nchan.c revision 1.1
1/* $NetBSD: nchan.c,v 1.1 2009/06/07 22:19:14 christos Exp $ */ 2/* $OpenBSD: nchan.c,v 1.62 2008/11/07 18:50:18 stevesk Exp $ */ 3/* 4 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/types.h> 28#include <sys/socket.h> 29#include <sys/queue.h> 30 31#include <errno.h> 32#include <string.h> 33#include <stdarg.h> 34 35#include "ssh1.h" 36#include "ssh2.h" 37#include "buffer.h" 38#include "packet.h" 39#include "channels.h" 40#include "compat.h" 41#include "log.h" 42 43/* 44 * SSH Protocol 1.5 aka New Channel Protocol 45 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored. 46 * Written by Markus Friedl in October 1999 47 * 48 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the 49 * tear down of channels: 50 * 51 * 1.3: strict request-ack-protocol: 52 * CLOSE -> 53 * <- CLOSE_CONFIRM 54 * 55 * 1.5: uses variations of: 56 * IEOF -> 57 * <- OCLOSE 58 * <- IEOF 59 * OCLOSE -> 60 * i.e. both sides have to close the channel 61 * 62 * 2.0: the EOF messages are optional 63 * 64 * See the debugging output from 'ssh -v' and 'sshd -d' of 65 * ssh-1.2.27 as an example. 66 * 67 */ 68 69/* functions manipulating channel states */ 70/* 71 * EVENTS update channel input/output states execute ACTIONS 72 */ 73/* 74 * ACTIONS: should never update the channel states 75 */ 76static void chan_send_ieof1(Channel *); 77static void chan_send_oclose1(Channel *); 78static void chan_send_close2(Channel *); 79static void chan_send_eof2(Channel *); 80static void chan_send_eow2(Channel *); 81 82/* helper */ 83static void chan_shutdown_write(Channel *); 84static void chan_shutdown_read(Channel *); 85 86static char *ostates[] = { "open", "drain", "wait_ieof", "closed" }; 87static char *istates[] = { "open", "drain", "wait_oclose", "closed" }; 88 89static void 90chan_set_istate(Channel *c, u_int next) 91{ 92 if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED) 93 fatal("chan_set_istate: bad state %d -> %d", c->istate, next); 94 debug2("channel %d: input %s -> %s", c->self, istates[c->istate], 95 istates[next]); 96 c->istate = next; 97} 98static void 99chan_set_ostate(Channel *c, u_int next) 100{ 101 if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED) 102 fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next); 103 debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate], 104 ostates[next]); 105 c->ostate = next; 106} 107 108/* 109 * SSH1 specific implementation of event functions 110 */ 111 112static void 113chan_rcvd_oclose1(Channel *c) 114{ 115 debug2("channel %d: rcvd oclose", c->self); 116 switch (c->istate) { 117 case CHAN_INPUT_WAIT_OCLOSE: 118 chan_set_istate(c, CHAN_INPUT_CLOSED); 119 break; 120 case CHAN_INPUT_OPEN: 121 chan_shutdown_read(c); 122 chan_send_ieof1(c); 123 chan_set_istate(c, CHAN_INPUT_CLOSED); 124 break; 125 case CHAN_INPUT_WAIT_DRAIN: 126 /* both local read_failed and remote write_failed */ 127 chan_send_ieof1(c); 128 chan_set_istate(c, CHAN_INPUT_CLOSED); 129 break; 130 default: 131 error("channel %d: protocol error: rcvd_oclose for istate %d", 132 c->self, c->istate); 133 return; 134 } 135} 136void 137chan_read_failed(Channel *c) 138{ 139 debug2("channel %d: read failed", c->self); 140 switch (c->istate) { 141 case CHAN_INPUT_OPEN: 142 chan_shutdown_read(c); 143 chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN); 144 break; 145 default: 146 error("channel %d: chan_read_failed for istate %d", 147 c->self, c->istate); 148 break; 149 } 150} 151void 152chan_ibuf_empty(Channel *c) 153{ 154 debug2("channel %d: ibuf empty", c->self); 155 if (buffer_len(&c->input)) { 156 error("channel %d: chan_ibuf_empty for non empty buffer", 157 c->self); 158 return; 159 } 160 switch (c->istate) { 161 case CHAN_INPUT_WAIT_DRAIN: 162 if (compat20) { 163 if (!(c->flags & CHAN_CLOSE_SENT)) 164 chan_send_eof2(c); 165 chan_set_istate(c, CHAN_INPUT_CLOSED); 166 } else { 167 chan_send_ieof1(c); 168 chan_set_istate(c, CHAN_INPUT_WAIT_OCLOSE); 169 } 170 break; 171 default: 172 error("channel %d: chan_ibuf_empty for istate %d", 173 c->self, c->istate); 174 break; 175 } 176} 177static void 178chan_rcvd_ieof1(Channel *c) 179{ 180 debug2("channel %d: rcvd ieof", c->self); 181 switch (c->ostate) { 182 case CHAN_OUTPUT_OPEN: 183 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 184 break; 185 case CHAN_OUTPUT_WAIT_IEOF: 186 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 187 break; 188 default: 189 error("channel %d: protocol error: rcvd_ieof for ostate %d", 190 c->self, c->ostate); 191 break; 192 } 193} 194static void 195chan_write_failed1(Channel *c) 196{ 197 debug2("channel %d: write failed", c->self); 198 switch (c->ostate) { 199 case CHAN_OUTPUT_OPEN: 200 chan_shutdown_write(c); 201 chan_send_oclose1(c); 202 chan_set_ostate(c, CHAN_OUTPUT_WAIT_IEOF); 203 break; 204 case CHAN_OUTPUT_WAIT_DRAIN: 205 chan_shutdown_write(c); 206 chan_send_oclose1(c); 207 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 208 break; 209 default: 210 error("channel %d: chan_write_failed for ostate %d", 211 c->self, c->ostate); 212 break; 213 } 214} 215void 216chan_obuf_empty(Channel *c) 217{ 218 debug2("channel %d: obuf empty", c->self); 219 if (buffer_len(&c->output)) { 220 error("channel %d: chan_obuf_empty for non empty buffer", 221 c->self); 222 return; 223 } 224 switch (c->ostate) { 225 case CHAN_OUTPUT_WAIT_DRAIN: 226 chan_shutdown_write(c); 227 if (!compat20) 228 chan_send_oclose1(c); 229 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 230 break; 231 default: 232 error("channel %d: internal error: obuf_empty for ostate %d", 233 c->self, c->ostate); 234 break; 235 } 236} 237static void 238chan_send_ieof1(Channel *c) 239{ 240 debug2("channel %d: send ieof", c->self); 241 switch (c->istate) { 242 case CHAN_INPUT_OPEN: 243 case CHAN_INPUT_WAIT_DRAIN: 244 packet_start(SSH_MSG_CHANNEL_INPUT_EOF); 245 packet_put_int(c->remote_id); 246 packet_send(); 247 break; 248 default: 249 error("channel %d: cannot send ieof for istate %d", 250 c->self, c->istate); 251 break; 252 } 253} 254static void 255chan_send_oclose1(Channel *c) 256{ 257 debug2("channel %d: send oclose", c->self); 258 switch (c->ostate) { 259 case CHAN_OUTPUT_OPEN: 260 case CHAN_OUTPUT_WAIT_DRAIN: 261 buffer_clear(&c->output); 262 packet_start(SSH_MSG_CHANNEL_OUTPUT_CLOSE); 263 packet_put_int(c->remote_id); 264 packet_send(); 