nchan.c revision 1.1.1.10 1 /* $OpenBSD: nchan.c,v 1.75 2024/02/01 02:37:33 djm Exp $ */
2 /*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <sys/queue.h>
29
30 #include <errno.h>
31 #include <string.h>
32 #include <stdarg.h>
33
34 #include "ssh2.h"
35 #include "sshbuf.h"
36 #include "ssherr.h"
37 #include "packet.h"
38 #include "channels.h"
39 #include "compat.h"
40 #include "log.h"
41
42 /*
43 * SSH Protocol 1.5 aka New Channel Protocol
44 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored.
45 * Written by Markus Friedl in October 1999
46 *
47 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the
48 * tear down of channels:
49 *
50 * 1.3: strict request-ack-protocol:
51 * CLOSE ->
52 * <- CLOSE_CONFIRM
53 *
54 * 1.5: uses variations of:
55 * IEOF ->
56 * <- OCLOSE
57 * <- IEOF
58 * OCLOSE ->
59 * i.e. both sides have to close the channel
60 *
61 * 2.0: the EOF messages are optional
62 *
63 * See the debugging output from 'ssh -v' and 'sshd -d' of
64 * ssh-1.2.27 as an example.
65 *
66 */
67
68 /* functions manipulating channel states */
69 /*
70 * EVENTS update channel input/output states execute ACTIONS
71 */
72 /*
73 * ACTIONS: should never update the channel states
74 */
75 static void chan_send_eof2(struct ssh *, Channel *);
76 static void chan_send_eow2(struct ssh *, Channel *);
77
78 /* helper */
79 static void chan_shutdown_write(struct ssh *, Channel *);
80 static void chan_shutdown_read(struct ssh *, Channel *);
81 static void chan_shutdown_extended_read(struct ssh *, Channel *);
82
83 static const char * const ostates[] = {
84 "open", "drain", "wait_ieof", "closed",
85 };
86 static const char * const istates[] = {
87 "open", "drain", "wait_oclose", "closed",
88 };
89
90 static void
91 chan_set_istate(Channel *c, u_int next)
92 {
93 if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED)
94 fatal("chan_set_istate: bad state %d -> %d", c->istate, next);
95 debug2("channel %d: input %s -> %s", c->self, istates[c->istate],
96 istates[next]);
97 c->istate = next;
98 }
99
100 static void
101 chan_set_ostate(Channel *c, u_int next)
102 {
103 if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED)
104 fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next);
105 debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate],
106 ostates[next]);
107 c->ostate = next;
108 }
109
110 void
111 chan_read_failed(struct ssh *ssh, Channel *c)
112 {
113 debug2("channel %d: read failed", c->self);
114 switch (c->istate) {
115 case CHAN_INPUT_OPEN:
116 chan_shutdown_read(ssh, c);
117 chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN);
118 break;
119 default:
120 error("channel %d: chan_read_failed for istate %d",
121 c->self, c->istate);
122 break;
123 }
124 }
125
126 void
127 chan_ibuf_empty(struct ssh *ssh, Channel *c)
128 {
129 debug2("channel %d: ibuf empty", c->self);
130 if (sshbuf_len(c->input)) {
131 error("channel %d: chan_ibuf_empty for non empty buffer",
132 c->self);
133 return;
134 }
135 switch (c->istate) {
136 case CHAN_INPUT_WAIT_DRAIN:
137 if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL)))
138 chan_send_eof2(ssh, c);
139 chan_set_istate(c, CHAN_INPUT_CLOSED);
140 break;
141 default:
142 error("channel %d: chan_ibuf_empty for istate %d",
143 c->self, c->istate);
144 break;
145 }
146 }
147
148 void
149 chan_obuf_empty(struct ssh *ssh, Channel *c)
150 {
151 debug2("channel %d: obuf empty", c->self);
152 if (sshbuf_len(c->output)) {
153 error("channel %d: chan_obuf_empty for non empty buffer",
154 c->self);
155 return;
156 }
157 switch (c->ostate) {
158 case CHAN_OUTPUT_WAIT_DRAIN:
159 chan_shutdown_write(ssh, c);
160 chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
161 break;
162 default:
163 error("channel %d: internal error: obuf_empty for ostate %d",
164 c->self, c->ostate);
165 break;
166 }
167 }
168
169 void
