nchan.c revision 1.66
1/* $OpenBSD: nchan.c,v 1.66 2017/09/12 06:32:07 djm Exp $ */ 2/* 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include <sys/types.h> 27#include <sys/socket.h> 28#include <sys/queue.h> 29 30#include <errno.h> 31#include <string.h> 32#include <stdarg.h> 33 34#include "ssh2.h" 35#include "sshbuf.h" 36#include "ssherr.h" 37#include "packet.h" 38#include "channels.h" 39#include "compat.h" 40#include "log.h" 41 42/* 43 * SSH Protocol 1.5 aka New Channel Protocol 44 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored. 45 * Written by Markus Friedl in October 1999 46 * 47 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the 48 * tear down of channels: 49 * 50 * 1.3: strict request-ack-protocol: 51 * CLOSE -> 52 * <- CLOSE_CONFIRM 53 * 54 * 1.5: uses variations of: 55 * IEOF -> 56 * <- OCLOSE 57 * <- IEOF 58 * OCLOSE -> 59 * i.e. both sides have to close the channel 60 * 61 * 2.0: the EOF messages are optional 62 * 63 * See the debugging output from 'ssh -v' and 'sshd -d' of 64 * ssh-1.2.27 as an example. 65 * 66 */ 67 68/* functions manipulating channel states */ 69/* 70 * EVENTS update channel input/output states execute ACTIONS 71 */ 72/* 73 * ACTIONS: should never update the channel states 74 */ 75static void chan_send_eof2(struct ssh *, Channel *); 76static void chan_send_eow2(struct ssh *, Channel *); 77 78/* helper */ 79static void chan_shutdown_write(struct ssh *, Channel *); 80static void chan_shutdown_read(struct ssh *, Channel *); 81 82static const char *ostates[] = { "open", "drain", "wait_ieof", "closed" }; 83static const char *istates[] = { "open", "drain", "wait_oclose", "closed" }; 84 85static void 86chan_set_istate(Channel *c, u_int next) 87{ 88 if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED) 89 fatal("chan_set_istate: bad state %d -> %d", c->istate, next); 90 debug2("channel %d: input %s -> %s", c->self, istates[c->istate], 91 istates[next]); 92 c->istate = next; 93} 94 95static void 96chan_set_ostate(Channel *c, u_int next) 97{ 98 if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED) 99 fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next); 100 debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate], 101 ostates[next]); 102 c->ostate = next; 103} 104 105void 106chan_read_failed(struct ssh *ssh, Channel *c) 107{ 108 debug2("channel %d: read failed", c->self); 109 switch (c->istate) { 110 case CHAN_INPUT_OPEN: 111 chan_shutdown_read(ssh, c); 112 chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN); 113 break; 114 default: 115 error("channel %d: chan_read_failed for istate %d", 116 c->self, c->istate); 117 break; 118 } 119} 120 121void 122chan_ibuf_empty(struct ssh *ssh, Channel *c) 123{ 124 debug2("channel %d: ibuf empty", c->self); 125 if (sshbuf_len(c->input)) { 126 error("channel %d: chan_ibuf_empty for non empty buffer", 127 c->self); 128 return; 129 } 130 switch (c->istate) { 131 case CHAN_INPUT_WAIT_DRAIN: 132 if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL))) 133 chan_send_eof2(ssh, c); 134 chan_set_istate(c, CHAN_INPUT_CLOSED); 135 break; 136 default: 137 error("channel %d: chan_ibuf_empty for istate %d", 138 c->self, c->istate); 139 break; 140 } 141} 142 143void 144chan_obuf_empty(struct ssh *ssh, Channel *c) 145{ 146 debug2("channel %d: obuf empty", c->self); 147 if (sshbuf_len(c->output)) { 148 error("channel %d: chan_obuf_empty for non empty buffer", 