Mercurial > dropbear

comparison common-channel.c @ 285:1b9e69c058d2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3) to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author Matt Johnston <matt@ucc.asn.au>
date Wed, 08 Mar 2006 13:23:58 +0000
parents e109fb08b8ee
children baea1d43e7eb
comparison
equal deleted inserted replaced
281:997e6f7dc01e 285:1b9e69c058d2
1 /*
2 * Dropbear SSH
3 *
4 * Copyright (c) 2002-2004 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* Handle the multiplexed channels, such as sessions, x11, agent connections */
26
27 #include "includes.h"
28 #include "session.h"
29 #include "packet.h"
30 #include "ssh.h"
31 #include "buffer.h"
32 #include "circbuffer.h"
33 #include "dbutil.h"
34 #include "channel.h"
35 #include "ssh.h"
36 #include "listener.h"
37
38 static void send_msg_channel_open_failure(unsigned int remotechan, int reason,
39 const unsigned char *text, const unsigned char *lang);
40 static void send_msg_channel_open_confirmation(struct Channel* channel,
41 unsigned int recvwindow,
42 unsigned int recvmaxpacket);
43 static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf);
44 static void send_msg_channel_window_adjust(struct Channel *channel,
45 unsigned int incr);
46 static void send_msg_channel_data(struct Channel *channel, int isextended,
47 unsigned int exttype);
48 static void send_msg_channel_eof(struct Channel *channel);
49 static void send_msg_channel_close(struct Channel *channel);
50 static void removechannel(struct Channel *channel);
51 static void deletechannel(struct Channel *channel);
52 static void checkinitdone(struct Channel *channel);
53 static void checkclose(struct Channel *channel);
54
55 static void closewritefd(struct Channel * channel);
56 static void closereadfd(struct Channel * channel, int fd);
57 static void closechanfd(struct Channel *channel, int fd, int how);
58
59 #define FD_UNINIT (-2)
60 #define FD_CLOSED (-1)
61
62 /* Initialise all the channels */
63 void chaninitialise(const struct ChanType *chantypes[]) {
64
65 /* may as well create space for a single channel */
66 ses.channels = (struct Channel**)m_malloc(sizeof(struct Channel*));
67 ses.chansize = 1;
68 ses.channels[0] = NULL;
69 ses.chancount = 0;
70
71 ses.chantypes = chantypes;
72
73 #ifdef USING_LISTENERS
74 listeners_initialise();
75 #endif
76
77 }
78
79 /* Clean up channels, freeing allocated memory */
80 void chancleanup() {
81
82 unsigned int i;
83
84 TRACE(("enter chancleanup"))
85 for (i = 0; i < ses.chansize; i++) {
86 if (ses.channels[i] != NULL) {
87 TRACE(("channel %d closing", i))
88 removechannel(ses.channels[i]);
89 }
90 }
91 m_free(ses.channels);
92 TRACE(("leave chancleanup"))
93 }
94
95 /* Create a new channel entry, send a reply confirm or failure */
96 /* If remotechan, transwindow and transmaxpacket are not know (for a new
97 * outgoing connection, with them to be filled on confirmation), they should
98 * all be set to 0 */
99 struct Channel* newchannel(unsigned int remotechan,
100 const struct ChanType *type,
101 unsigned int transwindow, unsigned int transmaxpacket) {
102
103 struct Channel * newchan;
104 unsigned int i, j;
105
106 TRACE(("enter newchannel"))
107
108 /* first see if we can use existing channels */
109 for (i = 0; i < ses.chansize; i++) {
110 if (ses.channels[i] == NULL) {
111 break;
112 }
113 }
114
115 /* otherwise extend the list */
116 if (i == ses.chansize) {
117 if (ses.chansize >= MAX_CHANNELS) {
118 TRACE(("leave newchannel: max chans reached"))
119 return NULL;
120 }
121
122 /* extend the channels */
123 ses.channels = (struct Channel**)m_realloc(ses.channels,
124 (ses.chansize+CHAN_EXTEND_SIZE)*sizeof(struct Channel*));
125
126 ses.chansize += CHAN_EXTEND_SIZE;
127
128 /* set the new channels to null */
129 for (j = i; j < ses.chansize; j++) {
130 ses.channels[j] = NULL;
131 }
132
133 }
134
135 newchan = (struct Channel*)m_malloc(sizeof(struct Channel));
136 newchan->type = type;
137 newchan->index = i;
138 newchan->sentclosed = newchan->recvclosed = 0;
139 newchan->senteof = newchan->recveof = 0;
140
141 newchan->remotechan = remotechan;
142 newchan->transwindow = transwindow;
143 newchan->transmaxpacket = transmaxpacket;
