95 static void server_init_dispatch(struct ssh *);
107 client_alive_check(struct ssh *ssh)  in client_alive_check()  argument
114 	    ssh_packet_inc_alive_timeouts(ssh) >  in client_alive_check()
116 		sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));  in client_alive_check()
125 	if ((channel_id = channel_find_open(ssh)) == -1) {  in client_alive_check()
126 		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||  in client_alive_check()
127 		    (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com"))  in client_alive_check()
129 		    (r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */  in client_alive_check()
132 		channel_request_start(ssh, channel_id,  in client_alive_check()
135 	if ((r = sshpkt_send(ssh)) != 0)  in client_alive_check()
145 wait_until_can_do_something(struct ssh *ssh,  in wait_until_can_do_something()  argument
162 	channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, &timeout);  in wait_until_can_do_something()
166 	if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) {  in wait_until_can_do_something()
168 		    ssh_packet_get_rekey_timeout(ssh));  in wait_until_can_do_something()
176 		if (channel_still_open(ssh) || unused_connection_expiry == 0) {  in wait_until_can_do_something()
208 	(*pfdp)[1].events = ssh_packet_have_data_to_write(ssh) ? POLLOUT : 0;  in wait_until_can_do_something()
214 	if (child_terminated && ssh_packet_not_very_much_data_to_write(ssh))  in wait_until_can_do_something()
237 			client_alive_check(ssh);  in wait_until_can_do_something()
247 	    now > unused_connection_expiry && !channel_still_open(ssh)) {  in wait_until_can_do_something()
248 		sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));  in wait_until_can_do_something()
259 process_input(struct ssh *ssh, int connection_in)  in process_input()  argument
263 	if ((r = ssh_packet_process_read(ssh, connection_in)) == 0)  in process_input()
270 			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));  in process_input()
274 		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),  in process_input()
285 process_output(struct ssh *ssh, int connection_out)  in process_output()  argument
290 	if ((r = ssh_packet_write_poll(ssh)) != 0) {  in process_output()
291 		sshpkt_fatal(ssh, r, "%s: ssh_packet_write_poll",  in process_output()
297 process_buffered_input_packets(struct ssh *ssh)  in process_buffered_input_packets()  argument
299 	ssh_dispatch_run_fatal(ssh, DISPATCH_NONBLOCK, NULL);  in process_buffered_input_packets()
303 collect_children(struct ssh *ssh)  in collect_children()  argument
313 				session_close_by_pid(ssh, pid, status);  in collect_children()
319 server_loop2(struct ssh *ssh, Authctxt *authctxt)  in server_loop2()  argument
333 	connection_in = ssh_packet_get_connection_in(ssh);  in server_loop2()
334 	connection_out = ssh_packet_get_connection_out(ssh);  in server_loop2()
336 	server_init_dispatch(ssh);  in server_loop2()
339 		process_buffered_input_packets(ssh);  in server_loop2()
341 		if (!ssh_packet_is_rekeying(ssh) &&  in server_loop2()
342 		    ssh_packet_not_very_much_data_to_write(ssh))  in server_loop2()
343 			channel_output_poll(ssh);  in server_loop2()
352 		collect_children(ssh);  in server_loop2()
353 		wait_until_can_do_something(ssh, connection_in, connection_out,  in server_loop2()
359 		channel_after_poll(ssh, pfd, npfd_active);  in server_loop2()
361 		    process_input(ssh, connection_in) < 0)  in server_loop2()
364 		if ((r = ssh_packet_check_rekey(ssh)) != 0)  in server_loop2()
367 			process_output(ssh, connection_out);  in server_loop2()
369 	collect_children(ssh);  in server_loop2()
373 	channel_free_all(ssh);  in server_loop2()
376 	session_destroy_all(ssh, NULL);  in server_loop2()
380 server_input_keep_alive(int type, u_int32_t seq, struct ssh *ssh)  in server_input_keep_alive()  argument
388 	ssh_packet_set_alive_timeouts(ssh, 0);  in server_input_keep_alive()
393 server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg)  in server_request_direct_tcpip()  argument
400 	if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||  in server_request_direct_tcpip()
401 	    (r = sshpkt_get_u32(ssh, &target_port)) != 0 ||  in server_request_direct_tcpip()
402 	    (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||  in server_request_direct_tcpip()
403 	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||  in server_request_direct_tcpip()
404 	    (r = sshpkt_get_end(ssh)) != 0)  in server_request_direct_tcpip()
405 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_request_direct_tcpip()
424 		c = channel_connect_to_port(ssh, target, target_port,  in server_request_direct_tcpip()
441 server_request_direct_streamlocal(struct ssh *ssh)  in server_request_direct_streamlocal()  argument
452 	if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||  in server_request_direct_streamlocal()
453 	    (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||  in server_request_direct_streamlocal()
