Mercurial > dropbear
comparison common-channel.c @ 285:1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 08 Mar 2006 13:23:58 +0000 |
parents | e109fb08b8ee |
children | baea1d43e7eb |
comparison
equal
deleted
inserted
replaced
281:997e6f7dc01e | 285:1b9e69c058d2 |
---|---|
1 /* | |
2 * Dropbear SSH | |
3 * | |
4 * Copyright (c) 2002-2004 Matt Johnston | |
5 * All rights reserved. | |
6 * | |
7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
8 * of this software and associated documentation files (the "Software"), to deal | |
9 * in the Software without restriction, including without limitation the rights | |
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
11 * copies of the Software, and to permit persons to whom the Software is | |
12 * furnished to do so, subject to the following conditions: | |
13 * | |
14 * The above copyright notice and this permission notice shall be included in | |
15 * all copies or substantial portions of the Software. | |
16 * | |
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
23 * SOFTWARE. */ | |
24 | |
25 /* Handle the multiplexed channels, such as sessions, x11, agent connections */ | |
26 | |
27 #include "includes.h" | |
28 #include "session.h" | |
29 #include "packet.h" | |
30 #include "ssh.h" | |
31 #include "buffer.h" | |
32 #include "circbuffer.h" | |
33 #include "dbutil.h" | |
34 #include "channel.h" | |
35 #include "ssh.h" | |
36 #include "listener.h" | |
37 | |
38 static void send_msg_channel_open_failure(unsigned int remotechan, int reason, | |
39 const unsigned char *text, const unsigned char *lang); | |
40 static void send_msg_channel_open_confirmation(struct Channel* channel, | |
41 unsigned int recvwindow, | |
42 unsigned int recvmaxpacket); | |
43 static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf); | |
44 static void send_msg_channel_window_adjust(struct Channel *channel, | |
45 unsigned int incr); | |
46 static void send_msg_channel_data(struct Channel *channel, int isextended, | |
47 unsigned int exttype); | |
48 static void send_msg_channel_eof(struct Channel *channel); | |
49 static void send_msg_channel_close(struct Channel *channel); | |
50 static void removechannel(struct Channel *channel); | |
51 static void deletechannel(struct Channel *channel); | |
52 static void checkinitdone(struct Channel *channel); | |
53 static void checkclose(struct Channel *channel); | |
54 | |
55 static void closewritefd(struct Channel * channel); | |
56 static void closereadfd(struct Channel * channel, int fd); | |
57 static void closechanfd(struct Channel *channel, int fd, int how); | |
58 | |
59 #define FD_UNINIT (-2) | |
60 #define FD_CLOSED (-1) | |
61 | |
62 /* Initialise all the channels */ | |
63 void chaninitialise(const struct ChanType *chantypes[]) { | |
64 | |
65 /* may as well create space for a single channel */ | |
66 ses.channels = (struct Channel**)m_malloc(sizeof(struct Channel*)); | |
67 ses.chansize = 1; | |
68 ses.channels[0] = NULL; | |
69 ses.chancount = 0; | |
70 | |
71 ses.chantypes = chantypes; | |
72 | |
73 #ifdef USING_LISTENERS | |
74 listeners_initialise(); | |
75 #endif | |
76 | |
77 } | |
78 | |
79 /* Clean up channels, freeing allocated memory */ | |
80 void chancleanup() { | |
81 | |
82 unsigned int i; | |
83 | |
84 TRACE(("enter chancleanup")) | |
85 for (i = 0; i < ses.chansize; i++) { | |
86 if (ses.channels[i] != NULL) { | |
87 TRACE(("channel %d closing", i)) | |
88 removechannel(ses.channels[i]); | |
89 } | |
90 } | |
91 m_free(ses.channels); | |
92 TRACE(("leave chancleanup")) | |
93 } | |
94 | |
95 /* Create a new channel entry, send a reply confirm or failure */ | |
96 /* If remotechan, transwindow and transmaxpacket are not know (for a new | |
97 * outgoing connection, with them to be filled on confirmation), they should | |
98 * all be set to 0 */ | |
99 struct Channel* newchannel(unsigned int remotechan, | |
100 const struct ChanType *type, | |
101 unsigned int transwindow, unsigned int transmaxpacket) { | |
102 | |
103 struct Channel * newchan; | |
104 unsigned int i, j; | |
105 | |
106 TRACE(("enter newchannel")) | |
107 | |
108 /* first see if we can use existing channels */ | |
109 for (i = 0; i < ses.chansize; i++) { | |
110 if (ses.channels[i] == NULL) { | |
111 break; | |
112 } | |
113 } | |
114 | |
115 /* otherwise extend the list */ | |