144
145 newchan->typedata = NULL;
146 newchan->writefd = FD_UNINIT;
147 newchan->readfd = FD_UNINIT;
148 newchan->errfd = FD_CLOSED; /* this isn't always set to start with */
149 newchan->initconn = 0;
150 newchan->await_open = 0;
151
152 newchan->writebuf = cbuf_new(RECV_MAXWINDOW);
153 newchan->extrabuf = NULL; /* The user code can set it up */
154 newchan->recvwindow = RECV_MAXWINDOW;
155 newchan->recvdonelen = 0;
156 newchan->recvmaxpacket = RECV_MAXPACKET;
157
158 ses.channels[i] = newchan;
159 ses.chancount++;
160
161 TRACE(("leave newchannel"))
162
163 return newchan;
164 }
165
166 /* Returns the channel structure corresponding to the channel in the current
167 * data packet (ses.payload must be positioned appropriately) */
168 struct Channel* getchannel() {
169
170 unsigned int chan;
171
172 chan = buf_getint(ses.payload);
173 if (chan >= ses.chansize || ses.channels[chan] == NULL) {
174 return NULL;
175 }
176 return ses.channels[chan];
177 }
178
179 /* Iterate through the channels, performing IO if available */
180 void channelio(fd_set *readfds, fd_set *writefds) {
181
182 struct Channel *channel;
183 unsigned int i;
184
185 /* iterate through all the possible channels */
186 for (i = 0; i < ses.chansize; i++) {
187
188 channel = ses.channels[i];
189 if (channel == NULL) {
190 /* only process in-use channels */
191 continue;
192 }
193
194 /* read data and send it over the wire */
195 if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) {
196 send_msg_channel_data(channel, 0, 0);
197 }
198
199 /* read stderr data and send it over the wire */
200 if (channel->extrabuf == NULL &&
201 channel->errfd >= 0 && FD_ISSET(channel->errfd, readfds)) {
202 send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR);
203 }
204
205 /* write to program/pipe stdin */
206 if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) {
207 if (channel->initconn) {
208 checkinitdone(channel);
209 continue; /* Important not to use the channel after
210 checkinitdone(), as it may be NULL */
211 }
212 writechannel(channel, channel->writefd, channel->writebuf);
213 }
214
215 /* stderr for client mode */
216 if (channel->extrabuf != NULL
217 && channel->errfd >= 0 && FD_ISSET(channel->errfd, writefds)) {
218 writechannel(channel, channel->errfd, channel->extrabuf);
219 }
220
221 /* now handle any of the channel-closing type stuff */
222 checkclose(channel);
223
224 } /* foreach channel */
225
226 /* Listeners such as TCP, X11, agent-auth */
227 #ifdef USING_LISTENERS
228 handle_listeners(readfds);
229 #endif
230 }
231
232
233 /* do all the EOF/close type stuff checking for a channel */
234 static void checkclose(struct Channel *channel) {
235
236 TRACE(("checkclose: writefd %d, readfd %d, errfd %d, sentclosed %d, recvclosed %d",
237 channel->writefd, channel->readfd,
238 channel->errfd, channel->sentclosed, channel->recvclosed))
239 TRACE(("writebuf %d extrabuf %s extrabuf %d",
240 cbuf_getused(channel->writebuf),
241 channel->writebuf,
242 channel->writebuf ? 0 : cbuf_getused(channel->extrabuf)))
243
244 if (!channel->sentclosed) {
245
246 /* check for exited - currently only used for server sessions,
247 * if the shell has exited etc */
248 if (channel->type->checkclose) {
249 if (channel->type->checkclose(channel)) {
250 closewritefd(channel);
251 }
252 }
253
254 if (!channel->senteof
255 && channel->readfd == FD_CLOSED
256 && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
257 send_msg_channel_eof(channel);
258 }
259
260 if (channel->writefd == FD_CLOSED
261 && channel->readfd == FD_CLOSED
262 && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
263 send_msg_channel_close(channel);
264 }
265 }
266
267 /* When either party wishes to terminate the channel, it sends
268 * SSH_MSG_CHANNEL_CLOSE. Upon receiving this message, a party MUST
269 * send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this
270 * message for the channel. The channel is considered closed for a
271 * party when it has both sent and received SSH_MSG_CHANNEL_CLOSE, and
272 * the party may then reuse the channel number. A party MAY send
273 * SSH_MSG_CHANNEL_CLOSE without having sent or received
274 * SSH_MSG_CHANNEL_EOF.
