Lines Matching +full:forward +full:- +full:channel
92 #include "openbsd-compat/sys-queue.h"
119 #define HOSTKEY_PROOF_RSA_ALGS "rsa-sha2-512,rsa-sha2-256"
132 * command line, or the Hostname specified for the user-supplied name in a
156 volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
161 static int need_rekeying; /* Set to non-zero if rekeying is requested. */
169 int session_ident = -1;
171 /* Track escape per proto2 channel */
177 /* Context for channel confirmation replies */
247 if (muxserver_sock == -1 || !options.control_persist in set_control_persist_exit_time()
266 #define SSH_X11_VALID_DISPLAY_CHARS ":/.-_"
286 #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
309 return -1; in client_x11_get_proto()
311 if (xauth_path != NULL && stat(xauth_path, &st) == -1) { in client_x11_get_proto()
329 return -1; in client_x11_get_proto()
338 * ssh's willingness to forward X11 connections to in client_x11_get_proto()
339 * avoid nasty fail-open behaviour in the X server. in client_x11_get_proto()
344 return -1; in client_x11_get_proto()
352 return -1; in client_x11_get_proto()
357 xasprintf(&cmd, "%s -f %s generate %s %s " in client_x11_get_proto()
363 if (timeout < UINT_MAX - X11_TIMEOUT_SLACK) in client_x11_get_proto()
370 xasprintf(&cmd, "%s -f %s generate %s %s " in client_x11_get_proto()
380 if (SSH_TIME_T_MAX - timeout < now) in client_x11_get_proto()
401 generated ? "-f " : "" , in client_x11_get_proto()
424 return -1; in client_x11_get_proto()
444 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", in client_x11_get_proto()
476 if (gc->cb != NULL) in client_global_request_reply()
477 gc->cb(ssh, type, seq, gc->ctx); in client_global_request_reply()
478 if (--gc->ref_count <= 0) { in client_global_request_reply()
519 if (ssh->kex == NULL || (ssh->kex->flags & KEX_HAS_PING) == 0) in send_chaff()
524 * 4 bytes channel ID + 4 bytes string length + 1 byte string data in send_chaff()
556 * interval-to-interval time unpredictable. in set_next_interval()
562 interval_ns -= fuzz_ns; in set_next_interval()
572 * Performs keystroke timing obfuscation. Returns non-zero if the
631 * fixed time intervals to hide inter-keystroke timing. in obfuscate_keystroke_timing()
668 n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000; in obfuscate_keystroke_timing()
669 n += now.tv_nsec - next_interval.tv_nsec; in obfuscate_keystroke_timing()
694 /* Prepare channel poll. First two pollfd entries are reserved */ in client_wait_until_can_do_something()
700 /* channel_prepare_poll could have closed the last channel */ in client_wait_until_can_do_something()
735 if (ret == -1) { in client_wait_until_can_do_something()
815 client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) in client_status_confirm()
825 if (cr->action == CONFIRM_TTY && in client_status_confirm()
828 cr->action = CONFIRM_CLOSE; in client_status_confirm()
832 c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE; in client_status_confirm()
835 debug2("%s request accepted on channel %d", in client_status_confirm()
836 cr->request_type, c->self); in client_status_confirm()
840 "%s request failed\r\n", cr->request_type); in client_status_confirm()
843 "%s request failed on channel %d", in client_status_confirm()
844 cr->request_type, c->self); in client_status_confirm()
846 /* If error occurred on primary session channel, then exit */ in client_status_confirm()
847 if (cr->action == CONFIRM_CLOSE && c->self == session_ident) in client_status_confirm()
