nchan.c revision 1.66 
1/* $OpenBSD: nchan.c,v 1.66 2017/09/12 06:32:07 djm Exp $ */
2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include <sys/types.h>
27#include <sys/socket.h>
28#include <sys/queue.h>
29
30#include <errno.h>
31#include <string.h>
32#include <stdarg.h>
33
34#include "ssh2.h"
35#include "sshbuf.h"
36#include "ssherr.h"
37#include "packet.h"
38#include "channels.h"
39#include "compat.h"
40#include "log.h"
41
42/*
43 * SSH Protocol 1.5 aka New Channel Protocol
44 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored.
45 * Written by Markus Friedl in October 1999
46 *
47 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the
48 * tear down of channels:
49 *
50 * 1.3:	strict request-ack-protocol:
51 *	CLOSE	->
52 *		<-  CLOSE_CONFIRM
53 *
54 * 1.5:	uses variations of:
55 *	IEOF	->
56 *		<-  OCLOSE
57 *		<-  IEOF
58 *	OCLOSE	->
59 *	i.e. both sides have to close the channel
60 *
61 * 2.0: the EOF messages are optional
62 *
63 * See the debugging output from 'ssh -v' and 'sshd -d' of
64 * ssh-1.2.27 as an example.
65 *
66 */
67
68/* functions manipulating channel states */
69/*
70 * EVENTS update channel input/output states execute ACTIONS
71 */
72/*
73 * ACTIONS: should never update the channel states
74 */
75static void	chan_send_eof2(struct ssh *, Channel *);
76static void	chan_send_eow2(struct ssh *, Channel *);
77
78/* helper */
79static void	chan_shutdown_write(struct ssh *, Channel *);
80static void	chan_shutdown_read(struct ssh *, Channel *);
81
82static const char *ostates[] = { "open", "drain", "wait_ieof", "closed" };
83static const char *istates[] = { "open", "drain", "wait_oclose", "closed" };
84
85static void
86chan_set_istate(Channel *c, u_int next)
87{
88	if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED)
89		fatal("chan_set_istate: bad state %d -> %d", c->istate, next);
90	debug2("channel %d: input %s -> %s", c->self, istates[c->istate],
91	    istates[next]);
92	c->istate = next;
93}
94
95static void
96chan_set_ostate(Channel *c, u_int next)
97{
98	if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED)
99		fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next);
100	debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate],
101	    ostates[next]);
102	c->ostate = next;
103}
104
105void
106chan_read_failed(struct ssh *ssh, Channel *c)
107{
108	debug2("channel %d: read failed", c->self);
109	switch (c->istate) {
110	case CHAN_INPUT_OPEN:
111		chan_shutdown_read(ssh, c);
112		chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN);
113		break;
114	default:
115		error("channel %d: chan_read_failed for istate %d",
116		    c->self, c->istate);
117		break;
118	}
119}
120
121void
122chan_ibuf_empty(struct ssh *ssh, Channel *c)
123{
124	debug2("channel %d: ibuf empty", c->self);
125	if (sshbuf_len(c->input)) {
126		error("channel %d: chan_ibuf_empty for non empty buffer",
127		    c->self);
128		return;
129	}
130	switch (c->istate) {
131	case CHAN_INPUT_WAIT_DRAIN:
132		if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL)))
133			chan_send_eof2(ssh, c);
134		chan_set_istate(c, CHAN_INPUT_CLOSED);
135		break;
136	default:
137		error("channel %d: chan_ibuf_empty for istate %d",
138		    c->self, c->istate);
139		break;
140	}
141}
142
143void
144chan_obuf_empty(struct ssh *ssh, Channel *c)
145{
146	debug2("channel %d: obuf empty", c->self);
147	if (sshbuf_len(c->output)) {
148		error("channel %d: chan_obuf_empty for non empty buffer",
149		    c->self);
150		return;
151	}
152	switch (c->ostate) {
