version 1.57.2.2, 2000/09/01 18:23:18 |
version 1.57.2.3, 2000/11/08 21:30:32 |
|
|
/* |
/* |
* |
|
* channels.c |
|
* |
|
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* |
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* All rights reserved |
* All rights reserved |
* |
|
* Created: Fri Mar 24 16:35:24 1995 ylo |
|
* |
|
* This file contains functions for generic socket connection forwarding. |
* This file contains functions for generic socket connection forwarding. |
* There is also code for initiating connection forwarding for X11 connections, |
* There is also code for initiating connection forwarding for X11 connections, |
* arbitrary tcp/ip connections, and the authentication agent connection. |
* arbitrary tcp/ip connections, and the authentication agent connection. |
* |
* |
|
* As far as I am concerned, the code I have written for this software |
|
* can be used freely for any purpose. Any derived versions of this |
|
* software must be clearly marked as such, and if the derived work is |
|
* incompatible with the protocol description in the RFC file, it must be |
|
* called by a name other than "ssh" or "Secure Shell". |
|
* |
|
* |
* SSH2 support added by Markus Friedl. |
* SSH2 support added by Markus Friedl. |
|
* Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
|
* Copyright (c) 1999 Dug Song. All rights reserved. |
|
* Copyright (c) 1999 Theo de Raadt. All rights reserved. |
|
* |
|
* Redistribution and use in source and binary forms, with or without |
|
* modification, are permitted provided that the following conditions |
|
* are met: |
|
* 1. Redistributions of source code must retain the above copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in the |
|
* documentation and/or other materials provided with the distribution. |
|
* |
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
*/ |
*/ |
|
|
#include "includes.h" |
#include "includes.h" |
|
|
/* Max len of agent socket */ |
/* Max len of agent socket */ |
#define MAX_SOCKET_NAME 100 |
#define MAX_SOCKET_NAME 100 |
|
|
/* default window/packet sizes for tcp/x11-fwd-channel */ |
|
#define CHAN_TCP_WINDOW_DEFAULT (8*1024) |
|
#define CHAN_TCP_PACKET_DEFAULT (CHAN_TCP_WINDOW_DEFAULT/2) |
|
#define CHAN_X11_WINDOW_DEFAULT (4*1024) |
|
#define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2) |
|
|
|
/* |
/* |
* Pointer to an array containing all allocated channels. The array is |
* Pointer to an array containing all allocated channels. The array is |
* dynamically extended as needed. |
* dynamically extended as needed. |
|
|
*/ |
*/ |
|
|
void |
void |
channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) |
channel_register_fds(Channel *c, int rfd, int wfd, int efd, |
|
int extusage, int nonblock) |
{ |
{ |
/* Update the maximum file descriptor value. */ |
/* Update the maximum file descriptor value. */ |
if (rfd > channel_max_fd_value) |
if (rfd > channel_max_fd_value) |
|
|
c->sock = (rfd == wfd) ? rfd : -1; |
c->sock = (rfd == wfd) ? rfd : -1; |
c->efd = efd; |
c->efd = efd; |
c->extended_usage = extusage; |
c->extended_usage = extusage; |
if (rfd != -1) |
|
set_nonblock(rfd); |
/* enable nonblocking mode */ |
if (wfd != -1) |
if (nonblock) { |
set_nonblock(wfd); |
if (rfd != -1) |
if (efd != -1) |
set_nonblock(rfd); |
set_nonblock(efd); |
if (wfd != -1) |
|
set_nonblock(wfd); |
|
if (efd != -1) |
|
set_nonblock(efd); |
|
} |
} |
} |
|
|
/* |
/* |
|
|
|
|
int |
int |
channel_new(char *ctype, int type, int rfd, int wfd, int efd, |
channel_new(char *ctype, int type, int rfd, int wfd, int efd, |
int window, int maxpack, int extusage, char *remote_name) |
int window, int maxpack, int extusage, char *remote_name, int nonblock) |
{ |
{ |
int i, found; |
int i, found; |
Channel *c; |
Channel *c; |
|
|
/* There are no free slots. Take last+1 slot and expand the array. */ |
/* There are no free slots. Take last+1 slot and expand the array. */ |
found = channels_alloc; |
