Attachment #847 for bug #993




	xfree(cctx);
}

static inline int
client_process_control_answer( Buffer *m, int allowed, int client_fd )
{
	buffer_clear(m);
	buffer_put_int(m, allowed);
	buffer_put_int(m, getpid());
	if (ssh_msg_send(client_fd, /* version */1, m) == -1) {
		error("%s: client msg_send failed", __func__);
		close(client_fd);
		buffer_free(m);
		return -1;
	}
	return 0;
}

static void
client_process_control(fd_set * readset)
{

	u_int len, env_len, command, flags;
	uid_t euid;
	gid_t egid;
	char *command_arg;

	/*
	 * Accept connection on control socket

	allowed = 1;
	command = buffer_get_int(&m);
	flags = buffer_get_int(&m);
	command_arg=buffer_get_string(&m, 0);

	buffer_clear(&m);


		/* FALLTHROUGH */	
	case SSHMUX_COMMAND_ALIVE_CHECK:
		/* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
		if( client_process_control_answer(&m, allowed, client_fd) )
			return;
		buffer_free(&m);
		close(client_fd);
		return;
	case SSHMUX_COMMAND_RFADD:
		debug2("%s: RFADD: %s", __func__, command_arg);
		if( client_process_control_answer(&m, allowed, client_fd) )
			return;
		{
			Forward fwd;
			if (parse_forward(&fwd, command_arg))
				channel_request_remote_forwarding
					(fwd.listen_host, fwd.listen_port,
					 fwd.connect_host, fwd.connect_port);
			else
				logit("Bad forwarding specification.");
		}
		buffer_free(&m);
		close(client_fd);
		return;
	case SSHMUX_COMMAND_RFCANCEL:
		debug2("%s: RFCANCEL: %s", __func__, command_arg);
		if( client_process_control_answer(&m, allowed, client_fd) )
			return;
		{
			int cancel_port = 0;
			char *cancel_host = hpdelim(&command_arg);
			if (command_arg != NULL) {
				cancel_port = a2port(command_arg);
				cancel_host = cleanhostname(cancel_host);
			} else {
				cancel_port = a2port(cancel_host);
				cancel_host = NULL;
			}
			if (cancel_port == 0) {
				logit("Bad forwarding close port");
				buffer_free(&m);
				close(client_fd);
				return;
			}
			channel_request_rforward_cancel(cancel_host,
							cancel_port);
		}
		buffer_free(&m);
		close(client_fd);

	}

	/* Reply for SSHMUX_COMMAND_OPEN */
	if( client_process_control_answer(&m, allowed, client_fd) )
	buffer_put_int(&m, allowed);
	buffer_put_int(&m, getpid());
	if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
		error("%s: client msg_send failed", __func__);
		close(client_fd);
		buffer_free(&m);
		return;
	}

	if (!allowed) {
		error("Refused control connection");

Lines 45-50 Link Here

(-)openssh/clientloop.h (+2 lines)
45	#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */	45	#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
46	#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */	46	#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */
47	#define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */	47	#define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */
		48	#define SSHMUX_COMMAND_RFADD 4 /* Add remote forward */
		49	#define SSHMUX_COMMAND_RFCANCEL 5 /* Cancel remote forward */
48		50
49	#define SSHMUX_FLAG_TTY (1) /* Request tty on open */	51	#define SSHMUX_FLAG_TTY (1) /* Request tty on open */
50	#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */	52	#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */

Lines 146-151 Link Here

(-)openssh/ssh.c (-1 / +15 lines)
146		146
147	/* Multiplexing control command */	147	/* Multiplexing control command */
148	static u_int mux_command = SSHMUX_COMMAND_OPEN;	148	static u_int mux_command = SSHMUX_COMMAND_OPEN;
		149	static char *mux_command_arg="";
149		150
150	/* Only used in control client mode */	151	/* Only used in control client mode */
151	volatile sig_atomic_t control_client_terminate = 0;	152	volatile sig_atomic_t control_client_terminate = 0;
Lines 279-285 Link Here
279	mux_command = SSHMUX_COMMAND_ALIVE_CHECK;	280	mux_command = SSHMUX_COMMAND_ALIVE_CHECK;
280	else if (strcmp(optarg, "exit") == 0)	281	else if (strcmp(optarg, "exit") == 0)
281	mux_command = SSHMUX_COMMAND_TERMINATE;	282	mux_command = SSHMUX_COMMAND_TERMINATE;
282	else	283	else if (strcmp(optarg, "add-rforward") == 0) {
		284	mux_command = SSHMUX_COMMAND_RFADD;
		285	mux_command_arg=av[optind++];
		286	} else if (strcmp(optarg, "cancel-rforward") == 0) {
		287	mux_command = SSHMUX_COMMAND_RFCANCEL;
		288	mux_command_arg=av[optind++];
		289	} else
283	fatal("Invalid multiplex command.");	290	fatal("Invalid multiplex command.");
284	break;	291	break;
285	case 'P': /* deprecated */	292	case 'P': /* deprecated */
Lines 1326-1331 Link Here
1326	/* Send our command to server */	1333	/* Send our command to server */
1327	buffer_put_int(&m, mux_command);	1334	buffer_put_int(&m, mux_command);
1328	buffer_put_int(&m, flags);	1335	buffer_put_int(&m, flags);
		1336	buffer_put_cstring(&m, mux_command_arg);
1329	if (ssh_msg_send(sock, /* version */1, &m) == -1)	1337	if (ssh_msg_send(sock, /* version */1, &m) == -1)
1330	fatal("%s: msg_send", __func__);	1338	fatal("%s: msg_send", __func__);
1331	buffer_clear(&m);	1339	buffer_clear(&m);
Lines 1349-1354 Link Here
1349	case SSHMUX_COMMAND_TERMINATE:	1357	case SSHMUX_COMMAND_TERMINATE:
1350	fprintf(stderr, "Exit request sent.\r\n");	1358	fprintf(stderr, "Exit request sent.\r\n");
1351	exit(0);	1359	exit(0);
		1360	case SSHMUX_COMMAND_RFADD:
		1361	fprintf(stderr, "Add request sent.\r\n");
		1362	exit(0);
		1363	case SSHMUX_COMMAND_RFCANCEL:
		1364	fprintf(stderr, "Cancel request sent.\r\n");
		1365	exit(0);
1352	case SSHMUX_COMMAND_OPEN:	1366	case SSHMUX_COMMAND_OPEN:
1353	/* continue below */	1367	/* continue below */
1354	break;	1368	break;

