonexistent channel %d.", id);
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
|
|
|
|
packet_check_eom();
|
2000-04-01 03:09:21 +02:00
|
|
|
chan_rcvd_oclose(c);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
int id = packet_get_int();
|
|
|
|
|
Channel *c = channel_lookup(id);
|
|
|
|
|
|
|
|
|
|
if (c == NULL)
|
|
|
|
|
packet_disconnect("Received close confirmation for "
|
|
|
|
|
"out-of-range channel %d.", id);
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
|
|
|
|
packet_check_eom();
|
2013-06-10 05:07:11 +02:00
|
|
|
if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED)
|
2000-04-01 03:09:21 +02:00
|
|
|
packet_disconnect("Received close confirmation for "
|
|
|
|
|
"non-closed channel %d (type %d).", id, c->type);
|
2001-05-05 06:09:47 +02:00
|
|
|
channel_free(c);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-04-01 03:09:21 +02:00
|
|
|
int id, remote_id;
|
|
|
|
|
Channel *c;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
id = packet_get_int();
|
|
|
|
|
c = channel_lookup(id);
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2016-09-30 11:19:13 +02:00
|
|
|
if (c==NULL)
|
|
|
|
|
packet_disconnect("Received open confirmation for "
|
|
|
|
|
"unknown channel %d.", id);
|
|
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
|
|
|
|
if (c->type != SSH_CHANNEL_OPENING)
|
2000-04-01 03:09:21 +02:00
|
|
|
packet_disconnect("Received open confirmation for "
|
|
|
|
|
"non-opening channel %d.", id);
|
|
|
|
|
remote_id = packet_get_int();
|
1999-11-25 01:54:57 +01:00
|
|
|
/* Record the remote channel number and mark that the channel is now open. */
|
2000-04-01 03:09:21 +02:00
|
|
|
c->remote_id = remote_id;
|
|
|
|
|
c->type = SSH_CHANNEL_OPEN;
|
2000-04-04 06:38:59 +02:00
|
|
|
|
|
|
|
|
if (compat20) {
|
|
|
|
|
c->remote_window = packet_get_int();
|
|
|
|
|
c->remote_maxpacket = packet_get_int();
|
2008-05-19 07:05:07 +02:00
|
|
|
if (c->open_confirm) {
|
2000-09-30 05:20:03 +02:00
|
|
|
debug2("callback start");
|
2010-05-21 06:57:10 +02:00
|
|
|
c->open_confirm(c->self, 1, c->open_confirm_ctx);
|
2000-09-30 05:20:03 +02:00
|
|
|
debug2("callback done");
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
|
2000-04-04 06:38:59 +02:00
|
|
|
c->remote_window, c->remote_maxpacket);
|
|
|
|
|
}
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static char *
|
2001-05-08 22:07:39 +02:00
|
|
|
reason2txt(int reason)
|
|
|
|
|
{
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (reason) {
|
2001-05-08 22:07:39 +02:00
|
|
|
case SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED:
|
|
|
|
|
return "administratively prohibited";
|
|
|
|
|
case SSH2_OPEN_CONNECT_FAILED:
|
|
|
|
|
return "connect failed";
|
|
|
|
|
case SSH2_OPEN_UNKNOWN_CHANNEL_TYPE:
|
|
|
|
|
return "unknown channel type";
|
|
|
|
|
case SSH2_OPEN_RESOURCE_SHORTAGE:
|
|
|
|
|
return "resource shortage";
|
|
|
|
|
}
|
2001-06-05 22:01:39 +02:00
|
|
|
return "unknown reason";
|
2001-05-08 22:07:39 +02:00
|
|
|
}
|
|
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2001-02-05 15:54:34 +01:00
|
|
|
int id, reason;
|
|
|
|
|
char *msg = NULL, *lang = NULL;
|
2000-04-01 03:09:21 +02:00
|
|
|
Channel *c;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
id = packet_get_int();
|
|
|
|
|
c = channel_lookup(id);
|
|
|
|
|
|
2016-09-30 11:19:13 +02:00
|
|
|
if (c==NULL)
|
|
|
|
|
packet_disconnect("Received open failure for "
|
|
|
|
|
"unknown channel %d.", id);
|
|
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
|
|
|
|
if (c->type != SSH_CHANNEL_OPENING)
|
2000-04-01 03:09:21 +02:00
|
|
|
packet_disconnect("Received open failure for "
|
|
|
|
|
"non-opening channel %d.", id);
|
2000-04-04 06:38:59 +02:00
|
|
|
if (compat20) {
|
2001-02-05 15:54:34 +01:00
|
|
|
reason = packet_get_int();
|
2001-04-29 21:52:00 +02:00
|
|
|
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
|
2001-02-05 15:54:34 +01:00
|
|
|
msg = packet_get_string(NULL);
|
|
|
|
|
lang = packet_get_string(NULL);
|
|
|
|
|
}
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("channel %d: open failed: %s%s%s", id,
|
2001-05-08 22:07:39 +02:00
|
|
|
reason2txt(reason), msg ? ": ": "", msg ? msg : "");
|
2013-06-01 23:31:17 +02:00
|
|
|
free(msg);
|
|
|
|
|
free(lang);
|
2010-05-21 06:57:10 +02:00
|
|
|
if (c->open_confirm) {
|
|
|
|
|
debug2("callback start");
|
|
|
|
|
c->open_confirm(c->self, 0, c->open_confirm_ctx);
|
|
|
|
|
debug2("callback done");
|
|
|
|
|
}
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2009-01-28 06:22:34 +01:00
|
|
|
/* Schedule the channel for cleanup/deletion. */
|
|
|
|
|
chan_mark_dead(c);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
|
2001-06-09 02:41:05 +02:00
|
|
|
{
|
|
|
|
|
Channel *c;
|
2002-06-26 01:17:36 +02:00
|
|
|
int id;
|
2015-06-30 07:25:07 +02:00
|
|
|
u_int adjust, tmp;
|
2001-04-14 01:28:01 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
if (!compat20)
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* Get the channel number and verify it. */
|
|
|
|
|
id = packet_get_int();
|
|
|
|
|
c = channel_lookup(id);
|
|
|
|
|
|
2005-12-13 09:33:57 +01:00
|
|
|
if (c == NULL) {
|
|
|
|
|
logit("Received window adjust for non-open channel %d.", id);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
2001-06-09 02:41:05 +02:00
|
|
|
adjust = packet_get_int();
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2002-06-26 01:17:36 +02:00
|
|
|
debug2("channel %d: rcvd adjust %u", id, adjust);
|
2015-06-30 07:25:07 +02:00
|
|
|
if ((tmp = c->remote_window + adjust) < c->remote_window)
|
|
|
|
|
fatal("channel %d: adjust %u overflows remote window %u",
|
|
|
|
|
id, adjust, c->remote_window);
|
|
|
|
|
c->remote_window = tmp;
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2001-06-09 02:41:05 +02:00
|
|
|
}
|
|
|
|
|
|
2006-03-31 14:11:44 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
channel_input_port_open(int type, u_int32_t seq, void *ctxt)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2001-06-09 02:41:05 +02:00
|
|
|
Channel *c = NULL;
|
|
|
|
|
u_short host_port;
|
|
|
|
|
char *host, *originator_string;
|
2008-05-19 07:37:09 +02:00
|
|
|
int remote_id;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
remote_id = packet_get_int();
|
|
|
|
|
host = packet_get_string(NULL);
|
|
|
|
|
host_port = packet_get_int();
|
|
|
|
|
|
|
|
|
|
if (packet_get_protocol_flags() & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) {
|
|
|
|
|
originator_string = packet_get_string(NULL);
|
|
|
|
|
} else {
|
|
|
|
|
originator_string = xstrdup("unknown (remote did not supply name)");
|
|
|
|
|
}
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2014-07-18 06:11:24 +02:00
|
|
|
c = channel_connect_to_port(host, host_port,
|
2008-05-19 07:37:09 +02:00
|
|
|
"connected socket", originator_string);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(originator_string);
|
|
|
|
|
free(host);
|
2001-06-09 02:41:05 +02:00
|
|
|
if (c == NULL) {
|
|
|
|
|
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
|
|
|
|
|
packet_put_int(remote_id);
|
|
|
|
|
packet_send();
|
2008-05-19 07:37:09 +02:00
|
|
|
} else
|
|
|
|
|
c->remote_id = remote_id;
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2008-05-19 07:05:07 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2008-05-19 07:05:07 +02:00
|
|
|
channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
|
|
|
|
|
{
|
|
|
|
|
Channel *c;
|
|
|
|
|
struct channel_confirm *cc;
|
2008-12-07 23:55:25 +01:00
|
|
|
int id;
|
2008-05-19 07:05:07 +02:00
|
|
|
|
|
|
|
|
/* Reset keepalive timeout */
|
2009-06-21 10:12:20 +02:00
|
|
|
packet_set_alive_timeouts(0);
|
2008-05-19 07:05:07 +02:00
|
|
|
|
2008-12-07 23:55:25 +01:00
|
|
|
id = packet_get_int();
|
|
|
|
|
debug2("channel_input_status_confirm: type %d id %d", type, id);
|
2008-05-19 07:05:07 +02:00
|
|
|
|
2008-12-07 23:55:25 +01:00
|
|
|
if ((c = channel_lookup(id)) == NULL) {
|
|
|
|
|
logit("channel_input_status_confirm: %d: unknown", id);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2008-05-19 07:05:07 +02:00
|
|
|
}
|
2016-09-30 11:19:13 +02:00
|
|
|
if (channel_proxy_upstream(c, type, seq, ctxt))
|
|
|
|
|
return 0;
|
|
|
|
|
packet_check_eom();
|
2008-05-19 07:05:07 +02:00
|
|
|
if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL)
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2008-05-19 07:05:07 +02:00
|
|
|
cc->cb(type, c, cc->ctx);
|
|
|
|
|
TAILQ_REMOVE(&c->status_confirms, cc, entry);
|
2014-02-04 01:18:20 +01:00
|
|
|
explicit_bzero(cc, sizeof(*cc));
|
2013-06-01 23:31:17 +02:00
|
|
|
free(cc);
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2008-05-19 07:05:07 +02:00
|
|
|
}
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
/* -- tcp forwarding */
|
|
|
|
|
|
2001-10-03 19:34:59 +02:00
|
|
|
void
|
|
|
|
|
channel_set_af(int af)
|
|
|
|
|
{
|
|
|
|
|
IPv4or6 = af;
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-22 13:38:52 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Determine whether or not a port forward listens to loopback, the
|
|
|
|
|
* specified address or wildcard. On the client, a specified bind
|
|
|
|
|
* address will always override gateway_ports. On the server, a
|
|
|
|
|
* gateway_ports of 1 (``yes'') will override the client's specification
|
|
|
|
|
* and force a wildcard bind, whereas a value of 2 (``clientspecified'')
|
|
|
|
|
* will bind to whatever address the client asked for.
