From 7e04c5e277665105cc9fe85bacb8f8e211722f02 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 1 Oct 2006 16:35:13 +0000 Subject: just shuffle some variables names about, a brief comment about the "bad writefd" problem --HG-- branch : channel-fix extra : convert_revision : f0b407c3d3e047ed83174e6f4ebd85a19352df5b --- common-channel.c | 172 +++++++++++++++++++++++++------------------------------ 1 file changed, 79 insertions(+), 93 deletions(-) (limited to 'common-channel.c') diff --git a/common-channel.c b/common-channel.c index 11760ec..f76a79d 100644 --- a/common-channel.c +++ b/common-channel.c @@ -47,14 +47,14 @@ static void send_msg_channel_data(struct Channel *channel, int isextended, unsigned int exttype); static void send_msg_channel_eof(struct Channel *channel); static void send_msg_channel_close(struct Channel *channel); -static void removechannel(struct Channel *channel); -static void deletechannel(struct Channel *channel); -static void checkinitdone(struct Channel *channel); -static void checkclose(struct Channel *channel); +static void remove_channel(struct Channel *channel); +static void delete_channel(struct Channel *channel); +static void check_in_progress(struct Channel *channel); +static void check_close(struct Channel *channel); -static void closewritefd(struct Channel * channel); -static void closereadfd(struct Channel * channel, int fd); -static void closechanfd(struct Channel *channel, int fd, int how); +static void close_write_fd(struct Channel * channel); +static void close_read_fd(struct Channel * channel, int fd); +static void close_chan_fd(struct Channel *channel, int fd, int how); #define FD_UNINIT (-2) #define FD_CLOSED (-1) @@ -85,7 +85,7 @@ void chancleanup() { for (i = 0; i < ses.chansize; i++) { if (ses.channels[i] != NULL) { TRACE(("channel %d closing", i)) - removechannel(ses.channels[i]); + remove_channel(ses.channels[i]); } } m_free(ses.channels); @@ -135,8 +135,8 @@ struct Channel* newchannel(unsigned int remotechan, newchan = (struct Channel*)m_malloc(sizeof(struct Channel)); newchan->type = type; newchan->index = i; - newchan->sentclosed = newchan->recvclosed = 0; - newchan->senteof = newchan->recveof = 0; + newchan->sent_close = newchan->recv_close = 0; + newchan->sent_eof = newchan->recv_eof = 0; newchan->remotechan = remotechan; newchan->transwindow = transwindow; @@ -203,31 +203,24 @@ void channelio(fd_set *readfds, fd_set *writefds) { send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR); } - /* if we can read from the writefd, it might be closed, so we try to - * see if it has errors */ - if (IS_DROPBEAR_SERVER && channel->writefd >= 0 - && channel->writefd != channel->readfd - && FD_ISSET(channel->writefd, readfds)) { +#if 0 + /* XXX where is this required? */ if (channel->initconn) { /* Handling for "in progress" connection - this is needed * to avoid spinning 100% CPU when we connect to a server * which doesn't send anything (tcpfwding) */ - checkinitdone(channel); + check_in_progress(channel); continue; /* Important not to use the channel after - checkinitdone(), as it may be NULL */ + check_in_progress(), as it may be NULL */ } - ret = write(channel->writefd, NULL, 0); /* Fake write */ - if (ret < 0 && errno != EINTR && errno != EAGAIN) { - closewritefd(channel); - } - } +#endif /* write to program/pipe stdin */ if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) { if (channel->initconn) { - checkinitdone(channel); + check_in_progress(channel); continue; /* Important not to use the channel after - checkinitdone(), as it may be NULL */ + check_in_progress(), as it may be NULL */ } writechannel(channel, channel->writefd, channel->writebuf); } @@ -239,7 +232,7 @@ void channelio(fd_set *readfds, fd_set *writefds) { } /* now handle any of the channel-closing type stuff */ - checkclose(channel); + check_close(channel); } /* foreach channel */ @@ -250,12 +243,12 @@ void channelio(fd_set *readfds, fd_set *writefds) { } -/* do all the EOF/close type stuff checking for a channel */ -static void checkclose(struct Channel *channel) { +/* EOF/close handling */ +static void check_close(struct Channel *channel) { - TRACE(("checkclose: writefd %d, readfd %d, errfd %d, sentclosed %d, recvclosed %d", + TRACE(("check_close: writefd %d, readfd %d, errfd %d, sent_close %d, recv_close %d", channel->writefd, channel->readfd, - channel->errfd, channel->sentclosed, channel->recvclosed)) + channel->errfd, channel->sent_close, channel->recv_close)) TRACE(("writebuf size %d extrabuf ptr 0x%x extrabuf size %d", cbuf_getused(channel->writebuf), channel->writebuf, @@ -263,21 +256,21 @@ static void checkclose(struct Channel *channel) { /* server chansession channels are special, since readfd mightn't * close in the case of "sleep 4 & echo blah" until the sleep is up */ - if (channel->type->checkclose) { - if (channel->type->checkclose(channel)) { - closewritefd(channel); - closereadfd(channel, channel->readfd); - closereadfd(channel, channel->errfd); + if (channel->type->check_close) { + if (channel->type->check_close(channel)) { + close_write_fd(channel); + close_read_fd(channel, channel->readfd); + close_read_fd(channel, channel->errfd); } } - if (!channel->senteof + if (!channel->sent_eof && channel->readfd == FD_CLOSED && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { send_msg_channel_eof(channel); } - if (!channel->sentclosed + if (!channel->sent_close && channel->writefd == FD_CLOSED && channel->readfd == FD_CLOSED && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { @@ -294,12 +287,12 @@ static void checkclose(struct Channel *channel) { * SSH_MSG_CHANNEL_EOF. * (from draft-ietf-secsh-connect) */ - if (channel->recvclosed) { - if (! channel->sentclosed) { + if (channel->recv_close) { + if (! channel->sent_close) { TRACE(("Sending MSG_CHANNEL_CLOSE in response to same.")) send_msg_channel_close(channel); } - removechannel(channel); + remove_channel(channel); } } @@ -308,26 +301,26 @@ static void checkclose(struct Channel *channel) { * if so, set up the channel properly. Otherwise, the channel is cleaned up, so * it is important that the channel reference isn't used after a call to this * function */ -static void checkinitdone(struct Channel *channel) { +static void check_in_progress(struct Channel *channel) { int val; socklen_t vallen = sizeof(val); - TRACE(("enter checkinitdone")) + TRACE(("enter check_in_progress")) if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen) || val != 0) { send_msg_channel_open_failure(channel->remotechan, SSH_OPEN_CONNECT_FAILED, "", ""); close(channel->writefd); - deletechannel(channel); - TRACE(("leave checkinitdone: fail")) + delete_channel(channel); + TRACE(("leave check_in_progress: fail")) } else { send_msg_channel_open_confirmation(channel, channel->recvwindow, channel->recvmaxpacket); channel->readfd = channel->writefd; channel->initconn = 0; - TRACE(("leave checkinitdone: success")) + TRACE(("leave check_in_progress: success")) } } @@ -337,7 +330,6 @@ static void checkinitdone(struct Channel *channel) { static void send_msg_channel_close(struct Channel *channel) { TRACE(("enter send_msg_channel_close")) - /* XXX server */ if (channel->type->closehandler) { channel->type->closehandler(channel); } @@ -349,8 +341,8 @@ static void send_msg_channel_close(struct Channel *channel) { encrypt_packet(); - channel->senteof = 1; - channel->sentclosed = 1; + channel->sent_eof = 1; + channel->sent_close = 1; TRACE(("leave send_msg_channel_close")) } @@ -365,7 +357,7 @@ static void send_msg_channel_eof(struct Channel *channel) { encrypt_packet(); - channel->senteof = 1; + channel->sent_eof = 1; TRACE(("leave send_msg_channel_eof")) } @@ -387,7 +379,7 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { if (len < 0 && errno != EINTR) { /* no more to write - we close it even if the fd was stderr, since * that's a nasty failure too */ - closewritefd(channel); + close_write_fd(channel); } TRACE(("leave writechannel: len <= 0")) return; @@ -396,10 +388,10 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { cbuf_incrread(cbuf, len); channel->recvdonelen += len; - if (fd == channel->writefd && cbuf_getused(cbuf) == 0 && channel->recveof) { + if (fd == channel->writefd && cbuf_getused(cbuf) == 0 && channel->recv_eof) { /* Check if we're closing up */ - closewritefd(channel); - TRACE(("leave writechannel: recveof set")) + close_write_fd(channel); + TRACE(("leave writechannel: recv_eof set")) return; } @@ -446,19 +438,6 @@ void setchannelfds(fd_set *readfds, fd_set *writefds) { } } - TRACE(("writefd = %d, readfd %d, errfd %d, bufused %d", - channel->writefd, channel->readfd, - channel->errfd, - cbuf_getused(channel->writebuf) )) - - /* For checking FD status (ie closure etc) - we don't actually - * read data from writefd. We don't want to do this for the client, - * since redirection to /dev/null will make it spin in the select */ - if (IS_DROPBEAR_SERVER && channel->writefd >= 0 - && channel->writefd != channel->readfd) { - FD_SET(channel->writefd, readfds); - } - /* Stuff from the wire */ if ((channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0 ) || channel->initconn) { @@ -492,11 +471,11 @@ void recv_msg_channel_eof() { dropbear_exit("EOF for unknown channel"); } - channel->recveof = 1; + channel->recv_eof = 1; if (cbuf_getused(channel->writebuf) == 0 && (channel->extrabuf == NULL || cbuf_getused(channel->extrabuf) == 0)) { - closewritefd(channel); + close_write_fd(channel); } TRACE(("leave recv_msg_channel_eof")) @@ -516,11 +495,11 @@ void recv_msg_channel_close() { dropbear_exit("Close for unknown channel"); } - channel->recveof = 1; - channel->recvclosed = 1; + channel->recv_eof = 1; + channel->recv_close = 1; - if (channel->sentclosed) { - removechannel(channel); + if (channel->sent_close) { + remove_channel(channel); } TRACE(("leave recv_msg_channel_close")) @@ -528,9 +507,9 @@ void recv_msg_channel_close() { /* Remove a channel entry, this is only executed after both sides have sent * channel close */ -static void removechannel(struct Channel * channel) { +static void remove_channel(struct Channel * channel) { - TRACE(("enter removechannel")) + TRACE(("enter remove_channel")) TRACE(("channel index is %d", channel->index)) cbuf_free(channel->writebuf); @@ -550,13 +529,13 @@ static void removechannel(struct Channel * channel) { channel->typedata = NULL; - deletechannel(channel); + delete_channel(channel); - TRACE(("leave removechannel")) + TRACE(("leave remove_channel")) } /* Remove a channel entry */ -static void deletechannel(struct Channel *channel) { +static void delete_channel(struct Channel *channel) { ses.channels[channel->index] = NULL; m_free(channel); @@ -607,7 +586,7 @@ static void send_msg_channel_data(struct Channel *channel, int isextended, CHECKCLEARTOWRITE(); - dropbear_assert(!channel->sentclosed); + dropbear_assert(!channel->sent_close); if (isextended) { fd = channel->errfd; @@ -634,7 +613,7 @@ static void send_msg_channel_data(struct Channel *channel, int isextended, if (len <= 0) { /* on error/eof, send eof */ if (len == 0 || errno != EINTR) { - closereadfd(channel, fd); + close_read_fd(channel, fd); } buf_free(buf); buf = NULL; @@ -687,10 +666,19 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd, TRACE(("enter recv_msg_channel_data")) - if (channel->recveof) { + if (channel->recv_eof) { dropbear_exit("received data after eof"); } + /* XXX this is getting hit by people - maybe should be + * made less fatal (or just fixed). + * + * The most likely explanation is that the socket is being closed (due to + * write failure etc) but the far end doesn't know yet, so keeps sending + * packets. We already know that the channel number that was given was + * valid, so probably should skip out here. Maybe + * assert(channel->sent_close), thuogh only if the close-on-failure code is + * doing that */ if (fd < 0) { dropbear_exit("received data with bad writefd"); } @@ -767,7 +755,6 @@ static void send_msg_channel_window_adjust(struct Channel* channel, } /* Handle a new channel request, performing any channel-type-specific setup */ -/* XXX server */ void recv_msg_channel_open() { unsigned char *type; @@ -830,7 +817,7 @@ void recv_msg_channel_open() { goto cleanup; } errtype = ret; - deletechannel(channel); + delete_channel(channel); TRACE(("inithandler returned failure %d", ret)) goto failure; } @@ -982,7 +969,7 @@ void recv_msg_channel_open_confirmation() { if (channel->type->inithandler) { ret = channel->type->inithandler(channel); if (ret > 0) { - removechannel(channel); + remove_channel(channel); TRACE(("inithandler returned failure %d", ret)) } } @@ -1006,34 +993,33 @@ void recv_msg_channel_open_failure() { } channel->await_open = 0; - removechannel(channel); + remove_channel(channel); } #endif /* USING_LISTENERS */ /* close a stdout/stderr fd */ -static void closereadfd(struct Channel * channel, int fd) { +static void close_read_fd(struct Channel * channel, int fd) { /* don't close it if it is the same as writefd, * unless writefd is already set -1 */ - TRACE(("enter closereadfd")) - closechanfd(channel, fd, 0); - TRACE(("leave closereadfd")) + TRACE(("enter close_read_fd")) + close_chan_fd(channel, fd, 0); + TRACE(("leave close_read_fd")) } /* close a stdin fd */ -static void closewritefd(struct Channel * channel) { +static void close_write_fd(struct Channel * channel) { - TRACE(("enter closewritefd")) - closechanfd(channel, channel->writefd, 1); - TRACE(("leave closewritefd")) + TRACE(("enter close_write_fd")) + close_chan_fd(channel, channel->writefd, 1); + TRACE(("leave close_write_fd")) } /* close a fd, how is 0 for stdout/stderr, 1 for stdin */ -static void closechanfd(struct Channel *channel, int fd, int how) { +static void close_chan_fd(struct Channel *channel, int fd, int how) { int closein = 0, closeout = 0; - /* XXX server */ if (channel->type->sepfds) { TRACE(("shutdown((%d), %d)", fd, how)) shutdown(fd, how); -- cgit v1.2.3 From df57eb382479e5719713c9cc02c2f06882f9b9a7 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 2 Oct 2006 16:34:06 +0000 Subject: Rearranged some more bits, marked some areas that need work. * send_msg_channel_data() no longer allocates a separate buffer * getchannel() handles unknown channels so callers don't have to --HG-- branch : channel-fix extra : convert_revision : 3db645581be0fbb0d2ac8d218fbd55e096cbbbe5 --- cli-channel.c | 3 -- common-channel.c | 148 ++++++++++++++++++++++++------------------------------ svr-chansession.c | 7 +-- 3 files changed, 67 insertions(+), 91 deletions(-) (limited to 'common-channel.c') diff --git a/cli-channel.c b/cli-channel.c index 1bd49ab..b88e913 100644 --- a/cli-channel.c +++ b/cli-channel.c @@ -39,9 +39,6 @@ void recv_msg_channel_extended_data() { TRACE(("enter recv_msg_channel_extended_data")) channel = getchannel(); - if (channel == NULL) { - dropbear_exit("Unknown channel"); - } if (channel->type != &clichansess) { TRACE(("leave recv_msg_channel_extended_data: chantype is wrong")) diff --git a/common-channel.c b/common-channel.c index f76a79d..a6e3364 100644 --- a/common-channel.c +++ b/common-channel.c @@ -164,24 +164,33 @@ struct Channel* newchannel(unsigned int remotechan, } /* Returns the channel structure corresponding to the channel in the current - * data packet (ses.payload must be positioned appropriately) */ -struct Channel* getchannel() { + * data packet (ses.payload must be positioned appropriately). + * A valid channel is always returns, it will fail fatally with an unknown + * channel */ +static struct Channel* getchannel_msg(const char* kind) { unsigned int chan; chan = buf_getint(ses.payload); if (chan >= ses.chansize || ses.channels[chan] == NULL) { - return NULL; + if (kind) { + dropbear_exit("%s for unknown channel %d", kind, chan); + } else { + dropbear_exit("Unknown channel %d", chan); + } } return ses.channels[chan]; } +struct Channel* getchannel() { + return getchannel_msg(NULL); +} + /* Iterate through the channels, performing IO if available */ void channelio(fd_set *readfds, fd_set *writefds) { struct Channel *channel; unsigned int i; - int ret; /* iterate through all the possible channels */ for (i = 0; i < ses.chansize; i++) { @@ -218,6 +227,7 @@ void channelio(fd_set *readfds, fd_set *writefds) { /* write to program/pipe stdin */ if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) { if (channel->initconn) { + /* XXX could this go somewhere cleaner? */ check_in_progress(channel); continue; /* Important not to use the channel after check_in_progress(), as it may be NULL */ @@ -254,6 +264,16 @@ static void check_close(struct Channel *channel) { channel->writebuf, channel->writebuf ? 