854 debug3_f("channel %d: mux request: %s", c->self, in client_status_confirm()
855 cr->request_type); in client_status_confirm()
856 if ((r = sshbuf_put(c->extended, errmsg, in client_status_confirm()
861 if (cr->action == CONFIRM_TTY) { in client_status_confirm()
866 if (c->self == session_ident) in client_status_confirm()
870 } else if (cr->action == CONFIRM_CLOSE) { in client_status_confirm()
879 client_abandon_status_confirm(struct ssh *ssh, Channel *c, void *ctx) in client_abandon_status_confirm()
890 cr->request_type = request; in client_expect_confirm()
891 cr->action = action; in client_expect_confirm()
904 if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) { in client_register_global_confirm()
905 if (++last_gc->ref_count >= INT_MAX) in client_register_global_confirm()
906 fatal_f("last_gc->ref_count = %d", in client_register_global_confirm()
907 last_gc->ref_count); in client_register_global_confirm()
912 gc->cb = cb; in client_register_global_confirm()
913 gc->ctx = ctx; in client_register_global_confirm()
914 gc->ref_count = 1; in client_register_global_confirm()
919 * Returns non-zero if the client is able to handle a hostkeys-00@openssh.com
944 (session_ident != -1 && !session_setup_complete)) { in client_repledge()
955 * forcing known_hosts to be read-only or via unveil(2). in client_repledge()
963 if (pledge("stdio unix inet dns proc tty", NULL) == -1) in client_repledge()
968 if (pledge("stdio unix proc tty", NULL) == -1) in client_repledge()
972 if (pledge("stdio proc tty", NULL) == -1) in client_repledge()
977 * - might be able to get rid of proc if we kill ~^Z in client_repledge()
978 * - ssh -N (no session) in client_repledge()
979 * - stdio forwarding in client_repledge()
980 * - sessions without tty in client_repledge()
990 struct Forward fwd; in process_cmdline()
1001 if (*s == '-') in process_cmdline()
1002 s++; /* Skip cmdline '-', if any */ in process_cmdline()
1008 logit(" -L[bind_address:]port:host:hostport " in process_cmdline()
1009 "Request local forward"); in process_cmdline()
1010 logit(" -R[bind_address:]port:host:hostport " in process_cmdline()
1011 "Request remote forward"); in process_cmdline()
1012 logit(" -D[bind_address:]port " in process_cmdline()
1013 "Request dynamic forward"); in process_cmdline()
1014 logit(" -KL[bind_address:]port " in process_cmdline()
1015 "Cancel local forward"); in process_cmdline()
1016 logit(" -KR[bind_address:]port " in process_cmdline()
1017 "Cancel remote forward"); in process_cmdline()
1018 logit(" -KD[bind_address:]port " in process_cmdline()
1019 "Cancel dynamic forward"); in process_cmdline()
1073 /* -R specs can be both dynamic or not, so check both. */ in process_cmdline()
1155 if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n", in print_escape_help()
1161 " %c%c - send the escape character by typing it twice\r\n" in print_escape_help()
1171 process_escapes(struct ssh *ssh, Channel *c, in process_escapes()
1182 if (c == NULL || c->filter_ctx == NULL || len <= 0) in process_escapes()
1185 efc = (struct escape_filter_ctx *)c->filter_ctx; in process_escapes()
1191 if (efc->escape_pending) { in process_escapes()
1194 efc->escape_pending = 0; in process_escapes()
1201 efc->escape_char)) != 0) in process_escapes()
1203 if (c && c->ctl_chan != -1) { in process_escapes()
1208 return -1; in process_escapes()
1210 case 'Z' - 64: in process_escapes()
1212 if (c && c->ctl_chan != -1) { in process_escapes()
