Annotation of src/usr.bin/ssh/mux.c, Revision 1.78
1.78 ! djm 1: /* $OpenBSD: mux.c,v 1.77 2018/09/26 07:32:44 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: /* ssh session multiplexing support */
1.2 djm 19:
1.1 djm 20: #include <sys/types.h>
21: #include <sys/queue.h>
22: #include <sys/stat.h>
23: #include <sys/socket.h>
24: #include <sys/un.h>
25:
26: #include <errno.h>
27: #include <fcntl.h>
1.10 djm 28: #include <poll.h>
1.1 djm 29: #include <signal.h>
30: #include <stdarg.h>
31: #include <stddef.h>
32: #include <stdlib.h>
33: #include <stdio.h>
34: #include <string.h>
35: #include <unistd.h>
36: #include <util.h>
37: #include <paths.h>
38:
1.10 djm 39: #include "atomicio.h"
1.1 djm 40: #include "xmalloc.h"
41: #include "log.h"
42: #include "ssh.h"
1.18 markus 43: #include "ssh2.h"
1.1 djm 44: #include "pathnames.h"
45: #include "misc.h"
46: #include "match.h"
1.73 markus 47: #include "sshbuf.h"
1.1 djm 48: #include "channels.h"
49: #include "msg.h"
50: #include "packet.h"
51: #include "monitor_fdpass.h"
52: #include "sshpty.h"
1.74 markus 53: #include "sshkey.h"
1.1 djm 54: #include "readconf.h"
55: #include "clientloop.h"
1.62 markus 56: #include "ssherr.h"
1.78 ! djm 57:
! 58: #include "opacket.h" /* XXX */
! 59: extern struct ssh *active_state; /* XXX */
1.1 djm 60:
61: /* from ssh.c */
62: extern int tty_flag;
63: extern Options options;
64: extern int stdin_null_flag;
65: extern char *host;
1.8 dtucker 66: extern int subsystem_flag;
1.72 markus 67: extern struct sshbuf *command;
1.10 djm 68: extern volatile sig_atomic_t quit_pending;
1.1 djm 69:
1.2 djm 70: /* Context for session open confirmation callback */
71: struct mux_session_confirm_ctx {
1.10 djm 72: u_int want_tty;
73: u_int want_subsys;
74: u_int want_x_fwd;
75: u_int want_agent_fwd;
1.73 markus 76: struct sshbuf *cmd;
1.2 djm 77: char *term;
78: struct termios tio;
79: char **env;
1.17 djm 80: u_int rid;
1.2 djm 81: };
82:
1.48 djm 83: /* Context for stdio fwd open confirmation callback */
84: struct mux_stdio_confirm_ctx {
85: u_int rid;
86: };
87:
1.18 markus 88: /* Context for global channel callback */
89: struct mux_channel_confirm_ctx {
90: u_int cid; /* channel id */
91: u_int rid; /* request id */
92: int fid; /* forward id */
93: };
94:
1.1 djm 95: /* fd to control socket */
96: int muxserver_sock = -1;
97:
1.10 djm 98: /* client request id */
99: u_int muxclient_request_id = 0;
100:
1.1 djm 101: /* Multiplexing control command */
102: u_int muxclient_command = 0;
103:
104: /* Set when signalled. */
105: static volatile sig_atomic_t muxclient_terminate = 0;
106:
107: /* PID of multiplex server */
108: static u_int muxserver_pid = 0;
109:
1.10 djm 110: static Channel *mux_listener_channel = NULL;
111:
112: struct mux_master_state {
113: int hello_rcvd;
114: };
1.1 djm 115:
1.10 djm 116: /* mux protocol messages */
117: #define MUX_MSG_HELLO 0x00000001
118: #define MUX_C_NEW_SESSION 0x10000002
119: #define MUX_C_ALIVE_CHECK 0x10000004
120: #define MUX_C_TERMINATE 0x10000005
121: #define MUX_C_OPEN_FWD 0x10000006
122: #define MUX_C_CLOSE_FWD 0x10000007
123: #define MUX_C_NEW_STDIO_FWD 0x10000008
1.25 djm 124: #define MUX_C_STOP_LISTENING 0x10000009
1.62 markus 125: #define MUX_C_PROXY 0x1000000f
1.10 djm 126: #define MUX_S_OK 0x80000001
127: #define MUX_S_PERMISSION_DENIED 0x80000002
128: #define MUX_S_FAILURE 0x80000003
129: #define MUX_S_EXIT_MESSAGE 0x80000004
130: #define MUX_S_ALIVE 0x80000005
131: #define MUX_S_SESSION_OPENED 0x80000006
1.18 markus 132: #define MUX_S_REMOTE_PORT 0x80000007
1.28 djm 133: #define MUX_S_TTY_ALLOC_FAIL 0x80000008
1.62 markus 134: #define MUX_S_PROXY 0x8000000f
1.10 djm 135:
136: /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
137: #define MUX_FWD_LOCAL 1
138: #define MUX_FWD_REMOTE 2
139: #define MUX_FWD_DYNAMIC 3
140:
1.66 djm 141: static void mux_session_confirm(struct ssh *, int, int, void *);
142: static void mux_stdio_confirm(struct ssh *, int, int, void *);
1.10 djm 143:
1.76 djm 144: static int mux_master_process_hello(struct ssh *, u_int,
1.66 djm 145: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 146: static int mux_master_process_new_session(struct ssh *, u_int,
1.66 djm 147: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 148: static int mux_master_process_alive_check(struct ssh *, u_int,
1.66 djm 149: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 150: static int mux_master_process_terminate(struct ssh *, u_int,
1.66 djm 151: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 152: static int mux_master_process_open_fwd(struct ssh *, u_int,
1.66 djm 153: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 154: static int mux_master_process_close_fwd(struct ssh *, u_int,
1.66 djm 155: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 156: static int mux_master_process_stdio_fwd(struct ssh *, u_int,
1.66 djm 157: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 158: static int mux_master_process_stop_listening(struct ssh *, u_int,
1.66 djm 159: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 160: static int mux_master_process_proxy(struct ssh *, u_int,
1.66 djm 161: Channel *, struct sshbuf *, struct sshbuf *);
1.10 djm 162:
163: static const struct {
164: u_int type;
1.66 djm 165: int (*handler)(struct ssh *, u_int, Channel *,
166: struct sshbuf *, struct sshbuf *);
1.10 djm 167: } mux_master_handlers[] = {
1.76 djm 168: { MUX_MSG_HELLO, mux_master_process_hello },
169: { MUX_C_NEW_SESSION, mux_master_process_new_session },
170: { MUX_C_ALIVE_CHECK, mux_master_process_alive_check },
171: { MUX_C_TERMINATE, mux_master_process_terminate },
172: { MUX_C_OPEN_FWD, mux_master_process_open_fwd },
173: { MUX_C_CLOSE_FWD, mux_master_process_close_fwd },
174: { MUX_C_NEW_STDIO_FWD, mux_master_process_stdio_fwd },
175: { MUX_C_STOP_LISTENING, mux_master_process_stop_listening },
176: { MUX_C_PROXY, mux_master_process_proxy },
1.10 djm 177: { 0, NULL }
178: };
1.1 djm 179:
1.10 djm 180: /* Cleanup callback fired on closure of mux slave _session_ channel */
181: /* ARGSUSED */
1.42 dtucker 182: static void
1.66 djm 183: mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused)
1.1 djm 184: {
1.66 djm 185: Channel *cc, *c = channel_by_id(ssh, cid);
1.1 djm 186:
1.10 djm 187: debug3("%s: entering for channel %d", __func__, cid);
188: if (c == NULL)
189: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
190: if (c->ctl_chan != -1) {
1.66 djm 191: if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.10 djm 192: fatal("%s: channel %d missing control channel %d",
193: __func__, c->self, c->ctl_chan);
194: c->ctl_chan = -1;
1.67 djm 195: cc->remote_id = 0;
196: cc->have_remote_id = 0;
1.66 djm 197: chan_rcvd_oclose(ssh, cc);
1.1 djm 198: }
1.66 djm 199: channel_cancel_cleanup(ssh, c->self);
1.1 djm 200: }
201:
1.10 djm 202: /* Cleanup callback fired on closure of mux slave _control_ channel */
203: /* ARGSUSED */
1.1 djm 204: static void
1.66 djm 205: mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused)
1.1 djm 206: {
1.66 djm 207: Channel *sc, *c = channel_by_id(ssh, cid);
1.1 djm 208:
1.10 djm 209: debug3("%s: entering for channel %d", __func__, cid);
210: if (c == NULL)
211: fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
1.67 djm 212: if (c->have_remote_id) {
1.66 djm 213: if ((sc = channel_by_id(ssh, c->remote_id)) == NULL)
1.67 djm 214: fatal("%s: channel %d missing session channel %u",
1.10 djm 215: __func__, c->self, c->remote_id);
1.67 djm 216: c->remote_id = 0;
217: c->have_remote_id = 0;
1.10 djm 218: sc->ctl_chan = -1;
1.39 djm 219: if (sc->type != SSH_CHANNEL_OPEN &&
220: sc->type != SSH_CHANNEL_OPENING) {
1.12 djm 221: debug2("%s: channel %d: not open", __func__, sc->self);
1.66 djm 222: chan_mark_dead(ssh, sc);
1.12 djm 223: } else {
1.14 djm 224: if (sc->istate == CHAN_INPUT_OPEN)
1.66 djm 225: chan_read_failed(ssh, sc);
1.14 djm 226: if (sc->ostate == CHAN_OUTPUT_OPEN)
1.66 djm 227: chan_write_failed(ssh, sc);
1.12 djm 228: }
1.1 djm 229: }
1.66 djm 230: channel_cancel_cleanup(ssh, c->self);
1.1 djm 231: }
232:
1.10 djm 233: /* Check mux client environment variables before passing them to mux master. */
234: static int
235: env_permitted(char *env)
1.1 djm 236: {
1.10 djm 237: int i, ret;
238: char name[1024], *cp;
1.1 djm 239:
1.10 djm 240: if ((cp = strchr(env, '=')) == NULL || cp == env)
1.1 djm 241: return 0;
1.10 djm 242: ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
243: if (ret <= 0 || (size_t)ret >= sizeof(name)) {
1.76 djm 244: error("%s: name '%.100s...' too long", __func__, env);
1.1 djm 245: return 0;
246: }
247:
1.10 djm 248: for (i = 0; i < options.num_send_env; i++)
249: if (match_pattern(name, options.send_env[i]))
250: return 1;
1.1 djm 251:
1.10 djm 252: return 0;
253: }
1.1 djm 254:
1.10 djm 255: /* Mux master protocol message handlers */
1.1 djm 256:
1.10 djm 257: static int
1.76 djm 258: mux_master_process_hello(struct ssh *ssh, u_int rid,
1.73 markus 259: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 260: {
261: u_int ver;
262: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1.73 markus 263: int r;
1.1 djm 264:
1.10 djm 265: if (state == NULL)
266: fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
267: if (state->hello_rcvd) {
268: error("%s: HELLO received twice", __func__);
269: return -1;
270: }
1.73 markus 271: if ((r = sshbuf_get_u32(m, &ver)) != 0) {
272: error("%s: malformed message: %s", __func__, ssh_err(r));
1.10 djm 273: return -1;
274: }
275: if (ver != SSHMUX_VER) {
1.76 djm 276: error("%s: unsupported multiplexing protocol version %u "
277: "(expected %u)", __func__, ver, SSHMUX_VER);
1.10 djm 278: return -1;
279: }
280: debug2("%s: channel %d slave version %u", __func__, c->self, ver);
281:
282: /* No extensions are presently defined */
1.73 markus 283: while (sshbuf_len(m) > 0) {
