nchan.c revision 1.1.1.6
1 /* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */ 2 /* 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/socket.h> 28 #include <sys/queue.h> 29 30 #include <errno.h> 31 #include <string.h> 32 #include <stdarg.h> 33 34 #include "ssh2.h" 35 #include "sshbuf.h" 36 #include "ssherr.h" 37 #include "packet.h" 38 #include "channels.h" 39 #include "compat.h" 40 #include "log.h" 41 42 /* 43 * SSH Protocol 1.5 aka New Channel Protocol 44 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored. 45 * Written by Markus Friedl in October 1999 46 * 47 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the 48 * tear down of channels: 49 * 50 * 1.3: strict request-ack-protocol: 51 * CLOSE -> 52 * <- CLOSE_CONFIRM 53 * 54 * 1.5: uses variations of: 55 * IEOF -> 56 * <- OCLOSE 57 * <- IEOF 58 * OCLOSE -> 59 * i.e. both sides have to close the channel 60 * 61 * 2.0: the EOF messages are optional 62 * 63 * See the debugging output from 'ssh -v' and 'sshd -d' of 64 * ssh-1.2.27 as an example. 65 * 66 */ 67 68 /* functions manipulating channel states */ 69 /* 70 * EVENTS update channel input/output states execute ACTIONS 71 */ 72 /* 73 * ACTIONS: should never update the channel states 74 */ 75 static void chan_send_eof2(struct ssh *, Channel *); 76 static void chan_send_eow2(struct ssh *, Channel *); 77 78 /* helper */ 79 static void chan_shutdown_write(struct ssh *, Channel *); 80 static void chan_shutdown_read(struct ssh *, Channel *); 81 static void chan_shutdown_extended_read(struct ssh *, Channel *); 82 83 static const char *ostates[] = { "open", "drain", "wait_ieof", "closed" }; 84 static const char *istates[] = { "open", "drain", "wait_oclose", "closed" }; 85 86 static void 87 chan_set_istate(Channel *c, u_int next) 88 { 89 if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED) 90 fatal("chan_set_istate: bad state %d -> %d", c->istate, next); 91 debug2("channel %d: input %s -> %s", c->self, istates[c->istate], 92 istates[next]); 93 c->istate = next; 94 } 95 96 static void 97 chan_set_ostate(Channel *c, u_int next) 98 { 99 if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED) 100 fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next); 101 debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate], 102 ostates[next]); 103 c->ostate = next; 104 } 105 106 void 107 chan_read_failed(struct ssh *ssh, Channel *c) 108 { 109 debug2("channel %d: read failed", c->self); 110 switch (c->istate) { 111 case CHAN_INPUT_OPEN: 112 chan_shutdown_read(ssh, c); 113 chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN); 114 break; 115 default: 116 error("channel %d: chan_read_failed for istate %d", 117 c->self, c->istate); 118 break; 119 } 120 } 121 122 void 123 chan_ibuf_empty(struct ssh *ssh, Channel *c) 124 { 125 debug2("channel %d: ibuf empty", c->self); 126 if (sshbuf_len(c->input)) { 127 error("channel %d: chan_ibuf_empty for non empty buffer", 128 c->self); 129 return; 130 } 131 switch (c->istate) { 132 case CHAN_INPUT_WAIT_DRAIN: 133 if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL))) 134 chan_send_eof2(ssh, c); 135 chan_set_istate(c, CHAN_INPUT_CLOSED); 136 break; 137 default: 138 error("channel %d: chan_ibuf_empty for istate %d", 139 c->self, c->istate); 140 break; 141 } 142 } 143 144 void 145 chan_obuf_empty(struct ssh *ssh, Channel *c) 146 { 147 debug2("channel %d: obuf empty", c->self); 148 if (sshbuf_len(c->output)) { 149 error("channel %d: chan_obuf_empty for non empty buffer", 150 c->self); 151 return; 152 } 153 switch (c->ostate) { 154 case CHAN_OUTPUT_WAIT_DRAIN: 155 chan_shutdown_write(ssh, c); 156 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 157 break; 158 default: 159 error("channel %d: internal error: obuf_empty for ostate %d", 160 c->self, c->ostate); 161 break; 162 } 163 } 164 165 void 166 chan_rcvd_eow(struct ssh *ssh, Channel *c) 167 { 168 debug2("channel %d: rcvd eow", c->self); 