nchan.c 12.8 KB
Newer Older
1
/* $OpenBSD: nchan.c,v 1.63 2010/01/26 01:28:35 djm Exp $ */
2
/*
3
 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

Damien Miller's avatar
Damien Miller committed
26 27
#include "includes.h"

28 29 30
#include <sys/types.h>
#include <sys/socket.h>

31
#include <errno.h>
32
#include <string.h>
33
#include <stdarg.h>
34

35
#include "openbsd-compat/sys-queue.h"
36 37
#include "ssh1.h"
#include "ssh2.h"
Damien Miller's avatar
Damien Miller committed
38 39 40
#include "buffer.h"
#include "packet.h"
#include "channels.h"
Damien Miller's avatar
Damien Miller committed
41
#include "compat.h"
42
#include "log.h"
Damien Miller's avatar
Damien Miller committed
43

44 45 46 47 48 49 50 51 52
/*
 * SSH Protocol 1.5 aka New Channel Protocol
 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored.
 * Written by Markus Friedl in October 1999
 *
 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the
 * tear down of channels:
 *
 * 1.3:	strict request-ack-protocol:
53 54
 *	CLOSE	->
 *		<-  CLOSE_CONFIRM
55 56
 *
 * 1.5:	uses variations of:
57 58 59 60 61
 *	IEOF	->
 *		<-  OCLOSE
 *		<-  IEOF
 *	OCLOSE	->
 *	i.e. both sides have to close the channel
62 63 64 65 66 67 68
 *
 * 2.0: the EOF messages are optional
 *
 * See the debugging output from 'ssh -v' and 'sshd -d' of
 * ssh-1.2.27 as an example.
 *
 */
Kevin Steves's avatar
Kevin Steves committed
69

Damien Miller's avatar
Damien Miller committed
70
/* functions manipulating channel states */
Damien Miller's avatar
Damien Miller committed
71
/*
72
 * EVENTS update channel input/output states execute ACTIONS
Damien Miller's avatar
Damien Miller committed
73
 */
Damien Miller's avatar
Damien Miller committed
74 75 76
/*
 * ACTIONS: should never update the channel states
 */
77 78 79 80
static void	chan_send_ieof1(Channel *);
static void	chan_send_oclose1(Channel *);
static void	chan_send_close2(Channel *);
static void	chan_send_eof2(Channel *);
81
static void	chan_send_eow2(Channel *);
Damien Miller's avatar
Damien Miller committed
82 83

/* helper */
84 85
static void	chan_shutdown_write(Channel *);
static void	chan_shutdown_read(Channel *);
Damien Miller's avatar
Damien Miller committed
86

87 88 89 90 91 92 93 94
static char *ostates[] = { "open", "drain", "wait_ieof", "closed" };
static char *istates[] = { "open", "drain", "wait_oclose", "closed" };

static void
chan_set_istate(Channel *c, u_int next)
{
	if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED)
		fatal("chan_set_istate: bad state %d -> %d", c->istate, next);
95
	debug2("channel %d: input %s -> %s", c->self, istates[c->istate],
96 97 98 99 100 101 102 103
	    istates[next]);
	c->istate = next;
}
static void
chan_set_ostate(Channel *c, u_int next)
{
	if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED)
		fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next);
104
	debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate],
105 106 107 108
	    ostates[next]);
	c->ostate = next;
}

Damien Miller's avatar
Damien Miller committed
109 110 111 112 113 114
/*
 * SSH1 specific implementation of event functions
 */