149 c->self); 150 return; 151 } 152 switch (c->ostate) { 153 case CHAN_OUTPUT_WAIT_DRAIN: 154 chan_shutdown_write(ssh, c); 155 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 156 break; 157 default: 158 error("channel %d: internal error: obuf_empty for ostate %d", 159 c->self, c->ostate); 160 break; 161 } 162} 163 164void 165chan_rcvd_eow(struct ssh *ssh, Channel *c) 166{ 167 debug2("channel %d: rcvd eow", c->self); 168 switch (c->istate) { 169 case CHAN_INPUT_OPEN: 170 chan_shutdown_read(ssh, c); 171 chan_set_istate(c, CHAN_INPUT_CLOSED); 172 break; 173 } 174} 175 176static void 177chan_send_eof2(struct ssh *ssh, Channel *c) 178{ 179 int r; 180 181 debug2("channel %d: send eof", c->self); 182 switch (c->istate) { 183 case CHAN_INPUT_WAIT_DRAIN: 184 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 || 185 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 186 (r = sshpkt_send(ssh)) != 0) 187 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 188 c->flags |= CHAN_EOF_SENT; 189 break; 190 default: 191 error("channel %d: cannot send eof for istate %d", 192 c->self, c->istate); 193 break; 194 } 195} 196 197static void 198chan_send_close2(struct ssh *ssh, Channel *c) 199{ 200 int r; 201 202 debug2("channel %d: send close", c->self); 203 if (c->ostate != CHAN_OUTPUT_CLOSED || 204 c->istate != CHAN_INPUT_CLOSED) { 205 error("channel %d: cannot send close for istate/ostate %d/%d", 206 c->self, c->istate, c->ostate); 207 } else if (c->flags & CHAN_CLOSE_SENT) { 208 error("channel %d: already sent close", c->self); 209 } else { 210 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 || 211 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 212 (r = sshpkt_send(ssh)) != 0) 213 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 214 c->flags |= CHAN_CLOSE_SENT; 215 } 216} 217 218static void 219chan_send_eow2(struct ssh *ssh, Channel *c) 220{ 221 int r; 222 223 debug2("channel %d: send eow", c->self); 224 if (c->ostate == CHAN_OUTPUT_CLOSED) { 225 error("channel %d: must not sent eow on closed output", 226 c->self); 227 return; 228 } 229 if (!(datafellows & SSH_NEW_OPENSSH)) 230 return; 231 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 || 232 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 233 (r = sshpkt_put_cstring(ssh, "eow@openssh.com")) != 0 || 234 (r = sshpkt_put_u8(ssh, 0)) != 0 || 235 (r = sshpkt_send(ssh)) != 0) 236 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 237} 238 239/* shared */ 240 241void 242chan_rcvd_ieof(struct ssh *ssh, Channel *c) 243{ 244 debug2("channel %d: rcvd eof", c->self); 245 c->flags |= CHAN_EOF_RCVD; 246 if (c->ostate == CHAN_OUTPUT_OPEN) 247 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 248 if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN && 249 sshbuf_len(c->output) == 0 && 250 !CHANNEL_EFD_OUTPUT_ACTIVE(c)) 251 chan_obuf_empty(ssh, c); 252} 253 254void 255chan_rcvd_oclose(struct ssh *ssh, Channel *c) 256{ 257 debug2("channel %d: rcvd close", c->self); 258 if (!(c->flags & CHAN_LOCAL)) { 259 if (c->flags & CHAN_CLOSE_RCVD) 260 error("channel %d: protocol error: close rcvd twice", 261 c->self); 262 c->flags |= CHAN_CLOSE_RCVD; 263 } 264 if (c->type == SSH_CHANNEL_LARVAL) { 265 /* tear down larval channels immediately */ 266 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 267 chan_set_istate(c, CHAN_INPUT_CLOSED); 268 return; 269 } 270 switch (c->ostate) { 271 case CHAN_OUTPUT_OPEN: 272 /* 273 * wait until a data from the channel is consumed if a CLOSE 274 * is received 275 */ 276 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 277 break; 278 } 279 switch (c->istate) { 280 case CHAN_INPUT_OPEN: 281 chan_shutdown_read(ssh, c); 282 chan_set_istate(c, CHAN_INPUT_CLOSED); 283 break; 284 case CHAN_INPUT_WAIT_DRAIN: 285 if (!