275 * (from draft-ietf-secsh-connect)
276 */
277 if (channel->recvclosed) {
278 if (! channel->sentclosed) {
279 TRACE(("Sending MSG_CHANNEL_CLOSE in response to same."))
280 send_msg_channel_close(channel);
281 }
282 removechannel(channel);
283 }
284 }
285
286
287 /* Check whether a deferred (EINPROGRESS) connect() was successful, and
288 * if so, set up the channel properly. Otherwise, the channel is cleaned up, so
289 * it is important that the channel reference isn't used after a call to this
290 * function */
291 static void checkinitdone(struct Channel *channel) {
292
293 int val;
294 socklen_t vallen = sizeof(val);
295
296 TRACE(("enter checkinitdone"))
297
298 if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen)
299 || val != 0) {
300 send_msg_channel_open_failure(channel->remotechan,
301 SSH_OPEN_CONNECT_FAILED, "", "");
302 close(channel->writefd);
303 deletechannel(channel);
304 TRACE(("leave checkinitdone: fail"))
305 } else {
306 send_msg_channel_open_confirmation(channel, channel->recvwindow,
307 channel->recvmaxpacket);
308 channel->readfd = channel->writefd;
309 channel->initconn = 0;
310 TRACE(("leave checkinitdone: success"))
311 }
312 }
313
314
315
316 /* Send the close message and set the channel as closed */
317 static void send_msg_channel_close(struct Channel *channel) {
318
319 TRACE(("enter send_msg_channel_close"))
320 /* XXX server */
321 if (channel->type->closehandler) {
322 channel->type->closehandler(channel);
323 }
324
325 CHECKCLEARTOWRITE();
326
327 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_CLOSE);
328 buf_putint(ses.writepayload, channel->remotechan);
329
330 encrypt_packet();
331
332 channel->senteof = 1;
333 channel->sentclosed = 1;
334 TRACE(("leave send_msg_channel_close"))
335 }
336
337 /* call this when trans/eof channels are closed */
338 static void send_msg_channel_eof(struct Channel *channel) {
339
340 TRACE(("enter send_msg_channel_eof"))
341 CHECKCLEARTOWRITE();
342
343 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_EOF);
344 buf_putint(ses.writepayload, channel->remotechan);
345
346 encrypt_packet();
347
348 channel->senteof = 1;
349
350 TRACE(("leave send_msg_channel_eof"))
351 }
352
353 /* Called to write data out to the local side of the channel.
