X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/d57f70afa40c24426e5f936c86f7640801d43f7a..055817455466c8eb60392f30bb7c689763962e17:/ssh.c diff --git a/ssh.c b/ssh.c index 63f200be..170253b2 100644 --- a/ssh.c +++ b/ssh.c @@ -494,15 +494,38 @@ struct ssh_channel { * of its ports was connected to; and _you_ have to remember what * local host:port pair went with that port number. * - * Hence: in SSH 1 this structure stores host:port pairs we intend - * to allow connections to, and is indexed by those host:port - * pairs. In SSH 2 it stores a mapping from source port to - * destination host:port pair, and is indexed by source port. + * Hence, in SSH 1 this structure is indexed by destination + * host:port pair, whereas in SSH 2 it is indexed by source port. */ +struct ssh_portfwd; /* forward declaration */ + struct ssh_rportfwd { unsigned sport, dport; char dhost[256]; + char *sportdesc; + struct ssh_portfwd *pfrec; +}; +#define free_rportfwd(pf) ( \ + ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) ) + +/* + * Separately to the rportfwd tree (which is for looking up port + * open requests from the server), a tree of _these_ structures is + * used to keep track of all the currently open port forwardings, + * so that we can reconfigure in mid-session if the user requests + * it. + */ +struct ssh_portfwd { + int keep; + int type; + unsigned sport, dport; + char *saddr, *daddr; + struct ssh_rportfwd *remote; + int addressfamily; + void *local; }; +#define free_portfwd(pf) ( \ + ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr)) : (void)0 ), sfree(pf) ) struct Packet { long length; @@ -561,6 +584,15 @@ struct rdpkt2_state_tag { }; typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin); +typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx); + +struct queued_handler; +struct queued_handler { + int msg1, msg2; + chandler_fn_t handler; + void *ctx; + struct queued_handler *next; +}; struct ssh_tag { const struct plug_function_table *fn; @@ -608,7 +640,7 @@ struct ssh_tag { struct ssh_channel *mainchan; /* primary session channel */ int exitcode; - tree234 *rportfwds; + tree234 *rportfwds, *portfwds; enum { SSH_STATE_PREPACKET, @@ -642,7 +674,6 @@ struct ssh_tag { int userpass_input_bufpos; int userpass_input_echo; - char *portfwd_strptr; int pkt_ctx; void *x11auth; @@ -699,6 +730,12 @@ struct ssh_tag { handler_fn_t packet_dispatch[256]; /* + * Queues of one-off handler functions for success/failure + * indications from a request. + */ + struct queued_handler *qhead, *qtail; + + /* * This module deals with sending keepalives. */ Pinger pinger; @@ -710,7 +747,7 @@ struct ssh_tag { unsigned long incoming_data_size, outgoing_data_size, deferred_data_size; unsigned long max_data_size; int kex_in_progress; - long next_rekey; + long next_rekey, last_rekey; }; #define logevent(s) logevent(ssh->frontend, s) @@ -803,6 +840,47 @@ static int ssh_rportcmp_ssh2(void *av, void *bv) return 0; } +/* + * Special form of strcmp which can cope with NULL inputs. NULL is + * defined to sort before even the empty string. + */ +static int nullstrcmp(const char *a, const char *b) +{ + if (a == NULL && b == NULL) + return 0; + if (a == NULL) + return -1; + if (b == NULL) + return +1; + return strcmp(a, b); +} + +static int ssh_portcmp(void *av, void *bv) +{ + struct ssh_portfwd *a = (struct ssh_portfwd *) av; + struct ssh_portfwd *b = (struct ssh_portfwd *) bv; + int i; + if (a->type > b->type) + return +1; + if (a->type < b->type) + return -1; + if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0) + return i < 0 ? -1 : +1; + if (a->sport > b->sport) + return +1; + if (a->sport < b->sport) + return -1; + if (a->type != 'D') { + if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0) + return i < 0 ? -1 : +1; + if (a->dport > b->dport) + return +1; + if (a->dport < b->dport) + return -1; + } + return 0; +} + static int alloc_channel_id(Ssh ssh) { const unsigned CHANNEL_NUMBER_OFFSET = 256; @@ -2372,8 +2450,11 @@ static const char *connect_to_host(Ssh ssh, char *host, int port, /* * Try to find host. */ - logeventf(ssh, "Looking up host \"%s\"", host); - addr = name_lookup(host, port, realhost, &ssh->cfg); + logeventf(ssh, "Looking up host \"%s\"%s", host, + (ssh->cfg.addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" : + (ssh->cfg.addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : ""))); + addr = name_lookup(host, port, realhost, &ssh->cfg, + ssh->cfg.addressfamily); if ((err = sk_addr_error(addr)) != NULL) { sk_addr_free(addr); return err; @@ -3502,6 +3583,399 @@ void sshfwd_unthrottle(struct ssh_channel *c, int bufsize) } } +static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin) +{ + struct queued_handler *qh = ssh->qhead; + + assert(qh != NULL); + + assert(pktin->type == qh->msg1 || pktin->type == qh->msg2); + + if (qh->msg1 > 0) { + assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler); + ssh->packet_dispatch[qh->msg1] = NULL; + } + if (qh->msg2 > 0) { + assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler); + ssh->packet_dispatch[qh->msg2] = NULL; + } + + if (qh->next) { + ssh->qhead = qh->next; + + if (ssh->qhead->msg1 > 0) { + assert(ssh->packet_dispatch[ssh->qhead->msg1] == NULL); + ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler; + } + if (ssh->qhead->msg2 > 0) { + assert(ssh->packet_dispatch[ssh->qhead->msg2] == NULL); + ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler; + } + } else { + ssh->qhead = ssh->qtail = NULL; + ssh->packet_dispatch[pktin->type] = NULL; + } + + qh->handler(ssh, pktin, qh->ctx); + + sfree(qh); +} + +static void ssh_queue_handler(Ssh ssh, int msg1, int msg2, + chandler_fn_t handler, void *ctx) +{ + struct queued_handler *qh; + + qh = snew(struct queued_handler); + qh->msg1 = msg1; + qh->msg2 = msg2; + qh->handler = handler; + qh->ctx = ctx; + qh->next = NULL; + + if (ssh->qtail == NULL) { + ssh->qhead = qh; + + if (qh->msg1 > 0) { + assert(ssh->packet_dispatch[qh->msg1] == NULL); + ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler; + } + if (qh->msg2 > 0) { + assert(ssh->packet_dispatch[qh->msg2] == NULL); + ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler; + } + } else { + ssh->qtail->next = qh; + } + ssh->qtail = qh; +} + +static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx) +{ + struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx; + + if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS : + SSH2_MSG_REQUEST_SUCCESS)) { + logeventf(ssh, "Remote port forwarding from %s enabled", + pf->sportdesc); + } else { + logeventf(ssh, "Remote port forwarding from %s refused", + pf->sportdesc); + + rpf = del234(ssh->rportfwds, pf); + assert(rpf == pf); + free_rportfwd(pf); + } +} + +static void ssh_setup_portfwd(Ssh ssh, const Config *cfg) +{ + char address_family, type; + int n; + int sport,dport,sserv,dserv; + char sports[256], dports[256], saddr[256], host[256]; + const char *portfwd_strptr; + + portfwd_strptr = cfg->portfwd; + + if (!ssh->portfwds) { + ssh->portfwds = newtree234(ssh_portcmp); + } else { + /* + * Go through the existing port forwardings and tag them + * with keep==FALSE. Any that we want to keep will be + * re-enabled as we go through the configuration and find + * out which bits are the same as they were before. + */ + struct ssh_portfwd *epf; + int i; + for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++) + epf->keep = FALSE; + } + + while (*portfwd_strptr) { + address_family = 'A'; + type = 'L'; + while (*portfwd_strptr && *portfwd_strptr != '\t') { + if (*portfwd_strptr == 'A' || + *portfwd_strptr == '4' || + *portfwd_strptr == '6') + address_family = *portfwd_strptr; + else if (*portfwd_strptr == 'L' || + *portfwd_strptr == 'R' || + *portfwd_strptr == 'D') + type = *portfwd_strptr; + portfwd_strptr++; + } + + saddr[0] = '\0'; + + n = 0; + while (*portfwd_strptr && *portfwd_strptr != '\t') { + if (*portfwd_strptr == ':') { + /* + * We've seen a colon in the middle of the + * source port number. This means that + * everything we've seen until now is the + * source _address_, so we'll move it into + * saddr and start sports from the beginning + * again. + */ + portfwd_strptr++; + sports[n] = '\0'; + if (ssh->version == 1 && type == 'R') { + logeventf(ssh, "SSH1 cannot handle remote source address " + "spec \"%s\"; ignoring", sports); + } else + strcpy(saddr, sports); + n = 0; + } + if (n < 255) sports[n++] = *portfwd_strptr++; + } + sports[n] = 0; + if (type != 'D') { + if (*portfwd_strptr == '\t') + portfwd_strptr++; + n = 0; + while (*portfwd_strptr && *portfwd_strptr != ':') { + if (n < 255) host[n++] = *portfwd_strptr++; + } + host[n] = 0; + if (*portfwd_strptr == ':') + portfwd_strptr++; + n = 0; + while (*portfwd_strptr) { + if (n < 255) dports[n++] = *portfwd_strptr++; + } + dports[n] = 0; + portfwd_strptr++; + dport = atoi(dports); + dserv = 0; + if (dport == 0) { + dserv = 1; + dport = net_service_lookup(dports); + if (!dport) { + logeventf(ssh, "Service lookup failed for destination" + " port \"%s\"", dports); + } + } + } else { + while (*portfwd_strptr) portfwd_strptr++; + dport = dserv = -1; + portfwd_strptr++; /* eat the NUL and move to next one */ + } + sport = atoi(sports); + sserv = 0; + if (sport == 0) { + sserv = 1; + sport = net_service_lookup(sports); + if (!sport) { + logeventf(ssh, "Service lookup failed for source" + " port \"%s\"", sports); + } + } + if (sport && dport) { + /* Set up a description of the source port. */ + struct ssh_portfwd *pfrec, *epfrec; + char *sportdesc; + sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s", + (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL, + (int)(*saddr?1:0), ":", + (int)(sserv ? strlen(sports) : 0), sports, + sserv, "(", sport, sserv, ")"); + + pfrec = snew(struct ssh_portfwd); + pfrec->type = type; + pfrec->saddr = *saddr ? dupstr(saddr) : NULL; + pfrec->sport = sport; + pfrec->daddr = dupstr(host); + pfrec->dport = dport; + pfrec->local = NULL; + pfrec->remote = NULL; + pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 : + address_family == '6' ? ADDRTYPE_IPV6 : + ADDRTYPE_UNSPEC); + + epfrec = add234(ssh->portfwds, pfrec); + if (epfrec != pfrec) { + /* + * We already have a port forwarding with precisely + * these parameters. Hence, no need to do anything; + * simply tag the existing one as `keep'. + */ + epfrec->keep = TRUE; + free_portfwd(pfrec); + } else if (type == 'L') { + /* Verbose description of the destination port */ + char *dportdesc = dupprintf("%s:%.*s%.*s%d%.*s", + host, + (int)(dserv ? strlen(dports) : 0), dports, + dserv, "(", dport, dserv, ")"); + const char *err = pfd_addforward(host, dport, + *saddr ? saddr : NULL, + sport, ssh, &ssh->cfg, + &pfrec->local, + pfrec->addressfamily); + + logeventf(ssh, "Local %sport %s forward to %s%s%s", + pfrec->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " : + pfrec->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "", + sportdesc, dportdesc, + err ? " failed: " : "", err); + + sfree(dportdesc); + } else if (type == 'D') { + const char *err = pfd_addforward(NULL, -1, + *saddr ? saddr : NULL, + sport, ssh, &ssh->cfg, + &pfrec->local, + pfrec->addressfamily); + + logeventf(ssh, "Local %sport %s SOCKS dynamic forward%s%s", + pfrec->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " : + pfrec->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "", + sportdesc, + err ? " setup failed: " : "", err); + } else { + struct ssh_rportfwd *pf; + + /* + * Ensure the remote port forwardings tree exists. + */ + if (!ssh->rportfwds) { + if (ssh->version == 1) + ssh->rportfwds = newtree234(ssh_rportcmp_ssh1); + else + ssh->rportfwds = newtree234(ssh_rportcmp_ssh2); + } + + pf = snew(struct ssh_rportfwd); + strcpy(pf->dhost, host); + pf->dport = dport; + pf->sport = sport; + if (add234(ssh->rportfwds, pf) != pf) { + logeventf(ssh, "Duplicate remote port forwarding to %s:%d", + host, dport); + sfree(pf); + } else { + logeventf(ssh, "Requesting remote port %s" + " forward to %s:%.