454 	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||  in server_request_direct_streamlocal()
455 	    (r = sshpkt_get_end(ssh)) != 0)  in server_request_direct_streamlocal()
456 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_request_direct_streamlocal()
469 		c = channel_connect_to_path(ssh, target,  in server_request_direct_streamlocal()
484 server_request_tun(struct ssh *ssh)  in server_request_tun()  argument
491 	if ((r = sshpkt_get_u32(ssh, &mode)) != 0)  in server_request_tun()
492 		sshpkt_fatal(ssh, r, "%s: parse mode", __func__);  in server_request_tun()
498 		ssh_packet_send_debug(ssh, "Unsupported tunnel device mode.");  in server_request_tun()
502 		ssh_packet_send_debug(ssh, "Server has rejected tunnel device "  in server_request_tun()
507 	if ((r = sshpkt_get_u32(ssh, &tun)) != 0)  in server_request_tun()
508 		sshpkt_fatal(ssh, r, "%s: parse device", __func__);  in server_request_tun()
524 	c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1,  in server_request_tun()
529 		channel_register_filter(ssh, c->self, sys_tun_infilter,  in server_request_tun()
548 		ssh_packet_send_debug(ssh, "Failed to open the tunnel device.");  in server_request_tun()
553 server_request_session(struct ssh *ssh)  in server_request_session()  argument
559 	if ((r = sshpkt_get_end(ssh)) != 0)  in server_request_session()
560 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_request_session()
563 		ssh_packet_disconnect(ssh, "Possible attack: attempt to open a "  in server_request_session()
573 	c = channel_new(ssh, "session", SSH_CHANNEL_LARVAL,  in server_request_session()
578 		channel_free(ssh, c);  in server_request_session()
581 	channel_register_cleanup(ssh, c->self, session_close_by_channel, 0);  in server_request_session()
586 server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)  in server_input_channel_open()  argument
594 	if ((r = sshpkt_get_cstring(ssh, &ctype, NULL)) != 0 ||  in server_input_channel_open()
595 	    (r = sshpkt_get_u32(ssh, &rchan)) != 0 ||  in server_input_channel_open()
596 	    (r = sshpkt_get_u32(ssh, &rwindow)) != 0 ||  in server_input_channel_open()
597 	    (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)  in server_input_channel_open()
598 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_channel_open()
603 		c = server_request_session(ssh);  in server_input_channel_open()
605 		c = server_request_direct_tcpip(ssh, &reason, &errmsg);  in server_input_channel_open()
607 		c = server_request_direct_streamlocal(ssh);  in server_input_channel_open()
609 		c = server_request_tun(ssh);  in server_input_channel_open()
618 			if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 ||  in server_input_channel_open()
619 			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||  in server_input_channel_open()
620 			    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||  in server_input_channel_open()
621 			    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||  in server_input_channel_open()
622 			    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 ||  in server_input_channel_open()
623 			    (r = sshpkt_send(ssh)) != 0) {  in server_input_channel_open()
624 				sshpkt_fatal(ssh, r,  in server_input_channel_open()
630 		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||  in server_input_channel_open()
631 		    (r = sshpkt_put_u32(ssh, rchan)) != 0 ||  in server_input_channel_open()
632 		    (r = sshpkt_put_u32(ssh, reason)) != 0 ||  in server_input_channel_open()
633 		    (r = sshpkt_put_cstring(ssh, errmsg ? errmsg : "open failed")) != 0 ||  in server_input_channel_open()
634 		    (r = sshpkt_put_cstring(ssh, "")) != 0 ||  in server_input_channel_open()
635 		    (r = sshpkt_send(ssh)) != 0) {  in server_input_channel_open()
636 			sshpkt_fatal(ssh, r,  in server_input_channel_open()
645 server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)  in server_input_hostkeys_prove()  argument
659 	    ssh->kex->hostkey_alg)) == KEY_RSA)  in server_input_hostkeys_prove()
660 		kex_rsa_sigalg = ssh->kex->hostkey_alg;  in server_input_hostkeys_prove()
661 	while (ssh_packet_remaining(ssh) > 0) {  in server_input_hostkeys_prove()
664 		if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 ||  in server_input_hostkeys_prove()
673 		if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) {  in server_input_hostkeys_prove()
682 		    (key_pub = get_hostkey_public_by_index(ndx, ssh)) == NULL) {  in server_input_hostkeys_prove()
697 			else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)  in server_input_hostkeys_prove()
699 			else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)  in server_input_hostkeys_prove()
707 		    ssh->kex->session_id)) != 0 ||  in server_input_hostkeys_prove()
709 		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,  in server_input_hostkeys_prove()
729 server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)  in server_input_global_request()  argument
743 	if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||  in server_input_global_request()