284: char *name = NULL;
1.76 djm 285: size_t value_len = 0;
1.73 markus 286:
287: if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 ||
1.76 djm 288: (r = sshbuf_get_string_direct(m, NULL, &value_len)) != 0) {
1.73 markus 289: error("%s: malformed extension: %s",
290: __func__, ssh_err(r));
291: return -1;
1.1 djm 292: }
1.76 djm 293: debug2("%s: Unrecognised extension \"%s\" length %zu",
294: __func__, name, value_len);
1.41 djm 295: free(name);
1.1 djm 296: }
1.10 djm 297: state->hello_rcvd = 1;
298: return 0;
299: }
300:
1.73 markus 301: /* Enqueue a "ok" response to the reply buffer */
302: static void
303: reply_ok(struct sshbuf *reply, u_int rid)
304: {
305: int r;
306:
307: if ((r = sshbuf_put_u32(reply, MUX_S_OK)) != 0 ||
308: (r = sshbuf_put_u32(reply, rid)) != 0)
309: fatal("%s: reply: %s", __func__, ssh_err(r));
310: }
311:
312: /* Enqueue an error response to the reply buffer */
313: static void
314: reply_error(struct sshbuf *reply, u_int type, u_int rid, const char *msg)
315: {
316: int r;
317:
318: if ((r = sshbuf_put_u32(reply, type)) != 0 ||
319: (r = sshbuf_put_u32(reply, rid)) != 0 ||
320: (r = sshbuf_put_cstring(reply, msg)) != 0)
321: fatal("%s: reply: %s", __func__, ssh_err(r));
322: }
323:
1.10 djm 324: static int
1.76 djm 325: mux_master_process_new_session(struct ssh *ssh, u_int rid,
1.73 markus 326: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 327: {
328: Channel *nc;
329: struct mux_session_confirm_ctx *cctx;
1.73 markus 330: char *cmd, *cp;
331: u_int i, j, env_len, escape_char, window, packetmax;
332: int r, new_fd[3];
1.1 djm 333:
334: /* Reply for SSHMUX_COMMAND_OPEN */
1.10 djm 335: cctx = xcalloc(1, sizeof(*cctx));
336: cctx->term = NULL;
1.17 djm 337: cctx->rid = rid;
1.73 markus 338: cmd = NULL;
1.36 djm 339: cctx->env = NULL;
340: env_len = 0;
1.73 markus 341: if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
342: (r = sshbuf_get_u32(m, &cctx->want_tty)) != 0 ||
343: (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 ||
344: (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 ||
345: (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 ||
346: (r = sshbuf_get_u32(m, &escape_char)) != 0 ||
347: (r = sshbuf_get_cstring(m, &cctx->term, NULL)) != 0 ||
348: (r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) {
1.10 djm 349: malf:
1.41 djm 350: free(cmd);
1.36 djm 351: for (j = 0; j < env_len; j++)
1.41 djm 352: free(cctx->env[j]);
353: free(cctx->env);
354: free(cctx->term);
355: free(cctx);
1.10 djm 356: error("%s: malformed message", __func__);
357: return -1;
1.1 djm 358: }
359:
1.10 djm 360: #define MUX_MAX_ENV_VARS 4096
1.73 markus 361: while (sshbuf_len(m) > 0) {
362: if ((r = sshbuf_get_cstring(m, &cp, NULL)) != 0)
1.10 djm 363: goto malf;
364: if (!env_permitted(cp)) {
1.41 djm 365: free(cp);
1.10 djm 366: continue;
367: }
1.51 deraadt 368: cctx->env = xreallocarray(cctx->env, env_len + 2,
1.10 djm 369: sizeof(*cctx->env));
370: cctx->env[env_len++] = cp;
371: cctx->env[env_len] = NULL;
372: if (env_len > MUX_MAX_ENV_VARS) {
1.76 djm 373: error("%s: >%d environment variables received, "
374: "ignoring additional", __func__, MUX_MAX_ENV_VARS);
1.10 djm 375: break;
376: }
1.1 djm 377: }
378:
1.10 djm 379: debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
380: "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
381: cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
382: cctx->want_subsys, cctx->term, cmd, env_len);
1.1 djm 383:
1.73 markus 384: if ((cctx->cmd = sshbuf_new()) == NULL)
385: fatal("%s: sshbuf_new", __func__);
386: if ((r = sshbuf_put(cctx->cmd, cmd, strlen(cmd))) != 0)
387: fatal("%s: sshbuf_put: %s", __func__, ssh_err(r));
1.41 djm 388: free(cmd);
1.11 djm 389: cmd = NULL;
1.1 djm 390:
391: /* Gather fds from client */
392: for(i = 0; i < 3; i++) {
1.10 djm 393: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
1.1 djm 394: error("%s: failed to receive fd %d from slave",
395: __func__, i);
396: for (j = 0; j < i; j++)
397: close(new_fd[j]);
398: for (j = 0; j < env_len; j++)
1.41 djm 399: free(cctx->env[j]);
400: free(cctx->env);
401: free(cctx->term);
1.73 markus 402: sshbuf_free(cctx->cmd);
1.41 djm 403: free(cctx);
1.73 markus 404: reply_error(reply, MUX_S_FAILURE, rid,
1.10 djm 405: "did not receive file descriptors");
406: return -1;
1.1 djm 407: }
408: }
409:
1.10 djm 410: debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
1.1 djm 411: new_fd[0], new_fd[1], new_fd[2]);
412:
1.10 djm 413: /* XXX support multiple child sessions in future */
1.67 djm 414: if (c->have_remote_id) {
1.10 djm 415: debug2("%s: session already open", __func__);
1.73 markus 416: reply_error(reply, MUX_S_FAILURE, rid,
417: "Multiple sessions not supported");
1.10 djm 418: cleanup:
1.1 djm 419: close(new_fd[0]);
420: close(new_fd[1]);
421: close(new_fd[2]);
1.41 djm 422: free(cctx->term);
1.1 djm 423: if (env_len != 0) {
424: for (i = 0; i < env_len; i++)
1.41 djm 425: free(cctx->env[i]);
426: free(cctx->env);
1.1 djm 427: }
1.73 markus 428: sshbuf_free(cctx->cmd);
1.41 djm 429: free(cctx);
1.1 djm 430: return 0;
431: }
1.10 djm 432:
433: if (options.control_master == SSHCTL_MASTER_ASK ||
434: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
435: if (!ask_permission("Allow shared connection to %s? ", host)) {
436: debug2("%s: session refused by user", __func__);
1.73 markus 437: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
438: "Permission denied");
1.10 djm 439: goto cleanup;
440: }
441: }
442:
443: /* Try to pick up ttymodes from client before it goes raw */
444: if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
445: error("%s: tcgetattr: %s", __func__, strerror(errno));
1.1 djm 446:
447: /* enable nonblocking unless tty */
448: if (!isatty(new_fd[0]))
449: set_nonblock(new_fd[0]);
450: if (!isatty(new_fd[1]))
451: set_nonblock(new_fd[1]);
452: if (!isatty(new_fd[2]))
453: set_nonblock(new_fd[2]);
454:
455: window = CHAN_SES_WINDOW_DEFAULT;
456: packetmax = CHAN_SES_PACKET_DEFAULT;
457: if (cctx->want_tty) {
458: window >>= 1;
459: packetmax >>= 1;
460: }
1.10 djm 461:
1.66 djm 462: nc = channel_new(ssh, "session", SSH_CHANNEL_OPENING,
1.1 djm 463: new_fd[0], new_fd[1], new_fd[2], window, packetmax,
464: CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
465:
1.10 djm 466: nc->ctl_chan = c->self; /* link session -> control channel */
467: c->remote_id = nc->self; /* link control -> session channel */
1.67 djm 468: c->have_remote_id = 1;
1.10 djm 469:
1.2 djm 470: if (cctx->want_tty && escape_char != 0xffffffff) {
1.66 djm 471: channel_register_filter(ssh, nc->self,
1.2 djm 472: client_simple_escape_filter, NULL,
1.4 djm 473: client_filter_cleanup,
1.2 djm 474: client_new_escape_filter_ctx((int)escape_char));
475: }
1.1 djm 476:
1.10 djm 477: debug2("%s: channel_new: %d linked to control channel %d",
478: __func__, nc->self, nc->ctl_chan);
479:
1.66 djm 480: channel_send_open(ssh, nc->self);
481: channel_register_open_confirm(ssh, nc->self, mux_session_confirm, cctx);
1.17 djm 482: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1.66 djm 483: channel_register_cleanup(ssh, nc->self,
484: mux_master_session_cleanup_cb, 1);
1.10 djm 485:
1.17 djm 486: /* reply is deferred, sent by mux_session_confirm */
1.1 djm 487: return 0;
488: }
489:
1.10 djm 490: static int
1.76 djm 491: mux_master_process_alive_check(struct ssh *ssh, u_int rid,
1.73 markus 492: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.1 djm 493: {
1.73 markus 494: int r;
495:
1.10 djm 496: debug2("%s: channel %d: alive check", __func__, c->self);
1.1 djm 497:
1.10 djm 498: /* prepare reply */
1.73 markus 499: if ((r = sshbuf_put_u32(reply, MUX_S_ALIVE)) != 0 ||
500: (r = sshbuf_put_u32(reply, rid)) != 0 ||
501: (r = sshbuf_put_u32(reply, (u_int)getpid())) != 0)
502: fatal("%s: reply: %s", __func__, ssh_err(r));
1.1 djm 503:
1.10 djm 504: return 0;
1.1 djm 505: }
506:
507: static int
1.76 djm 508: mux_master_process_terminate(struct ssh *ssh, u_int rid,
1.73 markus 509: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.1 djm 510: {
1.10 djm 511: debug2("%s: channel %d: terminate request", __func__, c->self);
1.1 djm 512:
1.10 djm 513: if (options.control_master == SSHCTL_MASTER_ASK ||
514: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
515: if (!ask_permission("Terminate shared connection to %s? ",
516: host)) {
517: debug2("%s: termination refused by user", __func__);
1.73 markus 518: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
519: "Permission denied");
1.10 djm 520: return 0;
521: }
522: }
1.1 djm 523:
1.10 djm 524: quit_pending = 1;
1.73 markus 525: reply_ok(reply, rid);
1.10 djm 526: /* XXX exit happens too soon - message never makes it to client */
527: return 0;
1.1 djm 528: }
529:
1.10 djm 530: static char *
1.46 millert 531: format_forward(u_int ftype, struct Forward *fwd)
1.1 djm 532: {
1.10 djm 533: char *ret;
1.1 djm 534:
1.10 djm 535: switch (ftype) {
536: case MUX_FWD_LOCAL:
537: xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
1.46 millert 538: (fwd->listen_path != NULL) ? fwd->listen_path :
1.10 djm 539: (fwd->listen_host == NULL) ?
1.46 millert 540: (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
1.10 djm 541: fwd->listen_host, fwd->listen_port,
1.46 millert 542: (fwd->connect_path != NULL) ? fwd->connect_path :
1.10 djm 543: fwd->connect_host, fwd->connect_port);
544: break;
545: case MUX_FWD_DYNAMIC:
546: xasprintf(&ret, "dynamic forward %.200s:%d -> *",
547: (fwd->listen_host == NULL) ?
1.46 millert 548: (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
1.10 djm 549: fwd->listen_host, fwd->listen_port);
550: break;
551: case MUX_FWD_REMOTE:
552: xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
1.46 millert 553: (fwd->listen_path != NULL) ? fwd->listen_path :
1.10 djm 554: (fwd->listen_host == NULL) ?