0 : cbuf_getused(channel->extrabuf))) + /* XXX not good, doesn't flush out */ + if (channel->recv_close) { + if (! channel->sent_close) { + TRACE(("Sending MSG_CHANNEL_CLOSE in response to same.")) + send_msg_channel_close(channel); + } + remove_channel(channel); + return; + } + /* server chansession channels are special, since readfd mightn't * close in the case of "sleep 4 & echo blah" until the sleep is up */ if (channel->type->check_close) { @@ -277,6 +297,14 @@ static void check_close(struct Channel *channel) { send_msg_channel_close(channel); } + /* XXX blah */ + if (channel->recv_eof && + (cbuf_getused(channel->writebuf) == 0 + && (channel->extrabuf == NULL + || cbuf_getused(channel->extrabuf) == 0))) { + close_write_fd(channel); + } + /* When either party wishes to terminate the channel, it sends * SSH_MSG_CHANNEL_CLOSE. Upon receiving this message, a party MUST * send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this @@ -287,13 +315,6 @@ static void check_close(struct Channel *channel) { * SSH_MSG_CHANNEL_EOF. * (from draft-ietf-secsh-connect) */ - if (channel->recv_close) { - if (! channel->sent_close) { - TRACE(("Sending MSG_CHANNEL_CLOSE in response to same.")) - send_msg_channel_close(channel); - } - remove_channel(channel); - } } @@ -325,7 +346,6 @@ static void check_in_progress(struct Channel *channel) { } - /* Send the close message and set the channel as closed */ static void send_msg_channel_close(struct Channel *channel) { @@ -341,6 +361,7 @@ static void send_msg_channel_close(struct Channel *channel) { encrypt_packet(); + /* XXX is setting sent_eof required? */ channel->sent_eof = 1; channel->sent_close = 1; TRACE(("leave send_msg_channel_close")) @@ -388,13 +409,6 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { cbuf_incrread(cbuf, len); channel->recvdonelen += len; - if (fd == channel->writefd && cbuf_getused(cbuf) == 0 && channel->recv_eof) { - /* Check if we're closing up */ - close_write_fd(channel); - TRACE(("leave writechannel: recv_eof set")) - return; - } - /* Window adjust handling */ if (channel->recvdonelen >= RECV_WINDOWEXTEND) { /* Set it back to max window */ @@ -408,7 +422,6 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { dropbear_assert(channel->extrabuf == NULL || channel->recvwindow <= cbuf_getavail(channel->extrabuf)); - TRACE(("leave writechannel")) } @@ -466,18 +479,11 @@ void recv_msg_channel_eof() { TRACE(("enter recv_msg_channel_eof")) - channel = getchannel(); - if (channel == NULL) { - dropbear_exit("EOF for unknown channel"); - } + channel = getchannel_msg("EOF"); channel->recv_eof = 1; - if (cbuf_getused(channel->writebuf) == 0 - && (channel->extrabuf == NULL - || cbuf_getused(channel->extrabuf) == 0)) { - close_write_fd(channel); - } + check_close(channel); TRACE(("leave recv_msg_channel_eof")) } @@ -489,19 +495,13 @@ void recv_msg_channel_close() { TRACE(("enter recv_msg_channel_close")) - channel = getchannel(); - if (channel == NULL) { - /* disconnect ? */ - dropbear_exit("Close for unknown channel"); - } + channel = getchannel_msg("Close"); + /* XXX eof required? */ channel->recv_eof = 1; channel->recv_close = 1; - if (channel->sent_close) { - remove_channel(channel); - } - + check_close(channel); TRACE(("leave recv_msg_channel_close")) } @@ -512,6 +512,9 @@ static void remove_channel(struct Channel * channel) { TRACE(("enter remove_channel")) TRACE(("channel index is %d", channel->index)) + /* XXX shuold we assert for sent_closed and recv_closed? + * but we also cleanup manually, maybe we need a flag. */ + cbuf_free(channel->writebuf); channel->writebuf = NULL; @@ -522,7 +525,7 @@ static void remove_channel(struct Channel * channel) { /* close the FDs in case they haven't been done - * yet (ie they were shutdown etc */ + * yet (they might have been shutdown etc) */ close(channel->writefd); close(channel->readfd); close(channel->errfd); @@ -553,10 +556,6 @@ void recv_msg_channel_request() { TRACE(("enter recv_msg_channel_request")) channel = getchannel(); - if (channel == NULL) { - /* disconnect ? */ - dropbear_exit("Unknown channel"); - } if (channel->type->reqhandler) { channel->type->reqhandler(channel); @@ -576,9 +575,8 @@ void recv_msg_channel_request() { static void send_msg_channel_data(struct Channel *channel, int isextended, unsigned int exttype) { - buffer *buf; int len; - unsigned int maxlen; + size_t maxlen, size_pos; int fd; /* TRACE(("enter send_msg_channel_data")) @@ -600,40 +598,37 @@ static void send_msg_channel_data(struct Channel *channel, int isextended, * exttype if is extended */ maxlen = MIN(maxlen, ses.writepayload->size - 1 - 4 - 4 - (isextended ? 4 : 0)); + TRACE(("maxlen %d", maxlen)) if (maxlen == 0) { TRACE(("leave send_msg_channel_data: no window")) - return; /* the data will get written later */ + return; } + buf_putbyte(ses.writepayload, + isextended ? SSH_MSG_CHANNEL_EXTENDED_DATA : SSH_MSG_CHANNEL_DATA); + buf_putint(ses.writepayload, channel->remotechan); + if (isextended) { + buf_putint(ses.writepayload, exttype); + } + /* a dummy size first ...