Annotation of src/usr.bin/ssh/mux.c, Revision 1.65
1.65 ! djm 1: /* $OpenBSD: mux.c,v 1.64 2017/01/21 11:32:04 guenther Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: /* ssh session multiplexing support */
19:
1.2 djm 20: /*
21: * TODO:
1.10 djm 22: * - Better signalling from master to slave, especially passing of
1.2 djm 23: * error messages
1.10 djm 24: * - Better fall-back from mux slave error to new connection.
25: * - ExitOnForwardingFailure
26: * - Maybe extension mechanisms for multi-X11/multi-agent forwarding
27: * - Support ~^Z in mux slaves.
28: * - Inspect or control sessions in master.
29: * - If we ever support the "signal" channel request, send signals on
30: * sessions in master.
1.2 djm 31: */
32:
1.1 djm 33: #include <sys/types.h>
34: #include <sys/queue.h>
35: #include <sys/stat.h>
36: #include <sys/socket.h>
37: #include <sys/un.h>
38:
39: #include <errno.h>
40: #include <fcntl.h>
1.10 djm 41: #include <poll.h>
1.1 djm 42: #include <signal.h>
43: #include <stdarg.h>
44: #include <stddef.h>
45: #include <stdlib.h>
46: #include <stdio.h>
47: #include <string.h>
48: #include <unistd.h>
49: #include <util.h>
50: #include <paths.h>
51:
1.10 djm 52: #include "atomicio.h"
1.1 djm 53: #include "xmalloc.h"
54: #include "log.h"
55: #include "ssh.h"
1.18 markus 56: #include "ssh2.h"
1.1 djm 57: #include "pathnames.h"
58: #include "misc.h"
59: #include "match.h"
60: #include "buffer.h"
61: #include "channels.h"
62: #include "msg.h"
63: #include "packet.h"
64: #include "monitor_fdpass.h"
65: #include "sshpty.h"
66: #include "key.h"
67: #include "readconf.h"
68: #include "clientloop.h"
1.62 markus 69: #include "ssherr.h"
1.1 djm 70:
71: /* from ssh.c */
72: extern int tty_flag;
73: extern Options options;
74: extern int stdin_null_flag;
75: extern char *host;
1.8 dtucker 76: extern int subsystem_flag;
1.1 djm 77: extern Buffer command;
1.10 djm 78: extern volatile sig_atomic_t quit_pending;
1.1 djm 79:
1.2 djm 80: /* Context for session open confirmation callback */
81: struct mux_session_confirm_ctx {
1.10 djm 82: u_int want_tty;
83: u_int want_subsys;
84: u_int want_x_fwd;
85: u_int want_agent_fwd;
1.2 djm 86: Buffer cmd;
87: char *term;
88: struct termios tio;
89: char **env;
1.17 djm 90: u_int rid;
1.2 djm 91: };
92:
1.48 djm 93: /* Context for stdio fwd open confirmation callback */
94: struct mux_stdio_confirm_ctx {
95: u_int rid;
96: };
97:
1.18 markus 98: /* Context for global channel callback */
99: struct mux_channel_confirm_ctx {
100: u_int cid; /* channel id */
101: u_int rid; /* request id */
102: int fid; /* forward id */
103: };
104:
1.1 djm 105: /* fd to control socket */
106: int muxserver_sock = -1;
107:
1.10 djm 108: /* client request id */
109: u_int muxclient_request_id = 0;
110:
1.1 djm 111: /* Multiplexing control command */
112: u_int muxclient_command = 0;
113:
114: /* Set when signalled. */
115: static volatile sig_atomic_t muxclient_terminate = 0;
116:
117: /* PID of multiplex server */
118: static u_int muxserver_pid = 0;
119:
1.10 djm 120: static Channel *mux_listener_channel = NULL;
121:
122: struct mux_master_state {
123: int hello_rcvd;
124: };
1.1 djm 125:
1.10 djm 126: /* mux protocol messages */
127: #define MUX_MSG_HELLO 0x00000001
128: #define MUX_C_NEW_SESSION 0x10000002
129: #define MUX_C_ALIVE_CHECK 0x10000004
130: #define MUX_C_TERMINATE 0x10000005
131: #define MUX_C_OPEN_FWD 0x10000006
132: #define MUX_C_CLOSE_FWD 0x10000007
133: #define MUX_C_NEW_STDIO_FWD 0x10000008
1.25 djm 134: #define MUX_C_STOP_LISTENING 0x10000009
1.62 markus 135: #define MUX_C_PROXY 0x1000000f
1.10 djm 136: #define MUX_S_OK 0x80000001
137: #define MUX_S_PERMISSION_DENIED 0x80000002
138: #define MUX_S_FAILURE 0x80000003
139: #define MUX_S_EXIT_MESSAGE 0x80000004
140: #define MUX_S_ALIVE 0x80000005
141: #define MUX_S_SESSION_OPENED 0x80000006
1.18 markus 142: #define MUX_S_REMOTE_PORT 0x80000007
1.28 djm 143: #define MUX_S_TTY_ALLOC_FAIL 0x80000008
1.62 markus 144: #define MUX_S_PROXY 0x8000000f
1.10 djm 145:
146: /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
147: #define MUX_FWD_LOCAL 1
148: #define MUX_FWD_REMOTE 2
149: #define MUX_FWD_DYNAMIC 3
150:
1.17 djm 151: static void mux_session_confirm(int, int, void *);
1.48 djm 152: static void mux_stdio_confirm(int, int, void *);
1.10 djm 153:
154: static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *);
155: static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *);
156: static int process_mux_alive_check(u_int, Channel *, Buffer *, Buffer *);
157: static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *);
158: static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
159: static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
160: static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
1.25 djm 161: static int process_mux_stop_listening(u_int, Channel *, Buffer *, Buffer *);
1.62 markus 162: static int process_mux_proxy(u_int, Channel *, Buffer *, Buffer *);
1.10 djm 163:
164: static const struct {
165: u_int type;
166: int (*handler)(u_int, Channel *, Buffer *, Buffer *);
167: } mux_master_handlers[] = {
168: { MUX_MSG_HELLO, process_mux_master_hello },
169: { MUX_C_NEW_SESSION, process_mux_new_session },
170: { MUX_C_ALIVE_CHECK, process_mux_alive_check },
171: { MUX_C_TERMINATE, process_mux_terminate },
172: { MUX_C_OPEN_FWD, process_mux_open_fwd },
173: { MUX_C_CLOSE_FWD, process_mux_close_fwd },
174: { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
1.25 djm 175: { MUX_C_STOP_LISTENING, process_mux_stop_listening },
1.62 markus 176: { MUX_C_PROXY, process_mux_proxy },
1.10 djm 177: { 0, NULL }
178: };
1.1 djm 179:
1.10 djm 180: /* Cleanup callback fired on closure of mux slave _session_ channel */
181: /* ARGSUSED */
1.42 dtucker 182: static void
1.10 djm 183: mux_master_session_cleanup_cb(int cid, void *unused)
1.1 djm 184: {
1.10 djm 185: Channel *cc, *c = channel_by_id(cid);
1.1 djm 186:
1.10 djm 187: debug3("%s: entering for channel %d", __func__, cid);
188: if (c == NULL)
189: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
190: if (c->ctl_chan != -1) {
191: if ((cc = channel_by_id(c->ctl_chan)) == NULL)
192: fatal("%s: channel %d missing control channel %d",
193: __func__, c->self, c->ctl_chan);
194: c->ctl_chan = -1;
195: cc->remote_id = -1;
196: chan_rcvd_oclose(cc);
1.1 djm 197: }
1.10 djm 198: channel_cancel_cleanup(c->self);
1.1 djm 199: }
200:
1.10 djm 201: /* Cleanup callback fired on closure of mux slave _control_ channel */
202: /* ARGSUSED */
1.1 djm 203: static void
1.10 djm 204: mux_master_control_cleanup_cb(int cid, void *unused)
1.1 djm 205: {
1.10 djm 206: Channel *sc, *c = channel_by_id(cid);
1.1 djm 207:
1.10 djm 208: debug3("%s: entering for channel %d", __func__, cid);
209: if (c == NULL)
210: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
211: if (c->remote_id != -1) {
212: if ((sc = channel_by_id(c->remote_id)) == NULL)
1.15 djm 213: fatal("%s: channel %d missing session channel %d",
1.10 djm 214: __func__, c->self, c->remote_id);
215: c->remote_id = -1;
216: sc->ctl_chan = -1;
1.39 djm 217: if (sc->type != SSH_CHANNEL_OPEN &&
218: sc->type != SSH_CHANNEL_OPENING) {
1.12 djm 219: debug2("%s: channel %d: not open", __func__, sc->self);
1.13 djm 220: chan_mark_dead(sc);
1.12 djm 221: } else {
1.14 djm 222: if (sc->istate == CHAN_INPUT_OPEN)
223: chan_read_failed(sc);
224: if (sc->ostate == CHAN_OUTPUT_OPEN)
225: chan_write_failed(sc);
1.12 djm 226: }
1.1 djm 227: }
1.10 djm 228: channel_cancel_cleanup(c->self);
1.1 djm 229: }
230:
1.10 djm 231: /* Check mux client environment variables before passing them to mux master. */
232: static int
233: env_permitted(char *env)
1.1 djm 234: {
1.10 djm 235: int i, ret;
236: char name[1024], *cp;
1.1 djm 237:
1.10 djm 238: if ((cp = strchr(env, '=')) == NULL || cp == env)
1.1 djm 239: return 0;
1.10 djm 240: ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
241: if (ret <= 0 || (size_t)ret >= sizeof(name)) {
242: error("env_permitted: name '%.100s...' too long", env);
1.1 djm 243: return 0;
244: }
245:
1.10 djm 246: for (i = 0; i < options.num_send_env; i++)
247: if (match_pattern(name, options.send_env[i]))
248: return 1;
1.1 djm 249:
1.10 djm 250: return 0;
251: }
1.1 djm 252:
1.10 djm 253: /* Mux master protocol message handlers */
1.1 djm 254:
1.10 djm 255: static int
256: process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
257: {
258: u_int ver;
259: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1.1 djm 260:
1.10 djm 261: if (state == NULL)
262: fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
263: if (state->hello_rcvd) {
264: error("%s: HELLO received twice", __func__);
265: return -1;
266: }
267: if (buffer_get_int_ret(&ver, m) != 0) {
268: malf:
269: error("%s: malformed message", __func__);
270: return -1;
271: }
272: if (ver != SSHMUX_VER) {
273: error("Unsupported multiplexing protocol version %d "
