Annotation of src/usr.bin/ssh/mux.c, Revision 1.18
1.18 ! markus 1: /* $OpenBSD: mux.c,v 1.17 2010/05/14 23:29:23 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: /* ssh session multiplexing support */
19:
1.2 djm 20: /*
21: * TODO:
1.10 djm 22: * - Better signalling from master to slave, especially passing of
1.2 djm 23: * error messages
1.10 djm 24: * - Better fall-back from mux slave error to new connection.
25: * - ExitOnForwardingFailure
26: * - Maybe extension mechanisms for multi-X11/multi-agent forwarding
27: * - Support ~^Z in mux slaves.
28: * - Inspect or control sessions in master.
29: * - If we ever support the "signal" channel request, send signals on
30: * sessions in master.
1.2 djm 31: */
32:
1.1 djm 33: #include <sys/types.h>
34: #include <sys/param.h>
35: #include <sys/queue.h>
36: #include <sys/stat.h>
37: #include <sys/socket.h>
38: #include <sys/un.h>
39:
40: #include <errno.h>
41: #include <fcntl.h>
1.10 djm 42: #include <poll.h>
1.1 djm 43: #include <signal.h>
44: #include <stdarg.h>
45: #include <stddef.h>
46: #include <stdlib.h>
47: #include <stdio.h>
48: #include <string.h>
49: #include <unistd.h>
50: #include <util.h>
51: #include <paths.h>
52:
1.10 djm 53: #include "atomicio.h"
1.1 djm 54: #include "xmalloc.h"
55: #include "log.h"
56: #include "ssh.h"
1.18 ! markus 57: #include "ssh2.h"
1.1 djm 58: #include "pathnames.h"
59: #include "misc.h"
60: #include "match.h"
61: #include "buffer.h"
62: #include "channels.h"
63: #include "msg.h"
64: #include "packet.h"
65: #include "monitor_fdpass.h"
66: #include "sshpty.h"
67: #include "key.h"
68: #include "readconf.h"
69: #include "clientloop.h"
70:
71: /* from ssh.c */
72: extern int tty_flag;
1.9 djm 73: extern int force_tty_flag;
1.1 djm 74: extern Options options;
75: extern int stdin_null_flag;
76: extern char *host;
1.8 dtucker 77: extern int subsystem_flag;
1.1 djm 78: extern Buffer command;
1.10 djm 79: extern volatile sig_atomic_t quit_pending;
80: extern char *stdio_forward_host;
81: extern int stdio_forward_port;
1.1 djm 82:
1.2 djm 83: /* Context for session open confirmation callback */
84: struct mux_session_confirm_ctx {
1.10 djm 85: u_int want_tty;
86: u_int want_subsys;
87: u_int want_x_fwd;
88: u_int want_agent_fwd;
1.2 djm 89: Buffer cmd;
90: char *term;
91: struct termios tio;
92: char **env;
1.17 djm 93: u_int rid;
1.2 djm 94: };
95:
1.18 ! markus 96: /* Context for global channel callback */
! 97: struct mux_channel_confirm_ctx {
! 98: u_int cid; /* channel id */
! 99: u_int rid; /* request id */
! 100: int fid; /* forward id */
! 101: };
! 102:
1.1 djm 103: /* fd to control socket */
104: int muxserver_sock = -1;
105:
1.10 djm 106: /* client request id */
107: u_int muxclient_request_id = 0;
108:
1.1 djm 109: /* Multiplexing control command */
110: u_int muxclient_command = 0;
111:
112: /* Set when signalled. */
113: static volatile sig_atomic_t muxclient_terminate = 0;
114:
115: /* PID of multiplex server */
116: static u_int muxserver_pid = 0;
117:
1.10 djm 118: static Channel *mux_listener_channel = NULL;
119:
120: struct mux_master_state {
121: int hello_rcvd;
122: };
1.1 djm 123:
1.10 djm 124: /* mux protocol messages */
125: #define MUX_MSG_HELLO 0x00000001
126: #define MUX_C_NEW_SESSION 0x10000002
127: #define MUX_C_ALIVE_CHECK 0x10000004
128: #define MUX_C_TERMINATE 0x10000005
129: #define MUX_C_OPEN_FWD 0x10000006
130: #define MUX_C_CLOSE_FWD 0x10000007
131: #define MUX_C_NEW_STDIO_FWD 0x10000008
132: #define MUX_S_OK 0x80000001
133: #define MUX_S_PERMISSION_DENIED 0x80000002
134: #define MUX_S_FAILURE 0x80000003
135: #define MUX_S_EXIT_MESSAGE 0x80000004
136: #define MUX_S_ALIVE 0x80000005
137: #define MUX_S_SESSION_OPENED 0x80000006
1.18 ! markus 138: #define MUX_S_REMOTE_PORT 0x80000007
1.10 djm 139:
140: /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
141: #define MUX_FWD_LOCAL 1
142: #define MUX_FWD_REMOTE 2
143: #define MUX_FWD_DYNAMIC 3
144:
1.17 djm 145: static void mux_session_confirm(int, int, void *);
1.10 djm 146:
147: static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *);
148: static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *);
149: static int process_mux_alive_check(u_int, Channel *, Buffer *, Buffer *);
150: static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *);
151: static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
152: static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
153: static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
154:
155: static const struct {
156: u_int type;
157: int (*handler)(u_int, Channel *, Buffer *, Buffer *);
158: } mux_master_handlers[] = {
159: { MUX_MSG_HELLO, process_mux_master_hello },
160: { MUX_C_NEW_SESSION, process_mux_new_session },
161: { MUX_C_ALIVE_CHECK, process_mux_alive_check },
162: { MUX_C_TERMINATE, process_mux_terminate },
163: { MUX_C_OPEN_FWD, process_mux_open_fwd },
164: { MUX_C_CLOSE_FWD, process_mux_close_fwd },
165: { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
166: { 0, NULL }
167: };
1.1 djm 168:
1.10 djm 169: /* Cleanup callback fired on closure of mux slave _session_ channel */
170: /* ARGSUSED */
171: static void
172: mux_master_session_cleanup_cb(int cid, void *unused)
1.1 djm 173: {
1.10 djm 174: Channel *cc, *c = channel_by_id(cid);
1.1 djm 175:
1.10 djm 176: debug3("%s: entering for channel %d", __func__, cid);
177: if (c == NULL)
178: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
179: if (c->ctl_chan != -1) {
180: if ((cc = channel_by_id(c->ctl_chan)) == NULL)
181: fatal("%s: channel %d missing control channel %d",
182: __func__, c->self, c->ctl_chan);
183: c->ctl_chan = -1;
184: cc->remote_id = -1;
185: chan_rcvd_oclose(cc);
1.1 djm 186: }
1.10 djm 187: channel_cancel_cleanup(c->self);
1.1 djm 188: }
189:
1.10 djm 190: /* Cleanup callback fired on closure of mux slave _control_ channel */
191: /* ARGSUSED */
1.1 djm 192: static void
1.10 djm 193: mux_master_control_cleanup_cb(int cid, void *unused)
1.1 djm 194: {
1.10 djm 195: Channel *sc, *c = channel_by_id(cid);
1.1 djm 196:
1.10 djm 197: debug3("%s: entering for channel %d", __func__, cid);
198: if (c == NULL)
199: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
200: if (c->remote_id != -1) {
201: if ((sc = channel_by_id(c->remote_id)) == NULL)
1.15 djm 202: fatal("%s: channel %d missing session channel %d",
1.10 djm 203: __func__, c->self, c->remote_id);
204: c->remote_id = -1;
205: sc->ctl_chan = -1;
1.12 djm 206: if (sc->type != SSH_CHANNEL_OPEN) {
207: debug2("%s: channel %d: not open", __func__, sc->self);
1.13 djm 208: chan_mark_dead(sc);
1.12 djm 209: } else {
1.14 djm 210: if (sc->istate == CHAN_INPUT_OPEN)
211: chan_read_failed(sc);
212: if (sc->ostate == CHAN_OUTPUT_OPEN)
213: chan_write_failed(sc);
1.12 djm 214: }
1.1 djm 215: }
1.10 djm 216: channel_cancel_cleanup(c->self);
1.1 djm 217: }
218:
1.10 djm 219: /* Check mux client environment variables before passing them to mux master. */
220: static int
221: env_permitted(char *env)
1.1 djm 222: {
1.10 djm 223: int i, ret;
224: char name[1024], *cp;
1.1 djm 225:
1.10 djm 226: if ((cp = strchr(env, '=')) == NULL || cp == env)
1.1 djm 227: return 0;
1.10 djm 228: ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
229: if (ret <= 0 || (size_t)ret >= sizeof(name)) {
230: error("env_permitted: name '%.100s...' too long", env);
1.1 djm 231: return 0;
232: }
233:
1.10 djm 234: for (i = 0; i < options.num_send_env; i++)
235: if (match_pattern(name, options.send_env[i]))
236: return 1;
1.1 djm 237:
1.10 djm 238: return 0;
239: }
1.1 djm 240:
1.10 djm 241: /* Mux master protocol message handlers */
1.1 djm 242:
1.10 djm 243: static int
244: process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
245: {
246: u_int ver;
247: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1.1 djm 248:
1.10 djm 249: if (state == NULL)
250: fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
251: if (state->hello_rcvd) {
252: error("%s: HELLO received twice", __func__);
253: return -1;
254: }
255: if (buffer_get_int_ret(&ver, m) != 0) {
256: malf:
257: error("%s: malformed message", __func__);
258: return -1;
259: }
260: if (ver != SSHMUX_VER) {
261: error("Unsupported multiplexing protocol version %d "
262: "(expected %d)", ver, SSHMUX_VER);
263: return -1;
264: }
265: debug2("%s: channel %d slave version %u", __func__, c->self, ver);
266:
267: /* No extensions are presently defined */
268: while (buffer_len(m) > 0) {
269: char *name = buffer_get_string_ret(m, NULL);
270: char *value = buffer_get_string_ret(m, NULL);
271:
272: if (name == NULL || value == NULL) {
273: if (name != NULL)
274: xfree(name);
275: goto malf;
1.1 djm 276: }
1.10 djm 277: debug2("Unrecognised slave extension \"%s\"", name);
278: xfree(name);
279: xfree(value);
1.1 djm 280: }
1.10 djm 281: state->hello_rcvd = 1;
282: return 0;
283: }
284:
285: static int
286: process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
287: {
288: Channel *nc;
289: struct mux_session_confirm_ctx *cctx;
290: char *reserved, *cmd, *cp;
291: u_int i, j, len, env_len, escape_char, window, packetmax;
292: int new_fd[3];
1.1 djm 293:
294: /* Reply for SSHMUX_COMMAND_OPEN */
1.10 djm 295: cctx = xcalloc(1, sizeof(*cctx));
296: cctx->term = NULL;
1.17 djm 297: cctx->rid = rid;
1.11 djm 298: cmd = reserved = NULL;
1.10 djm 299: if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
300: buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
301: buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
302: buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 ||
303: buffer_get_int_ret(&cctx->want_subsys, m) != 0 ||
304: buffer_get_int_ret(&escape_char, m) != 0 ||
305: (cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
306: (cmd = buffer_get_string_ret(m, &len)) == NULL) {
307: malf:
1.11 djm 308: if (cmd != NULL)
309: xfree(cmd);
310: if (reserved != NULL)
311: xfree(reserved);
1.10 djm 312: if (cctx->term != NULL)
313: xfree(cctx->term);
314: error("%s: malformed message", __func__);
315: return -1;
1.1 djm 316: }
1.10 djm 317: xfree(reserved);
1.11 djm 318: reserved = NULL;
1.1 djm 319:
1.10 djm 320: cctx->env = NULL;
321: env_len = 0;
322: while (buffer_len(m) > 0) {
323: #define MUX_MAX_ENV_VARS 4096
324: if ((cp = buffer_get_string_ret(m, &len)) == NULL) {
325: xfree(cmd);
326: goto malf;
327: }
328: if (!env_permitted(cp)) {
329: xfree(cp);
330: continue;
331: }
332: cctx->env = xrealloc(cctx->env, env_len + 2,
333: sizeof(*cctx->env));
334: cctx->env[env_len++] = cp;
335: cctx->env[env_len] = NULL;
336: if (env_len > MUX_MAX_ENV_VARS) {
337: error(">%d environment variables received, ignoring "
338: "additional", MUX_MAX_ENV_VARS);
339: break;
340: }
1.1 djm 341: }
342:
1.10 djm 343: debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
344: "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
345: cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
346: cctx->want_subsys, cctx->term, cmd, env_len);
1.1 djm 347:
348: buffer_init(&cctx->cmd);
349: buffer_append(&cctx->cmd, cmd, strlen(cmd));
350: xfree(cmd);
1.11 djm 351: cmd = NULL;
1.1 djm 352:
353: /* Gather fds from client */
354: for(i = 0; i < 3; i++) {
1.10 djm 355: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
1.1 djm 356: error("%s: failed to receive fd %d from slave",
357: __func__, i);
358: for (j = 0; j < i; j++)
359: close(new_fd[j]);
360: for (j = 0; j < env_len; j++)
361: xfree(cctx->env[j]);
362: if (env_len > 0)
363: xfree(cctx->env);
364: xfree(cctx->term);
365: buffer_free(&cctx->cmd);
366: xfree(cctx);
1.10 djm 367:
368: /* prepare reply */
369: buffer_put_int(r, MUX_S_FAILURE);
370: buffer_put_int(r, rid);
371: buffer_put_cstring(r,
372: "did not receive file descriptors");
373: return -1;
1.1 djm 374: }
375: }
376:
1.10 djm 377: debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
1.1 djm 378: new_fd[0], new_fd[1], new_fd[2]);
379:
1.10 djm 380: /* XXX support multiple child sessions in future */
381: if (c->remote_id != -1) {
382: debug2("%s: session already open", __func__);
383: /* prepare reply */
384: buffer_put_int(r, MUX_S_FAILURE);
385: buffer_put_int(r, rid);
386: buffer_put_cstring(r, "Multiple sessions not supported");
387: cleanup:
1.1 djm 388: close(new_fd[0]);
389: close(new_fd[1]);
390: close(new_fd[2]);
391: xfree(cctx->term);
392: if (env_len != 0) {
393: for (i = 0; i < env_len; i++)
394: xfree(cctx->env[i]);
395: xfree(cctx->env);
396: }
1.10 djm 397: buffer_free(&cctx->cmd);
1.1 djm 398: return 0;
399: }
1.10 djm 400:
401: if (options.control_master == SSHCTL_MASTER_ASK ||
402: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
403: if (!ask_permission("Allow shared connection to %s? ", host)) {
404: debug2("%s: session refused by user", __func__);
405: /* prepare reply */
406: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
407: buffer_put_int(r, rid);
408: buffer_put_cstring(r, "Permission denied");
409: goto cleanup;
410: }
411: }
412:
413: /* Try to pick up ttymodes from client before it goes raw */
414: if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
415: error("%s: tcgetattr: %s", __func__, strerror(errno));
1.1 djm 416:
417: /* enable nonblocking unless tty */
418: if (!isatty(new_fd[0]))
419: set_nonblock(new_fd[0]);
420: if (!isatty(new_fd[1]))
421: set_nonblock(new_fd[1]);
422: if (!isatty(new_fd[2]))
423: set_nonblock(new_fd[2]);
424:
425: window = CHAN_SES_WINDOW_DEFAULT;
426: packetmax = CHAN_SES_PACKET_DEFAULT;
427: if (cctx->want_tty) {
428: window >>= 1;
429: packetmax >>= 1;
430: }
1.10 djm 431:
432: nc = channel_new("session", SSH_CHANNEL_OPENING,
1.1 djm 433: new_fd[0], new_fd[1], new_fd[2], window, packetmax,
434: CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
435:
1.10 djm 436: nc->ctl_chan = c->self; /* link session -> control channel */
437: c->remote_id = nc->self; /* link control -> session channel */
438:
1.2 djm 439: if (cctx->want_tty && escape_char != 0xffffffff) {
1.10 djm 440: channel_register_filter(nc->self,
1.2 djm 441: client_simple_escape_filter, NULL,
1.4 djm 442: client_filter_cleanup,
1.2 djm 443: client_new_escape_filter_ctx((int)escape_char));
444: }
1.1 djm 445:
1.10 djm 446: debug2("%s: channel_new: %d linked to control channel %d",
447: __func__, nc->self, nc->ctl_chan);
448:
449: channel_send_open(nc->self);
450: channel_register_open_confirm(nc->self, mux_session_confirm, cctx);
1.17 djm 451: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1.16 djm 452: channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
1.10 djm 453:
1.17 djm 454: /* reply is deferred, sent by mux_session_confirm */
1.1 djm 455: return 0;
456: }
457:
1.10 djm 458: static int
459: process_mux_alive_check(u_int rid, Channel *c, Buffer *m, Buffer *r)
1.1 djm 460: {
1.10 djm 461: debug2("%s: channel %d: alive check", __func__, c->self);
1.1 djm 462:
1.10 djm 463: /* prepare reply */
464: buffer_put_int(r, MUX_S_ALIVE);
465: buffer_put_int(r, rid);
466: buffer_put_int(r, (u_int)getpid());
1.1 djm 467:
1.10 djm 468: return 0;
1.1 djm 469: }
470:
471: static int
1.10 djm 472: process_mux_terminate(u_int rid, Channel *c, Buffer *m, Buffer *r)
1.1 djm 473: {
1.10 djm 474: debug2("%s: channel %d: terminate request", __func__, c->self);
1.1 djm 475:
1.10 djm 476: if (options.control_master == SSHCTL_MASTER_ASK ||
477: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
478: if (!ask_permission("Terminate shared connection to %s? ",
479: host)) {
480: debug2("%s: termination refused by user", __func__);
481: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
482: buffer_put_int(r, rid);
483: buffer_put_cstring(r, "Permission denied");
484: return 0;
485: }
486: }
1.1 djm 487:
1.10 djm 488: quit_pending = 1;
489: buffer_put_int(r, MUX_S_OK);
490: buffer_put_int(r, rid);
491: /* XXX exit happens too soon - message never makes it to client */
492: return 0;
1.1 djm 493: }
494:
1.10 djm 495: static char *
496: format_forward(u_int ftype, Forward *fwd)
1.1 djm 497: {
1.10 djm 498: char *ret;
1.1 djm 499:
1.10 djm 500: switch (ftype) {
501: case MUX_FWD_LOCAL:
502: xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
503: (fwd->listen_host == NULL) ?