116 if (i == ses.chansize) { | |
117 if (ses.chansize >= MAX_CHANNELS) { | |
118 TRACE(("leave newchannel: max chans reached")) | |
119 return NULL; | |
120 } | |
121 | |
122 /* extend the channels */ | |
123 ses.channels = (struct Channel**)m_realloc(ses.channels, | |
124 (ses.chansize+CHAN_EXTEND_SIZE)*sizeof(struct Channel*)); | |
125 | |
126 ses.chansize += CHAN_EXTEND_SIZE; | |
127 | |
128 /* set the new channels to null */ | |
129 for (j = i; j < ses.chansize; j++) { | |
130 ses.channels[j] = NULL; | |
131 } | |
132 | |
133 } | |
134 | |
135 newchan = (struct Channel*)m_malloc(sizeof(struct Channel)); | |
136 newchan->type = type; | |
137 newchan->index = i; | |
138 newchan->sentclosed = newchan->recvclosed = 0; | |
139 newchan->senteof = newchan->recveof = 0; | |
140 | |
141 newchan->remotechan = remotechan; | |
142 newchan->transwindow = transwindow; | |
143 newchan->transmaxpacket = transmaxpacket; | |
144 | |
145 newchan->typedata = NULL; | |
146 newchan->writefd = FD_UNINIT; | |
147 newchan->readfd = FD_UNINIT; | |
148 newchan->errfd = FD_CLOSED; /* this isn't always set to start with */ | |
149 newchan->initconn = 0; | |
150 newchan->await_open = 0; | |
151 | |
152 newchan->writebuf = cbuf_new(RECV_MAXWINDOW); | |
153 newchan->extrabuf = NULL; /* The user code can set it up */ | |
154 newchan->recvwindow = RECV_MAXWINDOW; | |
155 newchan->recvdonelen = 0; | |
156 newchan->recvmaxpacket = RECV_MAXPACKET; | |
157 | |
158 ses.channels[i] = newchan; | |
159 ses.chancount++; | |
160 | |
161 TRACE(("leave newchannel")) | |
162 | |
163 return newchan; | |
164 } | |
165 | |
166 /* Returns the channel structure corresponding to the channel in the current | |
167 * data packet (ses.payload must be positioned appropriately) */ | |
168 struct Channel* getchannel() { | |
169 | |
170 unsigned int chan; | |
171 | |
172 chan = buf_getint(ses.payload); | |
173 if (chan >= ses.chansize || ses.channels[chan] == NULL) { | |
174 return NULL; | |
175 } | |
176 return ses.channels[chan]; | |
177 } | |
178 | |
179 /* Iterate through the channels, performing IO if available */ | |
180 void channelio(fd_set *readfds, fd_set *writefds) { | |
181 | |
182 struct Channel *channel; | |
183 unsigned int i; | |
184 | |
185 /* iterate through all the possible channels */ | |
186 for (i = 0; i < ses.chansize; i++) { | |
187 | |
188 channel = ses.channels[i]; | |
189 if (channel == NULL) { | |
190 /* only process in-use channels */ | |
191 continue; | |
192 } | |
193 | |
194 /* read data and send it over the wire */ | |
195 if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) { | |
196 send_msg_channel_data(channel, 0, 0); | |
197 } | |
198 | |
199 /* read stderr data and send it over the wire */ | |
200 if (channel->extrabuf == NULL && | |
201 channel->errfd >= 0 && FD_ISSET(channel->errfd, readfds)) { | |
202 send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR); | |
203 } | |
204 | |
205 /* write to program/pipe stdin */ | |
206 if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) { | |
207 if (channel->initconn) { | |
208 checkinitdone(channel); | |
209 continue; /* Important not to use the channel after | |
210 checkinitdone(), as it may be NULL */ | |
211 } | |
212 writechannel(channel, channel->writefd, channel->writebuf); | |
213 } | |
214 | |
215 /* stderr for client mode */ | |
216 if (channel->extrabuf != NULL | |
217 && channel->errfd >= 0 && FD_ISSET(channel->errfd, writefds)) { | |
218 writechannel(channel, channel->errfd, channel->extrabuf); | |
219 } | |
220 | |
221 /* now handle any of the channel-closing type stuff */ | |
222 checkclose(channel); | |
223 | |
224 } /* foreach channel */ | |
225 | |
226 /* Listeners such as TCP, X11, agent-auth */ | |
227 #ifdef USING_LISTENERS | |
228 handle_listeners(readfds); | |
229 #endif | |
230 } | |
231 | |
232 | |
233 /* do all the EOF/close type stuff checking for a channel */ | |
234 static void checkclose(struct Channel *channel) { | |
235 | |
236 TRACE(("checkclose: writefd %d, readfd %d, errfd %d, sentclosed %d, recvclosed %d", | |
237 channel->writefd, channel->readfd, | |
238 channel->errfd, channel->sentclosed, channel->recvclosed)) | |
239 TRACE(("writebuf %d extrabuf %s extrabuf %d", | |
240 cbuf_getused(channel->writebuf), | |
241 channel->writebuf, | |
242 channel->writebuf ? 0 : cbuf_getused(channel->extrabuf))) | |