static void
chan_rcvd_oclose1(Channel *c)
115
{
116
	debug2("channel %d: rcvd oclose", c->self);
117
	switch (c->istate) {
Damien Miller's avatar
Damien Miller committed
118
	case CHAN_INPUT_WAIT_OCLOSE:
119
		chan_set_istate(c, CHAN_INPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
120 121 122
		break;
	case CHAN_INPUT_OPEN:
		chan_shutdown_read(c);
Damien Miller's avatar
Damien Miller committed
123
		chan_send_ieof1(c);
124
		chan_set_istate(c, CHAN_INPUT_CLOSED);
125 126 127
		break;
	case CHAN_INPUT_WAIT_DRAIN:
		/* both local read_failed and remote write_failed  */
Damien Miller's avatar
Damien Miller committed
128
		chan_send_ieof1(c);
129
		chan_set_istate(c, CHAN_INPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
130 131
		break;
	default:
132
		error("channel %d: protocol error: rcvd_oclose for istate %d",
Damien Miller's avatar
Damien Miller committed
133
		    c->self, c->istate);
134
		return;
Damien Miller's avatar
Damien Miller committed
135 136
	}
}
137 138
void
chan_read_failed(Channel *c)
139
{
140
	debug2("channel %d: read failed", c->self);
141
	switch (c->istate) {
Damien Miller's avatar
Damien Miller committed
142 143
	case CHAN_INPUT_OPEN:
		chan_shutdown_read(c);
144
		chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN);
Damien Miller's avatar
Damien Miller committed
145 146
		break;
	default:
147
		error("channel %d: chan_read_failed for istate %d",
Damien Miller's avatar
Damien Miller committed
148
		    c->self, c->istate);
Damien Miller's avatar
Damien Miller committed
149 150 151
		break;
	}
}
152 153
void
chan_ibuf_empty(Channel *c)
154
{
155
	debug2("channel %d: ibuf empty", c->self);
156
	if (buffer_len(&c->input)) {
157
		error("channel %d: chan_ibuf_empty for non empty buffer",
Damien Miller's avatar
Damien Miller committed
158
		    c->self);
Damien Miller's avatar
Damien Miller committed
159 160
		return;
	}
161
	switch (c->istate) {
Damien Miller's avatar
Damien Miller committed
162
	case CHAN_INPUT_WAIT_DRAIN:
163
		if (compat20) {
164
			if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL)))
165 166 167 168 169 170
				chan_send_eof2(c);
			chan_set_istate(c, CHAN_INPUT_CLOSED);
		} else {
			chan_send_ieof1(c);
			chan_set_istate(c, CHAN_INPUT_WAIT_OCLOSE);
		}
Damien Miller's avatar
Damien Miller committed
171 172
		break;
	default:
173
		error("channel %d: chan_ibuf_empty for istate %d",
Damien Miller's avatar
Damien Miller committed
174
		    c->self, c->istate);
Damien Miller's avatar
Damien Miller committed
175 176 177
		break;
	}
}
Damien Miller's avatar
Damien Miller committed
178 179
static void
chan_rcvd_ieof1(Channel *c)
180
{
181
	debug2("channel %d: rcvd ieof", c->self);
182
	switch (c->ostate) {
Damien Miller's avatar
Damien Miller committed
183
	case CHAN_OUTPUT_OPEN:
184
		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
Damien Miller's avatar
Damien Miller committed
185 186
		break;
	case CHAN_OUTPUT_WAIT_IEOF:
187
		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
188 189
		break;
	default:
190
		error("channel %d: protocol error: rcvd_ieof for ostate %d",
Damien Miller's avatar
Damien Miller committed
191
		    c->self, c->ostate);
Damien Miller's avatar
Damien Miller committed
192 193 194
		break;
	}
}
Damien Miller's avatar
Damien Miller committed
195 196
static void
chan_write_failed1(Channel *c)
197
{
198
	debug2("channel %d: write failed", c->self);
199
	switch (c->ostate) {
Damien Miller's avatar
Damien Miller committed
200
	case CHAN_OUTPUT_OPEN:
201
		chan_shutdown_write(c);
Damien Miller's avatar
Damien Miller committed
202
		chan_send_oclose1(c);
203
		chan_set_ostate(c, CHAN_OUTPUT_WAIT_IEOF);
Damien Miller's avatar
Damien Miller committed
204 205
		break;
	case CHAN_OUTPUT_WAIT_DRAIN:
206
		chan_shutdown_write(c);
Damien Miller's avatar
Damien Miller committed
207
		chan_send_oclose1(c);
208
		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
209 210
		break;
	default:
211
		error("channel %d: chan_write_failed for ostate %d",
Damien Miller's avatar
Damien Miller committed
212
		    c->self, c->ostate);
Damien Miller's avatar
Damien Miller committed
213 214 215
		break;
	}
}
216 217
void
chan_obuf_empty(Channel *c)
218
{
219
	debug2("channel %d: obuf empty", c->self);
220
	if (buffer_len(&c->output)) {
221
		error("channel %d: chan_obuf_empty for non empty buffer",
Damien Miller's avatar
Damien Miller committed
222
		    c->self);
Damien Miller's avatar
Damien Miller committed
223 224
		return;
	}
225
	switch (c->ostate) {
Damien Miller's avatar
Damien Miller committed
226
	case CHAN_OUTPUT_WAIT_DRAIN:
227
		chan_shutdown_write(c);
228 229
		if (!compat20)
			chan_send_oclose1(c);
230
		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
231 232
		break;
	default:
233
		error("channel %d: internal error: obuf_empty for ostate %d",
Damien Miller's avatar
Damien Miller committed
234
		    c->self, c->ostate);
Damien Miller's avatar
Damien Miller committed
235 236 237 238
		break;
	}
}
static void
Damien Miller's avatar
Damien Miller committed
239
chan_send_ieof1(Channel *c)
240
{
241
	debug2("channel %d: send ieof", c->self);
242
	switch (c->istate) {
Damien Miller's avatar
Damien Miller committed
243 244 245 246 247 248 249
	case CHAN_INPUT_OPEN:
	case CHAN_INPUT_WAIT_DRAIN:
		packet_start(SSH_MSG_CHANNEL_INPUT_EOF);
		packet_put_int(c->remote_id);
		packet_send();
		break;
	default:
250
		error("channel %d: cannot send ieof for istate %d",
Damien Miller's avatar
Damien Miller committed
251
		    c->self, c->istate);
Damien Miller's avatar
Damien Miller committed
252 253 254 255
		break;
	}
}
static void
Damien Miller's avatar
Damien Miller committed
256
chan_send_oclose1(Channel *c)
257
{
258
	debug2("channel %d: send oclose", c->self);
259
	switch (c->ostate) {
Damien Miller's avatar
Damien Miller committed
260 261
	case CHAN_OUTPUT_OPEN:
	case CHAN_OUTPUT_WAIT_DRAIN:
262
		buffer_clear(&c->output);
Damien Miller's avatar
Damien Miller committed
263 264 265 266 267
		packet_start(SSH_MSG_CHANNEL_OUTPUT_CLOSE);
		packet_put_int(c->remote_id);
		packet_send();
		break;
	default:
268
		error("channel %d: cannot send oclose for ostate %d",
269
		    c->self, c->ostate);
Damien Miller's avatar
Damien Miller committed
270 271 272
		break;
	}
}
273