504: (options.gateway_ports ? "*" : "LOCALHOST") :
505: fwd->listen_host, fwd->listen_port,
506: fwd->connect_host, fwd->connect_port);
507: break;
508: case MUX_FWD_DYNAMIC:
509: xasprintf(&ret, "dynamic forward %.200s:%d -> *",
510: (fwd->listen_host == NULL) ?
511: (options.gateway_ports ? "*" : "LOCALHOST") :
512: fwd->listen_host, fwd->listen_port);
513: break;
514: case MUX_FWD_REMOTE:
515: xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
516: (fwd->listen_host == NULL) ?
517: "LOCALHOST" : fwd->listen_host,
518: fwd->listen_port,
519: fwd->connect_host, fwd->connect_port);
1.1 djm 520: break;
521: default:
1.10 djm 522: fatal("%s: unknown forward type %u", __func__, ftype);
1.1 djm 523: }
1.10 djm 524: return ret;
525: }
1.1 djm 526:
1.10 djm 527: static int
528: compare_host(const char *a, const char *b)
529: {
530: if (a == NULL && b == NULL)
531: return 1;
532: if (a == NULL || b == NULL)
533: return 0;
534: return strcmp(a, b) == 0;
535: }
1.1 djm 536:
1.10 djm 537: static int
538: compare_forward(Forward *a, Forward *b)
539: {
540: if (!compare_host(a->listen_host, b->listen_host))
541: return 0;
542: if (a->listen_port != b->listen_port)
543: return 0;
544: if (!compare_host(a->connect_host, b->connect_host))
545: return 0;
546: if (a->connect_port != b->connect_port)
547: return 0;
1.1 djm 548:
1.10 djm 549: return 1;
550: }
1.1 djm 551:
1.18 ! markus 552: static void
! 553: mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
! 554: {
! 555: struct mux_channel_confirm_ctx *fctx = ctxt;
! 556: char *failmsg = NULL;
! 557: Forward *rfwd;
! 558: Channel *c;
! 559: Buffer out;
! 560:
! 561: if ((c = channel_by_id(fctx->cid)) == NULL) {
! 562: /* no channel for reply */
! 563: error("%s: unknown channel", __func__);
! 564: return;
! 565: }
! 566: buffer_init(&out);
! 567: if (fctx->fid >= options.num_remote_forwards) {
! 568: xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
! 569: goto fail;
! 570: }
! 571: rfwd = &options.remote_forwards[fctx->fid];
! 572: debug("%s: %s for: listen %d, connect %s:%d", __func__,
! 573: type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
! 574: rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
! 575: if (type == SSH2_MSG_REQUEST_SUCCESS) {
! 576: if (rfwd->listen_port == 0) {
! 577: rfwd->allocated_port = packet_get_int();
! 578: logit("Allocated port %u for mux remote forward"
! 579: " to %s:%d", rfwd->allocated_port,
! 580: rfwd->connect_host, rfwd->connect_port);
! 581: buffer_put_int(&out, MUX_S_REMOTE_PORT);
! 582: buffer_put_int(&out, fctx->rid);
! 583: buffer_put_int(&out, rfwd->allocated_port);
! 584: } else {
! 585: buffer_put_int(&out, MUX_S_OK);
! 586: buffer_put_int(&out, fctx->rid);
! 587: }
! 588: goto out;
! 589: } else {
! 590: xasprintf(&failmsg, "remote port forwarding failed for "
! 591: "listen port %d", rfwd->listen_port);
! 592: }
! 593: fail:
! 594: error("%s: %s", __func__, failmsg);
! 595: buffer_put_int(&out, MUX_S_FAILURE);
! 596: buffer_put_int(&out, fctx->rid);
! 597: buffer_put_cstring(&out, failmsg);
! 598: xfree(failmsg);
! 599: out:
! 600: buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
! 601: buffer_free(&out);
! 602: if (c->mux_pause <= 0)
! 603: fatal("%s: mux_pause %d", __func__, c->mux_pause);
! 604: c->mux_pause = 0; /* start processing messages again */
! 605: }
! 606:
1.10 djm 607: static int
608: process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
609: {
610: Forward fwd;
611: char *fwd_desc = NULL;
612: u_int ftype;
613: int i, ret = 0, freefwd = 1;
614:
615: fwd.listen_host = fwd.connect_host = NULL;
616: if (buffer_get_int_ret(&ftype, m) != 0 ||
617: (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
618: buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
619: (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
620: buffer_get_int_ret(&fwd.connect_port, m) != 0) {
621: error("%s: malformed message", __func__);
622: ret = -1;
623: goto out;
624: }
625:
626: if (*fwd.listen_host == '\0') {
627: xfree(fwd.listen_host);
628: fwd.listen_host = NULL;
629: }
630: if (*fwd.connect_host == '\0') {
631: xfree(fwd.connect_host);
632: fwd.connect_host = NULL;
633: }
634:
635: debug2("%s: channel %d: request %s", __func__, c->self,
636: (fwd_desc = format_forward(ftype, &fwd)));
637:
638: if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
639: ftype != MUX_FWD_DYNAMIC) {
640: logit("%s: invalid forwarding type %u", __func__, ftype);
641: invalid:
1.18 ! markus 642: if (fwd.listen_host)
! 643: xfree(fwd.listen_host);
! 644: if (fwd.connect_host)
! 645: xfree(fwd.connect_host);
1.10 djm 646: buffer_put_int(r, MUX_S_FAILURE);
647: buffer_put_int(r, rid);
648: buffer_put_cstring(r, "Invalid forwarding request");
649: return 0;
650: }
1.18 ! markus 651: if (fwd.listen_port >= 65536) {
1.10 djm 652: logit("%s: invalid listen port %u", __func__,
653: fwd.listen_port);
654: goto invalid;
655: }
656: if (fwd.connect_port >= 65536 || (ftype != MUX_FWD_DYNAMIC &&
657: ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) {
658: logit("%s: invalid connect port %u", __func__,
659: fwd.connect_port);
660: goto invalid;
661: }
662: if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL) {
663: logit("%s: missing connect host", __func__);
664: goto invalid;
665: }
666:
667: /* Skip forwards that have already been requested */
668: switch (ftype) {
669: case MUX_FWD_LOCAL:
670: case MUX_FWD_DYNAMIC:
671: for (i = 0; i < options.num_local_forwards; i++) {
672: if (compare_forward(&fwd,
673: options.local_forwards + i)) {
674: exists:
675: debug2("%s: found existing forwarding",
676: __func__);
677: buffer_put_int(r, MUX_S_OK);
678: buffer_put_int(r, rid);
679: goto out;
680: }
681: }
682: break;
683: case MUX_FWD_REMOTE:
684: for (i = 0; i < options.num_remote_forwards; i++) {
685: if (compare_forward(&fwd,
1.18 ! markus 686: options.remote_forwards + i)) {
! 687: if (fwd.listen_port != 0)
! 688: goto exists;
! 689: debug2("%s: found allocated port",
! 690: __func__);
! 691: buffer_put_int(r, MUX_S_REMOTE_PORT);
! 692: buffer_put_int(r, rid);
! 693: buffer_put_int(r,
! 694: options.remote_forwards[i].allocated_port);
! 695: goto out;
! 696: }
1.10 djm 697: }
698: break;
699: }
700:
701: if (options.control_master == SSHCTL_MASTER_ASK ||
702: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
703: if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
704: debug2("%s: forwarding refused by user", __func__);
705: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
706: buffer_put_int(r, rid);
707: buffer_put_cstring(r, "Permission denied");
708: goto out;
709: }
710: }
711:
712: if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
713: if (options.num_local_forwards + 1 >=
714: SSH_MAX_FORWARDS_PER_DIRECTION ||
715: channel_setup_local_fwd_listener(fwd.listen_host,