243 | |
244 if (!channel->sentclosed) { | |
245 | |
246 /* check for exited - currently only used for server sessions, | |
247 * if the shell has exited etc */ | |
248 if (channel->type->checkclose) { | |
249 if (channel->type->checkclose(channel)) { | |
250 closewritefd(channel); | |
251 } | |
252 } | |
253 | |
254 if (!channel->senteof | |
255 && channel->readfd == FD_CLOSED | |
256 && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { | |
257 send_msg_channel_eof(channel); | |
258 } | |
259 | |
260 if (channel->writefd == FD_CLOSED | |
261 && channel->readfd == FD_CLOSED | |
262 && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { | |
263 send_msg_channel_close(channel); | |
264 } | |
265 } | |
266 | |
267 /* When either party wishes to terminate the channel, it sends | |
268 * SSH_MSG_CHANNEL_CLOSE. Upon receiving this message, a party MUST | |
269 * send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this | |
270 * message for the channel. The channel is considered closed for a | |
271 * party when it has both sent and received SSH_MSG_CHANNEL_CLOSE, and | |
272 * the party may then reuse the channel number. A party MAY send | |
273 * SSH_MSG_CHANNEL_CLOSE without having sent or received | |
274 * SSH_MSG_CHANNEL_EOF. | |
275 * (from draft-ietf-secsh-connect) | |
276 */ | |
277 if (channel->recvclosed) { | |
278 if (! channel->sentclosed) { | |
279 TRACE(("Sending MSG_CHANNEL_CLOSE in response to same.")) | |
280 send_msg_channel_close(channel); | |
281 } | |
282 removechannel(channel); | |
283 } | |
284 } | |
285 | |
286 | |
287 /* Check whether a deferred (EINPROGRESS) connect() was successful, and | |
288 * if so, set up the channel properly. Otherwise, the channel is cleaned up, so | |
289 * it is important that the channel reference isn't used after a call to this | |
290 * function */ | |
291 static void checkinitdone(struct Channel *channel) { | |
292 | |
293 int val; | |
294 socklen_t vallen = sizeof(val); | |
295 | |
296 TRACE(("enter checkinitdone")) | |
297 | |
298 if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen) | |
299 || val != 0) { | |
300 send_msg_channel_open_failure(channel->remotechan, | |
301 SSH_OPEN_CONNECT_FAILED, "", ""); | |
302 close(channel->writefd); | |
303 deletechannel(channel); | |
304 TRACE(("leave checkinitdone: fail")) | |
305 } else { | |
306 send_msg_channel_open_confirmation(channel, channel->recvwindow, | |
307 channel->recvmaxpacket); | |
308 channel->readfd = channel->writefd; | |
309 channel->initconn = 0; | |
310 TRACE(("leave checkinitdone: success")) | |
311 } | |
312 } | |
313 | |
314 | |
315 | |
316 /* Send the close message and set the channel as closed */ | |
317 static void send_msg_channel_close(struct Channel *channel) { | |
318 | |
319 TRACE(("enter send_msg_channel_close")) | |
320 /* XXX server */ | |
321 if (channel->type->closehandler) { | |
322 channel->type->closehandler(channel); | |
323 } | |
324 | |
325 CHECKCLEARTOWRITE(); | |
326 | |
327 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_CLOSE); | |
328 buf_putint(ses.writepayload, channel->remotechan); | |
329 | |
330 encrypt_packet(); | |
331 | |
332 channel->senteof = 1; | |
333 channel->sentclosed = 1; | |
334 TRACE(("leave send_msg_channel_close")) | |
335 } | |
336 | |
337 /* call this when trans/eof channels are closed */ | |
338 static void send_msg_channel_eof(struct Channel *channel) { | |
339 | |
340 TRACE(("enter send_msg_channel_eof")) | |
341 CHECKCLEARTOWRITE(); | |
342 | |
343 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_EOF); | |
344 buf_putint(ses.writepayload, channel->remotechan); | |
345 | |
346 encrypt_packet(); | |
347 | |
348 channel->senteof = 1; | |
349 | |
350 TRACE(("leave send_msg_channel_eof")) | |
351 } | |
352 | |
353 /* Called to write data out to the local side of the channel. | |
354 * Only called when we know we can write to a channel, writes as much as | |
355 * possible */ | |
356 static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { | |
357 | |
358 int len, maxlen; | |
359 | |
360 TRACE(("enter writechannel")) | |
361 | |
362 maxlen = cbuf_readlen(cbuf); | |
363 | |
364 /* Write the data out */ | |
365 len = write(fd, cbuf_readptr(cbuf, maxlen), maxlen); | |
366 if (len <= 0) { | |
367 if (len < 0 && errno != EINTR) { | |