1215 if (ch == 'Z' - 64) in process_escapes()
1222 efc->escape_char, b)) != 0) in process_escapes()
1229 efc->escape_char)) != 0) in process_escapes()
1240 "%cB\r\n", efc->escape_char)) != 0) in process_escapes()
1242 channel_request_start(ssh, c->self, "break", 0); in process_escapes()
1249 if (ssh->compat & SSH_BUG_NOREKEY) in process_escapes()
1251 "support re-keying"); in process_escapes()
1259 if (c && c->ctl_chan != -1) in process_escapes()
1264 efc->escape_char, ch)) != 0) in process_escapes()
1270 log_change_level(--options.log_level); in process_escapes()
1276 efc->escape_char, ch, in process_escapes()
1282 if (c->ctl_chan != -1) in process_escapes()
1297 "[backgrounded]\n", efc->escape_char)) != 0) in process_escapes()
1302 if (pid == -1) { in process_escapes()
1314 return -1; in process_escapes()
1316 print_escape_help(berr, efc->escape_char, in process_escapes()
1317 (c && c->ctl_chan != -1), in process_escapes()
1323 efc->escape_char)) != 0) in process_escapes()
1332 if (c && c->ctl_chan != -1) in process_escapes()
1344 if (ch != efc->escape_char) { in process_escapes()
1346 efc->escape_char)) != 0) in process_escapes()
1358 if (last_was_cr && ch == efc->escape_char) { in process_escapes()
1363 efc->escape_pending = 1; in process_escapes()
1407 ret->escape_pending = 0; in client_new_escape_filter_ctx()
1408 ret->escape_char = escape_char; in client_new_escape_filter_ctx()
1412 /* Free the escape filter context on channel free */
1420 client_simple_escape_filter(struct ssh *ssh, Channel *c, char *buf, int len) in client_simple_escape_filter()
1422 if (c->extended_usage != CHAN_EXTENDED_WRITE) in client_simple_escape_filter()
1425 return process_escapes(ssh, c, c->input, c->output, c->extended, in client_simple_escape_filter()
1462 NULL) == -1) in client_loop()
1468 NULL) == -1) in client_loop()
1474 NULL) == -1) in client_loop()
1480 if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) in client_loop()
1485 if (pledge("stdio unix inet dns proc tty", NULL) == -1) in client_loop()
1496 exit_status = -1; in client_loop()
1505 * Set signal handlers, (e.g. to restore non-blocking mode) in client_loop()
1521 if (session_ident != -1) { in client_loop()
1535 if (sigemptyset(&bsigset) == -1 || in client_loop()
1536 sigaddset(&bsigset, SIGHUP) == -1 || in client_loop()
1537 sigaddset(&bsigset, SIGINT) == -1 || in client_loop()
1538 sigaddset(&bsigset, SIGQUIT) == -1 || in client_loop()
1539 sigaddset(&bsigset, SIGTERM) == -1) in client_loop()
1562 * Make packets from buffered channel data, and in client_loop()
1578 if (sigprocmask(SIG_BLOCK, &bsigset, &osigset) == -1) in client_loop()
1585 if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1) in client_loop()
1591 /* Do channel operations. */ in client_loop()
1673 total_time = monotime_double() - start_time; in client_loop()
1687 static Channel *
1691 Channel *c = NULL; in client_request_forwarded_tcpip()
1714 listen_address, listen_port, "forwarded-tcpip", in client_request_forwarded_tcpip()
1718 if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { in client_request_forwarded_tcpip()
1734 (r = sshbuf_put_stringb(c->output, b)) != 0) { in client_request_forwarded_tcpip()
1747 static Channel *
1751 Channel *c = NULL; in client_request_forwarded_streamlocal()
1764 "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); in client_request_forwarded_streamlocal()
1769 static Channel *
1772 Channel *c = NULL; in client_request_x11()