|
|
|
|
|
*
|
|
|
|
|
* Special-case listen_addrs are:
|
|
|
|
|
*
|
|
|
|
|
* "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR
|
|
|
|
|
* "" (empty string), "*" -> wildcard v4/v6
|
|
|
|
|
* "localhost" -> loopback v4/v6
|
2014-07-04 00:59:41 +02:00
|
|
|
* "127.0.0.1" / "::1" -> accepted even if gateway_ports isn't set
|
2011-09-22 13:38:52 +02:00
|
|
|
*/
|
|
|
|
|
static const char *
|
|
|
|
|
channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
|
2014-07-18 06:11:24 +02:00
|
|
|
int is_client, struct ForwardOptions *fwd_opts)
|
2011-09-22 13:38:52 +02:00
|
|
|
{
|
|
|
|
|
const char *addr = NULL;
|
|
|
|
|
int wildcard = 0;
|
|
|
|
|
|
|
|
|
|
if (listen_addr == NULL) {
|
|
|
|
|
/* No address specified: default to gateway_ports setting */
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwd_opts->gateway_ports)
|
2011-09-22 13:38:52 +02:00
|
|
|
wildcard = 1;
|
2014-07-18 06:11:24 +02:00
|
|
|
} else if (fwd_opts->gateway_ports || is_client) {
|
2011-09-22 13:38:52 +02:00
|
|
|
if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
|
|
|
|
|
strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
|
|
|
|
|
*listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
|
2014-07-18 06:11:24 +02:00
|
|
|
(!is_client && fwd_opts->gateway_ports == 1)) {
|
2011-09-22 13:38:52 +02:00
|
|
|
wildcard = 1;
|
2013-10-10 01:27:21 +02:00
|
|
|
/*
|
|
|
|
|
* Notify client if they requested a specific listen
|
|
|
|
|
* address and it was overridden.
|
|
|
|
|
*/
|
|
|
|
|
if (*listen_addr != '\0' &&
|
|
|
|
|
strcmp(listen_addr, "0.0.0.0") != 0 &&
|
|
|
|
|
strcmp(listen_addr, "*") != 0) {
|
|
|
|
|
packet_send_debug("Forwarding listen address "
|
|
|
|
|
"\"%s\" overridden by server "
|
|
|
|
|
"GatewayPorts", listen_addr);
|
|
|
|
|
}
|
2014-07-04 00:59:41 +02:00
|
|
|
} else if (strcmp(listen_addr, "localhost") != 0 ||
|
|
|
|
|
strcmp(listen_addr, "127.0.0.1") == 0 ||
|
|
|
|
|
strcmp(listen_addr, "::1") == 0) {
|
|
|
|
|
/* Accept localhost address when GatewayPorts=yes */
|
2014-05-21 09:13:36 +02:00
|
|
|
addr = listen_addr;
|
2014-07-04 00:59:41 +02:00
|
|
|
}
|
|
|
|
|
} else if (strcmp(listen_addr, "127.0.0.1") == 0 ||
|
|
|
|
|
strcmp(listen_addr, "::1") == 0) {
|
|
|
|
|
/*
|
|
|
|
|
* If a specific IPv4/IPv6 localhost address has been
|
|
|
|
|
* requested then accept it even if gateway_ports is in
|
|
|
|
|
* effect. This allows the client to prefer IPv4 or IPv6.
|
|
|
|
|
*/
|
|
|
|
|
addr = listen_addr;
|
2011-09-22 13:38:52 +02:00
|
|
|
}
|
|
|
|
|
if (wildcardp != NULL)
|
|
|
|
|
*wildcardp = wildcard;
|
|
|
|
|
return addr;
|
|
|
|
|
}
|
|
|
|
|
|
2002-01-22 13:29:22 +01:00
|
|
|
static int
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
|
|
|
|
|
int *allocated_listen_port, struct ForwardOptions *fwd_opts)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2001-05-05 06:09:47 +02:00
|
|
|
Channel *c;
|
2005-11-05 04:53:39 +01:00
|
|
|
int sock, r, success = 0, wildcard = 0, is_client;
|
2000-01-14 05:45:46 +01:00
|
|
|
struct addrinfo hints, *ai, *aitop;
|
2005-03-01 11:24:33 +01:00
|
|
|
const char *host, *addr;
|
2002-01-22 13:29:22 +01:00
|
|
|
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
|
2009-02-14 06:28:21 +01:00
|
|
|
in_port_t *lport_p;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2005-03-01 11:24:33 +01:00
|
|
|
is_client = (type == SSH_CHANNEL_PORT_LISTENER);
|
2001-02-05 15:54:34 +01:00
|
|
|
|
2015-06-05 17:13:13 +02:00
|
|
|
if (is_client && fwd->connect_path != NULL) {
|
|
|
|
|
host = fwd->connect_path;
|
|
|
|
|
} else {
|
|
|
|
|
host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
|
|
|
|
|
fwd->listen_host : fwd->connect_host;
|
|
|
|
|
if (host == NULL) {
|
|
|
|
|
error("No forward host name.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (strlen(host) >= NI_MAXHOST) {
|
|
|
|
|
error("Forward host name too long.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2001-02-05 15:54:34 +01:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2011-09-22 13:38:52 +02:00
|
|
|
/* Determine the bind address, cf. channel_fwd_bind_addr() comment */
|
2014-07-18 06:11:24 +02:00
|
|
|
addr = channel_fwd_bind_addr(fwd->listen_host, &wildcard,
|
|
|
|
|
is_client, fwd_opts);
|
|
|
|
|
debug3("%s: type %d wildcard %d addr %s", __func__,
|
2005-03-01 11:24:33 +01:00
|
|
|
type, wildcard, (addr == NULL) ? "NULL" : addr);
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
2000-01-14 05:45:46 +01:00
|
|
|
* getaddrinfo returns a loopback address if the hostname is
|
|
|
|
|
* set to NULL and hints.ai_flags is not AI_PASSIVE
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2000-01-14 05:45:46 +01:00
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
|
|
|
hints.ai_family = IPv4or6;
|
2005-03-01 11:24:33 +01:00
|
|
|
hints.ai_flags = wildcard ? AI_PASSIVE : 0;
|
2000-01-14 05:45:46 +01:00
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
2014-07-18 06:11:24 +02:00
|
|
|
snprintf(strport, sizeof strport, "%d", fwd->listen_port);
|
2005-03-01 11:24:33 +01:00
|
|
|
if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
|
|
|
|
|
if (addr == NULL) {
|
|
|
|
|
/* This really shouldn't happen */
|
|
|
|
|
packet_disconnect("getaddrinfo: fatal error: %s",
|
2007-12-28 16:43:51 +01:00
|
|
|
ssh_gai_strerror(r));
|
2005-03-01 11:24:33 +01:00
|
|
|
} else {
|
2014-07-18 06:11:24 +02:00
|
|
|
error("%s: getaddrinfo(%.64s): %s", __func__, addr,
|
2007-12-28 16:43:51 +01:00
|
|
|
ssh_gai_strerror(r));
|
2005-03-01 11:24:33 +01:00
|
|
|
}
|
2005-07-06 01:36:05 +02:00
|
|
|
return 0;
|
2005-03-01 11:24:33 +01:00
|
|
|
}
|
2009-02-14 06:28:21 +01:00
|
|
|
if (allocated_listen_port != NULL)
|
|
|
|
|
*allocated_listen_port = 0;
|
2000-01-14 05:45:46 +01:00
|
|
|
for (ai = aitop; ai; ai = ai->ai_next) {
|
2009-02-14 06:28:21 +01:00
|
|
|
switch (ai->ai_family) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
lport_p = &((struct sockaddr_in *)ai->ai_addr)->
|
|
|
|
|
sin_port;
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
lport_p = &((struct sockaddr_in6 *)ai->ai_addr)->
|
|
|
|
|
sin6_port;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2000-01-14 05:45:46 +01:00
|
|
|
continue;
|
2009-02-14 06:28:21 +01:00
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* If allocating a port for -R forwards, then use the
|
|
|
|
|
* same port for all address families.
|
|
|
|
|
*/
|
2014-07-18 06:11:24 +02:00
|
|
|
if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 &&
|
2009-02-14 06:28:21 +01:00
|
|
|
allocated_listen_port != NULL && *allocated_listen_port > 0)
|
|
|
|
|
*lport_p = htons(*allocated_listen_port);
|
|
|
|
|
|
2000-01-14 05:45:46 +01:00
|
|
|
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
|
|
|
|
|
strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
|
2014-07-18 06:11:24 +02:00
|
|
|
error("%s: getnameinfo failed", __func__);
|
2000-01-14 05:45:46 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* Create a port to listen for the host. */
|
2010-01-10 00:31:12 +01:00
|
|
|
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
2000-01-14 05:45:46 +01:00
|
|
|
if (sock < 0) {
|
|
|
|
|
/* this is no error since kernel may not support ipv6 */
|
|
|
|
|
verbose("socket: %.100s", strerror(errno));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2005-11-05 04:53:39 +01:00
|
|
|
|
|
|
|
|
channel_set_reuseaddr(sock);
|
2009-11-18 07:48:30 +01:00
|
|
|
if (ai->ai_family == AF_INET6)
|
|
|
|
|
sock_set_v6only(sock);
|
2002-09-19 03:49:37 +02:00
|
|
|
|
2009-02-14 06:28:21 +01:00
|
|
|
debug("Local forwarding listening on %s port %s.",
|
|
|
|
|
ntop, strport);
|
2000-01-14 05:45:46 +01:00
|
|
|
|
|
|
|
|
/* Bind the socket to the address. */
|
|
|
|
|
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
|
|
|
|
|
/* address can be in use ipv6 address is already bound */
|
2000-03-03 12:35:33 +01:00
|
|
|
if (!ai->ai_next)
|
|
|
|
|
error("bind: %.100s", strerror(errno));
|
|
|
|
|
else
|
|
|
|
|
verbose("bind: %.100s", strerror(errno));
|
2001-02-05 13:42:17 +01:00
|
|
|
|
2000-01-14 05:45:46 +01:00
|
|
|
close(sock);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* Start listening for connections on the socket. */
|
2003-12-09 09:15:11 +01:00
|
|
|
if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
|
2000-01-14 05:45:46 +01:00
|
|
|
error("listen: %.100s", strerror(errno));
|
|
|
|
|
close(sock);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2009-02-14 06:28:21 +01:00
|
|
|
|
|
|
|
|
/*
|
2014-07-18 06:11:24 +02:00
|
|
|
* fwd->listen_port == 0 requests a dynamically allocated port -
|
2009-02-14 06:28:21 +01:00
|
|
|
* record what we got.