368 /* no more to write - we close it even if the fd was stderr, since | |
369 * that's a nasty failure too */ | |
370 closewritefd(channel); | |
371 } | |
372 TRACE(("leave writechannel: len <= 0")) | |
373 return; | |
374 } | |
375 | |
376 cbuf_incrread(cbuf, len); | |
377 channel->recvdonelen += len; | |
378 | |
379 if (fd == channel->writefd && cbuf_getused(cbuf) == 0 && channel->recveof) { | |
380 /* Check if we're closing up */ | |
381 closewritefd(channel); | |
382 TRACE(("leave writechannel: recveof set")) | |
383 return; | |
384 } | |
385 | |
386 /* Window adjust handling */ | |
387 if (channel->recvdonelen >= RECV_WINDOWEXTEND) { | |
388 /* Set it back to max window */ | |
389 send_msg_channel_window_adjust(channel, channel->recvdonelen); | |
390 channel->recvwindow += channel->recvdonelen; | |
391 channel->recvdonelen = 0; | |
392 } | |
393 | |
394 dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW); | |
395 dropbear_assert(channel->recvwindow <= cbuf_getavail(channel->writebuf)); | |
396 dropbear_assert(channel->extrabuf == NULL || | |
397 channel->recvwindow <= cbuf_getavail(channel->extrabuf)); | |
398 | |
399 | |
400 TRACE(("leave writechannel")) | |
401 } | |
402 | |
403 /* Set the file descriptors for the main select in session.c | |
404 * This avoid channels which don't have any window available, are closed, etc*/ | |
405 void setchannelfds(fd_set *readfds, fd_set *writefds) { | |
406 | |
407 unsigned int i; | |
408 struct Channel * channel; | |
409 | |
410 for (i = 0; i < ses.chansize; i++) { | |
411 | |
412 channel = ses.channels[i]; | |
413 if (channel == NULL) { | |
414 continue; | |
415 } | |
416 | |
417 /* Stuff to put over the wire */ | |
418 if (channel->transwindow > 0) { | |
419 | |
420 if (channel->readfd >= 0) { | |
421 FD_SET(channel->readfd, readfds); | |
422 } | |
423 | |
424 if (channel->extrabuf == NULL && channel->errfd >= 0) { | |
425 FD_SET(channel->errfd, readfds); | |
426 } | |
427 } | |
428 | |
429 /* Stuff from the wire */ | |
430 if ((channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0 ) | |
431 || channel->initconn) { | |
432 | |
433 FD_SET(channel->writefd, writefds); | |
434 } | |
435 | |
436 if (channel->extrabuf != NULL && channel->errfd >= 0 | |
437 && cbuf_getused(channel->extrabuf) > 0 ) { | |
438 FD_SET(channel->errfd, writefds); | |
439 } | |
440 | |
441 } /* foreach channel */ | |
442 | |
443 #ifdef USING_LISTENERS | |
444 set_listener_fds(readfds); | |
445 #endif | |
446 | |
447 } | |
448 | |
449 /* handle the channel EOF event, by closing the channel filedescriptor. The | |
450 * channel isn't closed yet, it is left until the incoming (from the program | |
451 * etc) FD is also EOF */ | |
452 void recv_msg_channel_eof() { | |
453 | |
454 struct Channel * channel; | |
455 | |
456 TRACE(("enter recv_msg_channel_eof")) | |
457 | |
458 channel = getchannel(); | |
459 if (channel == NULL) { | |
460 dropbear_exit("EOF for unknown channel"); | |
461 } | |
462 | |
463 channel->recveof = 1; | |
464 if (cbuf_getused(channel->writebuf) == 0 | |
465 && (channel->extrabuf == NULL | |
466 || cbuf_getused(channel->extrabuf) == 0)) { | |
467 closewritefd(channel); | |
468 } | |
469 | |
470 TRACE(("leave recv_msg_channel_eof")) | |
471 } | |
472 | |
473 | |
474 /* Handle channel closure(), respond in kind and close the channels */ | |
475 void recv_msg_channel_close() { | |
476 | |
477 struct Channel * channel; | |
478 | |
479 TRACE(("enter recv_msg_channel_close")) | |
480 | |
481 channel = getchannel(); | |
482 if (channel == NULL) { | |
483 /* disconnect ? */ | |
484 dropbear_exit("Close for unknown channel"); | |
485 } | |
486 | |
487 channel->recveof = 1; | |
488 channel->recvclosed = 1; | |
489 | |
490 if (channel->sentclosed) { | |
491 removechannel(channel); | |
492 } | |
493 | |
494 TRACE(("leave recv_msg_channel_close")) | |
495 } | |
496 | |
497 /* Remove a channel entry, this is only executed after both sides have sent | |
498 * channel close */ | |
499 static void removechannel(struct Channel * channel) { | |
500 | |
501 TRACE(("enter removechannel")) | |
502 TRACE(("channel index is %d", channel->index)) | |
503 | |
504 cbuf_free(channel->writebuf); | |
505 channel->writebuf = NULL; | |
506 | |
507 if (channel->extrabuf) { | |
508 cbuf_free(channel->extrabuf); | |
509 channel->extrabuf = NULL; | |