170 chan_rcvd_eow(struct ssh *ssh, Channel *c)
171 {
172 debug2("channel %d: rcvd eow", c->self);
173 switch (c->istate) {
174 case CHAN_INPUT_OPEN:
175 chan_shutdown_read(ssh, c);
176 chan_set_istate(c, CHAN_INPUT_CLOSED);
177 break;
178 }
179 }
180
181 static void
182 chan_send_eof2(struct ssh *ssh, Channel *c)
183 {
184 int r;
185
186 debug2("channel %d: send eof", c->self);
187 switch (c->istate) {
188 case CHAN_INPUT_WAIT_DRAIN:
189 if (!c->have_remote_id)
190 fatal_f("channel %d: no remote_id", c->self);
191 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 ||
192 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
193 (r = sshpkt_send(ssh)) != 0)
194 fatal_fr(r, "send CHANNEL_EOF");
195 c->flags |= CHAN_EOF_SENT;
196 break;
197 default:
198 error("channel %d: cannot send eof for istate %d",
199 c->self, c->istate);
200 break;
201 }
202 }
203
204 static void
205 chan_send_close2(struct ssh *ssh, Channel *c)
206 {
207 int r;
208
209 debug2("channel %d: send close", c->self);
210 if (c->ostate != CHAN_OUTPUT_CLOSED ||
211 c->istate != CHAN_INPUT_CLOSED) {
212 error("channel %d: cannot send close for istate/ostate %d/%d",
213 c->self, c->istate, c->ostate);
214 } else if (c->flags & CHAN_CLOSE_SENT) {
215 error("channel %d: already sent close", c->self);
216 } else {
217 if (!c->have_remote_id)
218 fatal_f("channel %d: no remote_id", c->self);
219 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 ||
220 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
221 (r = sshpkt_send(ssh)) != 0)
222 fatal_fr(r, "send CHANNEL_EOF");
223 c->flags |= CHAN_CLOSE_SENT;
224 }
225 }
226
227 static void
228 chan_send_eow2(struct ssh *ssh, Channel *c)
229 {
230 int r;
231
232 debug2("channel %d: send eow", c->self);
233 if (c->ostate == CHAN_OUTPUT_CLOSED) {
234 error("channel %d: must not sent eow on closed output",
235 c->self);
236 return;
237 }
238 if (!(ssh->compat & SSH_NEW_OPENSSH))
239 return;
240 if (!c->have_remote_id)
241 fatal_f("channel %d: no remote_id", c->self);
242 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 ||
243 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
244 (r = sshpkt_put_cstring(ssh, "eow (at) openssh.com")) != 0 ||
245 (r = sshpkt_put_u8(ssh, 0)) != 0 ||
246 (r = sshpkt_send(ssh)) != 0)
247 fatal_fr(r, "send CHANNEL_EOF");
248 }
249
250 /* shared */
251
252 void
253 chan_rcvd_ieof(struct ssh *ssh, Channel *c)
254 {
255 debug2("channel %d: rcvd eof", c->self);
256 c->flags |= CHAN_EOF_RCVD;
257 if (c->ostate == CHAN_OUTPUT_OPEN)
258 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
259 if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN &&
260 sshbuf_len(c->output) == 0 &&
261 !CHANNEL_EFD_OUTPUT_ACTIVE(c))
262 chan_obuf_empty(ssh, c);
263 }
264
265 void
266 chan_rcvd_oclose(struct ssh *ssh, Channel *c)
267 {
268 debug2("channel %d: rcvd close", c->self);
269 if (!(c->flags & CHAN_LOCAL)) {
270 if (c->flags & CHAN_CLOSE_RCVD)
271 error("channel %d: protocol error: close rcvd twice",
272 c->self);
273 c->flags |= CHAN_CLOSE_RCVD;
274 }
275 if (c->type == SSH_CHANNEL_LARVAL) {
276 /* tear down larval channels immediately */
277 chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
278 chan_set_istate(c, CHAN_INPUT_CLOSED);
279 return;
280 }
281 switch (c->ostate) {
282 case CHAN_OUTPUT_OPEN:
283 /*
284 * wait until a data from the channel is consumed if a CLOSE
285 * is received
286 */
287 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
288 break;
289 }
290 switch (c->istate) {
291 case CHAN_INPUT_OPEN:
292 chan_shutdown_read(ssh, c);
293 chan_shutdown_extended_read(ssh, c);
294 chan_set_istate(c, CHAN_INPUT_CLOSED);
295 break;
296 case CHAN_INPUT_WAIT_DRAIN:
297 if (!(c->flags & CHAN_LOCAL))
298 chan_send_eof2(ssh, c);
299 chan_shutdown_extended_read(ssh, c);
300 chan_set_istate(c, CHAN_INPUT_CLOSED);
301 break;
302 }
303 }
304
305 void
