62 #include "openbsd-compat/sys-queue.h"
80 #include "auth-options.h"
90 static int no_more_sessions = 0; /* Disallow further sessions. */
101 sigchld_handler(int sig)  in sigchld_handler()
110 	int r, channel_id;  in client_alive_check()
125 	if ((channel_id = channel_find_open(ssh)) == -1) {  in client_alive_check()
146     int connection_in, int connection_out, struct pollfd **pfdp,  in wait_until_can_do_something()
148     int *conn_in_readyp, int *conn_out_readyp)  in wait_until_can_do_something()
152 	int ret;  in wait_until_can_do_something()
153 	int client_alive_scheduled = 0;  in wait_until_can_do_something()
220 	if (ret == -1) {  in wait_until_can_do_something()
258 static int
259 process_input(struct ssh *ssh, int connection_in)  in process_input()
261 	int r;  in process_input()
271 			return -1;  in process_input()
278 	return -1;  in process_input()
285 process_output(struct ssh *ssh, int connection_out)  in process_output()
287 	int r;  in process_output()
306 	int status;  in collect_children()
310 		while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||  in collect_children()
311 		    (pid == -1 && errno == EINTR))  in collect_children()
323 	int r, conn_in_ready, conn_out_ready;  in server_loop2()
329 	if (sigemptyset(&bsigset) == -1 || sigaddset(&bsigset, SIGCHLD) == -1)  in server_loop2()
347 		 * the old signal mask through to ppoll() so that it'll wake  in server_loop2()
350 		if (sigprocmask(SIG_BLOCK, &bsigset, &osigset) == -1)  in server_loop2()
356 		if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1)  in server_loop2()
379 static int
380 server_input_keep_alive(int type, u_int32_t seq, struct ssh *ssh)  in server_input_keep_alive()
393 server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg)  in server_request_direct_tcpip()
398 	int r;  in server_request_direct_tcpip()
422 	    auth_opts->permit_port_forwarding_flag &&  in server_request_direct_tcpip()
425 		    "direct-tcpip", "direct-tcpip", reason, errmsg);  in server_request_direct_tcpip()
446 	struct passwd *pw = the_authctxt->pw;  in server_request_direct_streamlocal()
447 	int r;  in server_request_direct_streamlocal()
449 	if (pw == NULL || !the_authctxt->valid)  in server_request_direct_streamlocal()
467 	    auth_opts->permit_port_forwarding_flag &&  in server_request_direct_streamlocal()
470 		    "direct-streamlocal@openssh.com", "direct-streamlocal");  in server_request_direct_streamlocal()
488 	int r, sock;  in server_request_tun()
513 	if (auth_opts->force_tun_device != -1) {  in server_request_tun()
515 		    auth_opts->force_tun_device != (int)tun)  in server_request_tun()
517 		tun = auth_opts->force_tun_device;  in server_request_tun()
524 	c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1,  in server_request_tun()
526 	c->datagram = 1;  in server_request_tun()
529 		channel_register_filter(ssh, c->self, sys_tun_infilter,  in server_request_tun()
556 	int r;  in server_request_session()
574 	    -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,  in server_request_session()
575 	    0, "server-session", 1);  in server_request_session()
576 	if (session_open(the_authctxt, c->self) != 1) {  in server_request_session()
577 		debug("session open failed, free channel %d", c->self);  in server_request_session()
581 	channel_register_cleanup(ssh, c->self, session_close_by_channel, 0);  in server_request_session()
585 static int
586 server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)  in server_input_channel_open()
591 	int r, reason = SSH2_OPEN_CONNECT_FAILED;  in server_input_channel_open()
604 	} else if (strcmp(ctype, "direct-tcpip") == 0) {  in server_input_channel_open()
606 	} else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) {  in server_input_channel_open()
613 		c->remote_id = rchan;  in server_input_channel_open()
614 		c->have_remote_id = 1;  in server_input_channel_open()
615 		c->remote_window = rwindow;  in server_input_channel_open()
616 		c->remote_maxpacket = rmaxpack;  in server_input_channel_open()
617 		if (c->type != SSH_CHANNEL_CONNECTING) {  in server_input_channel_open()
619 			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||  in server_input_channel_open()
620 			    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||  in server_input_channel_open()
621 			    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||  in server_input_channel_open()
622 			    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 ||  in server_input_channel_open()
644 static int
650 	int r, ndx, success = 0;  in server_input_hostkeys_prove()
659 	    ssh->kex->hostkey_alg)) == KEY_RSA)  in server_input_hostkeys_prove()
660 		kex_rsa_sigalg = ssh->kex->hostkey_alg;  in server_input_hostkeys_prove()
673 		if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) {  in server_input_hostkeys_prove()
678 		 * XXX refactor: make kex->sign just use an index rather  in server_input_hostkeys_prove()