1779 error("Warning: this is probably a break-in attempt by a " in client_request_x11()
1800 c = channel_new(ssh, "x11-connection", in client_request_x11()
1801 SSH_CHANNEL_X11_OPEN, sock, sock, -1, in client_request_x11()
1803 c->force_drain = 1; in client_request_x11()
1807 static Channel *
1810 Channel *c = NULL; in client_request_agent()
1815 error("Warning: this is probably a break-in attempt by a " in client_request_agent()
1829 if ((r = ssh_agent_bind_hostkey(sock, ssh->kex->initial_hostkey, in client_request_agent()
1830 ssh->kex->session_id, ssh->kex->initial_sig, 1)) == 0) in client_request_agent()
1835 c = channel_new(ssh, "agent-connection", in client_request_agent()
1836 SSH_CHANNEL_OPEN, sock, sock, -1, in client_request_agent()
1839 c->force_drain = 1; in client_request_agent()
1847 Channel *c; in client_request_tun_fwd()
1857 if ((fd = tun_open(local_tun, tun_mode, &ifname)) == -1) { in client_request_tun_fwd()
1863 c = channel_new(ssh, "tun-connection", SSH_CHANNEL_OPENING, fd, fd, -1, in client_request_tun_fwd()
1865 c->datagram = 1; in client_request_tun_fwd()
1869 channel_register_filter(ssh, c->self, sys_tun_infilter, in client_request_tun_fwd()
1874 channel_register_open_confirm(ssh, c->self, cb, cbctx); in client_request_tun_fwd()
1878 (r = sshpkt_put_u32(ssh, c->self)) != 0 || in client_request_tun_fwd()
1879 (r = sshpkt_put_u32(ssh, c->local_window_max)) != 0 || in client_request_tun_fwd()
1880 (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || in client_request_tun_fwd()
1893 Channel *c = NULL; in client_input_channel_open()
1909 if (strcmp(ctype, "forwarded-tcpip") == 0) { in client_input_channel_open()
1912 } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { in client_input_channel_open()
1916 } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { in client_input_channel_open()
1919 if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { in client_input_channel_open()
1923 c->remote_id = rchan; in client_input_channel_open()
1924 c->have_remote_id = 1; in client_input_channel_open()
1925 c->remote_window = rwindow; in client_input_channel_open()
1926 c->remote_maxpacket = rmaxpack; in client_input_channel_open()
1927 if (c->type != SSH_CHANNEL_CONNECTING) { in client_input_channel_open()
1929 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || in client_input_channel_open()
1930 (r = sshpkt_put_u32(ssh, c->self)) != 0 || in client_input_channel_open()
1931 (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || in client_input_channel_open()
1932 (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || in client_input_channel_open()
1955 Channel *c = NULL; in client_input_channel_req()
1971 debug("client_input_channel_req: channel %u rtype %s reply %d", in client_input_channel_req()
1975 error("client_input_channel_req: channel %d: " in client_input_channel_req()
1976 "unknown channel", id); in client_input_channel_req()
1981 } else if (strcmp(rtype, "exit-status") == 0) { in client_input_channel_req()
1984 if (c->ctl_chan != -1) { in client_input_channel_req()
1992 /* Probably for a mux channel that has already closed */ in client_input_channel_req()
1993 debug_f("no sink for exit-status on channel %d", in client_input_channel_req()
1999 if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) { in client_input_channel_req()
2000 if (!c->have_remote_id) in client_input_channel_req()
2001 fatal_f("channel %d: no remote_id", c->self); in client_input_channel_req()