274: "(expected %d)", ver, SSHMUX_VER);
275: return -1;
276: }
277: debug2("%s: channel %d slave version %u", __func__, c->self, ver);
278:
279: /* No extensions are presently defined */
280: while (buffer_len(m) > 0) {
281: char *name = buffer_get_string_ret(m, NULL);
282: char *value = buffer_get_string_ret(m, NULL);
283:
284: if (name == NULL || value == NULL) {
1.41 djm 285: free(name);
1.43 dtucker 286: free(value);
1.10 djm 287: goto malf;
1.1 djm 288: }
1.10 djm 289: debug2("Unrecognised slave extension \"%s\"", name);
1.41 djm 290: free(name);
291: free(value);
1.1 djm 292: }
1.10 djm 293: state->hello_rcvd = 1;
294: return 0;
295: }
296:
297: static int
298: process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
299: {
300: Channel *nc;
301: struct mux_session_confirm_ctx *cctx;
302: char *reserved, *cmd, *cp;
303: u_int i, j, len, env_len, escape_char, window, packetmax;
304: int new_fd[3];
1.1 djm 305:
306: /* Reply for SSHMUX_COMMAND_OPEN */
1.10 djm 307: cctx = xcalloc(1, sizeof(*cctx));
308: cctx->term = NULL;
1.17 djm 309: cctx->rid = rid;
1.11 djm 310: cmd = reserved = NULL;
1.36 djm 311: cctx->env = NULL;
312: env_len = 0;
1.10 djm 313: if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
314: buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
315: buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
316: buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 ||
317: buffer_get_int_ret(&cctx->want_subsys, m) != 0 ||
318: buffer_get_int_ret(&escape_char, m) != 0 ||
319: (cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
320: (cmd = buffer_get_string_ret(m, &len)) == NULL) {
321: malf:
1.41 djm 322: free(cmd);
323: free(reserved);
1.36 djm 324: for (j = 0; j < env_len; j++)
1.41 djm 325: free(cctx->env[j]);
326: free(cctx->env);
327: free(cctx->term);
328: free(cctx);
1.10 djm 329: error("%s: malformed message", __func__);
330: return -1;
1.1 djm 331: }
1.41 djm 332: free(reserved);
1.11 djm 333: reserved = NULL;
1.1 djm 334:
1.10 djm 335: while (buffer_len(m) > 0) {
336: #define MUX_MAX_ENV_VARS 4096
1.34 djm 337: if ((cp = buffer_get_string_ret(m, &len)) == NULL)
1.10 djm 338: goto malf;
339: if (!env_permitted(cp)) {
1.41 djm 340: free(cp);
1.10 djm 341: continue;
342: }
1.51 deraadt 343: cctx->env = xreallocarray(cctx->env, env_len + 2,
1.10 djm 344: sizeof(*cctx->env));
345: cctx->env[env_len++] = cp;
346: cctx->env[env_len] = NULL;
347: if (env_len > MUX_MAX_ENV_VARS) {
348: error(">%d environment variables received, ignoring "
349: "additional", MUX_MAX_ENV_VARS);
350: break;
351: }
1.1 djm 352: }
353:
1.10 djm 354: debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
355: "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
356: cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
357: cctx->want_subsys, cctx->term, cmd, env_len);
1.1 djm 358:
359: buffer_init(&cctx->cmd);
360: buffer_append(&cctx->cmd, cmd, strlen(cmd));
1.41 djm 361: free(cmd);
1.11 djm 362: cmd = NULL;
1.1 djm 363:
364: /* Gather fds from client */
365: for(i = 0; i < 3; i++) {
1.10 djm 366: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
1.1 djm 367: error("%s: failed to receive fd %d from slave",
368: __func__, i);
369: for (j = 0; j < i; j++)
370: close(new_fd[j]);
371: for (j = 0; j < env_len; j++)
1.41 djm 372: free(cctx->env[j]);
373: free(cctx->env);
374: free(cctx->term);
1.1 djm 375: buffer_free(&cctx->cmd);
1.41 djm 376: free(cctx);
1.10 djm 377:
378: /* prepare reply */
379: buffer_put_int(r, MUX_S_FAILURE);
380: buffer_put_int(r, rid);
381: buffer_put_cstring(r,
382: "did not receive file descriptors");
383: return -1;
1.1 djm 384: }
385: }
386:
1.10 djm 387: debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
1.1 djm 388: new_fd[0], new_fd[1], new_fd[2]);
389:
1.10 djm 390: /* XXX support multiple child sessions in future */
391: if (c->remote_id != -1) {
392: debug2("%s: session already open", __func__);
393: /* prepare reply */
394: buffer_put_int(r, MUX_S_FAILURE);
395: buffer_put_int(r, rid);
396: buffer_put_cstring(r, "Multiple sessions not supported");
397: cleanup:
1.1 djm 398: close(new_fd[0]);
399: close(new_fd[1]);
400: close(new_fd[2]);
1.41 djm 401: free(cctx->term);
1.1 djm 402: if (env_len != 0) {
403: for (i = 0; i < env_len; i++)
1.41 djm 404: free(cctx->env[i]);
405: free(cctx->env);
1.1 djm 406: }
1.10 djm 407: buffer_free(&cctx->cmd);
1.41 djm 408: free(cctx);
1.1 djm 409: return 0;
410: }
1.10 djm 411:
412: if (options.control_master == SSHCTL_MASTER_ASK ||
413: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
414: if (!ask_permission("Allow shared connection to %s? ", host)) {
415: debug2("%s: session refused by user", __func__);
416: /* prepare reply */
417: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
418: buffer_put_int(r, rid);
419: buffer_put_cstring(r, "Permission denied");
420: goto cleanup;
421: }
422: }
423:
424: /* Try to pick up ttymodes from client before it goes raw */
425: if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
426: error("%s: tcgetattr: %s", __func__, strerror(errno));
1.1 djm 427:
428: /* enable nonblocking unless tty */
429: if (!isatty(new_fd[0]))
430: set_nonblock(new_fd[0]);
431: if (!isatty(new_fd[1]))
432: set_nonblock(new_fd[1]);
433: if (!isatty(new_fd[2]))
434: set_nonblock(new_fd[2]);
435:
436: window = CHAN_SES_WINDOW_DEFAULT;
437: packetmax = CHAN_SES_PACKET_DEFAULT;
438: if (cctx->want_tty) {
439: window >>= 1;
440: packetmax >>= 1;
441: }
1.10 djm 442:
443: nc = channel_new("session", SSH_CHANNEL_OPENING,
1.1 djm 444: new_fd[0], new_fd[1], new_fd[2], window, packetmax,
445: CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
446:
1.10 djm 447: nc->ctl_chan = c->self; /* link session -> control channel */
448: c->remote_id = nc->self; /* link control -> session channel */
449:
1.2 djm 450: if (cctx->want_tty && escape_char != 0xffffffff) {
1.10 djm 451: channel_register_filter(nc->self,
1.2 djm 452: client_simple_escape_filter, NULL,
1.4 djm 453: client_filter_cleanup,
1.2 djm 454: client_new_escape_filter_ctx((int)escape_char));
455: }
1.1 djm 456:
1.10 djm 457: debug2("%s: channel_new: %d linked to control channel %d",
458: __func__, nc->self, nc->ctl_chan);
459:
460: channel_send_open(nc->self);
461: channel_register_open_confirm(nc->self, mux_session_confirm, cctx);
1.17 djm 462: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1.16 djm 463: channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
1.10 djm 464:
1.17 djm 465: /* reply is deferred, sent by mux_session_confirm */
1.1 djm 466: return 0;
467: }
468:
1.10 djm 469: static int
470: process_mux_alive_check(u_int rid, Channel *c, Buffer *m, Buffer *r)
1.1 djm 471: {
1.10 djm 472: debug2("%s: channel %d: alive check", __func__, c->self);
1.1 djm 473:
1.10 djm 474: /* prepare reply */
475: buffer_put_int(r, MUX_S_ALIVE);
476: buffer_put_int(r, rid);
477: buffer_put_int(r, (u_int)getpid());
1.1 djm 478:
1.10 djm 479: return 0;
1.1 djm 480: }
481:
482: static int
1.10 djm 483: process_mux_terminate(u_int rid, Channel *c, Buffer *m, Buffer *r)
1.1 djm 484: {
1.10 djm 485: debug2("%s: channel %d: terminate request", __func__, c->self);
1.1 djm 486:
1.10 djm 487: if (options.control_master == SSHCTL_MASTER_ASK ||
488: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
489: if (!ask_permission("Terminate shared connection to %s? ",
490: host)) {
491: debug2("%s: termination refused by user", __func__);
492: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
493: buffer_put_int(r, rid);
494: buffer_put_cstring(r, "Permission denied");
495: return 0;
496: }
497: }
1.1 djm 498:
1.10 djm 499: quit_pending = 1;
500: buffer_put_int(r, MUX_S_OK);
501: buffer_put_int(r, rid);
502: /* XXX exit happens too soon - message never makes it to client */
503: return 0;
1.1 djm 504: }
505:
1.10 djm 506: static char *
1.46 millert 507: format_forward(u_int ftype, struct Forward *fwd)
1.1 djm 508: {
1.10 djm 509: char *ret;
1.1 djm 510:
1.10 djm 511: switch (ftype) {
512: case MUX_FWD_LOCAL:
513: xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
1.46 millert 514: (fwd->listen_path != NULL) ? fwd->listen_path :
1.10 djm 515: (fwd->listen_host == NULL) ?
1.46 millert 516: (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
1.10 djm 517: fwd->listen_host, fwd->listen_port,
1.46 millert 518: (fwd->connect_path != NULL) ? fwd->connect_path :
1.10 djm 519: fwd->connect_host, fwd->connect_port);
520: break;
521: case MUX_FWD_DYNAMIC:
522: xasprintf(&ret, "dynamic forward %.200s:%d -> *",
523: (fwd->listen_host == NULL) ?
1.46 millert 524: (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
1.10 djm 525: fwd->listen_host, fwd->listen_port);
526: break;
527: case MUX_FWD_REMOTE:
528: xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
1.46 millert 529: (fwd->listen_path != NULL) ? fwd->listen_path :
1.10 djm 530: (fwd->listen_host == NULL) ?