(c->flags & CHAN_LOCAL)) 286 chan_send_eof2(ssh, c); 287 chan_set_istate(c, CHAN_INPUT_CLOSED); 288 break; 289 } 290} 291 292void 293chan_write_failed(struct ssh *ssh, Channel *c) 294{ 295 debug2("channel %d: write failed", c->self); 296 switch (c->ostate) { 297 case CHAN_OUTPUT_OPEN: 298 case CHAN_OUTPUT_WAIT_DRAIN: 299 chan_shutdown_write(ssh, c); 300 if (strcmp(c->ctype, "session") == 0) 301 chan_send_eow2(ssh, c); 302 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 303 break; 304 default: 305 error("channel %d: chan_write_failed for ostate %d", 306 c->self, c->ostate); 307 break; 308 } 309} 310 311void 312chan_mark_dead(struct ssh *ssh, Channel *c) 313{ 314 c->type = SSH_CHANNEL_ZOMBIE; 315} 316 317int 318chan_is_dead(struct ssh *ssh, Channel *c, int do_send) 319{ 320 if (c->type == SSH_CHANNEL_ZOMBIE) { 321 debug2("channel %d: zombie", c->self); 322 return 1; 323 } 324 if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) 325 return 0; 326 if ((datafellows & SSH_BUG_EXTEOF) && 327 c->extended_usage == CHAN_EXTENDED_WRITE && 328 c->efd != -1 && 329 sshbuf_len(c->extended) > 0) { 330 debug2("channel %d: active efd: %d len %zu", 331 c->self, c->efd, sshbuf_len(c->extended)); 332 return 0; 333 } 334 if (c->flags & CHAN_LOCAL) { 335 debug2("channel %d: is dead (local)", c->self); 336 return 1; 337 } 338 if (!(c->flags & CHAN_CLOSE_SENT)) { 339 if (do_send) { 340 chan_send_close2(ssh, c); 341 } else { 342 /* channel would be dead if we sent a close */ 343 if (c->flags & CHAN_CLOSE_RCVD) { 344 debug2("channel %d: almost dead", 345 c->self); 346 return 1; 347 } 348 } 349 } 350 if ((c->flags & CHAN_CLOSE_SENT) && 351 (c->flags & CHAN_CLOSE_RCVD)) { 352 debug2("channel %d: is dead", c->self); 353 return 1; 354 } 355 return 0; 356} 357 358/* helper */ 359static void 360chan_shutdown_write(struct ssh *ssh, Channel *c) 361{ 362 sshbuf_reset(c->output); 363 if (c->type == SSH_CHANNEL_LARVAL) 364 return; 365 /* shutdown failure is allowed if write failed already */ 366 debug2("channel %d: close_write", c->self); 367 if (c->sock != -1) { 368 if (shutdown(c->sock, SHUT_WR) < 0) 369 debug2("channel %d: chan_shutdown_write: " 370 "shutdown() failed for fd %d: %.100s", 371 c->self, c->sock, strerror(errno)); 372 } else { 373 if (channel_close_fd(ssh, &c->wfd) < 0) 374 logit("channel %d: chan_shutdown_write: " 375 "close() failed for fd %d: %.100s", 376 c->self, c->wfd, strerror(errno)); 377 } 378} 379 380static void 381chan_shutdown_read(struct ssh *ssh, Channel *c) 382{ 383 if (c->type == SSH_CHANNEL_LARVAL) 384 return; 385 debug2("channel %d: close_read", c->self); 386 if (c->sock != -1) { 387 if (shutdown(c->sock, SHUT_RD) < 0) 388 error("channel %d: chan_shutdown_read: " 389 "shutdown() failed for fd %d [i%d o%d]: %.100s", 390 c->self, c->sock, c->istate, c->ostate, 391 strerror(errno)); 392 } else { 393 if (channel_close_fd(ssh, &c->rfd) < 0) 394 logit("channel %d: chan_shutdown_read: " 395 "close() failed for fd %d: %.100s", 396 c->self, c->rfd, strerror(errno)); 397 } 398} 399