Annotation of src/usr.bin/ssh/serverloop.c, Revision 1.162
1.162 ! djm 1: /* $OpenBSD: serverloop.c,v 1.161 2012/04/11 13:16:19 djm Exp $ */
1.1 deraadt 2: /*
1.11 deraadt 3: * Author: Tatu Ylonen <ylo@cs.hut.fi>
4: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: * All rights reserved
6: * Server main loop for handling the interactive session.
1.28 deraadt 7: *
8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
13: *
1.17 markus 14: * SSH2 support by Markus Friedl.
1.71 markus 15: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.28 deraadt 16: *
17: * Redistribution and use in source and binary forms, with or without
18: * modification, are permitted provided that the following conditions
19: * are met:
20: * 1. Redistributions of source code must retain the above copyright
21: * notice, this list of conditions and the following disclaimer.
22: * 2. Redistributions in binary form must reproduce the above copyright
23: * notice, this list of conditions and the following disclaimer in the
24: * documentation and/or other materials provided with the distribution.
25: *
26: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.17 markus 36: */
1.1 deraadt 37:
1.126 stevesk 38: #include <sys/types.h>
39: #include <sys/wait.h>
1.136 stevesk 40: #include <sys/socket.h>
1.142 stevesk 41: #include <sys/time.h>
1.143 stevesk 42: #include <sys/param.h>
1.149 djm 43: #include <sys/queue.h>
1.136 stevesk 44:
45: #include <netinet/in.h>
1.125 stevesk 46:
1.139 stevesk 47: #include <errno.h>
1.138 stevesk 48: #include <fcntl.h>
1.137 stevesk 49: #include <pwd.h>
1.127 stevesk 50: #include <signal.h>
1.141 stevesk 51: #include <string.h>
1.125 stevesk 52: #include <termios.h>
1.140 stevesk 53: #include <unistd.h>
1.144 deraadt 54: #include <stdarg.h>
1.33 djm 55:
1.1 deraadt 56: #include "xmalloc.h"
57: #include "packet.h"
58: #include "buffer.h"
1.42 markus 59: #include "log.h"
1.1 deraadt 60: #include "servconf.h"
1.104 stevesk 61: #include "canohost.h"
1.54 djm 62: #include "sshpty.h"
1.67 markus 63: #include "channels.h"
1.16 markus 64: #include "compat.h"
1.41 markus 65: #include "ssh1.h"
1.17 markus 66: #include "ssh2.h"
1.144 deraadt 67: #include "key.h"
68: #include "cipher.h"
69: #include "kex.h"
70: #include "hostfile.h"
1.40 markus 71: #include "auth.h"
1.17 markus 72: #include "session.h"
1.16 markus 73: #include "dispatch.h"
1.26 markus 74: #include "auth-options.h"
1.42 markus 75: #include "serverloop.h"
76: #include "misc.h"
1.159 andreas 77: #include "roaming.h"
1.1 deraadt 78:
1.32 markus 79: extern ServerOptions options;
80:
1.56 markus 81: /* XXX */
82: extern Kex *xxx_kex;
1.111 markus 83: extern Authctxt *the_authctxt;
1.121 djm 84: extern int use_privsep;
1.56 markus 85:
1.1 deraadt 86: static Buffer stdin_buffer; /* Buffer for stdin data. */
87: static Buffer stdout_buffer; /* Buffer for stdout data. */
88: static Buffer stderr_buffer; /* Buffer for stderr data. */
89: static int fdin; /* Descriptor for stdin (for writing) */
90: static int fdout; /* Descriptor for stdout (for reading);
91: May be same number as fdin. */
92: static int fderr; /* Descriptor for stderr. May be -1. */
93: static long stdin_bytes = 0; /* Number of bytes written to stdin. */
94: static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
95: static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
96: static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
97: static int stdin_eof = 0; /* EOF message received from client. */
98: static int fdout_eof = 0; /* EOF encountered reading from fdout. */
99: static int fderr_eof = 0; /* EOF encountered readung from fderr. */
1.50 markus 100: static int fdin_is_tty = 0; /* fdin points to a tty. */
1.1 deraadt 101: static int connection_in; /* Connection to client (input). */
102: static int connection_out; /* Connection to client (output). */
1.60 markus 103: static int connection_closed = 0; /* Connection to client closed. */
104: static u_int buffer_high; /* "Soft" max buffer size. */
1.152 djm 105: static int no_more_sessions = 0; /* Disallow further sessions. */
1.1 deraadt 106:
1.12 markus 107: /*
108: * This SIGCHLD kludge is used to detect when the child exits. The server
109: * will exit after that, as soon as forwarded connections have terminated.
110: */
1.70 itojun 111:
1.84 markus 112: static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */
1.1 deraadt 113:
1.121 djm 114: /* Cleanup on signals (!use_privsep case only) */
115: static volatile sig_atomic_t received_sigterm = 0;
116:
1.70 itojun 117: /* prototypes */
118: static void server_init_dispatch(void);
1.16 markus 119:
1.87 markus 120: /*
121: * we write to this pipe if a SIGCHLD is caught in order to avoid
122: * the race between select() and child_terminated
123: */
124: static int notify_pipe[2];
125: static void
126: notify_setup(void)
127: {
128: if (pipe(notify_pipe) < 0) {
129: error("pipe(notify_pipe) failed %s", strerror(errno));
1.160 djm 130: } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) ||
131: (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {
1.87 markus 132: error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
133: close(notify_pipe[0]);
134: close(notify_pipe[1]);
135: } else {
136: set_nonblock(notify_pipe[0]);
137: set_nonblock(notify_pipe[1]);
138: return;
139: }
140: notify_pipe[0] = -1; /* read end */
141: notify_pipe[1] = -1; /* write end */
142: }
143: static void
144: notify_parent(void)
145: {
146: if (notify_pipe[1] != -1)
147: write(notify_pipe[1], "", 1);
148: }
149: static void
150: notify_prepare(fd_set *readset)
151: {
152: if (notify_pipe[0] != -1)
153: FD_SET(notify_pipe[0], readset);
154: }
155: static void
156: notify_done(fd_set *readset)
157: {
158: char c;
159:
160: if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
161: while (read(notify_pipe[0], &c, 1) != -1)
162: debug2("notify_done: reading");
163: }
164:
1.131 deraadt 165: /*ARGSUSED*/
1.70 itojun 166: static void
1.10 markus 167: sigchld_handler(int sig)
1.1 deraadt 168: {
1.10 markus 169: int save_errno = errno;
1.68 markus 170: child_terminated = 1;
1.10 markus 171: signal(SIGCHLD, sigchld_handler);
1.87 markus 172: notify_parent();
1.10 markus 173: errno = save_errno;
1.1 deraadt 174: }
175:
1.131 deraadt 176: /*ARGSUSED*/
1.121 djm 177: static void
178: sigterm_handler(int sig)
179: {
180: received_sigterm = sig;
181: }
182:
1.11 deraadt 183: /*
184: * Make packets from buffered stderr data, and buffer it for sending
185: * to the client.
