nchan.c revision 1.10
1 /* $NetBSD: nchan.c,v 1.10 2019/04/20 17:16:40 christos Exp $ */ 2 /* $OpenBSD: nchan.c,v 1.69 2018/10/04 07:47:35 djm Exp $ */ 3 /* 4 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 __RCSID("$NetBSD: nchan.c,v 1.10 2019/04/20 17:16:40 christos Exp $"); 29 #include <sys/types.h> 30 #include <sys/socket.h> 31 #include <sys/queue.h> 32 33 #include <errno.h> 34 #include <string.h> 35 #include <stdarg.h> 36 37 #include "ssh2.h" 38 #include "sshbuf.h" 39 #include "ssherr.h" 40 #include "packet.h" 41 #include "channels.h" 42 #include "compat.h" 43 #include "log.h" 44 45 /* 46 * SSH Protocol 1.5 aka New Channel Protocol 47 * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored. 48 * Written by Markus Friedl in October 1999 49 * 50 * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the 51 * tear down of channels: 52 * 53 * 1.3: strict request-ack-protocol: 54 * CLOSE -> 55 * <- CLOSE_CONFIRM 56 * 57 * 1.5: uses variations of: 58 * IEOF -> 59 * <- OCLOSE 60 * <- IEOF 61 * OCLOSE -> 62 * i.e. both sides have to close the channel 63 * 64 * 2.0: the EOF messages are optional 65 * 66 * See the debugging output from 'ssh -v' and 'sshd -d' of 67 * ssh-1.2.27 as an example. 68 * 69 */ 70 71 /* functions manipulating channel states */ 72 /* 73 * EVENTS update channel input/output states execute ACTIONS 74 */ 75 /* 76 * ACTIONS: should never update the channel states 77 */ 78 static void chan_send_eof2(struct ssh *, Channel *); 79 static void chan_send_eow2(struct ssh *, Channel *); 80 81 /* helper */ 82 static void chan_shutdown_write(struct ssh *, Channel *); 83 static void chan_shutdown_read(struct ssh *, Channel *); 84 static void chan_shutdown_extended_read(struct ssh *, Channel *); 85 86 static const char *ostates[] = { "open", "drain", "wait_ieof", "closed" }; 87 static const char *istates[] = { "open", "drain", "wait_oclose", "closed" }; 88 89 static void 90 chan_set_istate(Channel *c, u_int next) 91 { 92 if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED) 93 fatal("chan_set_istate: bad state %d -> %d", c->istate, next); 94 debug2("channel %d: input %s -> %s", c->self, istates[c->istate], 95 istates[next]); 96 c->istate = next; 97 } 98 99 static void 100 chan_set_ostate(Channel *c, u_int next) 101 { 102 if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED) 103 fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next); 104 debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate], 105 ostates[next]); 106 c->ostate = next; 107 } 108 109 void 110 chan_read_failed(struct ssh *ssh, Channel *c) 111 { 112 debug2("channel %d: read failed", c->self); 113 switch (c->istate) { 114 case CHAN_INPUT_OPEN: 115 chan_shutdown_read(ssh, c); 116 chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN); 117 break; 118 default: 119 error("channel %d: chan_read_failed for istate %d", 120 c->self, c->istate); 121 break; 122 } 123 } 124 125 void 126 chan_ibuf_empty(struct ssh *ssh, Channel *c) 127 { 128 debug2("channel %d: ibuf empty", c->self); 129 if (sshbuf_len(c->input)) { 130 error("channel %d: chan_ibuf_empty for non empty buffer", 131 c->self); 132 return; 133 } 134 switch (c->istate) { 135 case CHAN_INPUT_WAIT_DRAIN: 136 if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL))) 137 chan_send_eof2(ssh, c); 138 chan_set_istate(c, CHAN_INPUT_CLOSED); 139 break; 140 default: 141 error("channel %d: chan_ibuf_empty for istate %d", 142 c->self, c->istate); 143 break; 144 } 145 } 146 147 void 148 chan_obuf_empty(struct ssh *ssh, Channel *c) 149 { 150 debug2("channel %d: obuf empty", c->self); 151 if (sshbuf_len(c->output)) { 152 error("channel %d: chan_obuf_empty for non empty buffer", 153 c->self); 154 return; 155 } 156 switch (c->ostate) { 157 case CHAN_OUTPUT_WAIT_DRAIN: 158 chan_shutdown_write(ssh, c); 159 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 160 break; 161 default: 162 error("channel %d: internal error: obuf_empty for ostate %d", 163 c->self, c->ostate); 164 