510 } | |
511 | |
512 | |
513 /* close the FDs in case they haven't been done | |
514 * yet (ie they were shutdown etc */ | |
515 close(channel->writefd); | |
516 close(channel->readfd); | |
517 close(channel->errfd); | |
518 | |
519 channel->typedata = NULL; | |
520 | |
521 deletechannel(channel); | |
522 | |
523 TRACE(("leave removechannel")) | |
524 } | |
525 | |
526 /* Remove a channel entry */ | |
527 static void deletechannel(struct Channel *channel) { | |
528 | |
529 ses.channels[channel->index] = NULL; | |
530 m_free(channel); | |
531 ses.chancount--; | |
532 | |
533 } | |
534 | |
535 | |
536 /* Handle channel specific requests, passing off to corresponding handlers | |
537 * such as chansession or x11fwd */ | |
538 void recv_msg_channel_request() { | |
539 | |
540 struct Channel *channel; | |
541 | |
542 TRACE(("enter recv_msg_channel_request")) | |
543 | |
544 channel = getchannel(); | |
545 if (channel == NULL) { | |
546 /* disconnect ? */ | |
547 dropbear_exit("Unknown channel"); | |
548 } | |
549 | |
550 if (channel->type->reqhandler) { | |
551 channel->type->reqhandler(channel); | |
552 } else { | |
553 send_msg_channel_failure(channel); | |
554 } | |
555 | |
556 TRACE(("leave recv_msg_channel_request")) | |
557 | |
558 } | |
559 | |
560 /* Reads data from the server's program/shell/etc, and puts it in a | |
561 * channel_data packet to send. | |
562 * chan is the remote channel, isextended is 0 if it is normal data, 1 | |
563 * if it is extended data. if it is extended, then the type is in | |
564 * exttype */ | |
565 static void send_msg_channel_data(struct Channel *channel, int isextended, | |
566 unsigned int exttype) { | |
567 | |
568 buffer *buf; | |
569 int len; | |
570 unsigned int maxlen; | |
571 int fd; | |
572 | |
573 /* TRACE(("enter send_msg_channel_data")) | |
574 TRACE(("extended = %d type = %d", isextended, exttype))*/ | |
575 | |
576 CHECKCLEARTOWRITE(); | |
577 | |
578 dropbear_assert(!channel->sentclosed); | |
579 | |
580 if (isextended) { | |
581 fd = channel->errfd; | |
582 } else { | |
583 fd = channel->readfd; | |
584 } | |
585 dropbear_assert(fd >= 0); | |
586 | |
587 maxlen = MIN(channel->transwindow, channel->transmaxpacket); | |
588 /* -(1+4+4) is SSH_MSG_CHANNEL_DATA, channel number, string length, and | |
589 * exttype if is extended */ | |
590 maxlen = MIN(maxlen, | |
591 ses.writepayload->size - 1 - 4 - 4 - (isextended ? 4 : 0)); | |
592 if (maxlen == 0) { | |
593 TRACE(("leave send_msg_channel_data: no window")) | |
594 return; /* the data will get written later */ | |
595 } | |
596 | |
597 /* read the data */ | |
598 TRACE(("maxlen %d", maxlen)) | |
599 buf = buf_new(maxlen); | |
600 TRACE(("buf pos %d data %x", buf->pos, buf->data)) | |
601 len = read(fd, buf_getwriteptr(buf, maxlen), maxlen); | |
602 if (len <= 0) { | |
603 /* on error/eof, send eof */ | |
604 if (len == 0 || errno != EINTR) { | |
605 closereadfd(channel, fd); | |
606 } | |
607 buf_free(buf); | |
608 buf = NULL; | |
609 TRACE(("leave send_msg_channel_data: read err or EOF for fd %d", | |
610 channel->index)); | |
611 return; | |
612 } | |
613 buf_incrlen(buf, len); | |
614 | |
615 buf_putbyte(ses.writepayload, | |
616 isextended ? SSH_MSG_CHANNEL_EXTENDED_DATA : SSH_MSG_CHANNEL_DATA); | |
617 buf_putint(ses.writepayload, channel->remotechan); | |
618 | |
619 if (isextended) { | |
620 buf_putint(ses.writepayload, exttype); | |
621 } | |
622 | |
623 buf_putstring(ses.writepayload, buf_getptr(buf, len), len); | |
624 buf_free(buf); | |
625 buf = NULL; | |
626 | |
627 channel->transwindow -= len; | |
628 | |
629 encrypt_packet(); | |
630 TRACE(("leave send_msg_channel_data")) | |
631 } | |
632 | |
633 /* We receive channel data */ | |
634 void recv_msg_channel_data() { | |
635 | |
636 struct Channel *channel; | |
637 | |
638 channel = getchannel(); | |
639 if (channel == NULL) { | |
640 dropbear_exit("Unknown channel"); | |
641 } | |
642 | |
643 common_recv_msg_channel_data(channel, channel->writefd, channel->writebuf); | |
644 } | |
645 | |
646 /* Shared for data and stderr data - when we receive data, put it in a buffer | |
647 * for writing to the local file descriptor */ | |
648 void common_recv_msg_channel_data(struct Channel *channel, int fd, | |
649 circbuffer * cbuf) { | |
650 | |
651 unsigned int datalen; | |
652 unsigned int maxdata; | |