186: */
1.70 itojun 187: static void
1.46 itojun 188: make_packets_from_stderr_data(void)
1.1 deraadt 189: {
1.110 markus 190: u_int len;
1.1 deraadt 191:
1.10 markus 192: /* Send buffered stderr data to the client. */
193: while (buffer_len(&stderr_buffer) > 0 &&
1.14 deraadt 194: packet_not_very_much_data_to_write()) {
1.10 markus 195: len = buffer_len(&stderr_buffer);
196: if (packet_is_interactive()) {
197: if (len > 512)
198: len = 512;
199: } else {
200: /* Keep the packets at reasonable size. */
201: if (len > packet_get_maxsize())
202: len = packet_get_maxsize();
203: }
204: packet_start(SSH_SMSG_STDERR_DATA);
205: packet_put_string(buffer_ptr(&stderr_buffer), len);
206: packet_send();
207: buffer_consume(&stderr_buffer, len);
208: stderr_bytes += len;
209: }
1.1 deraadt 210: }
211:
1.11 deraadt 212: /*
213: * Make packets from buffered stdout data, and buffer it for sending to the
214: * client.
215: */
1.70 itojun 216: static void
1.46 itojun 217: make_packets_from_stdout_data(void)
1.1 deraadt 218: {
1.110 markus 219: u_int len;
1.1 deraadt 220:
1.10 markus 221: /* Send buffered stdout data to the client. */
222: while (buffer_len(&stdout_buffer) > 0 &&
1.14 deraadt 223: packet_not_very_much_data_to_write()) {
1.10 markus 224: len = buffer_len(&stdout_buffer);
225: if (packet_is_interactive()) {
226: if (len > 512)
227: len = 512;
228: } else {
229: /* Keep the packets at reasonable size. */
230: if (len > packet_get_maxsize())
1.45 stevesk 231: len = packet_get_maxsize();
1.10 markus 232: }
233: packet_start(SSH_SMSG_STDOUT_DATA);
234: packet_put_string(buffer_ptr(&stdout_buffer), len);
235: packet_send();
236: buffer_consume(&stdout_buffer, len);
237: stdout_bytes += len;
238: }
1.1 deraadt 239: }
240:
1.79 markus 241: static void
242: client_alive_check(void)
243: {
1.114 markus 244: int channel_id;
1.94 markus 245:
1.79 markus 246: /* timeout, check to see how many we have had */
1.158 andreas 247: if (packet_inc_alive_timeouts() > options.client_alive_count_max) {
1.145 markus 248: logit("Timeout, client not responding.");
249: cleanup_exit(255);
250: }
1.79 markus 251:
252: /*
1.114 markus 253: * send a bogus global/channel request with "wantreply",
1.79 markus 254: * we should get back a failure
255: */
1.114 markus 256: if ((channel_id = channel_find_open()) == -1) {
257: packet_start(SSH2_MSG_GLOBAL_REQUEST);
258: packet_put_cstring("keepalive@openssh.com");
259: packet_put_char(1); /* boolean: want reply */
260: } else {
261: channel_request_start(channel_id, "keepalive@openssh.com", 1);
262: }
1.79 markus 263: packet_send();
264: }
265:
1.11 deraadt 266: /*
267: * Sleep in select() until we can do something. This will initialize the
268: * select masks. Upon return, the masks will indicate which descriptors
269: * have data or can accept data. Optionally, a maximum time can be specified
270: * for the duration of the wait (0 = infinite).
271: */
1.70 itojun 272: static void
1.43 markus 273: wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
1.117 avsm 274: u_int *nallocp, u_int max_time_milliseconds)
1.1 deraadt 275: {
1.10 markus 276: struct timeval tv, *tvp;
277: int ret;
1.162 ! djm 278: time_t minwait_secs = 0;
1.61 beck 279: int client_alive_scheduled = 0;
280:
1.161 djm 281: /* Allocate and update select() masks for channel descriptors. */
282: channel_prepare_select(readsetp, writesetp, maxfdp, nallocp,
283: &minwait_secs, 0);
284:
285: if (minwait_secs != 0)
286: max_time_milliseconds = MIN(max_time_milliseconds,
287: (u_int)minwait_secs * 1000);
288:
1.61 beck 289: /*
1.86 deraadt 290: * if using client_alive, set the max timeout accordingly,
1.61 beck 291: * and indicate that this particular timeout was for client
292: * alive by setting the client_alive_scheduled flag.
293: *
294: * this could be randomized somewhat to make traffic
1.86 deraadt 295: * analysis more difficult, but we're not doing it yet.