found = channels_alloc; |
channels_alloc += 10; |
channels_alloc += 10; |
debug("channel: expanding %d", channels_alloc); |
debug2("channel: expanding %d", channels_alloc); |
channels = xrealloc(channels, channels_alloc * sizeof(Channel)); |
channels = xrealloc(channels, channels_alloc * sizeof(Channel)); |
for (i = found; i < channels_alloc; i++) |
for (i = found; i < channels_alloc; i++) |
channels[i].type = SSH_CHANNEL_FREE; |
channels[i].type = SSH_CHANNEL_FREE; |
|
|
buffer_init(&c->output); |
buffer_init(&c->output); |
buffer_init(&c->extended); |
buffer_init(&c->extended); |
chan_init_iostates(c); |
chan_init_iostates(c); |
channel_register_fds(c, rfd, wfd, efd, extusage); |
channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); |
c->self = found; |
c->self = found; |
c->type = type; |
c->type = type; |
c->ctype = ctype; |
c->ctype = ctype; |
|
|
int |
int |
channel_allocate(int type, int sock, char *remote_name) |
channel_allocate(int type, int sock, char *remote_name) |
{ |
{ |
return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name); |
return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name, 1); |
} |
} |
|
|
|
|
|
|
newch = channel_new("x11", |
newch = channel_new("x11", |
SSH_CHANNEL_OPENING, newsock, newsock, -1, |
SSH_CHANNEL_OPENING, newsock, newsock, -1, |
c->local_window_max, c->local_maxpacket, |
c->local_window_max, c->local_maxpacket, |
0, xstrdup(buf)); |
0, xstrdup(buf), 1); |
if (compat20) { |
if (compat20) { |
packet_start(SSH2_MSG_CHANNEL_OPEN); |
packet_start(SSH2_MSG_CHANNEL_OPEN); |
packet_put_cstring("x11"); |
packet_put_cstring("x11"); |
|
|
newch = channel_new("direct-tcpip", |
newch = channel_new("direct-tcpip", |
SSH_CHANNEL_OPENING, newsock, newsock, -1, |
SSH_CHANNEL_OPENING, newsock, newsock, -1, |
c->local_window_max, c->local_maxpacket, |
c->local_window_max, c->local_maxpacket, |
0, xstrdup(buf)); |
0, xstrdup(buf), 1); |
if (compat20) { |
if (compat20) { |
packet_start(SSH2_MSG_CHANNEL_OPEN); |
packet_start(SSH2_MSG_CHANNEL_OPEN); |
packet_put_cstring("direct-tcpip"); |
packet_put_cstring("direct-tcpip"); |
|
|
buffer_len(&c->extended) > 0) { |
buffer_len(&c->extended) > 0) { |
len = write(c->efd, buffer_ptr(&c->extended), |
len = write(c->efd, buffer_ptr(&c->extended), |
buffer_len(&c->extended)); |
buffer_len(&c->extended)); |
debug("channel %d: written %d to efd %d", |
debug2("channel %d: written %d to efd %d", |
c->self, len, c->efd); |
c->self, len, c->efd); |
if (len > 0) { |
if (len > 0) { |
buffer_consume(&c->extended, len); |
buffer_consume(&c->extended, len); |
|
|
} else if (c->extended_usage == CHAN_EXTENDED_READ && |
} else if (c->extended_usage == CHAN_EXTENDED_READ && |
FD_ISSET(c->efd, readset)) { |
FD_ISSET(c->efd, readset)) { |
len = read(c->efd, buf, sizeof(buf)); |
len = read(c->efd, buf, sizeof(buf)); |
debug("channel %d: read %d from efd %d", |
debug2("channel %d: read %d from efd %d", |
c->self, len, c->efd); |
c->self, len, c->efd); |
if (len == 0) { |
if (len == 0) { |
debug("channel %d: closing efd %d", |
debug("channel %d: closing efd %d", |
|
|
packet_put_int(c->remote_id); |
packet_put_int(c->remote_id); |
packet_put_int(c->local_consumed); |
packet_put_int(c->local_consumed); |
packet_send(); |
packet_send(); |
debug("channel %d: window %d sent adjust %d", |
debug2("channel %d: window %d sent adjust %d", |
c->self, c->local_window, |
c->self, c->local_window, |
c->local_consumed); |
c->local_consumed); |
c->local_window += c->local_consumed; |
c->local_window += c->local_consumed; |
|
|
*/ |
*/ |
|
|
void |
void |
channel_input_data(int type, int plen) |
channel_input_data(int type, int plen, void *ctxt) |
{ |
{ |
int id; |
int id; |
char *data; |
char *data; |
|
|
xfree(data); |
xfree(data); |
} |
} |
void |
void |
channel_input_extended_data(int type, int plen) |
channel_input_extended_data(int type, int plen, void *ctxt) |
{ |
{ |
int id; |
int id; |
int tcode; |
int tcode; |
|
|