153	case CHAN_OUTPUT_WAIT_DRAIN:
154		chan_shutdown_write(ssh, c);
155		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
156		break;
157	default:
158		error("channel %d: internal error: obuf_empty for ostate %d",
159		    c->self, c->ostate);
160		break;
161	}
162}
163
164void
165chan_rcvd_eow(struct ssh *ssh, Channel *c)
166{
167	debug2("channel %d: rcvd eow", c->self);
168	switch (c->istate) {
169	case CHAN_INPUT_OPEN:
170		chan_shutdown_read(ssh, c);
171		chan_set_istate(c, CHAN_INPUT_CLOSED);
172		break;
173	}
174}
175
176static void
177chan_send_eof2(struct ssh *ssh, Channel *c)
178{
179	int r;
180
181	debug2("channel %d: send eof", c->self);
182	switch (c->istate) {
183	case CHAN_INPUT_WAIT_DRAIN:
184		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 ||
185		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
186		    (r = sshpkt_send(ssh)) != 0)
187			fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
188		c->flags |= CHAN_EOF_SENT;
189		break;
190	default:
191		error("channel %d: cannot send eof for istate %d",
192		    c->self, c->istate);
193		break;
194	}
195}
196
197static void
198chan_send_close2(struct ssh *ssh, Channel *c)
199{
200	int r;
201
202	debug2("channel %d: send close", c->self);
203	if (c->ostate != CHAN_OUTPUT_CLOSED ||
204	    c->istate != CHAN_INPUT_CLOSED) {
205		error("channel %d: cannot send close for istate/ostate %d/%d",
206		    c->self, c->istate, c->ostate);
207	} else if (c->flags & CHAN_CLOSE_SENT) {
208		error("channel %d: already sent close", c->self);
209	} else {
210		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 ||
211		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
212		    (r = sshpkt_send(ssh)) != 0)
213			fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
214		c->flags |= CHAN_CLOSE_SENT;
215	}
216}
217
218static void
219chan_send_eow2(struct ssh *ssh, Channel *c)
220{
221	int r;
222
223	debug2("channel %d: send eow", c->self);
224	if (c->ostate == CHAN_OUTPUT_CLOSED) {
225		error("channel %d: must not sent eow on closed output",
226		    c->self);
227		return;
228	}
229	if (!(datafellows & SSH_NEW_OPENSSH))
230		return;
231	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 ||
232	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
233	    (r = sshpkt_put_cstring(ssh, "eow@openssh.com")) != 0 ||
234	    (r = sshpkt_put_u8(ssh, 0)) != 0 ||
235	    (r = sshpkt_send(ssh)) != 0)
236		fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
237}
238
239/* shared */
240
241void
242chan_rcvd_ieof(struct ssh *ssh, Channel *c)
243{
244	debug2("channel %d: rcvd eof", c->self);
245	c->flags |= CHAN_EOF_RCVD;
246	if (c->ostate == CHAN_OUTPUT_OPEN)
247		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
248	if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN &&
249	    sshbuf_len(c->output) == 0 &&
250	    !CHANNEL_EFD_OUTPUT_ACTIVE(c))
251		chan_obuf_empty(ssh, c);
252}
253
254void
255chan_rcvd_oclose(struct ssh *ssh, Channel *c)
256{
257	debug2("channel %d: rcvd close", c->self);
258	if (!(c->flags & CHAN_LOCAL)) {
259		if (c->flags & CHAN_CLOSE_RCVD)
260			error("channel %d: protocol error: close rcvd twice",
261			    c->self);
262		c->flags |= CHAN_CLOSE_RCVD;
263	}
264	if (c->type == SSH_CHANNEL_LARVAL) {
265		/* tear down larval channels immediately */
266		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
267		chan_set_istate(c, CHAN_INPUT_CLOSED);
268		return;
269	}
270	switch (c->ostate) {
271	case CHAN_OUTPUT_OPEN:
272		/*