Damien Miller's avatar
Damien Miller committed
274 275 276
/*
 * the same for SSH2
 */
Damien Miller's avatar
Damien Miller committed
277
static void
278
chan_rcvd_close2(Channel *c)
279
{
280
	debug2("channel %d: rcvd close", c->self);
281 282 283 284 285 286
	if (!(c->flags & CHAN_LOCAL)) {
		if (c->flags & CHAN_CLOSE_RCVD)
			error("channel %d: protocol error: close rcvd twice",
			    c->self);
		c->flags |= CHAN_CLOSE_RCVD;
	}
Damien Miller's avatar
Damien Miller committed
287 288
	if (c->type == SSH_CHANNEL_LARVAL) {
		/* tear down larval channels immediately */
289 290
		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
		chan_set_istate(c, CHAN_INPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
291 292 293 294
		return;
	}
	switch (c->ostate) {
	case CHAN_OUTPUT_OPEN:
295 296 297 298
		/*
		 * wait until a data from the channel is consumed if a CLOSE
		 * is received
		 */
299
		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
Damien Miller's avatar
Damien Miller committed
300 301 302 303 304
		break;
	}
	switch (c->istate) {
	case CHAN_INPUT_OPEN:
		chan_shutdown_read(c);
305
		chan_set_istate(c, CHAN_INPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
306 307
		break;
	case CHAN_INPUT_WAIT_DRAIN:
308 309
		if (!(c->flags & CHAN_LOCAL))
			chan_send_eof2(c);
310
		chan_set_istate(c, CHAN_INPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
311 312
		break;
	}
Damien Miller's avatar
Damien Miller committed
313
}
314