716: fwd.listen_port, fwd.connect_host, fwd.connect_port,
717: options.gateway_ports) < 0) {
718: fail:
719: logit("slave-requested %s failed", fwd_desc);
720: buffer_put_int(r, MUX_S_FAILURE);
721: buffer_put_int(r, rid);
722: buffer_put_cstring(r, "Port forwarding failed");
723: goto out;
724: }
725: add_local_forward(&options, &fwd);
726: freefwd = 0;
727: } else {
1.18 ! markus 728: struct mux_channel_confirm_ctx *fctx;
! 729:
1.10 djm 730: if (options.num_remote_forwards + 1 >=
731: SSH_MAX_FORWARDS_PER_DIRECTION ||
732: channel_request_remote_forwarding(fwd.listen_host,
733: fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
734: goto fail;
735: add_remote_forward(&options, &fwd);
1.18 ! markus 736: fctx = xcalloc(1, sizeof(*fctx));
! 737: fctx->cid = c->self;
! 738: fctx->rid = rid;
! 739: fctx->fid = options.num_remote_forwards-1;
! 740: client_register_global_confirm(mux_confirm_remote_forward,
! 741: fctx);
1.10 djm 742: freefwd = 0;
1.18 ! markus 743: c->mux_pause = 1; /* wait for mux_confirm_remote_forward */
! 744: /* delayed reply in mux_confirm_remote_forward */
! 745: goto out;
1.10 djm 746: }
747: buffer_put_int(r, MUX_S_OK);
748: buffer_put_int(r, rid);
749: out:
750: if (fwd_desc != NULL)
751: xfree(fwd_desc);
752: if (freefwd) {
753: if (fwd.listen_host != NULL)
754: xfree(fwd.listen_host);
755: if (fwd.connect_host != NULL)
756: xfree(fwd.connect_host);
757: }
758: return ret;
759: }
760:
761: static int
762: process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
763: {
764: Forward fwd;
765: char *fwd_desc = NULL;
766: u_int ftype;
767: int ret = 0;
768:
769: fwd.listen_host = fwd.connect_host = NULL;
770: if (buffer_get_int_ret(&ftype, m) != 0 ||
771: (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
772: buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
773: (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
774: buffer_get_int_ret(&fwd.connect_port, m) != 0) {
775: error("%s: malformed message", __func__);
776: ret = -1;
777: goto out;
778: }
779:
780: if (*fwd.listen_host == '\0') {
781: xfree(fwd.listen_host);
782: fwd.listen_host = NULL;
783: }
784: if (*fwd.connect_host == '\0') {
785: xfree(fwd.connect_host);
786: fwd.connect_host = NULL;
787: }
788:
789: debug2("%s: channel %d: request %s", __func__, c->self,
790: (fwd_desc = format_forward(ftype, &fwd)));
791:
792: /* XXX implement this */
793: buffer_put_int(r, MUX_S_FAILURE);
794: buffer_put_int(r, rid);
795: buffer_put_cstring(r, "unimplemented");
796:
797: out:
798: if (fwd_desc != NULL)
799: xfree(fwd_desc);
800: if (fwd.listen_host != NULL)
801: xfree(fwd.listen_host);
802: if (fwd.connect_host != NULL)
803: xfree(fwd.connect_host);
804:
805: return ret;
806: }
807:
808: static int
809: process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
810: {
811: Channel *nc;
812: char *reserved, *chost;
813: u_int cport, i, j;
814: int new_fd[2];
815:
1.11 djm 816: chost = reserved = NULL;
1.10 djm 817: if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
818: (chost = buffer_get_string_ret(m, NULL)) == NULL ||
819: buffer_get_int_ret(&cport, m) != 0) {
1.11 djm 820: if (reserved != NULL)
821: xfree(reserved);
1.10 djm 822: if (chost != NULL)
823: xfree(chost);
824: error("%s: malformed message", __func__);
825: return -1;
826: }
827: xfree(reserved);
828:
829: debug2("%s: channel %d: request stdio fwd to %s:%u",
830: __func__, c->self, chost, cport);
831:
832: /* Gather fds from client */
833: for(i = 0; i < 2; i++) {
834: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
835: error("%s: failed to receive fd %d from slave",
836: __func__, i);
837: for (j = 0; j < i; j++)
838: close(new_fd[j]);
839: xfree(chost);
840:
841: /* prepare reply */
842: buffer_put_int(r, MUX_S_FAILURE);
843: buffer_put_int(r, rid);
844: buffer_put_cstring(r,
845: "did not receive file descriptors");
846: return -1;
847: }
848: }
849:
850: debug3("%s: got fds stdin %d, stdout %d", __func__,
851: new_fd[0], new_fd[1]);
852:
853: /* XXX support multiple child sessions in future */
854: if (c->remote_id != -1) {
855: debug2("%s: session already open", __func__);
856: /* prepare reply */
857: buffer_put_int(r, MUX_S_FAILURE);
858: buffer_put_int(r, rid);
859: buffer_put_cstring(r, "Multiple sessions not supported");
860: cleanup:
861: close(new_fd[0]);
862: close(new_fd[1]);
863: xfree(chost);
864: return 0;
865: }
866:
867: if (options.control_master == SSHCTL_MASTER_ASK ||
868: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
869: if (!ask_permission("Allow forward to to %s:%u? ",
870: chost, cport)) {
871: debug2("%s: stdio fwd refused by user", __func__);
872: /* prepare reply */
873: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
874: buffer_put_int(r, rid);
875: buffer_put_cstring(r, "Permission denied");
876: goto cleanup;
877: }
878: }
879:
880: /* enable nonblocking unless tty */
881: if (!isatty(new_fd[0]))
882: set_nonblock(new_fd[0]);
883: if (!isatty(new_fd[1]))
884: set_nonblock(new_fd[1]);
885:
886: nc = channel_connect_stdio_fwd(chost, cport, new_fd[0], new_fd[1]);
887:
888: nc->ctl_chan = c->self; /* link session -> control channel */
889: c->remote_id = nc->self; /* link control -> session channel */
890:
891: debug2("%s: channel_new: %d linked to control channel %d",
892: __func__, nc->self, nc->ctl_chan);
893:
1.16 djm 894: channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
1.10 djm 895:
896: /* prepare reply */
897: /* XXX defer until channel confirmed */
898: buffer_put_int(r, MUX_S_SESSION_OPENED);
899: buffer_put_int(r, rid);
900: buffer_put_int(r, nc->self);
901:
902: return 0;
903: }
904:
905: /* Channel callbacks fired on read/write from mux slave fd */
906: static int
907: mux_master_read_cb(Channel *c)
908: {
909: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
910: Buffer in, out;
911: void *ptr;
912: u_int type, rid, have, i;
913: int ret = -1;
914:
915: /* Setup ctx and */
916: if (c->mux_ctx == NULL) {
917: state = xcalloc(1, sizeof(state));
918: c->mux_ctx = state;
919: channel_register_cleanup(c->self,
920: mux_master_control_cleanup_cb, 0);
921:
922: /* Send hello */
923: buffer_init(&out);
924: buffer_put_int(&out, MUX_MSG_HELLO);
925: buffer_put_int(&out, SSHMUX_VER);
926: /* no extensions */
927: buffer_put_string(&c->output, buffer_ptr(&out),
928: buffer_len(&out));
929: buffer_free(&out);
930: debug3("%s: channel %d: hello sent", __func__, c->self);
931: return 0;
932: }
933:
934: buffer_init(&in);
935: buffer_init(&out);
936:
937: /* Channel code ensures that we receive whole packets */
938: if ((ptr = buffer_get_string_ptr_ret(&c->input, &have)) == NULL) {
939: malf:
940: error("%s: malformed message", __func__);
941: goto out;
942: }
943: buffer_append(&in, ptr, have);
944:
945: if (buffer_get_int_ret(&type, &in) != 0)
946: goto malf;
