Annotation of src/usr.bin/ssh/mux.c, Revision 1.20
1.20 ! djm 1: /* $OpenBSD: mux.c,v 1.19 2010/06/17 07:07:30 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: /* ssh session multiplexing support */
19:
1.2 djm 20: /*
21: * TODO:
1.10 djm 22: * - Better signalling from master to slave, especially passing of
1.2 djm 23: * error messages
1.10 djm 24: * - Better fall-back from mux slave error to new connection.
25: * - ExitOnForwardingFailure
26: * - Maybe extension mechanisms for multi-X11/multi-agent forwarding
27: * - Support ~^Z in mux slaves.
28: * - Inspect or control sessions in master.
29: * - If we ever support the "signal" channel request, send signals on
30: * sessions in master.
1.2 djm 31: */
32:
1.1 djm 33: #include <sys/types.h>
34: #include <sys/param.h>
35: #include <sys/queue.h>
36: #include <sys/stat.h>
37: #include <sys/socket.h>
38: #include <sys/un.h>
39:
40: #include <errno.h>
41: #include <fcntl.h>
1.10 djm 42: #include <poll.h>
1.1 djm 43: #include <signal.h>
44: #include <stdarg.h>
45: #include <stddef.h>
46: #include <stdlib.h>
47: #include <stdio.h>
48: #include <string.h>
49: #include <unistd.h>
50: #include <util.h>
51: #include <paths.h>
52:
1.10 djm 53: #include "atomicio.h"
1.1 djm 54: #include "xmalloc.h"
55: #include "log.h"
56: #include "ssh.h"
1.18 markus 57: #include "ssh2.h"
1.1 djm 58: #include "pathnames.h"
59: #include "misc.h"
60: #include "match.h"
61: #include "buffer.h"
62: #include "channels.h"
63: #include "msg.h"
64: #include "packet.h"
65: #include "monitor_fdpass.h"
66: #include "sshpty.h"
67: #include "key.h"
68: #include "readconf.h"
69: #include "clientloop.h"
70:
71: /* from ssh.c */
72: extern int tty_flag;
1.9 djm 73: extern int force_tty_flag;
1.1 djm 74: extern Options options;
75: extern int stdin_null_flag;
76: extern char *host;
1.8 dtucker 77: extern int subsystem_flag;
1.1 djm 78: extern Buffer command;
1.10 djm 79: extern volatile sig_atomic_t quit_pending;
80: extern char *stdio_forward_host;
81: extern int stdio_forward_port;
1.1 djm 82:
1.2 djm 83: /* Context for session open confirmation callback */
84: struct mux_session_confirm_ctx {
1.10 djm 85: u_int want_tty;
86: u_int want_subsys;
87: u_int want_x_fwd;
88: u_int want_agent_fwd;
1.2 djm 89: Buffer cmd;
90: char *term;
91: struct termios tio;
92: char **env;
1.17 djm 93: u_int rid;
1.2 djm 94: };
95:
1.18 markus 96: /* Context for global channel callback */
97: struct mux_channel_confirm_ctx {
98: u_int cid; /* channel id */
99: u_int rid; /* request id */
100: int fid; /* forward id */
101: };
102:
1.1 djm 103: /* fd to control socket */
104: int muxserver_sock = -1;
105:
1.10 djm 106: /* client request id */
107: u_int muxclient_request_id = 0;
108:
1.1 djm 109: /* Multiplexing control command */
110: u_int muxclient_command = 0;
111:
112: /* Set when signalled. */
113: static volatile sig_atomic_t muxclient_terminate = 0;
114:
115: /* PID of multiplex server */
116: static u_int muxserver_pid = 0;
117:
1.10 djm 118: static Channel *mux_listener_channel = NULL;
119:
120: struct mux_master_state {
121: int hello_rcvd;
122: };
1.1 djm 123:
1.10 djm 124: /* mux protocol messages */
125: #define MUX_MSG_HELLO 0x00000001
126: #define MUX_C_NEW_SESSION 0x10000002
127: #define MUX_C_ALIVE_CHECK 0x10000004
128: #define MUX_C_TERMINATE 0x10000005
129: #define MUX_C_OPEN_FWD 0x10000006
130: #define MUX_C_CLOSE_FWD 0x10000007
131: #define MUX_C_NEW_STDIO_FWD 0x10000008
132: #define MUX_S_OK 0x80000001
133: #define MUX_S_PERMISSION_DENIED 0x80000002
134: #define MUX_S_FAILURE 0x80000003
135: #define MUX_S_EXIT_MESSAGE 0x80000004
136: #define MUX_S_ALIVE 0x80000005
137: #define MUX_S_SESSION_OPENED 0x80000006
1.18 markus 138: #define MUX_S_REMOTE_PORT 0x80000007
1.10 djm 139:
140: /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
141: #define MUX_FWD_LOCAL 1
142: #define MUX_FWD_REMOTE 2
143: #define MUX_FWD_DYNAMIC 3
144:
1.17 djm 145: static void mux_session_confirm(int, int, void *);
1.10 djm 146:
147: static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *);
148: static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *);
149: static int process_mux_alive_check(u_int, Channel *, Buffer *, Buffer *);
150: static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *);
151: static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
152: static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
153: static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
154:
155: static const struct {
156: u_int type;
157: int (*handler)(u_int, Channel *, Buffer *, Buffer *);
158: } mux_master_handlers[] = {
159: { MUX_MSG_HELLO, process_mux_master_hello },
160: { MUX_C_NEW_SESSION, process_mux_new_session },
161: { MUX_C_ALIVE_CHECK, process_mux_alive_check },
162: { MUX_C_TERMINATE, process_mux_terminate },
163: { MUX_C_OPEN_FWD, process_mux_open_fwd },
164: { MUX_C_CLOSE_FWD, process_mux_close_fwd },
165: { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
166: { 0, NULL }
167: };
1.1 djm 168:
1.10 djm 169: /* Cleanup callback fired on closure of mux slave _session_ channel */
170: /* ARGSUSED */
171: static void
172: mux_master_session_cleanup_cb(int cid, void *unused)
1.1 djm 173: {
1.10 djm 174: Channel *cc, *c = channel_by_id(cid);
1.1 djm 175:
1.10 djm 176: debug3("%s: entering for channel %d", __func__, cid);
177: if (c == NULL)
178: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
179: if (c->ctl_chan != -1) {
180: if ((cc = channel_by_id(c->ctl_chan)) == NULL)
181: fatal("%s: channel %d missing control channel %d",
182: __func__, c->self, c->ctl_chan);
183: c->ctl_chan = -1;
184: cc->remote_id = -1;
185: chan_rcvd_oclose(cc);
1.1 djm 186: }
1.10 djm 187: channel_cancel_cleanup(c->self);
1.1 djm 188: }
189:
1.10 djm 190: /* Cleanup callback fired on closure of mux slave _control_ channel */
191: /* ARGSUSED */
1.1 djm 192: static void
1.10 djm 193: mux_master_control_cleanup_cb(int cid, void *unused)
1.1 djm 194: {
1.10 djm 195: Channel *sc, *c = channel_by_id(cid);
1.1 djm 196:
1.10 djm 197: debug3("%s: entering for channel %d", __func__, cid);
198: if (c == NULL)
199: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
200: if (c->remote_id != -1) {
201: if ((sc = channel_by_id(c->remote_id)) == NULL)
1.15 djm 202: fatal("%s: channel %d missing session channel %d",
1.10 djm 203: __func__, c->self, c->remote_id);
204: c->remote_id = -1;
205: sc->ctl_chan = -1;
1.12 djm 206: if (sc->type != SSH_CHANNEL_OPEN) {
207: debug2("%s: channel %d: not open", __func__, sc->self);
1.13 djm 208: chan_mark_dead(sc);
1.12 djm 209: } else {
1.14 djm 210: if (sc->istate == CHAN_INPUT_OPEN)
211: chan_read_failed(sc);
212: if (sc->ostate == CHAN_OUTPUT_OPEN)
213: chan_write_failed(sc);
1.12 djm 214: }
1.1 djm 215: }
1.10 djm 216: channel_cancel_cleanup(c->self);
1.1 djm 217: }
218:
1.10 djm 219: /* Check mux client environment variables before passing them to mux master. */
220: static int
221: env_permitted(char *env)
1.1 djm 222: {
1.10 djm 223: int i, ret;
224: char name[1024], *cp;
1.1 djm 225:
1.10 djm 226: if ((cp = strchr(env, '=')) == NULL || cp == env)
1.1 djm 227: return 0;
1.10 djm 228: ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
229: if (ret <= 0 || (size_t)ret >= sizeof(name)) {
230: error("env_permitted: name '%.100s...' too long", env);
1.1 djm 231: return 0;
232: }
233:
1.10 djm 234: for (i = 0; i < options.num_send_env; i++)
235: if (match_pattern(name, options.send_env[i]))
236: return 1;
1.1 djm 237:
1.10 djm 238: return 0;
239: }
1.1 djm 240:
1.10 djm 241: /* Mux master protocol message handlers */
1.1 djm 242:
1.10 djm 243: static int
244: process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
245: {
246: u_int ver;
247: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1.1 djm 248:
1.10 djm 249: if (state == NULL)
250: fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
251: if (state->hello_rcvd) {
252: error("%s: HELLO received twice", __func__);
253: return -1;
254: }
255: if (buffer_get_int_ret(&ver, m) != 0) {
256: malf:
257: error("%s: malformed message", __func__);
258: return -1;
259: }
260: if (ver != SSHMUX_VER) {
261: error("Unsupported multiplexing protocol version %d "
262: "(expected %d)", ver, SSHMUX_VER);
263: return -1;
264: }
265: debug2("%s: channel %d slave version %u", __func__, c->self, ver);
266:
267: /* No extensions are presently defined */
268: while (buffer_len(m) > 0) {
269: char *name = buffer_get_string_ret(m, NULL);
270: char *value = buffer_get_string_ret(m, NULL);
271:
272: if (name == NULL || value == NULL) {
273: if (name != NULL)
274: xfree(name);
275: goto malf;
1.1 djm 276: }
1.10 djm 277: debug2("Unrecognised slave extension \"%s\"", name);
278: xfree(name);
279: xfree(value);
1.1 djm 280: }
1.10 djm 281: state->hello_rcvd = 1;
282: return 0;
283: }
284:
285: static int
286: process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
287: {
288: Channel *nc;
289: struct mux_session_confirm_ctx *cctx;
290: char *reserved, *cmd, *cp;
291: u_int i, j, len, env_len, escape_char, window, packetmax;
292: int new_fd[3];
1.1 djm 293:
294: /* Reply for SSHMUX_COMMAND_OPEN */
1.10 djm 295: cctx = xcalloc(1, sizeof(*cctx));
296: cctx->term = NULL;
1.17 djm 297: cctx->rid = rid;
1.11 djm 298: cmd = reserved = NULL;
1.10 djm 299: if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
300: buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
301: buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
302: buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 ||
303: buffer_get_int_ret(&cctx->want_subsys, m) != 0 ||
304: buffer_get_int_ret(&escape_char, m) != 0 ||
305: (cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
306: (cmd = buffer_get_string_ret(m, &len)) == NULL) {
307: malf:
1.11 djm 308: if (cmd != NULL)
309: xfree(cmd);
310: if (reserved != NULL)
311: xfree(reserved);
1.10 djm 312: if (cctx->term != NULL)
313: xfree(cctx->term);
314: error("%s: malformed message", __func__);
315: return -1;
1.1 djm 316: }
1.10 djm 317: xfree(reserved);
1.11 djm 318: reserved = NULL;
1.1 djm 319:
1.10 djm 320: cctx->env = NULL;
321: env_len = 0;
322: while (buffer_len(m) > 0) {
323: #define MUX_MAX_ENV_VARS 4096
324: if ((cp = buffer_get_string_ret(m, &len)) == NULL) {
325: xfree(cmd);
326: goto malf;
327: }
328: if (!env_permitted(cp)) {
329: xfree(cp);
330: continue;
331: }
332: cctx->env = xrealloc(cctx->env, env_len + 2,
333: sizeof(*cctx->env));
334: cctx->env[env_len++] = cp;
335: cctx->env[env_len] = NULL;
336: if (env_len > MUX_MAX_ENV_VARS) {
337: error(">%d environment variables received, ignoring "
338: "additional", MUX_MAX_ENV_VARS);
339: break;
340: }
1.1 djm 341: }
342:
1.10 djm 343: debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
344: "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
345: cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
346: cctx->want_subsys, cctx->term, cmd, env_len);
1.1 djm 347:
348: buffer_init(&cctx->cmd);
349: buffer_append(&cctx->cmd, cmd, strlen(cmd));
350: xfree(cmd);
1.11 djm 351: cmd = NULL;
1.1 djm 352:
353: /* Gather fds from client */
354: for(i = 0; i < 3; i++) {
1.10 djm 355: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
1.1 djm 356: error("%s: failed to receive fd %d from slave",
357: __func__, i);
358: for (j = 0; j < i; j++)
359: close(new_fd[j]);
360: for (j = 0; j < env_len; j++)
361: xfree(cctx->env[j]);
362: if (env_len > 0)
363: xfree(cctx->env);
364: xfree(cctx->term);
365: buffer_free(&cctx->cmd);
366: xfree(cctx);
1.10 djm 367:
368: /* prepare reply */
369: buffer_put_int(r, MUX_S_FAILURE);
370: buffer_put_int(r, rid);
371: buffer_put_cstring(r,
372: "did not receive file descriptors");
373: return -1;
1.1 djm 374: }
375: }
376:
1.10 djm 377: debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
1.1 djm 378: new_fd[0], new_fd[1], new_fd[2]);
379:
1.10 djm 380: /* XXX support multiple child sessions in future */
381: if (c->remote_id != -1) {
382: debug2("%s: session already open", __func__);
383: /* prepare reply */
384: buffer_put_int(r, MUX_S_FAILURE);
385: buffer_put_int(r, rid);
386: buffer_put_cstring(r, "Multiple sessions not supported");
387: cleanup:
1.1 djm 388: close(new_fd[0]);
389: close(new_fd[1]);
390: close(new_fd[2]);
391: xfree(cctx->term);
392: if (env_len != 0) {
393: for (i = 0; i < env_len; i++)
394: xfree(cctx->env[i]);
395: xfree(cctx->env);
396: }
1.10 djm 397: buffer_free(&cctx->cmd);
1.1 djm 398: return 0;
399: }
1.10 djm 400:
401: if (options.control_master == SSHCTL_MASTER_ASK ||
402: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
403: if (!ask_permission("Allow shared connection to %s? ", host)) {
404: debug2("%s: session refused by user", __func__);
405: /* prepare reply */
406: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
407: buffer_put_int(r, rid);
408: buffer_put_cstring(r, "Permission denied");
409: goto cleanup;
410: }
411: }
412:
413: /* Try to pick up ttymodes from client before it goes raw */
414: if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
415: error("%s: tcgetattr: %s", __func__, strerror(errno));
1.1 djm 416:
417: /* enable nonblocking unless tty */
418: if (!isatty(new_fd[0]))
419: set_nonblock(new_fd[0]);
420: if (!isatty(new_fd[1]))
421: set_nonblock(new_fd[1]);
422: if (!isatty(new_fd[2]))
423: set_nonblock(new_fd[2]);
424:
425: window = CHAN_SES_WINDOW_DEFAULT;
426: packetmax = CHAN_SES_PACKET_DEFAULT;
427: if (cctx->want_tty) {
428: window >>= 1;
429: packetmax >>= 1;
430: }
1.10 djm 431:
432: nc = channel_new("session", SSH_CHANNEL_OPENING,
1.1 djm 433: new_fd[0], new_fd[1], new_fd[2], window, packetmax,
434: CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
435:
1.10 djm 436: nc->ctl_chan = c->self; /* link session -> control channel */
437: c->remote_id = nc->self; /* link control -> session channel */
438:
1.2 djm 439: if (cctx->want_tty && escape_char != 0xffffffff) {
1.10 djm 440: channel_register_filter(nc->self,
1.2 djm 441: client_simple_escape_filter, NULL,
1.4 djm 442: client_filter_cleanup,
1.2 djm 443: client_new_escape_filter_ctx((int)escape_char));
444: }
1.1 djm 445:
1.10 djm 446: debug2("%s: channel_new: %d linked to control channel %d",
447: __func__, nc->self, nc->ctl_chan);
448:
449: channel_send_open(nc->self);
450: channel_register_open_confirm(nc->self, mux_session_confirm, cctx);
1.17 djm 451: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1.16 djm 452: channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
1.10 djm 453:
1.17 djm 454: /* reply is deferred, sent by mux_session_confirm */
1.1 djm 455: return 0;
456: }
457:
1.10 djm 458: static int
459: process_mux_alive_check(u_int rid, Channel *c, Buffer *m, Buffer *r)
1.1 djm 460: {
1.10 djm 461: debug2("%s: channel %d: alive check", __func__, c->self);
1.1 djm 462:
1.10 djm 463: /* prepare reply */
464: buffer_put_int(r, MUX_S_ALIVE);
465: buffer_put_int(r, rid);
466: buffer_put_int(r, (u_int)getpid());
1.1 djm 467:
1.10 djm 468: return 0;
1.1 djm 469: }
470:
471: static int
1.10 djm 472: process_mux_terminate(u_int rid, Channel *c, Buffer *m, Buffer *r)
1.1 djm 473: {
1.10 djm 474: debug2("%s: channel %d: terminate request", __func__, c->self);
1.1 djm 475:
1.10 djm 476: if (options.control_master == SSHCTL_MASTER_ASK ||
477: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
478: if (!ask_permission("Terminate shared connection to %s? ",
479: host)) {
480: debug2("%s: termination refused by user", __func__);
481: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
482: buffer_put_int(r, rid);
483: buffer_put_cstring(r, "Permission denied");
484: return 0;
485: }
486: }
1.1 djm 487:
1.10 djm 488: quit_pending = 1;
489: buffer_put_int(r, MUX_S_OK);
490: buffer_put_int(r, rid);
491: /* XXX exit happens too soon - message never makes it to client */
492: return 0;
1.1 djm 493: }
494:
1.10 djm 495: static char *
496: format_forward(u_int ftype, Forward *fwd)
1.1 djm 497: {
1.10 djm 498: char *ret;
1.1 djm 499:
1.10 djm 500: switch (ftype) {
501: case MUX_FWD_LOCAL:
502: xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
503: (fwd->listen_host == NULL) ?