|
|
|
|
|
*/
|
2014-07-18 06:11:24 +02:00
|
|
|
if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 &&
|
2009-02-14 06:28:21 +01:00
|
|
|
allocated_listen_port != NULL &&
|
|
|
|
|
*allocated_listen_port == 0) {
|
2016-03-07 20:02:43 +01:00
|
|
|
*allocated_listen_port = get_local_port(sock);
|
2009-02-14 06:28:21 +01:00
|
|
|
debug("Allocated listen port %d",
|
|
|
|
|
*allocated_listen_port);
|
|
|
|
|
}
|
|
|
|
|
|
2000-01-14 05:45:46 +01:00
|
|
|
/* Allocate a channel number for the socket. */
|
2001-06-09 02:41:05 +02:00
|
|
|
c = channel_new("port listener", type, sock, sock, -1,
|
2000-04-30 02:00:53 +02:00
|
|
|
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
2003-05-14 05:45:42 +02:00
|
|
|
0, "port listener", 1);
|
2009-01-28 06:29:49 +01:00
|
|
|
c->path = xstrdup(host);
|
2014-07-18 06:11:24 +02:00
|
|
|
c->host_port = fwd->connect_port;
|
2011-09-22 13:38:52 +02:00
|
|
|
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwd->listen_port == 0 && allocated_listen_port != NULL &&
|
2011-10-02 09:59:03 +02:00
|
|
|
!(datafellows & SSH_BUG_DYNAMIC_RPORT))
|
|
|
|
|
c->listening_port = *allocated_listen_port;
|
|
|
|
|
else
|
2014-07-18 06:11:24 +02:00
|
|
|
c->listening_port = fwd->listen_port;
|
2000-01-14 05:45:46 +01:00
|
|
|
success = 1;
|
|
|
|
|
}
|
|
|
|
|
if (success == 0)
|
2014-07-18 06:11:24 +02:00
|
|
|
error("%s: cannot listen to port: %d", __func__,
|
|
|
|
|
fwd->listen_port);
|
2000-01-14 05:45:46 +01:00
|
|
|
freeaddrinfo(aitop);
|
2001-02-05 15:54:34 +01:00
|
|
|
return success;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
static int
|
|
|
|
|
channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd,
|
|
|
|
|
struct ForwardOptions *fwd_opts)
|
|
|
|
|
{
|
|
|
|
|
struct sockaddr_un sunaddr;
|
|
|
|
|
const char *path;
|
|
|
|
|
Channel *c;
|
|
|
|
|
int port, sock;
|
|
|
|
|
mode_t omask;
|
|
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
case SSH_CHANNEL_UNIX_LISTENER:
|
|
|
|
|
if (fwd->connect_path != NULL) {
|
|
|
|
|
if (strlen(fwd->connect_path) > sizeof(sunaddr.sun_path)) {
|
|
|
|
|
error("Local connecting path too long: %s",
|
|
|
|
|
fwd->connect_path);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
path = fwd->connect_path;
|
|
|
|
|
port = PORT_STREAMLOCAL;
|
|
|
|
|
} else {
|
|
|
|
|
if (fwd->connect_host == NULL) {
|
|
|
|
|
error("No forward host name.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (strlen(fwd->connect_host) >= NI_MAXHOST) {
|
|
|
|
|
error("Forward host name too long.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
path = fwd->connect_host;
|
|
|
|
|
port = fwd->connect_port;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case SSH_CHANNEL_RUNIX_LISTENER:
|
|
|
|
|
path = fwd->listen_path;
|
|
|
|
|
port = PORT_STREAMLOCAL;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
error("%s: unexpected channel type %d", __func__, type);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (fwd->listen_path == NULL) {
|
|
|
|
|
error("No forward path name.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (strlen(fwd->listen_path) > sizeof(sunaddr.sun_path)) {
|
|
|
|
|
error("Local listening path too long: %s", fwd->listen_path);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
debug3("%s: type %d path %s", __func__, type, fwd->listen_path);
|
|
|
|
|
|
|
|
|
|
/* Start a Unix domain listener. */
|
|
|
|
|
omask = umask(fwd_opts->streamlocal_bind_mask);
|
|
|
|
|
sock = unix_listener(fwd->listen_path, SSH_LISTEN_BACKLOG,
|
|
|
|
|
fwd_opts->streamlocal_bind_unlink);
|
|
|
|
|
umask(omask);
|
|
|
|
|
if (sock < 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
debug("Local forwarding listening on path %s.", fwd->listen_path);
|
|
|
|
|
|
|
|
|
|
/* Allocate a channel number for the socket. */
|
|
|
|
|
c = channel_new("unix listener", type, sock, sock, -1,
|
|
|
|
|
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
|
|
|
|
0, "unix listener", 1);
|
|
|
|
|
c->path = xstrdup(path);
|
|
|
|
|
c->host_port = port;
|
|
|
|
|
c->listening_port = PORT_STREAMLOCAL;
|
|
|
|
|
c->listening_addr = xstrdup(fwd->listen_path);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
channel_cancel_rport_listener_tcpip(const char *host, u_short port)
|
2004-05-24 02:18:05 +02:00
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
|
|
|
|
int found = 0;
|
2004-05-24 02:18:05 +02:00
|
|
|
|
2005-03-14 13:08:12 +01:00
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
2004-05-24 02:18:05 +02:00
|
|
|
Channel *c = channels[i];
|
2011-09-22 13:38:52 +02:00
|
|
|
if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER)
|
|
|
|
|
continue;
|
|
|
|
|
if (strcmp(c->path, host) == 0 && c->listening_port == port) {
|
|
|
|
|
debug2("%s: close channel %d", __func__, i);
|
|
|
|
|
channel_free(c);
|
|
|
|
|
found = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (found);
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
static int
|
|
|
|
|
channel_cancel_rport_listener_streamlocal(const char *path)
|
|
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
int found = 0;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
Channel *c = channels[i];
|
|
|
|
|
if (c == NULL || c->type != SSH_CHANNEL_RUNIX_LISTENER)
|
|
|
|
|
continue;
|
|
|
|
|
if (c->path == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
if (strcmp(c->path, path) == 0) {
|
|
|
|
|
debug2("%s: close channel %d", __func__, i);
|
|
|
|
|
channel_free(c);
|
|
|
|
|
found = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (found);
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-22 13:38:52 +02:00
|
|
|
int
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_cancel_rport_listener(struct Forward *fwd)
|
|
|
|
|
{
|
|
|
|
|
if (fwd->listen_path != NULL)
|
|
|
|
|
return channel_cancel_rport_listener_streamlocal(fwd->listen_path);
|
|
|
|
|
else
|
|
|
|
|
return channel_cancel_rport_listener_tcpip(fwd->listen_host, fwd->listen_port);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
channel_cancel_lport_listener_tcpip(const char *lhost, u_short lport,
|
|
|
|
|
int cport, struct ForwardOptions *fwd_opts)
|
2011-09-22 13:38:52 +02:00
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
int found = 0;
|
2014-07-18 06:11:24 +02:00
|
|
|
const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, fwd_opts);
|
2004-05-24 02:18:05 +02:00
|
|
|
|
2011-09-22 13:38:52 +02:00
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
Channel *c = channels[i];
|
|
|
|
|
if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER)
|
|
|
|
|
continue;
|
2011-09-22 13:39:48 +02:00
|
|
|
if (c->listening_port != lport)
|
2011-09-22 13:38:52 +02:00
|
|
|
continue;
|
2011-09-22 13:39:48 +02:00
|
|
|
if (cport == CHANNEL_CANCEL_PORT_STATIC) {
|
|
|
|
|
/* skip dynamic forwardings */
|
|
|
|
|
if (c->host_port == 0)
|
|
|
|
|
continue;
|
|
|
|
|
} else {
|
|
|
|
|
if (c->host_port != cport)
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2011-09-22 13:38:52 +02:00
|
|
|
if ((c->listening_addr == NULL && addr != NULL) ||
|
|
|
|
|
(c->listening_addr != NULL && addr == NULL))
|
|
|
|
|
continue;
|
|
|
|
|
if (addr == NULL || strcmp(c->listening_addr, addr) == 0) {
|
2004-08-29 08:29:44 +02:00
|
|
|
debug2("%s: close channel %d", __func__, i);
|
2004-05-24 02:18:05 +02:00
|
|
|
channel_free(c);
|
|
|
|
|
found = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (found);
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
static int
|
|
|
|
|
channel_cancel_lport_listener_streamlocal(const char *path)
|
|
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
int found = 0;
|
|
|
|
|
|
|
|
|
|
if (path == NULL) {
|
|
|
|
|
error("%s: no path specified.", __func__);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
|
|
|
|
Channel *c = channels[i];
|
|
|
|
|
if (c == NULL || c->type != SSH_CHANNEL_UNIX_LISTENER)
|
|
|
|
|
continue;
|
|
|
|
|
if (c->listening_addr == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
if (strcmp(c->listening_addr, path) == 0) {
|
|
|
|
|
debug2("%s: close channel %d", __func__, i);
|
|
|
|
|
channel_free(c);
|
|
|
|
|
found = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (found);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
channel_cancel_lport_listener(struct Forward *fwd, int cport, struct ForwardOptions *fwd_opts)
|
|
|
|
|
{
|
|
|
|
|
if (fwd->listen_path != NULL)
|
|
|
|
|
return channel_cancel_lport_listener_streamlocal(fwd->listen_path);
|
|
|
|
|
else
|
|
|
|
|
return channel_cancel_lport_listener_tcpip(fwd->listen_host, fwd->listen_port, cport, fwd_opts);
|
|
|
|
|
}
|
|
|
|
|
|
2002-01-22 13:29:22 +01:00
|
|
|
/* protocol local port fwd, used by ssh (and sshd in v1) */
|
|
|
|
|
int
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_setup_local_fwd_listener(struct Forward *fwd, struct ForwardOptions *fwd_opts)
|
2002-01-22 13:29:22 +01:00
|
|
|
{
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwd->listen_path != NULL) {
|
|
|
|
|
return channel_setup_fwd_listener_streamlocal(
|
|
|
|
|
SSH_CHANNEL_UNIX_LISTENER, fwd, fwd_opts);
|
|
|
|
|
} else {
|
|
|
|
|
return channel_setup_fwd_listener_tcpip(SSH_CHANNEL_PORT_LISTENER,
|
|
|
|
|
fwd, NULL, fwd_opts);
|
|
|
|
|
}
|
2002-01-22 13:29:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* protocol v2 remote port fwd, used by sshd */
|
|
|
|
|
int
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_setup_remote_fwd_listener(struct Forward *fwd,
|
|
|
|
|
int *allocated_listen_port, struct ForwardOptions *fwd_opts)
|
2002-01-22 13:29:22 +01:00
|
|
|
{
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwd->listen_path != NULL) {
|
|
|
|
|
return channel_setup_fwd_listener_streamlocal(
|
|
|
|
|
SSH_CHANNEL_RUNIX_LISTENER, fwd, fwd_opts);
|
|
|
|
|
} else {
|
|
|
|
|
return channel_setup_fwd_listener_tcpip(
|
|
|
|
|
SSH_CHANNEL_RPORT_LISTENER, fwd, allocated_listen_port,
|
|
|
|
|
fwd_opts);
|
|
|
|
|
}
|
2002-01-22 13:29:22 +01:00
|
|
|
}
|
|
|
|
|
|
2011-09-22 13:38:52 +02:00
|
|
|
/*
|
|
|
|
|
* Translate the requested rfwd listen host to something usable for
|
|
|
|
|
* this server.
|
|
|
|
|
*/
|
|
|
|
|
static const char *
|
|
|
|
|
channel_rfwd_bind_host(const char *listen_host)
|
|
|
|
|
{
|
|
|
|
|
if (listen_host == NULL) {
|
|
|
|
|
if (datafellows & SSH_BUG_RFWD_ADDR)
|
|
|
|
|
return "127.0.0.1";
|
|
|
|
|
else
|
|
|
|
|
return "localhost";
|
|
|
|
|
} else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) {
|
|
|
|
|
if (datafellows & SSH_BUG_RFWD_ADDR)
|
|
|
|
|
return "0.0.0.0";
|
|
|
|
|
else
|
|
|
|
|
return "";
|
|
|
|
|
} else
|
|
|
|
|
return listen_host;
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Initiate forwarding of connections to port "port" on remote host through
|
|
|
|
|
* the secure channel to host:port from local side.
|
2011-10-02 09:59:03 +02:00
|
|
|
* Returns handle (index) for updating the dynamic listen port with
|
|
|
|
|
* channel_update_permitted_opens().