break; 165 } 166 } 167 168 void 169 chan_rcvd_eow(struct ssh *ssh, Channel *c) 170 { 171 debug2("channel %d: rcvd eow", c->self); 172 switch (c->istate) { 173 case CHAN_INPUT_OPEN: 174 chan_shutdown_read(ssh, c); 175 chan_set_istate(c, CHAN_INPUT_CLOSED); 176 break; 177 } 178 } 179 180 static void 181 chan_send_eof2(struct ssh *ssh, Channel *c) 182 { 183 int r; 184 185 debug2("channel %d: send eof", c->self); 186 switch (c->istate) { 187 case CHAN_INPUT_WAIT_DRAIN: 188 if (!c->have_remote_id) 189 fatal("%s: channel %d: no remote_id", 190 __func__, c->self); 191 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 || 192 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 193 (r = sshpkt_send(ssh)) != 0) 194 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 195 c->flags |= CHAN_EOF_SENT; 196 break; 197 default: 198 error("channel %d: cannot send eof for istate %d", 199 c->self, c->istate); 200 break; 201 } 202 } 203 204 static void 205 chan_send_close2(struct ssh *ssh, Channel *c) 206 { 207 int r; 208 209 debug2("channel %d: send close", c->self); 210 if (c->ostate != CHAN_OUTPUT_CLOSED || 211 c->istate != CHAN_INPUT_CLOSED) { 212 error("channel %d: cannot send close for istate/ostate %d/%d", 213 c->self, c->istate, c->ostate); 214 } else if (c->flags & CHAN_CLOSE_SENT) { 215 error("channel %d: already sent close", c->self); 216 } else { 217 if (!c->have_remote_id) 218 fatal("%s: channel %d: no remote_id", 219 __func__, c->self); 220 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 || 221 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 222 (r = sshpkt_send(ssh)) != 0) 223 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 224 c->flags |= CHAN_CLOSE_SENT; 225 } 226 } 227 228 static void 229 chan_send_eow2(struct ssh *ssh, Channel *c) 230 { 231 int r; 232 233 debug2("channel %d: send eow", c->self); 234 if (c->ostate == CHAN_OUTPUT_CLOSED) { 235 error("channel %d: must not sent eow on closed output", 236 c->self); 237 return; 238 } 239 if (!(datafellows & SSH_NEW_OPENSSH)) 240 return; 241 if (!c->have_remote_id) 242 fatal("%s: channel %d: no remote_id", __func__, c->self); 243 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 || 244 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 245 (r = sshpkt_put_cstring(ssh, "eow (at) openssh.com")) != 0 || 246 (r = sshpkt_put_u8(ssh, 0)) != 0 || 247 (r = sshpkt_send(ssh)) != 0) 248 fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); 249 } 250 251 /* shared */ 252 253 void 254 chan_rcvd_ieof(struct ssh *ssh, Channel *c) 255 { 256 debug2("channel %d: rcvd eof", c->self); 257 c->flags |= CHAN_EOF_RCVD; 258 if (c->ostate == CHAN_OUTPUT_OPEN) 259 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 260 if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN && 261 sshbuf_len(c->output) == 0 && 262 !CHANNEL_EFD_OUTPUT_ACTIVE(c)) 263 chan_obuf_empty(ssh, c); 264 } 265 266 void 267 chan_rcvd_oclose(struct ssh *ssh, Channel *c) 268 { 269 debug2("channel %d: rcvd close", c->self); 270 if (!(c->flags & CHAN_LOCAL)) { 271 if (c->flags & CHAN_CLOSE_RCVD) 272 error("channel %d: protocol error: close rcvd twice", 273 c->self); 274 c->flags |= CHAN_CLOSE_RCVD; 275 } 276 if (c->type == SSH_CHANNEL_LARVAL) { 277 /* tear down larval channels immediately */ 278 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 279 chan_set_istate(c, CHAN_INPUT_CLOSED); 280 return; 281 } 282 switch (c->ostate) { 283 case CHAN_OUTPUT_OPEN: 284 /* 285 * wait until a data from the channel is consumed if a CLOSE 286 * is received 287 */ 288 chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN); 289 break; 290 } 291 switch (c->istate) { 292 case CHAN_INPUT_OPEN: 293 chan_shutdown_read(ssh, c); 294 chan_shutdown_extended_read(ssh, c); 295 chan_set_istate(c, CHAN_INPUT_CLOSED); 296 break; 297 case CHAN_INPUT_WAIT_DRAIN: 298 if (!