315 316 317 318 319 320 321 322 323 324 325
void
chan_rcvd_eow(Channel *c)
{
	debug2("channel %d: rcvd eow", c->self);
	switch (c->istate) {
	case CHAN_INPUT_OPEN:
		chan_shutdown_read(c);
		chan_set_istate(c, CHAN_INPUT_CLOSED);
		break;
	}
}
Damien Miller's avatar
Damien Miller committed
326
static void
327
chan_rcvd_eof2(Channel *c)
328
{
329
	debug2("channel %d: rcvd eof", c->self);
330
	c->flags |= CHAN_EOF_RCVD;
331 332
	if (c->ostate == CHAN_OUTPUT_OPEN)
		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
Damien Miller's avatar
Damien Miller committed
333
}
Damien Miller's avatar
Damien Miller committed
334 335 336
static void
chan_write_failed2(Channel *c)
{
337
	debug2("channel %d: write failed", c->self);
Damien Miller's avatar
Damien Miller committed
338 339 340 341
	switch (c->ostate) {
	case CHAN_OUTPUT_OPEN:
	case CHAN_OUTPUT_WAIT_DRAIN:
		chan_shutdown_write(c);
342 343
		if (strcmp(c->ctype, "session") == 0)
			chan_send_eow2(c);
344
		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
Damien Miller's avatar
Damien Miller committed
345 346
		break;
	default:
347
		error("channel %d: chan_write_failed for ostate %d",
Damien Miller's avatar
Damien Miller committed
348 349 350 351 352 353 354
		    c->self, c->ostate);
		break;
	}
}
static void
chan_send_eof2(Channel *c)
{
355
	debug2("channel %d: send eof", c->self);
Damien Miller's avatar
Damien Miller committed
356 357 358 359 360
	switch (c->istate) {
	case CHAN_INPUT_WAIT_DRAIN:
		packet_start(SSH2_MSG_CHANNEL_EOF);
		packet_put_int(c->remote_id);
		packet_send();
361
		c->flags |= CHAN_EOF_SENT;
Damien Miller's avatar
Damien Miller committed
362 363
		break;
	default:
364
		error("channel %d: cannot send eof for istate %d",
Damien Miller's avatar
Damien Miller committed
365 366 367 368 369 370 371
		    c->self, c->istate);
		break;
	}
}
static void
chan_send_close2(Channel *c)
{
372
	debug2("channel %d: send close", c->self);
Damien Miller's avatar
Damien Miller committed
373 374
	if (c->ostate != CHAN_OUTPUT_CLOSED ||
	    c->istate != CHAN_INPUT_CLOSED) {
375
		error("channel %d: cannot send close for istate/ostate %d/%d",
Damien Miller's avatar
Damien Miller committed
376 377
		    c->self, c->istate, c->ostate);
	} else if (c->flags & CHAN_CLOSE_SENT) {
378
		error("channel %d: already sent close", c->self);
Damien Miller's avatar
Damien Miller committed
379 380 381 382 383 384 385
	} else {
		packet_start(SSH2_MSG_CHANNEL_CLOSE);
		packet_put_int(c->remote_id);
		packet_send();
		c->flags |= CHAN_CLOSE_SENT;
	}
}
386 387 388 389 390 391 392 393 394
static void
chan_send_eow2(Channel *c)
{
	debug2("channel %d: send eow", c->self);
	if (c->ostate == CHAN_OUTPUT_CLOSED) {
		error("channel %d: must not sent eow on closed output",
		    c->self);
		return;
	}
395 396
	if (!(datafellows & SSH_NEW_OPENSSH))
		return;
397 398 399 400 401 402
	packet_start(SSH2_MSG_CHANNEL_REQUEST);
	packet_put_int(c->remote_id);
	packet_put_cstring("eow@openssh.com");
	packet_put_char(0);
	packet_send();
}
403 404 405

/* shared */

406 407 408 409 410 411 412
void
chan_rcvd_ieof(Channel *c)
{
	if (compat20)
		chan_rcvd_eof2(c);
	else
		chan_rcvd_ieof1(c);
413
	if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN &&
414
	    buffer_len(&c->output) == 0 &&
415
	    !CHANNEL_EFD_OUTPUT_ACTIVE(c))
416
		chan_obuf_empty(c);
417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434
}
void
chan_rcvd_oclose(Channel *c)
{
	if (compat20)
		chan_rcvd_close2(c);
	else
		chan_rcvd_oclose1(c);
}
void
chan_write_failed(Channel *c)
{
	if (compat20)
		chan_write_failed2(c);
	else
		chan_write_failed1(c);
}

435 436 437
void
chan_mark_dead(Channel *c)
{
438
	c->type = SSH_CHANNEL_ZOMBIE;
439 440
}