306 chan_write_failed(struct ssh *ssh, Channel *c)
307 {
308 debug2("channel %d: write failed", c->self);
309 switch (c->ostate) {
310 case CHAN_OUTPUT_OPEN:
311 case CHAN_OUTPUT_WAIT_DRAIN:
312 chan_shutdown_write(ssh, c);
313 if (strcmp(c->ctype, "session") == 0)
314 chan_send_eow2(ssh, c);
315 chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
316 break;
317 default:
318 error("channel %d: chan_write_failed for ostate %d",
319 c->self, c->ostate);
320 break;
321 }
322 }
323
324 void
325 chan_mark_dead(struct ssh *ssh, Channel *c)
326 {
327 c->type = SSH_CHANNEL_ZOMBIE;
328 }
329
330 int
331 chan_is_dead(struct ssh *ssh, Channel *c, int do_send)
332 {
333 if (c->type == SSH_CHANNEL_ZOMBIE) {
334 debug2("channel %d: zombie", c->self);
335 return 1;
336 }
337 if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
338 return 0;
339 if ((ssh->compat & SSH_BUG_EXTEOF) &&
340 c->extended_usage == CHAN_EXTENDED_WRITE &&
341 c->efd != -1 &&
342 sshbuf_len(c->extended) > 0) {
343 debug2("channel %d: active efd: %d len %zu",
344 c->self, c->efd, sshbuf_len(c->extended));
345 return 0;
346 }
347 if (c->flags & CHAN_LOCAL) {
348 debug2("channel %d: is dead (local)", c->self);
349 return 1;
350 }
351 if (!(c->flags & CHAN_CLOSE_SENT)) {
352 if (do_send) {
353 chan_send_close2(ssh, c);
354 } else {
355 /* channel would be dead if we sent a close */
356 if (c->flags & CHAN_CLOSE_RCVD) {
357 debug2("channel %d: almost dead",
358 c->self);
359 return 1;
360 }
361 }
362 }
363 if ((c->flags & CHAN_CLOSE_SENT) &&
364 (c->flags & CHAN_CLOSE_RCVD)) {
365 debug2("channel %d: is dead", c->self);
366 return 1;
367 }
368 return 0;
369 }
370
371 /* helper */
372 static void
373 chan_shutdown_write(struct ssh *ssh, Channel *c)
374 {
375 sshbuf_reset(c->output);
376 if (c->type == SSH_CHANNEL_LARVAL)
377 return;
378 /* shutdown failure is allowed if write failed already */
379 debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
380 c->self, c->istate, c->ostate, c->sock, c->wfd, c->efd,
381 channel_format_extended_usage(c));
382 if (c->sock != -1) {
383 if (shutdown(c->sock, SHUT_WR) == -1) {
384 debug2_f("channel %d: shutdown() failed for "
385 "fd %d [i%d o%d]: %.100s", c->self, c->sock,
386 c->istate, c->ostate, strerror(errno));
387 }
388 } else {
389 if (channel_close_fd(ssh, c, &c->wfd) < 0) {
390 logit_f("channel %d: close() failed for "
391 "fd %d [i%d o%d]: %.100s", c->self, c->wfd,
392 c->istate, c->ostate, strerror(errno));
393 }
394 }
395 }
396
397 static void
398 chan_shutdown_read(struct ssh *ssh, Channel *c)
399 {
400 if (c->type == SSH_CHANNEL_LARVAL)
401 return;
402 debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
403 c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd,
404 channel_format_extended_usage(c));
405 if (c->sock != -1) {
406 if (shutdown(c->sock, SHUT_RD) == -1) {
407 error_f("channel %d: shutdown() failed for "
408 "fd %d [i%d o%d]: %.100s", c->self, c->sock,
409 c->istate, c->ostate, strerror(errno));
410 }
411 } else {
412 if (channel_close_fd(ssh, c, &c->rfd) < 0) {
413 logit_f("channel %d: close() failed for "
414 "fd %d [i%d o%d]: %.100s", c->self, c->rfd,
415 c->istate, c->ostate, strerror(errno));
416 }
417 }
418 }
419
420 static void
421 chan_shutdown_extended_read(struct ssh *ssh, Channel *c)
422 {
423 if (c->type == SSH_CHANNEL_LARVAL || c->efd == -1)
424 return;
425 if (c->extended_usage != CHAN_EXTENDED_READ &&
426 c->extended_usage != CHAN_EXTENDED_IGNORE)
427 return;
428 debug_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
429 c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd,
430 channel_format_extended_usage(c));
431 if (channel_close_fd(ssh, c, &c->efd) < 0) {
432 logit_f("channel %d: close() failed for "
433 "extended fd %d [i%d o%d]: %.100s", c->self, c->efd,
434 c->istate, c->ostate, strerror(errno));
435 }
436 }
437