diff options
Diffstat (limited to 'serverloop.c')
| -rw-r--r-- | serverloop.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/serverloop.c b/serverloop.c index d6fe24cc1dbb..7be83e2d338a 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -58,7 +58,7 @@ #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" #include "log.h" #include "misc.h" #include "servconf.h" @@ -67,7 +67,7 @@ #include "channels.h" #include "compat.h" #include "ssh2.h" -#include "key.h" +#include "sshkey.h" #include "cipher.h" #include "kex.h" #include "hostfile.h" @@ -103,6 +103,17 @@ static void server_init_dispatch(void); /* requested tunnel forwarding interface(s), shared with session.c */ char *tun_fwd_ifnames = NULL; +/* returns 1 if bind to specified port by specified user is permitted */ +static int +bind_permitted(int port, uid_t uid) +{ + if (use_privsep) + return 1; /* allow system to decide */ + if (port < IPPORT_RESERVED && uid != 0) + return 0; + return 1; +} + /* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated @@ -145,7 +156,7 @@ notify_done(fd_set *readset) if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) while (read(notify_pipe[0], &c, 1) != -1) - debug2("notify_done: reading"); + debug2("%s: reading", __func__); } /*ARGSUSED*/ @@ -623,7 +634,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) rwindow = packet_get_int(); rmaxpack = packet_get_int(); - debug("server_input_channel_open: ctype %s rchan %d win %d max %d", + debug("%s: ctype %s rchan %d win %d max %d", __func__, ctype, rchan, rwindow, rmaxpack); if (strcmp(ctype, "session") == 0) { @@ -636,7 +647,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) c = server_request_tun(ssh); } if (c != NULL) { - debug("server_input_channel_open: confirm %s", ctype); + debug("%s: confirm %s", __func__, ctype); c->remote_id = rchan; c->have_remote_id = 1; c->remote_window = rwindow; @@ -650,7 +661,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) packet_send(); } } else { - debug("server_input_channel_open: failure %s", ctype); + debug("%s: failure %s", __func__, ctype); packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_put_int(reason); @@ -750,11 +761,11 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) struct passwd *pw = the_authctxt->pw; if (pw == NULL || !the_authctxt->valid) - fatal("server_input_global_request: no/invalid user"); + fatal("%s: no/invalid user", __func__); rtype = packet_get_string(NULL); want_reply = packet_get_char(); - debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply); + debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply); /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { @@ -763,7 +774,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) memset(&fwd, 0, sizeof(fwd)); fwd.listen_host = packet_get_string(NULL); fwd.listen_port = (u_short)packet_get_int(); - debug("server_input_global_request: tcpip-forward listen %s port %d", + debug("%s: tcpip-forward listen %s port %d", __func__, fwd.listen_host, fwd.listen_port); /* check permissions */ @@ -802,7 +813,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) memset(&fwd, 0, sizeof(fwd)); fwd.listen_path = packet_get_string(NULL); - debug("server_input_global_request: streamlocal-forward listen path %s", + debug("%s: streamlocal-forward listen path %s", __func__, fwd.listen_path); /* check permissions */ |