169 switch (c->istate) { 170 case CHAN_INPUT_OPEN: 171 chan_shutdown_read(ssh, c); 172 chan_set_istate(c, CHAN_INPUT_CLOSED); 173 break; 174 } 175 } 176 177 static void 178 chan_send_eof2(struct ssh *ssh, Channel *c) 179 { 180 int r; 181 182 debug2("channel %d: send eof", c->self); 183 switch (c->istate) { 184 case CHAN_INPUT_WAIT_DRAIN: 185 if (!c->have_remote_id) 186 fatal("%s: channel %d: no remote_id", 187 __func__, c->self); 188 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 || 189 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 190 (r = sshpkt_send(ssh)) != 0) 191 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 192 c->flags |= CHAN_EOF_SENT; 193 break; 194 default: 195 error("channel %d: cannot send eof for istate %d", 196 c->self, c->istate); 197 break; 198 } 199 } 200 201 static void 202 chan_send_close2(struct ssh *ssh, Channel *c) 203 { 204 int r; 205 206 debug2("channel %d: send close", c->self); 207 if (c->ostate != CHAN_OUTPUT_CLOSED || 208 c->istate != CHAN_INPUT_CLOSED) { 209 error("channel %d: cannot send close for istate/ostate %d/%d", 210 c->self, c->istate, c->ostate); 211 } else if (c->flags & CHAN_CLOSE_SENT) { 212 error("channel %d: already sent close", c->self); 213 } else { 214 if (!c->have_remote_id) 215 fatal("%s: channel %d: no remote_id", 216 __func__, c->self); 217 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 || 218 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 219 (r = sshpkt_send(ssh)) != 0) 220 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 221 c->flags |= CHAN_CLOSE_SENT; 222 } 223 } 224 225 static void 226 chan_send_eow2(struct ssh *ssh, Channel *c) 227 { 228 int r; 229 230 debug2("channel %d: send eow", c->self); 231 if (c->ostate == CHAN_OUTPUT_CLOSED) { 232 error("channel %d: must not sent eow on closed output", 233 c->self); 234 return; 235 } 236 if (!(datafellows & SSH_NEW_OPENSSH)) 237 return; 238 if (!c->have_remote_id) 239 fatal("%s: channel %d: no remote_id", __func__, c->self); 240 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 || 241 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 242 (r = sshpkt_put_cstring(ssh, "eow (at) openssh.com")) != 0 || 243 (r = sshpkt_put_u8(ssh, 0)) != 0 || 244 (r = sshpkt_send(ssh)) != 0) 245 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 246 } 247 248 /* shared */ 249 250 void 251 chan_rcvd_ieof(struct ssh *ssh, Channel *c) 252 { 253 debug2("channel %d: rcvd eof", c->self); 254 c->flags |= CHAN_EOF_RCVD; 255 if (c->ostate == CHAN_OUTPUT_OPEN) 256 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 257 if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN && 258 sshbuf_len(c->output) == 0 && 259 !CHANNEL_EFD_OUTPUT_ACTIVE(c)) 260 chan_obuf_empty(ssh, c); 261 } 262 263 void 264 chan_rcvd_oclose(struct ssh *ssh, Channel *c) 265 { 266 debug2("channel %d: rcvd close", c->self); 267 if (!(c->flags & CHAN_LOCAL)) { 268 if (c->flags & CHAN_CLOSE_RCVD) 269 error("channel %d: protocol error: close rcvd twice", 270 c->self); 271 c->flags |= CHAN_CLOSE_RCVD; 272 } 273 if (c->type == SSH_CHANNEL_LARVAL) { 274 /* tear down larval channels immediately */ 275 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 276 chan_set_istate(c, CHAN_INPUT_CLOSED); 277 return; 278 } 279 switch (c->ostate) { 280 case CHAN_OUTPUT_OPEN: 281 /* 282 * wait until a data from the channel is consumed if a CLOSE 283 * is received 284 */ 285 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 286 break; 287 } 288 switch (c->istate) { 289 case CHAN_INPUT_OPEN: 290 chan_shutdown_read(ssh, c); 291 chan_shutdown_extended_read(ssh, c); 292 chan_set_istate(c, CHAN_INPUT_CLOSED); 293 break; 294 case CHAN_INPUT_WAIT_DRAIN: 295 if (!