nchan.c revision 1.1.1.10
1 /* $OpenBSD: nchan.c,v 1.75 2024/02/01 02:37:33 djm Exp $ */ 2 /* 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/socket.h> 28 #include <sys/queue.h> 29 30 #include <errno.h> 31 #include <string.h> 32 #include <stdarg.h> 33 34 #include "ssh2.h" 35 #include "sshbuf.h" 36 #include "ssherr.h" 37 #include "packet.h" 38 #include "channels.h" 39 #include "compat.h" 40 #include "log.h" 41 42 /* 43 * SSH Protocol 1.5 aka New Channel Protocol 44 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored. 45 * Written by Markus Friedl in October 1999 46 * 47 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the 48 * tear down of channels: 49 * 50 * 1.3: strict request-ack-protocol: 51 * CLOSE -> 52 * <- CLOSE_CONFIRM 53 * 54 * 1.5: uses variations of: 55 * IEOF -> 56 * <- OCLOSE 57 * <- IEOF 58 * OCLOSE -> 59 * i.e. both sides have to close the channel 60 * 61 * 2.0: the EOF messages are optional 62 * 63 * See the debugging output from 'ssh -v' and 'sshd -d' of 64 * ssh-1.2.27 as an example. 65 * 66 */ 67 68 /* functions manipulating channel states */ 69 /* 70 * EVENTS update channel input/output states execute ACTIONS 71 */ 72 /* 73 * ACTIONS: should never update the channel states 74 */ 75 static void chan_send_eof2(struct ssh *, Channel *); 76 static void chan_send_eow2(struct ssh *, Channel *); 77 78 /* helper */ 79 static void chan_shutdown_write(struct ssh *, Channel *); 80 static void chan_shutdown_read(struct ssh *, Channel *); 81 static void chan_shutdown_extended_read(struct ssh *, Channel *); 82 83 static const char * const ostates[] = { 84 "open", "drain", "wait_ieof", "closed", 85 }; 86 static const char * const istates[] = { 87 "open", "drain", "wait_oclose", "closed", 88 }; 89 90 static void 91 chan_set_istate(Channel *c, u_int next) 92 { 93 if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED) 94 fatal("chan_set_istate: bad state %d -> %d", c->istate, next); 95 debug2("channel %d: input %s -> %s", c->self, istates[c->istate], 96 istates[next]); 97 c->istate = next; 98 } 99 100 static void 101 chan_set_ostate(Channel *c, u_int next) 102 { 103 if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED) 104 fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next); 105 debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate], 106 ostates[next]); 107 c->ostate = next; 108 } 109 110 void 111 chan_read_failed(struct ssh *ssh, Channel *c) 112 { 113 debug2("channel %d: read failed", c->self); 114 switch (c->istate) { 115 case CHAN_INPUT_OPEN: 116 chan_shutdown_read(ssh, c); 117 chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN); 118 break; 119 default: 120 error("channel %d: chan_read_failed for istate %d", 121 c->self, c->istate); 122 break; 123 } 124 } 125 126 void 127 chan_ibuf_empty(struct ssh *ssh, Channel *c) 128 { 129 debug2("channel %d: ibuf empty", c->self); 130 if (sshbuf_len(c->input)) { 131 error("channel %d: chan_ibuf_empty for non empty buffer", 132 c->self); 133 return; 134 } 135 switch (c->istate) { 136 case CHAN_INPUT_WAIT_DRAIN: 137 if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL))) 138 chan_send_eof2(ssh, c); 139 chan_set_istate(c, CHAN_INPUT_CLOSED); 140 break; 141 default: 142 error("channel %d: chan_ibuf_empty for istate %d", 143 c->self, c->istate); 144 break; 145 } 146 } 147 148 void 149 chan_obuf_empty(struct ssh *ssh, Channel *c) 150 { 151 debug2("channel %d: obuf empty", c->self); 152 if (sshbuf_len(c->output)) { 153 error("channel %d: chan_obuf_empty for non empty buffer", 154 c->self); 155 return; 156 } 157 switch (c->ostate) { 158 case CHAN_OUTPUT_WAIT_DRAIN: 159 chan_shutdown_write(ssh, c); 160 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 161 break; 162 default: 163 error("channel %d: internal error: obuf_empty for ostate %d", 164 c->self, c->ostate); 165 break; 166 } 167 } 168 169 void 170 chan_rcvd_eow(struct