File: | src/usr.bin/ssh/ssh/../clientloop.c |
Warning: | line 2182, column 7 Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: clientloop.c,v 1.376 2022/01/11 01:26:47 djm Exp $ */ |
2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved |
6 | * The main loop for the interactive session (client side). |
7 | * |
8 | * As far as I am concerned, the code I have written for this software |
9 | * can be used freely for any purpose. Any derived versions of this |
10 | * software must be clearly marked as such, and if the derived work is |
11 | * incompatible with the protocol description in the RFC file, it must be |
12 | * called by a name other than "ssh" or "Secure Shell". |
13 | * |
14 | * |
15 | * Copyright (c) 1999 Theo de Raadt. All rights reserved. |
16 | * |
17 | * Redistribution and use in source and binary forms, with or without |
18 | * modification, are permitted provided that the following conditions |
19 | * are met: |
20 | * 1. Redistributions of source code must retain the above copyright |
21 | * notice, this list of conditions and the following disclaimer. |
22 | * 2. Redistributions in binary form must reproduce the above copyright |
23 | * notice, this list of conditions and the following disclaimer in the |
24 | * documentation and/or other materials provided with the distribution. |
25 | * |
26 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
27 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
28 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
29 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
30 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
31 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
32 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
33 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
34 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | * |
37 | * |
38 | * SSH2 support added by Markus Friedl. |
39 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. |
40 | * |
41 | * Redistribution and use in source and binary forms, with or without |
42 | * modification, are permitted provided that the following conditions |
43 | * are met: |
44 | * 1. Redistributions of source code must retain the above copyright |
45 | * notice, this list of conditions and the following disclaimer. |
46 | * 2. Redistributions in binary form must reproduce the above copyright |
47 | * notice, this list of conditions and the following disclaimer in the |
48 | * documentation and/or other materials provided with the distribution. |
49 | * |
50 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
51 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
52 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
53 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
54 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
55 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
56 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
57 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
58 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
59 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
60 | */ |
61 | |
62 | |
63 | #include <sys/types.h> |
64 | #include <sys/ioctl.h> |
65 | #include <sys/stat.h> |
66 | #include <sys/socket.h> |
67 | #include <sys/time.h> |
68 | #include <sys/queue.h> |
69 | |
70 | #include <ctype.h> |
71 | #include <errno(*__errno()).h> |
72 | #include <paths.h> |
73 | #include <poll.h> |
74 | #include <signal.h> |
75 | #include <stdio.h> |
76 | #include <stdlib.h> |
77 | #include <string.h> |
78 | #include <stdarg.h> |
79 | #include <termios.h> |
80 | #include <pwd.h> |
81 | #include <unistd.h> |
82 | #include <limits.h> |
83 | |
84 | #include "xmalloc.h" |
85 | #include "ssh.h" |
86 | #include "ssh2.h" |
87 | #include "packet.h" |
88 | #include "sshbuf.h" |
89 | #include "compat.h" |
90 | #include "channels.h" |
91 | #include "dispatch.h" |
92 | #include "sshkey.h" |
93 | #include "cipher.h" |
94 | #include "kex.h" |
95 | #include "myproposal.h" |
96 | #include "log.h" |
97 | #include "misc.h" |
98 | #include "readconf.h" |
99 | #include "clientloop.h" |
100 | #include "sshconnect.h" |
101 | #include "authfd.h" |
102 | #include "atomicio.h" |
103 | #include "sshpty.h" |
104 | #include "match.h" |
105 | #include "msg.h" |
106 | #include "ssherr.h" |
107 | #include "hostfile.h" |
108 | |
109 | /* Permitted RSA signature algorithms for UpdateHostkeys proofs */ |
110 | #define HOSTKEY_PROOF_RSA_ALGS"rsa-sha2-512,rsa-sha2-256" "rsa-sha2-512,rsa-sha2-256" |
111 | |
112 | /* import options */ |
113 | extern Options options; |
114 | |
115 | /* Control socket */ |
116 | extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ |
117 | |
118 | /* |
119 | * Name of the host we are connecting to. This is the name given on the |
120 | * command line, or the Hostname specified for the user-supplied name in a |
121 | * configuration file. |
122 | */ |
123 | extern char *host; |
124 | |
125 | /* |
126 | * If this field is not NULL, the ForwardAgent socket is this path and different |
127 | * instead of SSH_AUTH_SOCK. |
128 | */ |
129 | extern char *forward_agent_sock_path; |
130 | |
131 | /* |
132 | * Flag to indicate that we have received a window change signal which has |
133 | * not yet been processed. This will cause a message indicating the new |
134 | * window size to be sent to the server a little later. This is volatile |
135 | * because this is updated in a signal handler. |
136 | */ |
137 | static volatile sig_atomic_t received_window_change_signal = 0; |
138 | static volatile sig_atomic_t received_signal = 0; |
139 | |
140 | /* Time when backgrounded control master using ControlPersist should exit */ |
141 | static time_t control_persist_exit_time = 0; |
142 | |
143 | /* Common data for the client loop code. */ |
144 | volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */ |
145 | static int last_was_cr; /* Last character was a newline. */ |
146 | static int exit_status; /* Used to store the command exit status. */ |
147 | static struct sshbuf *stderr_buffer; /* Used for final exit message. */ |
148 | static int connection_in; /* Connection to server (input). */ |
149 | static int connection_out; /* Connection to server (output). */ |
150 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
151 | static int session_closed; /* In SSH2: login session closed. */ |
152 | static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ |
153 | static time_t server_alive_time; /* Time to do server_alive_check */ |
154 | |
155 | static void client_init_dispatch(struct ssh *ssh); |
156 | int session_ident = -1; |
157 | |
158 | /* Track escape per proto2 channel */ |
159 | struct escape_filter_ctx { |
160 | int escape_pending; |
161 | int escape_char; |
162 | }; |
163 | |
164 | /* Context for channel confirmation replies */ |
165 | struct channel_reply_ctx { |
166 | const char *request_type; |
167 | int id; |
168 | enum confirm_action action; |
169 | }; |
170 | |
171 | /* Global request success/failure callbacks */ |
172 | /* XXX move to struct ssh? */ |
173 | struct global_confirm { |
174 | TAILQ_ENTRY(global_confirm)struct { struct global_confirm *tqe_next; struct global_confirm **tqe_prev; } entry; |
175 | global_confirm_cb *cb; |
176 | void *ctx; |
177 | int ref_count; |
178 | }; |
179 | TAILQ_HEAD(global_confirms, global_confirm)struct global_confirms { struct global_confirm *tqh_first; struct global_confirm **tqh_last; }; |
180 | static struct global_confirms global_confirms = |
181 | TAILQ_HEAD_INITIALIZER(global_confirms){ ((void *)0), &(global_confirms).tqh_first }; |
182 | |
183 | void ssh_process_session2_setup(int, int, int, struct sshbuf *); |
184 | |
185 | /* |
186 | * Signal handler for the window change signal (SIGWINCH). This just sets a |
187 | * flag indicating that the window has changed. |
188 | */ |
189 | /*ARGSUSED */ |
190 | static void |
191 | window_change_handler(int sig) |
192 | { |
193 | received_window_change_signal = 1; |
194 | } |
195 | |
196 | /* |
197 | * Signal handler for signals that cause the program to terminate. These |
198 | * signals must be trapped to restore terminal modes. |
199 | */ |
200 | /*ARGSUSED */ |
201 | static void |
202 | signal_handler(int sig) |
203 | { |
204 | received_signal = sig; |
205 | quit_pending = 1; |
206 | } |
207 | |
208 | /* |
209 | * Sets control_persist_exit_time to the absolute time when the |
210 | * backgrounded control master should exit due to expiry of the |
211 | * ControlPersist timeout. Sets it to 0 if we are not a backgrounded |
212 | * control master process, or if there is no ControlPersist timeout. |
213 | */ |
214 | static void |
215 | set_control_persist_exit_time(struct ssh *ssh) |
216 | { |
217 | if (muxserver_sock == -1 || !options.control_persist |
218 | || options.control_persist_timeout == 0) { |
219 | /* not using a ControlPersist timeout */ |
220 | control_persist_exit_time = 0; |
221 | } else if (channel_still_open(ssh)) { |
222 | /* some client connections are still open */ |
223 | if (control_persist_exit_time > 0) |
224 | debug2_f("cancel scheduled exit")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 224 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "cancel scheduled exit" ); |
225 | control_persist_exit_time = 0; |
226 | } else if (control_persist_exit_time <= 0) { |
227 | /* a client connection has recently closed */ |
228 | control_persist_exit_time = monotime() + |
229 | (time_t)options.control_persist_timeout; |
230 | debug2_f("schedule exit in %d seconds",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 231 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "schedule exit in %d seconds" , options.control_persist_timeout) |
231 | options.control_persist_timeout)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 231 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "schedule exit in %d seconds" , options.control_persist_timeout); |
232 | } |
233 | /* else we are already counting down to the timeout */ |
234 | } |
235 | |
236 | #define SSH_X11_VALID_DISPLAY_CHARS":/.-_" ":/.-_" |
237 | static int |
238 | client_x11_display_valid(const char *display) |
239 | { |
240 | size_t i, dlen; |
241 | |
242 | if (display == NULL((void *)0)) |
243 | return 0; |
244 | |
245 | dlen = strlen(display); |
246 | for (i = 0; i < dlen; i++) { |
247 | if (!isalnum((u_char)display[i]) && |
248 | strchr(SSH_X11_VALID_DISPLAY_CHARS":/.-_", display[i]) == NULL((void *)0)) { |
249 | debug("Invalid character '%c' in DISPLAY", display[i])sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 249 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Invalid character '%c' in DISPLAY" , display[i]); |
250 | return 0; |
251 | } |
252 | } |
253 | return 1; |
254 | } |
255 | |
256 | #define SSH_X11_PROTO"MIT-MAGIC-COOKIE-1" "MIT-MAGIC-COOKIE-1" |
257 | #define X11_TIMEOUT_SLACK60 60 |
258 | int |
259 | client_x11_get_proto(struct ssh *ssh, const char *display, |
260 | const char *xauth_path, u_int trusted, u_int timeout, |
261 | char **_proto, char **_data) |
262 | { |
263 | char *cmd, line[512], xdisplay[512]; |
264 | char xauthfile[PATH_MAX1024], xauthdir[PATH_MAX1024]; |
265 | static char proto[512], data[512]; |
266 | FILE *f; |
267 | int got_data = 0, generated = 0, do_unlink = 0, r; |
268 | struct stat st; |
269 | u_int now, x11_timeout_real; |
270 | |
271 | *_proto = proto; |
272 | *_data = data; |
273 | proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; |
274 | |
275 | if (!client_x11_display_valid(display)) { |
276 | if (display != NULL((void *)0)) |
277 | logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 278 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "DISPLAY \"%s\" invalid; disabling X11 forwarding" , display) |
278 | display)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 278 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "DISPLAY \"%s\" invalid; disabling X11 forwarding" , display); |
279 | return -1; |
280 | } |
281 | if (xauth_path != NULL((void *)0) && stat(xauth_path, &st) == -1) { |
282 | debug("No xauth program.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 282 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "No xauth program."); |
283 | xauth_path = NULL((void *)0); |
284 | } |
285 | |
286 | if (xauth_path != NULL((void *)0)) { |
287 | /* |
288 | * Handle FamilyLocal case where $DISPLAY does |
289 | * not match an authorization entry. For this we |
290 | * just try "xauth list unix:displaynum.screennum". |
291 | * XXX: "localhost" match to determine FamilyLocal |
292 | * is not perfect. |
293 | */ |
294 | if (strncmp(display, "localhost:", 10) == 0) { |
295 | if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", |
296 | display + 10)) < 0 || |
297 | (size_t)r >= sizeof(xdisplay)) { |
298 | error_f("display name too long")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 298 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "display name too long" ); |
299 | return -1; |
300 | } |
301 | display = xdisplay; |
302 | } |
303 | if (trusted == 0) { |
304 | /* |
305 | * Generate an untrusted X11 auth cookie. |
306 | * |
307 | * The authentication cookie should briefly outlive |
308 | * ssh's willingness to forward X11 connections to |
309 | * avoid nasty fail-open behaviour in the X server. |
310 | */ |
311 | mktemp_proto(xauthdir, sizeof(xauthdir)); |
312 | if (mkdtemp(xauthdir) == NULL((void *)0)) { |
313 | error_f("mkdtemp: %s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 313 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "mkdtemp: %s", strerror ((*__errno()))); |
314 | return -1; |
315 | } |
316 | do_unlink = 1; |
317 | if ((r = snprintf(xauthfile, sizeof(xauthfile), |
318 | "%s/xauthfile", xauthdir)) < 0 || |
319 | (size_t)r >= sizeof(xauthfile)) { |
320 | error_f("xauthfile path too long")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 320 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "xauthfile path too long" ); |
321 | rmdir(xauthdir); |
322 | return -1; |
323 | } |
324 | |
325 | if (timeout == 0) { |
326 | /* auth doesn't time out */ |
327 | xasprintf(&cmd, "%s -f %s generate %s %s " |
328 | "untrusted 2>%s", |
329 | xauth_path, xauthfile, display, |
330 | SSH_X11_PROTO"MIT-MAGIC-COOKIE-1", _PATH_DEVNULL"/dev/null"); |
331 | } else { |
332 | /* Add some slack to requested expiry */ |
333 | if (timeout < UINT_MAX(2147483647 *2U +1U) - X11_TIMEOUT_SLACK60) |
334 | x11_timeout_real = timeout + |
335 | X11_TIMEOUT_SLACK60; |
336 | else { |
337 | /* Don't overflow on long timeouts */ |
338 | x11_timeout_real = UINT_MAX(2147483647 *2U +1U); |
339 | } |
340 | xasprintf(&cmd, "%s -f %s generate %s %s " |
341 | "untrusted timeout %u 2>%s", |
342 | xauth_path, xauthfile, display, |
343 | SSH_X11_PROTO"MIT-MAGIC-COOKIE-1", x11_timeout_real, |
344 | _PATH_DEVNULL"/dev/null"); |
345 | } |
346 | debug2_f("xauth command: %s", cmd)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 346 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "xauth command: %s", cmd ); |
347 | |
348 | if (timeout != 0 && x11_refuse_time == 0) { |
349 | now = monotime() + 1; |
350 | if (UINT_MAX(2147483647 *2U +1U) - timeout < now) |
351 | x11_refuse_time = UINT_MAX(2147483647 *2U +1U); |
352 | else |
353 | x11_refuse_time = now + timeout; |
354 | channel_set_x11_refuse_time(ssh, |
355 | x11_refuse_time); |
356 | } |
357 | if (system(cmd) == 0) |
358 | generated = 1; |
359 | free(cmd); |
360 | } |
361 | |
362 | /* |
363 | * When in untrusted mode, we read the cookie only if it was |
364 | * successfully generated as an untrusted one in the step |
365 | * above. |
366 | */ |
367 | if (trusted || generated) { |
368 | xasprintf(&cmd, |
369 | "%s %s%s list %s 2>" _PATH_DEVNULL"/dev/null", |
370 | xauth_path, |
371 | generated ? "-f " : "" , |
372 | generated ? xauthfile : "", |
373 | display); |
374 | debug2("x11_get_proto: %s", cmd)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 374 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "x11_get_proto: %s", cmd ); |
375 | f = popen(cmd, "r"); |
376 | if (f && fgets(line, sizeof(line), f) && |
377 | sscanf(line, "%*s %511s %511s", proto, data) == 2) |
378 | got_data = 1; |
379 | if (f) |
380 | pclose(f); |
381 | free(cmd); |
382 | } |
383 | } |
384 | |
385 | if (do_unlink) { |
386 | unlink(xauthfile); |
387 | rmdir(xauthdir); |
388 | } |
389 | |
390 | /* Don't fall back to fake X11 data for untrusted forwarding */ |
391 | if (!trusted && !got_data) { |
392 | error("Warning: untrusted X11 forwarding setup failed: "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 393 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: untrusted X11 forwarding setup failed: " "xauth key data not generated") |
393 | "xauth key data not generated")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 393 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: untrusted X11 forwarding setup failed: " "xauth key data not generated"); |
394 | return -1; |
395 | } |
396 | |
397 | /* |
398 | * If we didn't get authentication data, just make up some |
399 | * data. The forwarding code will check the validity of the |
400 | * response anyway, and substitute this data. The X11 |