504: (options.gateway_ports ? "*" : "LOCALHOST") :
505: fwd->listen_host, fwd->listen_port,
506: fwd->connect_host, fwd->connect_port);
507: break;
508: case MUX_FWD_DYNAMIC:
509: xasprintf(&ret, "dynamic forward %.200s:%d -> *",
510: (fwd->listen_host == NULL) ?
511: (options.gateway_ports ? "*" : "LOCALHOST") :
512: fwd->listen_host, fwd->listen_port);
513: break;
514: case MUX_FWD_REMOTE:
515: xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
516: (fwd->listen_host == NULL) ?
517: "LOCALHOST" : fwd->listen_host,
518: fwd->listen_port,
519: fwd->connect_host, fwd->connect_port);
1.1 djm 520: break;
521: default:
1.10 djm 522: fatal("%s: unknown forward type %u", __func__, ftype);
1.1 djm 523: }
1.10 djm 524: return ret;
525: }
1.1 djm 526:
1.10 djm 527: static int
528: compare_host(const char *a, const char *b)
529: {
530: if (a == NULL && b == NULL)
531: return 1;
532: if (a == NULL || b == NULL)
533: return 0;
534: return strcmp(a, b) == 0;
535: }
1.1 djm 536:
1.10 djm 537: static int
538: compare_forward(Forward *a, Forward *b)
539: {
540: if (!compare_host(a->listen_host, b->listen_host))
541: return 0;
542: if (a->listen_port != b->listen_port)
543: return 0;
544: if (!compare_host(a->connect_host, b->connect_host))
545: return 0;
546: if (a->connect_port != b->connect_port)
547: return 0;
1.1 djm 548:
1.10 djm 549: return 1;
550: }
1.1 djm 551:
1.18 markus 552: static void
553: mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
554: {
555: struct mux_channel_confirm_ctx *fctx = ctxt;
556: char *failmsg = NULL;
557: Forward *rfwd;
558: Channel *c;
559: Buffer out;
560:
561: if ((c = channel_by_id(fctx->cid)) == NULL) {
562: /* no channel for reply */
563: error("%s: unknown channel", __func__);
564: return;
565: }
566: buffer_init(&out);
567: if (fctx->fid >= options.num_remote_forwards) {
568: xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
569: goto fail;
570: }
571: rfwd = &options.remote_forwards[fctx->fid];
572: debug("%s: %s for: listen %d, connect %s:%d", __func__,
573: type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
574: rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
575: if (type == SSH2_MSG_REQUEST_SUCCESS) {
576: if (rfwd->listen_port == 0) {
577: rfwd->allocated_port = packet_get_int();
578: logit("Allocated port %u for mux remote forward"
579: " to %s:%d", rfwd->allocated_port,
580: rfwd->connect_host, rfwd->connect_port);
581: buffer_put_int(&out, MUX_S_REMOTE_PORT);
582: buffer_put_int(&out, fctx->rid);
583: buffer_put_int(&out, rfwd->allocated_port);
584: } else {
585: buffer_put_int(&out, MUX_S_OK);
586: buffer_put_int(&out, fctx->rid);
587: }
588: goto out;
589: } else {
590: xasprintf(&failmsg, "remote port forwarding failed for "
591: "listen port %d", rfwd->listen_port);
592: }
593: fail:
594: error("%s: %s", __func__, failmsg);
595: buffer_put_int(&out, MUX_S_FAILURE);
596: buffer_put_int(&out, fctx->rid);
597: buffer_put_cstring(&out, failmsg);
598: xfree(failmsg);
599: out:
600: buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
601: buffer_free(&out);
602: if (c->mux_pause <= 0)
603: fatal("%s: mux_pause %d", __func__, c->mux_pause);
604: c->mux_pause = 0; /* start processing messages again */
605: }
606:
1.10 djm 607: static int
608: process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
609: {
610: Forward fwd;
611: char *fwd_desc = NULL;
612: u_int ftype;
613: int i, ret = 0, freefwd = 1;
614:
615: fwd.listen_host = fwd.connect_host = NULL;
616: if (buffer_get_int_ret(&ftype, m) != 0 ||
617: (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
618: buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
619: (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
620: buffer_get_int_ret(&fwd.connect_port, m) != 0) {
621: error("%s: malformed message", __func__);
622: ret = -1;
623: goto out;
624: }
625:
626: if (*fwd.listen_host == '\0') {
627: xfree(fwd.listen_host);
628: fwd.listen_host = NULL;
629: }
630: if (*fwd.connect_host == '\0') {
631: xfree(fwd.connect_host);
632: fwd.connect_host = NULL;
633: }
634:
635: debug2("%s: channel %d: request %s", __func__, c->self,
636: (fwd_desc = format_forward(ftype, &fwd)));
637:
638: if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
639: ftype != MUX_FWD_DYNAMIC) {
640: logit("%s: invalid forwarding type %u", __func__, ftype);
641: invalid:
1.18 markus 642: if (fwd.listen_host)
643: xfree(fwd.listen_host);
644: if (fwd.connect_host)
645: xfree(fwd.connect_host);
1.10 djm 646: buffer_put_int(r, MUX_S_FAILURE);
647: buffer_put_int(r, rid);
648: buffer_put_cstring(r, "Invalid forwarding request");
649: return 0;
650: }
1.18 markus 651: if (fwd.listen_port >= 65536) {
1.10 djm 652: logit("%s: invalid listen port %u", __func__,
653: fwd.listen_port);
654: goto invalid;
655: }
656: if (fwd.connect_port >= 65536 || (ftype != MUX_FWD_DYNAMIC &&
657: ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) {
658: logit("%s: invalid connect port %u", __func__,
659: fwd.connect_port);
660: goto invalid;
661: }
662: if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL) {
663: logit("%s: missing connect host", __func__);
664: goto invalid;
665: }
666:
667: /* Skip forwards that have already been requested */
668: switch (ftype) {
669: case MUX_FWD_LOCAL:
670: case MUX_FWD_DYNAMIC:
671: for (i = 0; i < options.num_local_forwards; i++) {
672: if (compare_forward(&fwd,
673: options.local_forwards + i)) {
674: exists:
675: debug2("%s: found existing forwarding",
676: __func__);
677: buffer_put_int(r, MUX_S_OK);
678: buffer_put_int(r, rid);
679: goto out;
680: }
681: }
682: break;
683: case MUX_FWD_REMOTE:
684: for (i = 0; i < options.num_remote_forwards; i++) {
685: if (compare_forward(&fwd,
1.18 markus 686: options.remote_forwards + i)) {
687: if (fwd.listen_port != 0)
688: goto exists;
689: debug2("%s: found allocated port",
690: __func__);
691: buffer_put_int(r, MUX_S_REMOTE_PORT);
692: buffer_put_int(r, rid);
693: buffer_put_int(r,
694: options.remote_forwards[i].allocated_port);
695: goto out;
696: }
1.10 djm 697: }
698: break;
699: }
700:
701: if (options.control_master == SSHCTL_MASTER_ASK ||
702: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
703: if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
704: debug2("%s: forwarding refused by user", __func__);
705: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
706: buffer_put_int(r, rid);
707: buffer_put_cstring(r, "Permission denied");
708: goto out;
709: }
710: }
711:
712: if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
1.20 ! djm 713: if (channel_setup_local_fwd_listener(fwd.listen_host,
1.10 djm 714: fwd.listen_port, fwd.connect_host, fwd.connect_port,
715: options.gateway_ports) < 0) {
716: fail:
717: logit("slave-requested %s failed", fwd_desc);
718: buffer_put_int(r, MUX_S_FAILURE);
719: buffer_put_int(r, rid);
720: buffer_put_cstring(r, "Port forwarding failed");
721: goto out;
722: }
723: add_local_forward(&options, &fwd);
724: freefwd = 0;
725: } else {
1.18 markus 726: struct mux_channel_confirm_ctx *fctx;
727:
1.20 ! djm 728: if (channel_request_remote_forwarding(fwd.listen_host,
1.10 djm 729: fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
730: goto fail;
731: add_remote_forward(&options, &fwd);
1.18 markus 732: fctx = xcalloc(1, sizeof(*fctx));
733: fctx->cid = c->self;
734: fctx->rid = rid;
1.20 ! djm 735: fctx->fid = options.num_remote_forwards - 1;
1.18 markus 736: client_register_global_confirm(mux_confirm_remote_forward,
737: fctx);
1.10 djm 738: freefwd = 0;
1.18 markus 739: c->mux_pause = 1; /* wait for mux_confirm_remote_forward */
740: /* delayed reply in mux_confirm_remote_forward */
741: goto out;
1.10 djm 742: }
743: buffer_put_int(r, MUX_S_OK);
744: buffer_put_int(r, rid);
745: out:
746: if (fwd_desc != NULL)
747: xfree(fwd_desc);
748: if (freefwd) {
749: if (fwd.listen_host != NULL)
750: xfree(fwd.listen_host);
751: if (fwd.connect_host != NULL)
752: xfree(fwd.connect_host);
753: }
754: return ret;
755: }
756:
757: static int
758: process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
759: {
760: Forward fwd;
761: char *fwd_desc = NULL;
762: u_int ftype;
763: int ret = 0;
764:
765: fwd.listen_host = fwd.connect_host = NULL;
766: if (buffer_get_int_ret(&ftype, m) != 0 ||
767: (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
768: buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
769: (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
770: buffer_get_int_ret(&fwd.connect_port, m) != 0) {
771: error("%s: malformed message", __func__);
772: ret = -1;
773: goto out;
774: }
775:
776: if (*fwd.listen_host == '\0') {
777: xfree(fwd.listen_host);
778: fwd.listen_host = NULL;
779: }
780: if (*fwd.connect_host == '\0') {
781: xfree(fwd.connect_host);
782: fwd.connect_host = NULL;
783: }
784:
785: debug2("%s: channel %d: request %s", __func__, c->self,
786: (fwd_desc = format_forward(ftype, &fwd)));
787:
788: /* XXX implement this */
789: buffer_put_int(r, MUX_S_FAILURE);
790: buffer_put_int(r, rid);
791: buffer_put_cstring(r, "unimplemented");
792:
793: out:
794: if (fwd_desc != NULL)
795: xfree(fwd_desc);
796: if (fwd.listen_host != NULL)
797: xfree(fwd.listen_host);
798: if (fwd.connect_host != NULL)
799: xfree(fwd.connect_host);
800:
801: return ret;
802: }
803:
804: static int
805: process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
806: {
807: Channel *nc;
808: char *reserved, *chost;
809: u_int cport, i, j;
810: int new_fd[2];
811:
1.11 djm 812: chost = reserved = NULL;
1.10 djm 813: if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
814: (chost = buffer_get_string_ret(m, NULL)) == NULL ||
815: buffer_get_int_ret(&cport, m) != 0) {
1.11 djm 816: if (reserved != NULL)
817: xfree(reserved);
1.10 djm 818: if (chost != NULL)
819: xfree(chost);
820: error("%s: malformed message", __func__);
821: return -1;
822: }
823: xfree(reserved);
824:
825: debug2("%s: channel %d: request stdio fwd to %s:%u",
826: __func__, c->self, chost, cport);
827:
828: /* Gather fds from client */
829: for(i = 0; i < 2; i++) {
830: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
831: error("%s: failed to receive fd %d from slave",
832: __func__, i);
833: for (j = 0; j < i; j++)
834: close(new_fd[j]);
835: xfree(chost);
836:
837: /* prepare reply */
838: buffer_put_int(r, MUX_S_FAILURE);
839: buffer_put_int(r, rid);
840: buffer_put_cstring(r,
841: "did not receive file descriptors");
842: return -1;
843: }
844: }
845:
846: debug3("%s: got fds stdin %d, stdout %d", __func__,
847: new_fd[0], new_fd[1]);
848:
849: /* XXX support multiple child sessions in future */
850: if (c->remote_id != -1) {
851: debug2("%s: session already open", __func__);
852: /* prepare reply */
853: buffer_put_int(r, MUX_S_FAILURE);
854: buffer_put_int(r, rid);
855: buffer_put_cstring(r, "Multiple sessions not supported");
856: cleanup:
857: close(new_fd[0]);
858: close(new_fd[1]);
859: xfree(chost);
860: return 0;
861: }
862:
863: if (options.control_master == SSHCTL_MASTER_ASK ||
864: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
865: if (!ask_permission("Allow forward to to %s:%u? ",
866: chost, cport)) {
867: debug2("%s: stdio fwd refused by user", __func__);
868: /* prepare reply */
869: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
870: buffer_put_int(r, rid);
871: buffer_put_cstring(r, "Permission denied");
872: goto cleanup;
873: }
874: }
875:
876: /* enable nonblocking unless tty */
877: if (!isatty(new_fd[0]))
878: set_nonblock(new_fd[0]);
879: if (!isatty(new_fd[1]))
880: set_nonblock(new_fd[1]);
881:
882: nc = channel_connect_stdio_fwd(chost, cport, new_fd[0], new_fd[1]);
883:
884: nc->ctl_chan = c->self; /* link session -> control channel */
885: c->remote_id = nc->self; /* link control -> session channel */
886:
887: debug2("%s: channel_new: %d linked to control channel %d",
888: __func__, nc->self, nc->ctl_chan);
889:
1.16 djm 890: channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
1.10 djm 891:
892: /* prepare reply */
893: /* XXX defer until channel confirmed */
894: buffer_put_int(r, MUX_S_SESSION_OPENED);
895: buffer_put_int(r, rid);
896: buffer_put_int(r, nc->self);
897:
898: return 0;
899: }
900:
901: /* Channel callbacks fired on read/write from mux slave fd */
902: static int
903: mux_master_read_cb(Channel *c)
904: {
905: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
906: Buffer in, out;
907: void *ptr;
908: u_int type, rid, have, i;
909: int ret = -1;
910:
911: /* Setup ctx and */
912: if (c->mux_ctx == NULL) {
1.19 djm 913: state = xcalloc(1, sizeof(*state));
1.10 djm 914: c->mux_ctx = state;
915: channel_register_cleanup(c->self,
916: mux_master_control_cleanup_cb, 0);
917:
918: /* Send hello */
919: buffer_init(&out);
920: buffer_put_int(&out, MUX_MSG_HELLO);
921: buffer_put_int(&out, SSHMUX_VER);
922: /* no extensions */
923: buffer_put_string(&c->output, buffer_ptr(&out),
924: buffer_len(&out));
925: buffer_free(&out);
926: debug3("%s: channel %d: hello sent", __func__, c->self);
927: return 0;
928: }
929:
930: buffer_init(&in);
931: buffer_init(&out);
932:
933: /* Channel code ensures that we receive whole packets */
934: if ((ptr = buffer_get_string_ptr_ret(&c->input, &have)) == NULL) {
935: malf:
936: error("%s: malformed message", __func__);
937: goto out;
938: }
939: buffer_append(&in, ptr, have);
940:
941: if (buffer_get_int_ret(&type, &in) != 0)
942: goto malf;
943: debug3("%s: channel %d packet type 0x%08x len %u",