Return to bug 993

Lines 551-556 Link Here

(-)openssh/clientloop.c (-15 / +60 lines)
551	xfree(cctx);	551	xfree(cctx);
552	}	552	}
553		553
		554	static inline int
		555	client_process_control_answer( Buffer *m, int allowed, int client_fd )
		556	{
		557	buffer_clear(m);
		558	buffer_put_int(m, allowed);
		559	buffer_put_int(m, getpid());
		560	if (ssh_msg_send(client_fd, /* version */1, m) == -1) {
		561	error("%s: client msg_send failed", __func__);
		562	close(client_fd);
		563	buffer_free(m);
		564	return -1;
		565	}
		566	return 0;
		567	}
		568
554	static void	569	static void
555	client_process_control(fd_set * readset)	570	client_process_control(fd_set * readset)
556	{	571	{
Lines 564-569 Link Here
564	u_int len, env_len, command, flags;	579	u_int len, env_len, command, flags;
565	uid_t euid;	580	uid_t euid;
566	gid_t egid;	581	gid_t egid;
		582	char *command_arg;
567		583
568	/*	584	/*
569	* Accept connection on control socket	585	* Accept connection on control socket
Lines 611-616 Link Here
611	allowed = 1;	627	allowed = 1;
612	command = buffer_get_int(&m);	628	command = buffer_get_int(&m);
613	flags = buffer_get_int(&m);	629	flags = buffer_get_int(&m);
		630	command_arg=buffer_get_string(&m, 0);
614		631
615	buffer_clear(&m);	632	buffer_clear(&m);
616		633
Lines 630-643 Link Here
630	/* FALLTHROUGH */	647	/* FALLTHROUGH */
631	case SSHMUX_COMMAND_ALIVE_CHECK:	648	case SSHMUX_COMMAND_ALIVE_CHECK:
632	/* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */	649	/* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
633	buffer_clear(&m);	650	if( client_process_control_answer(&m, allowed, client_fd) )
634	buffer_put_int(&m, allowed);	651	return;
635	buffer_put_int(&m, getpid());	652	buffer_free(&m);
636	if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {	653	close(client_fd);
637	error("%s: client msg_send failed", __func__);	654	return;
638	close(client_fd);	655	case SSHMUX_COMMAND_RFADD:
639	buffer_free(&m);	656	debug2("%s: RFADD: %s", __func__, command_arg);
		657	if( client_process_control_answer(&m, allowed, client_fd) )
		658	return;
		659	{
		660	Forward fwd;
		661	if (parse_forward(&fwd, command_arg))
		662	channel_request_remote_forwarding
		663	(fwd.listen_host, fwd.listen_port,
		664	fwd.connect_host, fwd.connect_port);
		665	else
		666	logit("Bad forwarding specification.");
		667	}
		668	buffer_free(&m);
		669	close(client_fd);
		670	return;
		671	case SSHMUX_COMMAND_RFCANCEL:
		672	debug2("%s: RFCANCEL: %s", __func__, command_arg);
		673	if( client_process_control_answer(&m, allowed, client_fd) )
640	return;	674	return;
		675	{
		676	int cancel_port = 0;
		677	char *cancel_host = hpdelim(&command_arg);
		678	if (command_arg != NULL) {
		679	cancel_port = a2port(command_arg);
		680	cancel_host = cleanhostname(cancel_host);
		681	} else {
		682	cancel_port = a2port(cancel_host);
		683	cancel_host = NULL;
		684	}
		685	if (cancel_port == 0) {
		686	logit("Bad forwarding close port");
		687	buffer_free(&m);
		688	close(client_fd);
		689	return;
		690	}
		691	channel_request_rforward_cancel(cancel_host,
		692	cancel_port);
641	}	693	}
642	buffer_free(&m);	694	buffer_free(&m);
643	close(client_fd);	695	close(client_fd);
Lines 650-664 Link Here
650	}	702	}
651		703
652	/* Reply for SSHMUX_COMMAND_OPEN */	704	/* Reply for SSHMUX_COMMAND_OPEN */
653	buffer_clear(&m);	705	if( client_process_control_answer(&m, allowed, client_fd) )
654	buffer_put_int(&m, allowed);
655	buffer_put_int(&m, getpid());
656	if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
657	error("%s: client msg_send failed", __func__);
658	close(client_fd);
659	buffer_free(&m);
660	return;	706	return;
661	}
662		707
663	if (!allowed) {	708	if (!allowed) {
664	error("Refused control connection");	709	error("Refused control connection");