555: "LOCALHOST" : fwd->listen_host,
556: fwd->listen_port,
1.46 millert 557: (fwd->connect_path != NULL) ? fwd->connect_path :
1.10 djm 558: fwd->connect_host, fwd->connect_port);
1.1 djm 559: break;
560: default:
1.10 djm 561: fatal("%s: unknown forward type %u", __func__, ftype);
1.1 djm 562: }
1.10 djm 563: return ret;
564: }
1.1 djm 565:
1.10 djm 566: static int
567: compare_host(const char *a, const char *b)
568: {
569: if (a == NULL && b == NULL)
570: return 1;
571: if (a == NULL || b == NULL)
572: return 0;
573: return strcmp(a, b) == 0;
574: }
1.1 djm 575:
1.10 djm 576: static int
1.46 millert 577: compare_forward(struct Forward *a, struct Forward *b)
1.10 djm 578: {
579: if (!compare_host(a->listen_host, b->listen_host))
580: return 0;
1.46 millert 581: if (!compare_host(a->listen_path, b->listen_path))
582: return 0;
1.10 djm 583: if (a->listen_port != b->listen_port)
584: return 0;
585: if (!compare_host(a->connect_host, b->connect_host))
586: return 0;
1.46 millert 587: if (!compare_host(a->connect_path, b->connect_path))
588: return 0;
1.10 djm 589: if (a->connect_port != b->connect_port)
590: return 0;
1.1 djm 591:
1.10 djm 592: return 1;
593: }
1.1 djm 594:
1.18 markus 595: static void
1.66 djm 596: mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
1.18 markus 597: {
598: struct mux_channel_confirm_ctx *fctx = ctxt;
599: char *failmsg = NULL;
1.46 millert 600: struct Forward *rfwd;
1.18 markus 601: Channel *c;
1.73 markus 602: struct sshbuf *out;
603: int r;
1.18 markus 604:
1.66 djm 605: if ((c = channel_by_id(ssh, fctx->cid)) == NULL) {
1.18 markus 606: /* no channel for reply */
607: error("%s: unknown channel", __func__);
608: return;
609: }
1.73 markus 610: if ((out = sshbuf_new()) == NULL)
611: fatal("%s: sshbuf_new", __func__);
1.53 djm 612: if (fctx->fid >= options.num_remote_forwards ||
613: (options.remote_forwards[fctx->fid].connect_path == NULL &&
614: options.remote_forwards[fctx->fid].connect_host == NULL)) {
1.18 markus 615: xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
616: goto fail;
617: }
618: rfwd = &options.remote_forwards[fctx->fid];
619: debug("%s: %s for: listen %d, connect %s:%d", __func__,
620: type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
1.46 millert 621: rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path :
622: rfwd->connect_host, rfwd->connect_port);
1.18 markus 623: if (type == SSH2_MSG_REQUEST_SUCCESS) {
624: if (rfwd->listen_port == 0) {
625: rfwd->allocated_port = packet_get_int();
1.52 djm 626: debug("Allocated port %u for mux remote forward"
1.18 markus 627: " to %s:%d", rfwd->allocated_port,
628: rfwd->connect_host, rfwd->connect_port);
1.73 markus 629: if ((r = sshbuf_put_u32(out,
630: MUX_S_REMOTE_PORT)) != 0 ||
631: (r = sshbuf_put_u32(out, fctx->rid)) != 0 ||
632: (r = sshbuf_put_u32(out,
633: rfwd->allocated_port)) != 0)
634: fatal("%s: reply: %s", __func__, ssh_err(r));
1.70 djm 635: channel_update_permission(ssh, rfwd->handle,
1.31 markus 636: rfwd->allocated_port);
1.18 markus 637: } else {
1.73 markus 638: reply_ok(out, fctx->rid);
1.18 markus 639: }
640: goto out;
641: } else {
1.31 markus 642: if (rfwd->listen_port == 0)
1.70 djm 643: channel_update_permission(ssh, rfwd->handle, -1);
1.46 millert 644: if (rfwd->listen_path != NULL)
645: xasprintf(&failmsg, "remote port forwarding failed for "
646: "listen path %s", rfwd->listen_path);
647: else
648: xasprintf(&failmsg, "remote port forwarding failed for "
649: "listen port %d", rfwd->listen_port);
1.53 djm 650:
651: debug2("%s: clearing registered forwarding for listen %d, "
652: "connect %s:%d", __func__, rfwd->listen_port,
653: rfwd->connect_path ? rfwd->connect_path :
654: rfwd->connect_host, rfwd->connect_port);
655:
656: free(rfwd->listen_host);
657: free(rfwd->listen_path);
658: free(rfwd->connect_host);
659: free(rfwd->connect_path);
660: memset(rfwd, 0, sizeof(*rfwd));
1.18 markus 661: }
662: fail:
663: error("%s: %s", __func__, failmsg);
1.73 markus 664: reply_error(out, MUX_S_FAILURE, fctx->rid, failmsg);
1.41 djm 665: free(failmsg);
1.18 markus 666: out:
1.73 markus 667: if ((r = sshbuf_put_stringb(c->output, out)) != 0)
668: fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
669: sshbuf_free(out);
1.18 markus 670: if (c->mux_pause <= 0)
671: fatal("%s: mux_pause %d", __func__, c->mux_pause);
672: c->mux_pause = 0; /* start processing messages again */
673: }
674:
1.10 djm 675: static int
1.76 djm 676: mux_master_process_open_fwd(struct ssh *ssh, u_int rid,
1.73 markus 677: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 678: {
1.46 millert 679: struct Forward fwd;
1.10 djm 680: char *fwd_desc = NULL;
1.46 millert 681: char *listen_addr, *connect_addr;
1.10 djm 682: u_int ftype;
1.44 djm 683: u_int lport, cport;
1.73 markus 684: int r, i, ret = 0, freefwd = 1;
1.10 djm 685:
1.54 djm 686: memset(&fwd, 0, sizeof(fwd));
687:
1.46 millert 688: /* XXX - lport/cport check redundant */
1.73 markus 689: if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
690: (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
691: (r = sshbuf_get_u32(m, &lport)) != 0 ||
692: (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
693: (r = sshbuf_get_u32(m, &cport)) != 0 ||
1.46 millert 694: (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
695: (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
1.10 djm 696: error("%s: malformed message", __func__);
697: ret = -1;
698: goto out;
699: }
1.46 millert 700: if (*listen_addr == '\0') {
701: free(listen_addr);
702: listen_addr = NULL;
703: }
704: if (*connect_addr == '\0') {
705: free(connect_addr);
706: connect_addr = NULL;
707: }
708:
709: memset(&fwd, 0, sizeof(fwd));
1.44 djm 710: fwd.listen_port = lport;
1.46 millert 711: if (fwd.listen_port == PORT_STREAMLOCAL)
712: fwd.listen_path = listen_addr;
713: else
714: fwd.listen_host = listen_addr;
1.44 djm 715: fwd.connect_port = cport;
1.46 millert 716: if (fwd.connect_port == PORT_STREAMLOCAL)
717: fwd.connect_path = connect_addr;
718: else
719: fwd.connect_host = connect_addr;
1.10 djm 720:
721: debug2("%s: channel %d: request %s", __func__, c->self,
722: (fwd_desc = format_forward(ftype, &fwd)));
723:
724: if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
725: ftype != MUX_FWD_DYNAMIC) {
726: logit("%s: invalid forwarding type %u", __func__, ftype);
727: invalid:
1.46 millert 728: free(listen_addr);
729: free(connect_addr);
1.73 markus 730: reply_error(reply, MUX_S_FAILURE, rid,
731: "Invalid forwarding request");
1.10 djm 732: return 0;
733: }
1.46 millert 734: if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) {
735: logit("%s: streamlocal and dynamic forwards "
736: "are mutually exclusive", __func__);
737: goto invalid;
738: }
739: if (fwd.listen_port != PORT_STREAMLOCAL && fwd.listen_port >= 65536) {
1.10 djm 740: logit("%s: invalid listen port %u", __func__,
741: fwd.listen_port);
742: goto invalid;
743: }
1.66 djm 744: if ((fwd.connect_port != PORT_STREAMLOCAL &&
745: fwd.connect_port >= 65536) ||
746: (ftype != MUX_FWD_DYNAMIC && ftype != MUX_FWD_REMOTE &&
747: fwd.connect_port == 0)) {
1.10 djm 748: logit("%s: invalid connect port %u", __func__,
749: fwd.connect_port);
750: goto invalid;
751: }
1.66 djm 752: if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL &&
753: fwd.connect_path == NULL) {
1.10 djm 754: logit("%s: missing connect host", __func__);
755: goto invalid;
756: }
757:
758: /* Skip forwards that have already been requested */
759: switch (ftype) {
760: case MUX_FWD_LOCAL:
761: case MUX_FWD_DYNAMIC:
762: for (i = 0; i < options.num_local_forwards; i++) {
763: if (compare_forward(&fwd,
764: options.local_forwards + i)) {
765: exists:
766: debug2("%s: found existing forwarding",
767: __func__);
1.73 markus 768: reply_ok(reply, rid);
1.10 djm 769: goto out;
770: }
771: }
772: break;
773: case MUX_FWD_REMOTE:
774: for (i = 0; i < options.num_remote_forwards; i++) {
1.73 markus 775: if (!compare_forward(&fwd, options.remote_forwards + i))
776: continue;
777: if (fwd.listen_port != 0)
778: goto exists;
779: debug2("%s: found allocated port", __func__);
780: if ((r = sshbuf_put_u32(reply,
781: MUX_S_REMOTE_PORT)) != 0 ||
782: (r = sshbuf_put_u32(reply, rid)) != 0 ||
783: (r = sshbuf_put_u32(reply,
784: options.remote_forwards[i].allocated_port)) != 0)
785: fatal("%s: reply: %s", __func__, ssh_err(r));
786: goto out;
1.10 djm 787: }
788: break;
789: }
790:
791: if (options.control_master == SSHCTL_MASTER_ASK ||
792: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
793: if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
794: debug2("%s: forwarding refused by user", __func__);
1.73 markus 795: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
796: "Permission denied");
1.10 djm 797: goto out;
798: }
799: }
800:
801: if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
1.66 djm 802: if (!channel_setup_local_fwd_listener(ssh, &fwd,
1.46 millert 803: &options.fwd_opts)) {
1.10 djm 804: fail:
1.76 djm 805: logit("%s: requested %s failed", __func__, fwd_desc);
1.73 markus 806: reply_error(reply, MUX_S_FAILURE, rid,
807: "Port forwarding failed");
1.10 djm 808: goto out;
809: }
810: add_local_forward(&options, &fwd);
811: freefwd = 0;
812: } else {
1.18 markus 813: struct mux_channel_confirm_ctx *fctx;
814:
1.66 djm 815: fwd.handle = channel_request_remote_forwarding(ssh, &fwd);
1.31 markus 816: if (fwd.handle < 0)
1.10 djm 817: goto fail;
818: add_remote_forward(&options, &fwd);
1.18 markus 819: fctx = xcalloc(1, sizeof(*fctx));
820: fctx->cid = c->self;
821: fctx->rid = rid;
1.20 djm 822: fctx->fid = options.num_remote_forwards - 1;
1.18 markus 823: client_register_global_confirm(mux_confirm_remote_forward,
824: fctx);
1.10 djm 825: freefwd = 0;
1.18 markus 826: c->mux_pause = 1; /* wait for mux_confirm_remote_forward */
827: /* delayed reply in mux_confirm_remote_forward */
828: goto out;
1.10 djm 829: }
1.73 markus 830: reply_ok(reply, rid);
1.10 djm 831: out:
1.41 djm 832: free(fwd_desc);
1.10 djm 833: if (freefwd) {
1.41 djm 834: free(fwd.listen_host);
1.46 millert 835: free(fwd.listen_path);
1.41 djm 836: free(fwd.connect_host);
1.46 millert 837: free(fwd.connect_path);
1.10 djm 838: }
839: return ret;
840: }
841:
842: static int
1.76 djm 843: mux_master_process_close_fwd(struct ssh *ssh, u_int rid,
1.73 markus 844: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 845: {
1.46 millert 846: struct Forward fwd, *found_fwd;
1.10 djm 847: char *fwd_desc = NULL;
1.30 djm 848: const char *error_reason = NULL;
1.46 millert 849: char *listen_addr = NULL, *connect_addr = NULL;
1.10 djm 850: u_int ftype;
1.73 markus 851: int r, i, ret = 0;
1.44 djm 852: u_int lport, cport;
1.54 djm 853:
854: memset(&fwd, 0, sizeof(fwd));
1.10 djm 855:
1.73 markus 856: if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
857: (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
858: (r = sshbuf_get_u32(m, &lport)) != 0 ||
859: (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
860: (r = sshbuf_get_u32(m, &cport)) != 0 ||
1.46 millert 861: (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
862: (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
1.10 djm 863: error("%s: malformed message", __func__);
864: ret = -1;
865: goto out;
866: }
867:
1.46 millert 868: if (*listen_addr == '\0') {
869: free(listen_addr);
870: listen_addr = NULL;
1.10 djm 871: }
1.46 millert 872: if (*connect_addr == '\0') {
873: free(connect_addr);
874: connect_addr = NULL;
1.10 djm 875: }
876:
1.46 millert 877: memset(&fwd, 0, sizeof(fwd));
878: fwd.listen_port = lport;
879: if (fwd.listen_port == PORT_STREAMLOCAL)
880: fwd.listen_path = listen_addr;
881: else
882: fwd.listen_host = listen_addr;
883: fwd.connect_port = cport;
884: if (fwd.connect_port == PORT_STREAMLOCAL)
885: fwd.connect_path = connect_addr;
886: else
887: fwd.connect_host = connect_addr;
888:
1.30 djm 889: debug2("%s: channel %d: request cancel %s", __func__, c->self,
1.10 djm 890: (fwd_desc = format_forward(ftype, &fwd)));
891:
1.30 djm 892: /* make sure this has been requested */
893: found_fwd = NULL;
894: switch (ftype) {
895: case MUX_FWD_LOCAL:
896: case MUX_FWD_DYNAMIC:
897: for (i = 0; i < options.num_local_forwards; i++) {
898: if (compare_forward(&fwd,
899: options.local_forwards + i)) {
900: found_fwd = options.local_forwards + i;
901: break;
902: }
903: }
904: break;
905: case MUX_FWD_REMOTE:
906: for (i = 0; i < options.num_remote_forwards; i++) {
907: if (compare_forward(&fwd,
908: options.remote_forwards + i)) {
909: found_fwd = options.remote_forwards + i;
910: break;
911: }
912: }
913: break;
914: }
915:
916: if (found_fwd == NULL)
917: error_reason = "port not forwarded";
918: else if (ftype == MUX_FWD_REMOTE) {
919: /*
920: * This shouldn't fail unless we confused the host/port
921: * between options.remote_forwards and permitted_opens.