354 * Only called when we know we can write to a channel, writes as much as
355 * possible */
356 static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
357
358 int len, maxlen;
359
360 TRACE(("enter writechannel"))
361
362 maxlen = cbuf_readlen(cbuf);
363
364 /* Write the data out */
365 len = write(fd, cbuf_readptr(cbuf, maxlen), maxlen);
366 if (len <= 0) {
367 if (len < 0 && errno != EINTR) {
368 /* no more to write - we close it even if the fd was stderr, since
369 * that's a nasty failure too */
370 closewritefd(channel);
371 }
372 TRACE(("leave writechannel: len <= 0"))
373 return;
374 }
375
376 cbuf_incrread(cbuf, len);
377 channel->recvdonelen += len;
378
379 if (fd == channel->writefd && cbuf_getused(cbuf) == 0 && channel->recveof) {
380 /* Check if we're closing up */
381 closewritefd(channel);
382 TRACE(("leave writechannel: recveof set"))
383 return;
384 }
385
386 /* Window adjust handling */
387 if (channel->recvdonelen >= RECV_WINDOWEXTEND) {
388 /* Set it back to max window */
389 send_msg_channel_window_adjust(channel, channel->recvdonelen);
390 channel->recvwindow += channel->recvdonelen;
391 channel->recvdonelen = 0;
392 }
393
394 dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW);
395 dropbear_assert(channel->recvwindow <= cbuf_getavail(channel->writebuf));
396 dropbear_assert(channel->extrabuf == NULL ||
397 channel->recvwindow <= cbuf_getavail(channel->extrabuf));
398
399
400 TRACE(("leave writechannel"))
401 }
402
403 /* Set the file descriptors for the main select in session.c
404 * This avoid channels which don't have any window available, are closed, etc*/
405 void setchannelfds(fd_set *readfds, fd_set *writefds) {
406
407 unsigned int i;
408 struct Channel * channel;
409
410 for (i = 0; i < ses.chansize; i++) {
411
412 channel = ses.channels[i];
413 if (channel == NULL) {
414 continue;
415 }
416
417 /* Stuff to put over the wire */
418 if (channel->transwindow > 0) {
419
420 if (channel->readfd >= 0) {
421 FD_SET(channel->readfd, readfds);
422 }
423
424 if (channel->extrabuf == NULL && channel->errfd >= 0) {
425 FD_SET(channel->errfd, readfds);
426 }
427 }
428
429 /* Stuff from the wire */
430 if ((channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0 )
431 || channel->initconn) {
432
433 FD_SET(channel->writefd, writefds);
434 }
435
436 if (channel->extrabuf != NULL && channel->errfd >= 0
437 && cbuf_getused(channel->extrabuf) > 0 ) {
438 FD_SET(channel->errfd, writefds);
439 }
440
441 } /* foreach channel */
442
443 #ifdef USING_LISTENERS
444 set_listener_fds(readfds);
445 #endif
446
447 }
448
449 /* handle the channel EOF event, by closing the channel filedescriptor. The
450 * channel isn't closed yet, it is left until the incoming (from the program
451 * etc) FD is also EOF */
452 void recv_msg_channel_eof() {
453
454 struct Channel * channel;
455
456 TRACE(("enter recv_msg_channel_eof"))
457
458 channel = getchannel();
459 if (channel == NULL) {
460 dropbear_exit("EOF for unknown channel");
461 }
462
463 channel->recveof = 1;
464 if (cbuf_getused(channel->writebuf) == 0
465 && (channel->extrabuf == NULL
466 || cbuf_getused(channel->extrabuf) == 0)) {
467 closewritefd(channel);
468 }
469
470 TRACE(("leave recv_msg_channel_eof"))
471 }
472
473
474 /* Handle channel closure(), respond in kind and close the channels */
475 void recv_msg_channel_close() {
476
477 struct Channel * channel;
478
479 TRACE(("enter recv_msg_channel_close"))
480
481 channel = getchannel();
482 if (channel == NULL) {
483 /* disconnect ? */
484 dropbear_exit("Close for unknown channel");
485 }
486
487 channel->recveof = 1;
488 channel->recvclosed = 1;
489
490 if (channel->sentclosed) {
491 removechannel(channel);
492 }
493
494 TRACE(("leave recv_msg_channel_close"))
495 }
496
497 /* Remove a channel entry, this is only executed after both sides have sent
498 * channel close */
499 static void removechannel(struct Channel * channel) {
500
501 TRACE(("enter removechannel"))
502 TRACE(("channel index is %d", channel->index))
503
504 cbuf_free(channel->writebuf);
505 channel->writebuf = NULL;
506
507 if (channel->extrabuf) {
508 cbuf_free(channel->extrabuf);
509 channel->extrabuf = NULL;
510 }
511
512
513 /* close the FDs in case they haven't been done
514 * yet (ie they were shutdown etc */
515 close(channel->writefd);
516 close(channel->readfd);
517 close(channel->errfd);
518
519 channel->typedata = NULL;
520
521 deletechannel(channel);
522
523 TRACE(("leave removechannel"))
524 }
525
526 /* Remove a channel entry */
527 static void deletechannel(struct Channel *channel) {
528
529 ses.channels[channel->index] = NULL;
530 m_free(channel);
531 ses.chancount--;
532
533 }
534
535
536 /* Handle channel specific requests, passing off to corresponding handlers
537 * such as chansession or x11fwd */
538 void recv_msg_channel_request() {
539
540 struct Channel *channel;
541
542 TRACE(("enter recv_msg_channel_request"))
543
544 channel = getchannel();
545 if (channel == NULL) {
546 /* disconnect ? */
547 dropbear_exit("Unknown channel");
548 }
549
550 if (channel->type->reqhandler) {
551 channel->type->reqhandler(channel);
552 } else {
553 send_msg_channel_failure(channel);
554 }
555
556 TRACE(("leave recv_msg_channel_request"))
557
558 }
559
560 /* Reads data from the server's program/shell/etc, and puts it in a
561 * channel_data packet to send.
