/* * Dropbear SSH * * Copyright (c) 2002-2004 Matt Johnston * All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ /* Handle the multiplexed channels, such as sessions, x11, agent connections */ #include "includes.h" #include "session.h" #include "packet.h" #include "ssh.h" #include "buffer.h" #include "circbuffer.h" #include "dbutil.h" #include "channel.h" #include "ssh.h" #include "listener.h" static void send_msg_channel_open_failure(unsigned int remotechan, int reason, const unsigned char *text, const unsigned char *lang); static void send_msg_channel_open_confirmation(struct Channel* channel, unsigned int recvwindow, unsigned int recvmaxpacket); static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf); static void send_msg_channel_window_adjust(struct Channel *channel, unsigned int incr); static void send_msg_channel_data(struct Channel *channel, int isextended, unsigned int exttype); static void send_msg_channel_eof(struct Channel *channel); static void send_msg_channel_close(struct Channel *channel); static void remove_channel(struct Channel *channel); static void delete_channel(struct Channel *channel); static void check_in_progress(struct Channel *channel); static void check_close(struct Channel *channel); static void close_write_fd(struct Channel * channel); static void close_read_fd(struct Channel * channel, int fd); static void close_chan_fd(struct Channel *channel, int fd, int how); #define FD_UNINIT (-2) #define FD_CLOSED (-1) /* Initialise all the channels */ void chaninitialise(const struct ChanType *chantypes[]) { /* may as well create space for a single channel */ ses.channels = (struct Channel**)m_malloc(sizeof(struct Channel*)); ses.chansize = 1; ses.channels[0] = NULL; ses.chancount = 0; ses.chantypes = chantypes; #ifdef USING_LISTENERS listeners_initialise(); #endif } /* Clean up channels, freeing allocated memory */ void chancleanup() { unsigned int i; TRACE(("enter chancleanup")) for (i = 0; i < ses.chansize; i++) { if (ses.channels[i] != NULL) { TRACE(("channel %d closing", i)) remove_channel(ses.channels[i]); } } m_free(ses.channels); TRACE(("leave chancleanup")) } /* Create a new channel entry, send a reply confirm or failure */ /* If remotechan, transwindow and transmaxpacket are not know (for a new * outgoing connection, with them to be filled on confirmation), they should * all be set to 0 */ struct Channel* newchannel(unsigned int remotechan, const struct ChanType *type, unsigned int transwindow, unsigned int transmaxpacket) { struct Channel * newchan; unsigned int i, j; TRACE(("enter newchannel")) /* first see if we can use existing channels */ for (i = 0; i < ses.chansize; i++) { if (ses.channels[i] == NULL) { break; } } /* otherwise extend the list */ if (i == ses.chansize) { if (ses.chansize >= MAX_CHANNELS) { TRACE(("leave newchannel: max chans reached")) return NULL; } /* extend the channels */ ses.channels = (struct Channel**)m_realloc(ses.channels, (ses.chansize+CHAN_EXTEND_SIZE)*sizeof(struct Channel*)); ses.chansize += CHAN_EXTEND_SIZE; /* set the new channels to null */ for (j = i; j < ses.chansize; j++) { ses.channels[j] = NULL; } } newchan = (struct Channel*)m_malloc(sizeof(struct Channel)); newchan->type = type; newchan->index = i; newchan->sent_close = newchan->recv_close = 0; newchan->sent_eof = newchan->recv_eof = 0; newchan->remotechan = remotechan; newchan->transwindow = transwindow; newchan->transmaxpacket = transmaxpacket; newchan->typedata = NULL; newchan->writefd = FD_UNINIT; newchan->readfd = FD_UNINIT; newchan->errfd = FD_CLOSED; /* this isn't always set to start with */ newchan->initconn = 0; newchan->await_open = 0; newchan->writebuf = cbuf_new(RECV_MAXWINDOW); newchan->extrabuf = NULL; /* The user code can set it up */ newchan->recvwindow = RECV_MAXWINDOW; newchan->recvdonelen = 0; newchan->recvmaxpacket = RECV_MAXPACKET; ses.channels[i] = newchan; ses.chancount++; TRACE(("leave newchannel")) return newchan; } /* Returns the channel structure corresponding to the channel in the current * data packet (ses.payload must be positioned appropriately). * A valid channel is always returns, it will fail fatally with an unknown * channel */ static struct Channel* getchannel_msg(const char* kind) { unsigned int chan; chan = buf_getint(ses.payload); if (chan >= ses.chansize || ses.channels[chan] == NULL) { if (kind) { dropbear_exit("%s for unknown channel %d", kind, chan); } else { dropbear_exit("Unknown channel %d", chan); } } return ses.channels[chan]; } struct Channel* getchannel() { return getchannel_msg(NULL); } /* Iterate through the channels, performing IO if available */ void channelio(fd_set *readfds, fd_set *writefds) { struct Channel *channel; unsigned int i; /* iterate through all the possible channels */ for (i = 0; i < ses.chansize; i++) { channel = ses.channels[i]; if (channel == NULL) { /* only process in-use channels */ continue; } /* read data and send it over the wire */ if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) { send_msg_channel_data(channel, 0, 0); } /* read stderr data and send it over the wire */ if (channel->extrabuf == NULL && channel->errfd >= 0 && FD_ISSET(channel->errfd, readfds)) { send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR); } #if 0 /* XXX where is this required? */ if (channel->initconn) { /* Handling for "in progress" connection - this is needed * to avoid spinning 100% CPU when we connect to a server * which doesn't send anything (tcpfwding) */ check_in_progress(channel); continue; /* Important not to use the channel after check_in_progress(), as it may be NULL */ } #endif /* write to program/pipe stdin */ if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) { if (channel->initconn) { /* XXX could this go somewhere cleaner? */ check_in_progress(channel); continue; /* Important not to use the channel after check_in_progress(), as it may be NULL */ } writechannel(channel, channel->writefd, channel->writebuf); } /* stderr for client mode */ if (channel->extrabuf != NULL && channel->errfd >= 0 && FD_ISSET(channel->errfd, writefds)) { writechannel(channel, channel->errfd, channel->extrabuf); } /* now handle any of the channel-closing type stuff */ check_close(channel); } /* foreach channel */ /* Listeners such as TCP, X11, agent-auth */ #ifdef USING_LISTENERS handle_listeners(readfds); #endif } /* EOF/close handling */ static void check_close(struct Channel *channel) { TRACE(("check_close: writefd %d, readfd %d, errfd %d, sent_close %d, recv_close %d", channel->writefd, channel->readfd, channel->errfd, channel->sent_close, channel->recv_close)) TRACE(("writebuf size %d extrabuf ptr 0x%x extrabuf size %d", cbuf_getused(channel->writebuf), channel->writebuf, channel->writebuf ? 0 : cbuf_getused(channel->extrabuf))) /* XXX not good, doesn't flush out */ if (channel->recv_close) { if (! channel->sent_close) { TRACE(("Sending MSG_CHANNEL_CLOSE in response to same.")) send_msg_channel_close(channel); } remove_channel(channel); return; } /* server chansession channels are special, since readfd mightn't * close in the case of "sleep 4 & echo blah" until the sleep is up */ if (channel->type->check_close) { if (channel->type->check_close(channel)) { close_write_fd(channel); close_read_fd(channel, channel->readfd); close_read_fd(channel, channel->errfd); } } if (!channel->sent_eof && channel->readfd == FD_CLOSED && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { send_msg_channel_eof(channel); } if (!channel->sent_close && channel->writefd == FD_CLOSED && channel->readfd == FD_CLOSED && (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) { send_msg_channel_close(channel); } /* XXX blah */ if (channel->recv_eof && (cbuf_getused(channel->writebuf) == 0 && (channel->extrabuf == NULL || cbuf_getused(channel->extrabuf) == 0))) { close_write_fd(channel); } /* When either party wishes to terminate the channel, it sends * SSH_MSG_CHANNEL_CLOSE. Upon receiving this message, a party MUST * send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this * message for the channel. The channel is considered closed for a * party when it has both sent and received SSH_MSG_CHANNEL_CLOSE, and * the party may then reuse the channel number. A party MAY send * SSH_MSG_CHANNEL_CLOSE without having sent or received * SSH_MSG_CHANNEL_EOF. * (from draft-ietf-secsh-connect) */ } /* Check whether a deferred (EINPROGRESS) connect() was successful, and * if so, set up the channel properly. Otherwise, the channel is cleaned up, so * it is important that the channel reference isn't used after a call to this * function */ static void check_in_progress(struct Channel *channel) { int val; socklen_t vallen = sizeof(val); TRACE(("enter check_in_progress")) if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen) || val != 