*s%.*s%d%.*s", + sportdesc, host, + (int)(dserv ? strlen(dports) : 0), dports, + dserv, "(", dport, dserv, ")"); + + pf->sportdesc = sportdesc; + sportdesc = NULL; + pfrec->remote = pf; + pf->pfrec = pfrec; + + if (ssh->version == 1) { + send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST, + PKT_INT, sport, + PKT_STR, host, + PKT_INT, dport, + PKT_END); + ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS, + SSH1_SMSG_FAILURE, + ssh_rportfwd_succfail, pf); + } else { + struct Packet *pktout; + pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST); + ssh2_pkt_addstring(pktout, "tcpip-forward"); + ssh2_pkt_addbool(pktout, 1);/* want reply */ + if (*saddr) { + ssh2_pkt_addstring(pktout, saddr); + } else if (ssh->cfg.rport_acceptall) { + ssh2_pkt_addstring(pktout, "0.0.0.0"); + } else { + ssh2_pkt_addstring(pktout, "127.0.0.1"); + } + ssh2_pkt_adduint32(pktout, sport); + ssh2_pkt_send(ssh, pktout); + + ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS, + SSH2_MSG_REQUEST_FAILURE, + ssh_rportfwd_succfail, pf); + } + } + } + sfree(sportdesc); + } + } + + /* + * Now go through and destroy any port forwardings which were + * not re-enabled. + */ + { + struct ssh_portfwd *epf; + int i; + for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++) + if (!epf->keep) { + char *message; + + message = dupprintf("%s port forwarding from %s%s%d", + epf->type == 'L' ? "local" : + epf->type == 'R' ? "remote" : "dynamic", + epf->saddr ? epf->saddr : "", + epf->saddr ? ":" : "", + epf->sport); + + if (epf->type != 'D') { + char *msg2 = dupprintf("%s to %s:%d", message, + epf->daddr, epf->dport); + sfree(message); + message = msg2; + } + + logeventf(ssh, "Cancelling %s", message); + sfree(message); + + if (epf->remote) { + struct ssh_rportfwd *rpf = epf->remote; + struct Packet *pktout; + + /* + * Cancel the port forwarding at the server + * end. + */ + if (ssh->version == 1) { + /* + * We cannot cancel listening ports on the + * server side in SSH1! There's no message + * to support it. Instead, we simply remove + * the rportfwd record from the local end + * so that any connections the server tries + * to make on it are rejected. + */ + } else { + pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST); + ssh2_pkt_addstring(pktout, "cancel-tcpip-forward"); + ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */ + if (epf->saddr) { + ssh2_pkt_addstring(pktout, epf->saddr); + } else if (ssh->cfg.rport_acceptall) { + ssh2_pkt_addstring(pktout, "0.0.0.0"); + } else { + ssh2_pkt_addstring(pktout, "127.0.0.1"); + } + ssh2_pkt_adduint32(pktout, epf->sport); + ssh2_pkt_send(ssh, pktout); + } + + del234(ssh->rportfwds, rpf); + free_rportfwd(rpf); + } else if (epf->local) { + pfd_terminate(epf->local); + } + + delpos234(ssh->portfwds, i); + free_portfwd(epf); + i--; /* so we don't skip one in the list */ + } + } +} + static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin) { char *string; @@ -3593,7 +4067,7 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin) /* Remote side is trying to open a channel to talk to a * forwarded port. Give them back a local channel number. */ struct ssh_channel *c; - struct ssh_rportfwd pf; + struct ssh_rportfwd pf, *pfp; int remoteid; int hostsize, port; char *host, buf[1024]; @@ -3610,8 +4084,9 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin) memcpy(pf.dhost, host, hostsize); pf.dhost[hostsize] = '\0'; pf.dport = port; + pfp = find234(ssh->rportfwds, &pf, NULL); - if (find234(ssh->rportfwds, &pf, NULL) == NULL) { + if (pfp == NULL) { sprintf(buf, "Rejected remote port open request for %s:%d", pf.dhost, port); logevent(buf); @@ -3622,7 +4097,7 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin) pf.dhost, port); logevent(buf); e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port, - c, &ssh->cfg); + c, &ssh->cfg, pfp->pfrec->addressfamily); if (e != NULL) { char buf[256]; sprintf(buf, "Port open failed: %s", e); @@ -3733,7 +4208,7 @@ static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin) /* Data sent down one of our channels. */ int i = ssh_pkt_getuint32(pktin); char *p; - int len; + unsigned int len; struct ssh_channel *c; ssh_pkt_getstring(pktin, &p, &len); @@ -3752,7 +4227,7 @@ static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin) /* Data for an agent message. Buffer it. */ while (len > 0) { if (c->u.a.lensofar < 4) { - int l = min(4 - c->u.a.lensofar, len); + unsigned int l = min(4 - c->u.a.lensofar, len); memcpy(c->u.a.msglen + c->u.a.lensofar, p, l); p += l; @@ -3767,7 +4242,7 @@ static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin) memcpy(c->u.a.message, c->u.a.msglen, 4); } if (c->u.a.lensofar >= 4 && len > 0) { - int l = + unsigned int l = min(c->u.a.totallen - c->u.a.lensofar, len); memcpy(c->u.a.message + c->u.a.lensofar, p, @@ -3885,164 +4360,8 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen, } } - { - char type; - int n; - int sport,dport,sserv,dserv; - char sports[256], dports[256], saddr[256], host[256]; - - ssh->rportfwds = newtree234(ssh_rportcmp_ssh1); - /* Add port forwardings. */ - ssh->portfwd_strptr = ssh->cfg.portfwd; - while (*ssh->portfwd_strptr) { - type = *ssh->portfwd_strptr++; - saddr[0] = '\0'; - n = 0; - while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != '\t') { - if (*ssh->portfwd_strptr == ':') { - /* - * We've seen a colon in the middle of the - * source port number. This means that - * everything we've seen until now is the - * source _address_, so we'll move it into - * saddr and start sports from the beginning - * again. - */ - ssh->portfwd_strptr++; - sports[n] = '\0'; - strcpy(saddr, sports); - n = 0; - } - if (n < 255) sports[n++] = *ssh->portfwd_strptr++; - } - sports[n] = 0; - if (type != 'D') { - if (*ssh->portfwd_strptr == '\t') - ssh->portfwd_strptr++; - n = 0; - while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') { - if (n < 255) host[n++] = *ssh->portfwd_strptr++; - } - host[n] = 0; - if (*ssh->portfwd_strptr == ':') - ssh->portfwd_strptr++; - n = 0; - while (*ssh->portfwd_strptr) { - if (n < 255) dports[n++] = *ssh->portfwd_strptr++; - } - dports[n] = 0; - ssh->portfwd_strptr++; - dport = atoi(dports); - dserv = 0; - if (dport == 0) { - dserv = 1; - dport = net_service_lookup(dports); - if (!dport) { - logeventf(ssh, "Service lookup failed for" - " destination port \"%s\"", dports); - } - } - } else { - while (*ssh->portfwd_strptr) ssh->portfwd_strptr++; - dport = dserv = -1; - ssh->portfwd_strptr++; /* eat the NUL and move to next one */ - } - sport = atoi(sports); - sserv = 0; - if (sport == 0) { - sserv = 1; - sport = net_service_lookup(sports); - if (!sport) { - logeventf(ssh, "Service lookup failed for source" - " port \"%s\"", sports); - } - } - if (sport && dport) { - /* Set up a description of the source port. */ - static char *sportdesc; - sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s", - (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL, - (int)(*saddr?1:0), ":", - (int)(sserv ? strlen(sports) : 0), sports, - sserv, "(", sport, sserv, ")"); - if (type == 'L') { - /* Verbose description of the destination port */ - char *dportdesc = dupprintf("%s:%.*s%.*s%d%.