2004 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || in client_input_channel_req()
2038 int complex_hostspec; /* wildcard or manual pattern-list host name */
2051 for (i = 0; i < ctx->nkeys; i++) in hostkeys_update_ctx_free()
2052 sshkey_free(ctx->keys[i]); in hostkeys_update_ctx_free()
2053 free(ctx->keys); in hostkeys_update_ctx_free()
2054 free(ctx->keys_match); in hostkeys_update_ctx_free()
2055 free(ctx->keys_verified); in hostkeys_update_ctx_free()
2056 for (i = 0; i < ctx->nold; i++) in hostkeys_update_ctx_free()
2057 sshkey_free(ctx->old_keys[i]); in hostkeys_update_ctx_free()
2058 free(ctx->old_keys); in hostkeys_update_ctx_free()
2059 free(ctx->host_str); in hostkeys_update_ctx_free()
2060 free(ctx->ip_str); in hostkeys_update_ctx_free()
2065 * Returns non-zero if a known_hosts hostname list is not of a form that
2087 /* callback to search for ctx->keys in known_hosts */
2095 if (l->key == NULL) in hostkeys_find()
2097 if (l->status != HKF_STATUS_MATCHED) { in hostkeys_find()
2098 /* Record if one of the keys appears on a non-matching line */ in hostkeys_find()
2099 for (i = 0; i < ctx->nkeys; i++) { in hostkeys_find()
2100 if (sshkey_equal(l->key, ctx->keys[i])) { in hostkeys_find()
2101 ctx->other_name_seen = 1; in hostkeys_find()
2104 sshkey_ssh_name(ctx->keys[i]), in hostkeys_find()
2105 l->path, l->linenum); in hostkeys_find()
2113 if (l->marker != MRK_NONE) { in hostkeys_find()
2115 l->path, l->linenum); in hostkeys_find()
2116 ctx->complex_hostspec = 1; in hostkeys_find()
2121 if (ctx->ip_str != NULL && strchr(l->hosts, ',') != NULL) { in hostkeys_find()
2122 if ((l->match & HKF_MATCH_HOST) == 0) { in hostkeys_find()
2124 ctx->other_name_seen = 1; in hostkeys_find()
2126 "at %s:%ld", ctx->ip_str, l->path, l->linenum); in hostkeys_find()
2128 } else if ((l->match & HKF_MATCH_IP) == 0) { in hostkeys_find()
2130 ctx->other_name_seen = 1; in hostkeys_find()
2132 "at %s:%ld", ctx->host_str, l->path, l->linenum); in hostkeys_find()
2140 if (hostspec_is_complex(l->hosts)) { in hostkeys_find()
2142 l->path, l->linenum); in hostkeys_find()
2143 ctx->complex_hostspec = 1; in hostkeys_find()
2148 for (i = 0; i < ctx->nkeys; i++) { in hostkeys_find()
2149 if (!sshkey_equal(l->key, ctx->keys[i])) in hostkeys_find()
2152 sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum); in hostkeys_find()
2153 ctx->keys_match[i] |= l->match; in hostkeys_find()
2157 debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key), in hostkeys_find()
2158 l->path, l->linenum); in hostkeys_find()
2159 if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, in hostkeys_find()
2160 sizeof(*ctx->old_keys))) == NULL) in hostkeys_find()
2161 fatal_f("recallocarray failed nold = %zu", ctx->nold); in hostkeys_find()
2162 ctx->old_keys = tmp; in hostkeys_find()
2163 ctx->old_keys[ctx->nold++] = l->key; in hostkeys_find()
2164 l->key = NULL; in hostkeys_find()
2169 /* callback to search for ctx->old_keys in known_hosts under other names */
2178 if (l->status == HKF_STATUS_MATCHED || l->key == NULL) in hostkeys_check_old()
2181 hashed = l->match & (HKF_MATCH_HOST_HASHED|HKF_MATCH_IP_HASHED); in hostkeys_check_old()
2182 for (i = 0; i < ctx->nold; i++) { in hostkeys_check_old()
2183 if (!sshkey_equal(l->key, ctx->old_keys[i])) in hostkeys_check_old()
2186 sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum, in hostkeys_check_old()
2187 hashed ? "[HASHED]" : l->hosts); in hostkeys_check_old()
