99 static void server_init_dispatch(struct ssh *);
128 client_alive_check(struct ssh *ssh)  in client_alive_check()  argument
135 	    ssh_packet_inc_alive_timeouts(ssh) >  in client_alive_check()
137 		sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));  in client_alive_check()
146 	if ((channel_id = channel_find_open(ssh)) == -1) {  in client_alive_check()
147 		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||  in client_alive_check()
148 		    (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com"))  in client_alive_check()
150 		    (r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */  in client_alive_check()
153 		channel_request_start(ssh, channel_id,  in client_alive_check()
156 	if ((r = sshpkt_send(ssh)) != 0)  in client_alive_check()
166 wait_until_can_do_something(struct ssh *ssh,  in wait_until_can_do_something()  argument
183 	channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, &timeout);  in wait_until_can_do_something()
187 	if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) {  in wait_until_can_do_something()
189 		    ssh_packet_get_rekey_timeout(ssh));  in wait_until_can_do_something()
197 		if (channel_still_open(ssh) || unused_connection_expiry == 0) {  in wait_until_can_do_something()
229 	(*pfdp)[1].events = ssh_packet_have_data_to_write(ssh) ? POLLOUT : 0;  in wait_until_can_do_something()
235 	if (child_terminated && ssh_packet_not_very_much_data_to_write(ssh))  in wait_until_can_do_something()
258 			client_alive_check(ssh);  in wait_until_can_do_something()
268 	    now > unused_connection_expiry && !channel_still_open(ssh)) {  in wait_until_can_do_something()
269 		sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));  in wait_until_can_do_something()
280 process_input(struct ssh *ssh, int connection_in)  in process_input()  argument
284 	if ((r = ssh_packet_process_read(ssh, connection_in)) == 0)  in process_input()
291 			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));  in process_input()
295 		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),  in process_input()
306 process_output(struct ssh *ssh, int connection_out)  in process_output()  argument
311 	if ((r = ssh_packet_write_poll(ssh)) != 0) {  in process_output()
312 		sshpkt_fatal(ssh, r, "%s: ssh_packet_write_poll",  in process_output()
318 process_buffered_input_packets(struct ssh *ssh)  in process_buffered_input_packets()  argument
320 	ssh_dispatch_run_fatal(ssh, DISPATCH_NONBLOCK, NULL);  in process_buffered_input_packets()
324 collect_children(struct ssh *ssh)  in collect_children()  argument
334 				session_close_by_pid(ssh, pid, status);  in collect_children()
340 server_loop2(struct ssh *ssh, Authctxt *authctxt)  in server_loop2()  argument
354 	connection_in = ssh_packet_get_connection_in(ssh);  in server_loop2()
355 	connection_out = ssh_packet_get_connection_out(ssh);  in server_loop2()
363 	server_init_dispatch(ssh);  in server_loop2()
366 		process_buffered_input_packets(ssh);  in server_loop2()
368 		if (!ssh_packet_is_rekeying(ssh) &&  in server_loop2()
369 		    ssh_packet_not_very_much_data_to_write(ssh))  in server_loop2()
370 			channel_output_poll(ssh);  in server_loop2()
379 		collect_children(ssh);  in server_loop2()
380 		wait_until_can_do_something(ssh, connection_in, connection_out,  in server_loop2()
392 		channel_after_poll(ssh, pfd, npfd_active);  in server_loop2()
394 		    process_input(ssh, connection_in) < 0)  in server_loop2()
397 		if ((r = ssh_packet_check_rekey(ssh)) != 0)  in server_loop2()
400 			process_output(ssh, connection_out);  in server_loop2()
402 	collect_children(ssh);  in server_loop2()
406 	channel_free_all(ssh);  in server_loop2()
409 	session_destroy_all(ssh, NULL);  in server_loop2()
413 server_input_keep_alive(int type, u_int32_t seq, struct ssh *ssh)  in server_input_keep_alive()  argument
421 	ssh_packet_set_alive_timeouts(ssh, 0);  in server_input_keep_alive()
426 server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg)  in server_request_direct_tcpip()  argument
433 	if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||  in server_request_direct_tcpip()
434 	    (r = sshpkt_get_u32(ssh, &target_port)) != 0 ||  in server_request_direct_tcpip()
435 	    (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||  in server_request_direct_tcpip()
436 	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||  in server_request_direct_tcpip()
437 	    (r = sshpkt_get_end(ssh)) != 0)  in server_request_direct_tcpip()
438 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_request_direct_tcpip()
457 		c = channel_connect_to_port(ssh, target, target_port,  in server_request_direct_tcpip()
474 server_request_direct_streamlocal(struct ssh *ssh)  in server_request_direct_streamlocal()  argument
485 	if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||  in server_request_direct_streamlocal()
486 	    (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||  in server_request_direct_streamlocal()