531: "LOCALHOST" : fwd->listen_host,
532: fwd->listen_port,
1.46 millert 533: (fwd->connect_path != NULL) ? fwd->connect_path :
1.10 djm 534: fwd->connect_host, fwd->connect_port);
1.1 djm 535: break;
536: default:
1.10 djm 537: fatal("%s: unknown forward type %u", __func__, ftype);
1.1 djm 538: }
1.10 djm 539: return ret;
540: }
1.1 djm 541:
1.10 djm 542: static int
543: compare_host(const char *a, const char *b)
544: {
545: if (a == NULL && b == NULL)
546: return 1;
547: if (a == NULL || b == NULL)
548: return 0;
549: return strcmp(a, b) == 0;
550: }
1.1 djm 551:
1.10 djm 552: static int
1.46 millert 553: compare_forward(struct Forward *a, struct Forward *b)
1.10 djm 554: {
555: if (!compare_host(a->listen_host, b->listen_host))
556: return 0;
1.46 millert 557: if (!compare_host(a->listen_path, b->listen_path))
558: return 0;
1.10 djm 559: if (a->listen_port != b->listen_port)
560: return 0;
561: if (!compare_host(a->connect_host, b->connect_host))
562: return 0;
1.46 millert 563: if (!compare_host(a->connect_path, b->connect_path))
564: return 0;
1.10 djm 565: if (a->connect_port != b->connect_port)
566: return 0;
1.1 djm 567:
1.10 djm 568: return 1;
569: }
1.1 djm 570:
1.18 markus 571: static void
572: mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
573: {
574: struct mux_channel_confirm_ctx *fctx = ctxt;
575: char *failmsg = NULL;
1.46 millert 576: struct Forward *rfwd;
1.18 markus 577: Channel *c;
578: Buffer out;
579:
580: if ((c = channel_by_id(fctx->cid)) == NULL) {
581: /* no channel for reply */
582: error("%s: unknown channel", __func__);
583: return;
584: }
585: buffer_init(&out);
1.53 djm 586: if (fctx->fid >= options.num_remote_forwards ||
587: (options.remote_forwards[fctx->fid].connect_path == NULL &&
588: options.remote_forwards[fctx->fid].connect_host == NULL)) {
1.18 markus 589: xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
590: goto fail;
591: }
592: rfwd = &options.remote_forwards[fctx->fid];
593: debug("%s: %s for: listen %d, connect %s:%d", __func__,
594: type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
1.46 millert 595: rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path :
596: rfwd->connect_host, rfwd->connect_port);
1.18 markus 597: if (type == SSH2_MSG_REQUEST_SUCCESS) {
598: if (rfwd->listen_port == 0) {
599: rfwd->allocated_port = packet_get_int();
1.52 djm 600: debug("Allocated port %u for mux remote forward"
1.18 markus 601: " to %s:%d", rfwd->allocated_port,
602: rfwd->connect_host, rfwd->connect_port);
603: buffer_put_int(&out, MUX_S_REMOTE_PORT);
604: buffer_put_int(&out, fctx->rid);
605: buffer_put_int(&out, rfwd->allocated_port);
1.31 markus 606: channel_update_permitted_opens(rfwd->handle,
607: rfwd->allocated_port);
1.18 markus 608: } else {
609: buffer_put_int(&out, MUX_S_OK);
610: buffer_put_int(&out, fctx->rid);
611: }
612: goto out;
613: } else {
1.31 markus 614: if (rfwd->listen_port == 0)
615: channel_update_permitted_opens(rfwd->handle, -1);
1.46 millert 616: if (rfwd->listen_path != NULL)
617: xasprintf(&failmsg, "remote port forwarding failed for "
618: "listen path %s", rfwd->listen_path);
619: else
620: xasprintf(&failmsg, "remote port forwarding failed for "
621: "listen port %d", rfwd->listen_port);
1.53 djm 622:
623: debug2("%s: clearing registered forwarding for listen %d, "
624: "connect %s:%d", __func__, rfwd->listen_port,
625: rfwd->connect_path ? rfwd->connect_path :
626: rfwd->connect_host, rfwd->connect_port);
627:
628: free(rfwd->listen_host);
629: free(rfwd->listen_path);
630: free(rfwd->connect_host);
631: free(rfwd->connect_path);
632: memset(rfwd, 0, sizeof(*rfwd));
1.18 markus 633: }
634: fail:
635: error("%s: %s", __func__, failmsg);
636: buffer_put_int(&out, MUX_S_FAILURE);
637: buffer_put_int(&out, fctx->rid);
638: buffer_put_cstring(&out, failmsg);
1.41 djm 639: free(failmsg);
1.18 markus 640: out:
641: buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
642: buffer_free(&out);
643: if (c->mux_pause <= 0)
644: fatal("%s: mux_pause %d", __func__, c->mux_pause);
645: c->mux_pause = 0; /* start processing messages again */
646: }
647:
1.10 djm 648: static int
649: process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
650: {
1.46 millert 651: struct Forward fwd;
1.10 djm 652: char *fwd_desc = NULL;
1.46 millert 653: char *listen_addr, *connect_addr;
1.10 djm 654: u_int ftype;
1.44 djm 655: u_int lport, cport;
1.10 djm 656: int i, ret = 0, freefwd = 1;
657:
1.54 djm 658: memset(&fwd, 0, sizeof(fwd));
659:
1.46 millert 660: /* XXX - lport/cport check redundant */
1.10 djm 661: if (buffer_get_int_ret(&ftype, m) != 0 ||
1.46 millert 662: (listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
1.44 djm 663: buffer_get_int_ret(&lport, m) != 0 ||
1.46 millert 664: (connect_addr = buffer_get_string_ret(m, NULL)) == NULL ||
1.44 djm 665: buffer_get_int_ret(&cport, m) != 0 ||
1.46 millert 666: (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
667: (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
1.10 djm 668: error("%s: malformed message", __func__);
669: ret = -1;
670: goto out;
671: }
1.46 millert 672: if (*listen_addr == '\0') {
673: free(listen_addr);
674: listen_addr = NULL;
675: }
676: if (*connect_addr == '\0') {
677: free(connect_addr);
678: connect_addr = NULL;
679: }
680:
681: memset(&fwd, 0, sizeof(fwd));
1.44 djm 682: fwd.listen_port = lport;
1.46 millert 683: if (fwd.listen_port == PORT_STREAMLOCAL)
684: fwd.listen_path = listen_addr;
685: else
686: fwd.listen_host = listen_addr;
1.44 djm 687: fwd.connect_port = cport;
1.46 millert 688: if (fwd.connect_port == PORT_STREAMLOCAL)
689: fwd.connect_path = connect_addr;
690: else
691: fwd.connect_host = connect_addr;
1.10 djm 692:
693: debug2("%s: channel %d: request %s", __func__, c->self,
694: (fwd_desc = format_forward(ftype, &fwd)));
695:
696: if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
697: ftype != MUX_FWD_DYNAMIC) {
698: logit("%s: invalid forwarding type %u", __func__, ftype);
699: invalid:
1.46 millert 700: free(listen_addr);
701: free(connect_addr);
1.10 djm 702: buffer_put_int(r, MUX_S_FAILURE);
703: buffer_put_int(r, rid);
704: buffer_put_cstring(r, "Invalid forwarding request");
705: return 0;
706: }
1.46 millert 707: if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) {
708: logit("%s: streamlocal and dynamic forwards "
709: "are mutually exclusive", __func__);
710: goto invalid;
711: }
712: if (fwd.listen_port != PORT_STREAMLOCAL && fwd.listen_port >= 65536) {
1.10 djm 713: logit("%s: invalid listen port %u", __func__,
714: fwd.listen_port);
715: goto invalid;
716: }
1.46 millert 717: if ((fwd.connect_port != PORT_STREAMLOCAL && fwd.connect_port >= 65536)
718: || (ftype != MUX_FWD_DYNAMIC && ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) {
1.10 djm 719: logit("%s: invalid connect port %u", __func__,
720: fwd.connect_port);
721: goto invalid;
722: }
1.46 millert 723: if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL && fwd.connect_path == NULL) {
1.10 djm 724: logit("%s: missing connect host", __func__);
725: goto invalid;
726: }
727:
728: /* Skip forwards that have already been requested */
729: switch (ftype) {
730: case MUX_FWD_LOCAL:
731: case MUX_FWD_DYNAMIC:
732: for (i = 0; i < options.num_local_forwards; i++) {
733: if (compare_forward(&fwd,
734: options.local_forwards + i)) {
735: exists:
736: debug2("%s: found existing forwarding",
737: __func__);
738: buffer_put_int(r, MUX_S_OK);
739: buffer_put_int(r, rid);
740: goto out;
741: }
742: }
743: break;
744: case MUX_FWD_REMOTE:
745: for (i = 0; i < options.num_remote_forwards; i++) {
746: if (compare_forward(&fwd,
1.18 markus 747: options.remote_forwards + i)) {
748: if (fwd.listen_port != 0)
749: goto exists;
750: debug2("%s: found allocated port",
751: __func__);
752: buffer_put_int(r, MUX_S_REMOTE_PORT);
753: buffer_put_int(r, rid);
754: buffer_put_int(r,
755: options.remote_forwards[i].allocated_port);
756: goto out;
757: }
1.10 djm 758: }
759: break;
760: }
761:
762: if (options.control_master == SSHCTL_MASTER_ASK ||
763: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
764: if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
765: debug2("%s: forwarding refused by user", __func__);
766: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
767: buffer_put_int(r, rid);
768: buffer_put_cstring(r, "Permission denied");
769: goto out;
770: }
771: }
772:
773: if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
1.46 millert 774: if (!channel_setup_local_fwd_listener(&fwd,
775: &options.fwd_opts)) {
1.10 djm 776: fail:
777: logit("slave-requested %s failed", fwd_desc);
778: buffer_put_int(r, MUX_S_FAILURE);
779: buffer_put_int(r, rid);
780: buffer_put_cstring(r, "Port forwarding failed");
781: goto out;
782: }
783: add_local_forward(&options, &fwd);
784: freefwd = 0;
785: } else {
1.18 markus 786: struct mux_channel_confirm_ctx *fctx;
787:
1.46 millert 788: fwd.handle = channel_request_remote_forwarding(&fwd);
1.31 markus 789: if (fwd.handle < 0)
1.10 djm 790: goto fail;
791: add_remote_forward(&options, &fwd);
1.18 markus 792: fctx = xcalloc(1, sizeof(*fctx));
793: fctx->cid = c->self;
794: fctx->rid = rid;
1.20 djm 795: fctx->fid = options.num_remote_forwards - 1;
1.18 markus 796: client_register_global_confirm(mux_confirm_remote_forward,
797: fctx);
1.10 djm 798: freefwd = 0;
1.18 markus 799: c->mux_pause = 1; /* wait for mux_confirm_remote_forward */
800: /* delayed reply in mux_confirm_remote_forward */
801: goto out;
1.10 djm 802: }
803: buffer_put_int(r, MUX_S_OK);
804: buffer_put_int(r, rid);
805: out:
1.41 djm 806: free(fwd_desc);
1.10 djm 807: if (freefwd) {
1.41 djm 808: free(fwd.listen_host);
1.46 millert 809: free(fwd.listen_path);
1.41 djm 810: free(fwd.connect_host);
1.46 millert 811: free(fwd.connect_path);
1.10 djm 812: }
813: return ret;
814: }
815:
816: static int
817: process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
818: {
1.46 millert 819: struct Forward fwd, *found_fwd;
1.10 djm 820: char *fwd_desc = NULL;
1.30 djm 821: const char *error_reason = NULL;
1.46 millert 822: char *listen_addr = NULL, *connect_addr = NULL;
1.10 djm 823: u_int ftype;
1.46 millert 824: int i, ret = 0;
1.44 djm 825: u_int lport, cport;
1.54 djm 826:
827: memset(&fwd, 0, sizeof(fwd));
1.10 djm 828:
829: if (buffer_get_int_ret(&ftype, m) != 0 ||
1.46 millert 830: (listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
1.44 djm 831: buffer_get_int_ret(&lport, m) != 0 ||
1.46 millert 832: (connect_addr = buffer_get_string_ret(m, NULL)) == NULL ||
1.44 djm 833: buffer_get_int_ret(&cport, m) != 0 ||
1.46 millert 834: (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
835: (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
1.10 djm 836: error("%s: malformed message", __func__);
837: ret = -1;
838: goto out;
839: }
840:
1.46 millert 841: if (*listen_addr == '\0') {
842: free(listen_addr);
843: listen_addr = NULL;
1.10 djm 844: }
1.46 millert 845: if (*connect_addr == '\0') {
846: free(connect_addr);
847: connect_addr = NULL;
1.10 djm 848: }
849:
1.46 millert 850: memset(&fwd, 0, sizeof(fwd));
851: fwd.listen_port = lport;
852: if (fwd.listen_port == PORT_STREAMLOCAL)
853: fwd.listen_path = listen_addr;
854: else
855: fwd.listen_host = listen_addr;
856: fwd.connect_port = cport;
857: if (fwd.connect_port == PORT_STREAMLOCAL)
858: fwd.connect_path = connect_addr;
859: else
860: fwd.connect_host = connect_addr;
861:
1.30 djm 862: debug2("%s: channel %d: request cancel %s", __func__, c->self,
1.10 djm 863: (fwd_desc = format_forward(ftype, &fwd)));
864:
1.30 djm 865: /* make sure this has been requested */
866: found_fwd = NULL;
867: switch (ftype) {
868: case MUX_FWD_LOCAL:
869: case MUX_FWD_DYNAMIC:
870: for (i = 0; i < options.num_local_forwards; i++) {
871: if (compare_forward(&fwd,
872: options.local_forwards + i)) {
873: found_fwd = options.local_forwards + i;
874: break;
875: }
876: }
877: break;
878: case MUX_FWD_REMOTE:
879: for (i = 0; i < options.num_remote_forwards; i++) {
880: if (compare_forward(&fwd,
881: options.remote_forwards + i)) {
882: found_fwd = options.remote_forwards + i;
883: break;
884: }
885: }
886: break;
887: }
888:
889: if (found_fwd == NULL)
890: error_reason = "port not forwarded";
891: else if (ftype == MUX_FWD_REMOTE) {
892: /*
893: * This shouldn't fail unless we confused the host/port
894: * between options.remote_forwards and permitted_opens.