947: debug3("%s: channel %d packet type 0x%08x len %u",
948: __func__, c->self, type, buffer_len(&in));
949:
950: if (type == MUX_MSG_HELLO)
951: rid = 0;
952: else {
953: if (!state->hello_rcvd) {
954: error("%s: expected MUX_MSG_HELLO(0x%08x), "
955: "received 0x%08x", __func__, MUX_MSG_HELLO, type);
956: goto out;
1.1 djm 957: }
1.10 djm 958: if (buffer_get_int_ret(&rid, &in) != 0)
959: goto malf;
960: }
961:
962: for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
963: if (type == mux_master_handlers[i].type) {
964: ret = mux_master_handlers[i].handler(rid, c, &in, &out);
965: break;
1.1 djm 966: }
1.10 djm 967: }
968: if (mux_master_handlers[i].handler == NULL) {
969: error("%s: unsupported mux message 0x%08x", __func__, type);
970: buffer_put_int(&out, MUX_S_FAILURE);
971: buffer_put_int(&out, rid);
972: buffer_put_cstring(&out, "unsupported request");
973: ret = 0;
974: }
975: /* Enqueue reply packet */
976: if (buffer_len(&out) != 0) {
977: buffer_put_string(&c->output, buffer_ptr(&out),
978: buffer_len(&out));
979: }
980: out:
981: buffer_free(&in);
982: buffer_free(&out);
983: return ret;
984: }
985:
986: void
987: mux_exit_message(Channel *c, int exitval)
988: {
989: Buffer m;
990: Channel *mux_chan;
991:
992: debug3("%s: channel %d: exit message, evitval %d", __func__, c->self,
993: exitval);
994:
995: if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
996: fatal("%s: channel %d missing mux channel %d",
997: __func__, c->self, c->ctl_chan);
998:
999: /* Append exit message packet to control socket output queue */
1000: buffer_init(&m);
1001: buffer_put_int(&m, MUX_S_EXIT_MESSAGE);
1002: buffer_put_int(&m, c->self);
1003: buffer_put_int(&m, exitval);
1004:
1005: buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
1006: buffer_free(&m);
1007: }
1008:
1009: /* Prepare a mux master to listen on a Unix domain socket. */
1010: void
1011: muxserver_listen(void)
1012: {
1013: struct sockaddr_un addr;
1014: mode_t old_umask;
1015:
1016: if (options.control_path == NULL ||
1017: options.control_master == SSHCTL_MASTER_NO)
1.1 djm 1018: return;
1.10 djm 1019:
1020: debug("setting up multiplex master socket");
1021:
1022: memset(&addr, '\0', sizeof(addr));
1023: addr.sun_family = AF_UNIX;
1024: addr.sun_len = offsetof(struct sockaddr_un, sun_path) +
1025: strlen(options.control_path) + 1;
1026:
1027: if (strlcpy(addr.sun_path, options.control_path,
1028: sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1029: fatal("ControlPath too long");
1030:
1031: if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1032: fatal("%s socket(): %s", __func__, strerror(errno));
1033:
1034: old_umask = umask(0177);
1035: if (bind(muxserver_sock, (struct sockaddr *)&addr, addr.sun_len) == -1) {
1036: muxserver_sock = -1;
1037: if (errno == EINVAL || errno == EADDRINUSE) {
1038: error("ControlSocket %s already exists, "
1039: "disabling multiplexing", options.control_path);
1040: close(muxserver_sock);
1041: muxserver_sock = -1;
1042: xfree(options.control_path);
1043: options.control_path = NULL;
1044: options.control_master = SSHCTL_MASTER_NO;
1045: return;
1046: } else
1047: fatal("%s bind(): %s", __func__, strerror(errno));
1048: }
1049: umask(old_umask);
1050:
1051: if (listen(muxserver_sock, 64) == -1)
1052: fatal("%s listen(): %s", __func__, strerror(errno));
1053:
1054: set_nonblock(muxserver_sock);
1055:
1056: mux_listener_channel = channel_new("mux listener",
1057: SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
1058: CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1059: 0, addr.sun_path, 1);
1060: mux_listener_channel->mux_rcb = mux_master_read_cb;
1061: debug3("%s: mux listener channel %d fd %d", __func__,
1062: mux_listener_channel->self, mux_listener_channel->sock);
1063: }
1064:
1065: /* Callback on open confirmation in mux master for a mux client session. */
1066: static void
1.17 djm 1067: mux_session_confirm(int id, int success, void *arg)
1.10 djm 1068: {
1069: struct mux_session_confirm_ctx *cctx = arg;
1070: const char *display;
1.17 djm 1071: Channel *c, *cc;
1.10 djm 1072: int i;
1.17 djm 1073: Buffer reply;
1.10 djm 1074:
1075: if (cctx == NULL)
1076: fatal("%s: cctx == NULL", __func__);
1077: if ((c = channel_by_id(id)) == NULL)
1078: fatal("%s: no channel for id %d", __func__, id);
1.17 djm 1079: if ((cc = channel_by_id(c->ctl_chan)) == NULL)
1080: fatal("%s: channel %d lacks control channel %d", __func__,
1081: id, c->ctl_chan);
1082:
1083: if (!success) {
1084: debug3("%s: sending failure reply", __func__);
1085: /* prepare reply */
1086: buffer_init(&reply);
1087: buffer_put_int(&reply, MUX_S_FAILURE);
1088: buffer_put_int(&reply, cctx->rid);
1089: buffer_put_cstring(&reply, "Session open refused by peer");
1090: goto done;
1091: }
1.10 djm 1092:
1093: display = getenv("DISPLAY");
1094: if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1095: char *proto, *data;
1096: /* Get reasonable local authentication information. */
1097: client_x11_get_proto(display, options.xauth_location,
1098: options.forward_x11_trusted, &proto, &data);
1099: /* Request forwarding with authentication spoofing. */
1100: debug("Requesting X11 forwarding with authentication spoofing.");
1101: x11_request_forwarding_with_spoofing(id, display, proto, data);
1102: /* XXX wait for reply */
1103: }
1104:
1105: if (cctx->want_agent_fwd && options.forward_agent) {
1106: debug("Requesting authentication agent forwarding.");
1107: channel_request_start(id, "auth-agent-req@openssh.com", 0);
1108: packet_send();
1109: }
1110:
1111: client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
1112: cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env);
1113:
1.17 djm 1114: debug3("%s: sending success reply", __func__);
1115: /* prepare reply */
1116: buffer_init(&reply);
1117: buffer_put_int(&reply, MUX_S_SESSION_OPENED);
1118: buffer_put_int(&reply, cctx->rid);
1119: buffer_put_int(&reply, c->self);
1120:
1121: done:
1122: /* Send reply */
1123: buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply));
1124: buffer_free(&reply);
1125:
1126: if (cc->mux_pause <= 0)
1127: fatal("%s: mux_pause %d", __func__, cc->mux_pause);
1128: cc->mux_pause = 0; /* start processing messages again */
1.10 djm 1129: c->open_confirm_ctx = NULL;
1130: buffer_free(&cctx->cmd);
1131: xfree(cctx->term);
1132: if (cctx->env != NULL) {
1133: for (i = 0; cctx->env[i] != NULL; i++)
1134: xfree(cctx->env[i]);
1135: xfree(cctx->env);
1.1 djm 1136: }
1.10 djm 1137: xfree(cctx);
1138: }
1139:
1140: /* ** Multiplexing client support */
1141:
1142: /* Exit signal handler */
1143: static void
1144: control_client_sighandler(int signo)
1145: {
1146: muxclient_terminate = signo;
1147: }
1148:
1149: /*
1150: * Relay signal handler - used to pass some signals from mux client to
1151: * mux master.