*s", - host, - (int)(dserv ? strlen(dports) : 0), dports, - dserv, "(", dport, dserv, ")"); - const char *err = pfd_addforward(host, dport, - *saddr ? saddr : NULL, - sport, ssh, &ssh->cfg); - if (err) { - logeventf(ssh, "Local port %s forward to %s" - " failed: %s", sportdesc, dportdesc, err); - } else { - logeventf(ssh, "Local port %s forwarding to %s", - sportdesc, dportdesc); - } - sfree(dportdesc); - } else if (type == 'D') { - const char *err = pfd_addforward(NULL, -1, - *saddr ? saddr : NULL, - sport, ssh, &ssh->cfg); - if (err) { - logeventf(ssh, "Local port %s SOCKS dynamic forward" - " setup failed: %s", sportdesc, err); - } else { - logeventf(ssh, "Local port %s doing SOCKS" - " dynamic forwarding", sportdesc); - } - } else { - struct ssh_rportfwd *pf; - pf = snew(struct ssh_rportfwd); - strcpy(pf->dhost, host); - pf->dport = dport; - if (*saddr) { - logeventf(ssh, - "SSH1 cannot handle source address spec \"%s:%d\"; ignoring", - saddr, sport); - } - if (add234(ssh->rportfwds, pf) != pf) { - logeventf(ssh, - "Duplicate remote port forwarding to %s:%d", - host, dport); - sfree(pf); - } else { - logeventf(ssh, "Requesting remote port %.*s%.*s%d%.*s" - " forward to %s:%.*s%.*s%d%.*s", - (int)(sserv ? strlen(sports) : 0), sports, - sserv, "(", sport, sserv, ")", - host, - (int)(dserv ? strlen(dports) : 0), dports, - dserv, "(", dport, dserv, ")"); - send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST, - PKT_INT, sport, - PKT_STR, host, - PKT_INT, dport, - PKT_END); - do { - crReturnV; - } while (!pktin); - if (pktin->type != SSH1_SMSG_SUCCESS - && pktin->type != SSH1_SMSG_FAILURE) { - bombout(("Protocol confusion")); - crStopV; - } else if (pktin->type == SSH1_SMSG_FAILURE) { - c_write_str(ssh, "Server refused port" - " forwarding\r\n"); - logevent("Server refused this port forwarding"); - } else { - logevent("Remote port forwarding enabled"); - ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = - ssh1_msg_port_open; - } - } - } - sfree(sportdesc); - } - } - } + ssh_setup_portfwd(ssh, &ssh->cfg); + ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open; if (!ssh->cfg.nopty) { /* Unpick the terminal-speed string. */ @@ -4915,6 +5234,7 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, * Key exchange is over. Schedule a timer for our next rekey. */ ssh->kex_in_progress = FALSE; + ssh->last_rekey = GETTICKCOUNT(); if (ssh->cfg.ssh_rekey_time != 0) ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC, ssh2_timer, ssh); @@ -5038,7 +5358,7 @@ static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin) static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin) { char *data; - int length; + unsigned int length; unsigned i = ssh_pkt_getuint32(pktin); struct ssh_channel *c; c = find234(ssh->channels, &i, ssh_channelfind); @@ -5067,7 +5387,7 @@ static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin) case CHAN_AGENT: while (length > 0) { if (c->u.a.lensofar < 4) { - int l = min(4 - c->u.a.lensofar, length); + unsigned int l = min(4 - c->u.a.lensofar, length); memcpy(c->u.a.msglen + c->u.a.lensofar, data, l); data += l; @@ -5082,7 +5402,7 @@ static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin) memcpy(c->u.a.message, c->u.a.msglen, 4); } if (c->u.a.lensofar >= 4 && length > 0) { - int l = + unsigned int l = min(c->u.a.totallen - c->u.a.lensofar, length); memcpy(c->u.a.message + c->u.a.lensofar, @@ -5502,7 +5822,8 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin) const char *e = pfd_newconnect(&c->u.pfd.s, realpf->dhost, realpf->dport, c, - &ssh->cfg); + &ssh->cfg, + realpf->pfrec->addressfamily); logeventf(ssh, "Attempting to forward remote port to " "%s:%d", realpf->dhost, realpf->dport); if (e != NULL) { @@ -6526,163 +6847,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, /* * Enable port forwardings. */ - { - char type; - int n; - int sport,dport,sserv,dserv; - char sports[256], dports[256], saddr[256], host[256]; - - ssh->rportfwds = newtree234(ssh_rportcmp_ssh2); - /* Add port forwardings. */ - ssh->portfwd_strptr = ssh->cfg.portfwd; - while (*ssh->portfwd_strptr) { - type = *ssh->portfwd_strptr++; - saddr[0] = '\0'; - n = 0; - while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != '\t') { - if (*ssh->portfwd_strptr == ':') { - /* - * We've seen a colon in the middle of the - * source port number. This means that - * everything we've seen until now is the - * source _address_, so we'll move it into - * saddr and start sports from the beginning - * again. - */ - ssh->portfwd_strptr++; - sports[n] = '\0'; - strcpy(saddr, sports); - n = 0; - } - if (n < 255) sports[n++] = *ssh->portfwd_strptr++; - } - sports[n] = 0; - if (type != 'D') { - if (*ssh->portfwd_strptr == '\t') - ssh->portfwd_strptr++; - n = 0; - while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') { - if (n < 255) host[n++] = *ssh->portfwd_strptr++; - } - host[n] = 0; - if (*ssh->portfwd_strptr == ':') - ssh->portfwd_strptr++; - n = 0; - while (*ssh->portfwd_strptr) { - if (n < 255) dports[n++] = *ssh->portfwd_strptr++; - } - dports[n] = 0; - ssh->portfwd_strptr++; - dport = atoi(dports); - dserv = 0; - if (dport == 0) { - dserv = 1; - dport = net_service_lookup(dports); - if (!dport) { - logeventf(ssh, "Service lookup failed for destination" - " port \"%s\"", dports); - } - } - } else { - while (*ssh->portfwd_strptr) ssh->portfwd_strptr++; - dport = dserv = -1; - ssh->portfwd_strptr++; /* eat the NUL and move to next one */ - } - sport = atoi(sports); - sserv = 0; - if (sport == 0) { - sserv = 1; - sport = net_service_lookup(sports); - if (!sport) { - logeventf(ssh, "Service lookup failed for source" - " port \"%s\"", sports); - } - } - if (sport && dport) { - /* Set up a description of the source port. */ - static char *sportdesc; - sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s", - (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL, - (int)(*saddr?1:0), ":", - (int)(sserv ? strlen(sports) : 0), sports, - sserv, "(", sport, sserv, ")"); - if (type == 'L') { - /* Verbose description of the destination port */ - char *dportdesc = dupprintf("%s:%.*s%.*s%d%.*s", - host, - (int)(dserv ? strlen(dports) : 0), dports, - dserv, "(", dport, dserv, ")"); - const char *err = pfd_addforward(host, dport, - *saddr ? saddr : NULL, - sport, ssh, &ssh->cfg); - if (err) { - logeventf(ssh, "Local port %s forward to %s" - " failed: %s", sportdesc, dportdesc, err); - } else { - logeventf(ssh, "Local port %s forwarding to %s", - sportdesc, dportdesc); - } - sfree(dportdesc); - } else if (type == 'D') { - const char *err = pfd_addforward(NULL, -1, - *saddr ? saddr : NULL, - sport, ssh, &ssh->cfg); - if (err) { - logeventf(ssh, "Local port %s SOCKS dynamic forward" - " setup failed: %s", sportdesc, err); - } else { - logeventf(ssh, "Local port %s doing SOCKS" - " dynamic forwarding", sportdesc); - } - } else { - struct ssh_rportfwd *pf; - pf = snew(struct ssh_rportfwd); - strcpy(pf->dhost, host); - pf->dport = dport; - pf->sport = sport; - if (add234(ssh->rportfwds, pf) != pf) { - logeventf(ssh, "Duplicate remote port forwarding" - " to %s:%d", host, dport); - sfree(pf); - } else { - logeventf(ssh, "Requesting remote port %s" - " forward to %s:%.*s%.*s%d%.*s", - sportdesc, - host, - (int)(dserv ? strlen(dports) : 0), dports, - dserv, "(", dport, dserv, ")"); - s->pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST); - ssh2_pkt_addstring(s->pktout, "tcpip-forward"); - ssh2_pkt_addbool(s->pktout, 1);/* want reply */ - if (*saddr) { - ssh2_pkt_addstring(s->pktout, saddr); - } else if (ssh->cfg.rport_acceptall) { - ssh2_pkt_addstring(s->pktout, "0.0.0.0"); - } else { - ssh2_pkt_addstring(s->pktout, "127.0.0.1"); - } - ssh2_pkt_adduint32(s->pktout, sport); - ssh2_pkt_send(ssh, s->pktout); - - crWaitUntilV(pktin); - - if (pktin->type != SSH2_MSG_REQUEST_SUCCESS) { - if (pktin->type != SSH2_MSG_REQUEST_FAILURE) { - bombout(("Unexpected response to port " - "forwarding request: packet type %d", - pktin->type)); - crStopV; - } - logevent("Server refused this port forwarding"); - } else { - logevent("Remote port forwarding enabled"); - } - } - } - sfree(sportdesc); - } - } - } + ssh_setup_portfwd(ssh, &ssh->cfg); /* * Potentially enable agent forwarding. @@ -7073,7 +7238,7 @@ static void ssh2_timer(void *ctx, long now) { Ssh ssh = (Ssh)ctx; - if (!ssh->kex_in_progress && + if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 && now - ssh->next_rekey >= 0) { do_ssh2_transport(ssh, "Initiating key re-exchange (timeout)", -1, NULL); @@ -7182,6 +7347,7 @@ static const char *ssh_init(void *frontend_handle, void **backend_handle, ssh->queue = NULL; ssh->queuelen = ssh->queuesize = 0; ssh->queueing = FALSE; + ssh->qhead = ssh->qtail = NULL; *backend_handle = ssh; @@ -7196,6 +7362,7 @@ static const char *ssh_init(void *frontend_handle, void **backend_handle, ssh->channels = NULL; ssh->rportfwds = NULL; + ssh->portfwds = NULL; ssh->send_ok = 0; ssh->editing = 0; @@ -7260,6 +7427,13 @@ static void ssh_free(void *handle) ssh_free_packet(ssh->queue[ssh->queuelen]); sfree(ssh->queue); + while (ssh->qhead) { + struct queued_handler *qh = ssh->qhead; + ssh->qhead = qh->next; + sfree(ssh->qhead); + } + ssh->qhead = ssh->qtail = NULL; + if (ssh->channels) { while ((c = delpos234(ssh->channels, 0)) != NULL) { switch (c->type) { @@ -7307,17 +7481,41 @@ static void ssh_free(void *handle) /* * Reconfigure the SSH backend. - * - * Currently, this function does nothing very useful. In future, - * however, we could do some handy things with it. For example, we - * could make the port forwarding configurer active in the Change - * Settings box, and this routine could close down existing - * forwardings and open up new ones in response to changes. */ static void ssh_reconfig(void *handle, Config *cfg) { Ssh ssh = (Ssh) handle; + char *rekeying = NULL; + unsigned long old_max_data_size; + pinger_reconfig(ssh->pinger, &ssh->cfg, cfg); + ssh_setup_portfwd(ssh, cfg); + + if (ssh->cfg.ssh_rekey_time != cfg->ssh_rekey_time && + cfg->ssh_rekey_time != 0) { + long new_next = ssh->last_rekey + cfg->ssh_rekey_time*60*TICKSPERSEC; + long now = GETTICKCOUNT(); + + if (new_next - now < 0) { + rekeying = "Initiating key re-exchange (timeout shortened)"; + } else { + ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh); + } + } + + old_max_data_size = ssh->max_data_size; + ssh->max_data_size = parse_blocksize(cfg->ssh_rekey_data); + if (old_max_data_size != ssh->max_data_size && + ssh->max_data_size != 0) { + if (ssh->outgoing_data_size > ssh->max_data_size || + ssh->incoming_data_size > ssh->max_data_size) + rekeying = "Initiating key re-exchange (data limit lowered)"; + } + + if (rekeying && !ssh->kex_in_progress) { + do_ssh2_transport(ssh, rekeying, -1, NULL); + } + ssh->cfg = *cfg; /* STRUCTURE COPY */ } @@ -7620,7 +7818,7 @@ void ssh_send_port_open(void *channel, char *hostname, int port, char *org) PKT_INT, c->localid, PKT_STR, hostname, PKT_INT, port, - //PKT_STR, , + /* PKT_STR, , */ PKT_END); } else { pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN); @@ -7687,6 +7885,16 @@ static int ssh_return_exitcode(void *handle) } /* + * cfg_info for SSH is the currently running version of the + * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.) + */ +static int ssh_cfg_info(void *handle) +{ + Ssh ssh = (Ssh) handle; + return ssh->version; +} + +/* * Gross hack: pscp will try to start SFTP but fall back to scp1 if * that fails. This variable is the means by which scp.c can reach * into the SSH code and find out which one it got. @@ -7713,5 +7921,6 @@ Backend ssh_backend = { ssh_provide_ldisc, ssh_provide_logctx, ssh_unthrottle, + ssh_cfg_info, 22 };