401 | * server, however, will ignore this fake data and use |
402 | * whatever authentication mechanisms it was using otherwise |
403 | * for the local connection. |
404 | */ |
405 | if (!got_data) { |
406 | u_int8_t rnd[16]; |
407 | u_int i; |
408 | |
409 | logit("Warning: No xauth data; "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 410 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: No xauth data; " "using fake authentication data for X11 forwarding.") |
410 | "using fake authentication data for X11 forwarding.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 410 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: No xauth data; " "using fake authentication data for X11 forwarding."); |
411 | strlcpy(proto, SSH_X11_PROTO"MIT-MAGIC-COOKIE-1", sizeof proto); |
412 | arc4random_buf(rnd, sizeof(rnd)); |
413 | for (i = 0; i < sizeof(rnd); i++) { |
414 | snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", |
415 | rnd[i]); |
416 | } |
417 | } |
418 | |
419 | return 0; |
420 | } |
421 | |
422 | /* |
423 | * Checks if the client window has changed, and sends a packet about it to |
424 | * the server if so. The actual change is detected elsewhere (by a software |
425 | * interrupt on Unix); this just checks the flag and sends a message if |
426 | * appropriate. |
427 | */ |
428 | |
429 | static void |
430 | client_check_window_change(struct ssh *ssh) |
431 | { |
432 | if (!received_window_change_signal) |
433 | return; |
434 | received_window_change_signal = 0; |
435 | debug2_f("changed")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 435 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "changed"); |
436 | channel_send_window_changes(ssh); |
437 | } |
438 | |
439 | static int |
440 | client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh) |
441 | { |
442 | struct global_confirm *gc; |
443 | |
444 | if ((gc = TAILQ_FIRST(&global_confirms)((&global_confirms)->tqh_first)) == NULL((void *)0)) |
445 | return 0; |
446 | if (gc->cb != NULL((void *)0)) |
447 | gc->cb(ssh, type, seq, gc->ctx); |
448 | if (--gc->ref_count <= 0) { |
449 | TAILQ_REMOVE(&global_confirms, gc, entry)do { if (((gc)->entry.tqe_next) != ((void *)0)) (gc)->entry .tqe_next->entry.tqe_prev = (gc)->entry.tqe_prev; else ( &global_confirms)->tqh_last = (gc)->entry.tqe_prev; *(gc)->entry.tqe_prev = (gc)->entry.tqe_next; ; ; } while (0); |
450 | freezero(gc, sizeof(*gc)); |
451 | } |
452 | |
453 | ssh_packet_set_alive_timeouts(ssh, 0); |
454 | return 0; |
455 | } |
456 | |
457 | static void |
458 | schedule_server_alive_check(void) |
459 | { |
460 | if (options.server_alive_interval > 0) |
461 | server_alive_time = monotime() + options.server_alive_interval; |
462 | } |
463 | |
464 | static void |
465 | server_alive_check(struct ssh *ssh) |
466 | { |
467 | int r; |
468 | |
469 | if (ssh_packet_inc_alive_timeouts(ssh) > options.server_alive_count_max) { |
470 | logit("Timeout, server %s not responding.", host)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 470 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Timeout, server %s not responding." , host); |
471 | cleanup_exit(255); |
472 | } |
473 | if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST80)) != 0 || |
474 | (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 || |
475 | (r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */ |
476 | (r = sshpkt_send(ssh)) != 0) |
477 | fatal_fr(r, "send packet")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 477, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send packet"); |
478 | /* Insert an empty placeholder to maintain ordering */ |
479 | client_register_global_confirm(NULL((void *)0), NULL((void *)0)); |
480 | schedule_server_alive_check(); |
481 | } |
482 | |
483 | /* |
484 | * Waits until the client can do something (some data becomes available on |
485 | * one of the file descriptors). |
486 | */ |
487 | static void |
488 | client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp, |
489 | u_int *npfd_allocp, u_int *npfd_activep, int rekeying, |
490 | int *conn_in_readyp, int *conn_out_readyp) |
491 | { |
492 | int timeout_secs, pollwait; |
493 | time_t minwait_secs = 0, now = monotime(); |
494 | int r, ret; |
495 | u_int p; |
496 | |
497 | *conn_in_readyp = *conn_out_readyp = 0; |
498 | |
499 | /* Prepare channel poll. First two pollfd entries are reserved */ |
500 | channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, |
501 | &minwait_secs); |
502 | if (*npfd_activep < 2) |
503 | fatal_f("bad npfd %u", *npfd_activep)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 503, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "bad npfd %u", *npfd_activep ); /* shouldn't happen */ |
504 | |
505 | /* channel_prepare_poll could have closed the last channel */ |
506 | if (session_closed && !channel_still_open(ssh) && |
507 | !ssh_packet_have_data_to_write(ssh)) { |
508 | /* clear events since we did not call poll() */ |
509 | for (p = 0; p < *npfd_activep; p++) |
510 | (*pfdp)[p].revents = 0; |
511 | return; |
512 | } |
513 | |
514 | /* Monitor server connection on reserved pollfd entries */ |
515 | (*pfdp)[0].fd = connection_in; |
516 | (*pfdp)[0].events = POLLIN0x0001; |
517 | (*pfdp)[1].fd = connection_out; |
518 | (*pfdp)[1].events = ssh_packet_have_data_to_write(ssh) ? POLLOUT0x0004 : 0; |
519 | |
520 | /* |
521 | * Wait for something to happen. This will suspend the process until |
522 | * some polled descriptor can be read, written, or has some other |
523 | * event pending, or a timeout expires. |
524 | */ |
525 | |
526 | timeout_secs = INT_MAX2147483647; /* we use INT_MAX to mean no timeout */ |
527 | if (options.server_alive_interval > 0) |
528 | timeout_secs = MAXIMUM(server_alive_time - now, 0)(((server_alive_time - now) > (0)) ? (server_alive_time - now ) : (0)); |
529 | if (options.rekey_interval > 0 && !rekeying) |
530 | timeout_secs = MINIMUM(timeout_secs,(((timeout_secs) < (ssh_packet_get_rekey_timeout(ssh))) ? ( timeout_secs) : (ssh_packet_get_rekey_timeout(ssh))) |
531 | ssh_packet_get_rekey_timeout(ssh))(((timeout_secs) < (ssh_packet_get_rekey_timeout(ssh))) ? ( timeout_secs) : (ssh_packet_get_rekey_timeout(ssh))); |
532 | set_control_persist_exit_time(ssh); |
533 | if (control_persist_exit_time > 0) { |
534 | timeout_secs = MINIMUM(timeout_secs,(((timeout_secs) < (control_persist_exit_time - now)) ? (timeout_secs ) : (control_persist_exit_time - now)) |
535 | control_persist_exit_time - now)(((timeout_secs) < (control_persist_exit_time - now)) ? (timeout_secs ) : (control_persist_exit_time - now)); |
536 | if (timeout_secs < 0) |
537 | timeout_secs = 0; |
538 | } |
539 | if (minwait_secs != 0) |
540 | timeout_secs = MINIMUM(timeout_secs, (int)minwait_secs)(((timeout_secs) < ((int)minwait_secs)) ? (timeout_secs) : ((int)minwait_secs)); |
541 | if (timeout_secs == INT_MAX2147483647) |
542 | pollwait = -1; |
543 | else if (timeout_secs >= INT_MAX2147483647 / 1000) |
544 | pollwait = INT_MAX2147483647; |
545 | else |
546 | pollwait = timeout_secs * 1000; |
547 | |
548 | ret = poll(*pfdp, *npfd_activep, pollwait); |
549 | |
550 | if (ret == -1) { |
551 | /* |
552 | * We have to clear the events because we return. |
553 | * We have to return, because the mainloop checks for the flags |
554 | * set by the signal handlers. |
555 | */ |
556 | for (p = 0; p < *npfd_activep; p++) |
557 | (*pfdp)[p].revents = 0; |
558 | if (errno(*__errno()) == EINTR4) |
559 | return; |
560 | /* Note: we might still have data in the buffers. */ |
561 | if ((r = sshbuf_putf(stderr_buffer, |
562 | "poll: %s\r\n", strerror(errno(*__errno())))) != 0) |
563 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 563, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
564 | quit_pending = 1; |
565 | return; |
566 | } |
567 | |
568 | *conn_in_readyp = (*pfdp)[0].revents != 0; |
569 | *conn_out_readyp = (*pfdp)[1].revents != 0; |
570 | |
571 | if (options.server_alive_interval > 0 && !*conn_in_readyp && |
572 | monotime() >= server_alive_time) { |
573 | /* |
574 | * ServerAlive check is needed. We can't rely on the poll |
575 | * timing out since traffic on the client side such as port |
576 | * forwards can keep waking it up. |
577 | */ |
578 | server_alive_check(ssh); |
579 | } |
580 | } |
581 | |
582 | static void |
583 | client_suspend_self(struct sshbuf *bin, struct sshbuf *bout, struct sshbuf *berr) |
584 | { |
585 | /* Flush stdout and stderr buffers. */ |
586 | if (sshbuf_len(bout) > 0) |
587 | atomicio(vwrite(ssize_t (*)(int, void *, size_t))write, fileno(stdout)(!__isthreaded ? (((&__sF[1]))->_file) : (fileno)((& __sF[1]))), sshbuf_mutable_ptr(bout), |
588 | sshbuf_len(bout)); |
589 | if (sshbuf_len(berr) > 0) |
590 | atomicio(vwrite(ssize_t (*)(int, void *, size_t))write, fileno(stderr)(!__isthreaded ? (((&__sF[2]))->_file) : (fileno)((& __sF[2]))), sshbuf_mutable_ptr(berr), |
591 | sshbuf_len(berr)); |
592 | |
593 | leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
594 | |
595 | sshbuf_reset(bin); |
596 | sshbuf_reset(bout); |
597 | sshbuf_reset(berr); |
598 | |
599 | /* Send the suspend signal to the program itself. */ |
600 | kill(getpid(), SIGTSTP18); |
601 | |
602 | /* Reset window sizes in case they have changed */ |
603 | received_window_change_signal = 1; |
604 | |
605 | enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
606 | } |
607 | |
608 | static void |
609 | client_process_net_input(struct ssh *ssh) |
610 | { |
611 | char buf[8192]; |
612 | int r, len; |
613 | |
614 | /* |
615 | * Read input from the server, and add any such data to the buffer of |
616 | * the packet subsystem. |
617 | */ |
618 | schedule_server_alive_check(); |
619 | /* Read as much as possible. */ |
620 | len = read(connection_in, buf, sizeof(buf)); |
621 | if (len == 0) { |
622 | /* Received EOF. The remote host has closed the connection. */ |
623 | if ((r = sshbuf_putf(stderr_buffer, |
624 | "Connection to %.300s closed by remote host.\r\n", |
625 | host)) != 0) |
626 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 626, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
627 | quit_pending = 1; |
628 | return; |
629 | } |
630 | /* |
631 | * There is a kernel bug on Solaris that causes poll to |
632 | * sometimes wake up even though there is no data available. |
633 | */ |
634 | if (len == -1 && (errno(*__errno()) == EAGAIN35 || errno(*__errno()) == EINTR4)) |
635 | len = 0; |
636 | |
637 | if (len == -1) { |
638 | /* |
639 | * An error has encountered. Perhaps there is a |
640 | * network problem. |
641 | */ |
642 | if ((r = sshbuf_putf(stderr_buffer, |
643 | "Read from remote host %.300s: %.100s\r\n", |
644 | host, strerror(errno(*__errno())))) != 0) |
645 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 645, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
646 | quit_pending = 1; |
647 | return; |
648 | } |
649 | ssh_packet_process_incoming(ssh, buf, len); |
650 | } |
651 | |
652 | static void |
653 | client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) |
654 | { |
655 | struct channel_reply_ctx *cr = (struct channel_reply_ctx *)ctx; |
656 | char errmsg[256]; |
657 | int r, tochan; |
658 | |
659 | /* |
660 | * If a TTY was explicitly requested, then a failure to allocate |
661 | * one is fatal. |
662 | */ |
663 | if (cr->action == CONFIRM_TTY && |
664 | (options.request_tty == REQUEST_TTY_FORCE3 || |
665 | options.request_tty == REQUEST_TTY_YES2)) |
666 | cr->action = CONFIRM_CLOSE; |
667 | |
668 | /* XXX suppress on mux _client_ quietmode */ |
669 | tochan = options.log_level >= SYSLOG_LEVEL_ERROR && |
670 | c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE2; |
671 | |
672 | if (type == SSH2_MSG_CHANNEL_SUCCESS99) { |
673 | debug2("%s request accepted on channel %d",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 674 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "%s request accepted on channel %d" , cr->request_type, c->self) |
674 | cr->request_type, c->self)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 674 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "%s request accepted on channel %d" , cr->request_type, c->self); |
675 | } else if (type == SSH2_MSG_CHANNEL_FAILURE100) { |
676 | if (tochan) { |
677 | snprintf(errmsg, sizeof(errmsg), |
678 | "%s request failed\r\n", cr->request_type); |
679 | } else { |
680 | snprintf(errmsg, sizeof(errmsg), |
681 | "%s request failed on channel %d", |
682 | cr->request_type, c->self); |
683 | } |
684 | /* If error occurred on primary session channel, then exit */ |
685 | if (cr->action == CONFIRM_CLOSE && c->self == session_ident) |
686 | fatal("%s", errmsg)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 686, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s", errmsg); |
687 | /* |
688 | * If error occurred on mux client, append to |
689 | * their stderr. |
690 | */ |
691 | if (tochan) { |
692 | debug3_f("channel %d: mux request: %s", c->self,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 693 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "channel %d: mux request: %s" , c->self, cr->request_type) |
693 | cr->request_type)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 693 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "channel %d: mux request: %s" , c->self, cr->request_type); |
694 | if ((r = sshbuf_put(c->extended, errmsg, |
695 | strlen(errmsg))) != 0) |
696 | fatal_fr(r, "sshbuf_put")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 696, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_put"); |
697 | } else |
698 | error("%s", errmsg)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 698 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s", errmsg); |
699 | if (cr->action == CONFIRM_TTY) { |
700 | /* |
701 | * If a TTY allocation error occurred, then arrange |
702 | * for the correct TTY to leave raw mode. |
703 | */ |
704 | if (c->self == session_ident) |
705 | leave_raw_mode(0); |
706 | else |
707 | mux_tty_alloc_failed(ssh, c); |
708 | } else if (cr->action == CONFIRM_CLOSE) { |
709 | chan_read_failed(ssh, c); |
710 | chan_write_failed(ssh, c); |
711 | } |
712 | } |
713 | free(cr); |
714 | } |
715 | |
716 | static void |
717 | client_abandon_status_confirm(struct ssh *ssh, Channel *c, void *ctx) |
718 | { |
719 | free(ctx); |
720 | } |
721 | |
722 | void |
723 | client_expect_confirm(struct ssh *ssh, int id, const char *request, |
724 | enum confirm_action action) |
725 | { |
726 | struct channel_reply_ctx *cr = xcalloc(1, sizeof(*cr)); |
727 | |
728 | cr->request_type = request; |
729 | cr->action = action; |
730 | |
731 | channel_register_status_confirm(ssh, id, client_status_confirm, |
732 | client_abandon_status_confirm, cr); |
733 | } |
734 | |
735 | void |
736 | client_register_global_confirm(global_confirm_cb *cb, void *ctx) |
737 | { |
738 | struct global_confirm *gc, *last_gc; |
739 | |
740 | /* Coalesce identical callbacks */ |
741 | last_gc = TAILQ_LAST(&global_confirms, global_confirms)(*(((struct global_confirms *)((&global_confirms)->tqh_last ))->tqh_last)); |
742 | if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) { |
743 | if (++last_gc->ref_count >= INT_MAX2147483647) |
744 | fatal_f("last_gc->ref_count = %d",sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 745, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "last_gc->ref_count = %d" , last_gc->ref_count) |
745 | last_gc->ref_count)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 745, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "last_gc->ref_count = %d" , last_gc->ref_count); |
746 | return; |
747 | } |
748 | |
749 | gc = xcalloc(1, sizeof(*gc)); |
750 | gc->cb = cb; |
751 | gc->ctx = ctx; |
752 | gc->ref_count = 1; |
753 | TAILQ_INSERT_TAIL(&global_confirms, gc, entry)do { (gc)->entry.tqe_next = ((void *)0); (gc)->entry.tqe_prev = (&global_confirms)->tqh_last; *(&global_confirms )->tqh_last = (gc); (&global_confirms)->tqh_last = & (gc)->entry.tqe_next; } while (0); |
754 | } |
755 | |
756 | static void |
757 | process_cmdline(struct ssh *ssh) |
758 | { |
759 | void (*handler)(int); |
760 | char *s, *cmd; |
761 | int ok, delete = 0, local = 0, remote = 0, dynamic = 0; |
762 | struct Forward fwd; |
763 | |
764 | memset(&fwd, 0, sizeof(fwd)); |
765 | |
766 | leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
767 | handler = ssh_signal(SIGINT2, SIG_IGN(void (*)(int))1); |
768 | cmd = s = read_passphrase("\r\nssh> ", RP_ECHO0x0001); |
769 | if (s == NULL((void *)0)) |
770 | goto out; |
771 | while (isspace((u_char)*s)) |
772 | s++; |
773 | if (*s == '-') |
774 | s++; /* Skip cmdline '-', if any */ |
775 | if (*s == '\0') |
776 | goto out; |
777 | |
778 | if (*s == 'h' || *s == 'H' || *s == '?') { |
779 | logit("Commands:")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 779 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Commands:"); |
780 | logit(" -L[bind_address:]port:host:hostport "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 781 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -L[bind_address:]port:host:hostport " "Request local forward") |