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2006-07-12 14:17:10 +02:00
|
|
|
int
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_request_remote_forwarding(struct Forward *fwd)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2011-10-02 09:59:03 +02:00
|
|
|
int type, success = 0, idx = -1;
|
2000-11-13 12:57:25 +01:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
/* Send the forward request to the remote side. */
|
2000-04-04 06:38:59 +02:00
|
|
|
if (compat20) {
|
|
|
|
|
packet_start(SSH2_MSG_GLOBAL_REQUEST);
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwd->listen_path != NULL) {
|
|
|
|
|
packet_put_cstring("streamlocal-forward@openssh.com");
|
|
|
|
|
packet_put_char(1); /* boolean: want reply */
|
|
|
|
|
packet_put_cstring(fwd->listen_path);
|
|
|
|
|
} else {
|
|
|
|
|
packet_put_cstring("tcpip-forward");
|
|
|
|
|
packet_put_char(1); /* boolean: want reply */
|
|
|
|
|
packet_put_cstring(channel_rfwd_bind_host(fwd->listen_host));
|
|
|
|
|
packet_put_int(fwd->listen_port);
|
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
packet_send();
|
|
|
|
|
packet_write_wait();
|
|
|
|
|
/* Assume that server accepts the request */
|
|
|
|
|
success = 1;
|
2014-07-18 06:11:24 +02:00
|
|
|
} else if (fwd->listen_path == NULL) {
|
2000-04-04 06:38:59 +02:00
|
|
|
packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
|
2014-07-18 06:11:24 +02:00
|
|
|
packet_put_int(fwd->listen_port);
|
|
|
|
|
packet_put_cstring(fwd->connect_host);
|
|
|
|
|
packet_put_int(fwd->connect_port);
|
2000-04-04 06:38:59 +02:00
|
|
|
packet_send();
|
|
|
|
|
packet_write_wait();
|
2000-11-13 12:57:25 +01:00
|
|
|
|
|
|
|
|
/* Wait for response from the remote side. */
|
2002-01-22 13:16:32 +01:00
|
|
|
type = packet_read();
|
2000-11-13 12:57:25 +01:00
|
|
|
switch (type) {
|
|
|
|
|
case SSH_SMSG_SUCCESS:
|
|
|
|
|
success = 1;
|
|
|
|
|
break;
|
|
|
|
|
case SSH_SMSG_FAILURE:
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
/* Unknown packet */
|
|
|
|
|
packet_disconnect("Protocol error for port forward request:"
|
|
|
|
|
"received packet type %d.", type);
|
|
|
|
|
}
|
2014-07-18 06:11:24 +02:00
|
|
|
} else {
|
|
|
|
|
logit("Warning: Server does not support remote stream local forwarding.");
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
|
if (success) {
|
2010-06-26 01:50:30 +02:00
|
|
|
/* Record that connection to this host/port is permitted. */
|
2015-04-24 03:36:00 +02:00
|
|
|
permitted_opens = xreallocarray(permitted_opens,
|
2010-06-26 01:50:30 +02:00
|
|
|
num_permitted_opens + 1, sizeof(*permitted_opens));
|
2011-10-02 09:59:03 +02:00
|
|
|
idx = num_permitted_opens++;
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwd->connect_path != NULL) {
|
|
|
|
|
permitted_opens[idx].host_to_connect =
|
|
|
|
|
xstrdup(fwd->connect_path);
|
|
|
|
|
permitted_opens[idx].port_to_connect =
|
|
|
|
|
PORT_STREAMLOCAL;
|
|
|
|
|
} else {
|
|
|
|
|
permitted_opens[idx].host_to_connect =
|
|
|
|
|
xstrdup(fwd->connect_host);
|
|
|
|
|
permitted_opens[idx].port_to_connect =
|
|
|
|
|
fwd->connect_port;
|
|
|
|
|
}
|
|
|
|
|
if (fwd->listen_path != NULL) {
|
|
|
|
|
permitted_opens[idx].listen_host = NULL;
|
|
|
|
|
permitted_opens[idx].listen_path =
|
|
|
|
|
xstrdup(fwd->listen_path);
|
|
|
|
|
permitted_opens[idx].listen_port = PORT_STREAMLOCAL;
|
|
|
|
|
} else {
|
|
|
|
|
permitted_opens[idx].listen_host =
|
|
|
|
|
fwd->listen_host ? xstrdup(fwd->listen_host) : NULL;
|
|
|
|
|
permitted_opens[idx].listen_path = NULL;
|
|
|
|
|
permitted_opens[idx].listen_port = fwd->listen_port;
|
|
|
|
|
}
|
2016-09-30 11:19:13 +02:00
|
|
|
permitted_opens[idx].downstream = NULL;
|
2000-04-04 06:38:59 +02:00
|
|
|
}
|
2011-10-02 09:59:03 +02:00
|
|
|
return (idx);
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2014-07-02 07:29:40 +02:00
|
|
|
static int
|
|
|
|
|
open_match(ForwardPermission *allowed_open, const char *requestedhost,
|
2014-07-18 06:11:24 +02:00
|
|
|
int requestedport)
|
2014-07-02 07:29:40 +02:00
|
|
|
{
|
|
|
|
|
if (allowed_open->host_to_connect == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT &&
|
|
|
|
|
allowed_open->port_to_connect != requestedport)
|
|
|
|
|
return 0;
|
2016-07-19 13:38:53 +02:00
|
|
|
if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 &&
|
|
|
|
|
strcmp(allowed_open->host_to_connect, requestedhost) != 0)
|
2014-07-02 07:29:40 +02:00
|
|
|
return 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2014-07-18 06:11:24 +02:00
|
|
|
* Note that in the listen host/port case
|
2014-07-02 07:29:40 +02:00
|
|
|
* we don't support FWD_PERMIT_ANY_PORT and
|
|
|
|
|
* need to translate between the configured-host (listen_host)
|
|
|
|
|
* and what we've sent to the remote server (channel_rfwd_bind_host)
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2014-07-18 06:11:24 +02:00
|
|
|
open_listen_match_tcpip(ForwardPermission *allowed_open,
|
|
|
|
|
const char *requestedhost, u_short requestedport, int translate)
|
2014-07-02 07:29:40 +02:00
|
|
|
{
|
|
|
|
|
const char *allowed_host;
|
|
|
|
|
|
|
|
|
|
if (allowed_open->host_to_connect == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
if (allowed_open->listen_port != requestedport)
|
|
|
|
|
return 0;
|
2014-07-06 01:32:49 +02:00
|
|
|
if (!translate && allowed_open->listen_host == NULL &&
|
|
|
|
|
requestedhost == NULL)
|
|
|
|
|
return 1;
|
2014-07-02 07:29:40 +02:00
|
|
|
allowed_host = translate ?
|
|
|
|
|
channel_rfwd_bind_host(allowed_open->listen_host) :
|
|
|
|
|
allowed_open->listen_host;
|
|
|
|
|
if (allowed_host == NULL ||
|
|
|
|
|
strcmp(allowed_host, requestedhost) != 0)
|
|
|
|
|
return 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
static int
|
|
|
|
|
open_listen_match_streamlocal(ForwardPermission *allowed_open,
|
|
|
|
|
const char *requestedpath)
|
|
|
|
|
{
|
|
|
|
|
if (allowed_open->host_to_connect == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
if (allowed_open->listen_port != PORT_STREAMLOCAL)
|
|
|
|
|
return 0;
|
|
|
|
|
if (allowed_open->listen_path == NULL ||
|
|
|
|
|
strcmp(allowed_open->listen_path, requestedpath) != 0)
|
|
|
|
|
return 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-24 02:18:05 +02:00
|
|
|
/*
|
2004-07-17 08:12:08 +02:00
|
|
|
* Request cancellation of remote forwarding of connection host:port from
|
2004-05-24 02:18:05 +02:00
|
|
|
* local side.
|
|
|
|
|
*/
|
2014-07-18 06:11:24 +02:00
|
|
|
static int
|
|
|
|
|
channel_request_rforward_cancel_tcpip(const char *host, u_short port)
|
2004-05-24 02:18:05 +02:00
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (!compat20)
|
2011-09-22 13:38:52 +02:00
|
|
|
return -1;
|
2004-05-24 02:18:05 +02:00
|
|
|
|
|
|
|
|
for (i = 0; i < num_permitted_opens; i++) {
|
2014-07-18 06:11:24 +02:00
|
|
|
if (open_listen_match_tcpip(&permitted_opens[i], host, port, 0))
|
2004-05-24 02:18:05 +02:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (i >= num_permitted_opens) {
|
|
|
|
|
debug("%s: requested forward not found", __func__);
|
2011-09-22 13:38:52 +02:00
|
|
|
return -1;
|
2004-05-24 02:18:05 +02:00
|
|
|
}
|
|
|
|
|
packet_start(SSH2_MSG_GLOBAL_REQUEST);
|
|
|
|
|
packet_put_cstring("cancel-tcpip-forward");
|
|
|
|
|
packet_put_char(0);
|
2011-09-22 13:38:52 +02:00
|
|
|
packet_put_cstring(channel_rfwd_bind_host(host));
|
2004-05-24 02:18:05 +02:00
|
|
|
packet_put_int(port);
|
|
|
|
|
packet_send();
|
|
|
|
|
|
2014-07-02 07:29:40 +02:00
|
|
|
permitted_opens[i].listen_port = 0;
|
2014-07-18 06:11:24 +02:00
|
|
|
permitted_opens[i].port_to_connect = 0;
|
2013-06-01 23:31:17 +02:00
|
|
|
free(permitted_opens[i].host_to_connect);
|
2004-05-24 02:18:05 +02:00
|
|
|
permitted_opens[i].host_to_connect = NULL;
|
2014-07-02 07:29:40 +02:00
|
|
|
free(permitted_opens[i].listen_host);
|
|
|
|
|
permitted_opens[i].listen_host = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
permitted_opens[i].listen_path = NULL;
|
2016-09-30 11:19:13 +02:00
|
|
|
permitted_opens[i].downstream = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Request cancellation of remote forwarding of Unix domain socket
|
|
|
|
|
* path from local side.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
channel_request_rforward_cancel_streamlocal(const char *path)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (!compat20)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < num_permitted_opens; i++) {
|
|
|
|
|
if (open_listen_match_streamlocal(&permitted_opens[i], path))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (i >= num_permitted_opens) {
|
|
|
|
|
debug("%s: requested forward not found", __func__);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
packet_start(SSH2_MSG_GLOBAL_REQUEST);
|
|
|
|
|
packet_put_cstring("cancel-streamlocal-forward@openssh.com");
|
|
|
|
|
packet_put_char(0);
|
|
|
|
|
packet_put_cstring(path);
|
|
|
|
|
packet_send();
|
|
|
|
|
|
|
|
|
|
permitted_opens[i].listen_port = 0;
|
|
|
|
|
permitted_opens[i].port_to_connect = 0;
|
|
|
|
|
free(permitted_opens[i].host_to_connect);
|
|
|
|
|
permitted_opens[i].host_to_connect = NULL;
|
|
|
|
|
permitted_opens[i].listen_host = NULL;
|
|
|
|
|
free(permitted_opens[i].listen_path);
|
|
|
|
|
permitted_opens[i].listen_path = NULL;
|
2016-09-30 11:19:13 +02:00
|
|
|
permitted_opens[i].downstream = NULL;
|
2011-09-22 13:38:52 +02:00
|
|
|
|
|
|
|
|
return 0;
|
2004-05-24 02:18:05 +02:00
|
|
|
}
|
2014-07-18 06:11:24 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Request cancellation of remote forwarding of a connection from local side.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
channel_request_rforward_cancel(struct Forward *fwd)
|
|
|
|
|
{
|
|
|
|
|
if (fwd->listen_path != NULL) {
|
|
|
|
|
return (channel_request_rforward_cancel_streamlocal(
|
|
|
|
|
fwd->listen_path));
|
|
|
|
|
} else {
|
|
|
|
|
return (channel_request_rforward_cancel_tcpip(fwd->listen_host,
|
|
|
|
|
fwd->listen_port ? fwd->listen_port : fwd->allocated_port));
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-05-24 02:18:05 +02:00
|
|
|
|
2001-03-17 01:47:54 +01:00
|
|
|
/*
|
|
|
|
|
* Permits opening to any host/port if permitted_opens[] is empty. This is
|
|
|
|
|
* usually called by the server, because the user could connect to any port
|
|
|
|
|
* anyway, and the server has no way to know but to trust the client anyway.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2001-12-06 18:55:26 +01:00
|
|
|
channel_permit_all_opens(void)
|
2001-03-17 01:47:54 +01:00
|
|
|
{
|
|
|
|
|
if (num_permitted_opens == 0)
|
|
|
|
|
all_opens_permitted = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2001-04-06 01:26:32 +02:00
|
|
|
void
|
2001-03-17 01:47:54 +01:00
|
|
|
channel_add_permitted_opens(char *host, int port)
|
|
|
|
|
{
|
|
|
|
|
debug("allow port forwarding to host %s port %d", host, port);
|
|
|
|
|
|
2015-04-24 03:36:00 +02:00
|
|
|
permitted_opens = xreallocarray(permitted_opens,