*/ + size_pos = ses.writepayload->pos; + buf_putint(ses.writepayload, 0); + /* read the data */ - TRACE(("maxlen %d", maxlen)) - buf = buf_new(maxlen); - TRACE(("buf pos %d data %x", buf->pos, buf->data)) - len = read(fd, buf_getwriteptr(buf, maxlen), maxlen); + len = read(fd, buf_getwriteptr(ses.writepayload, maxlen), maxlen); if (len <= 0) { - /* on error/eof, send eof */ if (len == 0 || errno != EINTR) { close_read_fd(channel, fd); } - buf_free(buf); - buf = NULL; + ses.writepayload->len = ses.writepayload->pos = 0; TRACE(("leave send_msg_channel_data: read err or EOF for fd %d", channel->index)); return; } - buf_incrlen(buf, len); - - buf_putbyte(ses.writepayload, - isextended ? SSH_MSG_CHANNEL_EXTENDED_DATA : SSH_MSG_CHANNEL_DATA); - buf_putint(ses.writepayload, channel->remotechan); - - if (isextended) { - buf_putint(ses.writepayload, exttype); - } - - buf_putstring(ses.writepayload, buf_getptr(buf, len), len); - buf_free(buf); - buf = NULL; + buf_incrwritepos(ses.writepayload, len); + /* ... real size here */ + buf_setpos(ses.writepayload, size_pos); + buf_putint(ses.writepayload, len); channel->transwindow -= len; @@ -647,9 +642,6 @@ void recv_msg_channel_data() { struct Channel *channel; channel = getchannel(); - if (channel == NULL) { - dropbear_exit("Unknown channel"); - } common_recv_msg_channel_data(channel, channel->writefd, channel->writebuf); } @@ -726,9 +718,6 @@ void recv_msg_channel_window_adjust() { unsigned int incr; channel = getchannel(); - if (channel == NULL) { - dropbear_exit("Unknown channel"); - } incr = buf_getint(ses.payload); TRACE(("received window increment %d", incr)) @@ -786,6 +775,7 @@ void recv_msg_channel_open() { /* Get the channel type. Client and server style invokation will set up a * different list for ses.chantypes at startup. We just iterate through * this list and find the matching name */ + /* XXX fugly */ for (cp = &ses.chantypes[0], chantype = (*cp); chantype != NULL; cp++, chantype = (*cp)) { @@ -811,11 +801,11 @@ void recv_msg_channel_open() { if (channel->type->inithandler) { ret = channel->type->inithandler(channel); + if (ret == SSH_OPEN_IN_PROGRESS) { + /* We'll send the confirmation later */ + goto cleanup; + } if (ret > 0) { - if (ret == SSH_OPEN_IN_PROGRESS) { - /* We'll send the confirmation later */ - goto cleanup; - } errtype = ret; delete_channel(channel); TRACE(("inithandler returned failure %d", ret)) @@ -949,9 +939,6 @@ void recv_msg_channel_open_confirmation() { TRACE(("enter recv_msg_channel_open_confirmation")) channel = getchannel(); - if (channel == NULL) { - dropbear_exit("Unknown channel"); - } if (!channel->await_open) { dropbear_exit("unexpected channel reply"); @@ -984,9 +971,6 @@ void recv_msg_channel_open_failure() { struct Channel * channel; channel = getchannel(); - if (channel == NULL) { - dropbear_exit("Unknown channel"); - } if (!channel->await_open) { dropbear_exit("unexpected channel reply"); diff --git a/svr-chansession.c b/svr-chansession.c index 03590b7..57ec118 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -59,17 +59,12 @@ static void send_msg_chansess_exitstatus(struct Channel * channel, struct ChanSess * chansess); static void send_msg_chansess_exitsignal(struct Channel * channel, struct ChanSess * chansess); -static int sess_check_close(struct Channel *channel); static void get_termmodes(struct ChanSess *chansess); /* required to clear environment */ extern char** environ; -static int sess_check_close(struct Channel *channel) { - return channel->writefd == -1; -} - /* Handler for childs exiting, store the state for return to the client */ /* There's a particular race we have to watch out for: if the forked child @@ -967,7 +962,7 @@ const struct ChanType svrchansess = { 0, /* sepfds */ "session", /* name */ newchansess, /* inithandler */ - sess_check_close, /* checkclosehandler */ + NULL, /* checkclosehandler */ chansessionrequest, /* reqhandler */ closechansess, /* closehandler */ }; -- cgit v1.2.3 From 786ea39ac42400096e3f6b545323665f6cfdbb6b Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sat, 7 Oct 2006 17:48:55 +0000 Subject: Rearranged (and hopefully simplified) channel close/eof handling --HG-- branch : channel-fix extra : convert_revision : d44aac5fec50b1d20515da77d410d3c511f16277 --- common-channel.c | 200 ++++++++++++++++++++++++------------------------------- debug.h | 2 +- 2 files changed, 87 insertions(+), 115 deletions(-) (limited to 'common-channel.c') diff --git a/common-channel.c b/common-channel.c index a6e3364..e8175ae 100644 --- a/common-channel.c +++ b/common-channel.c @@ -43,17 +43,14 @@ static void send_msg_channel_open_confirmation(struct Channel* channel, static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf); static void send_msg_channel_window_adjust(struct Channel *channel, unsigned int incr); -static void send_msg_channel_data(struct Channel *channel, int isextended, - unsigned int exttype); +static void send_msg_channel_data(struct Channel *channel, int isextended); static void send_msg_channel_eof(struct Channel *channel); static void send_msg_channel_close(struct Channel *channel); static void remove_channel(struct Channel *channel); static void delete_channel(struct Channel *channel); static void check_in_progress(struct Channel *channel); +static unsigned int write_pending(struct Channel * channel); static void