nchan.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447
  1. /* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */
  2. /*
  3. * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions
  7. * are met:
  8. * 1. Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * 2. Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in the
  12. * documentation and/or other materials provided with the distribution.
  13. *
  14. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  15. * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  16. * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  17. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  18. * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  19. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  20. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  21. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  22. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  23. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  24. */
  25. #include "includes.h"
  26. #include <sys/types.h>
  27. #include <sys/socket.h>
  28. #include <errno.h>
  29. #include <string.h>
  30. #include <stdarg.h>
  31. #include "openbsd-compat/sys-queue.h"
  32. #include "ssh2.h"
  33. #include "sshbuf.h"
  34. #include "ssherr.h"
  35. #include "packet.h"
  36. #include "channels.h"
  37. #include "compat.h"
  38. #include "log.h"
  39. /*
  40. * SSH Protocol 1.5 aka New Channel Protocol
  41. * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored.
  42. * Written by Markus Friedl in October 1999
  43. *
  44. * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the
  45. * tear down of channels:
  46. *
  47. * 1.3: strict request-ack-protocol:
  48. * CLOSE ->
  49. * <- CLOSE_CONFIRM
  50. *
  51. * 1.5: uses variations of:
  52. * IEOF ->
  53. * <- OCLOSE
  54. * <- IEOF
  55. * OCLOSE ->
  56. * i.e. both sides have to close the channel
  57. *
  58. * 2.0: the EOF messages are optional
  59. *
  60. * See the debugging output from 'ssh -v' and 'sshd -d' of
  61. * ssh-1.2.27 as an example.
  62. *
  63. */
  64. /* functions manipulating channel states */
  65. /*
  66. * EVENTS update channel input/output states execute ACTIONS
  67. */
  68. /*
  69. * ACTIONS: should never update the channel states
  70. */
  71. static void chan_send_eof2(struct ssh *, Channel *);
  72. static void chan_send_eow2(struct ssh *, Channel *);
  73. /* helper */
  74. static void chan_shutdown_write(struct ssh *, Channel *);
  75. static void chan_shutdown_read(struct ssh *, Channel *);
  76. static void chan_shutdown_extended_read(struct ssh *, Channel *);
  77. static const char *ostates[] = { "open", "drain", "wait_ieof", "closed" };
  78. static const char *istates[] = { "open", "drain", "wait_oclose", "closed" };
  79. static void
  80. chan_set_istate(Channel *c, u_int next)
  81. {
  82. if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED)
  83. fatal("chan_set_istate: bad state %d -> %d", c->istate, next);
  84. debug2("channel %d: input %s -> %s", c->self, istates[c->istate],
  85. istates[next]);
  86. c->istate = next;
  87. }
  88. static void
  89. chan_set_ostate(Channel *c, u_int next)
  90. {
  91. if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED)
  92. fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next);
  93. debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate],
  94. ostates[next]);
  95. c->ostate = next;
  96. }
  97. void
  98. chan_read_failed(struct ssh *ssh, Channel *c)
  99. {
  100. debug2("channel %d: read failed", c->self);
  101. switch (c->istate) {
  102. case CHAN_INPUT_OPEN:
  103. chan_shutdown_read(ssh, c);
  104. chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN);
  105. break;
  106. default:
  107. error("channel %d: chan_read_failed for istate %d",
  108. c->self, c->istate);
  109. break;
  110. }
  111. }
  112. void
  113. chan_ibuf_empty(struct ssh *ssh, Channel *c)
  114. {
  115. debug2("channel %d: ibuf empty", c->self);
  116. if (sshbuf_len(c->input)) {
  117. error("channel %d: chan_ibuf_empty for non empty buffer",
  118. c->self);
  119. return;
  120. }
  121. switch (c->istate) {
  122. case CHAN_INPUT_WAIT_DRAIN:
  123. if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL)))
  124. chan_send_eof2(ssh, c);
  125. chan_set_istate(c, CHAN_INPUT_CLOSED);
  126. break;
  127. default:
  128. error("channel %d: chan_ibuf_empty for istate %d",
  129. c->self, c->istate);
  130. break;
  131. }
  132. }
  133. void
  134. chan_obuf_empty(struct ssh *ssh, Channel *c)
  135. {
  136. debug2("channel %d: obuf empty", c->self);