562 * chan is the remote channel, isextended is 0 if it is normal data, 1
563 * if it is extended data. if it is extended, then the type is in
564 * exttype */
565 static void send_msg_channel_data(struct Channel *channel, int isextended,
566 unsigned int exttype) {
567
568 buffer *buf;
569 int len;
570 unsigned int maxlen;
571 int fd;
572
573 /* TRACE(("enter send_msg_channel_data"))
574 TRACE(("extended = %d type = %d", isextended, exttype))*/
575
576 CHECKCLEARTOWRITE();
577
578 dropbear_assert(!channel->sentclosed);
579
580 if (isextended) {
581 fd = channel->errfd;
582 } else {
583 fd = channel->readfd;
584 }
585 dropbear_assert(fd >= 0);
586
587 maxlen = MIN(channel->transwindow, channel->transmaxpacket);
588 /* -(1+4+4) is SSH_MSG_CHANNEL_DATA, channel number, string length, and
589 * exttype if is extended */
590 maxlen = MIN(maxlen,
591 ses.writepayload->size - 1 - 4 - 4 - (isextended ? 4 : 0));
592 if (maxlen == 0) {
593 TRACE(("leave send_msg_channel_data: no window"))
594 return; /* the data will get written later */
595 }
596
597 /* read the data */
598 TRACE(("maxlen %d", maxlen))
599 buf = buf_new(maxlen);
600 TRACE(("buf pos %d data %x", buf->pos, buf->data))
601 len = read(fd, buf_getwriteptr(buf, maxlen), maxlen);
602 if (len <= 0) {
603 /* on error/eof, send eof */
604 if (len == 0 || errno != EINTR) {
605 closereadfd(channel, fd);
606 }
607 buf_free(buf);
608 buf = NULL;
609 TRACE(("leave send_msg_channel_data: read err or EOF for fd %d",
610 channel->index));
611 return;
612 }
613 buf_incrlen(buf, len);
614
615 buf_putbyte(ses.writepayload,
616 isextended ? SSH_MSG_CHANNEL_EXTENDED_DATA : SSH_MSG_CHANNEL_DATA);
617 buf_putint(ses.writepayload, channel->remotechan);
618
619 if (isextended) {
620 buf_putint(ses.writepayload, exttype);
621 }
622
623 buf_putstring(ses.writepayload, buf_getptr(buf, len), len);
624 buf_free(buf);
625 buf = NULL;
626
627 channel->transwindow -= len;
628
629 encrypt_packet();
630 TRACE(("leave send_msg_channel_data"))
631 }
632
633 /* We receive channel data */
634 void recv_msg_channel_data() {
635
636 struct Channel *channel;
637
638 channel = getchannel();
639 if (channel == NULL) {
640 dropbear_exit("Unknown channel");
641 }
642
643 common_recv_msg_channel_data(channel, channel->writefd, channel->writebuf);
644 }
645
646 /* Shared for data and stderr data - when we receive data, put it in a buffer
647 * for writing to the local file descriptor */
648 void common_recv_msg_channel_data(struct Channel *channel, int fd,
649 circbuffer * cbuf) {
650
651 unsigned int datalen;
652 unsigned int maxdata;
653 unsigned int buflen;
654 unsigned int len;
655
656 TRACE(("enter recv_msg_channel_data"))
657
658 if (channel->recveof) {
659 dropbear_exit("received data after eof");
660 }
661
662 if (fd < 0) {
663 dropbear_exit("received data with bad writefd");
664 }
665
666 datalen = buf_getint(ses.payload);
667
668
669 maxdata = cbuf_getavail(cbuf);
670
671 /* Whilst the spec says we "MAY ignore data past the end" this could
672 * lead to corrupted file transfers etc (chunks missed etc). It's better to
673 * just die horribly */
674 if (datalen > maxdata) {
675 dropbear_exit("Oversized packet");
676 }
677
678 /* We may have to run throught twice, if the buffer wraps around. Can't
679 * just "leave it for next time" like with writechannel, since this
680 * is payload data */
681 len = datalen;
682 while (len > 0) {
683 buflen = cbuf_writelen(cbuf);
684 buflen = MIN(buflen, len);
685
686 memcpy(cbuf_writeptr(cbuf, buflen),