0) { send_msg_channel_open_failure(channel->remotechan, SSH_OPEN_CONNECT_FAILED, "", ""); close(channel->writefd); delete_channel(channel); TRACE(("leave check_in_progress: fail")) } else { send_msg_channel_open_confirmation(channel, channel->recvwindow, channel->recvmaxpacket); channel->readfd = channel->writefd; channel->initconn = 0; TRACE(("leave check_in_progress: success")) } } /* Send the close message and set the channel as closed */ static void send_msg_channel_close(struct Channel *channel) { TRACE(("enter send_msg_channel_close")) if (channel->type->closehandler) { channel->type->closehandler(channel); } CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_CLOSE); buf_putint(ses.writepayload, channel->remotechan); encrypt_packet(); /* XXX is setting sent_eof required? */ channel->sent_eof = 1; channel->sent_close = 1; TRACE(("leave send_msg_channel_close")) } /* call this when trans/eof channels are closed */ static void send_msg_channel_eof(struct Channel *channel) { TRACE(("enter send_msg_channel_eof")) CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_EOF); buf_putint(ses.writepayload, channel->remotechan); encrypt_packet(); channel->sent_eof = 1; TRACE(("leave send_msg_channel_eof")) } /* Called to write data out to the local side of the channel. * Only called when we know we can write to a channel, writes as much as * possible */ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { int len, maxlen; TRACE(("enter writechannel")) maxlen = cbuf_readlen(cbuf); /* Write the data out */ len = write(fd, cbuf_readptr(cbuf, maxlen), maxlen); if (len <= 0) { if (len < 0 && errno != EINTR) { /* no more to write - we close it even if the fd was stderr, since * that's a nasty failure too */ close_write_fd(channel); } TRACE(("leave writechannel: len <= 0")) return; } cbuf_incrread(cbuf, len); channel->recvdonelen += len; /* Window adjust handling */ if (channel->recvdonelen >= RECV_WINDOWEXTEND) { /* Set it back to max window */ send_msg_channel_window_adjust(channel, channel->recvdonelen); channel->recvwindow += channel->recvdonelen; channel->recvdonelen = 0; } dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW); dropbear_assert(channel->recvwindow <= cbuf_getavail(channel->writebuf)); dropbear_assert(channel->extrabuf == NULL || channel->recvwindow <= cbuf_getavail(channel->extrabuf)); TRACE(("leave writechannel")) } /* Set the file descriptors for the main select in session.c * This avoid channels which don't have any window available, are closed, etc*/ void setchannelfds(fd_set *readfds, fd_set *writefds) { unsigned int i; struct Channel * channel; for (i = 0; i < ses.chansize; i++) { channel = ses.channels[i]; if (channel == NULL) { continue; } /* Stuff to put over the wire */ if (channel->transwindow > 0) { if (channel->readfd >= 0) { FD_SET(channel->readfd, readfds); } if (channel->extrabuf == NULL && channel->errfd >= 0) { FD_SET(channel->errfd, readfds); } } /* Stuff from the wire */ if ((channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0 ) || channel->initconn) { FD_SET(channel->writefd, writefds); } if (channel->extrabuf != NULL && channel->errfd >= 0 && cbuf_getused(channel->extrabuf) > 0 ) { FD_SET(channel->errfd, writefds); } } /* foreach channel */ #ifdef USING_LISTENERS set_listener_fds(readfds); #endif } /* handle the channel EOF event, by closing the channel filedescriptor. The * channel isn't closed yet, it is left until the incoming (from the program * etc) FD is also EOF */ void recv_msg_channel_eof() { struct Channel * channel; TRACE(("enter recv_msg_channel_eof")) channel = getchannel_msg("EOF"); channel->recv_eof = 1; check_close(channel); TRACE(("leave recv_msg_channel_eof")) } /* Handle channel closure(), respond in kind and close the channels */ void recv_msg_channel_close() { struct Channel * channel; TRACE(("enter recv_msg_channel_close")) channel = getchannel_msg("Close"); /* XXX eof required? */ channel->recv_eof = 1; channel->recv_close = 1; check_close(channel); TRACE(("leave recv_msg_channel_close")) } /* Remove a channel entry, this is only executed after both sides have sent * channel close */ static void remove_channel(struct Channel * channel) { TRACE(("enter remove_channel")) TRACE(("channel index is %d", channel->index)) /* XXX shuold we assert for sent_closed and recv_closed? * but we also cleanup manually, maybe we need a flag. */ cbuf_free(channel->writebuf); channel->writebuf = NULL; if (channel->extrabuf) { cbuf_free(channel->extrabuf); channel->extrabuf = NULL; } /* close the FDs in case they haven't been done * yet (they might have been shutdown etc) */ close(channel->writefd); close(channel->readfd); close(channel->errfd); channel->typedata = NULL; delete_channel(channel); TRACE(("leave remove_channel")) } /* Remove a channel entry */ static void delete_channel(struct Channel *channel) { ses.channels[channel->index] = NULL; m_free(channel); ses.chancount--; } /* Handle channel specific requests, passing off to corresponding handlers * such as chansession or x11fwd */ void recv_msg_channel_request() { struct Channel *channel; TRACE(("enter recv_msg_channel_request")) channel = getchannel(); if (channel->type->reqhandler) { channel->type->reqhandler(channel); } else { send_msg_channel_failure(channel); } TRACE(("leave recv_msg_channel_request")) } /* Reads data from the server's program/shell/etc, and puts it in a * channel_data packet to send. * chan is the remote channel, isextended is 0 if it is normal data, 1 * if it is extended data. if it is extended, then the type is in * exttype */ static void send_msg_channel_data(struct Channel *channel, int isextended, unsigned int exttype) { int len; size_t maxlen, size_pos; int fd; /* TRACE(("enter send_msg_channel_data")) TRACE(("extended = %d type = %d", isextended, exttype))*/ CHECKCLEARTOWRITE(); dropbear_assert(!channel->sent_close); if (isextended) { fd = channel->errfd; } else { fd = channel->readfd; } dropbear_assert(fd >= 0); maxlen = MIN(channel->transwindow, channel->transmaxpacket); /* -(1+4+4) is SSH_MSG_CHANNEL_DATA, channel number, string length, and * exttype if is extended */ maxlen = MIN(maxlen, ses.writepayload->size - 1 - 4 - 4 - (isextended ? 4 : 0)); TRACE(("maxlen %d", maxlen)) if (maxlen == 0) { TRACE(("leave send_msg_channel_data: no window")) return; } buf_putbyte(ses.writepayload, isextended ? SSH_MSG_CHANNEL_EXTENDED_DATA : SSH_MSG_CHANNEL_DATA); buf_putint(ses.writepayload, channel->remotechan); if (isextended) { buf_putint(ses.writepayload, exttype); } /* a dummy size first ...*/ size_pos = ses.writepayload->pos; buf_putint(ses.writepayload, 0); /* read the data */ len = read(fd, buf_getwriteptr(ses.writepayload, maxlen), maxlen); if (len <= 0) { if (len == 0 || errno != EINTR) { close_read_fd(channel, fd); } ses.writepayload->len = ses.writepayload->pos = 0; TRACE(("leave send_msg_channel_data: read err or EOF for fd %d", channel->index)); return; } buf_incrwritepos(ses.writepayload, len); /* ... real size here */ buf_setpos(ses.writepayload, size_pos); buf_putint(ses.writepayload, len); channel->transwindow -= len; encrypt_packet(); TRACE(("leave send_msg_channel_data")) } /* We receive channel data */ void recv_msg_channel_data() { struct Channel *channel; channel = getchannel(); common_recv_msg_channel_data(channel, channel->writefd, channel->writebuf); } /* Shared for data and stderr data - when we receive data, put it in a buffer * for writing to the local file descriptor */ void common_recv_msg_channel_data(struct Channel *channel, int fd, circbuffer * cbuf) { unsigned int datalen; unsigned int maxdata; unsigned int buflen; unsigned int len; TRACE(("enter recv_msg_channel_data")) if (channel->recv_eof) { dropbear_exit("received data after eof"); } /* XXX this is getting hit by people - maybe should be * made less fatal (or just fixed). * * The most likely explanation is that the socket is being closed (due to * write failure etc) but the far end doesn't know yet, so keeps sending * packets. We already know that the channel number that was given was * valid, so probably should skip out here. Maybe * assert(channel->sent_close), thuogh only if the close-on-failure code is * doing that */ if (fd < 0) { dropbear_exit("received data with bad writefd"); } datalen = buf_getint(ses.payload); maxdata = cbuf_getavail(cbuf); /* Whilst the spec says we "MAY ignore data past the end" this could * lead to corrupted file transfers etc (chunks missed etc). It's better to * just die horribly */ if (datalen > maxdata) { dropbear_exit("Oversized packet"); } /* We may have to run throught twice, if the buffer wraps around. Can't * just "leave it for next time" like with writechannel, since this * is payload data */ len = datalen; while (len > 0) { buflen = cbuf_writelen(cbuf); buflen = MIN(buflen, len); memcpy(cbuf_writeptr(cbuf, buflen), buf_getptr(ses.payload, buflen), buflen); cbuf_incrwrite(cbuf, buflen); buf_incrpos(ses.payload, buflen); len -= buflen; } dropbear_assert(channel->recvwindow >= datalen); channel->recvwindow -= datalen; dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW); TRACE(("leave recv_msg_channel_data")) } /* Increment the outgoing data window for a channel - the remote end limits * the amount of data which may be transmitted, this window is decremented * as data is sent, and incremented upon receiving window-adjust messages */ void recv_msg_channel_window_adjust() { struct Channel * channel; unsigned int incr; channel = getchannel(); incr = buf_getint(ses.payload); TRACE(("received window increment %d", incr)) incr = MIN(incr, MAX_TRANS_WIN_INCR); channel->transwindow += incr; channel->transwindow = MIN(channel->transwindow, MAX_TRANS_WINDOW); } /* Increment the incoming data window for a channel, and let the remote * end know */ static void send_msg_channel_window_adjust(struct Channel* channel, unsigned int incr) { TRACE(("sending window adjust %d", incr)) CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_WINDOW_ADJUST); buf_putint(ses.writepayload, channel->remotechan); buf_putint(ses.writepayload, incr); encrypt_packet(); } /* Handle a new channel request, performing any channel-type-specific setup */ void recv_msg_channel_open() { unsigned char *type; unsigned int typelen; unsigned int remotechan, transwindow, transmaxpacket; struct Channel *channel; const struct ChanType **cp; const struct ChanType *chantype; unsigned int errtype = SSH_OPEN_UNKNOWN_CHANNEL_TYPE; int ret; TRACE(("enter recv_msg_channel_open")) /* get the packet contents */ type = buf_getstring(ses.payload, &typelen); remotechan = buf_getint(ses.payload); transwindow = buf_getint(ses.payload); transwindow = MIN(transwindow, MAX_TRANS_WINDOW); transmaxpacket = buf_getint(ses.payload); transmaxpacket = MIN(transmaxpacket, MAX_TRANS_PAYLOAD_LEN); /* figure what type of packet it is */ if (typelen > MAX_NAME_LEN) { goto failure; } /* Get the channel type. Client and server style invokation will set up a * different list for ses.chantypes at startup. We just iterate through * this list and find the matching name */ /* XXX fugly */ for (cp = &ses.chantypes[0], chantype = (*cp); chantype != NULL; cp++, chantype = (*cp)) { if (strcmp(type, chantype->name) == 0) { break; } } if (chantype == NULL) { TRACE(("No matching type for '%s'", type)) goto failure; } TRACE(("matched type '%s'", type)) /* create the channel */ channel = newchannel(remotechan, chantype, transwindow, transmaxpacket); if (channel == NULL) { TRACE(("newchannel returned NULL")) goto failure; } if (channel->type->inithandler) { ret = channel->type->inithandler(channel); if (ret == SSH_OPEN_IN_PROGRESS) { /* We'll send the confirmation later */ goto cleanup; } if (ret > 0) { errtype = ret; delete_channel(channel); TRACE(("inithandler returned failure %d", ret)) goto failure; } } /* success */ send_msg_channel_open_confirmation(channel, channel->recvwindow, channel->recvmaxpacket); goto cleanup; failure: TRACE(("recv_msg_channel_open failure")) send_msg_channel_open_failure(remotechan, errtype, "", ""); cleanup: m_free(type); TRACE(("leave recv_msg_channel_open")) } /* Send a failure message */ void send_msg_channel_failure(struct Channel *channel) { TRACE(("enter send_msg_channel_failure")) CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_FAILURE); buf_putint(ses.writepayload, channel->remotechan); encrypt_packet(); TRACE(("leave send_msg_channel_failure")) } /* Send a success message */ void send_msg_channel_success(struct Channel *channel) { TRACE(("enter send_msg_channel_success")) CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_SUCCESS); buf_putint(ses.writepayload, channel->remotechan); encrypt_packet(); TRACE(("leave send_msg_channel_success")) } /* Send a channel open failure message, with a corresponding reason * code (usually resource shortage or unknown chan type) */ static void send_msg_channel_open_failure(unsigned int remotechan, int reason, const unsigned char *text, const unsigned char *lang) { TRACE(("enter send_msg_channel_open_failure")) CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_FAILURE); buf_putint(ses.writepayload, remotechan); buf_putint(ses.writepayload, reason); buf_putstring(ses.writepayload, text, strlen((char*)text)); buf_putstring(ses.writepayload, lang, strlen((char*)lang)); encrypt_packet(); TRACE(("leave