781 | "Request local forward")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 781 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -L[bind_address:]port:host:hostport " "Request local forward"); |
782 | logit(" -R[bind_address:]port:host:hostport "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 783 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -R[bind_address:]port:host:hostport " "Request remote forward") |
783 | "Request remote forward")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 783 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -R[bind_address:]port:host:hostport " "Request remote forward"); |
784 | logit(" -D[bind_address:]port "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 785 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -D[bind_address:]port " "Request dynamic forward") |
785 | "Request dynamic forward")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 785 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -D[bind_address:]port " "Request dynamic forward"); |
786 | logit(" -KL[bind_address:]port "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 787 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -KL[bind_address:]port " "Cancel local forward") |
787 | "Cancel local forward")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 787 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -KL[bind_address:]port " "Cancel local forward"); |
788 | logit(" -KR[bind_address:]port "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 789 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -KR[bind_address:]port " "Cancel remote forward") |
789 | "Cancel remote forward")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 789 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -KR[bind_address:]port " "Cancel remote forward"); |
790 | logit(" -KD[bind_address:]port "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 791 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -KD[bind_address:]port " "Cancel dynamic forward") |
791 | "Cancel dynamic forward")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 791 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " -KD[bind_address:]port " "Cancel dynamic forward"); |
792 | if (!options.permit_local_command) |
793 | goto out; |
794 | logit(" !args "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 795 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " !args " "Execute local command") |
795 | "Execute local command")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 795 , 0, SYSLOG_LEVEL_INFO, ((void *)0), " !args " "Execute local command"); |
796 | goto out; |
797 | } |
798 | |
799 | if (*s == '!' && options.permit_local_command) { |
800 | s++; |
801 | ssh_local_cmd(s); |
802 | goto out; |
803 | } |
804 | |
805 | if (*s == 'K') { |
806 | delete = 1; |
807 | s++; |
808 | } |
809 | if (*s == 'L') |
810 | local = 1; |
811 | else if (*s == 'R') |
812 | remote = 1; |
813 | else if (*s == 'D') |
814 | dynamic = 1; |
815 | else { |
816 | logit("Invalid command.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 816 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Invalid command."); |
817 | goto out; |
818 | } |
819 | |
820 | while (isspace((u_char)*++s)) |
821 | ; |
822 | |
823 | /* XXX update list of forwards in options */ |
824 | if (delete) { |
825 | /* We pass 1 for dynamicfwd to restrict to 1 or 2 fields. */ |
826 | if (!parse_forward(&fwd, s, 1, 0)) { |
827 | logit("Bad forwarding close specification.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 827 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Bad forwarding close specification." ); |
828 | goto out; |
829 | } |
830 | if (remote) |
831 | ok = channel_request_rforward_cancel(ssh, &fwd) == 0; |
832 | else if (dynamic) |
833 | ok = channel_cancel_lport_listener(ssh, &fwd, |
834 | 0, &options.fwd_opts) > 0; |
835 | else |
836 | ok = channel_cancel_lport_listener(ssh, &fwd, |
837 | CHANNEL_CANCEL_PORT_STATIC-1, |
838 | &options.fwd_opts) > 0; |
839 | if (!ok) { |
840 | logit("Unknown port forwarding.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 840 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Unknown port forwarding." ); |
841 | goto out; |
842 | } |
843 | logit("Canceled forwarding.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 843 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Canceled forwarding."); |
844 | } else { |
845 | if (!parse_forward(&fwd, s, dynamic, remote)) { |
846 | logit("Bad forwarding specification.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 846 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Bad forwarding specification." ); |
847 | goto out; |
848 | } |
849 | if (local || dynamic) { |
850 | if (!channel_setup_local_fwd_listener(ssh, &fwd, |
851 | &options.fwd_opts)) { |
852 | logit("Port forwarding failed.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 852 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Port forwarding failed." ); |
853 | goto out; |
854 | } |
855 | } else { |
856 | if (channel_request_remote_forwarding(ssh, &fwd) < 0) { |
857 | logit("Port forwarding failed.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 857 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Port forwarding failed." ); |
858 | goto out; |
859 | } |
860 | } |
861 | logit("Forwarding port.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 861 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Forwarding port."); |
862 | } |
863 | |
864 | out: |
865 | ssh_signal(SIGINT2, handler); |
866 | enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
867 | free(cmd); |
868 | free(fwd.listen_host); |
869 | free(fwd.listen_path); |
870 | free(fwd.connect_host); |
871 | free(fwd.connect_path); |
872 | } |
873 | |
874 | /* reasons to suppress output of an escape command in help output */ |
875 | #define SUPPRESS_NEVER0 0 /* never suppress, always show */ |
876 | #define SUPPRESS_MUXCLIENT1 1 /* don't show in mux client sessions */ |
877 | #define SUPPRESS_MUXMASTER2 2 /* don't show in mux master sessions */ |
878 | #define SUPPRESS_SYSLOG4 4 /* don't show when logging to syslog */ |
879 | struct escape_help_text { |
880 | const char *cmd; |
881 | const char *text; |
882 | unsigned int flags; |
883 | }; |
884 | static struct escape_help_text esc_txt[] = { |
885 | {".", "terminate session", SUPPRESS_MUXMASTER2}, |
886 | {".", "terminate connection (and any multiplexed sessions)", |
887 | SUPPRESS_MUXCLIENT1}, |
888 | {"B", "send a BREAK to the remote system", SUPPRESS_NEVER0}, |
889 | {"C", "open a command line", SUPPRESS_MUXCLIENT1}, |
890 | {"R", "request rekey", SUPPRESS_NEVER0}, |
891 | {"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT1}, |
892 | {"^Z", "suspend ssh", SUPPRESS_MUXCLIENT1}, |
893 | {"#", "list forwarded connections", SUPPRESS_NEVER0}, |
894 | {"&", "background ssh (when waiting for connections to terminate)", |
895 | SUPPRESS_MUXCLIENT1}, |
896 | {"?", "this message", SUPPRESS_NEVER0}, |
897 | }; |
898 | |
899 | static void |
900 | print_escape_help(struct sshbuf *b, int escape_char, int mux_client, |
901 | int using_stderr) |
902 | { |
903 | unsigned int i, suppress_flags; |
904 | int r; |
905 | |
906 | if ((r = sshbuf_putf(b, |
907 | "%c?\r\nSupported escape sequences:\r\n", escape_char)) != 0) |
908 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 908, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
909 | |
910 | suppress_flags = |
911 | (mux_client ? SUPPRESS_MUXCLIENT1 : 0) | |
912 | (mux_client ? 0 : SUPPRESS_MUXMASTER2) | |
913 | (using_stderr ? 0 : SUPPRESS_SYSLOG4); |
914 | |
915 | for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) { |
916 | if (esc_txt[i].flags & suppress_flags) |
917 | continue; |
918 | if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n", |
919 | escape_char, esc_txt[i].cmd, esc_txt[i].text)) != 0) |
920 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 920, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
921 | } |
922 | |
923 | if ((r = sshbuf_putf(b, |
924 | " %c%c - send the escape character by typing it twice\r\n" |
925 | "(Note that escapes are only recognized immediately after " |
926 | "newline.)\r\n", escape_char, escape_char)) != 0) |
927 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 927, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
928 | } |
929 | |
930 | /* |
931 | * Process the characters one by one. |
932 | */ |
933 | static int |
934 | process_escapes(struct ssh *ssh, Channel *c, |
935 | struct sshbuf *bin, struct sshbuf *bout, struct sshbuf *berr, |
936 | char *buf, int len) |
937 | { |
938 | pid_t pid; |
939 | int r, bytes = 0; |
940 | u_int i; |
941 | u_char ch; |
942 | char *s; |
943 | struct escape_filter_ctx *efc = c->filter_ctx == NULL((void *)0) ? |
944 | NULL((void *)0) : (struct escape_filter_ctx *)c->filter_ctx; |
945 | |
946 | if (c->filter_ctx == NULL((void *)0)) |
947 | return 0; |
948 | |
949 | if (len <= 0) |
950 | return (0); |
951 | |
952 | for (i = 0; i < (u_int)len; i++) { |
953 | /* Get one character at a time. */ |
954 | ch = buf[i]; |
955 | |
956 | if (efc->escape_pending) { |
957 | /* We have previously seen an escape character. */ |
958 | /* Clear the flag now. */ |
959 | efc->escape_pending = 0; |
960 | |
961 | /* Process the escaped character. */ |
962 | switch (ch) { |
963 | case '.': |
964 | /* Terminate the connection. */ |
965 | if ((r = sshbuf_putf(berr, "%c.\r\n", |
966 | efc->escape_char)) != 0) |
967 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 967, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
968 | if (c && c->ctl_chan != -1) { |
969 | chan_read_failed(ssh, c); |
970 | chan_write_failed(ssh, c); |
971 | if (c->detach_user) { |
972 | c->detach_user(ssh, |
973 | c->self, NULL((void *)0)); |
974 | } |
975 | c->type = SSH_CHANNEL_ABANDONED17; |
976 | sshbuf_reset(c->input); |
977 | chan_ibuf_empty(ssh, c); |
978 | return 0; |
979 | } else |
980 | quit_pending = 1; |
981 | return -1; |
982 | |
983 | case 'Z' - 64: |
984 | /* XXX support this for mux clients */ |
985 | if (c && c->ctl_chan != -1) { |
986 | char b[16]; |
987 | noescape: |
988 | if (ch == 'Z' - 64) |
989 | snprintf(b, sizeof b, "^Z"); |
990 | else |
991 | snprintf(b, sizeof b, "%c", ch); |
992 | if ((r = sshbuf_putf(berr, |
993 | "%c%s escape not available to " |
994 | "multiplexed sessions\r\n", |
995 | efc->escape_char, b)) != 0) |
996 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 996, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
997 | continue; |
998 | } |
999 | /* Suspend the program. Inform the user */ |
1000 | if ((r = sshbuf_putf(berr, |
1001 | "%c^Z [suspend ssh]\r\n", |
1002 | efc->escape_char)) != 0) |
1003 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1003, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
1004 | |
1005 | /* Restore terminal modes and suspend. */ |
1006 | client_suspend_self(bin, bout, berr); |
1007 | |
1008 | /* We have been continued. */ |
1009 | continue; |
1010 | |
1011 | case 'B': |
1012 | if ((r = sshbuf_putf(berr, |
1013 | "%cB\r\n", efc->escape_char)) != 0) |
1014 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1014, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
1015 | channel_request_start(ssh, c->self, "break", 0); |
1016 | if ((r = sshpkt_put_u32(ssh, 1000)) != 0 || |
1017 | (r = sshpkt_send(ssh)) != 0) |
1018 | fatal_fr(r, "send packet")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1018, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send packet"); |
1019 | continue; |
1020 | |
1021 | case 'R': |
1022 | if (ssh->compat & SSH_BUG_NOREKEY0x00008000) |
1023 | logit("Server does not "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1024 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Server does not " "support re-keying" ) |
1024 | "support re-keying")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1024 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Server does not " "support re-keying" ); |
1025 | else |
1026 | need_rekeying = 1; |
1027 | continue; |
1028 | |
1029 | case 'V': |
1030 | /* FALLTHROUGH */ |
1031 | case 'v': |
1032 | if (c && c->ctl_chan != -1) |
1033 | goto noescape; |
1034 | if (!log_is_on_stderr()) { |
1035 | if ((r = sshbuf_putf(berr, |
1036 | "%c%c [Logging to syslog]\r\n", |
1037 | efc->escape_char, ch)) != 0) |
1038 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1038, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
1039 | continue; |
1040 | } |
1041 | if (ch == 'V' && options.log_level > |
1042 | SYSLOG_LEVEL_QUIET) |
1043 | log_change_level(--options.log_level); |
1044 | if (ch == 'v' && options.log_level < |
1045 | SYSLOG_LEVEL_DEBUG3) |
1046 | log_change_level(++options.log_level); |
1047 | if ((r = sshbuf_putf(berr, |
1048 | "%c%c [LogLevel %s]\r\n", |
1049 | efc->escape_char, ch, |
1050 | log_level_name(options.log_level))) != 0) |
1051 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1051, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
1052 | continue; |
1053 | |
1054 | case '&': |
1055 | if (c && c->ctl_chan != -1) |
1056 | goto noescape; |
1057 | /* |
1058 | * Detach the program (continue to serve |
1059 | * connections, but put in background and no |
1060 | * more new connections). |
1061 | */ |
1062 | /* Restore tty modes. */ |
1063 | leave_raw_mode( |
1064 | options.request_tty == REQUEST_TTY_FORCE3); |
1065 | |
1066 | /* Stop listening for new connections. */ |
1067 | channel_stop_listening(ssh); |
1068 | |
1069 | if ((r = sshbuf_putf(berr, "%c& " |
1070 | "[backgrounded]\n", efc->escape_char)) != 0) |
1071 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1071, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
1072 | |
1073 | /* Fork into background. */ |
1074 | pid = fork(); |
1075 | if (pid == -1) { |
1076 | error("fork: %.100s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1076 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "fork: %.100s", strerror ((*__errno()))); |
1077 | continue; |
1078 | } |
1079 | if (pid != 0) { /* This is the parent. */ |
1080 | /* The parent just exits. */ |
1081 | exit(0); |
1082 | } |
1083 | /* The child continues serving connections. */ |
1084 | /* fake EOF on stdin */ |
1085 | if ((r = sshbuf_put_u8(bin, 4)) != 0) |
1086 | fatal_fr(r, "sshbuf_put_u8")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1086, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_put_u8"); |
1087 | return -1; |
1088 | case '?': |
1089 | print_escape_help(berr, efc->escape_char, |
1090 | (c && c->ctl_chan != -1), |
1091 | log_is_on_stderr()); |
1092 | continue; |
1093 | |
1094 | case '#': |
1095 | if ((r = sshbuf_putf(berr, "%c#\r\n", |
1096 | efc->escape_char)) != 0) |
1097 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1097, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
1098 | s = channel_open_message(ssh); |
1099 | if ((r = sshbuf_put(berr, s, strlen(s))) != 0) |
1100 | fatal_fr(r, "sshbuf_put")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1100, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_put"); |
1101 | free(s); |
1102 | continue; |
1103 | |
1104 | case 'C': |
1105 | if (c && c->ctl_chan != -1) |
1106 | goto noescape; |
1107 | process_cmdline(ssh); |
1108 | continue; |
1109 | |
1110 | default: |
1111 | if (ch != efc->escape_char) { |
1112 | if ((r = sshbuf_put_u8(bin, |
1113 | efc->escape_char)) != 0) |
1114 | fatal_fr(r, "sshbuf_put_u8")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1114, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_put_u8"); |
1115 | bytes++; |
1116 | } |
1117 | /* Escaped characters fall through here */ |
1118 | break; |
1119 | } |
1120 | } else { |
1121 | /* |
1122 | * The previous character was not an escape char. |
1123 | * Check if this is an escape. |
1124 | */ |
1125 | if (last_was_cr && ch == efc->escape_char) { |
1126 | /* |
1127 | * It is. Set the flag and continue to |
1128 | * next character. |
1129 | */ |
1130 | efc->escape_pending = 1; |
1131 | continue; |
1132 | } |
1133 | } |
1134 | |
1135 | /* |
1136 | * Normal character. Record whether it was a newline, |
1137 | * and append it to the buffer. |
1138 | */ |
1139 | last_was_cr = (ch == '\r' || ch == '\n'); |
1140 | if ((r = sshbuf_put_u8(bin, ch)) != 0) |
1141 | fatal_fr(r, "sshbuf_put_u8")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1141, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_put_u8"); |
1142 | bytes++; |
1143 | } |
1144 | return bytes; |
1145 | } |
1146 | |
1147 | /* |
1148 | * Get packets from the connection input buffer, and process them as long as |
1149 | * there are packets available. |
1150 | * |
1151 | * Any unknown packets received during the actual |
1152 | * session cause the session to terminate. This is |
1153 | * intended to make debugging easier since no |
1154 | * confirmations are sent. Any compatible protocol |
1155 | * extensions must be negotiated during the |
1156 | * preparatory phase. |
1157 | */ |
1158 | |
1159 | static void |
1160 | client_process_buffered_input_packets(struct ssh *ssh) |
1161 | { |
1162 | ssh_dispatch_run_fatal(ssh, DISPATCH_NONBLOCK, &quit_pending); |
1163 | } |
1164 | |
1165 | /* scan buf[] for '~' before sending data to the peer */ |