265 break; 266 default: 267 error("channel %d: cannot send oclose for ostate %d", 268 c->self, c->ostate); 269 break; 270 } 271} 272 273/* 274 * the same for SSH2 275 */ 276static void 277chan_rcvd_close2(Channel *c) 278{ 279 debug2("channel %d: rcvd close", c->self); 280 if (c->flags & CHAN_CLOSE_RCVD) 281 error("channel %d: protocol error: close rcvd twice", c->self); 282 c->flags |= CHAN_CLOSE_RCVD; 283 if (c->type == SSH_CHANNEL_LARVAL) { 284 /* tear down larval channels immediately */ 285 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 286 chan_set_istate(c, CHAN_INPUT_CLOSED); 287 return; 288 } 289 switch (c->ostate) { 290 case CHAN_OUTPUT_OPEN: 291 /* 292 * wait until a data from the channel is consumed if a CLOSE 293 * is received 294 */ 295 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 296 break; 297 } 298 switch (c->istate) { 299 case CHAN_INPUT_OPEN: 300 chan_shutdown_read(c); 301 chan_set_istate(c, CHAN_INPUT_CLOSED); 302 break; 303 case CHAN_INPUT_WAIT_DRAIN: 304 chan_send_eof2(c); 305 chan_set_istate(c, CHAN_INPUT_CLOSED); 306 break; 307 } 308} 309void 310chan_rcvd_eow(Channel *c) 311{ 312 debug2("channel %d: rcvd eow", c->self); 313 switch (c->istate) { 314 case CHAN_INPUT_OPEN: 315 chan_shutdown_read(c); 316 chan_set_istate(c, CHAN_INPUT_CLOSED); 317 break; 318 } 319} 320static void 321chan_rcvd_eof2(Channel *c) 322{ 323 debug2("channel %d: rcvd eof", c->self); 324 c->flags |= CHAN_EOF_RCVD; 325 if (c->ostate == CHAN_OUTPUT_OPEN) 326 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 327} 328static void 329chan_write_failed2(Channel *c) 330{ 331 debug2("channel %d: write failed", c->self); 332 switch (c->ostate) { 333 case CHAN_OUTPUT_OPEN: 334 case CHAN_OUTPUT_WAIT_DRAIN: 335 chan_shutdown_write(c); 336 if (strcmp(c->ctype, "session") == 0) 337 chan_send_eow2(c); 338 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 339 break; 340 default: 341 error("channel %d: chan_write_failed for ostate %d", 342 c->self, c->ostate); 343 break; 344 } 345} 346static void 347chan_send_eof2(Channel *c) 348{ 349 debug2("channel %d: send eof", c->self); 350 switch (c->istate) { 351 case CHAN_INPUT_WAIT_DRAIN: 352 packet_start(SSH2_MSG_CHANNEL_EOF); 353 packet_put_int(c->remote_id); 354 packet_send(); 355 c->flags |= CHAN_EOF_SENT; 356 break; 357 default: 358 error("channel %d: cannot send eof for istate %d", 359 c->self, c->istate); 360 break; 361 } 362} 363static void 364chan_send_close2(Channel *c) 365{ 366 debug2("channel %d: send close", c->self); 367 if (c->ostate != CHAN_OUTPUT_CLOSED || 368 c->istate != CHAN_INPUT_CLOSED) { 369 error("channel %d: cannot send close for istate/ostate %d/%d", 370 c->self, c->istate, c->ostate); 371 } else if (c->flags & CHAN_CLOSE_SENT) { 372 error("channel %d: already sent close", c->self); 373 } else { 374 packet_start(SSH2_MSG_CHANNEL_CLOSE); 375 packet_put_int(c->remote_id); 376 packet_send(); 377 c->flags |= CHAN_CLOSE_SENT; 378 } 379} 380static void 381chan_send_eow2(Channel *c) 382{ 383 debug2("channel %d: send eow", c->self); 384 if (c->ostate == CHAN_OUTPUT_CLOSED) { 385 error("channel %d: must not sent eow on closed output", 386 c->self); 387 return; 388 } 389 if (!