1.31 markus 922: * However, for dynamic allocated listen ports we need
1.46 millert 923: * to use the actual listen port.
1.30 djm 924: */
1.66 djm 925: if (channel_request_rforward_cancel(ssh, found_fwd) == -1)
1.30 djm 926: error_reason = "port not in permitted opens";
927: } else { /* local and dynamic forwards */
928: /* Ditto */
1.66 djm 929: if (channel_cancel_lport_listener(ssh, &fwd, fwd.connect_port,
1.46 millert 930: &options.fwd_opts) == -1)
1.30 djm 931: error_reason = "port not found";
932: }
933:
1.73 markus 934: if (error_reason != NULL)
935: reply_error(reply, MUX_S_FAILURE, rid, error_reason);
936: else {
937: reply_ok(reply, rid);
1.41 djm 938: free(found_fwd->listen_host);
1.46 millert 939: free(found_fwd->listen_path);
1.41 djm 940: free(found_fwd->connect_host);
1.46 millert 941: free(found_fwd->connect_path);
1.30 djm 942: found_fwd->listen_host = found_fwd->connect_host = NULL;
1.46 millert 943: found_fwd->listen_path = found_fwd->connect_path = NULL;
1.30 djm 944: found_fwd->listen_port = found_fwd->connect_port = 0;
945: }
1.10 djm 946: out:
1.41 djm 947: free(fwd_desc);
1.46 millert 948: free(listen_addr);
949: free(connect_addr);
1.10 djm 950:
951: return ret;
952: }
953:
954: static int
1.76 djm 955: mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid,
1.73 markus 956: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 957: {
958: Channel *nc;
1.73 markus 959: char *chost = NULL;
1.10 djm 960: u_int cport, i, j;
1.73 markus 961: int r, new_fd[2];
1.48 djm 962: struct mux_stdio_confirm_ctx *cctx;
1.10 djm 963:
1.73 markus 964: if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
965: (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
966: (r = sshbuf_get_u32(m, &cport)) != 0) {
1.41 djm 967: free(chost);
1.10 djm 968: error("%s: malformed message", __func__);
969: return -1;
970: }
971:
972: debug2("%s: channel %d: request stdio fwd to %s:%u",
973: __func__, c->self, chost, cport);
974:
975: /* Gather fds from client */
976: for(i = 0; i < 2; i++) {
977: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
978: error("%s: failed to receive fd %d from slave",
979: __func__, i);
980: for (j = 0; j < i; j++)
981: close(new_fd[j]);
1.41 djm 982: free(chost);
1.10 djm 983:
984: /* prepare reply */
1.73 markus 985: reply_error(reply, MUX_S_FAILURE, rid,
1.10 djm 986: "did not receive file descriptors");
987: return -1;
988: }
989: }
990:
991: debug3("%s: got fds stdin %d, stdout %d", __func__,
992: new_fd[0], new_fd[1]);
993:
994: /* XXX support multiple child sessions in future */
1.67 djm 995: if (c->have_remote_id) {
1.10 djm 996: debug2("%s: session already open", __func__);
1.73 markus 997: reply_error(reply, MUX_S_FAILURE, rid,
998: "Multiple sessions not supported");
1.10 djm 999: cleanup:
1000: close(new_fd[0]);
1001: close(new_fd[1]);
1.41 djm 1002: free(chost);
1.10 djm 1003: return 0;
1004: }
1005:
1006: if (options.control_master == SSHCTL_MASTER_ASK ||
1007: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
1.23 dtucker 1008: if (!ask_permission("Allow forward to %s:%u? ",
1.10 djm 1009: chost, cport)) {
1010: debug2("%s: stdio fwd refused by user", __func__);
1.73 markus 1011: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
1012: "Permission denied");
1.10 djm 1013: goto cleanup;
1014: }
1015: }
1016:
1017: /* enable nonblocking unless tty */
1018: if (!isatty(new_fd[0]))
1019: set_nonblock(new_fd[0]);
1020: if (!isatty(new_fd[1]))
1021: set_nonblock(new_fd[1]);
1022:
1.66 djm 1023: nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1]);
1.75 djm 1024: free(chost);
1.10 djm 1025:
1026: nc->ctl_chan = c->self; /* link session -> control channel */
1027: c->remote_id = nc->self; /* link control -> session channel */
1.67 djm 1028: c->have_remote_id = 1;
1.10 djm 1029:
1030: debug2("%s: channel_new: %d linked to control channel %d",
1031: __func__, nc->self, nc->ctl_chan);
1032:
1.66 djm 1033: channel_register_cleanup(ssh, nc->self,
1034: mux_master_session_cleanup_cb, 1);
1.10 djm 1035:
1.48 djm 1036: cctx = xcalloc(1, sizeof(*cctx));
1037: cctx->rid = rid;
1.66 djm 1038: channel_register_open_confirm(ssh, nc->self, mux_stdio_confirm, cctx);
1.48 djm 1039: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1040:
1041: /* reply is deferred, sent by mux_session_confirm */
1042: return 0;
1043: }
1044:
1045: /* Callback on open confirmation in mux master for a mux stdio fwd session. */
1046: static void
1.66 djm 1047: mux_stdio_confirm(struct ssh *ssh, int id, int success, void *arg)
1.48 djm 1048: {
1049: struct mux_stdio_confirm_ctx *cctx = arg;
1050: Channel *c, *cc;
1.73 markus 1051: struct sshbuf *reply;
1052: int r;
1.48 djm 1053:
1054: if (cctx == NULL)
1055: fatal("%s: cctx == NULL", __func__);
1.66 djm 1056: if ((c = channel_by_id(ssh, id)) == NULL)
1.48 djm 1057: fatal("%s: no channel for id %d", __func__, id);
1.66 djm 1058: if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.48 djm 1059: fatal("%s: channel %d lacks control channel %d", __func__,
1060: id, c->ctl_chan);
1.73 markus 1061: if ((reply = sshbuf_new()) == NULL)
1062: fatal("%s: sshbuf_new", __func__);
1.48 djm 1063:
1064: if (!success) {
1065: debug3("%s: sending failure reply", __func__);
1.73 markus 1066: reply_error(reply, MUX_S_FAILURE, cctx->rid,
1067: "Session open refused by peer");
1.48 djm 1068: /* prepare reply */
1069: goto done;
1070: }
1071:
1072: debug3("%s: sending success reply", __func__);
1.10 djm 1073: /* prepare reply */
1.73 markus 1074: if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 ||
1075: (r = sshbuf_put_u32(reply, cctx->rid)) != 0 ||
1076: (r = sshbuf_put_u32(reply, c->self)) != 0)
1077: fatal("%s: reply: %s", __func__, ssh_err(r));
1.48 djm 1078:
1079: done:
1080: /* Send reply */
1.73 markus 1081: if ((r = sshbuf_put_stringb(cc->output, reply)) != 0)
1082: fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
1083: sshbuf_free(reply);
1.10 djm 1084:
1.48 djm 1085: if (cc->mux_pause <= 0)
1086: fatal("%s: mux_pause %d", __func__, cc->mux_pause);
1087: cc->mux_pause = 0; /* start processing messages again */
1088: c->open_confirm_ctx = NULL;
1089: free(cctx);
1.10 djm 1090: }
1091:
1.25 djm 1092: static int
1.76 djm 1093: mux_master_process_stop_listening(struct ssh *ssh, u_int rid,
1.73 markus 1094: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.25 djm 1095: {
1096: debug("%s: channel %d: stop listening", __func__, c->self);
1097:
1098: if (options.control_master == SSHCTL_MASTER_ASK ||
1099: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
1100: if (!ask_permission("Disable further multiplexing on shared "
1101: "connection to %s? ", host)) {
1102: debug2("%s: stop listen refused by user", __func__);
1.73 markus 1103: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
1104: "Permission denied");
1.25 djm 1105: return 0;
1106: }
1107: }
1108:
1109: if (mux_listener_channel != NULL) {
1.66 djm 1110: channel_free(ssh, mux_listener_channel);
1.25 djm 1111: client_stop_mux();
1.41 djm 1112: free(options.control_path);
1.25 djm 1113: options.control_path = NULL;
1114: mux_listener_channel = NULL;
1115: muxserver_sock = -1;
1116: }
1117:
1.73 markus 1118: reply_ok(reply, rid);
1.25 djm 1119: return 0;
1120: }
1121:
1.62 markus 1122: static int
1.76 djm 1123: mux_master_process_proxy(struct ssh *ssh, u_int rid,
1.73 markus 1124: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.62 markus 1125: {
1.73 markus 1126: int r;
1127:
1.62 markus 1128: debug("%s: channel %d: proxy request", __func__, c->self);
1129:
1130: c->mux_rcb = channel_proxy_downstream;
1.73 markus 1131: if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 ||
1132: (r = sshbuf_put_u32(reply, rid)) != 0)
1133: fatal("%s: reply: %s", __func__, ssh_err(r));
1.62 markus 1134:
1135: return 0;
1136: }
1137:
1.10 djm 1138: /* Channel callbacks fired on read/write from mux slave fd */
1139: static int
1.66 djm 1140: mux_master_read_cb(struct ssh *ssh, Channel *c)
1.10 djm 1141: {
1142: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1.73 markus 1143: struct sshbuf *in = NULL, *out = NULL;
1144: u_int type, rid, i;
1145: int r, ret = -1;
1146:
1147: if ((out = sshbuf_new()) == NULL)
1148: fatal("%s: sshbuf_new", __func__);
1.10 djm 1149:
1150: /* Setup ctx and */
1151: if (c->mux_ctx == NULL) {
1.19 djm 1152: state = xcalloc(1, sizeof(*state));
1.10 djm 1153: c->mux_ctx = state;
1.66 djm 1154: channel_register_cleanup(ssh, c->self,
1.10 djm 1155: mux_master_control_cleanup_cb, 0);
1156:
1157: /* Send hello */
1.73 markus 1158: if ((r = sshbuf_put_u32(out, MUX_MSG_HELLO)) != 0 ||
1159: (r = sshbuf_put_u32(out, SSHMUX_VER)) != 0)
1160: fatal("%s: reply: %s", __func__, ssh_err(r));
1.10 djm 1161: /* no extensions */
1.73 markus 1162: if ((r = sshbuf_put_stringb(c->output, out)) != 0)
1163: fatal("%s: sshbuf_put_stringb: %s",
1164: __func__, ssh_err(r));
1.10 djm 1165: debug3("%s: channel %d: hello sent", __func__, c->self);
1.73 markus 1166: ret = 0;
1167: goto out;
1.10 djm 1168: }
1169:
1170: /* Channel code ensures that we receive whole packets */
1.73 markus 1171: if ((r = sshbuf_froms(c->input, &in)) != 0) {
1.10 djm 1172: malf:
1173: error("%s: malformed message", __func__);
1174: goto out;
1175: }
1176:
1.73 markus 1177: if ((r = sshbuf_get_u32(in, &type)) != 0)
1.10 djm 1178: goto malf;
1.73 markus 1179: debug3("%s: channel %d packet type 0x%08x len %zu",
1180: __func__, c->self, type, sshbuf_len(in));
1.10 djm 1181:
1182: if (type == MUX_MSG_HELLO)
1183: rid = 0;
1184: else {
1185: if (!state->hello_rcvd) {
1186: error("%s: expected MUX_MSG_HELLO(0x%08x), "
1187: "received 0x%08x", __func__, MUX_MSG_HELLO, type);
1188: goto out;
1.1 djm 1189: }
1.73 markus 1190: if ((r = sshbuf_get_u32(in, &rid)) != 0)
1.10 djm 1191: goto malf;
1192: }
1193:
1194: for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
1195: if (type == mux_master_handlers[i].type) {
1.66 djm 1196: ret = mux_master_handlers[i].handler(ssh, rid,
1.73 markus 1197: c, in, out);
1.10 djm 1198: break;
1.1 djm 1199: }
1.10 djm 1200: }
1201: if (mux_master_handlers[i].handler == NULL) {
1202: error("%s: unsupported mux message 0x%08x", __func__, type);
1.73 markus 1203: reply_error(out, MUX_S_FAILURE, rid, "unsupported request");
1.10 djm 1204: ret = 0;
1205: }
1206: /* Enqueue reply packet */
1.73 markus 1207: if (sshbuf_len(out) != 0) {
1208: if ((r = sshbuf_put_stringb(c->output, out)) != 0)
1209: fatal("%s: sshbuf_put_stringb: %s",
1210: __func__, ssh_err(r));
1.10 djm 1211: }
1212: out:
1.73 markus 1213: sshbuf_free(in);
1214: sshbuf_free(out);
1.10 djm 1215: return ret;
1216: }
1217:
1218: void
1.66 djm 1219: mux_exit_message(struct ssh *ssh, Channel *c, int exitval)
1.10 djm 1220: {
1.73 markus 1221: struct sshbuf *m;
1.10 djm 1222: Channel *mux_chan;
1.73 markus 1223: int r;
1.10 djm 1224:
1.40 dtucker 1225: debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
1.10 djm 1226: exitval);
1227:
1.66 djm 1228: if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.10 djm 1229: fatal("%s: channel %d missing mux channel %d",
1230: __func__, c->self, c->ctl_chan);
1231:
1232: /* Append exit message packet to control socket output queue */
1.73 markus 1233: if ((m = sshbuf_new()) == NULL)
1234: fatal("%s: sshbuf_new", __func__);
1235: if ((r = sshbuf_put_u32(m, MUX_S_EXIT_MESSAGE)) != 0 ||
1236: (r = sshbuf_put_u32(m, c->self)) != 0 ||
1237: (r = sshbuf_put_u32(m, exitval)) != 0 ||
1238: (r = sshbuf_put_stringb(mux_chan->output, m)) != 0)
1239: fatal("%s: reply: %s", __func__, ssh_err(r));
1240: sshbuf_free(m);
1.10 djm 1241: }
1242:
1.28 djm 1243: void
1.66 djm 1244: mux_tty_alloc_failed(struct ssh *ssh, Channel *c)
1.28 djm 1245: {
1.73 markus 1246: struct sshbuf *m;
1.28 djm 1247: Channel *mux_chan;
1.73 markus 1248: int r;
1.28 djm 1249:
1250: debug3("%s: channel %d: TTY alloc failed", __func__, c->self);
1251:
1.66 djm 1252: if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.28 djm 1253: fatal("%s: channel %d missing mux channel %d",
1254: __func__, c->self, c->ctl_chan);
1255:
1256: /* Append exit message packet to control socket output queue */
1.73 markus 1257: if ((m = sshbuf_new()) == NULL)
1258: fatal("%s: sshbuf_new", __func__);
1259: if ((r = sshbuf_put_u32(m, MUX_S_TTY_ALLOC_FAIL)) != 0 ||
1260: (r = sshbuf_put_u32(m, c->self)) != 0 ||
1261: (r = sshbuf_put_stringb(mux_chan->output, m)) != 0)
1262: fatal("%s: reply: %s", __func__, ssh_err(r));
1263: sshbuf_free(m);
1.28 djm 1264: }
1265:
1.10 djm 1266: /* Prepare a mux master to listen on a Unix domain socket. */
1267: void
1.66 djm 1268: muxserver_listen(struct ssh *ssh)
1.10 djm 1269: {
1270: mode_t old_umask;
1.22 djm 1271: char *orig_control_path = options.control_path;
1272: char rbuf[16+1];
1273: u_int i, r;
1.47 djm 1274: int oerrno;
1.10 djm 1275:
1276: if (options.control_path == NULL ||
1277: options.control_master == SSHCTL_MASTER_NO)
1.1 djm 1278: return;
1.10 djm 1279:
1280: debug("setting up multiplex master socket");
1281:
1.22 djm 1282: /*
1283: * Use a temporary path before listen so we can pseudo-atomically
1284: * establish the listening socket in its final location to avoid
1285: * other processes racing in between bind() and listen() and hitting
1286: * an unready socket.