1.31 markus 895: * However, for dynamic allocated listen ports we need
1.46 millert 896: * to use the actual listen port.
1.30 djm 897: */
1.46 millert 898: if (channel_request_rforward_cancel(found_fwd) == -1)
1.30 djm 899: error_reason = "port not in permitted opens";
900: } else { /* local and dynamic forwards */
901: /* Ditto */
1.46 millert 902: if (channel_cancel_lport_listener(&fwd, fwd.connect_port,
903: &options.fwd_opts) == -1)
1.30 djm 904: error_reason = "port not found";
905: }
906:
907: if (error_reason == NULL) {
908: buffer_put_int(r, MUX_S_OK);
909: buffer_put_int(r, rid);
1.10 djm 910:
1.41 djm 911: free(found_fwd->listen_host);
1.46 millert 912: free(found_fwd->listen_path);
1.41 djm 913: free(found_fwd->connect_host);
1.46 millert 914: free(found_fwd->connect_path);
1.30 djm 915: found_fwd->listen_host = found_fwd->connect_host = NULL;
1.46 millert 916: found_fwd->listen_path = found_fwd->connect_path = NULL;
1.30 djm 917: found_fwd->listen_port = found_fwd->connect_port = 0;
918: } else {
919: buffer_put_int(r, MUX_S_FAILURE);
920: buffer_put_int(r, rid);
921: buffer_put_cstring(r, error_reason);
922: }
1.10 djm 923: out:
1.41 djm 924: free(fwd_desc);
1.46 millert 925: free(listen_addr);
926: free(connect_addr);
1.10 djm 927:
928: return ret;
929: }
930:
931: static int
932: process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
933: {
934: Channel *nc;
935: char *reserved, *chost;
936: u_int cport, i, j;
937: int new_fd[2];
1.48 djm 938: struct mux_stdio_confirm_ctx *cctx;
1.10 djm 939:
1.11 djm 940: chost = reserved = NULL;
1.10 djm 941: if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
942: (chost = buffer_get_string_ret(m, NULL)) == NULL ||
943: buffer_get_int_ret(&cport, m) != 0) {
1.41 djm 944: free(reserved);
945: free(chost);
1.10 djm 946: error("%s: malformed message", __func__);
947: return -1;
948: }
1.41 djm 949: free(reserved);
1.10 djm 950:
951: debug2("%s: channel %d: request stdio fwd to %s:%u",
952: __func__, c->self, chost, cport);
953:
954: /* Gather fds from client */
955: for(i = 0; i < 2; i++) {
956: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
957: error("%s: failed to receive fd %d from slave",
958: __func__, i);
959: for (j = 0; j < i; j++)
960: close(new_fd[j]);
1.41 djm 961: free(chost);
1.10 djm 962:
963: /* prepare reply */
964: buffer_put_int(r, MUX_S_FAILURE);
965: buffer_put_int(r, rid);
966: buffer_put_cstring(r,
967: "did not receive file descriptors");
968: return -1;
969: }
970: }
971:
972: debug3("%s: got fds stdin %d, stdout %d", __func__,
973: new_fd[0], new_fd[1]);
974:
975: /* XXX support multiple child sessions in future */
976: if (c->remote_id != -1) {
977: debug2("%s: session already open", __func__);
978: /* prepare reply */
979: buffer_put_int(r, MUX_S_FAILURE);
980: buffer_put_int(r, rid);
981: buffer_put_cstring(r, "Multiple sessions not supported");
982: cleanup:
983: close(new_fd[0]);
984: close(new_fd[1]);
1.41 djm 985: free(chost);
1.10 djm 986: return 0;
987: }
988:
989: if (options.control_master == SSHCTL_MASTER_ASK ||
990: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
1.23 dtucker 991: if (!ask_permission("Allow forward to %s:%u? ",
1.10 djm 992: chost, cport)) {
993: debug2("%s: stdio fwd refused by user", __func__);
994: /* prepare reply */
995: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
996: buffer_put_int(r, rid);
997: buffer_put_cstring(r, "Permission denied");
998: goto cleanup;
999: }
1000: }
1001:
1002: /* enable nonblocking unless tty */
1003: if (!isatty(new_fd[0]))
1004: set_nonblock(new_fd[0]);
1005: if (!isatty(new_fd[1]))
1006: set_nonblock(new_fd[1]);
1007:
1008: nc = channel_connect_stdio_fwd(chost, cport, new_fd[0], new_fd[1]);
1009:
1010: nc->ctl_chan = c->self; /* link session -> control channel */
1011: c->remote_id = nc->self; /* link control -> session channel */
1012:
1013: debug2("%s: channel_new: %d linked to control channel %d",
1014: __func__, nc->self, nc->ctl_chan);
1015:
1.16 djm 1016: channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
1.10 djm 1017:
1.48 djm 1018: cctx = xcalloc(1, sizeof(*cctx));
1019: cctx->rid = rid;
1020: channel_register_open_confirm(nc->self, mux_stdio_confirm, cctx);
1021: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1022:
1023: /* reply is deferred, sent by mux_session_confirm */
1024: return 0;
1025: }
1026:
1027: /* Callback on open confirmation in mux master for a mux stdio fwd session. */
1028: static void
1029: mux_stdio_confirm(int id, int success, void *arg)
1030: {
1031: struct mux_stdio_confirm_ctx *cctx = arg;
1032: Channel *c, *cc;
1033: Buffer reply;
1034:
1035: if (cctx == NULL)
1036: fatal("%s: cctx == NULL", __func__);
1037: if ((c = channel_by_id(id)) == NULL)
1038: fatal("%s: no channel for id %d", __func__, id);
1039: if ((cc = channel_by_id(c->ctl_chan)) == NULL)
1040: fatal("%s: channel %d lacks control channel %d", __func__,
1041: id, c->ctl_chan);
1042:
1043: if (!success) {
1044: debug3("%s: sending failure reply", __func__);
1045: /* prepare reply */
1046: buffer_init(&reply);
1047: buffer_put_int(&reply, MUX_S_FAILURE);
1048: buffer_put_int(&reply, cctx->rid);
1049: buffer_put_cstring(&reply, "Session open refused by peer");
1050: goto done;
1051: }
1052:
1053: debug3("%s: sending success reply", __func__);
1.10 djm 1054: /* prepare reply */
1.48 djm 1055: buffer_init(&reply);
1056: buffer_put_int(&reply, MUX_S_SESSION_OPENED);
1057: buffer_put_int(&reply, cctx->rid);
1058: buffer_put_int(&reply, c->self);
1059:
1060: done:
1061: /* Send reply */
1062: buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply));
1063: buffer_free(&reply);
1.10 djm 1064:
1.48 djm 1065: if (cc->mux_pause <= 0)
1066: fatal("%s: mux_pause %d", __func__, cc->mux_pause);
1067: cc->mux_pause = 0; /* start processing messages again */
1068: c->open_confirm_ctx = NULL;
1069: free(cctx);
1.10 djm 1070: }
1071:
1.25 djm 1072: static int
1073: process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r)
1074: {
1075: debug("%s: channel %d: stop listening", __func__, c->self);
1076:
1077: if (options.control_master == SSHCTL_MASTER_ASK ||
1078: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
1079: if (!ask_permission("Disable further multiplexing on shared "
1080: "connection to %s? ", host)) {
1081: debug2("%s: stop listen refused by user", __func__);
1082: buffer_put_int(r, MUX_S_PERMISSION_DENIED);
1083: buffer_put_int(r, rid);
1084: buffer_put_cstring(r, "Permission denied");
1085: return 0;
1086: }
1087: }
1088:
1089: if (mux_listener_channel != NULL) {
1090: channel_free(mux_listener_channel);
1091: client_stop_mux();
1.41 djm 1092: free(options.control_path);
1.25 djm 1093: options.control_path = NULL;
1094: mux_listener_channel = NULL;
1095: muxserver_sock = -1;
1096: }
1097:
1098: /* prepare reply */
1099: buffer_put_int(r, MUX_S_OK);
1100: buffer_put_int(r, rid);
1101:
1102: return 0;
1103: }
1104:
1.62 markus 1105: static int
1106: process_mux_proxy(u_int rid, Channel *c, Buffer *m, Buffer *r)
1107: {
1108: debug("%s: channel %d: proxy request", __func__, c->self);
1109:
1110: c->mux_rcb = channel_proxy_downstream;
1111: buffer_put_int(r, MUX_S_PROXY);
1112: buffer_put_int(r, rid);
1113:
1114: return 0;
1115: }
1116:
1.10 djm 1117: /* Channel callbacks fired on read/write from mux slave fd */
1118: static int
1119: mux_master_read_cb(Channel *c)
1120: {
1121: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1122: Buffer in, out;
1.45 djm 1123: const u_char *ptr;
1.10 djm 1124: u_int type, rid, have, i;
1125: int ret = -1;
1126:
1127: /* Setup ctx and */
1128: if (c->mux_ctx == NULL) {
1.19 djm 1129: state = xcalloc(1, sizeof(*state));
1.10 djm 1130: c->mux_ctx = state;
1131: channel_register_cleanup(c->self,
1132: mux_master_control_cleanup_cb, 0);
1133:
1134: /* Send hello */
1135: buffer_init(&out);
1136: buffer_put_int(&out, MUX_MSG_HELLO);
1137: buffer_put_int(&out, SSHMUX_VER);
1138: /* no extensions */
1139: buffer_put_string(&c->output, buffer_ptr(&out),
1140: buffer_len(&out));
1141: buffer_free(&out);
1142: debug3("%s: channel %d: hello sent", __func__, c->self);
1143: return 0;
1144: }
1145:
1146: buffer_init(&in);
1147: buffer_init(&out);
1148:
1149: /* Channel code ensures that we receive whole packets */
1150: if ((ptr = buffer_get_string_ptr_ret(&c->input, &have)) == NULL) {
1151: malf:
1152: error("%s: malformed message", __func__);
1153: goto out;
1154: }
1155: buffer_append(&in, ptr, have);
1156:
1157: if (buffer_get_int_ret(&type, &in) != 0)
1158: goto malf;
1159: debug3("%s: channel %d packet type 0x%08x len %u",
1160: __func__, c->self, type, buffer_len(&in));
1161:
1162: if (type == MUX_MSG_HELLO)
1163: rid = 0;
1164: else {