ssh *ssh, Channel *c) 171 { 172 debug2("channel %d: rcvd eow", c->self); 173 switch (c->istate) { 174 case CHAN_INPUT_OPEN: 175 chan_shutdown_read(ssh, c); 176 chan_set_istate(c, CHAN_INPUT_CLOSED); 177 break; 178 } 179 } 180 181 static void 182 chan_send_eof2(struct ssh *ssh, Channel *c) 183 { 184 int r; 185 186 debug2("channel %d: send eof", c->self); 187 switch (c->istate) { 188 case CHAN_INPUT_WAIT_DRAIN: 189 if (!c->have_remote_id) 190 fatal_f("channel %d: no remote_id", c->self); 191 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 || 192 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 193 (r = sshpkt_send(ssh)) != 0) 194 fatal_fr(r, "send CHANNEL_EOF"); 195 c->flags |= CHAN_EOF_SENT; 196 break; 197 default: 198 error("channel %d: cannot send eof for istate %d", 199 c->self, c->istate); 200 break; 201 } 202 } 203 204 static void 205 chan_send_close2(struct ssh *ssh, Channel *c) 206 { 207 int r; 208 209 debug2("channel %d: send close", c->self); 210 if (c->ostate != CHAN_OUTPUT_CLOSED || 211 c->istate != CHAN_INPUT_CLOSED) { 212 error("channel %d: cannot send close for istate/ostate %d/%d", 213 c->self, c->istate, c->ostate); 214 } else if (c->flags & CHAN_CLOSE_SENT) { 215 error("channel %d: already sent close", c->self); 216 } else { 217 if (!c->have_remote_id) 218 fatal_f("channel %d: no remote_id", c->self); 219 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 || 220 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 221 (r = sshpkt_send(ssh)) != 0) 222 fatal_fr(r, "send CHANNEL_EOF"); 223 c->flags |= CHAN_CLOSE_SENT; 224 } 225 } 226 227 static void 228 chan_send_eow2(struct ssh *ssh, Channel *c) 229 { 230 int r; 231 232 debug2("channel %d: send eow", c->self); 233 if (c->ostate == CHAN_OUTPUT_CLOSED) { 234 error("channel %d: must not sent eow on closed output", 235 c->self); 236 return; 237 } 238 if (!(ssh->compat & SSH_NEW_OPENSSH)) 239 return; 240 if (!c->have_remote_id) 241 fatal_f("channel %d: no remote_id", c->self); 242 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 || 243 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 244 (r = sshpkt_put_cstring(ssh, "eow (at) openssh.com")) != 0 || 245 (r = sshpkt_put_u8(ssh, 0)) != 0 || 246 (r = sshpkt_send(ssh)) != 0) 247 fatal_fr(r, "send CHANNEL_EOF"); 248 } 249 250 /* shared */ 251 252 void 253 chan_rcvd_ieof(struct ssh *ssh, Channel *c) 254 { 255 debug2("channel %d: rcvd eof", c->self); 256 c->flags |= CHAN_EOF_RCVD; 257 if (c->ostate == CHAN_OUTPUT_OPEN) 258 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 259 if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN && 260 sshbuf_len(c->output) == 0 && 261 !CHANNEL_EFD_OUTPUT_ACTIVE(c)) 262 chan_obuf_empty(ssh, c); 263 } 264 265 void 266 chan_rcvd_oclose(struct ssh *ssh, Channel *c) 267 { 268 debug2("channel %d: rcvd close", c->self); 269 if (!(c->flags & CHAN_LOCAL)) { 270 if (c->flags & CHAN_CLOSE_RCVD) 271 error("channel %d: protocol error: close rcvd twice", 272 c->self); 273 c->flags |= CHAN_CLOSE_RCVD; 274 } 275 if (c->type == SSH_CHANNEL_LARVAL) { 276 /* tear down larval channels immediately */ 277 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 278 chan_set_istate(c, CHAN_INPUT_CLOSED); 279 return; 280 } 281 switch (c->ostate) { 282 case CHAN_OUTPUT_OPEN: 283 /* 284 * wait until a data from the channel is consumed if a CLOSE 285 * is received 286 */ 287 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 288 break; 289 } 290 switch (c->istate) { 291 case CHAN_INPUT_OPEN: 292 chan_shutdown_read(ssh, c); 293 chan_shutdown_extended_read(ssh, c); 294 chan_set_istate(c, CHAN_INPUT_CLOSED); 295 break; 296 case CHAN_INPUT_WAIT_DRAIN: 297 if (!