xfree(data); |
xfree(data); |
return; |
return; |
} |
} |
debug("channel %d: rcvd ext data %d", c->self, data_len); |
debug2("channel %d: rcvd ext data %d", c->self, data_len); |
c->local_window -= data_len; |
c->local_window -= data_len; |
buffer_append(&c->extended, data, data_len); |
buffer_append(&c->extended, data, data_len); |
xfree(data); |
xfree(data); |
|
|
} |
} |
|
|
void |
void |
channel_input_ieof(int type, int plen) |
channel_input_ieof(int type, int plen, void *ctxt) |
{ |
{ |
int id; |
int id; |
Channel *c; |
Channel *c; |
|
|
} |
} |
|
|
void |
void |
channel_input_close(int type, int plen) |
channel_input_close(int type, int plen, void *ctxt) |
{ |
{ |
int id; |
int id; |
Channel *c; |
Channel *c; |
|
|
|
|
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */ |
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */ |
void |
void |
channel_input_oclose(int type, int plen) |
channel_input_oclose(int type, int plen, void *ctxt) |
{ |
{ |
int id = packet_get_int(); |
int id = packet_get_int(); |
Channel *c = channel_lookup(id); |
Channel *c = channel_lookup(id); |
|
|
} |
} |
|
|
void |
void |
channel_input_close_confirmation(int type, int plen) |
channel_input_close_confirmation(int type, int plen, void *ctxt) |
{ |
{ |
int id = packet_get_int(); |
int id = packet_get_int(); |
Channel *c = channel_lookup(id); |
Channel *c = channel_lookup(id); |
|
|
} |
} |
|
|
void |
void |
channel_input_open_confirmation(int type, int plen) |
channel_input_open_confirmation(int type, int plen, void *ctxt) |
{ |
{ |
int id, remote_id; |
int id, remote_id; |
Channel *c; |
Channel *c; |
|
|
c->remote_maxpacket = packet_get_int(); |
c->remote_maxpacket = packet_get_int(); |
packet_done(); |
packet_done(); |
if (c->cb_fn != NULL && c->cb_event == type) { |
if (c->cb_fn != NULL && c->cb_event == type) { |
debug("callback start"); |
debug2("callback start"); |
c->cb_fn(c->self, c->cb_arg); |
c->cb_fn(c->self, c->cb_arg); |
debug("callback done"); |
debug2("callback done"); |
} |
} |
debug("channel %d: open confirm rwindow %d rmax %d", c->self, |
debug("channel %d: open confirm rwindow %d rmax %d", c->self, |
c->remote_window, c->remote_maxpacket); |
c->remote_window, c->remote_maxpacket); |
|
|
} |
} |
|
|
void |
void |
channel_input_open_failure(int type, int plen) |
channel_input_open_failure(int type, int plen, void *ctxt) |
{ |
{ |
int id; |
int id; |
Channel *c; |
Channel *c; |
|
|
} |
} |
|
|
void |
void |
channel_input_channel_request(int type, int plen) |
channel_input_channel_request(int type, int plen, void *ctxt) |
{ |
{ |
int id; |
int id; |
Channel *c; |
Channel *c; |
|
|
packet_disconnect("Received request for " |
packet_disconnect("Received request for " |
"non-open channel %d.", id); |
"non-open channel %d.", id); |
if (c->cb_fn != NULL && c->cb_event == type) { |
if (c->cb_fn != NULL && c->cb_event == type) { |
debug("callback start"); |
debug2("callback start"); |
c->cb_fn(c->self, c->cb_arg); |
c->cb_fn(c->self, c->cb_arg); |
debug("callback done"); |
debug2("callback done"); |
} else { |
} else { |
char *service = packet_get_string(NULL); |
char *service = packet_get_string(NULL); |
debug("channel: %d rcvd request for %s", c->self, service); |
debug("channel: %d rcvd request for %s", c->self, service); |
debug("cb_fn %p cb_event %d", c->cb_fn , c->cb_event); |
debug("cb_fn %p cb_event %d", c->cb_fn , c->cb_event); |
xfree(service); |
xfree(service); |
} |
} |
} |
} |
|
|
void |
void |
channel_input_window_adjust(int type, int plen) |
channel_input_window_adjust(int type, int plen, void *ctxt) |
{ |
{ |
Channel *c; |
Channel *c; |
int id, adjust; |
int id, adjust; |
|
|
} |
} |
adjust = packet_get_int(); |
adjust = packet_get_int(); |
packet_done(); |
packet_done(); |
debug("channel %d: rcvd adjust %d", id, adjust); |
debug2("channel %d: rcvd adjust %d", id, adjust); |
c->remote_window += adjust; |
c->remote_window += adjust; |
} |
} |
|
|
|
|