1165: if (!state->hello_rcvd) {
1166: error("%s: expected MUX_MSG_HELLO(0x%08x), "
1167: "received 0x%08x", __func__, MUX_MSG_HELLO, type);
1168: goto out;
1.1 djm 1169: }
1.10 djm 1170: if (buffer_get_int_ret(&rid, &in) != 0)
1171: goto malf;
1172: }
1173:
1174: for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
1175: if (type == mux_master_handlers[i].type) {
1176: ret = mux_master_handlers[i].handler(rid, c, &in, &out);
1177: break;
1.1 djm 1178: }
1.10 djm 1179: }
1180: if (mux_master_handlers[i].handler == NULL) {
1181: error("%s: unsupported mux message 0x%08x", __func__, type);
1182: buffer_put_int(&out, MUX_S_FAILURE);
1183: buffer_put_int(&out, rid);
1184: buffer_put_cstring(&out, "unsupported request");
1185: ret = 0;
1186: }
1187: /* Enqueue reply packet */
1188: if (buffer_len(&out) != 0) {
1189: buffer_put_string(&c->output, buffer_ptr(&out),
1190: buffer_len(&out));
1191: }
1192: out:
1193: buffer_free(&in);
1194: buffer_free(&out);
1195: return ret;
1196: }
1197:
1198: void
1199: mux_exit_message(Channel *c, int exitval)
1200: {
1201: Buffer m;
1202: Channel *mux_chan;
1203:
1.40 dtucker 1204: debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
1.10 djm 1205: exitval);
1206:
1207: if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
1208: fatal("%s: channel %d missing mux channel %d",
1209: __func__, c->self, c->ctl_chan);
1210:
1211: /* Append exit message packet to control socket output queue */
1212: buffer_init(&m);
1213: buffer_put_int(&m, MUX_S_EXIT_MESSAGE);
1214: buffer_put_int(&m, c->self);
1215: buffer_put_int(&m, exitval);
1216:
1217: buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
1218: buffer_free(&m);
1219: }
1220:
1.28 djm 1221: void
1222: mux_tty_alloc_failed(Channel *c)
1223: {
1224: Buffer m;
1225: Channel *mux_chan;
1226:
1227: debug3("%s: channel %d: TTY alloc failed", __func__, c->self);
1228:
1229: if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
1230: fatal("%s: channel %d missing mux channel %d",
1231: __func__, c->self, c->ctl_chan);
1232:
1233: /* Append exit message packet to control socket output queue */
1234: buffer_init(&m);
1235: buffer_put_int(&m, MUX_S_TTY_ALLOC_FAIL);
1236: buffer_put_int(&m, c->self);
1237:
1238: buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
1239: buffer_free(&m);
1240: }
1241:
1.10 djm 1242: /* Prepare a mux master to listen on a Unix domain socket. */
1243: void
1244: muxserver_listen(void)
1245: {
1246: mode_t old_umask;
1.22 djm 1247: char *orig_control_path = options.control_path;
1248: char rbuf[16+1];
1249: u_int i, r;
1.47 djm 1250: int oerrno;
1.10 djm 1251:
1252: if (options.control_path == NULL ||
1253: options.control_master == SSHCTL_MASTER_NO)
1.1 djm 1254: return;
1.10 djm 1255:
1256: debug("setting up multiplex master socket");
1257:
1.22 djm 1258: /*
1259: * Use a temporary path before listen so we can pseudo-atomically
1260: * establish the listening socket in its final location to avoid
1261: * other processes racing in between bind() and listen() and hitting
1262: * an unready socket.
1263: */
1264: for (i = 0; i < sizeof(rbuf) - 1; i++) {
1265: r = arc4random_uniform(26+26+10);
1266: rbuf[i] = (r < 26) ? 'a' + r :
1267: (r < 26*2) ? 'A' + r - 26 :
1268: '0' + r - 26 - 26;
1269: }
1270: rbuf[sizeof(rbuf) - 1] = '\0';
1271: options.control_path = NULL;
1272: xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf);
1273: debug3("%s: temporary control path %s", __func__, options.control_path);
1274:
1.10 djm 1275: old_umask = umask(0177);
1.46 millert 1276: muxserver_sock = unix_listener(options.control_path, 64, 0);
1.47 djm 1277: oerrno = errno;
1.46 millert 1278: umask(old_umask);
1279: if (muxserver_sock < 0) {
1.47 djm 1280: if (oerrno == EINVAL || oerrno == EADDRINUSE) {
1.10 djm 1281: error("ControlSocket %s already exists, "
1282: "disabling multiplexing", options.control_path);
1.22 djm 1283: disable_mux_master:
1.26 djm 1284: if (muxserver_sock != -1) {
1285: close(muxserver_sock);
1286: muxserver_sock = -1;
1287: }
1.41 djm 1288: free(orig_control_path);
1289: free(options.control_path);
1.10 djm 1290: options.control_path = NULL;
1291: options.control_master = SSHCTL_MASTER_NO;
1292: return;
1.46 millert 1293: } else {
1294: /* unix_listener() logs the error */
1295: cleanup_exit(255);
1296: }
1.10 djm 1297: }
1298:
1.22 djm 1299: /* Now atomically "move" the mux socket into position */
1300: if (link(options.control_path, orig_control_path) != 0) {
1301: if (errno != EEXIST) {
1.59 djm 1302: fatal("%s: link mux listener %s => %s: %s", __func__,
1.22 djm 1303: options.control_path, orig_control_path,
1304: strerror(errno));
1305: }
1306: error("ControlSocket %s already exists, disabling multiplexing",
1307: orig_control_path);
1308: unlink(options.control_path);
1309: goto disable_mux_master;
1310: }
1311: unlink(options.control_path);
1.41 djm 1312: free(options.control_path);
1.22 djm 1313: options.control_path = orig_control_path;
1314:
1.10 djm 1315: set_nonblock(muxserver_sock);
1316:
1317: mux_listener_channel = channel_new("mux listener",
1318: SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
1319: CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1.22 djm 1320: 0, options.control_path, 1);
1.10 djm 1321: mux_listener_channel->mux_rcb = mux_master_read_cb;
1322: debug3("%s: mux listener channel %d fd %d", __func__,
1323: mux_listener_channel->self, mux_listener_channel->sock);
1324: }
1325:
1326: /* Callback on open confirmation in mux master for a mux client session. */
1327: static void
1.17 djm 1328: mux_session_confirm(int id, int success, void *arg)
1.10 djm 1329: {
1330: struct mux_session_confirm_ctx *cctx = arg;
1331: const char *display;
1.17 djm 1332: Channel *c, *cc;
1.10 djm 1333: int i;
1.17 djm 1334: Buffer reply;
1.10 djm 1335:
1336: if (cctx == NULL)
1337: fatal("%s: cctx == NULL", __func__);
1338: if ((c = channel_by_id(id)) == NULL)
1339: fatal("%s: no channel for id %d", __func__, id);
1.17 djm 1340: if ((cc = channel_by_id(c->ctl_chan)) == NULL)
1341: fatal("%s: channel %d lacks control channel %d", __func__,
1342: id, c->ctl_chan);
1343:
1344: if (!success) {
1345: debug3("%s: sending failure reply", __func__);
1346: /* prepare reply */
1347: buffer_init(&reply);
1348: buffer_put_int(&reply, MUX_S_FAILURE);
1349: buffer_put_int(&reply, cctx->rid);
1350: buffer_put_cstring(&reply, "Session open refused by peer");
1351: goto done;
1352: }
1.10 djm 1353:
1354: display = getenv("DISPLAY");
1355: if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1356: char *proto, *data;
1.21 djm 1357:
1.10 djm 1358: /* Get reasonable local authentication information. */
1.58 djm 1359: if (client_x11_get_proto(display, options.xauth_location,
1.21 djm 1360: options.forward_x11_trusted, options.forward_x11_timeout,
1.58 djm 1361: &proto, &data) == 0) {
1362: /* Request forwarding with authentication spoofing. */
1363: debug("Requesting X11 forwarding with authentication "
1364: "spoofing.");
1365: x11_request_forwarding_with_spoofing(id, display, proto,
1366: data, 1);
1367: /* XXX exit_on_forward_failure */
1368: client_expect_confirm(id, "X11 forwarding",
1369: CONFIRM_WARN);
1370: }
1.10 djm 1371: }
1372:
1373: if (cctx->want_agent_fwd && options.forward_agent) {
1374: debug("Requesting authentication agent forwarding.");
1375: channel_request_start(id, "auth-agent-req@openssh.com", 0);
1376: packet_send();
1377: }
1378:
1379: client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
1380: cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env);
1381:
1.17 djm 1382: debug3("%s: sending success reply", __func__);
1383: /* prepare reply */
1384: buffer_init(&reply);
1385: buffer_put_int(&reply, MUX_S_SESSION_OPENED);
1386: buffer_put_int(&reply, cctx->rid);
1387: buffer_put_int(&reply, c->self);
1388:
1389: done:
1390: /* Send reply */
1391: buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply));
1392: buffer_free(&reply);
1393:
1394: if (cc->mux_pause <= 0)
1395: fatal("%s: mux_pause %d", __func__, cc->mux_pause);
1396: cc->mux_pause = 0; /* start processing messages again */
1.10 djm 1397: c->open_confirm_ctx = NULL;
1398: buffer_free(&cctx->cmd);
1.41 djm 1399: free(cctx->term);
1.10 djm 1400: if (cctx->env != NULL) {
1401: for (i = 0; cctx->env[i] != NULL; i++)
1.41 djm 1402: free(cctx->env[i]);
1403: free(cctx->env);
1.1 djm 1404: }
1.41 djm 1405: free(cctx);
1.10 djm 1406: }
1407:
1408: /* ** Multiplexing client support */
1409:
1410: /* Exit signal handler */
1411: static void
1412: control_client_sighandler(int signo)
1413: {
1414: muxclient_terminate = signo;
1415: }
1416:
1417: /*
1418: * Relay signal handler - used to pass some signals from mux client to
1419: * mux master.