check_close(struct Channel *channel); - -static void close_write_fd(struct Channel * channel); -static void close_read_fd(struct Channel * channel, int fd); static void close_chan_fd(struct Channel *channel, int fd, int how); #define FD_UNINIT (-2) @@ -192,7 +189,7 @@ void channelio(fd_set *readfds, fd_set *writefds) { struct Channel *channel; unsigned int i; - /* iterate through all the possible channels */ + /* foreach channel */ for (i = 0; i < ses.chansize; i++) { channel = ses.channels[i]; @@ -203,31 +200,19 @@ void channelio(fd_set *readfds, fd_set *writefds) { /* read data and send it over the wire */ if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) { - send_msg_channel_data(channel, 0, 0); + send_msg_channel_data(channel, 0); } /* read stderr data and send it over the wire */ if (channel->extrabuf == NULL && channel->errfd >= 0 && FD_ISSET(channel->errfd, readfds)) { - send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR); + send_msg_channel_data(channel, 1); } -#if 0 - /* XXX where is this required? */ - if (channel->initconn) { - /* Handling for "in progress" connection - this is needed - * to avoid spinning 100% CPU when we connect to a server - * which doesn't send anything (tcpfwding) */ - check_in_progress(channel); - continue; /* Important not to use the channel after - check_in_progress(), as it may be NULL */ - } -#endif - /* write to program/pipe stdin */ if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) { if (channel->initconn) { - /* XXX could this go somewhere cleaner? */ + /* XXX should this go somewhere cleaner? */ check_in_progress(channel); continue; /* Important not to use the channel after check_in_progress(), as it may be NULL */ @@ -241,10 +226,10 @@ void channelio(fd_set *readfds, fd_set *writefds) { writechannel(channel, channel->errfd, channel->extrabuf); } - /* now handle any of the channel-closing type stuff */ + /* handle any channel closing etc */ check_close(channel); - } /* foreach channel */ + } /* Listeners such as TCP, X11, agent-auth */ #ifdef USING_LISTENERS @@ -253,6 +238,20 @@ void channelio(fd_set *readfds, fd_set *writefds) { } +/* Returns true if there is data remaining to be written to stdin or + * stderr of a channel's endpoint. */ +static unsigned int write_pending(struct Channel * channel) { + + if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) { + return 1; + } else if (channel->errfd >= 0 && channel->extrabuf && + cbuf_getused(channel->writebuf) > 0) { + return 1; + } + return 0; +} + + /* EOF/close handling */ static void check_close(struct Channel *channel) { @@ -264,8 +263,13 @@ static void check_close(struct Channel *channel) { channel->writebuf, channel->writebuf ? 0 : cbuf_getused(channel->extrabuf))) - /* XXX not good, doesn't flush out */ - if (channel->recv_close) { + if (!channel->sent_close + && channel->writefd == FD_CLOSED + && (channel->errfd == FD_CLOSED || channel->extrabuf == NULL)) { + send_msg_channel_close(channel); + } + + if (channel->recv_close && !write_pending(channel)) { if (! channel->sent_close) { TRACE(("Sending MSG_CHANNEL_CLOSE in response to same.")) send_msg_channel_close(channel); @@ -274,8 +278,10 @@ static void check_close(struct Channel *channel) { return; } - /* server chansession channels are special, since readfd mightn't - * close in the case of "sleep 4 & echo blah" until the sleep is up */ +#if 0 + // The only use of check_close is "return channel->writefd == -1;" for a server + // chansession. Should be able to handle that with just the general + // socket close handling...? if (channel->type->check_close) { if (channel->type->check_close(channel)) { close_write_fd(channel); @@ -283,6 +289,7 @@ static void check_close(struct Channel *channel) { close_read_fd(channel, channel->errfd); } } +#endif if (!channel->sent_eof && channel->readfd == FD_CLOSED @@ -296,25 +303,6 @@ static void check_close(struct Channel *channel) { && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { send_msg_channel_close(channel); } - - /* XXX blah */ - if (channel->recv_eof && - (cbuf_getused(channel->writebuf) == 0 - && (channel->extrabuf == NULL - || cbuf_getused(channel->extrabuf) == 0))) { - close_write_fd(channel); - } - - /* When either party wishes to terminate the channel, it sends - * SSH_MSG_CHANNEL_CLOSE. Upon receiving this message, a party MUST - * send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this - * message for the channel. The channel is considered closed for a - * party when it has both sent and received SSH_MSG_CHANNEL_CLOSE, and - * the party may then reuse the channel number. A party MAY send - * SSH_MSG_CHANNEL_CLOSE without having sent or received - * SSH_MSG_CHANNEL_EOF. - * (from draft-ietf-secsh-connect) - */ } @@ -398,9 +386,7 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { len = write(fd, cbuf_readptr(cbuf, maxlen), maxlen); if (len <= 0) { if (len < 0 && errno != EINTR) { - /* no more to write - we close it even if the fd was stderr, since - * that's a nasty failure too */ - close_write_fd(channel); + close_chan_fd(channel, fd, SHUT_WR); } TRACE(("leave writechannel: len <= 0")) return; @@ -409,6 +395,13 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { cbuf_incrread(cbuf, len); channel->recvdonelen += len; + /* We're closing out */ + if (channel->recv_eof && cbuf_getused(cbuf) == 0) { + TRACE(("leave writechannel")) + close_chan_fd(channel, fd, SHUT_WR); + return; + } + /* Window