1.61 beck 296: */
1.75 markus 297: if (compat20 &&
298: max_time_milliseconds == 0 && options.client_alive_interval) {
1.62 markus 299: client_alive_scheduled = 1;
1.61 beck 300: max_time_milliseconds = options.client_alive_interval * 1000;
1.75 markus 301: }
1.10 markus 302:
1.17 markus 303: if (compat20) {
1.78 markus 304: #if 0
1.22 markus 305: /* wrong: bad condition XXX */
1.17 markus 306: if (channel_not_very_much_buffered_data())
1.78 markus 307: #endif
308: FD_SET(connection_in, *readsetp);
1.17 markus 309: } else {
1.25 markus 310: /*
311: * Read packets from the client unless we have too much
312: * buffered stdin or channel data.
313: */
314: if (buffer_len(&stdin_buffer) < buffer_high &&
1.17 markus 315: channel_not_very_much_buffered_data())
1.43 markus 316: FD_SET(connection_in, *readsetp);
1.25 markus 317: /*
318: * If there is not too much data already buffered going to
319: * the client, try to get some more data from the program.
320: */
321: if (packet_not_very_much_data_to_write()) {
322: if (!fdout_eof)
1.43 markus 323: FD_SET(fdout, *readsetp);
1.25 markus 324: if (!fderr_eof)
1.43 markus 325: FD_SET(fderr, *readsetp);
1.25 markus 326: }
327: /*
328: * If we have buffered data, try to write some of that data
329: * to the program.
330: */
331: if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
1.43 markus 332: FD_SET(fdin, *writesetp);
1.17 markus 333: }
1.87 markus 334: notify_prepare(*readsetp);
1.10 markus 335:
1.12 markus 336: /*
337: * If we have buffered packet data going to the client, mark that
338: * descriptor.
339: */
1.10 markus 340: if (packet_have_data_to_write())
1.43 markus 341: FD_SET(connection_out, *writesetp);
1.10 markus 342:
1.12 markus 343: /*
344: * If child has terminated and there is enough buffer space to read
345: * from it, then read as much as is available and exit.
346: */
1.10 markus 347: if (child_terminated && packet_not_very_much_data_to_write())
1.61 beck 348: if (max_time_milliseconds == 0 || client_alive_scheduled)
1.10 markus 349: max_time_milliseconds = 100;
350:
351: if (max_time_milliseconds == 0)
352: tvp = NULL;
353: else {
354: tv.tv_sec = max_time_milliseconds / 1000;
355: tv.tv_usec = 1000 * (max_time_milliseconds % 1000);
356: tvp = &tv;
357: }
358:
359: /* Wait for something to happen, or the timeout to expire. */
1.43 markus 360: ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
1.10 markus 361:
1.61 beck 362: if (ret == -1) {
1.83 markus 363: memset(*readsetp, 0, *nallocp);
364: memset(*writesetp, 0, *nallocp);
1.10 markus 365: if (errno != EINTR)
366: error("select: %.100s", strerror(errno));
1.82 markus 367: } else if (ret == 0 && client_alive_scheduled)
1.79 markus 368: client_alive_check();
1.87 markus 369:
370: notify_done(*readsetp);
1.1 deraadt 371: }
372:
1.11 deraadt 373: /*
374: * Processes input from the client and the program. Input data is stored
375: * in buffers and processed later.
376: */
1.70 itojun 377: static void
1.135 deraadt 378: process_input(fd_set *readset)
1.1 deraadt 379: {
1.10 markus 380: int len;
381: char buf[16384];
1.1 deraadt 382:
1.10 markus 383: /* Read and buffer any input data from the client. */
384: if (FD_ISSET(connection_in, readset)) {
1.159 andreas 385: int cont = 0;
386: len = roaming_read(connection_in, buf, sizeof(buf), &cont);
1.10 markus 387: if (len == 0) {
1.159 andreas 388: if (cont)
389: return;
1.104 stevesk 390: verbose("Connection closed by %.100s",
391: get_remote_ipaddr());
1.60 markus 392: connection_closed = 1;
393: if (compat20)
394: return;
1.111 markus 395: cleanup_exit(255);
1.23 markus 396: } else if (len < 0) {
397: if (errno != EINTR && errno != EAGAIN) {
1.104 stevesk 398: verbose("Read error from remote host "
399: "%.100s: %.100s",
400: get_remote_ipaddr(), strerror(errno));
1.111 markus 401: cleanup_exit(255);
1.23 markus 402: }
403: } else {
404: /* Buffer any received data. */
405: packet_process_incoming(buf, len);
1.10 markus 406: }
407: }
1.17 markus 408: if (compat20)
409: return;
410:
1.10 markus 411: /* Read and buffer any available stdout data from the program. */
412: if (!fdout_eof && FD_ISSET(fdout, readset)) {
413: len = read(fdout, buf, sizeof(buf));
1.23 markus 414: if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
415: /* do nothing */
416: } else if (len <= 0) {
1.10 markus 417: fdout_eof = 1;
1.23 markus 418: } else {
1.10 markus 419: buffer_append(&stdout_buffer, buf, len);
420: fdout_bytes += len;
421: }
422: }
423: /* Read and buffer any available stderr data from the program. */
424: if (!fderr_eof && FD_ISSET(fderr, readset)) {
425: len = read(fderr, buf, sizeof(buf));
1.23 markus 426: if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
427: /* do nothing */
428: } else if (len <= 0) {
1.10 markus 429: fderr_eof = 1;
1.23 markus 430: } else {
1.10 markus 431: buffer_append(&stderr_buffer, buf, len);
1.23 markus 432: }
1.10 markus 433: }
1.1 deraadt 434: }
435:
1.11 deraadt 436: /*
437: * Sends data from internal buffers to client program stdin.