487 	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||  in server_request_direct_streamlocal()
488 	    (r = sshpkt_get_end(ssh)) != 0)  in server_request_direct_streamlocal()
489 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_request_direct_streamlocal()
502 		c = channel_connect_to_path(ssh, target,  in server_request_direct_streamlocal()
517 server_request_tun(struct ssh *ssh)  in server_request_tun()  argument
524 	if ((r = sshpkt_get_u32(ssh, &mode)) != 0)  in server_request_tun()
525 		sshpkt_fatal(ssh, r, "%s: parse mode", __func__);  in server_request_tun()
531 		ssh_packet_send_debug(ssh, "Unsupported tunnel device mode.");  in server_request_tun()
535 		ssh_packet_send_debug(ssh, "Server has rejected tunnel device "  in server_request_tun()
540 	if ((r = sshpkt_get_u32(ssh, &tun)) != 0)  in server_request_tun()
541 		sshpkt_fatal(ssh, r, "%s: parse device", __func__);  in server_request_tun()
557 	c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1,  in server_request_tun()
562 		channel_register_filter(ssh, c->self, sys_tun_infilter,  in server_request_tun()
581 		ssh_packet_send_debug(ssh, "Failed to open the tunnel device.");  in server_request_tun()
586 server_request_session(struct ssh *ssh)  in server_request_session()  argument
592 	if ((r = sshpkt_get_end(ssh)) != 0)  in server_request_session()
593 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_request_session()
596 		ssh_packet_disconnect(ssh, "Possible attack: attempt to open a "  in server_request_session()
606 	c = channel_new(ssh, "session", SSH_CHANNEL_LARVAL,  in server_request_session()
611 		channel_free(ssh, c);  in server_request_session()
614 	channel_register_cleanup(ssh, c->self, session_close_by_channel, 0);  in server_request_session()
619 server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)  in server_input_channel_open()  argument
627 	if ((r = sshpkt_get_cstring(ssh, &ctype, NULL)) != 0 ||  in server_input_channel_open()
628 	    (r = sshpkt_get_u32(ssh, &rchan)) != 0 ||  in server_input_channel_open()
629 	    (r = sshpkt_get_u32(ssh, &rwindow)) != 0 ||  in server_input_channel_open()
630 	    (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)  in server_input_channel_open()
631 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_channel_open()
636 		c = server_request_session(ssh);  in server_input_channel_open()
638 		c = server_request_direct_tcpip(ssh, &reason, &errmsg);  in server_input_channel_open()
640 		c = server_request_direct_streamlocal(ssh);  in server_input_channel_open()
642 		c = server_request_tun(ssh);  in server_input_channel_open()
651 			if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 ||  in server_input_channel_open()
652 			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||  in server_input_channel_open()
653 			    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||  in server_input_channel_open()
654 			    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||  in server_input_channel_open()
655 			    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 ||  in server_input_channel_open()
656 			    (r = sshpkt_send(ssh)) != 0) {  in server_input_channel_open()
657 				sshpkt_fatal(ssh, r,  in server_input_channel_open()
663 		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||  in server_input_channel_open()
664 		    (r = sshpkt_put_u32(ssh, rchan)) != 0 ||  in server_input_channel_open()
665 		    (r = sshpkt_put_u32(ssh, reason)) != 0 ||  in server_input_channel_open()
666 		    (r = sshpkt_put_cstring(ssh, errmsg ? errmsg : "open failed")) != 0 ||  in server_input_channel_open()
667 		    (r = sshpkt_put_cstring(ssh, "")) != 0 ||  in server_input_channel_open()
668 		    (r = sshpkt_send(ssh)) != 0) {  in server_input_channel_open()
669 			sshpkt_fatal(ssh, r,  in server_input_channel_open()
678 server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)  in server_input_hostkeys_prove()  argument
692 	    ssh->kex->hostkey_alg)) == KEY_RSA)  in server_input_hostkeys_prove()
693 		kex_rsa_sigalg = ssh->kex->hostkey_alg;  in server_input_hostkeys_prove()
694 	while (ssh_packet_remaining(ssh) > 0) {  in server_input_hostkeys_prove()
697 		if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 ||  in server_input_hostkeys_prove()
706 		if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) {  in server_input_hostkeys_prove()
715 		    (key_pub = get_hostkey_public_by_index(ndx, ssh)) == NULL) {  in server_input_hostkeys_prove()
730 			else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)  in server_input_hostkeys_prove()
732 			else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)  in server_input_hostkeys_prove()
740 		    ssh->kex->session_id)) != 0 ||  in server_input_hostkeys_prove()
742 		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,  in server_input_hostkeys_prove()
762 server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)  in server_input_global_request()  argument
776 	if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||  in server_input_global_request()