  137. if (sshbuf_len(c->output)) {
  138. error("channel %d: chan_obuf_empty for non empty buffer",
  139. c->self);
  140. return;
  141. }
  142. switch (c->ostate) {
  143. case CHAN_OUTPUT_WAIT_DRAIN:
  144. chan_shutdown_write(ssh, c);
  145. chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
  146. break;
  147. default:
  148. error("channel %d: internal error: obuf_empty for ostate %d",
  149. c->self, c->ostate);
  150. break;
  151. }
  152. }
  153. void
  154. chan_rcvd_eow(struct ssh *ssh, Channel *c)
  155. {
  156. debug2("channel %d: rcvd eow", c->self);
  157. switch (c->istate) {
  158. case CHAN_INPUT_OPEN:
  159. chan_shutdown_read(ssh, c);
  160. chan_set_istate(c, CHAN_INPUT_CLOSED);
  161. break;
  162. }
  163. }
  164. static void
  165. chan_send_eof2(struct ssh *ssh, Channel *c)
  166. {
  167. int r;
  168. debug2("channel %d: send eof", c->self);
  169. switch (c->istate) {
  170. case CHAN_INPUT_WAIT_DRAIN:
  171. if (!c->have_remote_id)
  172. fatal("%s: channel %d: no remote_id",
  173. __func__, c->self);
  174. if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 ||
  175. (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
  176. (r = sshpkt_send(ssh)) != 0)
  177. fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
  178. c->flags |= CHAN_EOF_SENT;
  179. break;
  180. default:
  181. error("channel %d: cannot send eof for istate %d",
  182. c->self, c->istate);
  183. break;
  184. }
  185. }
  186. static void
  187. chan_send_close2(struct ssh *ssh, Channel *c)
  188. {
  189. int r;
  190. debug2("channel %d: send close", c->self);
  191. if (c->ostate != CHAN_OUTPUT_CLOSED ||
  192. c->istate != CHAN_INPUT_CLOSED) {
  193. error("channel %d: cannot send close for istate/ostate %d/%d",
  194. c->self, c->istate, c->ostate);
  195. } else if (c->flags & CHAN_CLOSE_SENT) {
  196. error("channel %d: already sent close", c->self);
  197. } else {
  198. if (!c->have_remote_id)
  199. fatal("%s: channel %d: no remote_id",
  200. __func__, c->self);
  201. if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 ||
  202. (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
  203. (r = sshpkt_send(ssh)) != 0)
  204. fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
  205. c->flags |= CHAN_CLOSE_SENT;
  206. }
  207. }
  208. static void
  209. chan_send_eow2(struct ssh *ssh, Channel *c)
  210. {
  211. int r;
  212. debug2("channel %d: send eow", c->self);
  213. if (c->ostate == CHAN_OUTPUT_CLOSED) {
  214. error("channel %d: must not sent eow on closed output",
  215. c->self);
  216. return;
  217. }
  218. if (!(ssh->compat & SSH_NEW_OPENSSH))
  219. return;
  220. if (!c->have_remote_id)
  221. fatal("%s: channel %d: no remote_id", __func__, c->self);
  222. if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 ||
  223. (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
  224. (r = sshpkt_put_cstring(ssh, "eow@openssh.com")) != 0 ||
  225. (r = sshpkt_put_u8(ssh, 0)) != 0 ||
  226. (r = sshpkt_send(ssh)) != 0)
  227. fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
  228. }
  229. /* shared */
  230. void
  231. chan_rcvd_ieof(struct ssh *ssh, Channel *c)
  232. {
  233. debug2("channel %d: rcvd eof", c->self);
  234. c->flags |= CHAN_EOF_RCVD;
  235. if (c->ostate == CHAN_OUTPUT_OPEN)
  236. chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
  237. if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN &&
  238. sshbuf_len(c->output) == 0 &&
  239. !CHANNEL_EFD_OUTPUT_ACTIVE(c))
  240. chan_obuf_empty(ssh, c);
  241. }
  242. void
  243. chan_rcvd_oclose(struct ssh *ssh, Channel *c)
  244. {
  245. debug2("channel %d: rcvd close", c->self);
  246. if (!(c->flags & CHAN_LOCAL)) {
  247. if (c->flags & CHAN_CLOSE_RCVD)
  248. error("channel %d: protocol error: close rcvd twice",
  249. c->self);
  250. c->flags |= CHAN_CLOSE_RCVD;
  251. }
  252. if (c->type == SSH_CHANNEL_LARVAL) {
  253. /* tear down larval channels immediately */
  254. chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
  255. chan_set_istate(c, CHAN_INPUT_CLOSED);
  256. return;
  257. }
  258. switch (c->ostate) {
  259. case CHAN_OUTPUT_OPEN:
  260. /*
  261. * wait until a data from the channel is consumed if a CLOSE
  262. * is received
  263. */
  264. chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
  265. break;
  266. }
  267. switch (c->istate) {
  268. case CHAN_INPUT_OPEN:
  269. chan_shutdown_read(ssh, c);
  270. chan_shutdown_extended_read(ssh, c);
  271. chan_set_istate(c, CHAN_INPUT_CLOSED);
  272. break;
  273. case CHAN_INPUT_WAIT_DRAIN:
  274. if (!(c->flags & CHAN_LOCAL))