1166 | |
1167 | /* Helper: allocate a new escape_filter_ctx and fill in its escape char */ |
1168 | void * |
1169 | client_new_escape_filter_ctx(int escape_char) |
1170 | { |
1171 | struct escape_filter_ctx *ret; |
1172 | |
1173 | ret = xcalloc(1, sizeof(*ret)); |
1174 | ret->escape_pending = 0; |
1175 | ret->escape_char = escape_char; |
1176 | return (void *)ret; |
1177 | } |
1178 | |
1179 | /* Free the escape filter context on channel free */ |
1180 | void |
1181 | client_filter_cleanup(struct ssh *ssh, int cid, void *ctx) |
1182 | { |
1183 | free(ctx); |
1184 | } |
1185 | |
1186 | int |
1187 | client_simple_escape_filter(struct ssh *ssh, Channel *c, char *buf, int len) |
1188 | { |
1189 | if (c->extended_usage != CHAN_EXTENDED_WRITE2) |
1190 | return 0; |
1191 | |
1192 | return process_escapes(ssh, c, c->input, c->output, c->extended, |
1193 | buf, len); |
1194 | } |
1195 | |
1196 | static void |
1197 | client_channel_closed(struct ssh *ssh, int id, void *arg) |
1198 | { |
1199 | channel_cancel_cleanup(ssh, id); |
1200 | session_closed = 1; |
1201 | leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
1202 | } |
1203 | |
1204 | /* |
1205 | * Implements the interactive session with the server. This is called after |
1206 | * the user has been authenticated, and a command has been started on the |
1207 | * remote host. If escape_char != SSH_ESCAPECHAR_NONE, it is the character |
1208 | * used as an escape character for terminating or suspending the session. |
1209 | */ |
1210 | int |
1211 | client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, |
1212 | int ssh2_chan_id) |
1213 | { |
1214 | struct pollfd *pfd = NULL((void *)0); |
1215 | u_int npfd_alloc = 0, npfd_active = 0; |
1216 | double start_time, total_time; |
1217 | int r, len; |
1218 | u_int64_t ibytes, obytes; |
1219 | int conn_in_ready, conn_out_ready; |
1220 | |
1221 | debug("Entering interactive session.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Entering interactive session." ); |
1222 | |
1223 | if (options.control_master && |
1224 | !option_clear_or_none(options.control_path)) { |
1225 | debug("pledge: id")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1225 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "pledge: id"); |
1226 | if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", |
1227 | NULL((void *)0)) == -1) |
1228 | fatal_f("pledge(): %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1228, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "pledge(): %s", strerror ((*__errno()))); |
1229 | |
1230 | } else if (options.forward_x11 || options.permit_local_command) { |
1231 | debug("pledge: exec")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1231 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "pledge: exec"); |
1232 | if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", |
1233 | NULL((void *)0)) == -1) |
1234 | fatal_f("pledge(): %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1234, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "pledge(): %s", strerror ((*__errno()))); |
1235 | |
1236 | } else if (options.update_hostkeys) { |
1237 | debug("pledge: filesystem")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1237 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "pledge: filesystem"); |
1238 | if (pledge("stdio rpath wpath cpath unix inet dns proc tty", |
1239 | NULL((void *)0)) == -1) |
1240 | fatal_f("pledge(): %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1240, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "pledge(): %s", strerror ((*__errno()))); |
1241 | |
1242 | } else if (!option_clear_or_none(options.proxy_command) || |
1243 | options.fork_after_authentication) { |
1244 | debug("pledge: proc")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1244 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "pledge: proc"); |
1245 | if (pledge("stdio cpath unix inet dns proc tty", NULL((void *)0)) == -1) |
1246 | fatal_f("pledge(): %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1246, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "pledge(): %s", strerror ((*__errno()))); |
1247 | |
1248 | } else { |
1249 | debug("pledge: network")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1249 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "pledge: network"); |
1250 | if (pledge("stdio unix inet dns proc tty", NULL((void *)0)) == -1) |
1251 | fatal_f("pledge(): %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1251, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "pledge(): %s", strerror ((*__errno()))); |
1252 | } |
1253 | |
1254 | start_time = monotime_double(); |
1255 | |
1256 | /* Initialize variables. */ |
1257 | last_was_cr = 1; |
1258 | exit_status = -1; |
1259 | connection_in = ssh_packet_get_connection_in(ssh); |
1260 | connection_out = ssh_packet_get_connection_out(ssh); |
1261 | |
1262 | quit_pending = 0; |
1263 | |
1264 | /* Initialize buffer. */ |
1265 | if ((stderr_buffer = sshbuf_new()) == NULL((void *)0)) |
1266 | fatal_f("sshbuf_new failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1266, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshbuf_new failed" ); |
1267 | |
1268 | client_init_dispatch(ssh); |
1269 | |
1270 | /* |
1271 | * Set signal handlers, (e.g. to restore non-blocking mode) |
1272 | * but don't overwrite SIG_IGN, matches behaviour from rsh(1) |
1273 | */ |
1274 | if (ssh_signal(SIGHUP1, SIG_IGN(void (*)(int))1) != SIG_IGN(void (*)(int))1) |
1275 | ssh_signal(SIGHUP1, signal_handler); |
1276 | if (ssh_signal(SIGINT2, SIG_IGN(void (*)(int))1) != SIG_IGN(void (*)(int))1) |
1277 | ssh_signal(SIGINT2, signal_handler); |
1278 | if (ssh_signal(SIGQUIT3, SIG_IGN(void (*)(int))1) != SIG_IGN(void (*)(int))1) |
1279 | ssh_signal(SIGQUIT3, signal_handler); |
1280 | if (ssh_signal(SIGTERM15, SIG_IGN(void (*)(int))1) != SIG_IGN(void (*)(int))1) |
1281 | ssh_signal(SIGTERM15, signal_handler); |
1282 | ssh_signal(SIGWINCH28, window_change_handler); |
1283 | |
1284 | if (have_pty) |
1285 | enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
1286 | |
1287 | session_ident = ssh2_chan_id; |
1288 | if (session_ident != -1) { |
1289 | if (escape_char_arg != SSH_ESCAPECHAR_NONE-2) { |
1290 | channel_register_filter(ssh, session_ident, |
1291 | client_simple_escape_filter, NULL((void *)0), |
1292 | client_filter_cleanup, |
1293 | client_new_escape_filter_ctx( |
1294 | escape_char_arg)); |
1295 | } |
1296 | channel_register_cleanup(ssh, session_ident, |
1297 | client_channel_closed, 0); |
1298 | } |
1299 | |
1300 | schedule_server_alive_check(); |
1301 | |
1302 | /* Main loop of the client for the interactive session mode. */ |
1303 | while (!quit_pending) { |
1304 | |
1305 | /* Process buffered packets sent by the server. */ |
1306 | client_process_buffered_input_packets(ssh); |
1307 | |
1308 | if (session_closed && !channel_still_open(ssh)) |
1309 | break; |
1310 | |
1311 | if (ssh_packet_is_rekeying(ssh)) { |
1312 | debug("rekeying in progress")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1312 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekeying in progress" ); |
1313 | } else if (need_rekeying) { |
1314 | /* manual rekey request */ |
1315 | debug("need rekeying")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1315 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "need rekeying"); |
1316 | if ((r = kex_start_rekex(ssh)) != 0) |
1317 | fatal_fr(r, "kex_start_rekex")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1317, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "kex_start_rekex"); |
1318 | need_rekeying = 0; |
1319 | } else { |
1320 | /* |
1321 | * Make packets from buffered channel data, and |
1322 | * enqueue them for sending to the server. |
1323 | */ |
1324 | if (ssh_packet_not_very_much_data_to_write(ssh)) |
1325 | channel_output_poll(ssh); |
1326 | |
1327 | /* |
1328 | * Check if the window size has changed, and buffer a |
1329 | * message about it to the server if so. |
1330 | */ |
1331 | client_check_window_change(ssh); |
1332 | |
1333 | if (quit_pending) |
1334 | break; |
1335 | } |
1336 | /* |
1337 | * Wait until we have something to do (something becomes |
1338 | * available on one of the descriptors). |
1339 | */ |
1340 | client_wait_until_can_do_something(ssh, &pfd, &npfd_alloc, |
1341 | &npfd_active, ssh_packet_is_rekeying(ssh), |
1342 | &conn_in_ready, &conn_out_ready); |
1343 | |
1344 | if (quit_pending) |
1345 | break; |
1346 | |
1347 | /* Do channel operations unless rekeying in progress. */ |
1348 | if (!ssh_packet_is_rekeying(ssh)) |
1349 | channel_after_poll(ssh, pfd, npfd_active); |
1350 | |
1351 | /* Buffer input from the connection. */ |
1352 | if (conn_in_ready) |
1353 | client_process_net_input(ssh); |
1354 | |
1355 | if (quit_pending) |
1356 | break; |
1357 | |
1358 | /* A timeout may have triggered rekeying */ |
1359 | if ((r = ssh_packet_check_rekey(ssh)) != 0) |
1360 | fatal_fr(r, "cannot start rekeying")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1360, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "cannot start rekeying" ); |
1361 | |
1362 | /* |
1363 | * Send as much buffered packet data as possible to the |
1364 | * sender. |
1365 | */ |
1366 | if (conn_out_ready) { |
1367 | if ((r = ssh_packet_write_poll(ssh)) != 0) { |
1368 | sshpkt_fatal(ssh, r, |
1369 | "%s: ssh_packet_write_poll", __func__); |
1370 | } |
1371 | } |
1372 | |
1373 | /* |
1374 | * If we are a backgrounded control master, and the |
1375 | * timeout has expired without any active client |
1376 | * connections, then quit. |
1377 | */ |
1378 | if (control_persist_exit_time > 0) { |
1379 | if (monotime() >= control_persist_exit_time) { |
1380 | debug("ControlPersist timeout expired")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1380 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "ControlPersist timeout expired" ); |
1381 | break; |
1382 | } |
1383 | } |
1384 | } |
1385 | free(pfd); |
1386 | |
1387 | /* Terminate the session. */ |
1388 | |
1389 | /* Stop watching for window change. */ |
1390 | ssh_signal(SIGWINCH28, SIG_DFL(void (*)(int))0); |
1391 | |
1392 | if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT1)) != 0 || |
1393 | (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION11)) != 0 || |
1394 | (r = sshpkt_put_cstring(ssh, "disconnected by user")) != 0 || |
1395 | (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language tag */ |
1396 | (r = sshpkt_send(ssh)) != 0 || |
1397 | (r = ssh_packet_write_wait(ssh)) != 0) |
1398 | fatal_fr(r, "send disconnect")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1398, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send disconnect"); |
1399 | |
1400 | channel_free_all(ssh); |
1401 | |
1402 | if (have_pty) |
1403 | leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
1404 | |
1405 | /* |
1406 | * If there was no shell or command requested, there will be no remote |
1407 | * exit status to be returned. In that case, clear error code if the |
1408 | * connection was deliberately terminated at this end. |
1409 | */ |
1410 | if (options.session_type == SESSION_TYPE_NONE0 && |
1411 | received_signal == SIGTERM15) { |
1412 | received_signal = 0; |
1413 | exit_status = 0; |
1414 | } |
1415 | |
1416 | if (received_signal) { |
1417 | verbose("Killed by signal %d.", (int) received_signal)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1417 , 0, SYSLOG_LEVEL_VERBOSE, ((void *)0), "Killed by signal %d." , (int) received_signal); |
1418 | cleanup_exit(255); |
1419 | } |
1420 | |
1421 | /* |
1422 | * In interactive mode (with pseudo tty) display a message indicating |
1423 | * that the connection has been closed. |
1424 | */ |
1425 | if (have_pty && options.log_level >= SYSLOG_LEVEL_INFO) { |
1426 | if ((r = sshbuf_putf(stderr_buffer, |
1427 | "Connection to %.64s closed.\r\n", host)) != 0) |
1428 | fatal_fr(r, "sshbuf_putf")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1428, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_putf"); |
1429 | } |
1430 | |
1431 | /* Output any buffered data for stderr. */ |
1432 | if (sshbuf_len(stderr_buffer) > 0) { |
1433 | len = atomicio(vwrite(ssize_t (*)(int, void *, size_t))write, fileno(stderr)(!__isthreaded ? (((&__sF[2]))->_file) : (fileno)((& __sF[2]))), |
1434 | (u_char *)sshbuf_ptr(stderr_buffer), |
1435 | sshbuf_len(stderr_buffer)); |
1436 | if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer)) |
1437 | error("Write failed flushing stderr buffer.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1437 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Write failed flushing stderr buffer." ); |
1438 | else if ((r = sshbuf_consume(stderr_buffer, len)) != 0) |
1439 | fatal_fr(r, "sshbuf_consume")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1439, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshbuf_consume"); |
1440 | } |
1441 | |
1442 | /* Clear and free any buffers. */ |
1443 | sshbuf_free(stderr_buffer); |
1444 | |
1445 | /* Report bytes transferred, and transfer rates. */ |
1446 | total_time = monotime_double() - start_time; |
1447 | ssh_packet_get_bytes(ssh, &ibytes, &obytes); |
1448 | verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1449 , 0, SYSLOG_LEVEL_VERBOSE, ((void *)0), "Transferred: sent %llu, received %llu bytes, in %.1f seconds" , (unsigned long long)obytes, (unsigned long long)ibytes, total_time ) |
1449 | (unsigned long long)obytes, (unsigned long long)ibytes, total_time)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1449 , 0, SYSLOG_LEVEL_VERBOSE, ((void *)0), "Transferred: sent %llu, received %llu bytes, in %.1f seconds" , (unsigned long long)obytes, (unsigned long long)ibytes, total_time ); |
1450 | if (total_time > 0) |
1451 | verbose("Bytes per second: sent %.1f, received %.1f",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1452 , 0, SYSLOG_LEVEL_VERBOSE, ((void *)0), "Bytes per second: sent %.1f, received %.1f" , obytes / total_time, ibytes / total_time) |
1452 | obytes / total_time, ibytes / total_time)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1452 , 0, SYSLOG_LEVEL_VERBOSE, ((void *)0), "Bytes per second: sent %.1f, received %.1f" , obytes / total_time, ibytes / total_time); |
1453 | /* Return the exit status of the program. */ |
1454 | debug("Exit status %d", exit_status)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1454 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Exit status %d", exit_status ); |
1455 | return exit_status; |
1456 | } |
1457 | |
1458 | /*********/ |
1459 | |
1460 | static Channel * |
1461 | client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, |
1462 | int rchan, u_int rwindow, u_int rmaxpack) |
1463 | { |
1464 | Channel *c = NULL((void *)0); |
1465 | struct sshbuf *b = NULL((void *)0); |
1466 | char *listen_address, *originator_address; |
1467 | u_int listen_port, originator_port; |
1468 | int r; |
1469 | |
1470 | /* Get rest of the packet */ |
1471 | if ((r = sshpkt_get_cstring(ssh, &listen_address, NULL((void *)0))) != 0 || |
1472 | (r = sshpkt_get_u32(ssh, &listen_port)) != 0 || |
1473 | (r = sshpkt_get_cstring(ssh, &originator_address, NULL((void *)0))) != 0 || |
1474 | (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || |
1475 | (r = sshpkt_get_end(ssh)) != 0) |
1476 | fatal_fr(r, "parse packet")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1476, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "parse packet"); |
1477 | |
1478 | debug_f("listen %s port %d, originator %s port %d",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1479 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "listen %s port %d, originator %s port %d" , listen_address, listen_port, originator_address, originator_port ) |
1479 | listen_address, listen_port, originator_address, originator_port)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1479 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "listen %s port %d, originator %s port %d" , listen_address, listen_port, originator_address, originator_port ); |
1480 | |
1481 | if (listen_port > 0xffff) |
1482 | error_f("invalid listen port")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1482 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "invalid listen port"); |
1483 | else if (originator_port > 0xffff) |
1484 | error_f("invalid originator port")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1484 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "invalid originator port" ); |
1485 | else { |
1486 | c = channel_connect_by_listen_address(ssh, |
1487 | listen_address, listen_port, "forwarded-tcpip", |
1488 | originator_address); |
1489 | } |
1490 | |
1491 | if (c != NULL((void *)0) && c->type == SSH_CHANNEL_MUX_CLIENT16) { |
1492 | if ((b = sshbuf_new()) == NULL((void *)0)) { |
1493 | error_f("alloc reply")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1493 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "alloc reply"); |
1494 | goto out; |
1495 | } |
1496 | /* reconstruct and send to muxclient */ |
1497 | if ((r = sshbuf_put_u8(b, 0)) != 0 || /* padlen */ |
1498 | (r = sshbuf_put_u8(b, SSH2_MSG_CHANNEL_OPEN90)) != 0 || |