777 	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)  in server_input_global_request()
778 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_global_request()
783 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||  in server_input_global_request()
784 		    (r = sshpkt_get_u32(ssh, &port)) != 0)  in server_input_global_request()
785 			sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__);  in server_input_global_request()
799 			ssh_packet_send_debug(ssh, "Server has disabled port forwarding.");  in server_input_global_request()
802 			success = channel_setup_remote_fwd_listener(ssh, &fwd,  in server_input_global_request()
811 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||  in server_input_global_request()
812 		    (r = sshpkt_get_u32(ssh, &port)) != 0)  in server_input_global_request()
813 			sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__);  in server_input_global_request()
819 			success = channel_cancel_rport_listener(ssh, &fwd);  in server_input_global_request()
822 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)  in server_input_global_request()
823 			sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__);  in server_input_global_request()
833 			ssh_packet_send_debug(ssh, "Server has disabled "  in server_input_global_request()
837 			success = channel_setup_remote_fwd_listener(ssh,  in server_input_global_request()
841 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)  in server_input_global_request()
842 			sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__);  in server_input_global_request()
846 		success = channel_cancel_rport_listener(ssh, &fwd);  in server_input_global_request()
851 		success = server_input_hostkeys_prove(ssh, &resp);  in server_input_global_request()
855 		if ((r = sshpkt_start(ssh, success ?  in server_input_global_request()
857 		    (success && resp != NULL && (r = sshpkt_putb(ssh, resp)) != 0) ||  in server_input_global_request()
858 		    (r = sshpkt_send(ssh)) != 0 ||  in server_input_global_request()
859 		    (r = ssh_packet_write_wait(ssh)) != 0)  in server_input_global_request()
860 			sshpkt_fatal(ssh, r, "%s: send reply", __func__);  in server_input_global_request()
870 server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh)  in server_input_channel_req()  argument
878 	if ((r = sshpkt_get_u32(ssh, &id)) != 0 ||  in server_input_channel_req()
879 	    (r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||  in server_input_channel_req()
880 	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)  in server_input_channel_req()
881 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_channel_req()
886 	if (id >= INT_MAX || (c = channel_lookup(ssh, (int)id)) == NULL) {  in server_input_channel_req()
887 		ssh_packet_disconnect(ssh, "%s: unknown channel %d",  in server_input_channel_req()
891 		if ((r = sshpkt_get_end(ssh)) != 0)  in server_input_channel_req()
892 			sshpkt_fatal(ssh, r, "%s: parse packet", __func__);  in server_input_channel_req()
893 		chan_rcvd_eow(ssh, c);  in server_input_channel_req()
896 		success = session_input_channel_req(ssh, c, rtype);  in server_input_channel_req()
900 		if ((r = sshpkt_start(ssh, success ?  in server_input_channel_req()
902 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||  in server_input_channel_req()
903 		    (r = sshpkt_send(ssh)) != 0)  in server_input_channel_req()
904 			sshpkt_fatal(ssh, r, "%s: send reply", __func__);  in server_input_channel_req()
911 server_init_dispatch(struct ssh *ssh)  in server_init_dispatch()  argument
914 	ssh_dispatch_init(ssh, &dispatch_protocol_error);  in server_init_dispatch()
915 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);  in server_init_dispatch()
916 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA, &channel_input_data);  in server_init_dispatch()
917 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);  in server_init_dispatch()
918 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);  in server_init_dispatch()
919 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);  in server_init_dispatch()
920 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);  in server_init_dispatch()
921 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);  in server_init_dispatch()
922 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);  in server_init_dispatch()
923 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);  in server_init_dispatch()
924 	ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);  in server_init_dispatch()
926 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);  in server_init_dispatch()
927 	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);  in server_init_dispatch()
928 	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);  in server_init_dispatch()
929 	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);  in server_init_dispatch()
931 	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);  in server_init_dispatch()