(c->flags & CHAN_LOCAL)) 298 chan_send_eof2(ssh, c); 299 chan_shutdown_extended_read(ssh, c); 300 chan_set_istate(c, CHAN_INPUT_CLOSED); 301 break; 302 } 303 } 304 305 void 306 chan_write_failed(struct ssh *ssh, Channel *c) 307 { 308 debug2("channel %d: write failed", c->self); 309 switch (c->ostate) { 310 case CHAN_OUTPUT_OPEN: 311 case CHAN_OUTPUT_WAIT_DRAIN: 312 chan_shutdown_write(ssh, c); 313 if (strcmp(c->ctype, "session") == 0) 314 chan_send_eow2(ssh, c); 315 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 316 break; 317 default: 318 error("channel %d: chan_write_failed for ostate %d", 319 c->self, c->ostate); 320 break; 321 } 322 } 323 324 void 325 chan_mark_dead(struct ssh *ssh, Channel *c) 326 { 327 c->type = SSH_CHANNEL_ZOMBIE; 328 } 329 330 int 331 chan_is_dead(struct ssh *ssh, Channel *c, int do_send) 332 { 333 if (c->type == SSH_CHANNEL_ZOMBIE) { 334 debug2("channel %d: zombie", c->self); 335 return 1; 336 } 337 if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) 338 return 0; 339 if ((ssh->compat & SSH_BUG_EXTEOF) && 340 c->extended_usage == CHAN_EXTENDED_WRITE && 341 c->efd != -1 && 342 sshbuf_len(c->extended) > 0) { 343 debug2("channel %d: active efd: %d len %zu", 344 c->self, c->efd, sshbuf_len(c->extended)); 345 return 0; 346 } 347 if (c->flags & CHAN_LOCAL) { 348 debug2("channel %d: is dead (local)", c->self); 349 return 1; 350 } 351 if (!(c->flags & CHAN_CLOSE_SENT)) { 352 if (do_send) { 353 chan_send_close2(ssh, c); 354 } else { 355 /* channel would be dead if we sent a close */ 356 if (c->flags & CHAN_CLOSE_RCVD) { 357 debug2("channel %d: almost dead", 358 c->self); 359 return 1; 360 } 361 } 362 } 363 if ((c->flags & CHAN_CLOSE_SENT) && 364 (c->flags & CHAN_CLOSE_RCVD)) { 365 debug2("channel %d: is dead", c->self); 366 return 1; 367 } 368 return 0; 369 } 370 371 /* helper */ 372 static void 373 chan_shutdown_write(struct ssh *ssh, Channel *c) 374 { 375 sshbuf_reset(c->output); 376 if (c->type == SSH_CHANNEL_LARVAL) 377 return; 378 /* shutdown failure is allowed if write failed already */ 379 debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])", 380 c->self, c->istate, c->ostate, c->sock, c->wfd, c->efd, 381 channel_format_extended_usage(c)); 382 if (c->sock != -1) { 383 if (shutdown(c->sock, SHUT_WR) == -1) { 384 debug2_f("channel %d: shutdown() failed for " 385 "fd %d [i%d o%d]: %.100s", c->self, c->sock, 386 c->istate, c->ostate, strerror(errno)); 387 } 388 } else { 389 if (channel_close_fd(ssh, c, &c->wfd) < 0) { 390 logit_f("channel %d: close() failed for " 391 "fd %d [i%d o%d]: %.100s", c->self, c->wfd, 392 c->istate, c->ostate, strerror(errno)); 393 } 394 } 395 } 396 397 static void 398 chan_shutdown_read(struct ssh *ssh, Channel *c) 399 { 400 if (c->type == SSH_CHANNEL_LARVAL) 401 return; 402 debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])", 403 c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd, 404 channel_format_extended_usage(c)); 405 if (c->sock != -1) { 406 if (shutdown(c->sock, SHUT_RD) == -1) { 407 error_f("channel %d: shutdown() failed for " 408 "fd %d [i%d o%d]: %.100s", c->self, c->sock, 409 c->istate, c->ostate, strerror(errno)); 410 } 411 } else { 412 if (channel_close_fd(ssh, c, &c->rfd) < 0) { 413 logit_f("channel %d: close() failed for " 414 "fd %d [i%d o%d]: %.100s", c->self, c->rfd, 415 c->istate, c->ostate, strerror(errno)); 416 } 417 } 418 } 419 420 static void 421 chan_shutdown_extended_read(struct ssh *ssh, Channel *c) 422 { 423 if (c->type == SSH_CHANNEL_LARVAL || c->efd == -1) 424 return; 425 if (c->extended_usage != CHAN_EXTENDED_READ && 426 c->extended_usage != CHAN_EXTENDED_IGNORE) 427 return; 428 debug_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])", 429 c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd, 430 channel_format_extended_usage(c)); 431 if (channel_close_fd(ssh, c, &c->efd) < 0) { 432 logit_f("channel %d: close() failed for " 433 "extended fd %d [i%d o%d]: %.100s", c->self, c->efd, 434 c->istate, c->ostate, strerror(errno)); 435 } 436 } 437
Indexes created Tue Apr 21 00:23:25 UTC 2026