1499 | (r = sshbuf_put_cstring(b, request_type)) != 0 || |
1500 | (r = sshbuf_put_u32(b, rchan)) != 0 || |
1501 | (r = sshbuf_put_u32(b, rwindow)) != 0 || |
1502 | (r = sshbuf_put_u32(b, rmaxpack)) != 0 || |
1503 | (r = sshbuf_put_cstring(b, listen_address)) != 0 || |
1504 | (r = sshbuf_put_u32(b, listen_port)) != 0 || |
1505 | (r = sshbuf_put_cstring(b, originator_address)) != 0 || |
1506 | (r = sshbuf_put_u32(b, originator_port)) != 0 || |
1507 | (r = sshbuf_put_stringb(c->output, b)) != 0) { |
1508 | error_fr(r, "compose for muxclient")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1508 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "compose for muxclient"); |
1509 | goto out; |
1510 | } |
1511 | } |
1512 | |
1513 | out: |
1514 | sshbuf_free(b); |
1515 | free(originator_address); |
1516 | free(listen_address); |
1517 | return c; |
1518 | } |
1519 | |
1520 | static Channel * |
1521 | client_request_forwarded_streamlocal(struct ssh *ssh, |
1522 | const char *request_type, int rchan) |
1523 | { |
1524 | Channel *c = NULL((void *)0); |
1525 | char *listen_path; |
1526 | int r; |
1527 | |
1528 | /* Get the remote path. */ |
1529 | if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL((void *)0))) != 0 || |
1530 | (r = sshpkt_get_string(ssh, NULL((void *)0), NULL((void *)0))) != 0 || /* reserved */ |
1531 | (r = sshpkt_get_end(ssh)) != 0) |
1532 | fatal_fr(r, "parse packet")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1532, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "parse packet"); |
1533 | |
1534 | debug_f("request: %s", listen_path)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1534 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "request: %s", listen_path ); |
1535 | |
1536 | c = channel_connect_by_listen_path(ssh, listen_path, |
1537 | "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); |
1538 | free(listen_path); |
1539 | return c; |
1540 | } |
1541 | |
1542 | static Channel * |
1543 | client_request_x11(struct ssh *ssh, const char *request_type, int rchan) |
1544 | { |
1545 | Channel *c = NULL((void *)0); |
1546 | char *originator; |
1547 | u_int originator_port; |
1548 | int r, sock; |
1549 | |
1550 | if (!options.forward_x11) { |
1551 | error("Warning: ssh server tried X11 forwarding.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1551 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: ssh server tried X11 forwarding." ); |
1552 | error("Warning: this is probably a break-in attempt by a "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1553 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: this is probably a break-in attempt by a " "malicious server.") |
1553 | "malicious server.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1553 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: this is probably a break-in attempt by a " "malicious server."); |
1554 | return NULL((void *)0); |
1555 | } |
1556 | if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { |
1557 | verbose("Rejected X11 connection after ForwardX11Timeout "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1558 , 0, SYSLOG_LEVEL_VERBOSE, ((void *)0), "Rejected X11 connection after ForwardX11Timeout " "expired") |
1558 | "expired")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1558 , 0, SYSLOG_LEVEL_VERBOSE, ((void *)0), "Rejected X11 connection after ForwardX11Timeout " "expired"); |
1559 | return NULL((void *)0); |
1560 | } |
1561 | if ((r = sshpkt_get_cstring(ssh, &originator, NULL((void *)0))) != 0 || |
1562 | (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || |
1563 | (r = sshpkt_get_end(ssh)) != 0) |
1564 | fatal_fr(r, "parse packet")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1564, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "parse packet"); |
1565 | /* XXX check permission */ |
1566 | /* XXX range check originator port? */ |
1567 | debug("client_request_x11: request from %s %u", originator,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1568 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_request_x11: request from %s %u" , originator, originator_port) |
1568 | originator_port)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1568 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_request_x11: request from %s %u" , originator, originator_port); |
1569 | free(originator); |
1570 | sock = x11_connect_display(ssh); |
1571 | if (sock < 0) |
1572 | return NULL((void *)0); |
1573 | c = channel_new(ssh, "x11", |
1574 | SSH_CHANNEL_X11_OPEN7, sock, sock, -1, |
1575 | CHAN_TCP_WINDOW_DEFAULT(64*(32*1024)), CHAN_X11_PACKET_DEFAULT(16*1024), 0, "x11", 1); |
1576 | c->force_drain = 1; |
1577 | return c; |
1578 | } |
1579 | |
1580 | static Channel * |
1581 | client_request_agent(struct ssh *ssh, const char *request_type, int rchan) |
1582 | { |
1583 | Channel *c = NULL((void *)0); |
1584 | int r, sock; |
1585 | |
1586 | if (!options.forward_agent) { |
1587 | error("Warning: ssh server tried agent forwarding.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1587 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: ssh server tried agent forwarding." ); |
1588 | error("Warning: this is probably a break-in attempt by a "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1589 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: this is probably a break-in attempt by a " "malicious server.") |
1589 | "malicious server.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1589 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: this is probably a break-in attempt by a " "malicious server."); |
1590 | return NULL((void *)0); |
1591 | } |
1592 | if (forward_agent_sock_path == NULL((void *)0)) { |
1593 | r = ssh_get_authentication_socket(&sock); |
1594 | } else { |
1595 | r = ssh_get_authentication_socket_path(forward_agent_sock_path, &sock); |
1596 | } |
1597 | if (r != 0) { |
1598 | if (r != SSH_ERR_AGENT_NOT_PRESENT-47) |
1599 | debug_fr(r, "ssh_get_authentication_socket")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1599 , 1, SYSLOG_LEVEL_DEBUG1, ssh_err(r), "ssh_get_authentication_socket" ); |
1600 | return NULL((void *)0); |
1601 | } |
1602 | if ((r = ssh_agent_bind_hostkey(sock, ssh->kex->initial_hostkey, |
1603 | ssh->kex->session_id, ssh->kex->initial_sig, 1)) == 0) |
1604 | debug_f("bound agent to hostkey")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1604 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "bound agent to hostkey" ); |
1605 | else |
1606 | debug2_fr(r, "ssh_agent_bind_hostkey")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1606 , 1, SYSLOG_LEVEL_DEBUG2, ssh_err(r), "ssh_agent_bind_hostkey" ); |
1607 | |
1608 | c = channel_new(ssh, "authentication agent connection", |
1609 | SSH_CHANNEL_OPEN4, sock, sock, -1, |
1610 | CHAN_X11_WINDOW_DEFAULT(4*(16*1024)), CHAN_TCP_PACKET_DEFAULT(32*1024), 0, |
1611 | "authentication agent connection", 1); |
1612 | c->force_drain = 1; |
1613 | return c; |
1614 | } |
1615 | |
1616 | char * |
1617 | client_request_tun_fwd(struct ssh *ssh, int tun_mode, |
1618 | int local_tun, int remote_tun, channel_open_fn *cb, void *cbctx) |
1619 | { |
1620 | Channel *c; |
1621 | int r, fd; |
1622 | char *ifname = NULL((void *)0); |
1623 | |
1624 | if (tun_mode == SSH_TUNMODE_NO0x00) |
1625 | return 0; |
1626 | |
1627 | debug("Requesting tun unit %d in mode %d", local_tun, tun_mode)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1627 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Requesting tun unit %d in mode %d" , local_tun, tun_mode); |
1628 | |
1629 | /* Open local tunnel device */ |
1630 | if ((fd = tun_open(local_tun, tun_mode, &ifname)) == -1) { |
1631 | error("Tunnel device open failed.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1631 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel device open failed." ); |
1632 | return NULL((void *)0); |
1633 | } |
1634 | debug("Tunnel forwarding using interface %s", ifname)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1634 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Tunnel forwarding using interface %s" , ifname); |
1635 | |
1636 | c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING3, fd, fd, -1, |
1637 | CHAN_TCP_WINDOW_DEFAULT(64*(32*1024)), CHAN_TCP_PACKET_DEFAULT(32*1024), 0, "tun", 1); |
1638 | c->datagram = 1; |
1639 | |
1640 | if (cb != NULL((void *)0)) |
1641 | channel_register_open_confirm(ssh, c->self, cb, cbctx); |
1642 | |
1643 | if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN90)) != 0 || |
1644 | (r = sshpkt_put_cstring(ssh, "tun@openssh.com")) != 0 || |
1645 | (r = sshpkt_put_u32(ssh, c->self)) != 0 || |
1646 | (r = sshpkt_put_u32(ssh, c->local_window_max)) != 0 || |
1647 | (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || |
1648 | (r = sshpkt_put_u32(ssh, tun_mode)) != 0 || |
1649 | (r = sshpkt_put_u32(ssh, remote_tun)) != 0 || |
1650 | (r = sshpkt_send(ssh)) != 0) |
1651 | sshpkt_fatal(ssh, r, "%s: send reply", __func__); |
1652 | |
1653 | return ifname; |
1654 | } |
1655 | |
1656 | /* XXXX move to generic input handler */ |
1657 | static int |
1658 | client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) |
1659 | { |
1660 | Channel *c = NULL((void *)0); |
1661 | char *ctype = NULL((void *)0); |
1662 | int r; |
1663 | u_int rchan; |
1664 | size_t len; |
1665 | u_int rmaxpack, rwindow; |
1666 | |
1667 | if ((r = sshpkt_get_cstring(ssh, &ctype, &len)) != 0 || |
1668 | (r = sshpkt_get_u32(ssh, &rchan)) != 0 || |
1669 | (r = sshpkt_get_u32(ssh, &rwindow)) != 0 || |
1670 | (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0) |
1671 | goto out; |
1672 | |
1673 | debug("client_input_channel_open: ctype %s rchan %d win %d max %d",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1674 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_input_channel_open: ctype %s rchan %d win %d max %d" , ctype, rchan, rwindow, rmaxpack) |
1674 | ctype, rchan, rwindow, rmaxpack)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1674 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_input_channel_open: ctype %s rchan %d win %d max %d" , ctype, rchan, rwindow, rmaxpack); |
1675 | |
1676 | if (strcmp(ctype, "forwarded-tcpip") == 0) { |
1677 | c = client_request_forwarded_tcpip(ssh, ctype, rchan, rwindow, |
1678 | rmaxpack); |
1679 | } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { |
1680 | c = client_request_forwarded_streamlocal(ssh, ctype, rchan); |
1681 | } else if (strcmp(ctype, "x11") == 0) { |
1682 | c = client_request_x11(ssh, ctype, rchan); |
1683 | } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { |
1684 | c = client_request_agent(ssh, ctype, rchan); |
1685 | } |
1686 | if (c != NULL((void *)0) && c->type == SSH_CHANNEL_MUX_CLIENT16) { |
1687 | debug3("proxied to downstream: %s", ctype)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1687 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "proxied to downstream: %s" , ctype); |
1688 | } else if (c != NULL((void *)0)) { |
1689 | debug("confirm %s", ctype)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1689 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "confirm %s", ctype); |
1690 | c->remote_id = rchan; |
1691 | c->have_remote_id = 1; |
1692 | c->remote_window = rwindow; |
1693 | c->remote_maxpacket = rmaxpack; |
1694 | if (c->type != SSH_CHANNEL_CONNECTING12) { |
1695 | if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION91)) != 0 || |
1696 | (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || |
1697 | (r = sshpkt_put_u32(ssh, c->self)) != 0 || |
1698 | (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || |
1699 | (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || |
1700 | (r = sshpkt_send(ssh)) != 0) |
1701 | sshpkt_fatal(ssh, r, "%s: send reply", __func__); |
1702 | } |
1703 | } else { |
1704 | debug("failure %s", ctype)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1704 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "failure %s", ctype); |
1705 | if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE92)) != 0 || |
1706 | (r = sshpkt_put_u32(ssh, rchan)) != 0 || |
1707 | (r = sshpkt_put_u32(ssh, SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED1)) != 0 || |
1708 | (r = sshpkt_put_cstring(ssh, "open failed")) != 0 || |
1709 | (r = sshpkt_put_cstring(ssh, "")) != 0 || |
1710 | (r = sshpkt_send(ssh)) != 0) |
1711 | sshpkt_fatal(ssh, r, "%s: send failure", __func__); |
1712 | } |
1713 | r = 0; |
1714 | out: |
1715 | free(ctype); |
1716 | return r; |
1717 | } |
1718 | |
1719 | static int |
1720 | client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) |
1721 | { |
1722 | Channel *c = NULL((void *)0); |
1723 | char *rtype = NULL((void *)0); |
1724 | u_char reply; |
1725 | u_int id, exitval; |
1726 | int r, success = 0; |
1727 | |
1728 | if ((r = sshpkt_get_u32(ssh, &id)) != 0) |
1729 | return r; |
1730 | if (id <= INT_MAX2147483647) |
1731 | c = channel_lookup(ssh, id); |
1732 | if (channel_proxy_upstream(c, type, seq, ssh)) |
1733 | return 0; |
1734 | if ((r = sshpkt_get_cstring(ssh, &rtype, NULL((void *)0))) != 0 || |
1735 | (r = sshpkt_get_u8(ssh, &reply)) != 0) |
1736 | goto out; |
1737 | |
1738 | debug("client_input_channel_req: channel %u rtype %s reply %d",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1739 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_input_channel_req: channel %u rtype %s reply %d" , id, rtype, reply) |
1739 | id, rtype, reply)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1739 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_input_channel_req: channel %u rtype %s reply %d" , id, rtype, reply); |
1740 | |
1741 | if (c == NULL((void *)0)) { |
1742 | error("client_input_channel_req: channel %d: "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1743 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "client_input_channel_req: channel %d: " "unknown channel", id) |
1743 | "unknown channel", id)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1743 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "client_input_channel_req: channel %d: " "unknown channel", id); |
1744 | } else if (strcmp(rtype, "eow@openssh.com") == 0) { |
1745 | if ((r = sshpkt_get_end(ssh)) != 0) |
1746 | goto out; |
1747 | chan_rcvd_eow(ssh, c); |
1748 | } else if (strcmp(rtype, "exit-status") == 0) { |
1749 | if ((r = sshpkt_get_u32(ssh, &exitval)) != 0) |
1750 | goto out; |
1751 | if (c->ctl_chan != -1) { |
1752 | mux_exit_message(ssh, c, exitval); |
1753 | success = 1; |
1754 | } else if ((int)id == session_ident) { |
1755 | /* Record exit value of local session */ |
1756 | success = 1; |
1757 | exit_status = exitval; |
1758 | } else { |
1759 | /* Probably for a mux channel that has already closed */ |
1760 | debug_f("no sink for exit-status on channel %d",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1761 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "no sink for exit-status on channel %d" , id) |
1761 | id)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1761 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "no sink for exit-status on channel %d" , id); |
1762 | } |
1763 | if ((r = sshpkt_get_end(ssh)) != 0) |
1764 | goto out; |
1765 | } |
1766 | if (reply && c != NULL((void *)0) && !(c->flags & CHAN_CLOSE_SENT0x01)) { |
1767 | if (!c->have_remote_id) |
1768 | fatal_f("channel %d: no remote_id", c->self)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1768, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "channel %d: no remote_id" , c->self); |
1769 | if ((r = sshpkt_start(ssh, success ? |
1770 | SSH2_MSG_CHANNEL_SUCCESS99 : SSH2_MSG_CHANNEL_FAILURE100)) != 0 || |
1771 | (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || |
1772 | (r = sshpkt_send(ssh)) != 0) |
1773 | sshpkt_fatal(ssh, r, "%s: send failure", __func__); |
1774 | } |
1775 | r = 0; |
1776 | out: |
1777 | free(rtype); |
1778 | return r; |
1779 | } |
1780 | |
1781 | struct hostkeys_update_ctx { |
1782 | /* The hostname and (optionally) IP address string for the server */ |
1783 | char *host_str, *ip_str; |
1784 | |
1785 | /* |
1786 | * Keys received from the server and a flag for each indicating |
1787 | * whether they already exist in known_hosts. |
1788 | * keys_match is filled in by hostkeys_find() and later (for new |
1789 | * keys) by client_global_hostkeys_private_confirm(). |
1790 | */ |
1791 | struct sshkey **keys; |
1792 | u_int *keys_match; /* mask of HKF_MATCH_* from hostfile.h */ |
1793 | int *keys_verified; /* flag for new keys verified by server */ |
1794 | size_t nkeys, nnew, nincomplete; /* total, new keys, incomplete match */ |
1795 | |
1796 | /* |
1797 | * Keys that are in known_hosts, but were not present in the update |
1798 | * from the server (i.e. scheduled to be deleted). |
1799 | * Filled in by hostkeys_find(). |
1800 | */ |
1801 | struct sshkey **old_keys; |
1802 | size_t nold; |
1803 | |
1804 | /* Various special cases. */ |
1805 | int complex_hostspec; /* wildcard or manual pattern-list host name */ |
1806 | int ca_available; /* saw CA key for this host */ |
1807 | int old_key_seen; /* saw old key with other name/addr */ |
1808 | int other_name_seen; /* saw key with other name/addr */ |