441
int
442
chan_is_dead(Channel *c, int do_send)
443
{
444
	if (c->type == SSH_CHANNEL_ZOMBIE) {
445
		debug2("channel %d: zombie", c->self);
446
		return 1;
447
	}
448 449 450
	if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
		return 0;
	if (!compat20) {
451
		debug2("channel %d: is dead", c->self);
452 453
		return 1;
	}
454 455 456 457
	if ((datafellows & SSH_BUG_EXTEOF) &&
	    c->extended_usage == CHAN_EXTENDED_WRITE &&
	    c->efd != -1 &&
	    buffer_len(&c->extended) > 0) {
Ben Lindstrom's avatar
Ben Lindstrom committed
458 459
		debug2("channel %d: active efd: %d len %d",
		    c->self, c->efd, buffer_len(&c->extended));
460 461
		return 0;
	}
462 463 464 465
	if (c->flags & CHAN_LOCAL) {
		debug2("channel %d: is dead (local)", c->self);
		return 1;
	}		
466
	if (!(c->flags & CHAN_CLOSE_SENT)) {
467
		if (do_send) {
468 469 470 471
			chan_send_close2(c);
		} else {
			/* channel would be dead if we sent a close */
			if (c->flags & CHAN_CLOSE_RCVD) {
472
				debug2("channel %d: almost dead",
473 474
				    c->self);
				return 1;
475
			}
Damien Miller's avatar
Damien Miller committed
476
		}
477 478 479
	}
	if ((c->flags & CHAN_CLOSE_SENT) &&
	    (c->flags & CHAN_CLOSE_RCVD)) {
480
		debug2("channel %d: is dead", c->self);
481
		return 1;
Damien Miller's avatar
Damien Miller committed
482
	}
483
	return 0;
Damien Miller's avatar
Damien Miller committed
484
}
Damien Miller's avatar
Damien Miller committed
485 486 487 488 489

/* helper */
static void
chan_shutdown_write(Channel *c)
{
490
	buffer_clear(&c->output);
Damien Miller's avatar
Damien Miller committed
491 492 493
	if (compat20 && c->type == SSH_CHANNEL_LARVAL)
		return;
	/* shutdown failure is allowed if write failed already */
494
	debug2("channel %d: close_write", c->self);
Damien Miller's avatar
Damien Miller committed
495 496
	if (c->sock != -1) {
		if (shutdown(c->sock, SHUT_WR) < 0)
497
			debug2("channel %d: chan_shutdown_write: "
498
			    "shutdown() failed for fd %d: %.100s",
Damien Miller's avatar
Damien Miller committed
499 500
			    c->self, c->sock, strerror(errno));
	} else {
501
		if (channel_close_fd(&c->wfd) < 0)
502
			logit("channel %d: chan_shutdown_write: "
503
			    "close() failed for fd %d: %.100s",
Damien Miller's avatar
Damien Miller committed
504 505 506 507 508 509 510 511
			    c->self, c->wfd, strerror(errno));
	}
}
static void
chan_shutdown_read(Channel *c)
{
	if (compat20 && c->type == SSH_CHANNEL_LARVAL)
		return;
512
	debug2("channel %d: close_read", c->self);
Damien Miller's avatar
Damien Miller committed
513
	if (c->sock != -1) {
514
		/*
515 516
		 * shutdown(sock, SHUT_READ) may return ENOTCONN if the
		 * write side has been closed already. (bug on Linux)
517
		 * HP-UX may return ENOTCONN also.
518 519
		 */
		if (shutdown(c->sock, SHUT_RD) < 0
520
		    && errno != ENOTCONN)
521
			error("channel %d: chan_shutdown_read: "
522
			    "shutdown() failed for fd %d [i%d o%d]: %.100s",
523
			    c->self, c->sock, c->istate, c->ostate,
Kevin Steves's avatar
Kevin Steves committed
524
			    strerror(errno));
Damien Miller's avatar
Damien Miller committed
525
	} else {
526
		if (channel_close_fd(&c->rfd) < 0)
527
			logit("channel %d: chan_shutdown_read: "
528
			    "close() failed for fd %d: %.100s",
Damien Miller's avatar
Damien Miller committed
529 530
			    c->self, c->rfd, strerror(errno));
	}
Damien Miller's avatar
Damien Miller committed
531
}