438: */
1.70 itojun 439: static void
1.135 deraadt 440: process_output(fd_set *writeset)
1.1 deraadt 441: {
1.47 dugsong 442: struct termios tio;
1.77 markus 443: u_char *data;
444: u_int dlen;
1.10 markus 445: int len;
1.1 deraadt 446:
1.10 markus 447: /* Write buffered data to program stdin. */
1.17 markus 448: if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
1.77 markus 449: data = buffer_ptr(&stdin_buffer);
450: dlen = buffer_len(&stdin_buffer);
451: len = write(fdin, data, dlen);
1.23 markus 452: if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
453: /* do nothing */
454: } else if (len <= 0) {
1.15 markus 455: if (fdin != fdout)
1.10 markus 456: close(fdin);
457: else
458: shutdown(fdin, SHUT_WR); /* We will no longer send. */
459: fdin = -1;
460: } else {
1.47 dugsong 461: /* Successful write. */
1.77 markus 462: if (fdin_is_tty && dlen >= 1 && data[0] != '\r' &&
463: tcgetattr(fdin, &tio) == 0 &&
1.49 markus 464: !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
1.48 deraadt 465: /*
466: * Simulate echo to reduce the impact of
467: * traffic analysis
468: */
1.52 markus 469: packet_send_ignore(len);
1.47 dugsong 470: packet_send();
471: }
472: /* Consume the data from the buffer. */
1.10 markus 473: buffer_consume(&stdin_buffer, len);
474: /* Update the count of bytes written to the program. */
475: stdin_bytes += len;
476: }
477: }
478: /* Send any buffered packet data to the client. */
479: if (FD_ISSET(connection_out, writeset))
480: packet_write_poll();
1.1 deraadt 481: }
482:
1.11 deraadt 483: /*
484: * Wait until all buffered output has been sent to the client.
485: * This is used when the program terminates.
486: */
1.70 itojun 487: static void
1.46 itojun 488: drain_output(void)
1.1 deraadt 489: {
1.10 markus 490: /* Send any buffered stdout data to the client. */
491: if (buffer_len(&stdout_buffer) > 0) {
492: packet_start(SSH_SMSG_STDOUT_DATA);
493: packet_put_string(buffer_ptr(&stdout_buffer),
494: buffer_len(&stdout_buffer));
495: packet_send();
496: /* Update the count of sent bytes. */
497: stdout_bytes += buffer_len(&stdout_buffer);
498: }
499: /* Send any buffered stderr data to the client. */
500: if (buffer_len(&stderr_buffer) > 0) {
501: packet_start(SSH_SMSG_STDERR_DATA);
502: packet_put_string(buffer_ptr(&stderr_buffer),
503: buffer_len(&stderr_buffer));
504: packet_send();
505: /* Update the count of sent bytes. */
506: stderr_bytes += buffer_len(&stderr_buffer);
507: }
508: /* Wait until all buffered data has been written to the client. */
509: packet_write_wait();
1.1 deraadt 510: }
511:
1.70 itojun 512: static void
1.46 itojun 513: process_buffered_input_packets(void)
1.16 markus 514: {
1.56 markus 515: dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? xxx_kex : NULL);
1.16 markus 516: }
517:
1.11 deraadt 518: /*
519: * Performs the interactive session. This handles data transmission between
520: * the client and the program. Note that the notion of stdin, stdout, and
521: * stderr in this function is sort of reversed: this function writes to
522: * stdin (of the child program), and reads from stdout and stderr (of the
523: * child program).
524: */
1.19 markus 525: void
1.20 deraadt 526: server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
1.1 deraadt 527: {
1.43 markus 528: fd_set *readset = NULL, *writeset = NULL;
1.117 avsm 529: int max_fd = 0;
530: u_int nalloc = 0;
1.20 deraadt 531: int wait_status; /* Status returned by wait(). */
532: pid_t wait_pid; /* pid returned by wait(). */
1.10 markus 533: int waiting_termination = 0; /* Have displayed waiting close message. */
1.38 markus 534: u_int max_time_milliseconds;
535: u_int previous_stdout_buffer_bytes;
536: u_int stdout_buffer_bytes;
1.10 markus 537: int type;
538:
539: debug("Entering interactive session.");
540:
541: /* Initialize the SIGCHLD kludge. */
542: child_terminated = 0;
543: signal(SIGCHLD, sigchld_handler);
544:
1.121 djm 545: if (!use_privsep) {
546: signal(SIGTERM, sigterm_handler);
547: signal(SIGINT, sigterm_handler);
548: signal(SIGQUIT, sigterm_handler);
549: }
550:
1.10 markus 551: /* Initialize our global variables. */
552: fdin = fdin_arg;
553: fdout = fdout_arg;
554: fderr = fderr_arg;
1.23 markus 555:
556: /* nonblocking IO */
557: set_nonblock(fdin);
558: set_nonblock(fdout);
1.24 markus 559: /* we don't have stderr for interactive terminal sessions, see below */
560: if (fderr != -1)
561: set_nonblock(fderr);
1.50 markus 562:
563: if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
564: fdin_is_tty = 1;
1.23 markus 565:
1.10 markus 566: connection_in = packet_get_connection_in();
567: connection_out = packet_get_connection_out();
568:
1.87 markus 569: notify_setup();
570:
1.10 markus 571: previous_stdout_buffer_bytes = 0;
572:
573: /* Set approximate I/O buffer size. */
574: if (packet_is_interactive())
575: buffer_high = 4096;
576: else
577: buffer_high = 64 * 1024;
578:
1.76 markus 579: #if 0
1.10 markus 580: /* Initialize max_fd to the maximum of the known file descriptors. */
1.76 markus 581: max_fd = MAX(connection_in, connection_out);
582: max_fd = MAX(max_fd, fdin);
583: max_fd = MAX(max_fd, fdout);
1.43 markus 584: if (fderr != -1)
585: max_fd = MAX(max_fd, fderr);
1.76 markus 586: #endif
1.10 markus 587:
588: /* Initialize Initialize buffers. */
589: buffer_init(&stdin_buffer);
590: buffer_init(&stdout_buffer);
591: buffer_init(&stderr_buffer);
592:
1.12 markus 593: /*
594: * If we have no separate fderr (which is the case when we have a pty
595: * - there we cannot make difference between data sent to stdout and
596: * stderr), indicate that we have seen an EOF from stderr. This way
1.120 djm 597: * we don't need to check the descriptor everywhere.