(datafellows & SSH_NEW_OPENSSH)) 390 return; 391 packet_start(SSH2_MSG_CHANNEL_REQUEST); 392 packet_put_int(c->remote_id); 393 packet_put_cstring("eow@openssh.com"); 394 packet_put_char(0); 395 packet_send(); 396} 397 398/* shared */ 399 400void 401chan_rcvd_ieof(Channel *c) 402{ 403 if (compat20) 404 chan_rcvd_eof2(c); 405 else 406 chan_rcvd_ieof1(c); 407 if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN && 408 buffer_len(&c->output) == 0 && 409 !CHANNEL_EFD_OUTPUT_ACTIVE(c)) 410 chan_obuf_empty(c); 411} 412void 413chan_rcvd_oclose(Channel *c) 414{ 415 if (compat20) 416 chan_rcvd_close2(c); 417 else 418 chan_rcvd_oclose1(c); 419} 420void 421chan_write_failed(Channel *c) 422{ 423 if (compat20) 424 chan_write_failed2(c); 425 else 426 chan_write_failed1(c); 427} 428 429void 430chan_mark_dead(Channel *c) 431{ 432 c->type = SSH_CHANNEL_ZOMBIE; 433} 434 435int 436chan_is_dead(Channel *c, int do_send) 437{ 438 if (c->type == SSH_CHANNEL_ZOMBIE) { 439 debug2("channel %d: zombie", c->self); 440 return 1; 441 } 442 if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) 443 return 0; 444 if (!compat20) { 445 debug2("channel %d: is dead", c->self); 446 return 1; 447 } 448 if ((datafellows & SSH_BUG_EXTEOF) && 449 c->extended_usage == CHAN_EXTENDED_WRITE && 450 c->efd != -1 && 451 buffer_len(&c->extended) > 0) { 452 debug2("channel %d: active efd: %d len %d", 453 c->self, c->efd, buffer_len(&c->extended)); 454 return 0; 455 } 456 if (!(c->flags & CHAN_CLOSE_SENT)) { 457 if (do_send) { 458 chan_send_close2(c); 459 } else { 460 /* channel would be dead if we sent a close */ 461 if (c->flags & CHAN_CLOSE_RCVD) { 462 debug2("channel %d: almost dead", 463 c->self); 464 return 1; 465 } 466 } 467 } 468 if ((c->flags & CHAN_CLOSE_SENT) && 469 (c->flags & CHAN_CLOSE_RCVD)) { 470 debug2("channel %d: is dead", c->self); 471 return 1; 472 } 473 return 0; 474} 475 476/* helper */ 477static void 478chan_shutdown_write(Channel *c) 479{ 480 buffer_clear(&c->output); 481 if (compat20 && c->type == SSH_CHANNEL_LARVAL) 482 return; 483 /* shutdown failure is allowed if write failed already */ 484 debug2("channel %d: close_write", c->self); 485 if (c->sock != -1) { 486 if (shutdown(c->sock, SHUT_WR) < 0) 487 debug2("channel %d: chan_shutdown_write: " 488 "shutdown() failed for fd %d: %.100s", 489 c->self, c->sock, strerror(errno)); 490 } else { 491 if (channel_close_fd(&c->wfd) < 0) 492 logit("channel %d: chan_shutdown_write: " 493 "close() failed for fd %d: %.100s", 494 c->self, c->wfd, strerror(errno)); 495 } 496} 497static void 498chan_shutdown_read(Channel *c) 499{ 500 if (compat20 && c->type == SSH_CHANNEL_LARVAL) 501 return; 502 debug2("channel %d: close_read", c->self); 503 if (c->sock != -1) { 504 if (shutdown(c->sock, SHUT_RD) < 0) 505 error("channel %d: chan_shutdown_read: " 506 "shutdown() failed for fd %d [i%d o%d]: %.100s", 507 c->self, c->sock, c->istate, c->ostate, 508 strerror(errno)); 509 } else { 510 if (channel_close_fd(&c->rfd) < 0) 511 logit("channel %d: chan_shutdown_read: " 512 "close() failed for fd %d: %.100s", 513 c->self, c->rfd, strerror(errno)); 514 } 515} 516