944: __func__, c->self, type, buffer_len(&in));
945:
946: if (type == MUX_MSG_HELLO)
947: rid = 0;
948: else {
949: if (!state->hello_rcvd) {
950: error("%s: expected MUX_MSG_HELLO(0x%08x), "
951: "received 0x%08x", __func__, MUX_MSG_HELLO, type);
952: goto out;
1.1 djm 953: }
1.10 djm 954: if (buffer_get_int_ret(&rid, &in) != 0)
955: goto malf;
956: }
957:
958: for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
959: if (type == mux_master_handlers[i].type) {
960: ret = mux_master_handlers[i].handler(rid, c, &in, &out);
961: break;
1.1 djm 962: }
1.10 djm 963: }
964: if (mux_master_handlers[i].handler == NULL) {
965: error("%s: unsupported mux message 0x%08x", __func__, type);
966: buffer_put_int(&out, MUX_S_FAILURE);
967: buffer_put_int(&out, rid);
968: buffer_put_cstring(&out, "unsupported request");
969: ret = 0;
970: }
971: /* Enqueue reply packet */
972: if (buffer_len(&out) != 0) {
973: buffer_put_string(&c->output, buffer_ptr(&out),
974: buffer_len(&out));
975: }
976: out:
977: buffer_free(&in);
978: buffer_free(&out);
979: return ret;
980: }
981:
982: void
983: mux_exit_message(Channel *c, int exitval)
984: {
985: Buffer m;
986: Channel *mux_chan;
987:
988: debug3("%s: channel %d: exit message, evitval %d", __func__, c->self,
989: exitval);
990:
991: if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
992: fatal("%s: channel %d missing mux channel %d",
993: __func__, c->self, c->ctl_chan);
994:
995: /* Append exit message packet to control socket output queue */
996: buffer_init(&m);
997: buffer_put_int(&m, MUX_S_EXIT_MESSAGE);
998: buffer_put_int(&m, c->self);
999: buffer_put_int(&m, exitval);
1000:
1001: buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
1002: buffer_free(&m);
1003: }
1004:
1005: /* Prepare a mux master to listen on a Unix domain socket. */
1006: void
1007: muxserver_listen(void)
1008: {
1009: struct sockaddr_un addr;
1010: mode_t old_umask;
1011:
1012: if (options.control_path == NULL ||
1013: options.control_master == SSHCTL_MASTER_NO)
1.1 djm 1014: return;
1.10 djm 1015:
1016: debug("setting up multiplex master socket");
1017:
1018: memset(&addr, '\0', sizeof(addr));
1019: addr.sun_family = AF_UNIX;
1020: addr.sun_len = offsetof(struct sockaddr_un, sun_path) +
1021: strlen(options.control_path) + 1;
1022:
1023: if (strlcpy(addr.sun_path, options.control_path,
1024: sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1025: fatal("ControlPath too long");
1026:
1027: if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1028: fatal("%s socket(): %s", __func__, strerror(errno));
1029:
1030: old_umask = umask(0177);
1031: if (bind(muxserver_sock, (struct sockaddr *)&addr, addr.sun_len) == -1) {
1032: muxserver_sock = -1;
1033: if (errno == EINVAL || errno == EADDRINUSE) {
1034: error("ControlSocket %s already exists, "
1035: "disabling multiplexing", options.control_path);
1036: close(muxserver_sock);
1037: muxserver_sock = -1;
1038: xfree(options.control_path);
1039: options.control_path = NULL;
1040: options.control_master = SSHCTL_MASTER_NO;
1041: return;
1042: } else
1043: fatal("%s bind(): %s", __func__, strerror(errno));
1044: }
1045: umask(old_umask);
1046:
1047: if (listen(muxserver_sock, 64) == -1)
1048: fatal("%s listen(): %s", __func__, strerror(errno));
1049:
1050: set_nonblock(muxserver_sock);
1051:
1052: mux_listener_channel = channel_new("mux listener",
1053: SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
1054: CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1055: 0, addr.sun_path, 1);
1056: mux_listener_channel->mux_rcb = mux_master_read_cb;
1057: debug3("%s: mux listener channel %d fd %d", __func__,
1058: mux_listener_channel->self, mux_listener_channel->sock);
1059: }
1060:
1061: /* Callback on open confirmation in mux master for a mux client session. */
1062: static void
1.17 djm 1063: mux_session_confirm(int id, int success, void *arg)
1.10 djm 1064: {
1065: struct mux_session_confirm_ctx *cctx = arg;
1066: const char *display;
1.17 djm 1067: Channel *c, *cc;
1.10 djm 1068: int i;
1.17 djm 1069: Buffer reply;
1.10 djm 1070:
1071: if (cctx == NULL)
1072: fatal("%s: cctx == NULL", __func__);
1073: if ((c = channel_by_id(id)) == NULL)
1074: fatal("%s: no channel for id %d", __func__, id);
1.17 djm 1075: if ((cc = channel_by_id(c->ctl_chan)) == NULL)
1076: fatal("%s: channel %d lacks control channel %d", __func__,
1077: id, c->ctl_chan);
1078:
1079: if (!success) {
1080: debug3("%s: sending failure reply", __func__);
1081: /* prepare reply */
1082: buffer_init(&reply);
1083: buffer_put_int(&reply, MUX_S_FAILURE);
1084: buffer_put_int(&reply, cctx->rid);
1085: buffer_put_cstring(&reply, "Session open refused by peer");
1086: goto done;
1087: }
1.10 djm 1088:
1089: display = getenv("DISPLAY");
1090: if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1091: char *proto, *data;
1092: /* Get reasonable local authentication information. */
1093: client_x11_get_proto(display, options.xauth_location,
1094: options.forward_x11_trusted, &proto, &data);
1095: /* Request forwarding with authentication spoofing. */
1096: debug("Requesting X11 forwarding with authentication spoofing.");
1097: x11_request_forwarding_with_spoofing(id, display, proto, data);
1098: /* XXX wait for reply */
1099: }
1100:
1101: if (cctx->want_agent_fwd && options.forward_agent) {
1102: debug("Requesting authentication agent forwarding.");
1103: channel_request_start(id, "auth-agent-req@openssh.com", 0);
1104: packet_send();
1105: }
1106:
1107: client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
1108: cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env);
1109:
1.17 djm 1110: debug3("%s: sending success reply", __func__);
1111: /* prepare reply */
1112: buffer_init(&reply);
1113: buffer_put_int(&reply, MUX_S_SESSION_OPENED);
1114: buffer_put_int(&reply, cctx->rid);
1115: buffer_put_int(&reply, c->self);
1116:
1117: done:
1118: /* Send reply */
1119: buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply));
1120: buffer_free(&reply);
1121:
1122: if (cc->mux_pause <= 0)
1123: fatal("%s: mux_pause %d", __func__, cc->mux_pause);
1124: cc->mux_pause = 0; /* start processing messages again */
1.10 djm 1125: c->open_confirm_ctx = NULL;
1126: buffer_free(&cctx->cmd);
1127: xfree(cctx->term);
1128: if (cctx->env != NULL) {
1129: for (i = 0; cctx->env[i] != NULL; i++)
1130: xfree(cctx->env[i]);
1131: xfree(cctx->env);
1.1 djm 1132: }
1.10 djm 1133: xfree(cctx);
1134: }
1135:
1136: /* ** Multiplexing client support */
1137:
1138: /* Exit signal handler */
1139: static void
1140: control_client_sighandler(int signo)
1141: {
1142: muxclient_terminate = signo;
1143: }
1144:
1145: /*
1146: * Relay signal handler - used to pass some signals from mux client to
1147: * mux master.