273		 * wait until a data from the channel is consumed if a CLOSE
274		 * is received
275		 */
276		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
277		break;
278	}
279	switch (c->istate) {
280	case CHAN_INPUT_OPEN:
281		chan_shutdown_read(ssh, c);
282		chan_set_istate(c, CHAN_INPUT_CLOSED);
283		break;
284	case CHAN_INPUT_WAIT_DRAIN:
285		if (!(c->flags & CHAN_LOCAL))
286			chan_send_eof2(ssh, c);
287		chan_set_istate(c, CHAN_INPUT_CLOSED);
288		break;
289	}
290}
291
292void
293chan_write_failed(struct ssh *ssh, Channel *c)
294{
295	debug2("channel %d: write failed", c->self);
296	switch (c->ostate) {
297	case CHAN_OUTPUT_OPEN:
298	case CHAN_OUTPUT_WAIT_DRAIN:
299		chan_shutdown_write(ssh, c);
300		if (strcmp(c->ctype, "session") == 0)
301			chan_send_eow2(ssh, c);
302		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
303		break;
304	default:
305		error("channel %d: chan_write_failed for ostate %d",
306		    c->self, c->ostate);
307		break;
308	}
309}
310
311void
312chan_mark_dead(struct ssh *ssh, Channel *c)
313{
314	c->type = SSH_CHANNEL_ZOMBIE;
315}
316
317int
318chan_is_dead(struct ssh *ssh, Channel *c, int do_send)
319{
320	if (c->type == SSH_CHANNEL_ZOMBIE) {
321		debug2("channel %d: zombie", c->self);
322		return 1;
323	}
324	if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
325		return 0;
326	if ((datafellows & SSH_BUG_EXTEOF) &&
327	    c->extended_usage == CHAN_EXTENDED_WRITE &&
328	    c->efd != -1 &&
329	    sshbuf_len(c->extended) > 0) {
330		debug2("channel %d: active efd: %d len %zu",
331		    c->self, c->efd, sshbuf_len(c->extended));
332		return 0;
333	}
334	if (c->flags & CHAN_LOCAL) {
335		debug2("channel %d: is dead (local)", c->self);
336		return 1;
337	}
338	if (!(c->flags & CHAN_CLOSE_SENT)) {
339		if (do_send) {
340			chan_send_close2(ssh, c);
341		} else {
342			/* channel would be dead if we sent a close */
343			if (c->flags & CHAN_CLOSE_RCVD) {
344				debug2("channel %d: almost dead",
345				    c->self);
346				return 1;
347			}
348		}
349	}
350	if ((c->flags & CHAN_CLOSE_SENT) &&
351	    (c->flags & CHAN_CLOSE_RCVD)) {
352		debug2("channel %d: is dead", c->self);
353		return 1;
354	}
355	return 0;
356}
357
358/* helper */
359static void
360chan_shutdown_write(struct ssh *ssh, Channel *c)
361{
362	sshbuf_reset(c->output);
363	if (c->type == SSH_CHANNEL_LARVAL)
364		return;
365	/* shutdown failure is allowed if write failed already */
366	debug2("channel %d: close_write", c->self);
367	if (c->sock != -1) {
368		if (shutdown(c->sock, SHUT_WR) < 0)
369			debug2("channel %d: chan_shutdown_write: "
370			    "shutdown() failed for fd %d: %.100s",
371			    c->self, c->sock, strerror(errno));
372	} else {
373		if (channel_close_fd(ssh, &c->wfd) < 0)
374			logit("channel %d: chan_shutdown_write: "
375			    "close() failed for fd %d: %.100s",
376			    c->self, c->wfd, strerror(errno));
377	}
378}
379
380static void
381chan_shutdown_read(struct ssh *ssh, Channel *c)
382{
383	if (c->type == SSH_CHANNEL_LARVAL)
384		return;
385	debug2("channel %d: close_read", c->self);
386	if (c->sock != -1) {
387		if (shutdown(c->sock, SHUT_RD) < 0)
388			error("channel %d: chan_shutdown_read: "
389			    "shutdown() failed for fd %d [i%d o%d]: %.100s",
390			    c->self, c->sock, c->istate, c->ostate,
391			    strerror(errno));
392	} else {
393		if (channel_close_fd(ssh, &c->rfd) < 0)
394			logit("channel %d: chan_shutdown_read: "
395			    "close() failed for fd %d: %.100s",
396			    c->self, c->rfd, strerror(errno));
397	}
398}
399