1287: */
1288: for (i = 0; i < sizeof(rbuf) - 1; i++) {
1289: r = arc4random_uniform(26+26+10);
1290: rbuf[i] = (r < 26) ? 'a' + r :
1291: (r < 26*2) ? 'A' + r - 26 :
1292: '0' + r - 26 - 26;
1293: }
1294: rbuf[sizeof(rbuf) - 1] = '\0';
1295: options.control_path = NULL;
1296: xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf);
1297: debug3("%s: temporary control path %s", __func__, options.control_path);
1298:
1.10 djm 1299: old_umask = umask(0177);
1.46 millert 1300: muxserver_sock = unix_listener(options.control_path, 64, 0);
1.47 djm 1301: oerrno = errno;
1.46 millert 1302: umask(old_umask);
1303: if (muxserver_sock < 0) {
1.47 djm 1304: if (oerrno == EINVAL || oerrno == EADDRINUSE) {
1.10 djm 1305: error("ControlSocket %s already exists, "
1306: "disabling multiplexing", options.control_path);
1.22 djm 1307: disable_mux_master:
1.26 djm 1308: if (muxserver_sock != -1) {
1309: close(muxserver_sock);
1310: muxserver_sock = -1;
1311: }
1.41 djm 1312: free(orig_control_path);
1313: free(options.control_path);
1.10 djm 1314: options.control_path = NULL;
1315: options.control_master = SSHCTL_MASTER_NO;
1316: return;
1.46 millert 1317: } else {
1318: /* unix_listener() logs the error */
1319: cleanup_exit(255);
1320: }
1.10 djm 1321: }
1322:
1.22 djm 1323: /* Now atomically "move" the mux socket into position */
1324: if (link(options.control_path, orig_control_path) != 0) {
1325: if (errno != EEXIST) {
1.59 djm 1326: fatal("%s: link mux listener %s => %s: %s", __func__,
1.22 djm 1327: options.control_path, orig_control_path,
1328: strerror(errno));
1329: }
1330: error("ControlSocket %s already exists, disabling multiplexing",
1331: orig_control_path);
1332: unlink(options.control_path);
1333: goto disable_mux_master;
1334: }
1335: unlink(options.control_path);
1.41 djm 1336: free(options.control_path);
1.22 djm 1337: options.control_path = orig_control_path;
1338:
1.10 djm 1339: set_nonblock(muxserver_sock);
1340:
1.66 djm 1341: mux_listener_channel = channel_new(ssh, "mux listener",
1.10 djm 1342: SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
1343: CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1.22 djm 1344: 0, options.control_path, 1);
1.10 djm 1345: mux_listener_channel->mux_rcb = mux_master_read_cb;
1346: debug3("%s: mux listener channel %d fd %d", __func__,
1347: mux_listener_channel->self, mux_listener_channel->sock);
1348: }
1349:
1350: /* Callback on open confirmation in mux master for a mux client session. */
1351: static void
1.66 djm 1352: mux_session_confirm(struct ssh *ssh, int id, int success, void *arg)
1.10 djm 1353: {
1354: struct mux_session_confirm_ctx *cctx = arg;
1355: const char *display;
1.17 djm 1356: Channel *c, *cc;
1.73 markus 1357: int i, r;
1358: struct sshbuf *reply;
1.10 djm 1359:
1360: if (cctx == NULL)
1361: fatal("%s: cctx == NULL", __func__);
1.66 djm 1362: if ((c = channel_by_id(ssh, id)) == NULL)
1.10 djm 1363: fatal("%s: no channel for id %d", __func__, id);
1.66 djm 1364: if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.17 djm 1365: fatal("%s: channel %d lacks control channel %d", __func__,
1366: id, c->ctl_chan);
1.73 markus 1367: if ((reply = sshbuf_new()) == NULL)
1368: fatal("%s: sshbuf_new", __func__);
1.17 djm 1369:
1370: if (!success) {
1371: debug3("%s: sending failure reply", __func__);
1.73 markus 1372: reply_error(reply, MUX_S_FAILURE, cctx->rid,
1373: "Session open refused by peer");
1.17 djm 1374: goto done;
1375: }
1.10 djm 1376:
1377: display = getenv("DISPLAY");
1378: if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1379: char *proto, *data;
1.21 djm 1380:
1.10 djm 1381: /* Get reasonable local authentication information. */
1.66 djm 1382: if (client_x11_get_proto(ssh, display, options.xauth_location,
1.21 djm 1383: options.forward_x11_trusted, options.forward_x11_timeout,
1.58 djm 1384: &proto, &data) == 0) {
1385: /* Request forwarding with authentication spoofing. */
1386: debug("Requesting X11 forwarding with authentication "
1387: "spoofing.");
1.66 djm 1388: x11_request_forwarding_with_spoofing(ssh, id,
1389: display, proto, data, 1);
1.58 djm 1390: /* XXX exit_on_forward_failure */
1.66 djm 1391: client_expect_confirm(ssh, id, "X11 forwarding",
1.58 djm 1392: CONFIRM_WARN);
1393: }
1.10 djm 1394: }
1395:
1396: if (cctx->want_agent_fwd && options.forward_agent) {
1397: debug("Requesting authentication agent forwarding.");
1.66 djm 1398: channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
1.10 djm 1399: packet_send();
1400: }
1401:
1.66 djm 1402: client_session2_setup(ssh, id, cctx->want_tty, cctx->want_subsys,
1.73 markus 1403: cctx->term, &cctx->tio, c->rfd, cctx->cmd, cctx->env);
1.10 djm 1404:
1.17 djm 1405: debug3("%s: sending success reply", __func__);
1406: /* prepare reply */
1.73 markus 1407: if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 ||
1408: (r = sshbuf_put_u32(reply, cctx->rid)) != 0 ||
1409: (r = sshbuf_put_u32(reply, c->self)) != 0)
1410: fatal("%s: reply: %s", __func__, ssh_err(r));
1.17 djm 1411:
1412: done:
1413: /* Send reply */
1.73 markus 1414: if ((r = sshbuf_put_stringb(cc->output, reply)) != 0)
1415: fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
1416: sshbuf_free(reply);
1.17 djm 1417:
1418: if (cc->mux_pause <= 0)
1419: fatal("%s: mux_pause %d", __func__, cc->mux_pause);
1420: cc->mux_pause = 0; /* start processing messages again */
1.10 djm 1421: c->open_confirm_ctx = NULL;
1.73 markus 1422: sshbuf_free(cctx->cmd);
1.41 djm 1423: free(cctx->term);
1.10 djm 1424: if (cctx->env != NULL) {
1425: for (i = 0; cctx->env[i] != NULL; i++)
1.41 djm 1426: free(cctx->env[i]);
1427: free(cctx->env);
1.1 djm 1428: }
1.41 djm 1429: free(cctx);
1.10 djm 1430: }
1431:
1432: /* ** Multiplexing client support */
1433:
1434: /* Exit signal handler */
1435: static void
1436: control_client_sighandler(int signo)
1437: {
1438: muxclient_terminate = signo;
1439: }
1440:
1441: /*
1442: * Relay signal handler - used to pass some signals from mux client to
1443: * mux master.