1152: */
1153: static void
1154: control_client_sigrelay(int signo)
1155: {
1156: int save_errno = errno;
1157:
1158: if (muxserver_pid > 1)
1159: kill(muxserver_pid, signo);
1160:
1161: errno = save_errno;
1162: }
1.1 djm 1163:
1.10 djm 1164: static int
1165: mux_client_read(int fd, Buffer *b, u_int need)
1166: {
1167: u_int have;
1168: ssize_t len;
1169: u_char *p;
1170: struct pollfd pfd;
1171:
1172: pfd.fd = fd;
1173: pfd.events = POLLIN;
1174: p = buffer_append_space(b, need);
1175: for (have = 0; have < need; ) {
1176: if (muxclient_terminate) {
1177: errno = EINTR;
1178: return -1;
1179: }
1180: len = read(fd, p + have, need - have);
1181: if (len < 0) {
1182: switch (errno) {
1183: case EAGAIN:
1184: (void)poll(&pfd, 1, -1);
1185: /* FALLTHROUGH */
1186: case EINTR:
1187: continue;
1188: default:
1189: return -1;
1190: }
1191: }
1192: if (len == 0) {
1193: errno = EPIPE;
1194: return -1;
1195: }
1196: have += (u_int)len;
1.1 djm 1197: }
1.10 djm 1198: return 0;
1199: }
1.1 djm 1200:
1.10 djm 1201: static int
1202: mux_client_write_packet(int fd, Buffer *m)
1203: {
1204: Buffer queue;
1205: u_int have, need;
1206: int oerrno, len;
1207: u_char *ptr;
1208: struct pollfd pfd;
1209:
1210: pfd.fd = fd;
1211: pfd.events = POLLOUT;
1212: buffer_init(&queue);
1213: buffer_put_string(&queue, buffer_ptr(m), buffer_len(m));
1214:
1215: need = buffer_len(&queue);
1216: ptr = buffer_ptr(&queue);
1217:
1218: for (have = 0; have < need; ) {
1219: if (muxclient_terminate) {
1220: buffer_free(&queue);
1221: errno = EINTR;
1222: return -1;
1223: }
1224: len = write(fd, ptr + have, need - have);
1225: if (len < 0) {
1226: switch (errno) {
1227: case EAGAIN:
1228: (void)poll(&pfd, 1, -1);
1229: /* FALLTHROUGH */
1230: case EINTR:
1231: continue;
1232: default:
1233: oerrno = errno;
1234: buffer_free(&queue);
1235: errno = oerrno;
1236: return -1;
1237: }
1238: }
1239: if (len == 0) {
1240: buffer_free(&queue);
1241: errno = EPIPE;
1242: return -1;
1243: }
1244: have += (u_int)len;
1245: }
1246: buffer_free(&queue);
1247: return 0;
1248: }
1.1 djm 1249:
1.10 djm 1250: static int
1251: mux_client_read_packet(int fd, Buffer *m)
1252: {
1253: Buffer queue;
1254: u_int need, have;
1255: void *ptr;
1256: int oerrno;
1257:
1258: buffer_init(&queue);
1259: if (mux_client_read(fd, &queue, 4) != 0) {
1260: if ((oerrno = errno) == EPIPE)
1261: debug3("%s: read header failed: %s", __func__, strerror(errno));
1262: errno = oerrno;
1263: return -1;
1264: }
1265: need = get_u32(buffer_ptr(&queue));
1266: if (mux_client_read(fd, &queue, need) != 0) {
1267: oerrno = errno;
1268: debug3("%s: read body failed: %s", __func__, strerror(errno));
1269: errno = oerrno;
1270: return -1;
1271: }
1272: ptr = buffer_get_string_ptr(&queue, &have);
1273: buffer_append(m, ptr, have);
1274: buffer_free(&queue);
1275: return 0;
1276: }
1.1 djm 1277:
1.10 djm 1278: static int
1279: mux_client_hello_exchange(int fd)
1280: {
1281: Buffer m;
1282: u_int type, ver;
1.1 djm 1283:
1284: buffer_init(&m);
1.10 djm 1285: buffer_put_int(&m, MUX_MSG_HELLO);
1286: buffer_put_int(&m, SSHMUX_VER);
1287: /* no extensions */
1288:
1289: if (mux_client_write_packet(fd, &m) != 0)
1290: fatal("%s: write packet: %s", __func__, strerror(errno));
1.1 djm 1291:
1.10 djm 1292: buffer_clear(&m);
1293:
1294: /* Read their HELLO */
1295: if (mux_client_read_packet(fd, &m) != 0) {
1.5 djm 1296: buffer_free(&m);
1.10 djm 1297: return -1;
1298: }
1299:
1300: type = buffer_get_int(&m);
1301: if (type != MUX_MSG_HELLO)
1302: fatal("%s: expected HELLO (%u) received %u",
1303: __func__, MUX_MSG_HELLO, type);
1304: ver = buffer_get_int(&m);
1305: if (ver != SSHMUX_VER)
1306: fatal("Unsupported multiplexing protocol version %d "
1307: "(expected %d)", ver, SSHMUX_VER);
1308: debug2("%s: master version %u", __func__, ver);
1309: /* No extensions are presently defined */
1310: while (buffer_len(&m) > 0) {
1311: char *name = buffer_get_string(&m, NULL);
1312: char *value = buffer_get_string(&m, NULL);
1313:
1314: debug2("Unrecognised master extension \"%s\"", name);
1315: xfree(name);
1316: xfree(value);
1.5 djm 1317: }
1.10 djm 1318: buffer_free(&m);
1319: return 0;
1320: }
1321:
1322: static u_int
1323: mux_client_request_alive(int fd)
1324: {
1325: Buffer m;
1326: char *e;
1327: u_int pid, type, rid;
1328:
1329: debug3("%s: entering", __func__);
1330:
1331: buffer_init(&m);
1332: buffer_put_int(&m, MUX_C_ALIVE_CHECK);
1333: buffer_put_int(&m, muxclient_request_id);
1334:
1335: if (mux_client_write_packet(fd, &m) != 0)
1336: fatal("%s: write packet: %s", __func__, strerror(errno));
1337:
1.1 djm 1338: buffer_clear(&m);
1339:
1.10 djm 1340: /* Read their reply */
1341: if (mux_client_read_packet(fd, &m) != 0) {
1342: buffer_free(&m);
1343: return 0;
1344: }
1345:
1346: type = buffer_get_int(&m);
1347: if (type != MUX_S_ALIVE) {
1348: e = buffer_get_string(&m, NULL);
1349: fatal("%s: master returned error: %s", __func__, e);
1.5 djm 1350: }
1.10 djm 1351:
1352: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1353: fatal("%s: out of sequence reply: my id %u theirs %u",
1354: __func__, muxclient_request_id, rid);
1355: pid = buffer_get_int(&m);
1356: buffer_free(&m);
1357:
1358: debug3("%s: done pid = %u", __func__, pid);
1359:
1360: muxclient_request_id++;
1361:
1362: return pid;
1363: }
1364:
1365: static void
1366: mux_client_request_terminate(int fd)
1367: {
1368: Buffer m;
1369: char *e;
1370: u_int type, rid;
1371:
1372: debug3("%s: entering", __func__);
1373:
1374: buffer_init(&m);
1375: buffer_put_int(&m, MUX_C_TERMINATE);
1376: buffer_put_int(&m, muxclient_request_id);
1377:
1378: if (mux_client_write_packet(fd, &m) != 0)
1379: fatal("%s: write packet: %s", __func__, strerror(errno));
1.1 djm 1380:
1381: buffer_clear(&m);
1382:
1.10 djm 1383: /* Read their reply */
1384: if (mux_client_read_packet(fd, &m) != 0) {
1385: /* Remote end exited already */
1386: if (errno == EPIPE) {
1387: buffer_free(&m);
1388: return;
1.2 djm 1389: }
1.10 djm 1390: fatal("%s: read from master failed: %s",
1391: __func__, strerror(errno));
1392: }
1393:
1394: type = buffer_get_int(&m);
1395: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1396: fatal("%s: out of sequence reply: my id %u theirs %u",
1397: __func__, muxclient_request_id, rid);
1398: switch (type) {
1399: case MUX_S_OK:
1400: break;
1401: case MUX_S_PERMISSION_DENIED:
1402: e = buffer_get_string(&m, NULL);
1403: fatal("Master refused termination request: %s", e);
1404: case MUX_S_FAILURE:
1405: e = buffer_get_string(&m, NULL);
1406: fatal("%s: termination request failed: %s", __func__, e);
1407: default:
1408: fatal("%s: unexpected response from master 0x%08x",
1409: __func__, type);
1410: }
1411: buffer_free(&m);
1412: muxclient_request_id++;
1413: }
1414:
1415: static int