1809 | }; |
1810 | |
1811 | static void |
1812 | hostkeys_update_ctx_free(struct hostkeys_update_ctx *ctx) |
1813 | { |
1814 | size_t i; |
1815 | |
1816 | if (ctx == NULL((void *)0)) |
1817 | return; |
1818 | for (i = 0; i < ctx->nkeys; i++) |
1819 | sshkey_free(ctx->keys[i]); |
1820 | free(ctx->keys); |
1821 | free(ctx->keys_match); |
1822 | free(ctx->keys_verified); |
1823 | for (i = 0; i < ctx->nold; i++) |
1824 | sshkey_free(ctx->old_keys[i]); |
1825 | free(ctx->old_keys); |
1826 | free(ctx->host_str); |
1827 | free(ctx->ip_str); |
1828 | free(ctx); |
1829 | } |
1830 | |
1831 | /* |
1832 | * Returns non-zero if a known_hosts hostname list is not of a form that |
1833 | * can be handled by UpdateHostkeys. These include wildcard hostnames and |
1834 | * hostnames lists that do not follow the form host[,ip]. |
1835 | */ |
1836 | static int |
1837 | hostspec_is_complex(const char *hosts) |
1838 | { |
1839 | char *cp; |
1840 | |
1841 | /* wildcard */ |
1842 | if (strchr(hosts, '*') != NULL((void *)0) || strchr(hosts, '?') != NULL((void *)0)) |
1843 | return 1; |
1844 | /* single host/ip = ok */ |
1845 | if ((cp = strchr(hosts, ',')) == NULL((void *)0)) |
1846 | return 0; |
1847 | /* more than two entries on the line */ |
1848 | if (strchr(cp + 1, ',') != NULL((void *)0)) |
1849 | return 1; |
1850 | /* XXX maybe parse cp+1 and ensure it is an IP? */ |
1851 | return 0; |
1852 | } |
1853 | |
1854 | /* callback to search for ctx->keys in known_hosts */ |
1855 | static int |
1856 | hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) |
1857 | { |
1858 | struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; |
1859 | size_t i; |
1860 | struct sshkey **tmp; |
1861 | |
1862 | if (l->key == NULL((void *)0)) |
1863 | return 0; |
1864 | if (l->status != HKF_STATUS_MATCHED3) { |
1865 | /* Record if one of the keys appears on a non-matching line */ |
1866 | for (i = 0; i < ctx->nkeys; i++) { |
1867 | if (sshkey_equal(l->key, ctx->keys[i])) { |
1868 | ctx->other_name_seen = 1; |
1869 | debug3_f("found %s key under different "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1872 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found %s key under different " "name/addr at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l-> path, l->linenum) |
1870 | "name/addr at %s:%ld",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1872 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found %s key under different " "name/addr at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l-> path, l->linenum) |
1871 | sshkey_ssh_name(ctx->keys[i]),sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1872 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found %s key under different " "name/addr at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l-> path, l->linenum) |
1872 | l->path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1872 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found %s key under different " "name/addr at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l-> path, l->linenum); |
1873 | return 0; |
1874 | } |
1875 | } |
1876 | return 0; |
1877 | } |
1878 | /* Don't proceed if revocation or CA markers are present */ |
1879 | /* XXX relax this */ |
1880 | if (l->marker != MRK_NONE) { |
1881 | debug3_f("hostkeys file %s:%ld has CA/revocation marker",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1882 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "hostkeys file %s:%ld has CA/revocation marker" , l->path, l->linenum) |
1882 | l->path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1882 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "hostkeys file %s:%ld has CA/revocation marker" , l->path, l->linenum); |
1883 | ctx->complex_hostspec = 1; |
1884 | return 0; |
1885 | } |
1886 | |
1887 | /* If CheckHostIP is enabled, then check for mismatched hostname/addr */ |
1888 | if (ctx->ip_str != NULL((void *)0) && strchr(l->hosts, ',') != NULL((void *)0)) { |
1889 | if ((l->match & HKF_MATCH_HOST(1)) == 0) { |
1890 | /* Record if address matched a different hostname. */ |
1891 | ctx->other_name_seen = 1; |
1892 | debug3_f("found address %s against different hostname "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1893 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found address %s against different hostname " "at %s:%ld", ctx->ip_str, l->path, l->linenum) |
1893 | "at %s:%ld", ctx->ip_str, l->path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1893 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found address %s against different hostname " "at %s:%ld", ctx->ip_str, l->path, l->linenum); |
1894 | return 0; |
1895 | } else if ((l->match & HKF_MATCH_IP(1<<1)) == 0) { |
1896 | /* Record if hostname matched a different address. */ |
1897 | ctx->other_name_seen = 1; |
1898 | debug3_f("found hostname %s against different address "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1899 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found hostname %s against different address " "at %s:%ld", ctx->host_str, l->path, l->linenum) |
1899 | "at %s:%ld", ctx->host_str, l->path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1899 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found hostname %s against different address " "at %s:%ld", ctx->host_str, l->path, l->linenum); |
1900 | } |
1901 | } |
1902 | |
1903 | /* |
1904 | * UpdateHostkeys is skipped for wildcard host names and hostnames |
1905 | * that contain more than two entries (ssh never writes these). |
1906 | */ |
1907 | if (hostspec_is_complex(l->hosts)) { |
1908 | debug3_f("hostkeys file %s:%ld complex host specification",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1909 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "hostkeys file %s:%ld complex host specification" , l->path, l->linenum) |
1909 | l->path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1909 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "hostkeys file %s:%ld complex host specification" , l->path, l->linenum); |
1910 | ctx->complex_hostspec = 1; |
1911 | return 0; |
1912 | } |
1913 | |
1914 | /* Mark off keys we've already seen for this host */ |
1915 | for (i = 0; i < ctx->nkeys; i++) { |
1916 | if (!sshkey_equal(l->key, ctx->keys[i])) |
1917 | continue; |
1918 | debug3_f("found %s key at %s:%ld",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1919 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found %s key at %s:%ld" , sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum ) |
1919 | sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1919 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found %s key at %s:%ld" , sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum ); |
1920 | ctx->keys_match[i] |= l->match; |
1921 | return 0; |
1922 | } |
1923 | /* This line contained a key that not offered by the server */ |
1924 | debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key),sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1925 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "deprecated %s key at %s:%ld" , sshkey_ssh_name(l->key), l->path, l->linenum) |
1925 | l->path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1925 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "deprecated %s key at %s:%ld" , sshkey_ssh_name(l->key), l->path, l->linenum); |
1926 | if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, |
1927 | sizeof(*ctx->old_keys))) == NULL((void *)0)) |
1928 | fatal_f("recallocarray failed nold = %zu", ctx->nold)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 1928, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "recallocarray failed nold = %zu" , ctx->nold); |
1929 | ctx->old_keys = tmp; |
1930 | ctx->old_keys[ctx->nold++] = l->key; |
1931 | l->key = NULL((void *)0); |
1932 | |
1933 | return 0; |
1934 | } |
1935 | |
1936 | /* callback to search for ctx->old_keys in known_hosts under other names */ |
1937 | static int |
1938 | hostkeys_check_old(struct hostkey_foreach_line *l, void *_ctx) |
1939 | { |
1940 | struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; |
1941 | size_t i; |
1942 | int hashed; |
1943 | |
1944 | /* only care about lines that *don't* match the active host spec */ |
1945 | if (l->status == HKF_STATUS_MATCHED3 || l->key == NULL((void *)0)) |
1946 | return 0; |
1947 | |
1948 | hashed = l->match & (HKF_MATCH_HOST_HASHED(1<<2)|HKF_MATCH_IP_HASHED(1<<3)); |
1949 | for (i = 0; i < ctx->nold; i++) { |
1950 | if (!sshkey_equal(l->key, ctx->old_keys[i])) |
1951 | continue; |
1952 | debug3_f("found deprecated %s key at %s:%ld as %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1954 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found deprecated %s key at %s:%ld as %s" , sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum , hashed ? "[HASHED]" : l->hosts) |
1953 | sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1954 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found deprecated %s key at %s:%ld as %s" , sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum , hashed ? "[HASHED]" : l->hosts) |
1954 | hashed ? "[HASHED]" : l->hosts)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1954 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "found deprecated %s key at %s:%ld as %s" , sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum , hashed ? "[HASHED]" : l->hosts); |
1955 | ctx->old_key_seen = 1; |
1956 | break; |
1957 | } |
1958 | return 0; |
1959 | } |
1960 | |
1961 | /* |
1962 | * Check known_hosts files for deprecated keys under other names. Returns 0 |
1963 | * on success or -1 on failure. Updates ctx->old_key_seen if deprecated keys |
1964 | * exist under names other than the active hostname/IP. |
1965 | */ |
1966 | static int |
1967 | check_old_keys_othernames(struct hostkeys_update_ctx *ctx) |
1968 | { |
1969 | size_t i; |
1970 | int r; |
1971 | |
1972 | debug2_f("checking for %zu deprecated keys", ctx->nold)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1972 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "checking for %zu deprecated keys" , ctx->nold); |
1973 | for (i = 0; i < options.num_user_hostfiles; i++) { |
1974 | debug3_f("searching %s for %s / %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1976 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "searching %s for %s / %s" , options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)") |
1975 | options.user_hostfiles[i], ctx->host_str,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1976 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "searching %s for %s / %s" , options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)") |
1976 | ctx->ip_str ? ctx->ip_str : "(none)")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1976 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "searching %s for %s / %s" , options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)"); |
1977 | if ((r = hostkeys_foreach(options.user_hostfiles[i], |
1978 | hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str, |
1979 | HKF_WANT_PARSE_KEY(1<<1), 0)) != 0) { |
1980 | if (r == SSH_ERR_SYSTEM_ERROR-24 && errno(*__errno()) == ENOENT2) { |
1981 | debug_f("hostkeys file %s does not exist",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1982 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist" , options.user_hostfiles[i]) |
1982 | options.user_hostfiles[i])sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1982 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist" , options.user_hostfiles[i]); |
1983 | continue; |
1984 | } |
1985 | error_fr(r, "hostkeys_foreach failed for %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1986 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s" , options.user_hostfiles[i]) |
1986 | options.user_hostfiles[i])sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1986 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s" , options.user_hostfiles[i]); |
1987 | return -1; |
1988 | } |
1989 | } |
1990 | return 0; |
1991 | } |
1992 | |
1993 | static void |
1994 | hostkey_change_preamble(LogLevel loglevel) |
1995 | { |
1996 | do_log2(loglevel, "The server has updated its host keys.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1996 , 0, loglevel, ((void *)0), "The server has updated its host keys." ); |
1997 | do_log2(loglevel, "These changes were verified by the server's "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1998 , 0, loglevel, ((void *)0), "These changes were verified by the server's " "existing trusted key.") |
1998 | "existing trusted key.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 1998 , 0, loglevel, ((void *)0), "These changes were verified by the server's " "existing trusted key."); |
1999 | } |
2000 | |
2001 | static void |
2002 | update_known_hosts(struct hostkeys_update_ctx *ctx) |
2003 | { |
2004 | int r, was_raw = 0, first = 1; |
2005 | int asking = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK2; |
2006 | LogLevel loglevel = asking ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; |
2007 | char *fp, *response; |
2008 | size_t i; |
2009 | struct stat sb; |
2010 | |
2011 | for (i = 0; i < ctx->nkeys; i++) { |
2012 | if (!ctx->keys_verified[i]) |
2013 | continue; |
2014 | if ((fp = sshkey_fingerprint(ctx->keys[i], |
2015 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) |
2016 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2016, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); |
2017 | if (first && asking) |
2018 | hostkey_change_preamble(loglevel); |
2019 | do_log2(loglevel, "Learned new hostkey: %s %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2020 , 0, loglevel, ((void *)0), "Learned new hostkey: %s %s", sshkey_type (ctx->keys[i]), fp) |
2020 | sshkey_type(ctx->keys[i]), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2020 , 0, loglevel, ((void *)0), "Learned new hostkey: %s %s", sshkey_type (ctx->keys[i]), fp); |
2021 | first = 0; |
2022 | free(fp); |
2023 | } |
2024 | for (i = 0; i < ctx->nold; i++) { |
2025 | if ((fp = sshkey_fingerprint(ctx->old_keys[i], |
2026 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) |
2027 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2027, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); |
2028 | if (first && asking) |
2029 | hostkey_change_preamble(loglevel); |
2030 | do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2031 , 0, loglevel, ((void *)0), "Deprecating obsolete hostkey: %s %s" , sshkey_type(ctx->old_keys[i]), fp) |
2031 | sshkey_type(ctx->old_keys[i]), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2031 , 0, loglevel, ((void *)0), "Deprecating obsolete hostkey: %s %s" , sshkey_type(ctx->old_keys[i]), fp); |
2032 | first = 0; |
2033 | free(fp); |
2034 | } |
2035 | if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK2) { |
2036 | if (get_saved_tio() != NULL((void *)0)) { |
2037 | leave_raw_mode(1); |
2038 | was_raw = 1; |
2039 | } |
2040 | response = NULL((void *)0); |
2041 | for (i = 0; !quit_pending && i < 3; i++) { |
2042 | free(response); |
2043 | response = read_passphrase("Accept updated hostkeys? " |
2044 | "(yes/no): ", RP_ECHO0x0001); |
2045 | if (strcasecmp(response, "yes") == 0) |
2046 | break; |
2047 | else if (quit_pending || response == NULL((void *)0) || |
2048 | strcasecmp(response, "no") == 0) { |
2049 | options.update_hostkeys = 0; |
2050 | break; |
2051 | } else { |
2052 | do_log2(loglevel, "Please enter "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2053 , 0, loglevel, ((void *)0), "Please enter " "\"yes\" or \"no\"" ) |
2053 | "\"yes\" or \"no\"")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2053 , 0, loglevel, ((void *)0), "Please enter " "\"yes\" or \"no\"" ); |
2054 | } |
2055 | } |
2056 | if (quit_pending || i >= 3 || response == NULL((void *)0)) |
2057 | options.update_hostkeys = 0; |
2058 | free(response); |
2059 | if (was_raw) |
2060 | enter_raw_mode(1); |
2061 | } |
2062 | if (options.update_hostkeys == 0) |
2063 | return; |
2064 | /* |
2065 | * Now that all the keys are verified, we can go ahead and replace |
2066 | * them in known_hosts (assuming SSH_UPDATE_HOSTKEYS_ASK didn't |
2067 | * cancel the operation). |
2068 | */ |
2069 | for (i = 0; i < options.num_user_hostfiles; i++) { |
2070 | /* |
2071 | * NB. keys are only added to hostfiles[0], for the rest we |
2072 | * just delete the hostname entries. |
2073 | */ |
2074 | if (stat(options.user_hostfiles[i], &sb) != 0) { |
2075 | if (errno(*__errno()) == ENOENT2) { |
2076 | debug_f("known hosts file %s does not "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2077 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "known hosts file %s does not " "exist", options.user_hostfiles[i]) |
2077 | "exist", options.user_hostfiles[i])sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2077 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "known hosts file %s does not " "exist", options.user_hostfiles[i]); |
2078 | } else { |
2079 | error_f("known hosts file %s "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2081 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "known hosts file %s " "inaccessible: %s" , options.user_hostfiles[i], strerror((*__errno()))) |