adjust handling */ if (channel->recvdonelen >= RECV_WINDOWEXTEND) { /* Set it back to max window */ @@ -572,16 +565,12 @@ void recv_msg_channel_request() { * chan is the remote channel, isextended is 0 if it is normal data, 1 * if it is extended data. if it is extended, then the type is in * exttype */ -static void send_msg_channel_data(struct Channel *channel, int isextended, - unsigned int exttype) { +static void send_msg_channel_data(struct Channel *channel, int isextended) { int len; size_t maxlen, size_pos; int fd; -/* TRACE(("enter send_msg_channel_data")) - TRACE(("extended = %d type = %d", isextended, exttype))*/ - CHECKCLEARTOWRITE(); dropbear_assert(!channel->sent_close); @@ -608,7 +597,7 @@ static void send_msg_channel_data(struct Channel *channel, int isextended, isextended ? SSH_MSG_CHANNEL_EXTENDED_DATA : SSH_MSG_CHANNEL_DATA); buf_putint(ses.writepayload, channel->remotechan); if (isextended) { - buf_putint(ses.writepayload, exttype); + buf_putint(ses.writepayload, SSH_EXTENDED_DATA_STDERR); } /* a dummy size first ...*/ size_pos = ses.writepayload->pos; @@ -618,7 +607,7 @@ static void send_msg_channel_data(struct Channel *channel, int isextended, len = read(fd, buf_getwriteptr(ses.writepayload, maxlen), maxlen); if (len <= 0) { if (len == 0 || errno != EINTR) { - close_read_fd(channel, fd); + close_chan_fd(channel, fd, SHUT_RD); } ses.writepayload->len = ses.writepayload->pos = 0; TRACE(("leave send_msg_channel_data: read err or EOF for fd %d", @@ -891,6 +880,47 @@ static void send_msg_channel_open_confirmation(struct Channel* channel, TRACE(("leave send_msg_channel_open_confirmation")) } +/* close a fd, how is SHUT_RD or SHUT_WR */ +static void close_chan_fd(struct Channel *channel, int fd, int how) { + + int closein = 0, closeout = 0; + + if (channel->type->sepfds) { + TRACE(("shutdown((%d), %d)", fd, how)) + shutdown(fd, how); + if (how == 0) { + closeout = 1; + } else { + closein = 1; + } + } else { + close(fd); + closein = closeout = 1; + } + + if (closeout && fd == channel->readfd) { + channel->readfd = FD_CLOSED; + } + if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) { + channel->errfd = FD_CLOSED; + } + + if (closein && fd == channel->writefd) { + channel->writefd = FD_CLOSED; + } + if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) { + channel->errfd = FD_CLOSED; + } + + /* if we called shutdown on it and all references are gone, then we + * need to close() it to stop it lingering */ + if (channel->type->sepfds && channel->readfd == FD_CLOSED + && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { + close(fd); + } +} + + #if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT) /* Create a new channel, and start the open request. This is intended * for X11, agent, tcp forwarding, and should be filled with channel-specific @@ -980,61 +1010,3 @@ void recv_msg_channel_open_failure() { remove_channel(channel); } #endif /* USING_LISTENERS */ - -/* close a stdout/stderr fd */ -static void close_read_fd(struct Channel * channel, int fd) { - - /* don't close it if it is the same as writefd, - * unless writefd is already set -1 */ - TRACE(("enter close_read_fd")) - close_chan_fd(channel, fd, 0); - TRACE(("leave close_read_fd")) -} - -/* close a stdin fd */ -static void close_write_fd(struct Channel * channel) { - - TRACE(("enter close_write_fd")) - close_chan_fd(channel, channel->writefd, 1); - TRACE(("leave close_write_fd")) -} - -/* close a fd, how is 0 for stdout/stderr, 1 for stdin */ -static void close_chan_fd(struct Channel *channel, int fd, int how) { - - int closein = 0, closeout = 0; - - if (channel->type->sepfds) { - TRACE(("shutdown((%d), %d)", fd, how)) - shutdown(fd, how); - if (how == 0) { - closeout = 1; - } else { - closein = 1; - } - } else { - close(fd); - closein = closeout = 1; - } - - if (closeout && fd == channel->readfd) { - channel->readfd = FD_CLOSED; - } - if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) { - channel->errfd = FD_CLOSED; - } - - if (closein && fd == channel->writefd) { - channel->writefd = FD_CLOSED; - } - if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) { - channel->errfd = FD_CLOSED; - } - - /* if we called shutdown on it and all references are gone, then we - * need to close() it to stop it lingering */ - if (channel->type->sepfds && channel->readfd == FD_CLOSED - && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { - close(fd); - } -} diff --git a/debug.h b/debug.h index 0cb4691..ecc9d4a 100644 --- a/debug.h +++ b/debug.h @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/*#define DEBUG_TRACE */ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're -- cgit v1.2.3 From cc340d9cdca97b1fd6d0f484816dbe3414ad3702 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 9 Oct 2006 16:31:00 +0000 Subject: Passes most test cases now --HG-- branch : channel-fix extra : convert_revision : 5a5f398411a7a3baa9472daa80fea0574fbd8a9a --- common-channel.c | 37 ++++++++----------------------------- svr-chansession.c | 7 ++++++- 2 files changed, 14 insertions(+), 30 deletions(-) (limited to 'common-channel.c') diff --git a/common-channel.c b/common-channel.c index e8175ae..688ee56 100644 --- a/common-channel.c +++ b/common-channel.c @@ -263,10 +263,12 @@ static void check_close(struct Channel *channel) { channel->writebuf, channel->writebuf ? 