1.12 markus 598: */
1.10 markus 599: if (fderr == -1)
600: fderr_eof = 1;
601:
1.16 markus 602: server_init_dispatch();
603:
1.10 markus 604: /* Main loop of the server for the interactive session mode. */
605: for (;;) {
606:
607: /* Process buffered packets from the client. */
608: process_buffered_input_packets();
609:
1.12 markus 610: /*
611: * If we have received eof, and there is no more pending
612: * input data, cause a real eof by closing fdin.
613: */
1.10 markus 614: if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
1.15 markus 615: if (fdin != fdout)
1.10 markus 616: close(fdin);
617: else
618: shutdown(fdin, SHUT_WR); /* We will no longer send. */
619: fdin = -1;
620: }
1.12 markus 621: /* Make packets from buffered stderr data to send to the client. */
1.10 markus 622: make_packets_from_stderr_data();
623:
1.12 markus 624: /*
625: * Make packets from buffered stdout data to send to the
626: * client. If there is very little to send, this arranges to
627: * not send them now, but to wait a short while to see if we
628: * are getting more data. This is necessary, as some systems
629: * wake up readers from a pty after each separate character.
630: */
1.10 markus 631: max_time_milliseconds = 0;
632: stdout_buffer_bytes = buffer_len(&stdout_buffer);
633: if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 &&
634: stdout_buffer_bytes != previous_stdout_buffer_bytes) {
635: /* try again after a while */
636: max_time_milliseconds = 10;
637: } else {
638: /* Send it now. */
639: make_packets_from_stdout_data();
640: }
641: previous_stdout_buffer_bytes = buffer_len(&stdout_buffer);
642:
643: /* Send channel data to the client. */
644: if (packet_not_very_much_data_to_write())
645: channel_output_poll();
646:
1.12 markus 647: /*
648: * Bail out of the loop if the program has closed its output
649: * descriptors, and we have no more data to send to the
650: * client, and there is no pending buffered data.
651: */
1.10 markus 652: if (fdout_eof && fderr_eof && !packet_have_data_to_write() &&
653: buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) {
654: if (!channel_still_open())
1.16 markus 655: break;
1.10 markus 656: if (!waiting_termination) {
657: const char *s = "Waiting for forwarded connections to terminate...\r\n";
658: char *cp;
659: waiting_termination = 1;
660: buffer_append(&stderr_buffer, s, strlen(s));
661:
662: /* Display list of open channels. */
663: cp = channel_open_message();
664: buffer_append(&stderr_buffer, cp, strlen(cp));
665: xfree(cp);
666: }
667: }
1.76 markus 668: max_fd = MAX(connection_in, connection_out);
669: max_fd = MAX(max_fd, fdin);
670: max_fd = MAX(max_fd, fdout);
671: max_fd = MAX(max_fd, fderr);
1.87 markus 672: max_fd = MAX(max_fd, notify_pipe[0]);
1.76 markus 673:
1.10 markus 674: /* Sleep in select() until we can do something. */
1.43 markus 675: wait_until_can_do_something(&readset, &writeset, &max_fd,
1.76 markus 676: &nalloc, max_time_milliseconds);
1.10 markus 677:
1.121 djm 678: if (received_sigterm) {
679: logit("Exiting on signal %d", received_sigterm);
680: /* Clean up sessions, utmp, etc. */
681: cleanup_exit(255);
682: }
683:
1.10 markus 684: /* Process any channel events. */
1.43 markus 685: channel_after_select(readset, writeset);
1.10 markus 686:
687: /* Process input from the client and from program stdout/stderr. */
1.43 markus 688: process_input(readset);
1.10 markus 689:
690: /* Process output to the client and to program stdin. */
1.43 markus 691: process_output(writeset);
1.10 markus 692: }
1.43 markus 693: if (readset)
694: xfree(readset);
695: if (writeset)
696: xfree(writeset);
1.10 markus 697:
698: /* Cleanup and termination code. */
699:
700: /* Wait until all output has been sent to the client. */
701: drain_output();
702:
703: debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
1.86 deraadt 704: stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
1.10 markus 705:
706: /* Free and clear the buffers. */
707: buffer_free(&stdin_buffer);
708: buffer_free(&stdout_buffer);
709: buffer_free(&stderr_buffer);
710:
711: /* Close the file descriptors. */
712: if (fdout != -1)
713: close(fdout);
714: fdout = -1;
715: fdout_eof = 1;
716: if (fderr != -1)
717: close(fderr);
718: fderr = -1;
719: fderr_eof = 1;
720: if (fdin != -1)
721: close(fdin);
722: fdin = -1;
723:
1.69 markus 724: channel_free_all();
1.10 markus 725:
726: /* We no longer want our SIGCHLD handler to be called. */
727: signal(SIGCHLD, SIG_DFL);
728:
1.101 markus 729: while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0)
730: if (errno != EINTR)
731: packet_disconnect("wait: %.100s", strerror(errno));
732: if (wait_pid != pid)
1.102 mpech 733: error("Strange, wait returned pid %ld, expected %ld",
734: (long)wait_pid, (long)pid);
1.68 markus 735:
1.10 markus 736: /* Check if it exited normally. */
737: if (WIFEXITED(wait_status)) {
738: /* Yes, normal exit. Get exit status and send it to the client. */
739: debug("Command exited with status %d.", WEXITSTATUS(wait_status));
740: packet_start(SSH_SMSG_EXITSTATUS);
741: packet_put_int(WEXITSTATUS(wait_status));
742: packet_send();
743: packet_write_wait();
744:
1.12 markus 745: /*
746: * Wait for exit confirmation. Note that there might be
747: * other packets coming before it; however, the program has
748: * already died so we just ignore them. The client is
749: * supposed to respond with the confirmation when it receives
750: * the exit status.