653 unsigned int buflen; | |
654 unsigned int len; | |
655 | |
656 TRACE(("enter recv_msg_channel_data")) | |
657 | |
658 if (channel->recveof) { | |
659 dropbear_exit("received data after eof"); | |
660 } | |
661 | |
662 if (fd < 0) { | |
663 dropbear_exit("received data with bad writefd"); | |
664 } | |
665 | |
666 datalen = buf_getint(ses.payload); | |
667 | |
668 | |
669 maxdata = cbuf_getavail(cbuf); | |
670 | |
671 /* Whilst the spec says we "MAY ignore data past the end" this could | |
672 * lead to corrupted file transfers etc (chunks missed etc). It's better to | |
673 * just die horribly */ | |
674 if (datalen > maxdata) { | |
675 dropbear_exit("Oversized packet"); | |
676 } | |
677 | |
678 /* We may have to run throught twice, if the buffer wraps around. Can't | |
679 * just "leave it for next time" like with writechannel, since this | |
680 * is payload data */ | |
681 len = datalen; | |
682 while (len > 0) { | |
683 buflen = cbuf_writelen(cbuf); | |
684 buflen = MIN(buflen, len); | |
685 | |
686 memcpy(cbuf_writeptr(cbuf, buflen), | |
687 buf_getptr(ses.payload, buflen), buflen); | |
688 cbuf_incrwrite(cbuf, buflen); | |
689 buf_incrpos(ses.payload, buflen); | |
690 len -= buflen; | |
691 } | |
692 | |
693 dropbear_assert(channel->recvwindow >= datalen); | |
694 channel->recvwindow -= datalen; | |
695 dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW); | |
696 | |
697 TRACE(("leave recv_msg_channel_data")) | |
698 } | |
699 | |
700 /* Increment the outgoing data window for a channel - the remote end limits | |
701 * the amount of data which may be transmitted, this window is decremented | |
702 * as data is sent, and incremented upon receiving window-adjust messages */ | |
703 void recv_msg_channel_window_adjust() { | |
704 | |
705 struct Channel * channel; | |
706 unsigned int incr; | |
707 | |
708 channel = getchannel(); | |
709 if (channel == NULL) { | |
710 dropbear_exit("Unknown channel"); | |
711 } | |
712 | |
713 incr = buf_getint(ses.payload); | |
714 TRACE(("received window increment %d", incr)) | |
715 incr = MIN(incr, MAX_TRANS_WIN_INCR); | |
716 | |
717 channel->transwindow += incr; | |
718 channel->transwindow = MIN(channel->transwindow, MAX_TRANS_WINDOW); | |
719 | |
720 } | |
721 | |
722 /* Increment the incoming data window for a channel, and let the remote | |
723 * end know */ | |
724 static void send_msg_channel_window_adjust(struct Channel* channel, | |
725 unsigned int incr) { | |
726 | |
727 TRACE(("sending window adjust %d", incr)) | |
728 CHECKCLEARTOWRITE(); | |
729 | |
730 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_WINDOW_ADJUST); | |
731 buf_putint(ses.writepayload, channel->remotechan); | |
732 buf_putint(ses.writepayload, incr); | |
733 | |
734 encrypt_packet(); | |
735 } | |
736 | |
737 /* Handle a new channel request, performing any channel-type-specific setup */ | |
738 /* XXX server */ | |
739 void recv_msg_channel_open() { | |
740 | |
741 unsigned char *type; | |
742 unsigned int typelen; | |
743 unsigned int remotechan, transwindow, transmaxpacket; | |
744 struct Channel *channel; | |
745 const struct ChanType **cp; | |
746 const struct ChanType *chantype; | |
747 unsigned int errtype = SSH_OPEN_UNKNOWN_CHANNEL_TYPE; | |
748 int ret; | |
749 | |
750 | |
751 TRACE(("enter recv_msg_channel_open")) | |
752 | |
753 /* get the packet contents */ | |
754 type = buf_getstring(ses.payload, &typelen); | |
755 | |
756 remotechan = buf_getint(ses.payload); | |
757 transwindow = buf_getint(ses.payload); | |
758 transwindow = MIN(transwindow, MAX_TRANS_WINDOW); | |
759 transmaxpacket = buf_getint(ses.payload); | |
760 transmaxpacket = MIN(transmaxpacket, MAX_TRANS_PAYLOAD_LEN); | |
761 | |
762 /* figure what type of packet it is */ | |
763 if (typelen > MAX_NAME_LEN) { | |
764 goto failure; | |
765 } | |
766 | |
767 /* Get the channel type. Client and server style invokation will set up a | |
768 * different list for ses.chantypes at startup. We just iterate through | |
769 * this list and find the matching name */ | |
770 for (cp = &ses.chantypes[0], chantype = (*cp); | |
771 chantype != NULL; | |
772 cp++, chantype = (*cp)) { | |
773 if (strcmp(type, chantype->name) == 0) { | |
774 break; | |
775 } | |
776 } | |
777 | |
778 if (chantype == NULL) { | |
779 TRACE(("No matching type for '%s'", type)) | |