1148: */
1149: static void
1150: control_client_sigrelay(int signo)
1151: {
1152: int save_errno = errno;
1153:
1154: if (muxserver_pid > 1)
1155: kill(muxserver_pid, signo);
1156:
1157: errno = save_errno;
1158: }
1.1 djm 1159:
1.10 djm 1160: static int
1161: mux_client_read(int fd, Buffer *b, u_int need)
1162: {
1163: u_int have;
1164: ssize_t len;
1165: u_char *p;
1166: struct pollfd pfd;
1167:
1168: pfd.fd = fd;
1169: pfd.events = POLLIN;
1170: p = buffer_append_space(b, need);
1171: for (have = 0; have < need; ) {
1172: if (muxclient_terminate) {
1173: errno = EINTR;
1174: return -1;
1175: }
1176: len = read(fd, p + have, need - have);
1177: if (len < 0) {
1178: switch (errno) {
1179: case EAGAIN:
1180: (void)poll(&pfd, 1, -1);
1181: /* FALLTHROUGH */
1182: case EINTR:
1183: continue;
1184: default:
1185: return -1;
1186: }
1187: }
1188: if (len == 0) {
1189: errno = EPIPE;
1190: return -1;
1191: }
1192: have += (u_int)len;
1.1 djm 1193: }
1.10 djm 1194: return 0;
1195: }
1.1 djm 1196:
1.10 djm 1197: static int
1198: mux_client_write_packet(int fd, Buffer *m)
1199: {
1200: Buffer queue;
1201: u_int have, need;
1202: int oerrno, len;
1203: u_char *ptr;
1204: struct pollfd pfd;
1205:
1206: pfd.fd = fd;
1207: pfd.events = POLLOUT;
1208: buffer_init(&queue);
1209: buffer_put_string(&queue, buffer_ptr(m), buffer_len(m));
1210:
1211: need = buffer_len(&queue);
1212: ptr = buffer_ptr(&queue);
1213:
1214: for (have = 0; have < need; ) {
1215: if (muxclient_terminate) {
1216: buffer_free(&queue);
1217: errno = EINTR;
1218: return -1;
1219: }
1220: len = write(fd, ptr + have, need - have);
1221: if (len < 0) {
1222: switch (errno) {
1223: case EAGAIN:
1224: (void)poll(&pfd, 1, -1);
1225: /* FALLTHROUGH */
1226: case EINTR:
1227: continue;
1228: default:
1229: oerrno = errno;
1230: buffer_free(&queue);
1231: errno = oerrno;
1232: return -1;
1233: }
1234: }
1235: if (len == 0) {
1236: buffer_free(&queue);
1237: errno = EPIPE;
1238: return -1;
1239: }
1240: have += (u_int)len;
1241: }
1242: buffer_free(&queue);
1243: return 0;
1244: }
1.1 djm 1245:
1.10 djm 1246: static int
1247: mux_client_read_packet(int fd, Buffer *m)
1248: {
1249: Buffer queue;
1250: u_int need, have;
1251: void *ptr;
1252: int oerrno;
1253:
1254: buffer_init(&queue);
1255: if (mux_client_read(fd, &queue, 4) != 0) {
1256: if ((oerrno = errno) == EPIPE)
1257: debug3("%s: read header failed: %s", __func__, strerror(errno));
1258: errno = oerrno;
1259: return -1;
1260: }
1261: need = get_u32(buffer_ptr(&queue));
1262: if (mux_client_read(fd, &queue, need) != 0) {
1263: oerrno = errno;
1264: debug3("%s: read body failed: %s", __func__, strerror(errno));
1265: errno = oerrno;
1266: return -1;
1267: }
1268: ptr = buffer_get_string_ptr(&queue, &have);
1269: buffer_append(m, ptr, have);
1270: buffer_free(&queue);
1271: return 0;
1272: }
1.1 djm 1273:
1.10 djm 1274: static int
1275: mux_client_hello_exchange(int fd)
1276: {
1277: Buffer m;
1278: u_int type, ver;
1.1 djm 1279:
1280: buffer_init(&m);
1.10 djm 1281: buffer_put_int(&m, MUX_MSG_HELLO);
1282: buffer_put_int(&m, SSHMUX_VER);
1283: /* no extensions */
1284:
1285: if (mux_client_write_packet(fd, &m) != 0)
1286: fatal("%s: write packet: %s", __func__, strerror(errno));
1.1 djm 1287:
1.10 djm 1288: buffer_clear(&m);
1289:
1290: /* Read their HELLO */
1291: if (mux_client_read_packet(fd, &m) != 0) {
1.5 djm 1292: buffer_free(&m);
1.10 djm 1293: return -1;
1294: }
1295:
1296: type = buffer_get_int(&m);
1297: if (type != MUX_MSG_HELLO)
1298: fatal("%s: expected HELLO (%u) received %u",
1299: __func__, MUX_MSG_HELLO, type);
1300: ver = buffer_get_int(&m);
1301: if (ver != SSHMUX_VER)
1302: fatal("Unsupported multiplexing protocol version %d "
1303: "(expected %d)", ver, SSHMUX_VER);
1304: debug2("%s: master version %u", __func__, ver);
1305: /* No extensions are presently defined */
1306: while (buffer_len(&m) > 0) {
1307: char *name = buffer_get_string(&m, NULL);
1308: char *value = buffer_get_string(&m, NULL);
1309:
1310: debug2("Unrecognised master extension \"%s\"", name);
1311: xfree(name);
1312: xfree(value);
1.5 djm 1313: }
1.10 djm 1314: buffer_free(&m);
1315: return 0;
1316: }
1317:
1318: static u_int
1319: mux_client_request_alive(int fd)
1320: {
1321: Buffer m;
1322: char *e;
1323: u_int pid, type, rid;
1324:
1325: debug3("%s: entering", __func__);
1326:
1327: buffer_init(&m);
1328: buffer_put_int(&m, MUX_C_ALIVE_CHECK);
1329: buffer_put_int(&m, muxclient_request_id);
1330:
1331: if (mux_client_write_packet(fd, &m) != 0)
1332: fatal("%s: write packet: %s", __func__, strerror(errno));
1333:
1.1 djm 1334: buffer_clear(&m);
1335:
1.10 djm 1336: /* Read their reply */
1337: if (mux_client_read_packet(fd, &m) != 0) {
1338: buffer_free(&m);
1339: return 0;
1340: }
1341:
1342: type = buffer_get_int(&m);
1343: if (type != MUX_S_ALIVE) {
1344: e = buffer_get_string(&m, NULL);
1345: fatal("%s: master returned error: %s", __func__, e);
1.5 djm 1346: }
1.10 djm 1347:
1348: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1349: fatal("%s: out of sequence reply: my id %u theirs %u",
1350: __func__, muxclient_request_id, rid);
1351: pid = buffer_get_int(&m);
1352: buffer_free(&m);
1353:
1354: debug3("%s: done pid = %u", __func__, pid);
1355:
1356: muxclient_request_id++;
1357:
1358: return pid;
1359: }
1360:
1361: static void
1362: mux_client_request_terminate(int fd)
1363: {
1364: Buffer m;
1365: char *e;
1366: u_int type, rid;
1367:
1368: debug3("%s: entering", __func__);
1369:
1370: buffer_init(&m);
1371: buffer_put_int(&m, MUX_C_TERMINATE);
1372: buffer_put_int(&m, muxclient_request_id);
1373:
1374: if (mux_client_write_packet(fd, &m) != 0)
1375: fatal("%s: write packet: %s", __func__, strerror(errno));
1.1 djm 1376:
1377: buffer_clear(&m);
1378:
1.10 djm 1379: /* Read their reply */
1380: if (mux_client_read_packet(fd, &m) != 0) {
1381: /* Remote end exited already */
1382: if (errno == EPIPE) {
1383: buffer_free(&m);
1384: return;
1.2 djm 1385: }
1.10 djm 1386: fatal("%s: read from master failed: %s",
1387: __func__, strerror(errno));
1388: }
1389:
1390: type = buffer_get_int(&m);
1391: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1392: fatal("%s: out of sequence reply: my id %u theirs %u",
1393: __func__, muxclient_request_id, rid);
1394: switch (type) {
1395: case MUX_S_OK:
1396: break;
1397: case MUX_S_PERMISSION_DENIED:
1398: e = buffer_get_string(&m, NULL);
1399: fatal("Master refused termination request: %s", e);
1400: case MUX_S_FAILURE:
1401: e = buffer_get_string(&m, NULL);
1402: fatal("%s: termination request failed: %s", __func__, e);
1403: default:
1404: fatal("%s: unexpected response from master 0x%08x",
1405: __func__, type);
1406: }
1407: buffer_free(&m);
1408: muxclient_request_id++;
1409: }
1410:
1411: static int