1444: */
1445: static void
1446: control_client_sigrelay(int signo)
1447: {
1448: int save_errno = errno;
1449:
1450: if (muxserver_pid > 1)
1451: kill(muxserver_pid, signo);
1452:
1453: errno = save_errno;
1454: }
1.1 djm 1455:
1.10 djm 1456: static int
1.73 markus 1457: mux_client_read(int fd, struct sshbuf *b, size_t need)
1.10 djm 1458: {
1.73 markus 1459: size_t have;
1.10 djm 1460: ssize_t len;
1461: u_char *p;
1462: struct pollfd pfd;
1.73 markus 1463: int r;
1.10 djm 1464:
1465: pfd.fd = fd;
1466: pfd.events = POLLIN;
1.73 markus 1467: if ((r = sshbuf_reserve(b, need, &p)) != 0)
1468: fatal("%s: reserve: %s", __func__, ssh_err(r));
1.10 djm 1469: for (have = 0; have < need; ) {
1470: if (muxclient_terminate) {
1471: errno = EINTR;
1472: return -1;
1473: }
1474: len = read(fd, p + have, need - have);
1475: if (len < 0) {
1476: switch (errno) {
1477: case EAGAIN:
1478: (void)poll(&pfd, 1, -1);
1479: /* FALLTHROUGH */
1480: case EINTR:
1481: continue;
1482: default:
1483: return -1;
1484: }
1485: }
1486: if (len == 0) {
1487: errno = EPIPE;
1488: return -1;
1489: }
1.73 markus 1490: have += (size_t)len;
1.1 djm 1491: }
1.10 djm 1492: return 0;
1493: }
1.1 djm 1494:
1.10 djm 1495: static int
1.73 markus 1496: mux_client_write_packet(int fd, struct sshbuf *m)
1.10 djm 1497: {
1.73 markus 1498: struct sshbuf *queue;
1.10 djm 1499: u_int have, need;
1.73 markus 1500: int r, oerrno, len;
1501: const u_char *ptr;
1.10 djm 1502: struct pollfd pfd;
1503:
1504: pfd.fd = fd;
1505: pfd.events = POLLOUT;
1.73 markus 1506: if ((queue = sshbuf_new()) == NULL)
1507: fatal("%s: sshbuf_new", __func__);
1508: if ((r = sshbuf_put_stringb(queue, m)) != 0)
1509: fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
1.10 djm 1510:
1.73 markus 1511: need = sshbuf_len(queue);
1512: ptr = sshbuf_ptr(queue);
1.10 djm 1513:
1514: for (have = 0; have < need; ) {
1515: if (muxclient_terminate) {
1.73 markus 1516: sshbuf_free(queue);
1.10 djm 1517: errno = EINTR;
1518: return -1;
1519: }
1520: len = write(fd, ptr + have, need - have);
1521: if (len < 0) {
1522: switch (errno) {
1523: case EAGAIN:
1524: (void)poll(&pfd, 1, -1);
1525: /* FALLTHROUGH */
1526: case EINTR:
1527: continue;
1528: default:
1529: oerrno = errno;
1.73 markus 1530: sshbuf_free(queue);
1.10 djm 1531: errno = oerrno;
1532: return -1;
1533: }
1534: }
1535: if (len == 0) {
1.73 markus 1536: sshbuf_free(queue);
1.10 djm 1537: errno = EPIPE;
1538: return -1;
1539: }
1540: have += (u_int)len;
1541: }
1.73 markus 1542: sshbuf_free(queue);
1.10 djm 1543: return 0;
1544: }
1.1 djm 1545:
1.10 djm 1546: static int
1.73 markus 1547: mux_client_read_packet(int fd, struct sshbuf *m)
1.10 djm 1548: {
1.73 markus 1549: struct sshbuf *queue;
1550: size_t need, have;
1.45 djm 1551: const u_char *ptr;
1.73 markus 1552: int r, oerrno;
1.10 djm 1553:
1.73 markus 1554: if ((queue = sshbuf_new()) == NULL)
1555: fatal("%s: sshbuf_new", __func__);
1556: if (mux_client_read(fd, queue, 4) != 0) {
1.10 djm 1557: if ((oerrno = errno) == EPIPE)
1.43 dtucker 1558: debug3("%s: read header failed: %s", __func__,
1559: strerror(errno));
1.73 markus 1560: sshbuf_free(queue);
1.10 djm 1561: errno = oerrno;
1562: return -1;
1563: }
1.73 markus 1564: need = PEEK_U32(sshbuf_ptr(queue));
1565: if (mux_client_read(fd, queue, need) != 0) {
1.10 djm 1566: oerrno = errno;
1567: debug3("%s: read body failed: %s", __func__, strerror(errno));
1.73 markus 1568: sshbuf_free(queue);
1.10 djm 1569: errno = oerrno;
1570: return -1;
1571: }
1.73 markus 1572: if ((r = sshbuf_get_string_direct(queue, &ptr, &have)) != 0 ||
1573: (r = sshbuf_put(m, ptr, have)) != 0)
1574: fatal("%s: buffer error: %s", __func__, ssh_err(r));
1575: sshbuf_free(queue);
1.10 djm 1576: return 0;
1577: }
1.1 djm 1578:
1.10 djm 1579: static int
1580: mux_client_hello_exchange(int fd)
1581: {
1.73 markus 1582: struct sshbuf *m;
1.10 djm 1583: u_int type, ver;
1.73 markus 1584: int r, ret = -1;
1.1 djm 1585:
1.73 markus 1586: if ((m = sshbuf_new()) == NULL)
1587: fatal("%s: sshbuf_new", __func__);
1588: if ((r = sshbuf_put_u32(m, MUX_MSG_HELLO)) != 0 ||
1589: (r = sshbuf_put_u32(m, SSHMUX_VER)) != 0)
1590: fatal("%s: hello: %s", __func__, ssh_err(r));
1.10 djm 1591: /* no extensions */
1592:
1.73 markus 1593: if (mux_client_write_packet(fd, m) != 0) {
1.65 djm 1594: debug("%s: write packet: %s", __func__, strerror(errno));
1595: goto out;
1596: }
1.1 djm 1597:
1.73 markus 1598: sshbuf_reset(m);
1.10 djm 1599:
1600: /* Read their HELLO */
1.73 markus 1601: if (mux_client_read_packet(fd, m) != 0) {
1.65 djm 1602: debug("%s: read packet failed", __func__);
1603: goto out;
1.10 djm 1604: }
1605:
1.73 markus 1606: if ((r = sshbuf_get_u32(m, &type)) != 0)
1607: fatal("%s: decode type: %s", __func__, ssh_err(r));
1.65 djm 1608: if (type != MUX_MSG_HELLO) {
1609: error("%s: expected HELLO (%u) received %u",
1.10 djm 1610: __func__, MUX_MSG_HELLO, type);
1.65 djm 1611: goto out;
1612: }
1.73 markus 1613: if ((r = sshbuf_get_u32(m, &ver)) != 0)
1614: fatal("%s: decode version: %s", __func__, ssh_err(r));
1.65 djm 1615: if (ver != SSHMUX_VER) {
1616: error("Unsupported multiplexing protocol version %d "
1.10 djm 1617: "(expected %d)", ver, SSHMUX_VER);
1.65 djm 1618: goto out;
1619: }
1.10 djm 1620: debug2("%s: master version %u", __func__, ver);
1621: /* No extensions are presently defined */
1.73 markus 1622: while (sshbuf_len(m) > 0) {
1623: char *name = NULL;
1.10 djm 1624:
1.73 markus 1625: if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 ||
1626: (r = sshbuf_skip_string(m)) != 0) { /* value */
1627: error("%s: malformed extension: %s",
1628: __func__, ssh_err(r));
1629: goto out;
1630: }
1.10 djm 1631: debug2("Unrecognised master extension \"%s\"", name);
1.41 djm 1632: free(name);
1.5 djm 1633: }
1.65 djm 1634: /* success */
1635: ret = 0;
1636: out:
1.73 markus 1637: sshbuf_free(m);
1.65 djm 1638: return ret;
1.10 djm 1639: }
1640:
1641: static u_int
1642: mux_client_request_alive(int fd)
1643: {
1.73 markus 1644: struct sshbuf *m;
1.10 djm 1645: char *e;
1646: u_int pid, type, rid;
1.73 markus 1647: int r;
1.10 djm 1648:
1649: debug3("%s: entering", __func__);
1650:
1.73 markus 1651: if ((m = sshbuf_new()) == NULL)
1652: fatal("%s: sshbuf_new", __func__);
1653: if ((r = sshbuf_put_u32(m, MUX_C_ALIVE_CHECK)) != 0 ||
1654: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
1655: fatal("%s: request: %s", __func__, ssh_err(r));
1.10 djm 1656:
1.73 markus 1657: if (mux_client_write_packet(fd, m) != 0)
1.10 djm 1658: fatal("%s: write packet: %s", __func__, strerror(errno));
1659:
1.73 markus 1660: sshbuf_reset(m);
1.1 djm 1661:
1.10 djm 1662: /* Read their reply */
1.73 markus 1663: if (mux_client_read_packet(fd, m) != 0) {
1664: sshbuf_free(m);
1.10 djm 1665: return 0;
1666: }
1667:
1.73 markus 1668: if ((r = sshbuf_get_u32(m, &type)) != 0)
1669: fatal("%s: decode type: %s", __func__, ssh_err(r));
1.10 djm 1670: if (type != MUX_S_ALIVE) {
1.73 markus 1671: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1672: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.10 djm 1673: fatal("%s: master returned error: %s", __func__, e);
1.5 djm 1674: }
1.10 djm 1675:
1.73 markus 1676: if ((r = sshbuf_get_u32(m, &rid)) != 0)
1677: fatal("%s: decode remote ID: %s", __func__, ssh_err(r));
1678: if (rid != muxclient_request_id)
1.10 djm 1679: fatal("%s: out of sequence reply: my id %u theirs %u",
1680: __func__, muxclient_request_id, rid);
1.73 markus 1681: if ((r = sshbuf_get_u32(m, &pid)) != 0)
1682: fatal("%s: decode PID: %s", __func__, ssh_err(r));
1683: sshbuf_free(m);
1.10 djm 1684:
1685: debug3("%s: done pid = %u", __func__, pid);
1686:
1687: muxclient_request_id++;
1688:
1689: return pid;
1690: }
1691:
1692: static void
1693: mux_client_request_terminate(int fd)
1694: {
1.73 markus 1695: struct sshbuf *m;
1.10 djm 1696: char *e;
1697: u_int type, rid;
1.73 markus 1698: int r;
1.10 djm 1699:
1700: debug3("%s: entering", __func__);
1701:
1.73 markus 1702: if ((m = sshbuf_new()) == NULL)
1703: fatal("%s: sshbuf_new", __func__);
1704: if ((r = sshbuf_put_u32(m, MUX_C_TERMINATE)) != 0 ||
1705: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
1706: fatal("%s: request: %s", __func__, ssh_err(r));
1.10 djm 1707:
1.73 markus 1708: if (mux_client_write_packet(fd, m) != 0)
1.10 djm 1709: fatal("%s: write packet: %s", __func__, strerror(errno));
1.1 djm 1710:
1.73 markus 1711: sshbuf_reset(m);
1.1 djm 1712:
1.10 djm 1713: /* Read their reply */
1.73 markus 1714: if (mux_client_read_packet(fd, m) != 0) {
1.10 djm 1715: /* Remote end exited already */
1716: if (errno == EPIPE) {
1.73 markus 1717: sshbuf_free(m);
1.10 djm 1718: return;
1.2 djm 1719: }
1.10 djm 1720: fatal("%s: read from master failed: %s",
1721: __func__, strerror(errno));
1722: }
1723:
1.73 markus 1724: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
1725: (r = sshbuf_get_u32(m, &rid)) != 0)
1726: fatal("%s: decode: %s", __func__, ssh_err(r));
1727: if (rid != muxclient_request_id)
1.10 djm 1728: fatal("%s: out of sequence reply: my id %u theirs %u",
1729: __func__, muxclient_request_id, rid);
1730: switch (type) {
1731: case MUX_S_OK:
1732: break;
1733: case MUX_S_PERMISSION_DENIED:
1.73 markus 1734: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1735: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.10 djm 1736: fatal("Master refused termination request: %s", e);
1737: case MUX_S_FAILURE:
1.73 markus 1738: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1739: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.10 djm 1740: fatal("%s: termination request failed: %s", __func__, e);
1741: default:
1742: fatal("%s: unexpected response from master 0x%08x",
1743: __func__, type);
1744: }
1.73 markus 1745: sshbuf_free(m);
1.10 djm 1746: muxclient_request_id++;
1747: }
1748:
1749: static int
1.46 millert 1750: mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd)
1.10 djm 1751: {
1.73 markus 1752: struct sshbuf *m;
1.10 djm 1753: char *e, *fwd_desc;
1.73 markus 1754: const char *lhost, *chost;
1.10 djm 1755: u_int type, rid;
1.73 markus 1756: int r;
1.10 djm 1757:
1758: fwd_desc = format_forward(ftype, fwd);
1.30 djm 1759: debug("Requesting %s %s",
1760: cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
1.41 djm 1761: free(fwd_desc);
1.10 djm 1762:
1.73 markus 1763: type = cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD;
1764: if (fwd->listen_path != NULL)
1765: lhost = fwd->listen_path;
1766: else if (fwd->listen_host == NULL)
1767: lhost = "";
1768: else if (*fwd->listen_host == '\0')
1769: lhost = "*";
1770: else
1771: lhost = fwd->listen_host;
1772:
1773: if (fwd->connect_path != NULL)
1774: chost = fwd->connect_path;
1775: else if (fwd->connect_host == NULL)
1776: chost = "";
1777: else
1778: chost = fwd->connect_host;
1779:
1780: if ((m = sshbuf_new()) == NULL)
1781: fatal("%s: sshbuf_new", __func__);
1782: if ((r = sshbuf_put_u32(m, type)) != 0 ||
1783: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
1784: (r = sshbuf_put_u32(m, ftype)) != 0 ||
1785: (r = sshbuf_put_cstring(m, lhost)) != 0 ||
1786: (r = sshbuf_put_u32(m, fwd->listen_port)) != 0 ||
1787: (r = sshbuf_put_cstring(m, chost)) != 0 ||
1788: (r = sshbuf_put_u32(m, fwd->connect_port)) != 0)
1789: fatal("%s: request: %s", __func__, ssh_err(r));
1.10 djm 1790:
1.73 markus 1791: if (mux_client_write_packet(fd, m) != 0)
1.10 djm 1792: fatal("%s: write packet: %s", __func__, strerror(errno));
1793:
1.73 markus 1794: sshbuf_reset(m);
1.10 djm 1795:
1796: /* Read their reply */
1.73 markus 1797: if (mux_client_read_packet(fd, m) != 0) {
1798: sshbuf_free(m);
1.10 djm 1799: return -1;
1800: }
1801:
1.73 markus 1802: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
1803: (r = sshbuf_get_u32(m, &rid)) != 0)
1804: fatal("%s: decode: %s", __func__, ssh_err(r));
1805: if (rid != muxclient_request_id)
1.10 djm 1806: fatal("%s: out of sequence reply: my id %u theirs %u",
1807: __func__, muxclient_request_id, rid);
1.73 markus 1808:
1.10 djm 1809: switch (type) {
1810: case MUX_S_OK:
1.1 djm 1811: break;
1.18 markus 1812: case MUX_S_REMOTE_PORT:
1.30 djm 1813: if (cancel_flag)
1814: fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__);
1.73 markus 1815: if ((r = sshbuf_get_u32(m, &fwd->allocated_port)) != 0)
1816: fatal("%s: decode port: %s", __func__, ssh_err(r));
1.52 djm 1817: verbose("Allocated port %u for remote forward to %s:%d",
1.18 markus 1818: fwd->allocated_port,
1819: fwd->connect_host ? fwd->connect_host : "",
1820: fwd->connect_port);
1821: if (muxclient_command == SSHMUX_COMMAND_FORWARD)
1.55 djm 1822: fprintf(stdout, "%i\n", fwd->allocated_port);
1.18 markus 1823: break;
1.10 djm 1824: case MUX_S_PERMISSION_DENIED:
1.73 markus 1825: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1826: fatal("%s: decode error: %s", __func__, ssh_err(r));
1827: sshbuf_free(m);
1.10 djm 1828: error("Master refused forwarding request: %s", e);
1829: return -1;
1830: case MUX_S_FAILURE:
1.73 markus 1831: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1832: fatal("%s: decode error: %s", __func__, ssh_err(r));
1833: sshbuf_free(m);
1.24 djm 1834: error("%s: forwarding request failed: %s", __func__, e);
1.10 djm 1835: return -1;
1.1 djm 1836: default:
1.10 djm 1837: fatal("%s: unexpected response from master 0x%08x",
1838: __func__, type);
1839: }
1.73 markus 1840: sshbuf_free(m);
1.10 djm 1841:
1842: muxclient_request_id++;
1843: return 0;
1844: }
1845:
1846: static int
1.30 djm 1847: mux_client_forwards(int fd, int cancel_flag)
1.10 djm 1848: {
1.30 djm 1849: int i, ret = 0;
1.10 djm 1850:
1.30 djm 1851: debug3("%s: %s forwardings: %d local, %d remote", __func__,
1852: cancel_flag ? "cancel" : "request",
1.10 djm 1853: options.num_local_forwards, options.num_remote_forwards);
1854:
1855: /* XXX ExitOnForwardingFailure */
1856: for (i = 0; i < options.num_local_forwards; i++) {
1.30 djm 1857: if (mux_client_forward(fd, cancel_flag,
1.10 djm 1858: options.local_forwards[i].connect_port == 0 ?