751: */
1.10 markus 752: do {
1.92 markus 753: type = packet_read();
1.10 markus 754: }
755: while (type != SSH_CMSG_EXIT_CONFIRMATION);
756:
757: debug("Received exit confirmation.");
758: return;
759: }
760: /* Check if the program terminated due to a signal. */
761: if (WIFSIGNALED(wait_status))
762: packet_disconnect("Command terminated on signal %d.",
763: WTERMSIG(wait_status));
764:
765: /* Some weird exit cause. Just exit. */
766: packet_disconnect("wait returned status %04x.", wait_status);
767: /* NOTREACHED */
1.16 markus 768: }
769:
1.82 markus 770: static void
771: collect_children(void)
772: {
773: pid_t pid;
774: sigset_t oset, nset;
775: int status;
776:
777: /* block SIGCHLD while we check for dead children */
778: sigemptyset(&nset);
779: sigaddset(&nset, SIGCHLD);
780: sigprocmask(SIG_BLOCK, &nset, &oset);
781: if (child_terminated) {
1.128 djm 782: debug("Received SIGCHLD.");
1.101 markus 783: while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
784: (pid < 0 && errno == EINTR))
785: if (pid > 0)
786: session_close_by_pid(pid, status);
1.82 markus 787: child_terminated = 0;
788: }
789: sigprocmask(SIG_SETMASK, &oset, NULL);
790: }
791:
1.19 markus 792: void
1.72 markus 793: server_loop2(Authctxt *authctxt)
1.17 markus 794: {
1.43 markus 795: fd_set *readset = NULL, *writeset = NULL;
1.82 markus 796: int rekeying = 0, max_fd, nalloc = 0;
1.17 markus 797:
798: debug("Entering interactive session for SSH2.");
799:
1.68 markus 800: signal(SIGCHLD, sigchld_handler);
1.17 markus 801: child_terminated = 0;
802: connection_in = packet_get_connection_in();
803: connection_out = packet_get_connection_out();
1.43 markus 804:
1.121 djm 805: if (!use_privsep) {
806: signal(SIGTERM, sigterm_handler);
807: signal(SIGINT, sigterm_handler);
808: signal(SIGQUIT, sigterm_handler);
809: }
810:
1.87 markus 811: notify_setup();
812:
1.43 markus 813: max_fd = MAX(connection_in, connection_out);
1.87 markus 814: max_fd = MAX(max_fd, notify_pipe[0]);
815:
1.17 markus 816: server_init_dispatch();
817:
818: for (;;) {
819: process_buffered_input_packets();
1.58 markus 820:
1.59 markus 821: rekeying = (xxx_kex != NULL && !xxx_kex->done);
1.58 markus 822:
823: if (!rekeying && packet_not_very_much_data_to_write())
1.17 markus 824: channel_output_poll();
1.58 markus 825: wait_until_can_do_something(&readset, &writeset, &max_fd,
1.76 markus 826: &nalloc, 0);
1.121 djm 827:
828: if (received_sigterm) {
829: logit("Exiting on signal %d", received_sigterm);
830: /* Clean up sessions, utmp, etc. */
831: cleanup_exit(255);
832: }
1.81 markus 833:
1.82 markus 834: collect_children();
1.107 markus 835: if (!rekeying) {
1.58 markus 836: channel_after_select(readset, writeset);
1.107 markus 837: if (packet_need_rekeying()) {
838: debug("need rekeying");
839: xxx_kex->done = 0;
840: kex_send_kexinit(xxx_kex);
841: }
842: }
1.43 markus 843: process_input(readset);
1.60 markus 844: if (connection_closed)
845: break;
1.43 markus 846: process_output(writeset);
847: }
1.82 markus 848: collect_children();
849:
1.43 markus 850: if (readset)
851: xfree(readset);
852: if (writeset)
853: xfree(writeset);
854:
1.81 markus 855: /* free all channels, no more reads and writes */
856: channel_free_all();
857:
1.82 markus 858: /* free remaining sessions, e.g. remove wtmp entries */
1.99 provos 859: session_destroy_all(NULL);
1.17 markus 860: }
861:
1.70 itojun 862: static void
1.114 markus 863: server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
1.61 beck 864: {
1.114 markus 865: debug("Got %d/%u for keepalive", type, seq);
1.86 deraadt 866: /*
1.62 markus 867: * reset timeout, since we got a sane answer from the client.
1.61 beck 868: * even if this was generated by something other than
869: * the bogus CHANNEL_REQUEST we send for keepalives.
870: */
1.158 andreas 871: packet_set_alive_timeouts(0);
1.61 beck 872: }
873:
1.70 itojun 874: static void
1.93 markus 875: server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
1.16 markus 876: {
877: char *data;
1.38 markus 878: u_int data_len;
1.16 markus 879:
880: /* Stdin data from the client. Append it to the buffer. */
881: /* Ignore any data if the client has closed stdin. */
882: if (fdin == -1)
883: return;
884: data = packet_get_string(&data_len);
1.91 markus 885: packet_check_eom();
1.16 markus 886: buffer_append(&stdin_buffer, data, data_len);
887: memset(data, 0, data_len);
888: xfree(data);
889: }
890:
1.70 itojun 891: static void
1.93 markus 892: server_input_eof(int type, u_int32_t seq, void *ctxt)
1.16 markus 893: {
894: /*
895: * Eof from the client. The stdin descriptor to the
896: * program will be closed when all buffered data has
897: * drained.