2188 ctx->old_key_seen = 1; in hostkeys_check_old()
2196 * on success or -1 on failure. Updates ctx->old_key_seen if deprecated keys
2205 debug2_f("checking for %zu deprecated keys", ctx->nold); in check_old_keys_othernames()
2208 options.user_hostfiles[i], ctx->host_str, in check_old_keys_othernames()
2209 ctx->ip_str ? ctx->ip_str : "(none)"); in check_old_keys_othernames()
2211 hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str, in check_old_keys_othernames()
2220 return -1; in check_old_keys_othernames()
2244 for (i = 0; i < ctx->nkeys; i++) { in update_known_hosts()
2245 if (!ctx->keys_verified[i]) in update_known_hosts()
2247 if ((fp = sshkey_fingerprint(ctx->keys[i], in update_known_hosts()
2253 sshkey_type(ctx->keys[i]), fp); in update_known_hosts()
2257 for (i = 0; i < ctx->nold; i++) { in update_known_hosts()
2258 if ((fp = sshkey_fingerprint(ctx->old_keys[i], in update_known_hosts()
2264 sshkey_type(ctx->old_keys[i]), fp); in update_known_hosts()
2319 ctx->host_str, ctx->ip_str, in update_known_hosts()
2320 i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0, in update_known_hosts()
2342 if (ctx->nnew == 0) in client_global_hostkeys_prove_confirm()
2343 fatal_f("ctx->nnew == 0"); /* sanity */ in client_global_hostkeys_prove_confirm()
2351 ssh->kex->hostkey_alg)) == KEY_RSA) in client_global_hostkeys_prove_confirm()
2352 rsa_kexalg = ssh->kex->hostkey_alg; in client_global_hostkeys_prove_confirm()
2356 * Expect a signature for each of the ctx->nnew private keys we in client_global_hostkeys_prove_confirm()
2358 * ctx->keys where the corresponding ctx->keys_match[i] == 0. in client_global_hostkeys_prove_confirm()
2360 for (ndone = i = 0; i < ctx->nkeys; i++) { in client_global_hostkeys_prove_confirm()
2361 if (ctx->keys_match[i]) in client_global_hostkeys_prove_confirm()
2363 plaintype = sshkey_type_plain(ctx->keys[i]->type); in client_global_hostkeys_prove_confirm()
2367 "hostkeys-prove-00@openssh.com")) != 0 || in client_global_hostkeys_prove_confirm()
2369 ssh->kex->session_id)) != 0 || in client_global_hostkeys_prove_confirm()
2370 (r = sshkey_puts(ctx->keys[i], signdata)) != 0) in client_global_hostkeys_prove_confirm()
2379 "for %s key %zu", sshkey_type(ctx->keys[i]), i); in client_global_hostkeys_prove_confirm()
2385 * proofs. Otherwise, accept only RSA-SHA256/512 signatures. in client_global_hostkeys_prove_confirm()
2393 sshkey_free(ctx->keys[i]); in client_global_hostkeys_prove_confirm()
2394 ctx->keys[i] = NULL; in client_global_hostkeys_prove_confirm()
2399 sshkey_type(ctx->keys[i]), i, alg); in client_global_hostkeys_prove_confirm()
2401 if ((r = sshkey_verify(ctx->keys[i], sig, siglen, in client_global_hostkeys_prove_confirm()
2405 sshkey_type(ctx->keys[i]), i); in client_global_hostkeys_prove_confirm()
2409 ctx->keys_verified[i] = 1; in client_global_hostkeys_prove_confirm()
2413 if (ndone != ctx->nnew) in client_global_hostkeys_prove_confirm()
2414 fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew); in client_global_hostkeys_prove_confirm()
2429 * Handle hostkeys-00@openssh.com global request to inform the client of all
2484 for (i = 0; i < ctx->nkeys; i++) { in client_input_hostkeys()
2485 if (sshkey_equal(key, ctx->keys[i])) { in client_input_hostkeys()
2492 if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, in client_input_hostkeys()
2493 sizeof(*ctx->keys))) == NULL) in client_input_hostkeys()
2495 ctx->nkeys); in client_input_hostkeys()
2496 ctx->keys = tmp; in client_input_hostkeys()