780 goto failure; | |
781 } | |
782 | |
783 TRACE(("matched type '%s'", type)) | |
784 | |
785 /* create the channel */ | |
786 channel = newchannel(remotechan, chantype, transwindow, transmaxpacket); | |
787 | |
788 if (channel == NULL) { | |
789 TRACE(("newchannel returned NULL")) | |
790 goto failure; | |
791 } | |
792 | |
793 if (channel->type->inithandler) { | |
794 ret = channel->type->inithandler(channel); | |
795 if (ret > 0) { | |
796 if (ret == SSH_OPEN_IN_PROGRESS) { | |
797 /* We'll send the confirmation later */ | |
798 goto cleanup; | |
799 } | |
800 errtype = ret; | |
801 deletechannel(channel); | |
802 TRACE(("inithandler returned failure %d", ret)) | |
803 goto failure; | |
804 } | |
805 } | |
806 | |
807 /* success */ | |
808 send_msg_channel_open_confirmation(channel, channel->recvwindow, | |
809 channel->recvmaxpacket); | |
810 goto cleanup; | |
811 | |
812 failure: | |
813 TRACE(("recv_msg_channel_open failure")) | |
814 send_msg_channel_open_failure(remotechan, errtype, "", ""); | |
815 | |
816 cleanup: | |
817 m_free(type); | |
818 | |
819 TRACE(("leave recv_msg_channel_open")) | |
820 } | |
821 | |
822 /* Send a failure message */ | |
823 void send_msg_channel_failure(struct Channel *channel) { | |
824 | |
825 TRACE(("enter send_msg_channel_failure")) | |
826 CHECKCLEARTOWRITE(); | |
827 | |
828 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_FAILURE); | |
829 buf_putint(ses.writepayload, channel->remotechan); | |
830 | |
831 encrypt_packet(); | |
832 TRACE(("leave send_msg_channel_failure")) | |
833 } | |
834 | |
835 /* Send a success message */ | |
836 void send_msg_channel_success(struct Channel *channel) { | |
837 | |
838 TRACE(("enter send_msg_channel_success")) | |
839 CHECKCLEARTOWRITE(); | |
840 | |
841 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_SUCCESS); | |
842 buf_putint(ses.writepayload, channel->remotechan); | |
843 | |
844 encrypt_packet(); | |
845 TRACE(("leave send_msg_channel_success")) | |
846 } | |
847 | |
848 /* Send a channel open failure message, with a corresponding reason | |
849 * code (usually resource shortage or unknown chan type) */ | |
850 static void send_msg_channel_open_failure(unsigned int remotechan, | |
851 int reason, const unsigned char *text, const unsigned char *lang) { | |
852 | |
853 TRACE(("enter send_msg_channel_open_failure")) | |
854 CHECKCLEARTOWRITE(); | |
855 | |
856 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_FAILURE); | |
857 buf_putint(ses.writepayload, remotechan); | |
858 buf_putint(ses.writepayload, reason); | |
859 buf_putstring(ses.writepayload, text, strlen((char*)text)); | |
860 buf_putstring(ses.writepayload, lang, strlen((char*)lang)); | |
861 | |
862 encrypt_packet(); | |
863 TRACE(("leave send_msg_channel_open_failure")) | |
864 } | |
865 | |
866 /* Confirm a channel open, and let the remote end know what number we've | |
867 * allocated and the receive parameters */ | |
868 static void send_msg_channel_open_confirmation(struct Channel* channel, | |
869 unsigned int recvwindow, | |
870 unsigned int recvmaxpacket) { | |
871 | |
872 TRACE(("enter send_msg_channel_open_confirmation")) | |
873 CHECKCLEARTOWRITE(); | |
874 | |
875 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_CONFIRMATION); | |
876 buf_putint(ses.writepayload, channel->remotechan); | |
877 buf_putint(ses.writepayload, channel->index); | |
878 buf_putint(ses.writepayload, recvwindow); | |
879 buf_putint(ses.writepayload, recvmaxpacket); | |
880 | |
881 encrypt_packet(); | |
882 TRACE(("leave send_msg_channel_open_confirmation")) | |
883 } | |
884 | |
885 #if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT) | |
886 /* Create a new channel, and start the open request. This is intended | |
887 * for X11, agent, tcp forwarding, and should be filled with channel-specific | |
888 * options, with the calling function calling encrypt_packet() after | |
889 * completion. It is mandatory for the caller to encrypt_packet() if | |
890 * DROPBEAR_SUCCESS is returned */ | |
891 int send_msg_channel_open_init(int fd, const struct ChanType *type) { | |
892 | |
893 struct Channel* chan; | |
894 | |
895 TRACE(("enter send_msg_channel_open_init()")) | |
896 chan = newchannel(0, type, 0, 0); | |
897 if (!chan) { | |
898 TRACE(("leave send_msg_channel_open_init() - FAILED in newchannel()")) | |