694 		if (sshkey_type_plain(key->type) == KEY_RSA) {  in server_input_hostkeys_prove()
697 			else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)  in server_input_hostkeys_prove()
698 				sigalg = "rsa-sha2-512";  in server_input_hostkeys_prove()
699 			else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)  in server_input_hostkeys_prove()
700 				sigalg = "rsa-sha2-256";  in server_input_hostkeys_prove()
705 		    "hostkeys-prove-00@openssh.com")) != 0 ||  in server_input_hostkeys_prove()
707 		    ssh->kex->session_id)) != 0 ||  in server_input_hostkeys_prove()
709 		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,  in server_input_hostkeys_prove()
728 static int
729 server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)  in server_input_global_request()
733 	int r, success = 0, allocated_listen_port = 0;  in server_input_global_request()
736 	struct passwd *pw = the_authctxt->pw;  in server_input_global_request()
737 	struct Forward fwd;  in server_input_global_request()  local
739 	memset(&fwd, 0, sizeof(fwd));  in server_input_global_request()
740 	if (pw == NULL || !the_authctxt->valid)  in server_input_global_request()
748 	/* -R style forwarding */  in server_input_global_request()
749 	if (strcmp(rtype, "tcpip-forward") == 0) {  in server_input_global_request()
750 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||  in server_input_global_request()
752 			sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__);  in server_input_global_request()
753 		debug_f("tcpip-forward listen %s port %u",  in server_input_global_request()
754 		    fwd.listen_host, port);  in server_input_global_request()
756 			fwd.listen_port = (int)port;  in server_input_global_request()
760 		    !auth_opts->permit_port_forwarding_flag ||  in server_input_global_request()
762 		    (!want_reply && fwd.listen_port == 0)) {  in server_input_global_request()
767 			success = channel_setup_remote_fwd_listener(ssh, &fwd,  in server_input_global_request()
775 	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {  in server_input_global_request()
776 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||  in server_input_global_request()
778 			sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__);  in server_input_global_request()
780 		debug_f("cancel-tcpip-forward addr %s port %d",  in server_input_global_request()
781 		    fwd.listen_host, port);  in server_input_global_request()
783 			fwd.listen_port = (int)port;  in server_input_global_request()
784 			success = channel_cancel_rport_listener(ssh, &fwd);  in server_input_global_request()
786 	} else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) {  in server_input_global_request()
787 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)  in server_input_global_request()
788 			sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__);  in server_input_global_request()
789 		debug_f("streamlocal-forward listen path %s",  in server_input_global_request()
790 		    fwd.listen_path);  in server_input_global_request()
794 		    || !auth_opts->permit_port_forwarding_flag ||  in server_input_global_request()
802 			    &fwd, NULL, &options.fwd_opts);  in server_input_global_request()
804 	} else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) {  in server_input_global_request()
805 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)  in server_input_global_request()
806 			sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__);  in server_input_global_request()
807 		debug_f("cancel-streamlocal-forward path %s",  in server_input_global_request()
808 		    fwd.listen_path);  in server_input_global_request()
810 		success = channel_cancel_rport_listener(ssh, &fwd);  in server_input_global_request()
811 	} else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {  in server_input_global_request()
814 	} else if (strcmp(rtype, "hostkeys-prove-00@openssh.com") == 0) {  in server_input_global_request()
826 	free(fwd.listen_host);  in server_input_global_request()
827 	free(fwd.listen_path);  in server_input_global_request()
833 static int
834 server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh)  in server_input_channel_req()
837 	int r, success = 0;  in server_input_channel_req()
850 	if (id >= INT_MAX || (c = channel_lookup(ssh, (int)id)) == NULL) {  in server_input_channel_req()
858 	} else if ((c->type == SSH_CHANNEL_LARVAL ||  in server_input_channel_req()
859 	    c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)  in server_input_channel_req()
861 	if (want_reply && !(c->flags & CHAN_CLOSE_SENT)) {  in server_input_channel_req()
862 		if (!c->have_remote_id)  in server_input_channel_req()
863 			fatal_f("channel %d: no remote_id", c->self);  in server_input_channel_req()
866 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||  in server_input_channel_req()