2497 ctx->keys[ctx->nkeys++] = key; in client_input_hostkeys()
2501 if (ctx->nkeys == 0) { in client_input_hostkeys()
2506 if ((ctx->keys_match = calloc(ctx->nkeys, in client_input_hostkeys()
2507 sizeof(*ctx->keys_match))) == NULL || in client_input_hostkeys()
2508 (ctx->keys_verified = calloc(ctx->nkeys, in client_input_hostkeys()
2509 sizeof(*ctx->keys_verified))) == NULL) in client_input_hostkeys()
2514 options.port, &ctx->host_str, in client_input_hostkeys()
2515 options.check_host_ip ? &ctx->ip_str : NULL); in client_input_hostkeys()
2520 options.user_hostfiles[i], ctx->host_str, in client_input_hostkeys()
2521 ctx->ip_str ? ctx->ip_str : "(none)"); in client_input_hostkeys()
2523 hostkeys_find, ctx, ctx->host_str, ctx->ip_str, in client_input_hostkeys()
2537 ctx->nnew = ctx->nincomplete = 0; in client_input_hostkeys()
2539 for (i = 0; i < ctx->nkeys; i++) { in client_input_hostkeys()
2540 if (ctx->keys_match[i] == 0) in client_input_hostkeys()
2541 ctx->nnew++; in client_input_hostkeys()
2542 if ((ctx->keys_match[i] & want) != want) in client_input_hostkeys()
2543 ctx->nincomplete++; in client_input_hostkeys()
2547 "%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew, in client_input_hostkeys()
2548 ctx->nkeys - ctx->nnew - ctx->nincomplete, in client_input_hostkeys()
2549 ctx->nincomplete, ctx->nold); in client_input_hostkeys()
2551 if (ctx->nnew == 0 && ctx->nold == 0) { in client_input_hostkeys()
2557 if (ctx->complex_hostspec) { in client_input_hostkeys()
2562 if (ctx->other_name_seen) { in client_input_hostkeys()
2574 if (ctx->nold != 0) { in client_input_hostkeys()
2577 if (ctx->old_key_seen) { in client_input_hostkeys()
2580 ctx->host_str, ctx->ip_str == NULL ? "" : ",", in client_input_hostkeys()
2581 ctx->ip_str == NULL ? "" : ctx->ip_str); in client_input_hostkeys()
2586 if (ctx->nnew == 0) { in client_input_hostkeys()
2596 * We have received previously-unseen keys from the server. in client_input_hostkeys()
2599 debug3_f("asking server to prove ownership for %zu keys", ctx->nnew); in client_input_hostkeys()
2602 "hostkeys-prove-00@openssh.com")) != 0 || in client_input_hostkeys()
2604 fatal_fr(r, "prepare hostkeys-prove"); in client_input_hostkeys()
2607 for (i = 0; i < ctx->nkeys; i++) { in client_input_hostkeys()
2608 if (ctx->keys_match[i]) in client_input_hostkeys()
2611 if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 || in client_input_hostkeys()
2613 fatal_fr(r, "assemble hostkeys-prove"); in client_input_hostkeys()
2616 fatal_fr(r, "send hostkeys-prove"); in client_input_hostkeys()
2651 if (strcmp(rtype, "hostkeys-00@openssh.com") == 0) in client_input_global_request()
2671 debug("channel %d: setting env %s = \"%s\"", id, name, val); in client_send_env()
2687 Channel *c = NULL; in client_session2_setup()
2692 fatal_f("channel %d: unknown channel", id); in client_session2_setup()
2701 if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1) in client_session2_setup()
2704 channel_request_start(ssh, id, "pty-req", 1); in client_session2_setup()
2712 fatal_fr(r, "build pty-req"); in client_session2_setup()
2715 ssh_tty_make_modes(ssh, -1, tiop); in client_session2_setup()
2717 fatal_fr(r, "send pty-req"); in client_session2_setup()
2719 c->client_tty = 1; in client_session2_setup()
2821 if (options.control_path != NULL && muxserver_sock != -1) in client_stop_mux()
2838 if (options.control_path != NULL && muxserver_sock != -1) in cleanup_exit()