1420: */
1421: static void
1422: control_client_sigrelay(int signo)
1423: {
1424: int save_errno = errno;
1425:
1426: if (muxserver_pid > 1)
1427: kill(muxserver_pid, signo);
1428:
1429: errno = save_errno;
1430: }
1.1 djm 1431:
1.10 djm 1432: static int
1433: mux_client_read(int fd, Buffer *b, u_int need)
1434: {
1435: u_int have;
1436: ssize_t len;
1437: u_char *p;
1438: struct pollfd pfd;
1439:
1440: pfd.fd = fd;
1441: pfd.events = POLLIN;
1442: p = buffer_append_space(b, need);
1443: for (have = 0; have < need; ) {
1444: if (muxclient_terminate) {
1445: errno = EINTR;
1446: return -1;
1447: }
1448: len = read(fd, p + have, need - have);
1449: if (len < 0) {
1450: switch (errno) {
1451: case EAGAIN:
1452: (void)poll(&pfd, 1, -1);
1453: /* FALLTHROUGH */
1454: case EINTR:
1455: continue;
1456: default:
1457: return -1;
1458: }
1459: }
1460: if (len == 0) {
1461: errno = EPIPE;
1462: return -1;
1463: }
1464: have += (u_int)len;
1.1 djm 1465: }
1.10 djm 1466: return 0;
1467: }
1.1 djm 1468:
1.10 djm 1469: static int
1470: mux_client_write_packet(int fd, Buffer *m)
1471: {
1472: Buffer queue;
1473: u_int have, need;
1474: int oerrno, len;
1475: u_char *ptr;
1476: struct pollfd pfd;
1477:
1478: pfd.fd = fd;
1479: pfd.events = POLLOUT;
1480: buffer_init(&queue);
1481: buffer_put_string(&queue, buffer_ptr(m), buffer_len(m));
1482:
1483: need = buffer_len(&queue);
1484: ptr = buffer_ptr(&queue);
1485:
1486: for (have = 0; have < need; ) {
1487: if (muxclient_terminate) {
1488: buffer_free(&queue);
1489: errno = EINTR;
1490: return -1;
1491: }
1492: len = write(fd, ptr + have, need - have);
1493: if (len < 0) {
1494: switch (errno) {
1495: case EAGAIN:
1496: (void)poll(&pfd, 1, -1);
1497: /* FALLTHROUGH */
1498: case EINTR:
1499: continue;
1500: default:
1501: oerrno = errno;
1502: buffer_free(&queue);
1503: errno = oerrno;
1504: return -1;
1505: }
1506: }
1507: if (len == 0) {
1508: buffer_free(&queue);
1509: errno = EPIPE;
1510: return -1;
1511: }
1512: have += (u_int)len;
1513: }
1514: buffer_free(&queue);
1515: return 0;
1516: }
1.1 djm 1517:
1.10 djm 1518: static int
1519: mux_client_read_packet(int fd, Buffer *m)
1520: {
1521: Buffer queue;
1522: u_int need, have;
1.45 djm 1523: const u_char *ptr;
1.10 djm 1524: int oerrno;
1525:
1526: buffer_init(&queue);
1527: if (mux_client_read(fd, &queue, 4) != 0) {
1528: if ((oerrno = errno) == EPIPE)
1.43 dtucker 1529: debug3("%s: read header failed: %s", __func__,
1530: strerror(errno));
1531: buffer_free(&queue);
1.10 djm 1532: errno = oerrno;
1533: return -1;
1534: }
1535: need = get_u32(buffer_ptr(&queue));
1536: if (mux_client_read(fd, &queue, need) != 0) {
1537: oerrno = errno;
1538: debug3("%s: read body failed: %s", __func__, strerror(errno));
1.43 dtucker 1539: buffer_free(&queue);
1.10 djm 1540: errno = oerrno;
1541: return -1;
1542: }
1543: ptr = buffer_get_string_ptr(&queue, &have);
1544: buffer_append(m, ptr, have);
1545: buffer_free(&queue);
1546: return 0;
1547: }
1.1 djm 1548:
1.10 djm 1549: static int
1550: mux_client_hello_exchange(int fd)
1551: {
1552: Buffer m;
1553: u_int type, ver;
1.65 ! djm 1554: int ret = -1;
1.1 djm 1555:
1556: buffer_init(&m);
1.10 djm 1557: buffer_put_int(&m, MUX_MSG_HELLO);
1558: buffer_put_int(&m, SSHMUX_VER);
1559: /* no extensions */
1560:
1.65 ! djm 1561: if (mux_client_write_packet(fd, &m) != 0) {
! 1562: debug("%s: write packet: %s", __func__, strerror(errno));
! 1563: goto out;
! 1564: }
1.1 djm 1565:
1.10 djm 1566: buffer_clear(&m);
1567:
1568: /* Read their HELLO */
1569: if (mux_client_read_packet(fd, &m) != 0) {
1.65 ! djm 1570: debug("%s: read packet failed", __func__);
! 1571: goto out;
1.10 djm 1572: }
1573:
1574: type = buffer_get_int(&m);
1.65 ! djm 1575: if (type != MUX_MSG_HELLO) {
! 1576: error("%s: expected HELLO (%u) received %u",
1.10 djm 1577: __func__, MUX_MSG_HELLO, type);
1.65 ! djm 1578: goto out;
! 1579: }
1.10 djm 1580: ver = buffer_get_int(&m);
1.65 ! djm 1581: if (ver != SSHMUX_VER) {
! 1582: error("Unsupported multiplexing protocol version %d "
1.10 djm 1583: "(expected %d)", ver, SSHMUX_VER);
1.65 ! djm 1584: goto out;
! 1585: }
1.10 djm 1586: debug2("%s: master version %u", __func__, ver);
1587: /* No extensions are presently defined */
1588: while (buffer_len(&m) > 0) {
1589: char *name = buffer_get_string(&m, NULL);
1590: char *value = buffer_get_string(&m, NULL);
1591:
1592: debug2("Unrecognised master extension \"%s\"", name);
1.41 djm 1593: free(name);
1594: free(value);
1.5 djm 1595: }
1.65 ! djm 1596: /* success */
! 1597: ret = 0;
! 1598: out:
1.10 djm 1599: buffer_free(&m);
1.65 ! djm 1600: return ret;
1.10 djm 1601: }
1602:
1603: static u_int
1604: mux_client_request_alive(int fd)
1605: {
1606: Buffer m;
1607: char *e;
1608: u_int pid, type, rid;
1609:
1610: debug3("%s: entering", __func__);
1611:
1612: buffer_init(&m);
1613: buffer_put_int(&m, MUX_C_ALIVE_CHECK);
1614: buffer_put_int(&m, muxclient_request_id);
1615:
1616: if (mux_client_write_packet(fd, &m) != 0)
1617: fatal("%s: write packet: %s", __func__, strerror(errno));
1618:
1.1 djm 1619: buffer_clear(&m);
1620:
1.10 djm 1621: /* Read their reply */
1622: if (mux_client_read_packet(fd, &m) != 0) {
1623: buffer_free(&m);
1624: return 0;
1625: }
1626:
1627: type = buffer_get_int(&m);
1628: if (type != MUX_S_ALIVE) {
1629: e = buffer_get_string(&m, NULL);
1630: fatal("%s: master returned error: %s", __func__, e);
1.5 djm 1631: }
1.10 djm 1632:
1633: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1634: fatal("%s: out of sequence reply: my id %u theirs %u",
1635: __func__, muxclient_request_id, rid);
1636: pid = buffer_get_int(&m);
1637: buffer_free(&m);
1638:
1639: debug3("%s: done pid = %u", __func__, pid);
1640:
1641: muxclient_request_id++;
1642:
1643: return pid;
1644: }
1645:
1646: static void
1647: mux_client_request_terminate(int fd)
1648: {
1649: Buffer m;
1650: char *e;
1651: u_int type, rid;
1652:
1653: debug3("%s: entering", __func__);
1654:
1655: buffer_init(&m);
1656: buffer_put_int(&m, MUX_C_TERMINATE);
1657: buffer_put_int(&m, muxclient_request_id);
1658:
1659: if (mux_client_write_packet(fd, &m) != 0)
1660: fatal("%s: write packet: %s", __func__, strerror(errno));
1.1 djm 1661:
1662: buffer_clear(&m);
1663:
1.10 djm 1664: /* Read their reply */
1665: if (mux_client_read_packet(fd, &m) != 0) {
1666: /* Remote end exited already */
1667: if (errno == EPIPE) {
1668: buffer_free(&m);
1669: return;
1.2 djm 1670: }
1.10 djm 1671: fatal("%s: read from master failed: %s",
1672: __func__, strerror(errno));
1673: }
1674:
1675: type = buffer_get_int(&m);
1676: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1677: fatal("%s: out of sequence reply: my id %u theirs %u",
1678: __func__, muxclient_request_id, rid);
1679: switch (type) {
1680: case MUX_S_OK:
1681: break;
1682: case MUX_S_PERMISSION_DENIED:
1683: e = buffer_get_string(&m, NULL);
1684: fatal("Master refused termination request: %s", e);
1685: case MUX_S_FAILURE:
1686: e = buffer_get_string(&m, NULL);
1687: fatal("%s: termination request failed: %s", __func__, e);
1688: default:
1689: fatal("%s: unexpected response from master 0x%08x",
1690: __func__, type);
1691: }
1692: buffer_free(&m);
1693: muxclient_request_id++;
1694: }
1695:
1696: static int
1.46 millert 1697: mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd)
1.10 djm 1698: {
1699: Buffer m;
1700: char *e, *fwd_desc;
1701: u_int type, rid;
1702:
1703: fwd_desc = format_forward(ftype, fwd);
1.30 djm 1704: debug("Requesting %s %s",
1705: cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
1.41 djm 1706: free(fwd_desc);
1.10 djm 1707:
1708: buffer_init(&m);
1.30 djm 1709: buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD);
1.10 djm 1710: buffer_put_int(&m, muxclient_request_id);
1711: buffer_put_int(&m, ftype);
1.46 millert 1712: if (fwd->listen_path != NULL) {
1713: buffer_put_cstring(&m, fwd->listen_path);
1714: } else {
1715: buffer_put_cstring(&m,
1.49 djm 1716: fwd->listen_host == NULL ? "" :
1717: (*fwd->listen_host == '\0' ? "*" : fwd->listen_host));
1.46 millert 1718: }
1.10 djm 1719: buffer_put_int(&m, fwd->listen_port);
1.46 millert 1720: if (fwd->connect_path != NULL) {
1721: buffer_put_cstring(&m, fwd->connect_path);
1722: } else {
1723: buffer_put_cstring(&m,
1724: fwd->connect_host == NULL ? "" : fwd->connect_host);
1725: }
1.10 djm 1726: buffer_put_int(&m, fwd->connect_port);
1727:
1728: if (mux_client_write_packet(fd, &m) != 0)
1729: fatal("%s: write packet: %s", __func__, strerror(errno));
1730:
1731: buffer_clear(&m);
1732:
1733: /* Read their reply */
1734: if (mux_client_read_packet(fd, &m) != 0) {
1735: buffer_free(&m);
1736: return -1;
1737: }
1738:
1739: type = buffer_get_int(&m);
1740: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1741: fatal("%s: out of sequence reply: my id %u theirs %u",
1742: __func__, muxclient_request_id, rid);
1743: switch (type) {
1744: case MUX_S_OK:
1.1 djm 1745: break;
1.18 markus 1746: case MUX_S_REMOTE_PORT:
1.30 djm 1747: if (cancel_flag)
1748: fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__);
1.18 markus 1749: fwd->allocated_port = buffer_get_int(&m);
1.52 djm 1750: verbose("Allocated port %u for remote forward to %s:%d",
1.18 markus 1751: fwd->allocated_port,
1752: fwd->connect_host ? fwd->connect_host : "",
1753: fwd->connect_port);
1754: if (muxclient_command == SSHMUX_COMMAND_FORWARD)
1.55 djm 1755: fprintf(stdout, "%i\n", fwd->allocated_port);
1.18 markus 1756: break;
1.10 djm 1757: case MUX_S_PERMISSION_DENIED:
1758: e = buffer_get_string(&m, NULL);
1759: buffer_free(&m);
1760: error("Master refused forwarding request: %s", e);
1761: return -1;
1762: case MUX_S_FAILURE:
1763: e = buffer_get_string(&m, NULL);
1764: buffer_free(&m);
1.24 djm 1765: error("%s: forwarding request failed: %s", __func__, e);
1.10 djm 1766: return -1;
1.1 djm 1767: default:
1.10 djm 1768: fatal("%s: unexpected response from master 0x%08x",
1769: __func__, type);
1770: }
1771: buffer_free(&m);
1772:
1773: muxclient_request_id++;
1774: return 0;
1775: }
1776:
1777: static int
1.30 djm 1778: mux_client_forwards(int fd, int cancel_flag)
1.10 djm 1779: {
1.30 djm 1780: int i, ret = 0;
1.10 djm 1781:
1.30 djm 1782: debug3("%s: %s forwardings: %d local, %d remote", __func__,
1783: cancel_flag ? "cancel" : "request",
1.10 djm 1784: options.num_local_forwards, options.num_remote_forwards);
1785:
1786: /* XXX ExitOnForwardingFailure */
1787: for (i = 0; i < options.num_local_forwards; i++) {
1.30 djm 1788: if (mux_client_forward(fd, cancel_flag,
1.10 djm 1789: options.local_forwards[i].connect_port == 0 ?