(c->flags & CHAN_LOCAL)) 296 chan_send_eof2(ssh, c); 297 chan_shutdown_extended_read(ssh, c); 298 chan_set_istate(c, CHAN_INPUT_CLOSED); 299 break; 300 } 301 } 302 303 void 304 chan_write_failed(struct ssh *ssh, Channel *c) 305 { 306 debug2("channel %d: write failed", c->self); 307 switch (c->ostate) { 308 case CHAN_OUTPUT_OPEN: 309 case CHAN_OUTPUT_WAIT_DRAIN: 310 chan_shutdown_write(ssh, c); 311 if (strcmp(c->ctype, "session") == 0) 312 chan_send_eow2(ssh, c); 313 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 314 break; 315 default: 316 error("channel %d: chan_write_failed for ostate %d", 317 c->self, c->ostate); 318 break; 319 } 320 } 321 322 void 323 chan_mark_dead(struct ssh *ssh, Channel *c) 324 { 325 c->type = SSH_CHANNEL_ZOMBIE; 326 } 327 328 int 329 chan_is_dead(struct ssh *ssh, Channel *c, int do_send) 330 { 331 if (c->type == SSH_CHANNEL_ZOMBIE) { 332 debug2("channel %d: zombie", c->self); 333 return 1; 334 } 335 if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) 336 return 0; 337 if ((datafellows & SSH_BUG_EXTEOF) && 338 c->extended_usage == CHAN_EXTENDED_WRITE && 339 c->efd != -1 && 340 sshbuf_len(c->extended) > 0) { 341 debug2("channel %d: active efd: %d len %zu", 342 c->self, c->efd, sshbuf_len(c->extended)); 343 return 0; 344 } 345 if (c->flags & CHAN_LOCAL) { 346 debug2("channel %d: is dead (local)", c->self); 347 return 1; 348 } 349 if (!(c->flags & CHAN_CLOSE_SENT)) { 350 if (do_send) { 351 chan_send_close2(ssh, c); 352 } else { 353 /* channel would be dead if we sent a close */ 354 if (c->flags & CHAN_CLOSE_RCVD) { 355 debug2("channel %d: almost dead", 356 c->self); 357 return 1; 358 } 359 } 360 } 361 if ((c->flags & CHAN_CLOSE_SENT) && 362 (c->flags & CHAN_CLOSE_RCVD)) { 363 debug2("channel %d: is dead", c->self); 364 return 1; 365 } 366 return 0; 367 } 368 369 /* helper */ 370 static void 371 chan_shutdown_write(struct ssh *ssh, Channel *c) 372 { 373 sshbuf_reset(c->output); 374 if (c->type == SSH_CHANNEL_LARVAL) 375 return; 376 /* shutdown failure is allowed if write failed already */ 377 debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", 378 c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd, 379 channel_format_extended_usage(c)); 380 if (c->sock != -1) { 381 if (shutdown(c->sock, SHUT_WR) == -1) { 382 debug2("channel %d: %s: shutdown() failed for " 383 "fd %d [i%d o%d]: %.100s", c->self, __func__, 384 c->sock, c->istate, c->ostate, 385 strerror(errno)); 386 } 387 } else { 388 if (channel_close_fd(ssh, &c->wfd) < 0) { 389 logit("channel %d: %s: close() failed for " 390 "fd %d [i%d o%d]: %.100s", 391 c->self, __func__, c->wfd, c->istate, c->ostate, 392 strerror(errno)); 393 } 394 } 395 } 396 397 static void 398 chan_shutdown_read(struct ssh *ssh, Channel *c) 399 { 400 if (c->type == SSH_CHANNEL_LARVAL) 401 return; 402 debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", 403 c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd, 404 channel_format_extended_usage(c)); 405 if (c->sock != -1) { 406 if (shutdown(c->sock, SHUT_RD) == -1) { 407 error("channel %d: %s: shutdown() failed for " 408 "fd %d [i%d o%d]: %.100s", 409 c->self, __func__, c->sock, c->istate, c->ostate, 410 strerror(errno)); 411 } 412 } else { 413 if (channel_close_fd(ssh, &c->rfd) < 0) { 414 logit("channel %d: %s: close() failed for " 415 "fd %d [i%d o%d]: %.100s", 416 c->self, __func__, c->rfd, c->istate, c->ostate, 417 strerror(errno)); 418 } 419 } 420 } 421 422 static void 423 chan_shutdown_extended_read(struct ssh *ssh, Channel *c) 424 { 425 if (c->type == SSH_CHANNEL_LARVAL || c->efd == -1) 426 return; 427 if (c->extended_usage != CHAN_EXTENDED_READ && 428 c->extended_usage != CHAN_EXTENDED_IGNORE) 429 return; 430 debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", 431 c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd, 432 channel_format_extended_usage(c)); 433 if (channel_close_fd(ssh, &c->efd) < 0) { 434 logit("channel %d: %s: close() failed for " 435 "extended fd %d [i%d o%d]: %.100s", 436 c->self, __func__, c->efd, c->istate, c->ostate, 437 strerror(errno)); 438 } 439 } 440
Indexes created Mon Apr 27 00:23:16 UTC 2026