687 buf_getptr(ses.payload, buflen), buflen);
688 cbuf_incrwrite(cbuf, buflen);
689 buf_incrpos(ses.payload, buflen);
690 len -= buflen;
691 }
692
693 dropbear_assert(channel->recvwindow >= datalen);
694 channel->recvwindow -= datalen;
695 dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW);
696
697 TRACE(("leave recv_msg_channel_data"))
698 }
699
700 /* Increment the outgoing data window for a channel - the remote end limits
701 * the amount of data which may be transmitted, this window is decremented
702 * as data is sent, and incremented upon receiving window-adjust messages */
703 void recv_msg_channel_window_adjust() {
704
705 struct Channel * channel;
706 unsigned int incr;
707
708 channel = getchannel();
709 if (channel == NULL) {
710 dropbear_exit("Unknown channel");
711 }
712
713 incr = buf_getint(ses.payload);
714 TRACE(("received window increment %d", incr))
715 incr = MIN(incr, MAX_TRANS_WIN_INCR);
716
717 channel->transwindow += incr;
718 channel->transwindow = MIN(channel->transwindow, MAX_TRANS_WINDOW);
719
720 }
721
722 /* Increment the incoming data window for a channel, and let the remote
723 * end know */
724 static void send_msg_channel_window_adjust(struct Channel* channel,
725 unsigned int incr) {
726
727 TRACE(("sending window adjust %d", incr))
728 CHECKCLEARTOWRITE();
729
730 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_WINDOW_ADJUST);
731 buf_putint(ses.writepayload, channel->remotechan);
732 buf_putint(ses.writepayload, incr);
733
734 encrypt_packet();
735 }
736
737 /* Handle a new channel request, performing any channel-type-specific setup */
738 /* XXX server */
739 void recv_msg_channel_open() {
740
741 unsigned char *type;
742 unsigned int typelen;
743 unsigned int remotechan, transwindow, transmaxpacket;
744 struct Channel *channel;
745 const struct ChanType **cp;
746 const struct ChanType *chantype;
747 unsigned int errtype = SSH_OPEN_UNKNOWN_CHANNEL_TYPE;
748 int ret;
749
750
751 TRACE(("enter recv_msg_channel_open"))
752
753 /* get the packet contents */
754 type = buf_getstring(ses.payload, &typelen);
755
756 remotechan = buf_getint(ses.payload);
757 transwindow = buf_getint(ses.payload);
758 transwindow = MIN(transwindow, MAX_TRANS_WINDOW);
759 transmaxpacket = buf_getint(ses.payload);
760 transmaxpacket = MIN(transmaxpacket, MAX_TRANS_PAYLOAD_LEN);
761
762 /* figure what type of packet it is */
763 if (typelen > MAX_NAME_LEN) {
764 goto failure;
765 }
766
767 /* Get the channel type. Client and server style invokation will set up a
768 * different list for ses.chantypes at startup. We just iterate through
769 * this list and find the matching name */
770 for (cp = &ses.chantypes[0], chantype = (*cp);
771 chantype != NULL;
772 cp++, chantype = (*cp)) {
773 if (strcmp(type, chantype->name) == 0) {
774 break;
775 }
776 }
777
778 if (chantype == NULL) {
779 TRACE(("No matching type for '%s'", type))
780 goto failure;
781 }
782
783 TRACE(("matched type '%s'", type))
784
785 /* create the channel */
786 channel = newchannel(remotechan, chantype, transwindow, transmaxpacket);
787
788 if (channel == NULL) {
789 TRACE(("newchannel returned NULL"))
790 goto failure;
791 }
792
793 if (channel->type->inithandler) {
794 ret = channel->type->inithandler(channel);
795 if (ret > 0) {
796 if (ret == SSH_OPEN_IN_PROGRESS) {
797 /* We'll send the confirmation later */
798 goto cleanup;
799 }
800 errtype = ret;
801 deletechannel(channel);
802 TRACE(("inithandler returned failure %d", ret))