"port listener", SSH_CHANNEL_PORT_LISTENER, |
"port listener", SSH_CHANNEL_PORT_LISTENER, |
sock, sock, -1, |
sock, sock, -1, |
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, |
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, |
0, xstrdup("port listener")); |
0, xstrdup("port listener"), 1); |
strlcpy(channels[ch].path, host, sizeof(channels[ch].path)); |
strlcpy(channels[ch].path, host, sizeof(channels[ch].path)); |
channels[ch].host_port = host_port; |
channels[ch].host_port = host_port; |
channels[ch].listening_port = port; |
channels[ch].listening_port = port; |
|
|
*/ |
*/ |
|
|
void |
void |
channel_input_port_open(int type, int plen) |
channel_input_port_open(int type, int plen, void *ctxt) |
{ |
{ |
u_short host_port; |
u_short host_port; |
char *host, *originator_string; |
char *host, *originator_string; |
|
|
(void) channel_new("x11 listener", |
(void) channel_new("x11 listener", |
SSH_CHANNEL_X11_LISTENER, sock, sock, -1, |
SSH_CHANNEL_X11_LISTENER, sock, sock, -1, |
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, |
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, |
0, xstrdup("X11 inet listener")); |
0, xstrdup("X11 inet listener"), 1); |
} |
} |
|
|
/* Return a suitable value for the DISPLAY environment variable. */ |
/* Return a suitable value for the DISPLAY environment variable. */ |
|
|
*/ |
*/ |
|
|
void |
void |
x11_input_open(int type, int plen) |
x11_input_open(int type, int plen, void *ctxt) |
{ |
{ |
int remote_channel, sock = 0, newch; |
int remote_channel, sock = 0, newch; |
char *remote_host; |
char *remote_host; |
|
|
} |
} |
} |
} |
|
|
|
/* dummy protocol handler that denies SSH-1 requests (agent/x11) */ |
|
void |
|
deny_input_open(int type, int plen, void *ctxt) |
|
{ |
|
int rchan = packet_get_int(); |
|
switch(type){ |
|
case SSH_SMSG_AGENT_OPEN: |
|
error("Warning: ssh server tried agent forwarding."); |
|
break; |
|
case SSH_SMSG_X11_OPEN: |
|
error("Warning: ssh server tried X11 forwarding."); |
|
break; |
|
default: |
|
error("deny_input_open: type %d plen %d", type, plen); |
|
break; |
|
} |
|
error("Warning: this is probably a break in attempt by a malicious server."); |
|
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
|
packet_put_int(rchan); |
|
packet_send(); |
|
} |
|
|
/* |
/* |
* Requests forwarding of X11 connections, generates fake authentication |
* Requests forwarding of X11 connections, generates fake authentication |
* data, and enables authentication spoofing. |
* data, and enables authentication spoofing. |
|
|
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */ |
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */ |
|
|
void |
void |
auth_input_open_request(int type, int plen) |
auth_input_open_request(int type, int plen, void *ctxt) |
{ |
{ |
int remch, sock, newch; |
int remch, sock, newch; |
char *dummyname; |
char *dummyname; |
|
|
} |
} |
|
|
void |
void |
channel_set_fds(int id, int rfd, int wfd, int efd, int extusage) |
channel_set_fds(int id, int rfd, int wfd, int efd, |
|
int extusage, int nonblock) |
{ |
{ |
Channel *c = channel_lookup(id); |
Channel *c = channel_lookup(id); |
if (c == NULL || c->type != SSH_CHANNEL_LARVAL) |
if (c == NULL || c->type != SSH_CHANNEL_LARVAL) |
fatal("channel_activate for non-larval channel %d.", id); |
fatal("channel_activate for non-larval channel %d.", id); |
|
channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); |
channel_register_fds(c, rfd, wfd, efd, extusage); |
|
c->type = SSH_CHANNEL_OPEN; |
c->type = SSH_CHANNEL_OPEN; |
/* XXX window size? */ |
/* XXX window size? */ |
c->local_window = c->local_window_max = c->local_maxpacket/2; |
c->local_window = c->local_window_max = c->local_maxpacket * 2; |
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); |
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); |
packet_put_int(c->remote_id); |
packet_put_int(c->remote_id); |
packet_put_int(c->local_window); |
packet_put_int(c->local_window); |