1790: MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1791: options.local_forwards + i) != 0)
1.30 djm 1792: ret = -1;
1.10 djm 1793: }
1794: for (i = 0; i < options.num_remote_forwards; i++) {
1.30 djm 1795: if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE,
1.10 djm 1796: options.remote_forwards + i) != 0)
1.30 djm 1797: ret = -1;
1.10 djm 1798: }
1.30 djm 1799: return ret;
1.10 djm 1800: }
1801:
1802: static int
1803: mux_client_request_session(int fd)
1804: {
1805: Buffer m;
1806: char *e, *term;
1807: u_int i, rid, sid, esid, exitval, type, exitval_seen;
1808: extern char **environ;
1.28 djm 1809: int devnull, rawmode;
1.10 djm 1810:
1811: debug3("%s: entering", __func__);
1812:
1813: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1814: error("%s: master alive request failed", __func__);
1815: return -1;
1.1 djm 1816: }
1817:
1.10 djm 1818: signal(SIGPIPE, SIG_IGN);
1819:
1820: if (stdin_null_flag) {
1821: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1822: fatal("open(/dev/null): %s", strerror(errno));
1823: if (dup2(devnull, STDIN_FILENO) == -1)
1824: fatal("dup2: %s", strerror(errno));
1825: if (devnull > STDERR_FILENO)
1826: close(devnull);
1.5 djm 1827: }
1.1 djm 1828:
1.10 djm 1829: term = getenv("TERM");
1830:
1831: buffer_init(&m);
1832: buffer_put_int(&m, MUX_C_NEW_SESSION);
1833: buffer_put_int(&m, muxclient_request_id);
1834: buffer_put_cstring(&m, ""); /* reserved */
1835: buffer_put_int(&m, tty_flag);
1836: buffer_put_int(&m, options.forward_x11);
1837: buffer_put_int(&m, options.forward_agent);
1838: buffer_put_int(&m, subsystem_flag);
1839: buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ?
1840: 0xffffffff : (u_int)options.escape_char);
1841: buffer_put_cstring(&m, term == NULL ? "" : term);
1842: buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command));
1843:
1844: if (options.num_send_env > 0 && environ != NULL) {
1845: /* Pass environment */
1846: for (i = 0; environ[i] != NULL; i++) {
1847: if (env_permitted(environ[i])) {
1848: buffer_put_cstring(&m, environ[i]);
1849: }
1850: }
1.5 djm 1851: }
1852:
1.10 djm 1853: if (mux_client_write_packet(fd, &m) != 0)
1854: fatal("%s: write packet: %s", __func__, strerror(errno));
1855:
1856: /* Send the stdio file descriptors */
1857: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1858: mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1859: mm_send_fd(fd, STDERR_FILENO) == -1)
1860: fatal("%s: send fds failed", __func__);
1861:
1862: debug3("%s: session request sent", __func__);
1.1 djm 1863:
1.10 djm 1864: /* Read their reply */
1.1 djm 1865: buffer_clear(&m);
1.10 djm 1866: if (mux_client_read_packet(fd, &m) != 0) {
1867: error("%s: read from master failed: %s",
1868: __func__, strerror(errno));
1869: buffer_free(&m);
1870: return -1;
1871: }
1872:
1873: type = buffer_get_int(&m);
1874: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1875: fatal("%s: out of sequence reply: my id %u theirs %u",
1876: __func__, muxclient_request_id, rid);
1877: switch (type) {
1878: case MUX_S_SESSION_OPENED:
1879: sid = buffer_get_int(&m);
1880: debug("%s: master session id: %u", __func__, sid);
1881: break;
1882: case MUX_S_PERMISSION_DENIED:
1883: e = buffer_get_string(&m, NULL);
1884: buffer_free(&m);
1.24 djm 1885: error("Master refused session request: %s", e);
1.10 djm 1886: return -1;
1887: case MUX_S_FAILURE:
1888: e = buffer_get_string(&m, NULL);
1889: buffer_free(&m);
1.24 djm 1890: error("%s: session request failed: %s", __func__, e);
1.10 djm 1891: return -1;
1892: default:
1893: buffer_free(&m);
1894: error("%s: unexpected response from master 0x%08x",
1895: __func__, type);
1896: return -1;
1897: }
1898: muxclient_request_id++;
1.1 djm 1899:
1.57 semarie 1900: if (pledge("stdio proc tty", NULL) == -1)
1901: fatal("%s pledge(): %s", __func__, strerror(errno));
1902:
1.1 djm 1903: signal(SIGHUP, control_client_sighandler);
1904: signal(SIGINT, control_client_sighandler);
1905: signal(SIGTERM, control_client_sighandler);
1906: signal(SIGWINCH, control_client_sigrelay);
1907:
1.28 djm 1908: rawmode = tty_flag;
1.1 djm 1909: if (tty_flag)
1.27 djm 1910: enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1.1 djm 1911:
1912: /*
1913: * Stick around until the controlee closes the client_fd.
1.10 djm 1914: * Before it does, it is expected to write an exit message.
1915: * This process must read the value and wait for the closure of
1916: * the client_fd; if this one closes early, the multiplex master will
1917: * terminate early too (possibly losing data).