898: */
899: debug("EOF received for stdin.");
1.91 markus 900: packet_check_eom();
1.16 markus 901: stdin_eof = 1;
902: }
903:
1.70 itojun 904: static void
1.93 markus 905: server_input_window_size(int type, u_int32_t seq, void *ctxt)
1.16 markus 906: {
1.132 deraadt 907: u_int row = packet_get_int();
908: u_int col = packet_get_int();
909: u_int xpixel = packet_get_int();
910: u_int ypixel = packet_get_int();
1.16 markus 911:
912: debug("Window change received.");
1.91 markus 913: packet_check_eom();
1.16 markus 914: if (fdin != -1)
915: pty_change_window_size(fdin, row, col, xpixel, ypixel);
916: }
917:
1.70 itojun 918: static Channel *
1.115 markus 919: server_request_direct_tcpip(void)
1.17 markus 920: {
1.64 markus 921: Channel *c;
1.18 markus 922: char *target, *originator;
1.155 djm 923: u_short target_port, originator_port;
1.17 markus 924:
1.18 markus 925: target = packet_get_string(NULL);
926: target_port = packet_get_int();
1.17 markus 927: originator = packet_get_string(NULL);
928: originator_port = packet_get_int();
1.91 markus 929: packet_check_eom();
1.25 markus 930:
1.150 djm 931: debug("server_request_direct_tcpip: originator %s port %d, target %s "
932: "port %d", originator, originator_port, target, target_port);
1.26 markus 933:
1.17 markus 934: /* XXX check permission */
1.150 djm 935: c = channel_connect_to(target, target_port,
936: "direct-tcpip", "direct-tcpip");
937:
938: xfree(originator);
1.18 markus 939: xfree(target);
1.150 djm 940:
1.64 markus 941: return c;
1.35 markus 942: }
943:
1.70 itojun 944: static Channel *
1.122 reyk 945: server_request_tun(void)
946: {
947: Channel *c = NULL;
1.123 reyk 948: int mode, tun;
949: int sock;
1.122 reyk 950:
1.123 reyk 951: mode = packet_get_int();
952: switch (mode) {
953: case SSH_TUNMODE_POINTOPOINT:
954: case SSH_TUNMODE_ETHERNET:
955: break;
956: default:
957: packet_send_debug("Unsupported tunnel device mode.");
958: return NULL;
959: }
960: if ((options.permit_tun & mode) == 0) {
961: packet_send_debug("Server has rejected tunnel device "
962: "forwarding");
1.122 reyk 963: return NULL;
964: }
965:
966: tun = packet_get_int();
1.124 reyk 967: if (forced_tun_device != -1) {
1.131 deraadt 968: if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
1.122 reyk 969: goto done;
970: tun = forced_tun_device;
971: }
1.123 reyk 972: sock = tun_open(tun, mode);
1.122 reyk 973: if (sock < 0)
974: goto done;
975: c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
976: CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
977: c->datagram = 1;
978:
979: done:
980: if (c == NULL)
981: packet_send_debug("Failed to open the tunnel device.");
982: return c;
983: }
984:
985: static Channel *
1.115 markus 986: server_request_session(void)
1.35 markus 987: {
1.64 markus 988: Channel *c;
1.35 markus 989:
990: debug("input_session_request");
1.91 markus 991: packet_check_eom();
1.152 djm 992:
993: if (no_more_sessions) {
994: packet_disconnect("Possible attack: attempt to open a session "
995: "after additional sessions disabled");
996: }
997:
1.35 markus 998: /*
999: * A server session has no fd to read or write until a
1000: * CHANNEL_REQUEST for a shell is made, so we set the type to
1001: * SSH_CHANNEL_LARVAL. Additionally, a callback for handling all
1002: * CHANNEL_REQUEST messages is registered.
1003: */
1.115 markus 1004: c = channel_new("session", SSH_CHANNEL_LARVAL,
1.64 markus 1005: -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
1.108 markus 1006: 0, "server-session", 1);
1.111 markus 1007: if (session_open(the_authctxt, c->self) != 1) {
1.64 markus 1008: debug("session open failed, free channel %d", c->self);
1009: channel_free(c);
1010: return NULL;
1.35 markus 1011: }
1.119 djm 1012: channel_register_cleanup(c->self, session_close_by_channel, 0);
1.64 markus 1013: return c;
1.17 markus 1014: }
1015:
1.70 itojun 1016: static void
1.93 markus 1017: server_input_channel_open(int type, u_int32_t seq, void *ctxt)
1.17 markus 1018: {
1019: Channel *c = NULL;
1020: char *ctype;
1021: int rchan;
1.103 markus 1022: u_int rmaxpack, rwindow, len;
1.17 markus 1023:
1024: ctype = packet_get_string(&len);
1025: rchan = packet_get_int();
1026: rwindow = packet_get_int();
1027: rmaxpack = packet_get_int();
1028:
1.30 markus 1029: debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
1.17 markus 1030: ctype, rchan, rwindow, rmaxpack);
1031:
1032: if (strcmp(ctype, "session") == 0) {
1.115 markus 1033: c = server_request_session();
1.17 markus 1034: } else if (strcmp(ctype, "direct-tcpip") == 0) {
1.115 markus 1035: c = server_request_direct_tcpip();
1.122 reyk 1036: } else if (strcmp(ctype, "tun@openssh.com") == 0) {
1037: c = server_request_tun();
1.17 markus 1038: }
1039: if (c != NULL) {
1.35 markus 1040: debug("server_input_channel_open: confirm %s", ctype);
1.17 markus 1041: c->remote_id = rchan;
1042: c->remote_window = rwindow;
1043: c->remote_maxpacket = rmaxpack;
1.65 markus 1044: if (c->type != SSH_CHANNEL_CONNECTING) {
1045: packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
1046: packet_put_int(c->remote_id);
1047: packet_put_int(c->self);
1048: packet_put_int(c->local_window);
1049: packet_put_int(c->local_maxpacket);
1050: packet_send();
1051: }
1.17 markus 1052: } else {
1.35 markus 1053: debug("server_input_channel_open: failure %s", ctype);
1.17 markus 1054: packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
1055: packet_put_int(rchan);
1056: packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
1.63 markus 1057: if (!(datafellows & SSH_BUG_OPENFAILURE)) {
1.65 markus 1058: packet_put_cstring("open failed");
1.63 markus 1059: packet_put_cstring("");
1060: }
1.17 markus 1061: packet_send();
1062: }
1063: xfree(ctype);
1064: }
1065:
1.70 itojun 1066: static void
1.93 markus 1067: server_input_global_request(int type, u_int32_t seq, void *ctxt)
1.35 markus 1068: {
1069: char *rtype;
1070: int want_reply;
1.156 djm 1071: int success = 0, allocated_listen_port = 0;