|
2010-06-26 01:50:30 +02:00
|
|
|
num_permitted_opens + 1, sizeof(*permitted_opens));
|
2001-03-17 01:47:54 +01:00
|
|
|
permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
|
|
|
|
|
permitted_opens[num_permitted_opens].port_to_connect = port;
|
2014-07-02 07:29:40 +02:00
|
|
|
permitted_opens[num_permitted_opens].listen_host = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
permitted_opens[num_permitted_opens].listen_path = NULL;
|
2014-07-02 07:29:40 +02:00
|
|
|
permitted_opens[num_permitted_opens].listen_port = 0;
|
2016-09-30 11:19:13 +02:00
|
|
|
permitted_opens[num_permitted_opens].downstream = NULL;
|
2001-03-17 01:47:54 +01:00
|
|
|
num_permitted_opens++;
|
|
|
|
|
|
|
|
|
|
all_opens_permitted = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-02 09:59:03 +02:00
|
|
|
/*
|
|
|
|
|
* Update the listen port for a dynamic remote forward, after
|
|
|
|
|
* the actual 'newport' has been allocated. If 'newport' < 0 is
|
|
|
|
|
* passed then they entry will be invalidated.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
channel_update_permitted_opens(int idx, int newport)
|
|
|
|
|
{
|
|
|
|
|
if (idx < 0 || idx >= num_permitted_opens) {
|
|
|
|
|
debug("channel_update_permitted_opens: index out of range:"
|
|
|
|
|
" %d num_permitted_opens %d", idx, num_permitted_opens);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
debug("%s allowed port %d for forwarding to host %s port %d",
|
|
|
|
|
newport > 0 ? "Updating" : "Removing",
|
|
|
|
|
newport,
|
|
|
|
|
permitted_opens[idx].host_to_connect,
|
|
|
|
|
permitted_opens[idx].port_to_connect);
|
|
|
|
|
if (newport >= 0) {
|
|
|
|
|
permitted_opens[idx].listen_port =
|
|
|
|
|
(datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
|
|
|
|
|
} else {
|
|
|
|
|
permitted_opens[idx].listen_port = 0;
|
|
|
|
|
permitted_opens[idx].port_to_connect = 0;
|
2013-06-01 23:31:17 +02:00
|
|
|
free(permitted_opens[idx].host_to_connect);
|
2011-10-02 09:59:03 +02:00
|
|
|
permitted_opens[idx].host_to_connect = NULL;
|
2014-07-02 07:29:40 +02:00
|
|
|
free(permitted_opens[idx].listen_host);
|
|
|
|
|
permitted_opens[idx].listen_host = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
free(permitted_opens[idx].listen_path);
|
|
|
|
|
permitted_opens[idx].listen_path = NULL;
|
2011-10-02 09:59:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-24 06:08:13 +02:00
|
|
|
int
|
2006-07-24 06:04:00 +02:00
|
|
|
channel_add_adm_permitted_opens(char *host, int port)
|
|
|
|
|
{
|
2006-07-24 06:08:13 +02:00
|
|
|
debug("config allows port forwarding to host %s port %d", host, port);
|
2006-07-24 06:04:00 +02:00
|
|
|
|
2015-04-24 03:36:00 +02:00
|
|
|
permitted_adm_opens = xreallocarray(permitted_adm_opens,
|
2010-06-26 01:50:30 +02:00
|
|
|
num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens));
|
2006-07-24 06:04:00 +02:00
|
|
|
permitted_adm_opens[num_adm_permitted_opens].host_to_connect
|
|
|
|
|
= xstrdup(host);
|
|
|
|
|
permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;
|
2014-07-02 07:29:40 +02:00
|
|
|
permitted_adm_opens[num_adm_permitted_opens].listen_host = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
permitted_adm_opens[num_adm_permitted_opens].listen_path = NULL;
|
2014-07-02 07:29:40 +02:00
|
|
|
permitted_adm_opens[num_adm_permitted_opens].listen_port = 0;
|
2006-07-24 06:08:13 +02:00
|
|
|
return ++num_adm_permitted_opens;
|
2006-07-24 06:04:00 +02:00
|
|
|
}
|
|
|
|
|
|
2012-04-22 03:18:53 +02:00
|
|
|
void
|
|
|
|
|
channel_disable_adm_local_opens(void)
|
|
|
|
|
{
|
2012-12-02 23:50:54 +01:00
|
|
|
channel_clear_adm_permitted_opens();
|
2015-05-08 05:25:07 +02:00
|
|
|
permitted_adm_opens = xcalloc(sizeof(*permitted_adm_opens), 1);
|
2012-12-02 23:50:54 +01:00
|
|
|
permitted_adm_opens[num_adm_permitted_opens].host_to_connect = NULL;
|
|
|
|
|
num_adm_permitted_opens = 1;
|
2012-04-22 03:18:53 +02:00
|
|
|
}
|
|
|
|
|
|
2001-04-06 01:26:32 +02:00
|
|
|
void
|
2001-03-17 01:47:54 +01:00
|
|
|
channel_clear_permitted_opens(void)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
2014-07-02 07:29:40 +02:00
|
|
|
for (i = 0; i < num_permitted_opens; i++) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(permitted_opens[i].host_to_connect);
|
2014-07-02 07:29:40 +02:00
|
|
|
free(permitted_opens[i].listen_host);
|
2014-07-18 06:11:24 +02:00
|
|
|
free(permitted_opens[i].listen_path);
|
2014-07-02 07:29:40 +02:00
|
|
|
}
|
2013-06-01 23:31:17 +02:00
|
|
|
free(permitted_opens);
|
|
|
|
|
permitted_opens = NULL;
|
2001-03-17 01:47:54 +01:00
|
|
|
num_permitted_opens = 0;
|
2006-07-24 06:04:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
channel_clear_adm_permitted_opens(void)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
2001-03-17 01:47:54 +01:00
|
|
|
|
2014-07-02 07:29:40 +02:00
|
|
|
for (i = 0; i < num_adm_permitted_opens; i++) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(permitted_adm_opens[i].host_to_connect);
|
2014-07-02 07:29:40 +02:00
|
|
|
free(permitted_adm_opens[i].listen_host);
|
2014-07-18 06:11:24 +02:00
|
|
|
free(permitted_adm_opens[i].listen_path);
|
2014-07-02 07:29:40 +02:00
|
|
|
}
|
2013-06-01 23:31:17 +02:00
|
|
|
free(permitted_adm_opens);
|
|
|
|
|
permitted_adm_opens = NULL;
|
2006-07-24 06:04:00 +02:00
|
|
|
num_adm_permitted_opens = 0;
|
2001-03-17 01:47:54 +01:00
|
|
|
}
|
|
|
|
|
|
2008-06-10 15:01:51 +02:00
|
|
|
void
|
|
|
|
|
channel_print_adm_permitted_opens(void)
|
|
|
|
|
{
|
2008-07-16 14:42:06 +02:00
|
|
|
int i;
|
2008-06-10 15:01:51 +02:00
|
|
|
|
2009-01-28 06:13:04 +01:00
|
|
|
printf("permitopen");
|
2008-11-11 06:40:22 +01:00
|
|
|
if (num_adm_permitted_opens == 0) {
|
2009-01-28 06:13:04 +01:00
|
|
|
printf(" any\n");
|
2008-11-11 06:40:22 +01:00
|
|
|
return;
|
|
|
|
|
}
|
2008-06-10 15:01:51 +02:00
|
|
|
for (i = 0; i < num_adm_permitted_opens; i++)
|
2012-04-22 03:18:53 +02:00
|
|
|
if (permitted_adm_opens[i].host_to_connect == NULL)
|
|
|
|
|
printf(" none");
|
|
|
|
|
else
|
2008-06-10 15:01:51 +02:00
|
|
|
printf(" %s:%d", permitted_adm_opens[i].host_to_connect,
|
|
|
|
|
permitted_adm_opens[i].port_to_connect);
|
2009-01-28 06:13:04 +01:00
|
|
|
printf("\n");
|
2008-06-10 15:01:51 +02:00
|
|
|
}
|
|
|
|
|
|
2011-10-02 09:57:35 +02:00
|
|
|
/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */
|
|
|
|
|
int
|
|
|
|
|
permitopen_port(const char *p)
|
|
|
|
|
{
|
|
|
|
|
int port;
|
|
|
|
|
|
|
|
|
|
if (strcmp(p, "*") == 0)
|
|
|
|
|
return FWD_PERMIT_ANY_PORT;
|
|
|
|
|
if ((port = a2port(p)) > 0)
|
|
|
|
|
return port;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2008-05-19 07:37:09 +02:00
|
|
|
/* Try to start non-blocking connect to next host in cctx list */
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2008-05-19 07:37:09 +02:00
|
|
|
connect_next(struct channel_connect *cctx)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2008-05-19 07:37:09 +02:00
|
|
|
int sock, saved_errno;
|
2014-07-18 06:11:24 +02:00
|
|
|
struct sockaddr_un *sunaddr;
|
2016-09-12 03:22:38 +02:00
|
|
|
char ntop[NI_MAXHOST], strport[MAXIMUM(NI_MAXSERV,sizeof(sunaddr->sun_path))];
|
2000-01-14 05:45:46 +01:00
|
|
|
|
2008-05-19 07:37:09 +02:00
|
|
|
for (; cctx->ai; cctx->ai = cctx->ai->ai_next) {
|
2014-07-18 06:11:24 +02:00
|
|
|
switch (cctx->ai->ai_family) {
|
|
|
|
|
case AF_UNIX:
|
|
|
|
|
/* unix:pathname instead of host:port */
|
|
|
|
|
sunaddr = (struct sockaddr_un *)cctx->ai->ai_addr;
|
|
|
|
|
strlcpy(ntop, "unix", sizeof(ntop));
|
|
|
|
|
strlcpy(strport, sunaddr->sun_path, sizeof(strport));
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET:
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen,
|
|
|
|
|
ntop, sizeof(ntop), strport, sizeof(strport),
|
|
|
|
|
NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
|
|
|
|
|
error("connect_next: getnameinfo failed");
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2000-01-14 05:45:46 +01:00
|
|
|
continue;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2010-01-10 00:31:12 +01:00
|
|
|
if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
|
|
|
|
|
cctx->ai->ai_protocol)) == -1) {
|
2008-05-19 07:37:09 +02:00
|
|
|
if (cctx->ai->ai_next == NULL)
|
2003-01-10 11:45:12 +01:00
|
|
|
error("socket: %.100s", strerror(errno));
|
|
|
|
|
else
|
|
|
|
|
verbose("socket: %.100s", strerror(errno));
|
2000-01-14 05:45:46 +01:00
|
|
|
continue;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2004-06-15 02:35:30 +02:00
|
|
|
if (set_nonblock(sock) == -1)
|
|
|
|
|
fatal("%s: set_nonblock(%d)", __func__, sock);
|
2008-05-19 07:37:09 +02:00
|
|
|
if (connect(sock, cctx->ai->ai_addr,
|
|
|
|
|
cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) {
|
|
|
|
|
debug("connect_next: host %.100s ([%.100s]:%s): "
|
|
|
|
|
"%.100s", cctx->host, ntop, strport,
|
2000-01-14 05:45:46 +01:00
|
|
|
strerror(errno));
|
2008-05-19 07:37:09 +02:00
|
|
|
saved_errno = errno;
|
2000-01-14 05:45:46 +01:00
|
|
|
close(sock);
|
2008-05-19 07:37:09 +02:00
|
|
|
errno = saved_errno;
|
2001-02-05 13:42:17 +01:00
|
|
|
continue; /* fail -- try next */
|
2000-01-14 05:45:46 +01:00
|
|
|
}
|
2014-07-18 06:11:24 +02:00
|
|
|
if (cctx->ai->ai_family != AF_UNIX)
|
|
|
|
|
set_nodelay(sock);
|
2008-05-19 07:37:09 +02:00
|
|
|
debug("connect_next: host %.100s ([%.100s]:%s) "
|
|
|
|
|
"in progress, fd=%d", cctx->host, ntop, strport, sock);
|
|
|
|
|
cctx->ai = cctx->ai->ai_next;
|
|
|
|
|
return sock;
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
channel_connect_ctx_free(struct channel_connect *cctx)
|
|
|
|
|
{
|
2013-06-01 23:31:17 +02:00
|
|
|
free(cctx->host);
|
2014-07-18 06:11:24 +02:00
|
|
|
if (cctx->aitop) {
|
|
|
|
|
if (cctx->aitop->ai_family == AF_UNIX)
|
|
|
|
|
free(cctx->aitop);
|
|
|
|
|
else
|
|
|
|
|
freeaddrinfo(cctx->aitop);
|
|
|
|
|
}
|
2014-02-04 01:18:20 +01:00
|
|
|
memset(cctx, 0, sizeof(*cctx));
|
2008-05-19 07:37:09 +02:00
|
|
|
}
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
/* Return CONNECTING channel to remote host:port or local socket path */
|
2008-05-19 07:37:09 +02:00
|
|
|
static Channel *
|
2014-07-18 06:11:24 +02:00
|
|
|
connect_to(const char *name, int port, char *ctype, char *rname)
|
2008-05-19 07:37:09 +02:00
|
|
|
{
|
|
|
|
|
struct addrinfo hints;
|
|
|
|
|
int gaierr;
|
|
|
|
|
int sock = -1;
|
|
|
|
|
char strport[NI_MAXSERV];
|
|
|
|
|
struct channel_connect cctx;
|
|
|
|
|
Channel *c;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2008-07-12 09:12:29 +02:00
|
|
|
memset(&cctx, 0, sizeof(cctx));
|
2014-07-18 06:11:24 +02:00
|
|
|
|
|
|
|
|
if (port == PORT_STREAMLOCAL) {
|
|
|
|
|
struct sockaddr_un *sunaddr;
|
|
|
|
|
struct addrinfo *ai;
|
|
|
|
|
|
|
|
|
|
if (strlen(name) > sizeof(sunaddr->sun_path)) {
|
|
|
|
|
error("%.100s: %.100s", name, strerror(ENAMETOOLONG));
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Fake up a struct addrinfo for AF_UNIX connections.