899 return DROPBEAR_FAILURE; | |
900 } | |
901 | |
902 /* set fd non-blocking */ | |
903 setnonblocking(fd); | |
904 | |
905 chan->writefd = chan->readfd = fd; | |
906 ses.maxfd = MAX(ses.maxfd, fd); | |
907 | |
908 chan->await_open = 1; | |
909 | |
910 /* now open the channel connection */ | |
911 CHECKCLEARTOWRITE(); | |
912 | |
913 buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN); | |
914 buf_putstring(ses.writepayload, type->name, strlen(type->name)); | |
915 buf_putint(ses.writepayload, chan->index); | |
916 buf_putint(ses.writepayload, RECV_MAXWINDOW); | |
917 buf_putint(ses.writepayload, RECV_MAXPACKET); | |
918 | |
919 TRACE(("leave send_msg_channel_open_init()")) | |
920 return DROPBEAR_SUCCESS; | |
921 } | |
922 | |
923 /* Confirmation that our channel open request (for forwardings) was | |
924 * successful*/ | |
925 void recv_msg_channel_open_confirmation() { | |
926 | |
927 struct Channel * channel; | |
928 int ret; | |
929 | |
930 TRACE(("enter recv_msg_channel_open_confirmation")) | |
931 | |
932 channel = getchannel(); | |
933 if (channel == NULL) { | |
934 dropbear_exit("Unknown channel"); | |
935 } | |
936 | |
937 if (!channel->await_open) { | |
938 dropbear_exit("unexpected channel reply"); | |
939 } | |
940 channel->await_open = 0; | |
941 | |
942 channel->remotechan = buf_getint(ses.payload); | |
943 channel->transwindow = buf_getint(ses.payload); | |
944 channel->transmaxpacket = buf_getint(ses.payload); | |
945 | |
946 TRACE(("new chan remote %d local %d", | |
947 channel->remotechan, channel->index)) | |
948 | |
949 /* Run the inithandler callback */ | |
950 if (channel->type->inithandler) { | |
951 ret = channel->type->inithandler(channel); | |
952 if (ret > 0) { | |
953 removechannel(channel); | |
954 TRACE(("inithandler returned failure %d", ret)) | |
955 } | |
956 } | |
957 | |
958 | |
959 TRACE(("leave recv_msg_channel_open_confirmation")) | |
960 } | |
961 | |
962 /* Notification that our channel open request failed */ | |
963 void recv_msg_channel_open_failure() { | |
964 | |
965 struct Channel * channel; | |
966 | |
967 channel = getchannel(); | |
968 if (channel == NULL) { | |
969 dropbear_exit("Unknown channel"); | |
970 } | |
971 | |
972 if (!channel->await_open) { | |
973 dropbear_exit("unexpected channel reply"); | |
974 } | |
975 channel->await_open = 0; | |
976 | |
977 removechannel(channel); | |
978 } | |
979 #endif /* USING_LISTENERS */ | |
980 | |
981 /* close a stdout/stderr fd */ | |
982 static void closereadfd(struct Channel * channel, int fd) { | |
983 | |
984 /* don't close it if it is the same as writefd, | |
985 * unless writefd is already set -1 */ | |
986 TRACE(("enter closereadfd")) | |
987 closechanfd(channel, fd, 0); | |
988 TRACE(("leave closereadfd")) | |
989 } | |
990 | |
991 /* close a stdin fd */ | |
992 static void closewritefd(struct Channel * channel) { | |
993 | |
994 TRACE(("enter closewritefd")) | |
995 closechanfd(channel, channel->writefd, 1); | |
996 TRACE(("leave closewritefd")) | |
997 } | |
998 | |
999 /* close a fd, how is 0 for stdout/stderr, 1 for stdin */ | |
1000 static void closechanfd(struct Channel *channel, int fd, int how) { | |
1001 | |
1002 int closein = 0, closeout = 0; | |
1003 | |
1004 /* XXX server */ | |
1005 if (channel->type->sepfds) { | |
1006 TRACE(("shutdown((%d), %d)", fd, how)) | |
1007 shutdown(fd, how); | |
1008 if (how == 0) { | |
1009 closeout = 1; | |
1010 } else { | |
1011 closein = 1; | |
1012 } | |
1013 } else { | |
1014 close(fd); | |
1015 closein = closeout = 1; | |
1016 } | |
1017 | |
1018 if (closeout && fd == channel->readfd) { | |
1019 channel->readfd = FD_CLOSED; | |
1020 } | |
1021 if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) { | |
1022 channel->errfd = FD_CLOSED; | |
1023 } | |
1024 | |
1025 if (closein && fd == channel->writefd) { | |
1026 channel->writefd = FD_CLOSED; | |
1027 } | |
1028 if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) { | |
1029 channel->errfd = FD_CLOSED; | |
1030 } | |
1031 | |
1032 /* if we called shutdown on it and all references are gone, then we | |
1033 * need to close() it to stop it lingering */ | |
1034 if (channel->type->sepfds && channel->readfd == FD_CLOSED | |
1035 && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { | |
1036 close(fd); | |
1037 } | |
1038 } |