send_msg_channel_open_failure")) } /* Confirm a channel open, and let the remote end know what number we've * allocated and the receive parameters */ static void send_msg_channel_open_confirmation(struct Channel* channel, unsigned int recvwindow, unsigned int recvmaxpacket) { TRACE(("enter send_msg_channel_open_confirmation")) CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_CONFIRMATION); buf_putint(ses.writepayload, channel->remotechan); buf_putint(ses.writepayload, channel->index); buf_putint(ses.writepayload, recvwindow); buf_putint(ses.writepayload, recvmaxpacket); encrypt_packet(); TRACE(("leave send_msg_channel_open_confirmation")) } #if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT) /* Create a new channel, and start the open request. This is intended * for X11, agent, tcp forwarding, and should be filled with channel-specific * options, with the calling function calling encrypt_packet() after * completion. It is mandatory for the caller to encrypt_packet() if * DROPBEAR_SUCCESS is returned */ int send_msg_channel_open_init(int fd, const struct ChanType *type) { struct Channel* chan; TRACE(("enter send_msg_channel_open_init()")) chan = newchannel(0, type, 0, 0); if (!chan) { TRACE(("leave send_msg_channel_open_init() - FAILED in newchannel()")) return DROPBEAR_FAILURE; } /* set fd non-blocking */ setnonblocking(fd); chan->writefd = chan->readfd = fd; ses.maxfd = MAX(ses.maxfd, fd); chan->await_open = 1; /* now open the channel connection */ CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN); buf_putstring(ses.writepayload, type->name, strlen(type->name)); buf_putint(ses.writepayload, chan->index); buf_putint(ses.writepayload, RECV_MAXWINDOW); buf_putint(ses.writepayload, RECV_MAXPACKET); TRACE(("leave send_msg_channel_open_init()")) return DROPBEAR_SUCCESS; } /* Confirmation that our channel open request (for forwardings) was * successful*/ void recv_msg_channel_open_confirmation() { struct Channel * channel; int ret; TRACE(("enter recv_msg_channel_open_confirmation")) channel = getchannel(); if (!channel->await_open) { dropbear_exit("unexpected channel reply"); } channel->await_open = 0; channel->remotechan = buf_getint(ses.payload); channel->transwindow = buf_getint(ses.payload); channel->transmaxpacket = buf_getint(ses.payload); TRACE(("new chan remote %d local %d", channel->remotechan, channel->index)) /* Run the inithandler callback */ if (channel->type->inithandler) { ret = channel->type->inithandler(channel); if (ret > 0) { remove_channel(channel); TRACE(("inithandler returned failure %d", ret)) } } TRACE(("leave recv_msg_channel_open_confirmation")) } /* Notification that our channel open request failed */ void recv_msg_channel_open_failure() { struct Channel * channel; channel = getchannel(); if (!channel->await_open) { dropbear_exit("unexpected channel reply"); } channel->await_open = 0; remove_channel(channel); } #endif /* USING_LISTENERS */ /* close a stdout/stderr fd */ static void close_read_fd(struct Channel * channel, int fd) { /* don't close it if it is the same as writefd, * unless writefd is already set -1 */ TRACE(("enter close_read_fd")) close_chan_fd(channel, fd, 0); TRACE(("leave close_read_fd")) } /* close a stdin fd */ static void close_write_fd(struct Channel * channel) { TRACE(("enter close_write_fd")) close_chan_fd(channel, channel->writefd, 1); TRACE(("leave close_write_fd")) } /* close a fd, how is 0 for stdout/stderr, 1 for stdin */ static void close_chan_fd(struct Channel *channel, int fd, int how) { int closein = 0, closeout = 0; if (channel->type->sepfds) { TRACE(("shutdown((%d), %d)", fd, how)) shutdown(fd, how); if (how == 0) { closeout = 1; } else { closein = 1; } } else { close(fd); closein = closeout = 1; } if (closeout && fd == channel->readfd) { channel->readfd = FD_CLOSED; } if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) { channel->errfd = FD_CLOSED; } if (closein && fd == channel->writefd) { channel->writefd = FD_CLOSED; } if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) { channel->errfd = FD_CLOSED; } /* if we called shutdown on it and all references are gone, then we * need to close() it to stop it lingering */ if (channel->type->sepfds && channel->readfd == FD_CLOSED && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { close(fd); } }