744 	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)  in server_input_global_request()
745 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_global_request()
750 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||  in server_input_global_request()
751 		    (r = sshpkt_get_u32(ssh, &port)) != 0)  in server_input_global_request()
752 			sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__);  in server_input_global_request()
764 			ssh_packet_send_debug(ssh, "Server has disabled port forwarding.");  in server_input_global_request()
767 			success = channel_setup_remote_fwd_listener(ssh, &fwd,  in server_input_global_request()
776 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||  in server_input_global_request()
777 		    (r = sshpkt_get_u32(ssh, &port)) != 0)  in server_input_global_request()
778 			sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__);  in server_input_global_request()
784 			success = channel_cancel_rport_listener(ssh, &fwd);  in server_input_global_request()
787 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)  in server_input_global_request()
788 			sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__);  in server_input_global_request()
797 			ssh_packet_send_debug(ssh, "Server has disabled "  in server_input_global_request()
801 			success = channel_setup_remote_fwd_listener(ssh,  in server_input_global_request()
805 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)  in server_input_global_request()
806 			sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__);  in server_input_global_request()
810 		success = channel_cancel_rport_listener(ssh, &fwd);  in server_input_global_request()
815 		success = server_input_hostkeys_prove(ssh, &resp);  in server_input_global_request()
819 		if ((r = sshpkt_start(ssh, success ?  in server_input_global_request()
821 		    (success && resp != NULL && (r = sshpkt_putb(ssh, resp)) != 0) ||  in server_input_global_request()
822 		    (r = sshpkt_send(ssh)) != 0 ||  in server_input_global_request()
823 		    (r = ssh_packet_write_wait(ssh)) != 0)  in server_input_global_request()
824 			sshpkt_fatal(ssh, r, "%s: send reply", __func__);  in server_input_global_request()
834 server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh)  in server_input_channel_req()  argument
842 	if ((r = sshpkt_get_u32(ssh, &id)) != 0 ||  in server_input_channel_req()
843 	    (r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||  in server_input_channel_req()
844 	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)  in server_input_channel_req()
845 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_channel_req()
850 	if (id >= INT_MAX || (c = channel_lookup(ssh, (int)id)) == NULL) {  in server_input_channel_req()
851 		ssh_packet_disconnect(ssh, "%s: unknown channel %d",  in server_input_channel_req()
855 		if ((r = sshpkt_get_end(ssh)) != 0)  in server_input_channel_req()
856 			sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_channel_req()
857 		chan_rcvd_eow(ssh, c);  in server_input_channel_req()
860 		success = session_input_channel_req(ssh, c, rtype);  in server_input_channel_req()
864 		if ((r = sshpkt_start(ssh, success ?  in server_input_channel_req()
866 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||  in server_input_channel_req()
867 		    (r = sshpkt_send(ssh)) != 0)  in server_input_channel_req()
868 			sshpkt_fatal(ssh, r, "%s: send reply", __func__);  in server_input_channel_req()
875 server_init_dispatch(struct ssh *ssh)  in server_init_dispatch()  argument
878 	ssh_dispatch_init(ssh, &dispatch_protocol_error);  in server_init_dispatch()
879 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);  in server_init_dispatch()
880 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA, &channel_input_data);  in server_init_dispatch()
881 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);  in server_init_dispatch()
882 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);  in server_init_dispatch()
883 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);  in server_init_dispatch()
884 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);  in server_init_dispatch()
885 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);  in server_init_dispatch()
886 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);  in server_init_dispatch()
887 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);  in server_init_dispatch()
888 	ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);  in server_init_dispatch()
890 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);  in server_init_dispatch()
891 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);  in server_init_dispatch()
892 	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);  in server_init_dispatch()
893 	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);  in server_init_dispatch()
895 	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);  in server_init_dispatch()