|
|
|
|
|
* channel_connect_ctx_free() must check ai_family
|
|
|
|
|
* and use free() not freeaddirinfo() for AF_UNIX.
|
|
|
|
|
*/
|
|
|
|
|
ai = xmalloc(sizeof(*ai) + sizeof(*sunaddr));
|
|
|
|
|
memset(ai, 0, sizeof(*ai) + sizeof(*sunaddr));
|
|
|
|
|
ai->ai_addr = (struct sockaddr *)(ai + 1);
|
|
|
|
|
ai->ai_addrlen = sizeof(*sunaddr);
|
|
|
|
|
ai->ai_family = AF_UNIX;
|
|
|
|
|
ai->ai_socktype = SOCK_STREAM;
|
|
|
|
|
ai->ai_protocol = PF_UNSPEC;
|
|
|
|
|
sunaddr = (struct sockaddr_un *)ai->ai_addr;
|
|
|
|
|
sunaddr->sun_family = AF_UNIX;
|
|
|
|
|
strlcpy(sunaddr->sun_path, name, sizeof(sunaddr->sun_path));
|
|
|
|
|
cctx.aitop = ai;
|
|
|
|
|
} else {
|
|
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
|
|
|
hints.ai_family = IPv4or6;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
snprintf(strport, sizeof strport, "%d", port);
|
|
|
|
|
if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) {
|
|
|
|
|
error("connect_to %.100s: unknown host (%s)", name,
|
|
|
|
|
ssh_gai_strerror(gaierr));
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2008-05-19 07:37:09 +02:00
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
cctx.host = xstrdup(name);
|
2008-05-19 07:37:09 +02:00
|
|
|
cctx.port = port;
|
|
|
|
|
cctx.ai = cctx.aitop;
|
|
|
|
|
|
|
|
|
|
if ((sock = connect_next(&cctx)) == -1) {
|
|
|
|
|
error("connect to %.100s port %d failed: %s",
|
2014-07-18 06:11:24 +02:00
|
|
|
name, port, strerror(errno));
|
2008-05-19 07:37:09 +02:00
|
|
|
channel_connect_ctx_free(&cctx);
|
|
|
|
|
return NULL;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
2008-05-19 07:37:09 +02:00
|
|
|
c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1,
|
|
|
|
|
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1);
|
|
|
|
|
c->connect_ctx = cctx;
|
|
|
|
|
return c;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2001-03-17 01:47:54 +01:00
|
|
|
|
2016-09-30 11:19:13 +02:00
|
|
|
/*
|
|
|
|
|
* returns either the newly connected channel or the downstream channel
|
|
|
|
|
* that needs to deal with this connection.
|
|
|
|
|
*/
|
2008-05-19 07:37:09 +02:00
|
|
|
Channel *
|
2014-07-02 07:29:40 +02:00
|
|
|
channel_connect_by_listen_address(const char *listen_host,
|
|
|
|
|
u_short listen_port, char *ctype, char *rname)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
|
int i;
|
2001-03-17 01:47:54 +01:00
|
|
|
|
2008-05-19 07:37:09 +02:00
|
|
|
for (i = 0; i < num_permitted_opens; i++) {
|
2014-07-18 06:11:24 +02:00
|
|
|
if (open_listen_match_tcpip(&permitted_opens[i], listen_host,
|
2014-07-02 07:29:40 +02:00
|
|
|
listen_port, 1)) {
|
2016-09-30 11:19:13 +02:00
|
|
|
if (permitted_opens[i].downstream)
|
|
|
|
|
return permitted_opens[i].downstream;
|
2001-03-17 01:47:54 +01:00
|
|
|
return connect_to(
|
2000-11-13 12:57:25 +01:00
|
|
|
permitted_opens[i].host_to_connect,
|
2008-05-19 07:37:09 +02:00
|
|
|
permitted_opens[i].port_to_connect, ctype, rname);
|
|
|
|
|
}
|
|
|
|
|
}
|
2000-12-02 20:03:54 +01:00
|
|
|
error("WARNING: Server requests forwarding for unknown listen_port %d",
|
|
|
|
|
listen_port);
|
2008-05-19 07:37:09 +02:00
|
|
|
return NULL;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
2000-01-14 05:45:46 +01:00
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
Channel *
|
|
|
|
|
channel_connect_by_listen_path(const char *path, char *ctype, char *rname)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < num_permitted_opens; i++) {
|
|
|
|
|
if (open_listen_match_streamlocal(&permitted_opens[i], path)) {
|
|
|
|
|
return connect_to(
|
|
|
|
|
permitted_opens[i].host_to_connect,
|
|
|
|
|
permitted_opens[i].port_to_connect, ctype, rname);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
error("WARNING: Server requests forwarding for unknown path %.100s",
|
|
|
|
|
path);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-17 01:47:54 +01:00
|
|
|
/* Check if connecting to that port is permitted and connect. */
|
2008-05-19 07:37:09 +02:00
|
|
|
Channel *
|
2014-07-18 06:11:24 +02:00
|
|
|
channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname)
|
2001-03-17 01:47:54 +01:00
|
|
|
{
|
2006-07-24 06:04:00 +02:00
|
|
|
int i, permit, permit_adm = 1;
|
2001-03-17 01:47:54 +01:00
|
|
|
|
|
|
|
|
permit = all_opens_permitted;
|
|
|
|
|
if (!permit) {
|
|
|
|
|
for (i = 0; i < num_permitted_opens; i++)
|
2014-07-02 07:29:40 +02:00
|
|
|
if (open_match(&permitted_opens[i], host, port)) {
|
2001-03-17 01:47:54 +01:00
|
|
|
permit = 1;
|
2014-07-02 07:29:40 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2006-07-24 06:04:00 +02:00
|
|
|
}
|
2001-03-17 01:47:54 +01:00
|
|
|
|
2006-07-24 06:04:00 +02:00
|
|
|
if (num_adm_permitted_opens > 0) {
|
|
|
|
|
permit_adm = 0;
|
|
|
|
|
for (i = 0; i < num_adm_permitted_opens; i++)
|
2014-07-02 07:29:40 +02:00
|
|
|
if (open_match(&permitted_adm_opens[i], host, port)) {
|
2006-07-24 06:04:00 +02:00
|
|
|
permit_adm = 1;
|
2014-07-02 07:29:40 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2001-03-17 01:47:54 +01:00
|
|
|
}
|
2006-07-24 06:04:00 +02:00
|
|
|
|
|
|
|
|
if (!permit || !permit_adm) {
|
2003-04-09 12:59:48 +02:00
|
|
|
logit("Received request to connect to host %.100s port %d, "
|
2001-03-17 01:47:54 +01:00
|
|
|
"but the request was denied.", host, port);
|
2008-05-19 07:37:09 +02:00
|
|
|
return NULL;
|
2001-03-17 01:47:54 +01:00
|
|
|
}
|
2008-05-19 07:37:09 +02:00
|
|
|
return connect_to(host, port, ctype, rname);
|
2001-03-17 01:47:54 +01:00
|
|
|
}
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
/* Check if connecting to that path is permitted and connect. */
|
|
|
|
|
Channel *
|
|
|
|
|
channel_connect_to_path(const char *path, char *ctype, char *rname)
|
|
|
|
|
{
|
|
|
|
|
int i, permit, permit_adm = 1;
|
|
|
|
|
|
|
|
|
|
permit = all_opens_permitted;
|
|
|
|
|
if (!permit) {
|
|
|
|
|
for (i = 0; i < num_permitted_opens; i++)
|
|
|
|
|
if (open_match(&permitted_opens[i], path, PORT_STREAMLOCAL)) {
|
|
|
|
|
permit = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (num_adm_permitted_opens > 0) {
|
|
|
|
|
permit_adm = 0;
|
|
|
|
|
for (i = 0; i < num_adm_permitted_opens; i++)
|
|
|
|
|
if (open_match(&permitted_adm_opens[i], path, PORT_STREAMLOCAL)) {
|
|
|
|
|
permit_adm = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!permit || !permit_adm) {
|
|
|
|
|
logit("Received request to connect to path %.100s, "
|
|
|
|
|
"but the request was denied.", path);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
return connect_to(path, PORT_STREAMLOCAL, ctype, rname);
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-15 02:34:08 +02:00
|
|
|
void
|
|
|
|
|
channel_send_window_changes(void)
|
|
|
|
|
{
|
2004-08-13 13:18:00 +02:00
|
|
|
u_int i;
|
2004-06-15 02:34:08 +02:00
|
|
|
struct winsize ws;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < channels_alloc; i++) {
|
2005-03-14 13:08:12 +01:00
|
|
|
if (channels[i] == NULL || !channels[i]->client_tty ||
|
2004-06-15 02:34:08 +02:00
|
|
|
channels[i]->type != SSH_CHANNEL_OPEN)
|
|
|
|
|
continue;
|
|
|
|
|
if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
|
|
|
|
|
continue;
|
|
|
|
|
channel_request_start(i, "window-change", 0);
|
2006-03-26 05:04:36 +02:00
|
|
|
packet_put_int((u_int)ws.ws_col);
|
|
|
|
|
packet_put_int((u_int)ws.ws_row);
|
|
|
|
|
packet_put_int((u_int)ws.ws_xpixel);
|
|
|
|
|
packet_put_int((u_int)ws.ws_ypixel);
|
2004-06-15 02:34:08 +02:00
|
|
|
packet_send();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
/* -- X11 forwarding */
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Creates an internet domain socket for listening for X11 connections.