1859: MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1860: options.local_forwards + i) != 0)
1.30 djm 1861: ret = -1;
1.10 djm 1862: }
1863: for (i = 0; i < options.num_remote_forwards; i++) {
1.30 djm 1864: if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE,
1.10 djm 1865: options.remote_forwards + i) != 0)
1.30 djm 1866: ret = -1;
1.10 djm 1867: }
1.30 djm 1868: return ret;
1.10 djm 1869: }
1870:
1871: static int
1872: mux_client_request_session(int fd)
1873: {
1.73 markus 1874: struct sshbuf *m;
1875: char *e;
1876: const char *term;
1877: u_int echar, rid, sid, esid, exitval, type, exitval_seen;
1.10 djm 1878: extern char **environ;
1.73 markus 1879: int r, i, devnull, rawmode;
1.10 djm 1880:
1881: debug3("%s: entering", __func__);
1882:
1883: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1884: error("%s: master alive request failed", __func__);
1885: return -1;
1.1 djm 1886: }
1887:
1.10 djm 1888: signal(SIGPIPE, SIG_IGN);
1889:
1890: if (stdin_null_flag) {
1891: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1892: fatal("open(/dev/null): %s", strerror(errno));
1893: if (dup2(devnull, STDIN_FILENO) == -1)
1894: fatal("dup2: %s", strerror(errno));
1895: if (devnull > STDERR_FILENO)
1896: close(devnull);
1.5 djm 1897: }
1.1 djm 1898:
1.73 markus 1899: if ((term = getenv("TERM")) == NULL)
1900: term = "";
1901: echar = 0xffffffff;
1902: if (options.escape_char != SSH_ESCAPECHAR_NONE)
1903: echar = (u_int)options.escape_char;
1904:
1905: if ((m = sshbuf_new()) == NULL)
1906: fatal("%s: sshbuf_new", __func__);
1907: if ((r = sshbuf_put_u32(m, MUX_C_NEW_SESSION)) != 0 ||
1908: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
1909: (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */
1910: (r = sshbuf_put_u32(m, tty_flag)) != 0 ||
1911: (r = sshbuf_put_u32(m, options.forward_x11)) != 0 ||
1912: (r = sshbuf_put_u32(m, options.forward_agent)) != 0 ||
1913: (r = sshbuf_put_u32(m, subsystem_flag)) != 0 ||
1914: (r = sshbuf_put_u32(m, echar)) != 0 ||
1915: (r = sshbuf_put_cstring(m, term)) != 0 ||
1916: (r = sshbuf_put_stringb(m, command)) != 0)
1917: fatal("%s: request: %s", __func__, ssh_err(r));
1.10 djm 1918:
1.71 djm 1919: /* Pass environment */
1.10 djm 1920: if (options.num_send_env > 0 && environ != NULL) {
1921: for (i = 0; environ[i] != NULL; i++) {
1.73 markus 1922: if (!env_permitted(environ[i]))
1923: continue;
1924: if ((r = sshbuf_put_cstring(m, environ[i])) != 0)
1925: fatal("%s: request: %s", __func__, ssh_err(r));
1.10 djm 1926: }
1.5 djm 1927: }
1.73 markus 1928: for (i = 0; i < options.num_setenv; i++) {
1929: if ((r = sshbuf_put_cstring(m, options.setenv[i])) != 0)
1930: fatal("%s: request: %s", __func__, ssh_err(r));
1931: }
1.5 djm 1932:
1.73 markus 1933: if (mux_client_write_packet(fd, m) != 0)
1.10 djm 1934: fatal("%s: write packet: %s", __func__, strerror(errno));
1935:
1936: /* Send the stdio file descriptors */
1937: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1938: mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1939: mm_send_fd(fd, STDERR_FILENO) == -1)
1940: fatal("%s: send fds failed", __func__);
1941:
1942: debug3("%s: session request sent", __func__);
1.1 djm 1943:
1.10 djm 1944: /* Read their reply */
1.73 markus 1945: sshbuf_reset(m);
1946: if (mux_client_read_packet(fd, m) != 0) {
1.10 djm 1947: error("%s: read from master failed: %s",
1948: __func__, strerror(errno));
1.73 markus 1949: sshbuf_free(m);
1.10 djm 1950: return -1;
1951: }
1952:
1.73 markus 1953: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
1954: (r = sshbuf_get_u32(m, &rid)) != 0)
1955: fatal("%s: decode: %s", __func__, ssh_err(r));
1956: if (rid != muxclient_request_id)
1.10 djm 1957: fatal("%s: out of sequence reply: my id %u theirs %u",
1958: __func__, muxclient_request_id, rid);
1.73 markus 1959:
1.10 djm 1960: switch (type) {
1961: case MUX_S_SESSION_OPENED:
1.73 markus 1962: if ((r = sshbuf_get_u32(m, &sid)) != 0)
1963: fatal("%s: decode ID: %s", __func__, ssh_err(r));
1.10 djm 1964: break;
1965: case MUX_S_PERMISSION_DENIED:
1.73 markus 1966: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1967: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.24 djm 1968: error("Master refused session request: %s", e);
1.73 markus 1969: sshbuf_free(m);
1.10 djm 1970: return -1;
1971: case MUX_S_FAILURE:
1.73 markus 1972: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1973: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.24 djm 1974: error("%s: session request failed: %s", __func__, e);
1.73 markus 1975: sshbuf_free(m);
1.10 djm 1976: return -1;
1977: default:
1.73 markus 1978: sshbuf_free(m);
1.10 djm 1979: error("%s: unexpected response from master 0x%08x",
1980: __func__, type);
1981: return -1;
1982: }
1983: muxclient_request_id++;
1.1 djm 1984:
1.57 semarie 1985: if (pledge("stdio proc tty", NULL) == -1)
1986: fatal("%s pledge(): %s", __func__, strerror(errno));
1987:
1.1 djm 1988: signal(SIGHUP, control_client_sighandler);
1989: signal(SIGINT, control_client_sighandler);
1990: signal(SIGTERM, control_client_sighandler);
1991: signal(SIGWINCH, control_client_sigrelay);
1992:
1.28 djm 1993: rawmode = tty_flag;
1.1 djm 1994: if (tty_flag)
1.27 djm 1995: enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1.1 djm 1996:
1997: /*
1998: * Stick around until the controlee closes the client_fd.
1.10 djm 1999: * Before it does, it is expected to write an exit message.
2000: * This process must read the value and wait for the closure of
2001: * the client_fd; if this one closes early, the multiplex master will
2002: * terminate early too (possibly losing data).