  275. chan_send_eof2(ssh, c);
  276. chan_shutdown_extended_read(ssh, c);
  277. chan_set_istate(c, CHAN_INPUT_CLOSED);
  278. break;
  279. }
  280. }
  281. void
  282. chan_write_failed(struct ssh *ssh, Channel *c)
  283. {
  284. debug2("channel %d: write failed", c->self);
  285. switch (c->ostate) {
  286. case CHAN_OUTPUT_OPEN:
  287. case CHAN_OUTPUT_WAIT_DRAIN:
  288. chan_shutdown_write(ssh, c);
  289. if (strcmp(c->ctype, "session") == 0)
  290. chan_send_eow2(ssh, c);
  291. chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
  292. break;
  293. default:
  294. error("channel %d: chan_write_failed for ostate %d",
  295. c->self, c->ostate);
  296. break;
  297. }
  298. }
  299. void
  300. chan_mark_dead(struct ssh *ssh, Channel *c)
  301. {
  302. c->type = SSH_CHANNEL_ZOMBIE;
  303. }
  304. int
  305. chan_is_dead(struct ssh *ssh, Channel *c, int do_send)
  306. {
  307. if (c->type == SSH_CHANNEL_ZOMBIE) {
  308. debug2("channel %d: zombie", c->self);
  309. return 1;
  310. }
  311. if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
  312. return 0;
  313. if ((ssh->compat & SSH_BUG_EXTEOF) &&
  314. c->extended_usage == CHAN_EXTENDED_WRITE &&
  315. c->efd != -1 &&
  316. sshbuf_len(c->extended) > 0) {
  317. debug2("channel %d: active efd: %d len %zu",
  318. c->self, c->efd, sshbuf_len(c->extended));
  319. return 0;
  320. }
  321. if (c->flags & CHAN_LOCAL) {
  322. debug2("channel %d: is dead (local)", c->self);
  323. return 1;
  324. }
  325. if (!(c->flags & CHAN_CLOSE_SENT)) {
  326. if (do_send) {
  327. chan_send_close2(ssh, c);
  328. } else {
  329. /* channel would be dead if we sent a close */
  330. if (c->flags & CHAN_CLOSE_RCVD) {
  331. debug2("channel %d: almost dead",
  332. c->self);
  333. return 1;
  334. }
  335. }
  336. }
  337. if ((c->flags & CHAN_CLOSE_SENT) &&
  338. (c->flags & CHAN_CLOSE_RCVD)) {
  339. debug2("channel %d: is dead", c->self);
  340. return 1;
  341. }
  342. return 0;
  343. }
  344. /* helper */
  345. static void
  346. chan_shutdown_write(struct ssh *ssh, Channel *c)
  347. {
  348. sshbuf_reset(c->output);
  349. if (c->type == SSH_CHANNEL_LARVAL)
  350. return;
  351. /* shutdown failure is allowed if write failed already */
  352. debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
  353. c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd,
  354. channel_format_extended_usage(c));
  355. if (c->sock != -1) {
  356. if (shutdown(c->sock, SHUT_WR) == -1) {
  357. debug2("channel %d: %s: shutdown() failed for "
  358. "fd %d [i%d o%d]: %.100s", c->self, __func__,
  359. c->sock, c->istate, c->ostate,
  360. strerror(errno));
  361. }
  362. } else {
  363. if (channel_close_fd(ssh, &c->wfd) < 0) {
  364. logit("channel %d: %s: close() failed for "
  365. "fd %d [i%d o%d]: %.100s",
  366. c->self, __func__, c->wfd, c->istate, c->ostate,
  367. strerror(errno));
  368. }
  369. }
  370. }
  371. static void
  372. chan_shutdown_read(struct ssh *ssh, Channel *c)
  373. {
  374. if (c->type == SSH_CHANNEL_LARVAL)
  375. return;
  376. debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
  377. c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd,
  378. channel_format_extended_usage(c));
  379. if (c->sock != -1) {
  380. /*
  381. * shutdown(sock, SHUT_READ) may return ENOTCONN if the
  382. * write side has been closed already. (bug on Linux)
  383. * HP-UX may return ENOTCONN also.
  384. */
  385. if (shutdown(c->sock, SHUT_RD) == -1 && errno != ENOTCONN) {
  386. error("channel %d: %s: shutdown() failed for "
  387. "fd %d [i%d o%d]: %.100s",
  388. c->self, __func__, c->sock, c->istate, c->ostate,
  389. strerror(errno));
  390. }
  391. } else {
  392. if (channel_close_fd(ssh, &c->rfd) < 0) {
  393. logit("channel %d: %s: close() failed for "
  394. "fd %d [i%d o%d]: %.100s",
  395. c->self, __func__, c->rfd, c->istate, c->ostate,
  396. strerror(errno));
  397. }
  398. }
  399. }
  400. static void
  401. chan_shutdown_extended_read(struct ssh *ssh, Channel *c)
  402. {
  403. if (c->type == SSH_CHANNEL_LARVAL || c->efd == -1)
  404. return;
  405. if (c->extended_usage != CHAN_EXTENDED_READ &&
  406. c->extended_usage != CHAN_EXTENDED_IGNORE)
  407. return;
  408. debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
  409. c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd,
  410. channel_format_extended_usage(c));
  411. if (channel_close_fd(ssh, &c->efd) < 0) {
  412. logit("channel %d: %s: close() failed for "
  413. "extended fd %d [i%d o%d]: %.100s",
  414. c->self, __func__, c->efd, c->istate, c->ostate,
  415. strerror(errno));
  416. }
  417. }