1.35 markus 1072:
1073: rtype = packet_get_string(NULL);
1074: want_reply = packet_get_char();
1075: debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
1.45 stevesk 1076:
1.55 markus 1077: /* -R style forwarding */
1.35 markus 1078: if (strcmp(rtype, "tcpip-forward") == 0) {
1079: struct passwd *pw;
1080: char *listen_address;
1081: u_short listen_port;
1082:
1.111 markus 1083: pw = the_authctxt->pw;
1.113 dtucker 1084: if (pw == NULL || !the_authctxt->valid)
1.112 djm 1085: fatal("server_input_global_request: no/invalid user");
1.109 djm 1086: listen_address = packet_get_string(NULL);
1.35 markus 1087: listen_port = (u_short)packet_get_int();
1088: debug("server_input_global_request: tcpip-forward listen %s port %d",
1089: listen_address, listen_port);
1090:
1091: /* check permissions */
1092: if (!options.allow_tcp_forwarding ||
1093: no_port_forwarding_flag ||
1.157 djm 1094: (!want_reply && listen_port == 0) ||
1.156 djm 1095: (listen_port != 0 && listen_port < IPPORT_RESERVED &&
1096: pw->pw_uid != 0)) {
1.35 markus 1097: success = 0;
1098: packet_send_debug("Server has disabled port forwarding.");
1099: } else {
1100: /* Start listening on the port */
1.95 markus 1101: success = channel_setup_remote_fwd_listener(
1.156 djm 1102: listen_address, listen_port,
1103: &allocated_listen_port, options.gateway_ports);
1.35 markus 1104: }
1105: xfree(listen_address);
1.116 djm 1106: } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
1107: char *cancel_address;
1108: u_short cancel_port;
1109:
1110: cancel_address = packet_get_string(NULL);
1111: cancel_port = (u_short)packet_get_int();
1112: debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
1113: cancel_address, cancel_port);
1114:
1115: success = channel_cancel_rport_listener(cancel_address,
1116: cancel_port);
1.129 djm 1117: xfree(cancel_address);
1.152 djm 1118: } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
1119: no_more_sessions = 1;
1120: success = 1;
1.35 markus 1121: }
1122: if (want_reply) {
1123: packet_start(success ?
1124: SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
1.156 djm 1125: if (success && allocated_listen_port > 0)
1126: packet_put_int(allocated_listen_port);
1.35 markus 1127: packet_send();
1128: packet_write_wait();
1129: }
1130: xfree(rtype);
1131: }
1.133 deraadt 1132:
1.97 markus 1133: static void
1134: server_input_channel_req(int type, u_int32_t seq, void *ctxt)
1135: {
1136: Channel *c;
1137: int id, reply, success = 0;
1138: char *rtype;
1139:
1140: id = packet_get_int();
1141: rtype = packet_get_string(NULL);
1142: reply = packet_get_char();
1143:
1144: debug("server_input_channel_req: channel %d request %s reply %d",
1145: id, rtype, reply);
1146:
1147: if ((c = channel_lookup(id)) == NULL)
1148: packet_disconnect("server_input_channel_req: "
1149: "unknown channel %d", id);
1.151 markus 1150: if (!strcmp(rtype, "eow@openssh.com")) {
1151: packet_check_eom();
1152: chan_rcvd_eow(c);
1.153 djm 1153: } else if ((c->type == SSH_CHANNEL_LARVAL ||
1154: c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
1.97 markus 1155: success = session_input_channel_req(c, rtype);
1156: if (reply) {
1157: packet_start(success ?
1158: SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1159: packet_put_int(c->remote_id);
1160: packet_send();
1161: }
1162: xfree(rtype);
1163: }
1.35 markus 1164:
1.70 itojun 1165: static void
1.46 itojun 1166: server_init_dispatch_20(void)
1.17 markus 1167: {
1168: debug("server_init_dispatch_20");
1169: dispatch_init(&dispatch_protocol_error);
1170: dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
1171: dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
1172: dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
1173: dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
1174: dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
1175: dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1176: dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1.97 markus 1177: dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
1.17 markus 1178: dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
1.35 markus 1179: dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
1.61 beck 1180: /* client_alive */
1.154 markus 1181: dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);
1182: dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
1.114 markus 1183: dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
1184: dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
1.56 markus 1185: /* rekeying */
1186: dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
1.17 markus 1187: }
1.70 itojun 1188: static void
1.46 itojun 1189: server_init_dispatch_13(void)
1.16 markus 1190: {
1191: debug("server_init_dispatch_13");
1192: dispatch_init(NULL);
1193: dispatch_set(SSH_CMSG_EOF, &server_input_eof);
1194: dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data);
1195: dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size);
1196: dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
1197: dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
1198: dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
1199: dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1200: dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1201: dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
1202: }
1.70 itojun 1203: static void
1.46 itojun 1204: server_init_dispatch_15(void)
1.16 markus 1205: {
1206: server_init_dispatch_13();
1207: debug("server_init_dispatch_15");
1208: dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
1209: dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
1210: }
1.70 itojun 1211: static void
1.46 itojun 1212: server_init_dispatch(void)
1.16 markus 1213: {
1.17 markus 1214: if (compat20)
1215: server_init_dispatch_20();
1216: else if (compat13)
1.16 markus 1217: server_init_dispatch_13();
1218: else
1219: server_init_dispatch_15();
1.1 deraadt 1220: }