0 : cbuf_getused(channel->extrabuf))) - if (!channel->sent_close - && channel->writefd == FD_CLOSED - && (channel->errfd == FD_CLOSED || channel->extrabuf == NULL)) { - send_msg_channel_close(channel); + /* A bit of a hack for closing up server session channels */ + if (channel->writefd >= 0 + && channel->type->check_close + && channel->type->check_close(channel)) { + TRACE(("channel->type->check_close got hit")) + close_chan_fd(channel, channel->writefd, SHUT_WR); } if (channel->recv_close && !write_pending(channel)) { @@ -278,31 +280,15 @@ static void check_close(struct Channel *channel) { return; } -#if 0 - // The only use of check_close is "return channel->writefd == -1;" for a server - // chansession. Should be able to handle that with just the general - // socket close handling...? - if (channel->type->check_close) { - if (channel->type->check_close(channel)) { - close_write_fd(channel); - close_read_fd(channel, channel->readfd); - close_read_fd(channel, channel->errfd); - } + if (channel->recv_eof && !write_pending(channel)) { + close_chan_fd(channel, channel->writefd, SHUT_WR); } -#endif if (!channel->sent_eof && channel->readfd == FD_CLOSED && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { send_msg_channel_eof(channel); } - - if (!channel->sent_close - && channel->writefd == FD_CLOSED - && channel->readfd == FD_CLOSED - && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { - send_msg_channel_close(channel); - } } @@ -395,13 +381,6 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { cbuf_incrread(cbuf, len); channel->recvdonelen += len; - /* We're closing out */ - if (channel->recv_eof && cbuf_getused(cbuf) == 0) { - TRACE(("leave writechannel")) - close_chan_fd(channel, fd, SHUT_WR); - return; - } - /* Window adjust handling */ if (channel->recvdonelen >= RECV_WINDOWEXTEND) { /* Set it back to max window */ diff --git a/svr-chansession.c b/svr-chansession.c index 57ec118..99a67e9 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -65,6 +65,11 @@ static void get_termmodes(struct ChanSess *chansess); /* required to clear environment */ extern char** environ; +static int sesscheckclose(struct Channel *channel) { + struct ChanSess *chansess = (struct ChanSess*)channel->typedata; + return chansess->exit.exitpid != -1; +} + /* Handler for childs exiting, store the state for return to the client */ /* There's a particular race we have to watch out for: if the forked child @@ -962,7 +967,7 @@ const struct ChanType svrchansess = { 0, /* sepfds */ "session", /* name */ newchansess, /* inithandler */ - NULL, /* checkclosehandler */ + sesscheckclose, /* checkclosehandler */ chansessionrequest, /* reqhandler */ closechansess, /* closehandler */ }; -- cgit v1.2.3 From 5b8a26f1d1871726d45dadd12d0080d5fb7b50f6 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 11 Oct 2006 14:44:00 +0000 Subject: Remove accidentally removed block (making sure to close the channel). Other minor cleanups. --HG-- branch : channel-fix extra : convert_revision : 7559a8cc4f6abe2338636f2aced3a395a79c172c --- common-channel.c | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) (limited to 'common-channel.c') diff --git a/common-channel.c b/common-channel.c index 688ee56..4c6eba1 100644 --- a/common-channel.c +++ b/common-channel.c @@ -285,10 +285,18 @@ static void check_close(struct Channel *channel) { } if (!channel->sent_eof - && channel->readfd == FD_CLOSED - && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { + && channel->readfd == FD_CLOSED + && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { send_msg_channel_eof(channel); } + + if (!channel->sent_close + && channel->writefd == FD_CLOSED + && channel->readfd == FD_CLOSED + && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { + send_msg_channel_close(channel); + } + } @@ -335,7 +343,6 @@ static void send_msg_channel_close(struct Channel *channel) { encrypt_packet(); - /* XXX is setting sent_eof required? */ channel->sent_eof = 1; channel->sent_close = 1; TRACE(("leave send_msg_channel_close")) @@ -469,7 +476,6 @@ void recv_msg_channel_close() { channel = getchannel_msg("Close"); - /* XXX eof required? */ channel->recv_eof = 1; channel->recv_close = 1; @@ -484,9 +490,6 @@ static void remove_channel(struct Channel * channel) { TRACE(("enter remove_channel")) TRACE(("channel index is %d", channel->index)) - /* XXX shuold we assert for sent_closed and recv_closed? - * but we also cleanup manually, maybe we need a flag. */ - cbuf_free(channel->writebuf); channel->writebuf = NULL; @@ -630,21 +633,15 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd, dropbear_exit("received data after eof"); } - /* XXX this is getting hit by people - maybe should be - * made less fatal (or just fixed). - * - * The most likely explanation is that the socket is being closed (due to - * write failure etc) but the far end doesn't know yet, so keeps sending - * packets. We already know that the channel number that was given was - * valid, so probably should skip out here. Maybe - * assert(channel->sent_close), thuogh only if the close-on-failure code is - * doing that */ if (fd < 0) { - dropbear_exit("received data with bad writefd"); + /* If we have encountered failed write, the far side might still + * be sending data without having yet received our close notification. + * We just drop the data. */ + return; } datalen = buf_getint(ses.payload); - + TRACE(("length %d", datalen)) maxdata = cbuf_getavail(cbuf); -- cgit v1.2.3