2080 | "inaccessible: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2081 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "known hosts file %s " "inaccessible: %s" , options.user_hostfiles[i], strerror((*__errno()))) |
2081 | options.user_hostfiles[i], strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2081 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "known hosts file %s " "inaccessible: %s" , options.user_hostfiles[i], strerror((*__errno()))); |
2082 | } |
2083 | continue; |
2084 | } |
2085 | if ((r = hostfile_replace_entries(options.user_hostfiles[i], |
2086 | ctx->host_str, ctx->ip_str, |
2087 | i == 0 ? ctx->keys : NULL((void *)0), i == 0 ? ctx->nkeys : 0, |
2088 | options.hash_known_hosts, 0, |
2089 | options.fingerprint_hash)) != 0) { |
2090 | error_fr(r, "hostfile_replace_entries failed for %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2091 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostfile_replace_entries failed for %s" , options.user_hostfiles[i]) |
2091 | options.user_hostfiles[i])sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2091 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostfile_replace_entries failed for %s" , options.user_hostfiles[i]); |
2092 | } |
2093 | } |
2094 | } |
2095 | |
2096 | static void |
2097 | client_global_hostkeys_private_confirm(struct ssh *ssh, int type, |
2098 | u_int32_t seq, void *_ctx) |
2099 | { |
2100 | struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; |
2101 | size_t i, ndone; |
2102 | struct sshbuf *signdata; |
2103 | int r, plaintype; |
2104 | const u_char *sig; |
2105 | const char *rsa_kexalg = NULL((void *)0); |
2106 | char *alg = NULL((void *)0); |
2107 | size_t siglen; |
2108 | |
2109 | if (ctx->nnew == 0) |
2110 | fatal_f("ctx->nnew == 0")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2110, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "ctx->nnew == 0" ); /* sanity */ |
2111 | if (type != SSH2_MSG_REQUEST_SUCCESS81) { |
2112 | error("Server failed to confirm ownership of "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2113 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Server failed to confirm ownership of " "private host keys") |
2113 | "private host keys")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2113 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Server failed to confirm ownership of " "private host keys"); |
2114 | hostkeys_update_ctx_free(ctx); |
2115 | return; |
2116 | } |
2117 | if (sshkey_type_plain(sshkey_type_from_name( |
2118 | ssh->kex->hostkey_alg)) == KEY_RSA) |
2119 | rsa_kexalg = ssh->kex->hostkey_alg; |
2120 | if ((signdata = sshbuf_new()) == NULL((void *)0)) |
2121 | fatal_f("sshbuf_new failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2121, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshbuf_new failed" ); |
2122 | /* |
2123 | * Expect a signature for each of the ctx->nnew private keys we |
2124 | * haven't seen before. They will be in the same order as the |
2125 | * ctx->keys where the corresponding ctx->keys_match[i] == 0. |
2126 | */ |
2127 | for (ndone = i = 0; i < ctx->nkeys; i++) { |
2128 | if (ctx->keys_match[i]) |
2129 | continue; |
2130 | plaintype = sshkey_type_plain(ctx->keys[i]->type); |
2131 | /* Prepare data to be signed: session ID, unique string, key */ |
2132 | sshbuf_reset(signdata); |
2133 | if ( (r = sshbuf_put_cstring(signdata, |
2134 | "hostkeys-prove-00@openssh.com")) != 0 || |
2135 | (r = sshbuf_put_stringb(signdata, |
2136 | ssh->kex->session_id)) != 0 || |
2137 | (r = sshkey_puts(ctx->keys[i], signdata)) != 0) |
2138 | fatal_fr(r, "compose signdata")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2138, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "compose signdata" ); |
2139 | /* Extract and verify signature */ |
2140 | if ((r = sshpkt_get_string_direct(ssh, &sig, &siglen)) != 0) { |
2141 | error_fr(r, "parse sig")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2141 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "parse sig"); |
2142 | goto out; |
2143 | } |
2144 | if ((r = sshkey_get_sigtype(sig, siglen, &alg)) != 0) { |
2145 | error_fr(r, "server gave unintelligible signature "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2146 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "server gave unintelligible signature " "for %s key %zu", sshkey_type(ctx->keys[i]), i) |
2146 | "for %s key %zu", sshkey_type(ctx->keys[i]), i)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2146 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "server gave unintelligible signature " "for %s key %zu", sshkey_type(ctx->keys[i]), i); |
2147 | goto out; |
2148 | } |
2149 | /* |
2150 | * Special case for RSA keys: if a RSA hostkey was negotiated, |
2151 | * then use its signature type for verification of RSA hostkey |
2152 | * proofs. Otherwise, accept only RSA-SHA256/512 signatures. |
2153 | */ |
2154 | if (plaintype == KEY_RSA && rsa_kexalg == NULL((void *)0) && |
2155 | match_pattern_list(alg, HOSTKEY_PROOF_RSA_ALGS"rsa-sha2-512,rsa-sha2-256", 0) != 1) { |
2156 | debug_f("server used untrusted RSA signature algorithm "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2157 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "server used untrusted RSA signature algorithm " "%s for key %zu, disregarding", alg, i) |
2157 | "%s for key %zu, disregarding", alg, i)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2157 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "server used untrusted RSA signature algorithm " "%s for key %zu, disregarding", alg, i); |
2158 | free(alg); |
2159 | /* zap the key from the list */ |
2160 | sshkey_free(ctx->keys[i]); |
2161 | ctx->keys[i] = NULL((void *)0); |
2162 | ndone++; |
2163 | continue; |
2164 | } |
2165 | debug3_f("verify %s key %zu using sigalg %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2166 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "verify %s key %zu using sigalg %s" , sshkey_type(ctx->keys[i]), i, alg) |
2166 | sshkey_type(ctx->keys[i]), i, alg)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2166 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "verify %s key %zu using sigalg %s" , sshkey_type(ctx->keys[i]), i, alg); |
2167 | free(alg); |
2168 | if ((r = sshkey_verify(ctx->keys[i], sig, siglen, |
2169 | sshbuf_ptr(signdata), sshbuf_len(signdata), |
2170 | plaintype == KEY_RSA ? rsa_kexalg : NULL((void *)0), 0, NULL((void *)0))) != 0) { |
2171 | error_fr(r, "server gave bad signature for %s key %zu",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2172 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "server gave bad signature for %s key %zu" , sshkey_type(ctx->keys[i]), i) |
2172 | sshkey_type(ctx->keys[i]), i)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2172 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "server gave bad signature for %s key %zu" , sshkey_type(ctx->keys[i]), i); |
2173 | goto out; |
2174 | } |
2175 | /* Key is good. Mark it as 'seen' */ |
2176 | ctx->keys_verified[i] = 1; |
2177 | ndone++; |
2178 | } |
2179 | /* Shouldn't happen */ |
2180 | if (ndone != ctx->nnew) |
2181 | fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2181, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "ndone != ctx->nnew (%zu / %zu)" , ndone, ctx->nnew); |
2182 | if ((r = sshpkt_get_end(ssh)) != 0) { |
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r' | |
2183 | error_f("protocol error")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2183 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "protocol error"); |
2184 | goto out; |
2185 | } |
2186 | |
2187 | /* Make the edits to known_hosts */ |
2188 | update_known_hosts(ctx); |
2189 | out: |
2190 | hostkeys_update_ctx_free(ctx); |
2191 | } |
2192 | |
2193 | /* |
2194 | * Returns non-zero if the key is accepted by HostkeyAlgorithms. |
2195 | * Made slightly less trivial by the multiple RSA signature algorithm names. |
2196 | */ |
2197 | static int |
2198 | key_accepted_by_hostkeyalgs(const struct sshkey *key) |
2199 | { |
2200 | const char *ktype = sshkey_ssh_name(key); |
2201 | const char *hostkeyalgs = options.hostkeyalgorithms; |
2202 | |
2203 | if (key == NULL((void *)0) || key->type == KEY_UNSPEC) |
2204 | return 0; |
2205 | if (key->type == KEY_RSA && |
2206 | (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || |
2207 | match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) |
2208 | return 1; |
2209 | return match_pattern_list(ktype, hostkeyalgs, 0) == 1; |
2210 | } |
2211 | |
2212 | /* |
2213 | * Handle hostkeys-00@openssh.com global request to inform the client of all |
2214 | * the server's hostkeys. The keys are checked against the user's |
2215 | * HostkeyAlgorithms preference before they are accepted. |
2216 | */ |
2217 | static int |
2218 | client_input_hostkeys(struct ssh *ssh) |
2219 | { |
2220 | const u_char *blob = NULL((void *)0); |
2221 | size_t i, len = 0; |
2222 | struct sshbuf *buf = NULL((void *)0); |
2223 | struct sshkey *key = NULL((void *)0), **tmp; |
2224 | int r; |
2225 | char *fp; |
2226 | static int hostkeys_seen = 0; /* XXX use struct ssh */ |
2227 | extern struct sockaddr_storage hostaddr; /* XXX from ssh.c */ |
2228 | struct hostkeys_update_ctx *ctx = NULL((void *)0); |
2229 | u_int want; |
2230 | |
2231 | if (hostkeys_seen) |
2232 | fatal_f("server already sent hostkeys")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2232, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "server already sent hostkeys" ); |
2233 | if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK2 && |
2234 | options.batch_mode) |
2235 | return 1; /* won't ask in batchmode, so don't even try */ |
2236 | if (!options.update_hostkeys || options.num_user_hostfiles <= 0) |
2237 | return 1; |
2238 | |
2239 | ctx = xcalloc(1, sizeof(*ctx)); |
2240 | while (ssh_packet_remaining(ssh) > 0) { |
2241 | sshkey_free(key); |
2242 | key = NULL((void *)0); |
2243 | if ((r = sshpkt_get_string_direct(ssh, &blob, &len)) != 0) { |
2244 | error_fr(r, "parse key")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2244 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "parse key"); |
2245 | goto out; |
2246 | } |
2247 | if ((r = sshkey_from_blob(blob, len, &key)) != 0) { |
2248 | do_log2_fr(r, r == SSH_ERR_KEY_TYPE_UNKNOWN ?sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2250 , 1, r == -14 ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR, ssh_err (r), "convert key") |
2249 | SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2250 , 1, r == -14 ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR, ssh_err (r), "convert key") |
2250 | "convert key")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2250 , 1, r == -14 ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR, ssh_err (r), "convert key"); |
2251 | continue; |
2252 | } |
2253 | fp = sshkey_fingerprint(key, options.fingerprint_hash, |
2254 | SSH_FP_DEFAULT); |
2255 | debug3_f("received %s key %s", sshkey_type(key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2255 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "received %s key %s", sshkey_type (key), fp); |
2256 | free(fp); |
2257 | |
2258 | if (!key_accepted_by_hostkeyalgs(key)) { |
2259 | debug3_f("%s key not permitted by "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2260 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s key not permitted by " "HostkeyAlgorithms", sshkey_ssh_name(key)) |
2260 | "HostkeyAlgorithms", sshkey_ssh_name(key))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2260 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s key not permitted by " "HostkeyAlgorithms", sshkey_ssh_name(key)); |
2261 | continue; |
2262 | } |
2263 | /* Skip certs */ |
2264 | if (sshkey_is_cert(key)) { |
2265 | debug3_f("%s key is a certificate; skipping",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2266 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s key is a certificate; skipping" , sshkey_ssh_name(key)) |
2266 | sshkey_ssh_name(key))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2266 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s key is a certificate; skipping" , sshkey_ssh_name(key)); |
2267 | continue; |
2268 | } |
2269 | /* Ensure keys are unique */ |
2270 | for (i = 0; i < ctx->nkeys; i++) { |
2271 | if (sshkey_equal(key, ctx->keys[i])) { |
2272 | error_f("received duplicated %s host key",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2273 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "received duplicated %s host key" , sshkey_ssh_name(key)) |
2273 | sshkey_ssh_name(key))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2273 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "received duplicated %s host key" , sshkey_ssh_name(key)); |
2274 | goto out; |
2275 | } |
2276 | } |
2277 | /* Key is good, record it */ |
2278 | if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, |
2279 | sizeof(*ctx->keys))) == NULL((void *)0)) |
2280 | fatal_f("recallocarray failed nkeys = %zu",sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2281, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "recallocarray failed nkeys = %zu" , ctx->nkeys) |
2281 | ctx->nkeys)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2281, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "recallocarray failed nkeys = %zu" , ctx->nkeys); |
2282 | ctx->keys = tmp; |
2283 | ctx->keys[ctx->nkeys++] = key; |
2284 | key = NULL((void *)0); |
2285 | } |
2286 | |
2287 | if (ctx->nkeys == 0) { |
2288 | debug_f("server sent no hostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2288 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "server sent no hostkeys" ); |
2289 | goto out; |
2290 | } |
2291 | |
2292 | if ((ctx->keys_match = calloc(ctx->nkeys, |
2293 | sizeof(*ctx->keys_match))) == NULL((void *)0) || |
2294 | (ctx->keys_verified = calloc(ctx->nkeys, |
2295 | sizeof(*ctx->keys_verified))) == NULL((void *)0)) |
2296 | fatal_f("calloc failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2296, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "calloc failed"); |
2297 | |
2298 | get_hostfile_hostname_ipaddr(host, |
2299 | options.check_host_ip ? (struct sockaddr *)&hostaddr : NULL((void *)0), |
2300 | options.port, &ctx->host_str, |
2301 | options.check_host_ip ? &ctx->ip_str : NULL((void *)0)); |
2302 | |
2303 | /* Find which keys we already know about. */ |
2304 | for (i = 0; i < options.num_user_hostfiles; i++) { |
2305 | debug_f("searching %s for %s / %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2307 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "searching %s for %s / %s" , options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)") |
2306 | options.user_hostfiles[i], ctx->host_str,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2307 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "searching %s for %s / %s" , options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)") |
2307 | ctx->ip_str ? ctx->ip_str : "(none)")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2307 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "searching %s for %s / %s" , options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)"); |
2308 | if ((r = hostkeys_foreach(options.user_hostfiles[i], |
2309 | hostkeys_find, ctx, ctx->host_str, ctx->ip_str, |
2310 | HKF_WANT_PARSE_KEY(1<<1), 0)) != 0) { |
2311 | if (r == SSH_ERR_SYSTEM_ERROR-24 && errno(*__errno()) == ENOENT2) { |
2312 | debug_f("hostkeys file %s does not exist",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2313 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist" , options.user_hostfiles[i]) |
2313 | options.user_hostfiles[i])sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2313 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist" , options.user_hostfiles[i]); |
2314 | continue; |
2315 | } |
2316 | error_fr(r, "hostkeys_foreach failed for %s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2317 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s" , options.user_hostfiles[i]) |
2317 | options.user_hostfiles[i])sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2317 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s" , options.user_hostfiles[i]); |
2318 | goto out; |
2319 | } |
2320 | } |
2321 | |
2322 | /* Figure out if we have any new keys to add */ |
2323 | ctx->nnew = ctx->nincomplete = 0; |
2324 | want = HKF_MATCH_HOST(1) | ( options.check_host_ip ? HKF_MATCH_IP(1<<1) : 0); |
2325 | for (i = 0; i < ctx->nkeys; i++) { |
2326 | if (ctx->keys_match[i] == 0) |
2327 | ctx->nnew++; |
2328 | if ((ctx->keys_match[i] & want) != want) |
2329 | ctx->nincomplete++; |
2330 | } |
2331 | |
2332 | debug3_f("%zu server keys: %zu new, %zu retained, "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2335 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%zu server keys: %zu new, %zu retained, " "%zu incomplete match. %zu to remove", ctx->nkeys, ctx-> nnew, ctx->nkeys - ctx->nnew - ctx->nincomplete, ctx ->nincomplete, ctx->nold) |