1412: mux_client_request_forward(int fd, u_int ftype, Forward *fwd)
1413: {
1414: Buffer m;
1415: char *e, *fwd_desc;
1416: u_int type, rid;
1417:
1418: fwd_desc = format_forward(ftype, fwd);
1419: debug("Requesting %s", fwd_desc);
1420: xfree(fwd_desc);
1421:
1422: buffer_init(&m);
1423: buffer_put_int(&m, MUX_C_OPEN_FWD);
1424: buffer_put_int(&m, muxclient_request_id);
1425: buffer_put_int(&m, ftype);
1426: buffer_put_cstring(&m,
1427: fwd->listen_host == NULL ? "" : fwd->listen_host);
1428: buffer_put_int(&m, fwd->listen_port);
1429: buffer_put_cstring(&m,
1430: fwd->connect_host == NULL ? "" : fwd->connect_host);
1431: buffer_put_int(&m, fwd->connect_port);
1432:
1433: if (mux_client_write_packet(fd, &m) != 0)
1434: fatal("%s: write packet: %s", __func__, strerror(errno));
1435:
1436: buffer_clear(&m);
1437:
1438: /* Read their reply */
1439: if (mux_client_read_packet(fd, &m) != 0) {
1440: buffer_free(&m);
1441: return -1;
1442: }
1443:
1444: type = buffer_get_int(&m);
1445: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1446: fatal("%s: out of sequence reply: my id %u theirs %u",
1447: __func__, muxclient_request_id, rid);
1448: switch (type) {
1449: case MUX_S_OK:
1.1 djm 1450: break;
1.18 markus 1451: case MUX_S_REMOTE_PORT:
1452: fwd->allocated_port = buffer_get_int(&m);
1453: logit("Allocated port %u for remote forward to %s:%d",
1454: fwd->allocated_port,
1455: fwd->connect_host ? fwd->connect_host : "",
1456: fwd->connect_port);
1457: if (muxclient_command == SSHMUX_COMMAND_FORWARD)
1458: fprintf(stdout, "%u\n", fwd->allocated_port);
1459: break;
1.10 djm 1460: case MUX_S_PERMISSION_DENIED:
1461: e = buffer_get_string(&m, NULL);
1462: buffer_free(&m);
1463: error("Master refused forwarding request: %s", e);
1464: return -1;
1465: case MUX_S_FAILURE:
1466: e = buffer_get_string(&m, NULL);
1467: buffer_free(&m);
1468: error("%s: session request failed: %s", __func__, e);
1469: return -1;
1.1 djm 1470: default:
1.10 djm 1471: fatal("%s: unexpected response from master 0x%08x",
1472: __func__, type);
1473: }
1474: buffer_free(&m);
1475:
1476: muxclient_request_id++;
1477: return 0;
1478: }
1479:
1480: static int
1481: mux_client_request_forwards(int fd)
1482: {
1483: int i;
1484:
1485: debug3("%s: requesting forwardings: %d local, %d remote", __func__,
1486: options.num_local_forwards, options.num_remote_forwards);
1487:
1488: /* XXX ExitOnForwardingFailure */
1489: for (i = 0; i < options.num_local_forwards; i++) {
1490: if (mux_client_request_forward(fd,
1491: options.local_forwards[i].connect_port == 0 ?
1492: MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1493: options.local_forwards + i) != 0)
1494: return -1;
1495: }
1496: for (i = 0; i < options.num_remote_forwards; i++) {
1497: if (mux_client_request_forward(fd, MUX_FWD_REMOTE,
1498: options.remote_forwards + i) != 0)
1499: return -1;
1500: }
1501: return 0;
1502: }
1503:
1504: static int
1505: mux_client_request_session(int fd)
1506: {
1507: Buffer m;
1508: char *e, *term;
1509: u_int i, rid, sid, esid, exitval, type, exitval_seen;
1510: extern char **environ;
1511: int devnull;
1512:
1513: debug3("%s: entering", __func__);
1514:
1515: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1516: error("%s: master alive request failed", __func__);
1517: return -1;
1.1 djm 1518: }
1519:
1.10 djm 1520: signal(SIGPIPE, SIG_IGN);
1521:
1522: if (stdin_null_flag) {
1523: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1524: fatal("open(/dev/null): %s", strerror(errno));
1525: if (dup2(devnull, STDIN_FILENO) == -1)
1526: fatal("dup2: %s", strerror(errno));
1527: if (devnull > STDERR_FILENO)
1528: close(devnull);
1.5 djm 1529: }
1.1 djm 1530:
1.10 djm 1531: term = getenv("TERM");
1532:
1533: buffer_init(&m);
1534: buffer_put_int(&m, MUX_C_NEW_SESSION);
1535: buffer_put_int(&m, muxclient_request_id);
1536: buffer_put_cstring(&m, ""); /* reserved */
1537: buffer_put_int(&m, tty_flag);
1538: buffer_put_int(&m, options.forward_x11);
1539: buffer_put_int(&m, options.forward_agent);
1540: buffer_put_int(&m, subsystem_flag);
1541: buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ?
1542: 0xffffffff : (u_int)options.escape_char);
1543: buffer_put_cstring(&m, term == NULL ? "" : term);
1544: buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command));
1545:
1546: if (options.num_send_env > 0 && environ != NULL) {
1547: /* Pass environment */
1548: for (i = 0; environ[i] != NULL; i++) {
1549: if (env_permitted(environ[i])) {
1550: buffer_put_cstring(&m, environ[i]);
1551: }
1552: }
1.5 djm 1553: }
1554:
1.10 djm 1555: if (mux_client_write_packet(fd, &m) != 0)
1556: fatal("%s: write packet: %s", __func__, strerror(errno));
1557:
1558: /* Send the stdio file descriptors */
1559: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1560: mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1561: mm_send_fd(fd, STDERR_FILENO) == -1)
1562: fatal("%s: send fds failed", __func__);
1563:
1564: debug3("%s: session request sent", __func__);
1.1 djm 1565:
1.10 djm 1566: /* Read their reply */
1.1 djm 1567: buffer_clear(&m);
1.10 djm 1568: if (mux_client_read_packet(fd, &m) != 0) {
1569: error("%s: read from master failed: %s",
1570: __func__, strerror(errno));
1571: buffer_free(&m);
1572: return -1;
1573: }
1574:
1575: type = buffer_get_int(&m);
1576: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1577: fatal("%s: out of sequence reply: my id %u theirs %u",
1578: __func__, muxclient_request_id, rid);
1579: switch (type) {
1580: case MUX_S_SESSION_OPENED:
1581: sid = buffer_get_int(&m);
1582: debug("%s: master session id: %u", __func__, sid);
1583: break;
1584: case MUX_S_PERMISSION_DENIED:
1585: e = buffer_get_string(&m, NULL);
1586: buffer_free(&m);
1587: error("Master refused forwarding request: %s", e);
1588: return -1;
1589: case MUX_S_FAILURE:
1590: e = buffer_get_string(&m, NULL);
1591: buffer_free(&m);
1592: error("%s: forwarding request failed: %s", __func__, e);
1593: return -1;
1594: default:
1595: buffer_free(&m);
1596: error("%s: unexpected response from master 0x%08x",
1597: __func__, type);
1598: return -1;
1599: }
1600: muxclient_request_id++;
1.1 djm 1601:
1602: signal(SIGHUP, control_client_sighandler);
1603: signal(SIGINT, control_client_sighandler);
1604: signal(SIGTERM, control_client_sighandler);
1605: signal(SIGWINCH, control_client_sigrelay);
1606:
1607: if (tty_flag)
1.9 djm 1608: enter_raw_mode(force_tty_flag);
1.1 djm 1609:
1610: /*
1611: * Stick around until the controlee closes the client_fd.
1.10 djm 1612: * Before it does, it is expected to write an exit message.
1613: * This process must read the value and wait for the closure of
1614: * the client_fd; if this one closes early, the multiplex master will
1615: * terminate early too (possibly losing data).