1416: mux_client_request_forward(int fd, u_int ftype, Forward *fwd)
1417: {
1418: Buffer m;
1419: char *e, *fwd_desc;
1420: u_int type, rid;
1421:
1422: fwd_desc = format_forward(ftype, fwd);
1423: debug("Requesting %s", fwd_desc);
1424: xfree(fwd_desc);
1425:
1426: buffer_init(&m);
1427: buffer_put_int(&m, MUX_C_OPEN_FWD);
1428: buffer_put_int(&m, muxclient_request_id);
1429: buffer_put_int(&m, ftype);
1430: buffer_put_cstring(&m,
1431: fwd->listen_host == NULL ? "" : fwd->listen_host);
1432: buffer_put_int(&m, fwd->listen_port);
1433: buffer_put_cstring(&m,
1434: fwd->connect_host == NULL ? "" : fwd->connect_host);
1435: buffer_put_int(&m, fwd->connect_port);
1436:
1437: if (mux_client_write_packet(fd, &m) != 0)
1438: fatal("%s: write packet: %s", __func__, strerror(errno));
1439:
1440: buffer_clear(&m);
1441:
1442: /* Read their reply */
1443: if (mux_client_read_packet(fd, &m) != 0) {
1444: buffer_free(&m);
1445: return -1;
1446: }
1447:
1448: type = buffer_get_int(&m);
1449: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1450: fatal("%s: out of sequence reply: my id %u theirs %u",
1451: __func__, muxclient_request_id, rid);
1452: switch (type) {
1453: case MUX_S_OK:
1.1 djm 1454: break;
1.18 ! markus 1455: case MUX_S_REMOTE_PORT:
! 1456: fwd->allocated_port = buffer_get_int(&m);
! 1457: logit("Allocated port %u for remote forward to %s:%d",
! 1458: fwd->allocated_port,
! 1459: fwd->connect_host ? fwd->connect_host : "",
! 1460: fwd->connect_port);
! 1461: if (muxclient_command == SSHMUX_COMMAND_FORWARD)
! 1462: fprintf(stdout, "%u\n", fwd->allocated_port);
! 1463: break;
1.10 djm 1464: case MUX_S_PERMISSION_DENIED:
1465: e = buffer_get_string(&m, NULL);
1466: buffer_free(&m);
1467: error("Master refused forwarding request: %s", e);
1468: return -1;
1469: case MUX_S_FAILURE:
1470: e = buffer_get_string(&m, NULL);
1471: buffer_free(&m);
1472: error("%s: session request failed: %s", __func__, e);
1473: return -1;
1.1 djm 1474: default:
1.10 djm 1475: fatal("%s: unexpected response from master 0x%08x",
1476: __func__, type);
1477: }
1478: buffer_free(&m);
1479:
1480: muxclient_request_id++;
1481: return 0;
1482: }
1483:
1484: static int
1485: mux_client_request_forwards(int fd)
1486: {
1487: int i;
1488:
1489: debug3("%s: requesting forwardings: %d local, %d remote", __func__,
1490: options.num_local_forwards, options.num_remote_forwards);
1491:
1492: /* XXX ExitOnForwardingFailure */
1493: for (i = 0; i < options.num_local_forwards; i++) {
1494: if (mux_client_request_forward(fd,
1495: options.local_forwards[i].connect_port == 0 ?
1496: MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1497: options.local_forwards + i) != 0)
1498: return -1;
1499: }
1500: for (i = 0; i < options.num_remote_forwards; i++) {
1501: if (mux_client_request_forward(fd, MUX_FWD_REMOTE,
1502: options.remote_forwards + i) != 0)
1503: return -1;
1504: }
1505: return 0;
1506: }
1507:
1508: static int
1509: mux_client_request_session(int fd)
1510: {
1511: Buffer m;
1512: char *e, *term;
1513: u_int i, rid, sid, esid, exitval, type, exitval_seen;
1514: extern char **environ;
1515: int devnull;
1516:
1517: debug3("%s: entering", __func__);
1518:
1519: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1520: error("%s: master alive request failed", __func__);
1521: return -1;
1.1 djm 1522: }
1523:
1.10 djm 1524: signal(SIGPIPE, SIG_IGN);
1525:
1526: if (stdin_null_flag) {
1527: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1528: fatal("open(/dev/null): %s", strerror(errno));
1529: if (dup2(devnull, STDIN_FILENO) == -1)
1530: fatal("dup2: %s", strerror(errno));
1531: if (devnull > STDERR_FILENO)
1532: close(devnull);
1.5 djm 1533: }
1.1 djm 1534:
1.10 djm 1535: term = getenv("TERM");
1536:
1537: buffer_init(&m);
1538: buffer_put_int(&m, MUX_C_NEW_SESSION);
1539: buffer_put_int(&m, muxclient_request_id);
1540: buffer_put_cstring(&m, ""); /* reserved */
1541: buffer_put_int(&m, tty_flag);
1542: buffer_put_int(&m, options.forward_x11);
1543: buffer_put_int(&m, options.forward_agent);
1544: buffer_put_int(&m, subsystem_flag);
1545: buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ?
1546: 0xffffffff : (u_int)options.escape_char);
1547: buffer_put_cstring(&m, term == NULL ? "" : term);
1548: buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command));
1549:
1550: if (options.num_send_env > 0 && environ != NULL) {
1551: /* Pass environment */
1552: for (i = 0; environ[i] != NULL; i++) {
1553: if (env_permitted(environ[i])) {
1554: buffer_put_cstring(&m, environ[i]);
1555: }
1556: }
1.5 djm 1557: }
1558:
1.10 djm 1559: if (mux_client_write_packet(fd, &m) != 0)
1560: fatal("%s: write packet: %s", __func__, strerror(errno));
1561:
1562: /* Send the stdio file descriptors */
1563: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1564: mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1565: mm_send_fd(fd, STDERR_FILENO) == -1)
1566: fatal("%s: send fds failed", __func__);
1567:
1568: debug3("%s: session request sent", __func__);
1.1 djm 1569:
1.10 djm 1570: /* Read their reply */
1.1 djm 1571: buffer_clear(&m);
1.10 djm 1572: if (mux_client_read_packet(fd, &m) != 0) {
1573: error("%s: read from master failed: %s",
1574: __func__, strerror(errno));
1575: buffer_free(&m);
1576: return -1;
1577: }
1578:
1579: type = buffer_get_int(&m);
1580: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1581: fatal("%s: out of sequence reply: my id %u theirs %u",
1582: __func__, muxclient_request_id, rid);
1583: switch (type) {
1584: case MUX_S_SESSION_OPENED:
1585: sid = buffer_get_int(&m);
1586: debug("%s: master session id: %u", __func__, sid);
1587: break;
1588: case MUX_S_PERMISSION_DENIED:
1589: e = buffer_get_string(&m, NULL);
1590: buffer_free(&m);
1591: error("Master refused forwarding request: %s", e);
1592: return -1;
1593: case MUX_S_FAILURE:
1594: e = buffer_get_string(&m, NULL);
1595: buffer_free(&m);
1596: error("%s: forwarding request failed: %s", __func__, e);
1597: return -1;
1598: default:
1599: buffer_free(&m);
1600: error("%s: unexpected response from master 0x%08x",
1601: __func__, type);
1602: return -1;
1603: }
1604: muxclient_request_id++;
1.1 djm 1605:
1606: signal(SIGHUP, control_client_sighandler);
1607: signal(SIGINT, control_client_sighandler);
1608: signal(SIGTERM, control_client_sighandler);
1609: signal(SIGWINCH, control_client_sigrelay);
1610:
1611: if (tty_flag)
1.9 djm 1612: enter_raw_mode(force_tty_flag);
1.1 djm 1613:
1614: /*
1615: * Stick around until the controlee closes the client_fd.
1.10 djm 1616: * Before it does, it is expected to write an exit message.
1617: * This process must read the value and wait for the closure of
1618: * the client_fd; if this one closes early, the multiplex master will
1619: * terminate early too (possibly losing data).