(c->flags & CHAN_LOCAL)) 299 chan_send_eof2(ssh, c); 300 chan_shutdown_extended_read(ssh, c); 301 chan_set_istate(c, CHAN_INPUT_CLOSED); 302 break; 303 } 304 } 305 306 void 307 chan_write_failed(struct ssh *ssh, Channel *c) 308 { 309 debug2("channel %d: write failed", c->self); 310 switch (c->ostate) { 311 case CHAN_OUTPUT_OPEN: 312 case CHAN_OUTPUT_WAIT_DRAIN: 313 chan_shutdown_write(ssh, c); 314 if (strcmp(c->ctype, "session") == 0) 315 chan_send_eow2(ssh, c); 316 chan_set_ostate(c, CHAN_OUTPUT_CLOSED); 317 break; 318 default: 319 error("channel %d: chan_write_failed for ostate %d", 320 c->self, c->ostate); 321 break; 322 } 323 } 324 325 void 326 chan_mark_dead(struct ssh *ssh, Channel *c) 327 { 328 c->type = SSH_CHANNEL_ZOMBIE; 329 } 330 331 int 332 chan_is_dead(struct ssh *ssh, Channel *c, int do_send) 333 { 334 if (c->type == SSH_CHANNEL_ZOMBIE) { 335 debug2("channel %d: zombie", c->self); 336 return 1; 337 } 338 if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) 339 return 0; 340 if ((datafellows & SSH_BUG_EXTEOF) && 341 c->extended_usage == CHAN_EXTENDED_WRITE && 342 c->efd != -1 && 343 sshbuf_len(c->extended) > 0) { 344 debug2("channel %d: active efd: %d len %zu", 345 c->self, c->efd, sshbuf_len(c->extended)); 346 return 0; 347 } 348 if (c->flags & CHAN_LOCAL) { 349 debug2("channel %d: is dead (local)", c->self); 350 return 1; 351 } 352 if (!(c->flags & CHAN_CLOSE_SENT)) { 353 if (do_send) { 354 chan_send_close2(ssh, c); 355 } else { 356 /* channel would be dead if we sent a close */ 357 if (c->flags & CHAN_CLOSE_RCVD) { 358 debug2("channel %d: almost dead", 359 c->self); 360 return 1; 361 } 362 } 363 } 364 if ((c->flags & CHAN_CLOSE_SENT) && 365 (c->flags & CHAN_CLOSE_RCVD)) { 366 debug2("channel %d: is dead", c->self); 367 return 1; 368 } 369 return 0; 370 } 371 372 /* helper */ 373 static void 374 chan_shutdown_write(struct ssh *ssh, Channel *c) 375 { 376 sshbuf_reset(c->output); 377 if (c->type == SSH_CHANNEL_LARVAL) 378 return; 379 /* shutdown failure is allowed if write failed already */ 380 debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", 381 c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd, 382 channel_format_extended_usage(c)); 383 if (c->sock != -1) { 384 if (shutdown(c->sock, SHUT_WR) < 0) { 385 debug2("channel %d: %s: shutdown() failed for " 386 "fd %d [i%d o%d]: %.100s", c->self, __func__, 387 c->sock, c->istate, c->ostate, 388 strerror(errno)); 389 } 390 } else { 391 if (channel_close_fd(ssh, &c->wfd) < 0) { 392 logit("channel %d: %s: close() failed for " 393 "fd %d [i%d o%d]: %.100s", 394 c->self, __func__, c->wfd, c->istate, c->ostate, 395 strerror(errno)); 396 } 397 } 398 } 399 400 static void 401 chan_shutdown_read(struct ssh *ssh, Channel *c) 402 { 403 if (c->type == SSH_CHANNEL_LARVAL) 404 return; 405 debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", 406 c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd, 407 channel_format_extended_usage(c)); 408 if (c->sock != -1) { 409 if (shutdown(c->sock, SHUT_RD) < 0) { 410 error("channel %d: %s: shutdown() failed for " 411 "fd %d [i%d o%d]: %.100s", 412 c->self, __func__, c->sock, c->istate, c->ostate, 413 strerror(errno)); 414 } 415 } else { 416 if (channel_close_fd(ssh, &c->rfd) < 0) { 417 logit("channel %d: %s: close() failed for " 418 "fd %d [i%d o%d]: %.100s", 419 c->self, __func__, c->rfd, c->istate, c->ostate, 420 strerror(errno)); 421 } 422 } 423 } 424 425 static void 426 chan_shutdown_extended_read(struct ssh *ssh, Channel *c) 427 { 428 if (c->type == SSH_CHANNEL_LARVAL || c->efd == -1) 429 return; 430 if (c->extended_usage != CHAN_EXTENDED_READ && 431 c->extended_usage != CHAN_EXTENDED_IGNORE) 432 return; 433 debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", 434 c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd, 435 channel_format_extended_usage(c)); 436 if (channel_close_fd(ssh, &c->efd) < 0) { 437 logit("channel %d: %s: close() failed for " 438 "extended fd %d [i%d o%d]: %.100s", 439 c->self, __func__, c->efd, c->istate, c->ostate, 440 strerror(errno)); 441 } 442 } 443
Indexes created Wed Apr 29 00:23:26 UTC 2026