803 goto failure;
804 }
805 }
806
807 /* success */
808 send_msg_channel_open_confirmation(channel, channel->recvwindow,
809 channel->recvmaxpacket);
810 goto cleanup;
811
812 failure:
813 TRACE(("recv_msg_channel_open failure"))
814 send_msg_channel_open_failure(remotechan, errtype, "", "");
815
816 cleanup:
817 m_free(type);
818
819 TRACE(("leave recv_msg_channel_open"))
820 }
821
822 /* Send a failure message */
823 void send_msg_channel_failure(struct Channel *channel) {
824
825 TRACE(("enter send_msg_channel_failure"))
826 CHECKCLEARTOWRITE();
827
828 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_FAILURE);
829 buf_putint(ses.writepayload, channel->remotechan);
830
831 encrypt_packet();
832 TRACE(("leave send_msg_channel_failure"))
833 }
834
835 /* Send a success message */
836 void send_msg_channel_success(struct Channel *channel) {
837
838 TRACE(("enter send_msg_channel_success"))
839 CHECKCLEARTOWRITE();
840
841 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_SUCCESS);
842 buf_putint(ses.writepayload, channel->remotechan);
843
844 encrypt_packet();
845 TRACE(("leave send_msg_channel_success"))
846 }
847
848 /* Send a channel open failure message, with a corresponding reason
849 * code (usually resource shortage or unknown chan type) */
850 static void send_msg_channel_open_failure(unsigned int remotechan,
851 int reason, const unsigned char *text, const unsigned char *lang) {
852
853 TRACE(("enter send_msg_channel_open_failure"))
854 CHECKCLEARTOWRITE();
855
856 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_FAILURE);
857 buf_putint(ses.writepayload, remotechan);
858 buf_putint(ses.writepayload, reason);
859 buf_putstring(ses.writepayload, text, strlen((char*)text));
860 buf_putstring(ses.writepayload, lang, strlen((char*)lang));
861
862 encrypt_packet();
863 TRACE(("leave send_msg_channel_open_failure"))
864 }
865
866 /* Confirm a channel open, and let the remote end know what number we've
867 * allocated and the receive parameters */
868 static void send_msg_channel_open_confirmation(struct Channel* channel,
869 unsigned int recvwindow,
870 unsigned int recvmaxpacket) {
871
872 TRACE(("enter send_msg_channel_open_confirmation"))
873 CHECKCLEARTOWRITE();
874
875 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
876 buf_putint(ses.writepayload, channel->remotechan);
877 buf_putint(ses.writepayload, channel->index);
878 buf_putint(ses.writepayload, recvwindow);
879 buf_putint(ses.writepayload, recvmaxpacket);
880
881 encrypt_packet();
882 TRACE(("leave send_msg_channel_open_confirmation"))
883 }
884
885 #if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
886 /* Create a new channel, and start the open request. This is intended
887 * for X11, agent, tcp forwarding, and should be filled with channel-specific
888 * options, with the calling function calling encrypt_packet() after
889 * completion. It is mandatory for the caller to encrypt_packet() if
890 * DROPBEAR_SUCCESS is returned */
891 int send_msg_channel_open_init(int fd, const struct ChanType *type) {
892
893 struct Channel* chan;
894
895 TRACE(("enter send_msg_channel_open_init()"))
896 chan = newchannel(0, type, 0, 0);
897 if (!chan) {
898 TRACE(("leave send_msg_channel_open_init() - FAILED in newchannel()"))
899 return DROPBEAR_FAILURE;
900 }
901
902 /* set fd non-blocking */
903 setnonblocking(fd);
904
905 chan->writefd = chan->readfd = fd;
906 ses.maxfd = MAX(ses.maxfd, fd);
907
908 chan->await_open = 1;
909
910 /* now open the channel connection */