1.1 djm 1620: */
1.10 djm 1621: for (exitval = 255, exitval_seen = 0;;) {
1622: buffer_clear(&m);
1623: if (mux_client_read_packet(fd, &m) != 0)
1.1 djm 1624: break;
1.10 djm 1625: type = buffer_get_int(&m);
1626: if (type != MUX_S_EXIT_MESSAGE) {
1627: e = buffer_get_string(&m, NULL);
1628: fatal("%s: master returned error: %s", __func__, e);
1.1 djm 1629: }
1.10 djm 1630: if ((esid = buffer_get_int(&m)) != sid)
1631: fatal("%s: exit on unknown session: my id %u theirs %u",
1632: __func__, sid, esid);
1633: debug("%s: master session id: %u", __func__, sid);
1634: if (exitval_seen)
1635: fatal("%s: exitval sent twice", __func__);
1636: exitval = buffer_get_int(&m);
1637: exitval_seen = 1;
1.1 djm 1638: }
1639:
1.10 djm 1640: close(fd);
1.9 djm 1641: leave_raw_mode(force_tty_flag);
1.10 djm 1642:
1.1 djm 1643: if (muxclient_terminate) {
1644: debug2("Exiting on signal %d", muxclient_terminate);
1.10 djm 1645: exitval = 255;
1646: } else if (!exitval_seen) {
1.1 djm 1647: debug2("Control master terminated unexpectedly");
1.10 djm 1648: exitval = 255;
1.1 djm 1649: } else
1.10 djm 1650: debug2("Received exit status from master %d", exitval);
1.1 djm 1651:
1652: if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
1653: fprintf(stderr, "Shared connection to %s closed.\r\n", host);
1654:
1.10 djm 1655: exit(exitval);
1656: }
1657:
1658: static int
1659: mux_client_request_stdio_fwd(int fd)
1660: {
1661: Buffer m;
1662: char *e;
1663: u_int type, rid, sid;
1664: int devnull;
1665:
1666: debug3("%s: entering", __func__);
1667:
1668: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1669: error("%s: master alive request failed", __func__);
1670: return -1;
1671: }
1672:
1673: signal(SIGPIPE, SIG_IGN);
1674:
1675: if (stdin_null_flag) {
1676: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1677: fatal("open(/dev/null): %s", strerror(errno));
1678: if (dup2(devnull, STDIN_FILENO) == -1)
1679: fatal("dup2: %s", strerror(errno));
1680: if (devnull > STDERR_FILENO)
1681: close(devnull);
1682: }
1683:
1684: buffer_init(&m);
1685: buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
1686: buffer_put_int(&m, muxclient_request_id);
1687: buffer_put_cstring(&m, ""); /* reserved */
1688: buffer_put_cstring(&m, stdio_forward_host);
1689: buffer_put_int(&m, stdio_forward_port);
1690:
1691: if (mux_client_write_packet(fd, &m) != 0)
1692: fatal("%s: write packet: %s", __func__, strerror(errno));
1693:
1694: /* Send the stdio file descriptors */
1695: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1696: mm_send_fd(fd, STDOUT_FILENO) == -1)
1697: fatal("%s: send fds failed", __func__);
1698:
1699: debug3("%s: stdio forward request sent", __func__);
1700:
1701: /* Read their reply */
1702: buffer_clear(&m);
1703:
1704: if (mux_client_read_packet(fd, &m) != 0) {
1705: error("%s: read from master failed: %s",
1706: __func__, strerror(errno));
1707: buffer_free(&m);
1708: return -1;
1709: }
1710:
1711: type = buffer_get_int(&m);
1712: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1713: fatal("%s: out of sequence reply: my id %u theirs %u",
1714: __func__, muxclient_request_id, rid);
1715: switch (type) {
1716: case MUX_S_SESSION_OPENED:
1717: sid = buffer_get_int(&m);
1718: debug("%s: master session id: %u", __func__, sid);
1719: break;
1720: case MUX_S_PERMISSION_DENIED:
1721: e = buffer_get_string(&m, NULL);
1722: buffer_free(&m);
1723: fatal("Master refused forwarding request: %s", e);
1724: case MUX_S_FAILURE:
1725: e = buffer_get_string(&m, NULL);
1726: buffer_free(&m);
1727: fatal("%s: stdio forwarding request failed: %s", __func__, e);
1728: default:
1729: buffer_free(&m);
1730: error("%s: unexpected response from master 0x%08x",
1731: __func__, type);
1732: return -1;
1733: }
1734: muxclient_request_id++;
1735:
1736: signal(SIGHUP, control_client_sighandler);
1737: signal(SIGINT, control_client_sighandler);
1738: signal(SIGTERM, control_client_sighandler);
1739: signal(SIGWINCH, control_client_sigrelay);
1740:
1741: /*
1742: * Stick around until the controlee closes the client_fd.
1743: */
1744: buffer_clear(&m);
1745: if (mux_client_read_packet(fd, &m) != 0) {
1746: if (errno == EPIPE ||
1747: (errno == EINTR && muxclient_terminate != 0))
1748: return 0;
1749: fatal("%s: mux_client_read_packet: %s",
1750: __func__, strerror(errno));
1751: }
1752: fatal("%s: master returned unexpected message %u", __func__, type);
1753: }
1754:
1755: /* Multiplex client main loop. */
1756: void
1757: muxclient(const char *path)
1758: {
1759: struct sockaddr_un addr;
1760: int sock;
1761: u_int pid;
1762:
1763: if (muxclient_command == 0) {
1764: if (stdio_forward_host != NULL)
1765: muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
1766: else
1767: muxclient_command = SSHMUX_COMMAND_OPEN;
1768: }
1769:
1770: switch (options.control_master) {
1771: case SSHCTL_MASTER_AUTO:
1772: case SSHCTL_MASTER_AUTO_ASK:
1773: debug("auto-mux: Trying existing master");
1774: /* FALLTHROUGH */
1775: case SSHCTL_MASTER_NO:
1776: break;
1777: default:
1778: return;
1779: }
1780:
1781: memset(&addr, '\0', sizeof(addr));
1782: addr.sun_family = AF_UNIX;
1783: addr.sun_len = offsetof(struct sockaddr_un, sun_path) +
1784: strlen(path) + 1;
1785:
1786: if (strlcpy(addr.sun_path, path,
1787: sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1788: fatal("ControlPath too long");
1789:
1790: if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1791: fatal("%s socket(): %s", __func__, strerror(errno));
1792:
1793: if (connect(sock, (struct sockaddr *)&addr, addr.sun_len) == -1) {
1794: switch (muxclient_command) {
1795: case SSHMUX_COMMAND_OPEN:
1796: case SSHMUX_COMMAND_STDIO_FWD:
1797: break;
1798: default:
1799: fatal("Control socket connect(%.100s): %s", path,
1800: strerror(errno));
1801: }
1802: if (errno == ENOENT)
1803: debug("Control socket \"%.100s\" does not exist", path);
1804: else {
1805: error("Control socket connect(%.100s): %s", path,
1806: strerror(errno));
1807: }
1808: close(sock);
1809: return;
1810: }
1811: set_nonblock(sock);
1812:
1813: if (mux_client_hello_exchange(sock) != 0) {
1814: error("%s: master hello exchange failed", __func__);
1815: close(sock);
1816: return;
1817: }
1818:
1819: switch (muxclient_command) {
1820: case SSHMUX_COMMAND_ALIVE_CHECK:
1821: if ((pid = mux_client_request_alive(sock)) == 0)
1822: fatal("%s: master alive check failed", __func__);
1823: fprintf(stderr, "Master running (pid=%d)\r\n", pid);
1824: exit(0);
1825: case SSHMUX_COMMAND_TERMINATE:
1826: mux_client_request_terminate(sock);
1827: fprintf(stderr, "Exit request sent.\r\n");
1.18 ! markus 1828: exit(0);
! 1829: case SSHMUX_COMMAND_FORWARD:
! 1830: if (mux_client_request_forwards(sock) != 0)
! 1831: fatal("%s: master forward request failed", __func__);
1.10 djm 1832: exit(0);
1833: case SSHMUX_COMMAND_OPEN:
1834: if (mux_client_request_forwards(sock) != 0) {
1835: error("%s: master forward request failed", __func__);
1836: return;
1837: }
1838: mux_client_request_session(sock);
1839: return;
1840: case SSHMUX_COMMAND_STDIO_FWD:
1841: mux_client_request_stdio_fwd(sock);
1842: exit(0);
1843: default:
1844: fatal("unrecognised muxclient_command %d", muxclient_command);
1845: }
1.1 djm 1846: }