|
2002-06-23 23:48:28 +02:00
|
|
|
* Returns 0 and a suitable display number for the DISPLAY variable
|
|
|
|
|
* stored in display_numberp , or -1 if an error occurs.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2001-12-19 18:58:01 +01:00
|
|
|
int
|
2002-02-05 02:11:34 +01:00
|
|
|
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
2005-07-17 09:19:24 +02:00
|
|
|
int single_connection, u_int *display_numberp, int **chanids)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2001-12-21 04:58:35 +01:00
|
|
|
Channel *nc = NULL;
|
1999-12-06 01:47:28 +01:00
|
|
|
int display_number, sock;
|
|
|
|
|
u_short port;
|
2000-01-14 05:45:46 +01:00
|
|
|
struct addrinfo hints, *ai, *aitop;
|
|
|
|
|
char strport[NI_MAXSERV];
|
|
|
|
|
int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2005-10-03 10:03:05 +02:00
|
|
|
if (chanids == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
1999-12-14 00:47:15 +01:00
|
|
|
for (display_number = x11_display_offset;
|
2001-12-21 04:45:46 +01:00
|
|
|
display_number < MAX_DISPLAYS;
|
|
|
|
|
display_number++) {
|
1999-11-24 14:26:21 +01:00
|
|
|
port = 6000 + display_number;
|
2000-01-14 05:45:46 +01:00
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
|
|
|
hints.ai_family = IPv4or6;
|
2002-02-05 02:11:34 +01:00
|
|
|
hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
|
2000-01-14 05:45:46 +01:00
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
snprintf(strport, sizeof strport, "%d", port);
|
|
|
|
|
if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
|
2007-12-28 16:43:51 +01:00
|
|
|
error("getaddrinfo: %.100s", ssh_gai_strerror(gaierr));
|
2001-12-19 18:58:01 +01:00
|
|
|
return -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2000-01-14 05:45:46 +01:00
|
|
|
for (ai = aitop; ai; ai = ai->ai_next) {
|
|
|
|
|
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
|
|
|
|
|
continue;
|
2010-01-10 00:31:12 +01:00
|
|
|
sock = socket(ai->ai_family, ai->ai_socktype,
|
|
|
|
|
ai->ai_protocol);
|
2000-01-14 05:45:46 +01:00
|
|
|
if (sock < 0) {
|
2010-03-26 01:09:44 +01:00
|
|
|
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
|
|
|
|
|
#ifdef EPFNOSUPPORT
|
|
|
|
|
&& (errno != EPFNOSUPPORT)
|
|
|
|
|
#endif
|
|
|
|
|
) {
|
2000-01-17 03:22:55 +01:00
|
|
|
error("socket: %.100s", strerror(errno));
|
2004-06-15 02:27:15 +02:00
|
|
|
freeaddrinfo(aitop);
|
2001-12-19 18:58:01 +01:00
|
|
|
return -1;
|
2000-01-17 03:22:55 +01:00
|
|
|
} else {
|
2000-09-29 03:12:36 +02:00
|
|
|
debug("x11_create_display_inet: Socket family %d not supported",
|
|
|
|
|
ai->ai_family);
|
2000-01-17 03:22:55 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
2000-01-14 05:45:46 +01:00
|
|
|
}
|
2009-11-18 07:48:30 +01:00
|
|
|
if (ai->ai_family == AF_INET6)
|
|
|
|
|
sock_set_v6only(sock);
|
2008-06-11 22:05:12 +02:00
|
|
|
if (x11_use_localhost)
|
|
|
|
|
channel_set_reuseaddr(sock);
|
2000-01-14 05:45:46 +01:00
|
|
|
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("bind port %d: %.100s", port, strerror(errno));
|
2000-01-14 05:45:46 +01:00
|
|
|
close(sock);
|
2000-03-03 12:35:33 +01:00
|
|
|
|
2000-01-14 05:45:46 +01:00
|
|
|
for (n = 0; n < num_socks; n++) {
|
|
|
|
|
close(socks[n]);
|
|
|
|
|
}
|
|
|
|
|
num_socks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
socks[num_socks++] = sock;
|
|
|
|
|
if (num_socks == NUM_SOCKS)
|
|
|
|
|
break;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
2001-01-25 01:41:12 +01:00
|
|
|
freeaddrinfo(aitop);
|
2000-01-14 05:45:46 +01:00
|
|
|
if (num_socks > 0)
|
|
|
|
|
break;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
|
if (display_number >= MAX_DISPLAYS) {
|
|
|
|
|
error("Failed to allocate internet-domain X11 display socket.");
|
2001-12-19 18:58:01 +01:00
|
|
|
return -1;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
/* Start listening for connections on the socket. */
|
2000-01-14 05:45:46 +01:00
|
|
|
for (n = 0; n < num_socks; n++) {
|
|
|
|
|
sock = socks[n];
|
2003-12-09 09:15:11 +01:00
|
|
|
if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
|
2000-01-14 05:45:46 +01:00
|
|
|
error("listen: %.100s", strerror(errno));
|
|
|
|
|
close(sock);
|
2001-12-19 18:58:01 +01:00
|
|
|
return -1;
|
1999-12-21 01:18:08 +01:00
|
|
|
}
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-01-14 05:45:46 +01:00
|
|
|
/* Allocate a channel for each socket. */
|
2006-03-26 05:19:21 +02:00
|
|
|
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
|
2000-01-14 05:45:46 +01:00
|
|
|
for (n = 0; n < num_socks; n++) {
|
|
|
|
|
sock = socks[n];
|
2001-12-21 04:58:35 +01:00
|
|
|
nc = channel_new("x11 listener",
|
2000-04-30 02:00:53 +02:00
|
|
|
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
|
|
|
|
|
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
|
2003-05-14 05:45:42 +02:00
|
|
|
0, "X11 inet listener", 1);
|
2002-02-08 12:07:16 +01:00
|
|
|
nc->single_connection = single_connection;
|
2005-10-03 10:03:05 +02:00
|
|
|
(*chanids)[n] = nc->self;
|
2000-01-14 05:45:46 +01:00
|
|
|
}
|
2005-10-03 10:03:05 +02:00
|
|
|
(*chanids)[n] = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-12-19 18:58:01 +01:00
|
|
|
/* Return the display number for the DISPLAY environment variable. */
|
2002-06-23 23:48:28 +02:00
|
|
|
*display_numberp = display_number;
|
|
|
|
|
return (0);
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2009-01-21 06:46:26 +01:00
|
|
|
connect_local_xsocket_path(const char *pathname)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
int sock;
|
|
|
|
|
struct sockaddr_un addr;
|
|
|
|
|
|
2001-12-21 02:39:51 +01:00
|
|
|
sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
|
|
|
if (sock < 0)
|
|
|
|
|
error("socket: %.100s", strerror(errno));
|
|
|
|
|
memset(&addr, 0, sizeof(addr));
|
|
|
|
|
addr.sun_family = AF_UNIX;
|
2009-01-21 06:46:26 +01:00
|
|
|
strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
|
2006-03-26 05:07:26 +02:00
|
|
|
if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
|
2001-12-21 02:39:51 +01:00
|
|
|
return sock;
|
|
|
|
|
close(sock);
|
1999-11-24 14:26:21 +01:00
|
|
|
error("connect %.100s: %.100s", addr.sun_path, strerror(errno));
|
|
|
|
|
return -1;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2009-01-21 06:46:26 +01:00
|
|
|
static int
|
|
|
|
|
connect_local_xsocket(u_int dnr)
|
|
|
|
|
{
|
|
|
|
|
char buf[1024];
|
|
|
|
|
snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr);
|
|
|
|
|
return connect_local_xsocket_path(buf);
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-30 02:00:53 +02:00
|
|
|
int
|
|
|
|
|
x11_connect_display(void)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2006-03-31 14:11:07 +02:00
|
|
|
u_int display_number;
|
1999-11-24 14:26:21 +01:00
|
|
|
const char *display;
|
2000-04-30 02:00:53 +02:00
|
|
|
char buf[1024], *cp;
|
2000-01-14 05:45:46 +01:00
|
|
|
struct addrinfo hints, *ai, *aitop;
|
|
|
|
|
char strport[NI_MAXSERV];
|
2006-03-31 14:11:07 +02:00
|
|
|
int gaierr, sock = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* Try to open a socket for the local X server. */
|
|
|
|
|
display = getenv("DISPLAY");
|
|
|
|
|
if (!display) {
|
|
|
|
|
error("DISPLAY not set.");
|
2000-04-30 02:00:53 +02:00
|
|
|
return -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Now we decode the value of the DISPLAY variable and make a
|
|
|
|
|
* connection to the real X server.
|
|
|
|
|
*/
|
|
|
|
|
|
2009-01-21 06:46:26 +01:00
|
|
|
/* Check if the display is from launchd. */
|
|
|
|
|
#ifdef __APPLE__
|
|
|
|
|
if (strncmp(display, "/tmp/launch", 11) == 0) {
|
|
|
|
|
sock = connect_local_xsocket_path(display);
|
|
|
|
|
if (sock < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
/* OK, we now have a connection to the display. */
|
|
|
|
|
return sock;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Check if it is a unix domain socket. Unix domain displays are in
|
|
|
|
|
* one of the following formats: unix:d[.s], :d[.s], ::d[.s]
|
|
|
|
|
*/
|
1999-11-24 14:26:21 +01:00
|
|
|
if (strncmp(display, "unix:", 5) == 0 ||
|
|
|
|
|
display[0] == ':') {
|
|
|
|
|
/* Connect to the unix domain socket. */
|
2006-03-31 14:11:07 +02:00
|
|
|
if (sscanf(strrchr(display, ':') + 1, "%u", &display_number) != 1) {
|
1999-11-24 14:26:21 +01:00
|
|
|
error("Could not parse display number from DISPLAY: %.100s",
|
2001-12-21 04:45:46 +01:00
|
|
|
display);
|
2000-04-30 02:00:53 +02:00
|
|
|
return -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
|
/* Create a socket. */
|
|
|
|
|
sock = connect_local_xsocket(display_number);
|
|
|
|
|
if (sock < 0)
|
2000-04-30 02:00:53 +02:00
|
|
|
return -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* OK, we now have a connection to the display. */
|
2000-04-30 02:00:53 +02:00
|
|
|
return sock;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Connect to an inet socket. The DISPLAY value is supposedly
|
|
|
|
|
* hostname:d[.s], where hostname may also be numeric IP address.