1.1 djm 1918: */
1.10 djm 1919: for (exitval = 255, exitval_seen = 0;;) {
1920: buffer_clear(&m);
1921: if (mux_client_read_packet(fd, &m) != 0)
1.1 djm 1922: break;
1.10 djm 1923: type = buffer_get_int(&m);
1.28 djm 1924: switch (type) {
1925: case MUX_S_TTY_ALLOC_FAIL:
1926: if ((esid = buffer_get_int(&m)) != sid)
1927: fatal("%s: tty alloc fail on unknown session: "
1928: "my id %u theirs %u",
1929: __func__, sid, esid);
1930: leave_raw_mode(options.request_tty ==
1931: REQUEST_TTY_FORCE);
1932: rawmode = 0;
1933: continue;
1934: case MUX_S_EXIT_MESSAGE:
1935: if ((esid = buffer_get_int(&m)) != sid)
1936: fatal("%s: exit on unknown session: "
1937: "my id %u theirs %u",
1938: __func__, sid, esid);
1939: if (exitval_seen)
1940: fatal("%s: exitval sent twice", __func__);
1941: exitval = buffer_get_int(&m);
1942: exitval_seen = 1;
1943: continue;
1944: default:
1.10 djm 1945: e = buffer_get_string(&m, NULL);
1946: fatal("%s: master returned error: %s", __func__, e);
1.1 djm 1947: }
1948: }
1949:
1.10 djm 1950: close(fd);
1.28 djm 1951: if (rawmode)
1952: leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1.10 djm 1953:
1.1 djm 1954: if (muxclient_terminate) {
1955: debug2("Exiting on signal %d", muxclient_terminate);
1.10 djm 1956: exitval = 255;
1957: } else if (!exitval_seen) {
1.1 djm 1958: debug2("Control master terminated unexpectedly");
1.10 djm 1959: exitval = 255;
1.1 djm 1960: } else
1.10 djm 1961: debug2("Received exit status from master %d", exitval);
1.1 djm 1962:
1963: if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
1964: fprintf(stderr, "Shared connection to %s closed.\r\n", host);
1965:
1.10 djm 1966: exit(exitval);
1967: }
1968:
1969: static int
1.62 markus 1970: mux_client_proxy(int fd)
1971: {
1972: Buffer m;
1973: char *e;
1974: u_int type, rid;
1975:
1976: buffer_init(&m);
1977: buffer_put_int(&m, MUX_C_PROXY);
1978: buffer_put_int(&m, muxclient_request_id);
1979: if (mux_client_write_packet(fd, &m) != 0)
1980: fatal("%s: write packet: %s", __func__, strerror(errno));
1981:
1982: buffer_clear(&m);
1983:
1984: /* Read their reply */
1985: if (mux_client_read_packet(fd, &m) != 0) {
1986: buffer_free(&m);
1987: return 0;
1988: }
1989: type = buffer_get_int(&m);
1990: if (type != MUX_S_PROXY) {
1991: e = buffer_get_string(&m, NULL);
1992: fatal("%s: master returned error: %s", __func__, e);
1993: }
1994: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1995: fatal("%s: out of sequence reply: my id %u theirs %u",
1996: __func__, muxclient_request_id, rid);
1997: buffer_free(&m);
1998:
1999: debug3("%s: done", __func__);
2000: muxclient_request_id++;
2001: return 0;
2002: }
2003:
2004: static int
1.10 djm 2005: mux_client_request_stdio_fwd(int fd)
2006: {
2007: Buffer m;
2008: char *e;
2009: u_int type, rid, sid;
2010: int devnull;
2011:
2012: debug3("%s: entering", __func__);
2013:
2014: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
2015: error("%s: master alive request failed", __func__);
2016: return -1;
2017: }
2018:
2019: signal(SIGPIPE, SIG_IGN);
2020:
2021: if (stdin_null_flag) {
2022: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
2023: fatal("open(/dev/null): %s", strerror(errno));
2024: if (dup2(devnull, STDIN_FILENO) == -1)
2025: fatal("dup2: %s", strerror(errno));
2026: if (devnull > STDERR_FILENO)
2027: close(devnull);
2028: }
2029:
2030: buffer_init(&m);
2031: buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
2032: buffer_put_int(&m, muxclient_request_id);
2033: buffer_put_cstring(&m, ""); /* reserved */
1.60 dtucker 2034: buffer_put_cstring(&m, options.stdio_forward_host);
2035: buffer_put_int(&m, options.stdio_forward_port);
1.10 djm 2036:
2037: if (mux_client_write_packet(fd, &m) != 0)
2038: fatal("%s: write packet: %s", __func__, strerror(errno));
2039:
2040: /* Send the stdio file descriptors */
2041: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
2042: mm_send_fd(fd, STDOUT_FILENO) == -1)
2043: fatal("%s: send fds failed", __func__);
2044:
1.56 semarie 2045: if (pledge("stdio proc tty", NULL) == -1)
2046: fatal("%s pledge(): %s", __func__, strerror(errno));
2047:
1.10 djm 2048: debug3("%s: stdio forward request sent", __func__);
2049:
2050: /* Read their reply */
2051: buffer_clear(&m);
2052:
2053: if (mux_client_read_packet(fd, &m) != 0) {
2054: error("%s: read from master failed: %s",
2055: __func__, strerror(errno));
2056: buffer_free(&m);
2057: return -1;
2058: }
2059:
2060: type = buffer_get_int(&m);
2061: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
2062: fatal("%s: out of sequence reply: my id %u theirs %u",
2063: __func__, muxclient_request_id, rid);
2064: switch (type) {
2065: case MUX_S_SESSION_OPENED:
2066: sid = buffer_get_int(&m);
2067: debug("%s: master session id: %u", __func__, sid);
2068: break;
2069: case MUX_S_PERMISSION_DENIED:
2070: e = buffer_get_string(&m, NULL);
2071: buffer_free(&m);
1.24 djm 2072: fatal("Master refused stdio forwarding request: %s", e);
1.10 djm 2073: case MUX_S_FAILURE:
2074: e = buffer_get_string(&m, NULL);
2075: buffer_free(&m);
1.48 djm 2076: fatal("Stdio forwarding request failed: %s", e);
1.10 djm 2077: default:
2078: buffer_free(&m);
2079: error("%s: unexpected response from master 0x%08x",
2080: __func__, type);
2081: return -1;
2082: }
2083: muxclient_request_id++;
2084:
2085: signal(SIGHUP, control_client_sighandler);
2086: signal(SIGINT, control_client_sighandler);
2087: signal(SIGTERM, control_client_sighandler);
2088: signal(SIGWINCH, control_client_sigrelay);
2089:
2090: /*
2091: * Stick around until the controlee closes the client_fd.
2092: */
2093: buffer_clear(&m);
2094: if (mux_client_read_packet(fd, &m) != 0) {
2095: if (errno == EPIPE ||
2096: (errno == EINTR && muxclient_terminate != 0))
2097: return 0;
2098: fatal("%s: mux_client_read_packet: %s",
2099: __func__, strerror(errno));
2100: }
2101: fatal("%s: master returned unexpected message %u", __func__, type);
2102: }
2103:
1.25 djm 2104: static void
2105: mux_client_request_stop_listening(int fd)
2106: {
2107: Buffer m;
2108: char *e;
2109: u_int type, rid;
2110:
2111: debug3("%s: entering", __func__);
2112:
2113: buffer_init(&m);
2114: buffer_put_int(&m, MUX_C_STOP_LISTENING);
2115: buffer_put_int(&m, muxclient_request_id);
2116:
2117: if (mux_client_write_packet(fd, &m) != 0)
2118: fatal("%s: write packet: %s", __func__, strerror(errno));
2119:
2120: buffer_clear(&m);
2121:
2122: /* Read their reply */
2123: if (mux_client_read_packet(fd, &m) != 0)
2124: fatal("%s: read from master failed: %s",
2125: __func__, strerror(errno));
2126:
2127: type = buffer_get_int(&m);
2128: if ((rid = buffer_get_int(&m)) != muxclient_request_id)
2129: fatal("%s: out of sequence reply: my id %u theirs %u",
2130: __func__, muxclient_request_id, rid);
2131: switch (type) {
2132: case MUX_S_OK:
2133: break;
2134: case MUX_S_PERMISSION_DENIED:
2135: e = buffer_get_string(&m, NULL);
2136: fatal("Master refused stop listening request: %s", e);
2137: case MUX_S_FAILURE:
2138: e = buffer_get_string(&m, NULL);
2139: fatal("%s: stop listening request failed: %s", __func__, e);
2140: default:
2141: fatal("%s: unexpected response from master 0x%08x",
2142: __func__, type);
2143: }
2144: buffer_free(&m);
2145: muxclient_request_id++;
2146: }
2147:
1.10 djm 2148: /* Multiplex client main loop. */
1.62 markus 2149: int
1.10 djm 2150: muxclient(const char *path)
2151: {
2152: struct sockaddr_un addr;
2153: int sock;
2154: u_int pid;
2155:
2156: if (muxclient_command == 0) {
1.60 dtucker 2157: if (options.stdio_forward_host != NULL)
1.10 djm 2158: muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
2159: else
2160: muxclient_command = SSHMUX_COMMAND_OPEN;
2161: }
2162:
2163: switch (options.control_master) {
2164: case SSHCTL_MASTER_AUTO:
2165: case SSHCTL_MASTER_AUTO_ASK:
2166: debug("auto-mux: Trying existing master");
2167: /* FALLTHROUGH */
2168: case SSHCTL_MASTER_NO:
2169: break;
2170: default:
1.62 markus 2171: return -1;
1.10 djm 2172: }
2173:
2174: memset(&addr, '\0', sizeof(addr));
2175: addr.sun_family = AF_UNIX;
2176:
2177: if (strlcpy(addr.sun_path, path,
2178: sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1.61 dtucker 2179: fatal("ControlPath too long ('%s' >= %u bytes)", path,
2180: (unsigned int)sizeof(addr.sun_path));
1.10 djm 2181:
2182: if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
2183: fatal("%s socket(): %s", __func__, strerror(errno));
2184:
1.64 guenther 2185: if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
1.10 djm 2186: switch (muxclient_command) {
2187: case SSHMUX_COMMAND_OPEN:
2188: case SSHMUX_COMMAND_STDIO_FWD:
2189: break;
2190: default:
2191: fatal("Control socket connect(%.100s): %s", path,
2192: strerror(errno));
2193: }
1.22 djm 2194: if (errno == ECONNREFUSED &&
2195: options.control_master != SSHCTL_MASTER_NO) {
2196: debug("Stale control socket %.100s, unlinking", path);
2197: unlink(path);
2198: } else if (errno == ENOENT) {
1.10 djm 2199: debug("Control socket \"%.100s\" does not exist", path);
1.22 djm 2200: } else {
1.10 djm 2201: error("Control socket connect(%.100s): %s", path,
2202: strerror(errno));
2203: }
2204: close(sock);
1.62 markus 2205: return -1;
1.10 djm 2206: }
2207: set_nonblock(sock);
2208:
2209: if (mux_client_hello_exchange(sock) != 0) {
2210: error("%s: master hello exchange failed", __func__);
2211: close(sock);
1.62 markus 2212: return -1;
1.10 djm 2213: }
2214:
2215: switch (muxclient_command) {
2216: case SSHMUX_COMMAND_ALIVE_CHECK:
2217: if ((pid = mux_client_request_alive(sock)) == 0)
2218: fatal("%s: master alive check failed", __func__);
1.55 djm 2219: fprintf(stderr, "Master running (pid=%u)\r\n", pid);
1.10 djm 2220: exit(0);
2221: case SSHMUX_COMMAND_TERMINATE:
2222: mux_client_request_terminate(sock);
1.63 dtucker 2223: if (options.log_level != SYSLOG_LEVEL_QUIET)
2224: fprintf(stderr, "Exit request sent.\r\n");
1.18 markus 2225: exit(0);
2226: case SSHMUX_COMMAND_FORWARD:
1.30 djm 2227: if (mux_client_forwards(sock, 0) != 0)
1.18 markus 2228: fatal("%s: master forward request failed", __func__);
1.10 djm 2229: exit(0);
2230: case SSHMUX_COMMAND_OPEN:
1.30 djm 2231: if (mux_client_forwards(sock, 0) != 0) {
1.10 djm 2232: error("%s: master forward request failed", __func__);
1.62 markus 2233: return -1;
1.10 djm 2234: }
2235: mux_client_request_session(sock);
1.62 markus 2236: return -1;
1.10 djm 2237: case SSHMUX_COMMAND_STDIO_FWD:
2238: mux_client_request_stdio_fwd(sock);
1.25 djm 2239: exit(0);
2240: case SSHMUX_COMMAND_STOP:
2241: mux_client_request_stop_listening(sock);
1.63 dtucker 2242: if (options.log_level != SYSLOG_LEVEL_QUIET)
2243: fprintf(stderr, "Stop listening request sent.\r\n");
1.30 djm 2244: exit(0);
2245: case SSHMUX_COMMAND_CANCEL_FWD:
2246: if (mux_client_forwards(sock, 1) != 0)
2247: error("%s: master cancel forward request failed",
2248: __func__);
1.10 djm 2249: exit(0);
1.62 markus 2250: case SSHMUX_COMMAND_PROXY:
2251: mux_client_proxy(sock);
2252: return (sock);
1.10 djm 2253: default:
2254: fatal("unrecognised muxclient_command %d", muxclient_command);
2255: }
1.1 djm 2256: }