1.1 djm 1616: */
1.10 djm 1617: for (exitval = 255, exitval_seen = 0;;) {
1618: buffer_clear(&m);
1619: if (mux_client_read_packet(fd, &m) != 0)
1.1 djm 1620: break;
1.10 djm 1621: type = buffer_get_int(&m);
1622: if (type != MUX_S_EXIT_MESSAGE) {
1623: e = buffer_get_string(&m, NULL);
1624: fatal("%s: master returned error: %s", __func__, e);
1.1 djm 1625: }
1.10 djm 1626: if ((esid = buffer_get_int(&m)) != sid)
1627: fatal("%s: exit on unknown session: my id %u theirs %u",
1628: __func__, sid, esid);
1629: debug("%s: master session id: %u", __func__, sid);
1630: if (exitval_seen)
1631: fatal("%s: exitval sent twice", __func__);
1632: exitval = buffer_get_int(&m);
1633: exitval_seen = 1;
1.1 djm 1634: }
1635:
1.10 djm 1636: close(fd);
1.9 djm 1637: leave_raw_mode(force_tty_flag);
1.10 djm 1638:
1.1 djm 1639: if (muxclient_terminate) {
1640: debug2("Exiting on signal %d", muxclient_terminate);
1.10 djm 1641: exitval = 255;
1642: } else if (!exitval_seen) {
1.1 djm 1643: debug2("Control master terminated unexpectedly");
1.10 djm 1644: exitval = 255;
1.1 djm 1645: } else
1.10 djm 1646: debug2("Received exit status from master %d", exitval);
1.1 djm 1647:
1648: if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
1649: fprintf(stderr, "Shared connection to %s closed.\r\n", host);
1650:
1.10 djm 1651: exit(exitval);
1652: }
1653:
1654: static int
1655: mux_client_request_stdio_fwd(int fd)
1656: {
1657: Buffer m;
1658: char *e;
1659: u_int type, rid, sid;
1660: int devnull;
1661:
1662: debug3("%s: entering", __func__);
1663:
1664: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1665: error("%s: master alive request failed", __func__);
1666: return -1;
1667: }
1668:
1669: signal(SIGPIPE, SIG_IGN);
1670:
1671: if (stdin_null_flag) {
1672: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1673: fatal("open(/dev/null): %s", strerror(errno));
1674: if (dup2(devnull, STDIN_FILENO) == -1)
1675: fatal("dup2: %s", strerror(errno));
1676: if (devnull > STDERR_FILENO)
1677: close(devnull);
1678: }
1679:
1680: buffer_init(&m);
1681: buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
1682: buffer_put_int(&m, muxclient_request_id);
1683: buffer_put_cstring(&m, ""); /* reserved */
1684: buffer_put_cstring(&m, stdio_forward_host);
1685: buffer_put_int(&m, stdio_forward_port);
1686:
1687: if (mux_client_write_packet(fd, &m) != 0)
1688: fatal("%s: write packet: %s", __func__, strerror(errno));
1689:
1690: /* Send the stdio file descriptors */
1691: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1692: mm_send_fd(fd, STDOUT_FILENO) == -1)
1693: fatal("%s: send fds failed", __func__);
1694:
1695: debug3("%s: stdio forward request sent", __func__);
1696:
1697: /* Read their reply */
1698: buffer_clear(&m);
1699:
1700: if (mux_client_read_packet(fd, &m) != 0) {
1701: error("%s: read from master failed: %s",
1702: __func__, strerror(errno));
1703: buffer_free(&m);
1704: return -1;
1705: }
1706:
1707: type = buffer_get_int(&m);
1708: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1709: fatal("%s: out of sequence reply: my id %u theirs %u",
1710: __func__, muxclient_request_id, rid);
1711: switch (type) {
1712: case MUX_S_SESSION_OPENED:
1713: sid = buffer_get_int(&m);
1714: debug("%s: master session id: %u", __func__, sid);
1715: break;
1716: case MUX_S_PERMISSION_DENIED:
1717: e = buffer_get_string(&m, NULL);
1718: buffer_free(&m);
1719: fatal("Master refused forwarding request: %s", e);
1720: case MUX_S_FAILURE:
1721: e = buffer_get_string(&m, NULL);
1722: buffer_free(&m);
1723: fatal("%s: stdio forwarding request failed: %s", __func__, e);
1724: default:
1725: buffer_free(&m);
1726: error("%s: unexpected response from master 0x%08x",
1727: __func__, type);
1728: return -1;
1729: }
1730: muxclient_request_id++;
1731:
1732: signal(SIGHUP, control_client_sighandler);
1733: signal(SIGINT, control_client_sighandler);
1734: signal(SIGTERM, control_client_sighandler);
1735: signal(SIGWINCH, control_client_sigrelay);
1736:
1737: /*
1738: * Stick around until the controlee closes the client_fd.
1739: */
1740: buffer_clear(&m);
1741: if (mux_client_read_packet(fd, &m) != 0) {
1742: if (errno == EPIPE ||
1743: (errno == EINTR && muxclient_terminate != 0))
1744: return 0;
1745: fatal("%s: mux_client_read_packet: %s",
1746: __func__, strerror(errno));
1747: }
1748: fatal("%s: master returned unexpected message %u", __func__, type);
1749: }
1750:
1751: /* Multiplex client main loop. */
1752: void
1753: muxclient(const char *path)
1754: {
1755: struct sockaddr_un addr;
1756: int sock;
1757: u_int pid;
1758:
1759: if (muxclient_command == 0) {
1760: if (stdio_forward_host != NULL)
1761: muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
1762: else
1763: muxclient_command = SSHMUX_COMMAND_OPEN;
1764: }
1765:
1766: switch (options.control_master) {
1767: case SSHCTL_MASTER_AUTO:
1768: case SSHCTL_MASTER_AUTO_ASK:
1769: debug("auto-mux: Trying existing master");
1770: /* FALLTHROUGH */
1771: case SSHCTL_MASTER_NO:
1772: break;
1773: default:
1774: return;
1775: }
1776:
1777: memset(&addr, '\0', sizeof(addr));
1778: addr.sun_family = AF_UNIX;
1779: addr.sun_len = offsetof(struct sockaddr_un, sun_path) +
1780: strlen(path) + 1;
1781:
1782: if (strlcpy(addr.sun_path, path,
1783: sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1784: fatal("ControlPath too long");
1785:
1786: if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1787: fatal("%s socket(): %s", __func__, strerror(errno));
1788:
1789: if (connect(sock, (struct sockaddr *)&addr, addr.sun_len) == -1) {
1790: switch (muxclient_command) {
1791: case SSHMUX_COMMAND_OPEN:
1792: case SSHMUX_COMMAND_STDIO_FWD:
1793: break;
1794: default:
1795: fatal("Control socket connect(%.100s): %s", path,
1796: strerror(errno));
1797: }
1798: if (errno == ENOENT)
1799: debug("Control socket \"%.100s\" does not exist", path);
1800: else {
1801: error("Control socket connect(%.100s): %s", path,
1802: strerror(errno));
1803: }
1804: close(sock);
1805: return;
1806: }
1807: set_nonblock(sock);
1808:
1809: if (mux_client_hello_exchange(sock) != 0) {
1810: error("%s: master hello exchange failed", __func__);
1811: close(sock);
1812: return;
1813: }
1814:
1815: switch (muxclient_command) {
1816: case SSHMUX_COMMAND_ALIVE_CHECK:
1817: if ((pid = mux_client_request_alive(sock)) == 0)
1818: fatal("%s: master alive check failed", __func__);
1819: fprintf(stderr, "Master running (pid=%d)\r\n", pid);
1820: exit(0);
1821: case SSHMUX_COMMAND_TERMINATE:
1822: mux_client_request_terminate(sock);
1823: fprintf(stderr, "Exit request sent.\r\n");
1.18 markus 1824: exit(0);
1825: case SSHMUX_COMMAND_FORWARD:
1826: if (mux_client_request_forwards(sock) != 0)
1827: fatal("%s: master forward request failed", __func__);
1.10 djm 1828: exit(0);
1829: case SSHMUX_COMMAND_OPEN:
1830: if (mux_client_request_forwards(sock) != 0) {
1831: error("%s: master forward request failed", __func__);
1832: return;
1833: }
1834: mux_client_request_session(sock);
1835: return;
1836: case SSHMUX_COMMAND_STDIO_FWD:
1837: mux_client_request_stdio_fwd(sock);
1838: exit(0);
1839: default:
1840: fatal("unrecognised muxclient_command %d", muxclient_command);
1841: }
1.1 djm 1842: }