911 CHECKCLEARTOWRITE();
912
913 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN);
914 buf_putstring(ses.writepayload, type->name, strlen(type->name));
915 buf_putint(ses.writepayload, chan->index);
916 buf_putint(ses.writepayload, RECV_MAXWINDOW);
917 buf_putint(ses.writepayload, RECV_MAXPACKET);
918
919 TRACE(("leave send_msg_channel_open_init()"))
920 return DROPBEAR_SUCCESS;
921 }
922
923 /* Confirmation that our channel open request (for forwardings) was
924 * successful*/
925 void recv_msg_channel_open_confirmation() {
926
927 struct Channel * channel;
928 int ret;
929
930 TRACE(("enter recv_msg_channel_open_confirmation"))
931
932 channel = getchannel();
933 if (channel == NULL) {
934 dropbear_exit("Unknown channel");
935 }
936
937 if (!channel->await_open) {
938 dropbear_exit("unexpected channel reply");
939 }
940 channel->await_open = 0;
941
942 channel->remotechan = buf_getint(ses.payload);
943 channel->transwindow = buf_getint(ses.payload);
944 channel->transmaxpacket = buf_getint(ses.payload);
945
946 TRACE(("new chan remote %d local %d",
947 channel->remotechan, channel->index))
948
949 /* Run the inithandler callback */
950 if (channel->type->inithandler) {
951 ret = channel->type->inithandler(channel);
952 if (ret > 0) {
953 removechannel(channel);
954 TRACE(("inithandler returned failure %d", ret))
955 }
956 }
957
958
959 TRACE(("leave recv_msg_channel_open_confirmation"))
960 }
961
962 /* Notification that our channel open request failed */
963 void recv_msg_channel_open_failure() {
964
965 struct Channel * channel;
966
967 channel = getchannel();
968 if (channel == NULL) {
969 dropbear_exit("Unknown channel");
970 }
971
972 if (!channel->await_open) {
973 dropbear_exit("unexpected channel reply");
974 }
975 channel->await_open = 0;
976
977 removechannel(channel);
978 }
979 #endif /* USING_LISTENERS */
980
981 /* close a stdout/stderr fd */
982 static void closereadfd(struct Channel * channel, int fd) {
983
984 /* don't close it if it is the same as writefd,
985 * unless writefd is already set -1 */
986 TRACE(("enter closereadfd"))
987 closechanfd(channel, fd, 0);
988 TRACE(("leave closereadfd"))
989 }
990
991 /* close a stdin fd */
992 static void closewritefd(struct Channel * channel) {
993
994 TRACE(("enter closewritefd"))
995 closechanfd(channel, channel->writefd, 1);
996 TRACE(("leave closewritefd"))
997 }
998
999 /* close a fd, how is 0 for stdout/stderr, 1 for stdin */
1000 static void closechanfd(struct Channel *channel, int fd, int how) {
1001
1002 int closein = 0, closeout = 0;
1003
1004 /* XXX server */
1005 if (channel->type->sepfds) {
1006 TRACE(("shutdown((%d), %d)", fd, how))
1007 shutdown(fd, how);
1008 if (how == 0) {
1009 closeout = 1;
1010 } else {
1011 closein = 1;
1012 }
1013 } else {
1014 close(fd);
1015 closein = closeout = 1;
1016 }
1017
1018 if (closeout && fd == channel->readfd) {
1019 channel->readfd = FD_CLOSED;
1020 }
1021 if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) {
1022 channel->errfd = FD_CLOSED;
1023 }
1024
1025 if (closein && fd == channel->writefd) {
1026 channel->writefd = FD_CLOSED;
1027 }
1028 if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) {
1029 channel->errfd = FD_CLOSED;
1030 }
1031
1032 /* if we called shutdown on it and all references are gone, then we
1033 * need to close() it to stop it lingering */
1034 if (channel->type->sepfds && channel->readfd == FD_CLOSED
1035 && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) {
1036 close(fd);
1037 }
1038 }