|
|
|
|
|
*/
|
2001-12-07 18:26:48 +01:00
|
|
|
strlcpy(buf, display, sizeof(buf));
|
1999-11-24 14:26:21 +01:00
|
|
|
cp = strchr(buf, ':');
|
|
|
|
|
if (!cp) {
|
|
|
|
|
error("Could not find ':' in DISPLAY: %.100s", display);
|
2000-04-30 02:00:53 +02:00
|
|
|
return -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
|
*cp = 0;
|
1999-11-25 01:54:57 +01:00
|
|
|
/* buf now contains the host name. But first we parse the display number. */
|
2006-03-31 14:11:07 +02:00
|
|
|
if (sscanf(cp + 1, "%u", &display_number) != 1) {
|
1999-11-24 14:26:21 +01:00
|
|
|
error("Could not parse display number from DISPLAY: %.100s",
|
2001-12-21 04:45:46 +01:00
|
|
|
display);
|
2000-04-30 02:00:53 +02:00
|
|
|
return -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
|
|
2000-01-14 05:45:46 +01:00
|
|
|
/* Look up the host address */
|
|
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
|
|
|
hints.ai_family = IPv4or6;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
2006-03-31 14:11:07 +02:00
|
|
|
snprintf(strport, sizeof strport, "%u", 6000 + display_number);
|
2000-01-14 05:45:46 +01:00
|
|
|
if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
|
2007-12-28 16:43:51 +01:00
|
|
|
error("%.100s: unknown host. (%s)", buf,
|
|
|
|
|
ssh_gai_strerror(gaierr));
|
2000-04-30 02:00:53 +02:00
|
|
|
return -1;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
2000-01-14 05:45:46 +01:00
|
|
|
for (ai = aitop; ai; ai = ai->ai_next) {
|
|
|
|
|
/* Create a socket. */
|
2010-01-10 00:31:12 +01:00
|
|
|
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
2000-01-14 05:45:46 +01:00
|
|
|
if (sock < 0) {
|
2003-09-02 14:52:31 +02:00
|
|
|
debug2("socket: %.100s", strerror(errno));
|
2000-04-01 03:09:21 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* Connect it to the display. */
|
|
|
|
|
if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
|
2006-03-31 14:11:07 +02:00
|
|
|
debug2("connect %.100s port %u: %.100s", buf,
|
2000-04-01 03:09:21 +02:00
|
|
|
6000 + display_number, strerror(errno));
|
|
|
|
|
close(sock);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* Success */
|
|
|
|
|
break;
|
2000-01-14 05:45:46 +01:00
|
|
|
}
|
|
|
|
|
freeaddrinfo(aitop);
|
|
|
|
|
if (!ai) {
|
2006-03-31 14:11:07 +02:00
|
|
|
error("connect %.100s port %u: %.100s", buf, 6000 + display_number,
|
2000-01-14 05:45:46 +01:00
|
|
|
strerror(errno));
|
2000-04-30 02:00:53 +02:00
|
|
|
return -1;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
2002-02-05 01:52:13 +01:00
|
|
|
set_nodelay(sock);
|
2000-04-30 02:00:53 +02:00
|
|
|
return sock;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-04-30 02:00:53 +02:00
|
|
|
/*
|
|
|
|
|
* This is called when SSH_SMSG_X11_OPEN is received. The packet contains
|
|
|
|
|
* the remote channel number. We should do whatever we want, and respond
|
|
|
|
|
* with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.
|
|
|
|
|
*/
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
x11_input_open(int type, u_int32_t seq, void *ctxt)
|
2000-04-30 02:00:53 +02:00
|
|
|
{
|
2001-05-05 06:09:47 +02:00
|
|
|
Channel *c = NULL;
|
|
|
|
|
int remote_id, sock = 0;
|
2000-04-30 02:00:53 +02:00
|
|
|
char *remote_host;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-05-05 06:09:47 +02:00
|
|
|
debug("Received X11 open request.");
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2001-05-05 06:09:47 +02:00
|
|
|
remote_id = packet_get_int();
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
if (packet_get_protocol_flags() & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) {
|
2001-05-05 06:09:47 +02:00
|
|
|
remote_host = packet_get_string(NULL);
|
2000-04-30 02:00:53 +02:00
|
|
|
} else {
|
|
|
|
|
remote_host = xstrdup("unknown (remote did not supply name)");
|
|
|
|
|
}
|
2002-01-22 13:11:40 +01:00
|
|
|
packet_check_eom();
|
2000-04-30 02:00:53 +02:00
|
|
|
|
|
|
|
|
/* Obtain a connection to the real X display. */
|
|
|
|
|
sock = x11_connect_display();
|
2001-05-05 06:09:47 +02:00
|
|
|
if (sock != -1) {
|
|
|
|
|
/* Allocate a channel for this connection. */
|
|
|
|
|
c = channel_new("connected x11 socket",
|
|
|
|
|
SSH_CHANNEL_X11_OPEN, sock, sock, -1, 0, 0, 0,
|
|
|
|
|
remote_host, 1);
|
2002-02-08 12:07:16 +01:00
|
|
|
c->remote_id = remote_id;
|
|
|
|
|
c->force_drain = 1;
|
2001-05-05 06:09:47 +02:00
|
|
|
}
|
2013-06-01 23:31:17 +02:00
|
|
|
free(remote_host);
|
2001-05-05 06:09:47 +02:00
|
|
|
if (c == NULL) {
|
2000-04-30 02:00:53 +02:00
|
|
|
/* Send refusal to the remote host. */
|
|
|
|
|
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
|
2001-05-05 06:09:47 +02:00
|
|
|
packet_put_int(remote_id);
|
2000-04-30 02:00:53 +02:00
|
|
|
} else {
|
|
|
|
|
/* Send a confirmation to the remote host. */
|
|
|
|
|
packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
|
2001-05-05 06:09:47 +02:00
|
|
|
packet_put_int(remote_id);
|
|
|
|
|
packet_put_int(c->self);
|
2000-04-30 02:00:53 +02:00
|
|
|
}
|
2001-05-05 06:09:47 +02:00
|
|
|
packet_send();
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2000-10-28 05:19:58 +02:00
|
|
|
/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
|
2006-07-24 06:08:32 +02:00
|
|
|
/* ARGSUSED */
|
2015-01-19 21:07:45 +01:00
|
|
|
int
|
2002-01-22 13:17:30 +01:00
|
|
|
deny_input_open(int type, u_int32_t seq, void *ctxt)
|
2000-10-28 05:19:58 +02:00
|
|
|
{
|
|
|
|
|
int rchan = packet_get_int();
|
2002-07-08 00:11:51 +02:00
|
|
|
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (type) {
|
2000-10-28 05:19:58 +02:00
|
|
|
case SSH_SMSG_AGENT_OPEN:
|
|
|
|
|
error("Warning: ssh server tried agent forwarding.");
|
|
|
|
|
break;
|
|
|
|
|
case SSH_SMSG_X11_OPEN:
|
|
|
|
|
error("Warning: ssh server tried X11 forwarding.");
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2002-01-22 13:17:30 +01:00
|
|
|
error("deny_input_open: type %d", type);
|
2000-10-28 05:19:58 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2005-12-31 06:19:53 +01:00
|
|
|
error("Warning: this is probably a break-in attempt by a malicious server.");
|
2000-10-28 05:19:58 +02:00
|
|
|
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
|
|
|
|
|
packet_put_int(rchan);
|
|
|
|
|
packet_send();
|
2015-01-19 21:07:45 +01:00
|
|
|
return 0;
|
2000-10-28 05:19:58 +02:00
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Requests forwarding of X11 connections, generates fake authentication
|
|
|
|
|
* data, and enables authentication spoofing.
|
2001-06-09 02:41:05 +02:00
|
|
|
* This should be called in the client only.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2005-06-17 04:54:33 +02:00
|
|
|
x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
|
2011-06-23 00:31:57 +02:00
|
|
|
const char *proto, const char *data, int want_reply)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-12-22 02:43:59 +01:00
|
|
|
u_int data_len = (u_int) strlen(data) / 2;
|
2005-07-06 01:44:19 +02:00
|
|
|
u_int i, value;
|
1999-11-24 14:26:21 +01:00
|
|
|
char *new_data;
|
|
|
|
|
int screen_number;
|
|
|
|
|
const char *cp;
|
|
|
|
|
|
2005-07-06 01:45:26 +02:00
|
|
|
if (x11_saved_display == NULL)
|
|
|
|
|
x11_saved_display = xstrdup(disp);
|
|
|
|
|
else if (strcmp(disp, x11_saved_display) != 0) {
|
2005-07-06 01:44:19 +02:00
|
|
|
error("x11_request_forwarding_with_spoofing: different "
|
|
|
|
|
"$DISPLAY already forwarded");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2006-08-30 03:07:39 +02:00
|
|
|
cp = strchr(disp, ':');
|
1999-11-24 14:26:21 +01:00
|
|
|
if (cp)
|
|
|
|
|
cp = strchr(cp, '.');
|
|
|
|
|
if (cp)
|
2006-03-26 05:28:32 +02:00
|
|
|
screen_number = (u_int)strtonum(cp + 1, 0, 400, NULL);
|
1999-11-24 14:26:21 +01:00
|
|
|
else
|
|
|
|
|
screen_number = 0;
|
|
|
|
|
|
2005-07-06 01:44:19 +02:00
|
|
|
if (x11_saved_proto == NULL) {
|
|
|
|
|
/* Save protocol name. */
|
|
|
|
|
x11_saved_proto = xstrdup(proto);
|
2016-09-19 09:52:42 +02:00
|
|
|
|
|
|
|
|
/* Extract real authentication data. */
|
2005-07-06 01:44:19 +02:00
|
|
|
x11_saved_data = xmalloc(data_len);
|
|
|
|
|
for (i = 0; i < data_len; i++) {
|
|
|
|
|
if (sscanf(data + 2 * i, "%2x", &value) != 1)
|
|
|
|
|
fatal("x11_request_forwarding: bad "
|
|
|
|
|
"authentication data: %.100s", data);
|
|
|
|
|
x11_saved_data[i] = value;
|
|
|
|
|
}
|
|
|
|
|
x11_saved_data_len = data_len;
|
2016-09-19 09:52:42 +02:00
|
|
|
|
|
|
|
|
/* Generate fake data of the same length. */
|
|
|
|
|
x11_fake_data = xmalloc(data_len);
|
|
|
|
|
arc4random_buf(x11_fake_data, data_len);
|
2005-07-06 01:44:19 +02:00
|
|
|
x11_fake_data_len = data_len;
|
|
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* Convert the fake data into hex. */
|
2005-07-06 01:44:19 +02:00
|
|
|
new_data = tohex(x11_fake_data, data_len);
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
/* Send the request packet. */
|
2000-04-30 02:00:53 +02:00
|
|
|
if (compat20) {
|
2011-06-23 00:31:57 +02:00
|
|
|
channel_request_start(client_session_id, "x11-req", want_reply);
|
2000-04-30 02:00:53 +02:00
|
|
|
packet_put_char(0); /* XXX bool single connection */
|
|
|
|
|
} else {
|
|
|
|
|
packet_start(SSH_CMSG_X11_REQUEST_FORWARDING);
|
|
|
|
|
}
|
|
|
|
|
packet_put_cstring(proto);
|
|
|
|
|
packet_put_cstring(new_data);
|
1999-11-24 14:26:21 +01:00
|
|
|
packet_put_int(screen_number);
|
|
|
|
|
packet_send();
|
|
|
|
|
packet_write_wait();
|
2013-06-01 23:31:17 +02:00
|
|
|
free(new_data);
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-09 02:41:05 +02:00
|
|
|
|
|
|
|
|
/* -- agent forwarding */
|
|
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
/* Sends a message to the server to request authentication fd forwarding. */
|
|
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2001-12-06 18:55:26 +01:00
|
|
|
auth_request_forwarding(void)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
packet_start(SSH_CMSG_AGENT_REQUEST_FORWARDING);
|
|
|
|
|
packet_send();
|
|
|
|
|
packet_write_wait();
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