2333 | "%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2335 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%zu server keys: %zu new, %zu retained, " "%zu incomplete match. %zu to remove", ctx->nkeys, ctx-> nnew, ctx->nkeys - ctx->nnew - ctx->nincomplete, ctx ->nincomplete, ctx->nold) |
2334 | ctx->nkeys - ctx->nnew - ctx->nincomplete,sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2335 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%zu server keys: %zu new, %zu retained, " "%zu incomplete match. %zu to remove", ctx->nkeys, ctx-> nnew, ctx->nkeys - ctx->nnew - ctx->nincomplete, ctx ->nincomplete, ctx->nold) |
2335 | ctx->nincomplete, ctx->nold)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2335 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%zu server keys: %zu new, %zu retained, " "%zu incomplete match. %zu to remove", ctx->nkeys, ctx-> nnew, ctx->nkeys - ctx->nnew - ctx->nincomplete, ctx ->nincomplete, ctx->nold); |
2336 | |
2337 | if (ctx->nnew == 0 && ctx->nold == 0) { |
2338 | debug_f("no new or deprecated keys from server")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2338 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "no new or deprecated keys from server" ); |
2339 | goto out; |
2340 | } |
2341 | |
2342 | /* Various reasons why we cannot proceed with the update */ |
2343 | if (ctx->complex_hostspec) { |
2344 | debug_f("CA/revocation marker, manual host list or wildcard "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2345 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "CA/revocation marker, manual host list or wildcard " "host pattern found, skipping UserKnownHostsFile update") |
2345 | "host pattern found, skipping UserKnownHostsFile update")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2345 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "CA/revocation marker, manual host list or wildcard " "host pattern found, skipping UserKnownHostsFile update"); |
2346 | goto out; |
2347 | } |
2348 | if (ctx->other_name_seen) { |
2349 | debug_f("host key found matching a different name/address, "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2350 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "host key found matching a different name/address, " "skipping UserKnownHostsFile update") |
2350 | "skipping UserKnownHostsFile update")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2350 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "host key found matching a different name/address, " "skipping UserKnownHostsFile update"); |
2351 | goto out; |
2352 | } |
2353 | /* |
2354 | * If removing keys, check whether they appear under different |
2355 | * names/addresses and refuse to proceed if they do. This avoids |
2356 | * cases such as hosts with multiple names becoming inconsistent |
2357 | * with regards to CheckHostIP entries. |
2358 | * XXX UpdateHostkeys=force to override this (and other) checks? |
2359 | */ |
2360 | if (ctx->nold != 0) { |
2361 | if (check_old_keys_othernames(ctx) != 0) |
2362 | goto out; /* error already logged */ |
2363 | if (ctx->old_key_seen) { |
2364 | debug_f("key(s) for %s%s%s exist under other names; "sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2367 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "key(s) for %s%s%s exist under other names; " "skipping UserKnownHostsFile update", ctx->host_str, ctx-> ip_str == ((void *)0) ? "" : ",", ctx->ip_str == ((void *) 0) ? "" : ctx->ip_str) |
2365 | "skipping UserKnownHostsFile update",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2367 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "key(s) for %s%s%s exist under other names; " "skipping UserKnownHostsFile update", ctx->host_str, ctx-> ip_str == ((void *)0) ? "" : ",", ctx->ip_str == ((void *) 0) ? "" : ctx->ip_str) |
2366 | ctx->host_str, ctx->ip_str == NULL ? "" : ",",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2367 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "key(s) for %s%s%s exist under other names; " "skipping UserKnownHostsFile update", ctx->host_str, ctx-> ip_str == ((void *)0) ? "" : ",", ctx->ip_str == ((void *) 0) ? "" : ctx->ip_str) |
2367 | ctx->ip_str == NULL ? "" : ctx->ip_str)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2367 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "key(s) for %s%s%s exist under other names; " "skipping UserKnownHostsFile update", ctx->host_str, ctx-> ip_str == ((void *)0) ? "" : ",", ctx->ip_str == ((void *) 0) ? "" : ctx->ip_str); |
2368 | goto out; |
2369 | } |
2370 | } |
2371 | |
2372 | if (ctx->nnew == 0) { |
2373 | /* |
2374 | * We have some keys to remove or fix matching for. |
2375 | * We can proceed to do this without requiring a fresh proof |
2376 | * from the server. |
2377 | */ |
2378 | update_known_hosts(ctx); |
2379 | goto out; |
2380 | } |
2381 | /* |
2382 | * We have received previously-unseen keys from the server. |
2383 | * Ask the server to confirm ownership of the private halves. |
2384 | */ |
2385 | debug3_f("asking server to prove ownership for %zu keys", ctx->nnew)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2385 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "asking server to prove ownership for %zu keys" , ctx->nnew); |
2386 | if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST80)) != 0 || |
2387 | (r = sshpkt_put_cstring(ssh, |
2388 | "hostkeys-prove-00@openssh.com")) != 0 || |
2389 | (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */ |
2390 | fatal_fr(r, "prepare hostkeys-prove")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2390, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "prepare hostkeys-prove" ); |
2391 | if ((buf = sshbuf_new()) == NULL((void *)0)) |
2392 | fatal_f("sshbuf_new")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2392, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshbuf_new"); |
2393 | for (i = 0; i < ctx->nkeys; i++) { |
2394 | if (ctx->keys_match[i]) |
2395 | continue; |
2396 | sshbuf_reset(buf); |
2397 | if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 || |
2398 | (r = sshpkt_put_stringb(ssh, buf)) != 0) |
2399 | fatal_fr(r, "assemble hostkeys-prove")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2399, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "assemble hostkeys-prove" ); |
2400 | } |
2401 | if ((r = sshpkt_send(ssh)) != 0) |
2402 | fatal_fr(r, "send hostkeys-prove")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2402, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send hostkeys-prove" ); |
2403 | client_register_global_confirm( |
2404 | client_global_hostkeys_private_confirm, ctx); |
2405 | ctx = NULL((void *)0); /* will be freed in callback */ |
2406 | |
2407 | /* Success */ |
2408 | out: |
2409 | hostkeys_update_ctx_free(ctx); |
2410 | sshkey_free(key); |
2411 | sshbuf_free(buf); |
2412 | /* |
2413 | * NB. Return success for all cases. The server doesn't need to know |
2414 | * what the client does with its hosts file. |
2415 | */ |
2416 | return 1; |
2417 | } |
2418 | |
2419 | static int |
2420 | client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) |
2421 | { |
2422 | char *rtype; |
2423 | u_char want_reply; |
2424 | int r, success = 0; |
2425 | |
2426 | if ((r = sshpkt_get_cstring(ssh, &rtype, NULL((void *)0))) != 0 || |
2427 | (r = sshpkt_get_u8(ssh, &want_reply)) != 0) |
2428 | goto out; |
2429 | debug("client_input_global_request: rtype %s want_reply %d",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2430 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_input_global_request: rtype %s want_reply %d" , rtype, want_reply) |
2430 | rtype, want_reply)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2430 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "client_input_global_request: rtype %s want_reply %d" , rtype, want_reply); |
2431 | if (strcmp(rtype, "hostkeys-00@openssh.com") == 0) |
2432 | success = client_input_hostkeys(ssh); |
2433 | if (want_reply) { |
2434 | if ((r = sshpkt_start(ssh, success ? SSH2_MSG_REQUEST_SUCCESS81 : |
2435 | SSH2_MSG_REQUEST_FAILURE82)) != 0 || |
2436 | (r = sshpkt_send(ssh)) != 0 || |
2437 | (r = ssh_packet_write_wait(ssh)) != 0) |
2438 | goto out; |
2439 | } |
2440 | r = 0; |
2441 | out: |
2442 | free(rtype); |
2443 | return r; |
2444 | } |
2445 | |
2446 | static void |
2447 | client_send_env(struct ssh *ssh, int id, const char *name, const char *val) |
2448 | { |
2449 | int r; |
2450 | |
2451 | debug("channel %d: setting env %s = \"%s\"", id, name, val)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2451 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "channel %d: setting env %s = \"%s\"" , id, name, val); |
2452 | channel_request_start(ssh, id, "env", 0); |
2453 | if ((r = sshpkt_put_cstring(ssh, name)) != 0 || |
2454 | (r = sshpkt_put_cstring(ssh, val)) != 0 || |
2455 | (r = sshpkt_send(ssh)) != 0) |
2456 | fatal_fr(r, "send setenv")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2456, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send setenv"); |
2457 | } |
2458 | |
2459 | void |
2460 | client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, |
2461 | const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, |
2462 | char **env) |
2463 | { |
2464 | int i, j, matched, len, r; |
2465 | char *name, *val; |
2466 | Channel *c = NULL((void *)0); |
2467 | |
2468 | debug2_f("id %d", id)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2468 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "id %d", id); |
2469 | |
2470 | if ((c = channel_lookup(ssh, id)) == NULL((void *)0)) |
2471 | fatal_f("channel %d: unknown channel", id)sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2471, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "channel %d: unknown channel" , id); |
2472 | |
2473 | ssh_packet_set_interactive(ssh, want_tty, |
2474 | options.ip_qos_interactive, options.ip_qos_bulk); |
2475 | |
2476 | if (want_tty) { |
2477 | struct winsize ws; |
2478 | |
2479 | /* Store window size in the packet. */ |
2480 | if (ioctl(in_fd, TIOCGWINSZ((unsigned long)0x40000000 | ((sizeof(struct winsize) & 0x1fff ) << 16) | ((('t')) << 8) | ((104))), &ws) == -1) |
2481 | memset(&ws, 0, sizeof(ws)); |
2482 | |
2483 | channel_request_start(ssh, id, "pty-req", 1); |
2484 | client_expect_confirm(ssh, id, "PTY allocation", CONFIRM_TTY); |
2485 | if ((r = sshpkt_put_cstring(ssh, term != NULL((void *)0) ? term : "")) |
2486 | != 0 || |
2487 | (r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || |
2488 | (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 || |
2489 | (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 || |
2490 | (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0) |
2491 | fatal_fr(r, "build pty-req")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2491, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "build pty-req"); |
2492 | if (tiop == NULL((void *)0)) |
2493 | tiop = get_saved_tio(); |
2494 | ssh_tty_make_modes(ssh, -1, tiop); |
2495 | if ((r = sshpkt_send(ssh)) != 0) |
2496 | fatal_fr(r, "send pty-req")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2496, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send pty-req"); |
2497 | /* XXX wait for reply */ |
2498 | c->client_tty = 1; |
2499 | } |
2500 | |
2501 | /* Transfer any environment variables from client to server */ |
2502 | if (options.num_send_env != 0 && env != NULL((void *)0)) { |
2503 | debug("Sending environment.")sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2503 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Sending environment." ); |
2504 | for (i = 0; env[i] != NULL((void *)0); i++) { |
2505 | /* Split */ |
2506 | name = xstrdup(env[i]); |
2507 | if ((val = strchr(name, '=')) == NULL((void *)0)) { |
2508 | free(name); |
2509 | continue; |
2510 | } |
2511 | *val++ = '\0'; |
2512 | |
2513 | matched = 0; |
2514 | for (j = 0; j < options.num_send_env; j++) { |
2515 | if (match_pattern(name, options.send_env[j])) { |
2516 | matched = 1; |
2517 | break; |
2518 | } |
2519 | } |
2520 | if (!matched) { |
2521 | debug3("Ignored env %s", name)sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2521 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "Ignored env %s", name ); |
2522 | free(name); |
2523 | continue; |
2524 | } |
2525 | client_send_env(ssh, id, name, val); |
2526 | free(name); |
2527 | } |
2528 | } |
2529 | for (i = 0; i < options.num_setenv; i++) { |
2530 | /* Split */ |
2531 | name = xstrdup(options.setenv[i]); |
2532 | if ((val = strchr(name, '=')) == NULL((void *)0)) { |
2533 | free(name); |
2534 | continue; |
2535 | } |
2536 | *val++ = '\0'; |
2537 | client_send_env(ssh, id, name, val); |
2538 | free(name); |
2539 | } |
2540 | |
2541 | len = sshbuf_len(cmd); |
2542 | if (len > 0) { |
2543 | if (len > 900) |
2544 | len = 900; |
2545 | if (want_subsystem) { |
2546 | debug("Sending subsystem: %.*s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2547 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Sending subsystem: %.*s" , len, (const u_char*)sshbuf_ptr(cmd)) |
2547 | len, (const u_char*)sshbuf_ptr(cmd))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2547 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Sending subsystem: %.*s" , len, (const u_char*)sshbuf_ptr(cmd)); |
2548 | channel_request_start(ssh, id, "subsystem", 1); |
2549 | client_expect_confirm(ssh, id, "subsystem", |
2550 | CONFIRM_CLOSE); |
2551 | } else { |
2552 | debug("Sending command: %.*s",sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2553 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Sending command: %.*s" , len, (const u_char*)sshbuf_ptr(cmd)) |
2553 | len, (const u_char*)sshbuf_ptr(cmd))sshlog("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__, 2553 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Sending command: %.*s" , len, (const u_char*)sshbuf_ptr(cmd)); |
2554 | channel_request_start(ssh, id, "exec", 1); |
2555 | client_expect_confirm(ssh, id, "exec", CONFIRM_CLOSE); |
2556 | } |
2557 | if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 || |
2558 | (r = sshpkt_send(ssh)) != 0) |
2559 | fatal_fr(r, "send command")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2559, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send command"); |
2560 | } else { |
2561 | channel_request_start(ssh, id, "shell", 1); |
2562 | client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE); |
2563 | if ((r = sshpkt_send(ssh)) != 0) |
2564 | fatal_fr(r, "send shell")sshfatal("/usr/src/usr.bin/ssh/ssh/../clientloop.c", __func__ , 2564, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send shell"); |
2565 | } |
2566 | } |
2567 | |
2568 | static void |
2569 | client_init_dispatch(struct ssh *ssh) |
2570 | { |
2571 | ssh_dispatch_init(ssh, &dispatch_protocol_error); |
2572 | |
2573 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE97, &channel_input_oclose); |
2574 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA94, &channel_input_data); |
2575 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF96, &channel_input_ieof); |
2576 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA95, &channel_input_extended_data); |
2577 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN90, &client_input_channel_open); |
2578 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION91, &channel_input_open_confirmation); |
2579 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE92, &channel_input_open_failure); |
2580 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST98, &client_input_channel_req); |
2581 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST93, &channel_input_window_adjust); |
2582 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS99, &channel_input_status_confirm); |
2583 | ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE100, &channel_input_status_confirm); |
2584 | ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST80, &client_input_global_request); |
2585 | |
2586 | /* rekeying */ |
2587 | ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT20, &kex_input_kexinit); |
2588 | |
2589 | /* global request reply messages */ |
2590 | ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE82, &client_global_request_reply); |
2591 | ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS81, &client_global_request_reply); |
2592 | } |
2593 | |
2594 | void |
2595 | client_stop_mux(void) |
2596 | { |
2597 | if (options.control_path != NULL((void *)0) && muxserver_sock != -1) |
2598 | unlink(options.control_path); |
2599 | /* |
2600 | * If we are in persist mode, or don't have a shell, signal that we |
2601 | * should close when all active channels are closed. |
2602 | */ |
2603 | if (options.control_persist || options.session_type == SESSION_TYPE_NONE0) { |
2604 | session_closed = 1; |
2605 | setproctitle("[stopped mux]"); |
2606 | } |
2607 | } |
2608 | |
2609 | /* client specific fatal cleanup */ |
2610 | void |
2611 | cleanup_exit(int i) |
2612 | { |
2613 | leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE3); |
2614 | if (options.control_path != NULL((void *)0) && muxserver_sock != -1) |
2615 | unlink(options.control_path); |
2616 | ssh_kill_proxy_command(); |
2617 | _exit(i); |
2618 | } |