1.1 djm 2003: */
1.10 djm 2004: for (exitval = 255, exitval_seen = 0;;) {
1.73 markus 2005: sshbuf_reset(m);
2006: if (mux_client_read_packet(fd, m) != 0)
1.1 djm 2007: break;
1.73 markus 2008: if ((r = sshbuf_get_u32(m, &type)) != 0)
2009: fatal("%s: decode type: %s", __func__, ssh_err(r));
1.28 djm 2010: switch (type) {
2011: case MUX_S_TTY_ALLOC_FAIL:
1.73 markus 2012: if ((r = sshbuf_get_u32(m, &esid)) != 0)
2013: fatal("%s: decode ID: %s",
2014: __func__, ssh_err(r));
2015: if (esid != sid)
1.28 djm 2016: fatal("%s: tty alloc fail on unknown session: "
2017: "my id %u theirs %u",
2018: __func__, sid, esid);
2019: leave_raw_mode(options.request_tty ==
2020: REQUEST_TTY_FORCE);
2021: rawmode = 0;
2022: continue;
2023: case MUX_S_EXIT_MESSAGE:
1.73 markus 2024: if ((r = sshbuf_get_u32(m, &esid)) != 0)
2025: fatal("%s: decode ID: %s",
2026: __func__, ssh_err(r));
2027: if (esid != sid)
1.28 djm 2028: fatal("%s: exit on unknown session: "
2029: "my id %u theirs %u",
2030: __func__, sid, esid);
2031: if (exitval_seen)
2032: fatal("%s: exitval sent twice", __func__);
1.73 markus 2033: if ((r = sshbuf_get_u32(m, &exitval)) != 0)
2034: fatal("%s: decode exit value: %s",
2035: __func__, ssh_err(r));
1.28 djm 2036: exitval_seen = 1;
2037: continue;
2038: default:
1.73 markus 2039: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
2040: fatal("%s: decode error: %s",
2041: __func__, ssh_err(r));
1.10 djm 2042: fatal("%s: master returned error: %s", __func__, e);
1.1 djm 2043: }
2044: }
2045:
1.10 djm 2046: close(fd);
1.28 djm 2047: if (rawmode)
2048: leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1.10 djm 2049:
1.1 djm 2050: if (muxclient_terminate) {
1.69 dtucker 2051: debug2("Exiting on signal: %s", strsignal(muxclient_terminate));
1.10 djm 2052: exitval = 255;
2053: } else if (!exitval_seen) {
1.1 djm 2054: debug2("Control master terminated unexpectedly");
1.10 djm 2055: exitval = 255;
1.1 djm 2056: } else
1.10 djm 2057: debug2("Received exit status from master %d", exitval);
1.1 djm 2058:
2059: if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
2060: fprintf(stderr, "Shared connection to %s closed.\r\n", host);
2061:
1.10 djm 2062: exit(exitval);
2063: }
2064:
2065: static int
1.62 markus 2066: mux_client_proxy(int fd)
2067: {
1.73 markus 2068: struct sshbuf *m;
1.62 markus 2069: char *e;
2070: u_int type, rid;
1.73 markus 2071: int r;
1.62 markus 2072:
1.73 markus 2073: if ((m = sshbuf_new()) == NULL)
2074: fatal("%s: sshbuf_new", __func__);
2075: if ((r = sshbuf_put_u32(m, MUX_C_PROXY)) != 0 ||
2076: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
2077: fatal("%s: request: %s", __func__, ssh_err(r));
2078: if (mux_client_write_packet(fd, m) != 0)
1.62 markus 2079: fatal("%s: write packet: %s", __func__, strerror(errno));
2080:
1.73 markus 2081: sshbuf_reset(m);
1.62 markus 2082:
2083: /* Read their reply */
1.73 markus 2084: if (mux_client_read_packet(fd, m) != 0) {
2085: sshbuf_free(m);
1.62 markus 2086: return 0;
2087: }
1.73 markus 2088: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
2089: (r = sshbuf_get_u32(m, &rid)) != 0)
2090: fatal("%s: decode: %s", __func__, ssh_err(r));
2091: if (rid != muxclient_request_id)
2092: fatal("%s: out of sequence reply: my id %u theirs %u",
2093: __func__, muxclient_request_id, rid);
1.62 markus 2094: if (type != MUX_S_PROXY) {
1.73 markus 2095: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
2096: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.62 markus 2097: fatal("%s: master returned error: %s", __func__, e);
2098: }
1.73 markus 2099: sshbuf_free(m);
1.62 markus 2100:
2101: debug3("%s: done", __func__);
2102: muxclient_request_id++;
2103: return 0;
2104: }
2105:
2106: static int
1.10 djm 2107: mux_client_request_stdio_fwd(int fd)
2108: {
1.73 markus 2109: struct sshbuf *m;
1.10 djm 2110: char *e;
2111: u_int type, rid, sid;
1.73 markus 2112: int r, devnull;
1.10 djm 2113:
2114: debug3("%s: entering", __func__);
2115:
2116: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
2117: error("%s: master alive request failed", __func__);
2118: return -1;
2119: }
2120:
2121: signal(SIGPIPE, SIG_IGN);
2122:
2123: if (stdin_null_flag) {
2124: if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
2125: fatal("open(/dev/null): %s", strerror(errno));
2126: if (dup2(devnull, STDIN_FILENO) == -1)
2127: fatal("dup2: %s", strerror(errno));
2128: if (devnull > STDERR_FILENO)
2129: close(devnull);
2130: }
2131:
1.73 markus 2132: if ((m = sshbuf_new()) == NULL)
2133: fatal("%s: sshbuf_new", __func__);
2134: if ((r = sshbuf_put_u32(m, MUX_C_NEW_STDIO_FWD)) != 0 ||
2135: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
2136: (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */
2137: (r = sshbuf_put_cstring(m, options.stdio_forward_host)) != 0 ||
2138: (r = sshbuf_put_u32(m, options.stdio_forward_port)) != 0)
2139: fatal("%s: request: %s", __func__, ssh_err(r));
1.10 djm 2140:
1.73 markus 2141: if (mux_client_write_packet(fd, m) != 0)
1.10 djm 2142: fatal("%s: write packet: %s", __func__, strerror(errno));
2143:
2144: /* Send the stdio file descriptors */
2145: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
2146: mm_send_fd(fd, STDOUT_FILENO) == -1)
2147: fatal("%s: send fds failed", __func__);
2148:
1.56 semarie 2149: if (pledge("stdio proc tty", NULL) == -1)
2150: fatal("%s pledge(): %s", __func__, strerror(errno));
2151:
1.10 djm 2152: debug3("%s: stdio forward request sent", __func__);
2153:
2154: /* Read their reply */
1.73 markus 2155: sshbuf_reset(m);
1.10 djm 2156:
1.73 markus 2157: if (mux_client_read_packet(fd, m) != 0) {
1.10 djm 2158: error("%s: read from master failed: %s",
2159: __func__, strerror(errno));
1.73 markus 2160: sshbuf_free(m);
1.10 djm 2161: return -1;
2162: }
2163:
1.73 markus 2164: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
2165: (r = sshbuf_get_u32(m, &rid)) != 0)
2166: fatal("%s: decode: %s", __func__, ssh_err(r));
2167: if (rid != muxclient_request_id)
1.10 djm 2168: fatal("%s: out of sequence reply: my id %u theirs %u",
2169: __func__, muxclient_request_id, rid);
2170: switch (type) {
2171: case MUX_S_SESSION_OPENED:
1.73 markus 2172: if ((r = sshbuf_get_u32(m, &sid)) != 0)
2173: fatal("%s: decode ID: %s", __func__, ssh_err(r));
1.10 djm 2174: debug("%s: master session id: %u", __func__, sid);
2175: break;
2176: case MUX_S_PERMISSION_DENIED:
1.73 markus 2177: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
2178: fatal("%s: decode error: %s", __func__, ssh_err(r));
2179: sshbuf_free(m);
1.24 djm 2180: fatal("Master refused stdio forwarding request: %s", e);
1.10 djm 2181: case MUX_S_FAILURE:
1.73 markus 2182: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
2183: fatal("%s: decode error: %s", __func__, ssh_err(r));
2184: sshbuf_free(m);
1.48 djm 2185: fatal("Stdio forwarding request failed: %s", e);
1.10 djm 2186: default:
1.73 markus 2187: sshbuf_free(m);
1.10 djm 2188: error("%s: unexpected response from master 0x%08x",
2189: __func__, type);
2190: return -1;
2191: }
2192: muxclient_request_id++;
2193:
2194: signal(SIGHUP, control_client_sighandler);
2195: signal(SIGINT, control_client_sighandler);
2196: signal(SIGTERM, control_client_sighandler);
2197: signal(SIGWINCH, control_client_sigrelay);
2198:
2199: /*
2200: * Stick around until the controlee closes the client_fd.
2201: */
1.73 markus 2202: sshbuf_reset(m);
2203: if (mux_client_read_packet(fd, m) != 0) {
1.10 djm 2204: if (errno == EPIPE ||
2205: (errno == EINTR && muxclient_terminate != 0))
2206: return 0;
2207: fatal("%s: mux_client_read_packet: %s",
2208: __func__, strerror(errno));
2209: }
2210: fatal("%s: master returned unexpected message %u", __func__, type);
2211: }
2212:
1.25 djm 2213: static void
2214: mux_client_request_stop_listening(int fd)
2215: {
1.73 markus 2216: struct sshbuf *m;
1.25 djm 2217: char *e;
2218: u_int type, rid;
1.73 markus 2219: int r;
1.25 djm 2220:
2221: debug3("%s: entering", __func__);
2222:
1.73 markus 2223: if ((m = sshbuf_new()) == NULL)
2224: fatal("%s: sshbuf_new", __func__);
2225: if ((r = sshbuf_put_u32(m, MUX_C_STOP_LISTENING)) != 0 ||
2226: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
2227: fatal("%s: request: %s", __func__, ssh_err(r));
1.25 djm 2228:
1.73 markus 2229: if (mux_client_write_packet(fd, m) != 0)
1.25 djm 2230: fatal("%s: write packet: %s", __func__, strerror(errno));
2231:
1.73 markus 2232: sshbuf_reset(m);
1.25 djm 2233:
2234: /* Read their reply */
1.73 markus 2235: if (mux_client_read_packet(fd, m) != 0)
1.25 djm 2236: fatal("%s: read from master failed: %s",
2237: __func__, strerror(errno));
2238:
1.73 markus 2239: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
2240: (r = sshbuf_get_u32(m, &rid)) != 0)
2241: fatal("%s: decode: %s", __func__, ssh_err(r));
2242: if (rid != muxclient_request_id)
1.25 djm 2243: fatal("%s: out of sequence reply: my id %u theirs %u",
2244: __func__, muxclient_request_id, rid);
1.73 markus 2245:
1.25 djm 2246: switch (type) {
2247: case MUX_S_OK:
2248: break;
2249: case MUX_S_PERMISSION_DENIED:
1.73 markus 2250: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
2251: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.25 djm 2252: fatal("Master refused stop listening request: %s", e);
2253: case MUX_S_FAILURE:
1.73 markus 2254: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
2255: fatal("%s: decode error: %s", __func__, ssh_err(r));
1.25 djm 2256: fatal("%s: stop listening request failed: %s", __func__, e);
2257: default:
2258: fatal("%s: unexpected response from master 0x%08x",
2259: __func__, type);
2260: }
1.73 markus 2261: sshbuf_free(m);
1.25 djm 2262: muxclient_request_id++;
2263: }
2264:
1.10 djm 2265: /* Multiplex client main loop. */
1.62 markus 2266: int
1.10 djm 2267: muxclient(const char *path)
2268: {
2269: struct sockaddr_un addr;
2270: int sock;
2271: u_int pid;
2272:
2273: if (muxclient_command == 0) {
1.60 dtucker 2274: if (options.stdio_forward_host != NULL)
1.10 djm 2275: muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
2276: else
2277: muxclient_command = SSHMUX_COMMAND_OPEN;
2278: }
2279:
2280: switch (options.control_master) {
2281: case SSHCTL_MASTER_AUTO:
2282: case SSHCTL_MASTER_AUTO_ASK:
2283: debug("auto-mux: Trying existing master");
2284: /* FALLTHROUGH */
2285: case SSHCTL_MASTER_NO:
2286: break;
2287: default:
1.62 markus 2288: return -1;
1.10 djm 2289: }
2290:
2291: memset(&addr, '\0', sizeof(addr));
2292: addr.sun_family = AF_UNIX;
2293:
2294: if (strlcpy(addr.sun_path, path,
2295: sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1.61 dtucker 2296: fatal("ControlPath too long ('%s' >= %u bytes)", path,
2297: (unsigned int)sizeof(addr.sun_path));
1.10 djm 2298:
2299: if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
2300: fatal("%s socket(): %s", __func__, strerror(errno));
2301:
1.64 guenther 2302: if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
1.10 djm 2303: switch (muxclient_command) {
2304: case SSHMUX_COMMAND_OPEN:
2305: case SSHMUX_COMMAND_STDIO_FWD:
2306: break;
2307: default:
2308: fatal("Control socket connect(%.100s): %s", path,
2309: strerror(errno));
2310: }
1.22 djm 2311: if (errno == ECONNREFUSED &&
2312: options.control_master != SSHCTL_MASTER_NO) {
2313: debug("Stale control socket %.100s, unlinking", path);
2314: unlink(path);
2315: } else if (errno == ENOENT) {
1.10 djm 2316: debug("Control socket \"%.100s\" does not exist", path);
1.22 djm 2317: } else {
1.10 djm 2318: error("Control socket connect(%.100s): %s", path,
2319: strerror(errno));
2320: }
2321: close(sock);
1.62 markus 2322: return -1;
1.10 djm 2323: }
2324: set_nonblock(sock);
2325:
2326: if (mux_client_hello_exchange(sock) != 0) {
2327: error("%s: master hello exchange failed", __func__);
2328: close(sock);
1.62 markus 2329: return -1;
1.10 djm 2330: }
2331:
2332: switch (muxclient_command) {
2333: case SSHMUX_COMMAND_ALIVE_CHECK:
2334: if ((pid = mux_client_request_alive(sock)) == 0)
2335: fatal("%s: master alive check failed", __func__);
1.55 djm 2336: fprintf(stderr, "Master running (pid=%u)\r\n", pid);
1.10 djm 2337: exit(0);
2338: case SSHMUX_COMMAND_TERMINATE:
2339: mux_client_request_terminate(sock);
1.63 dtucker 2340: if (options.log_level != SYSLOG_LEVEL_QUIET)
2341: fprintf(stderr, "Exit request sent.\r\n");
1.18 markus 2342: exit(0);
2343: case SSHMUX_COMMAND_FORWARD:
1.30 djm 2344: if (mux_client_forwards(sock, 0) != 0)
1.18 markus 2345: fatal("%s: master forward request failed", __func__);
1.10 djm 2346: exit(0);
2347: case SSHMUX_COMMAND_OPEN:
1.30 djm 2348: if (mux_client_forwards(sock, 0) != 0) {
1.10 djm 2349: error("%s: master forward request failed", __func__);
1.62 markus 2350: return -1;
1.10 djm 2351: }
2352: mux_client_request_session(sock);
1.62 markus 2353: return -1;
1.10 djm 2354: case SSHMUX_COMMAND_STDIO_FWD:
2355: mux_client_request_stdio_fwd(sock);
1.25 djm 2356: exit(0);
2357: case SSHMUX_COMMAND_STOP:
2358: mux_client_request_stop_listening(sock);
1.63 dtucker 2359: if (options.log_level != SYSLOG_LEVEL_QUIET)
2360: fprintf(stderr, "Stop listening request sent.\r\n");
1.30 djm 2361: exit(0);
2362: case SSHMUX_COMMAND_CANCEL_FWD:
2363: if (mux_client_forwards(sock, 1) != 0)
2364: error("%s: master cancel forward request failed",
2365: __func__);
1.10 djm 2366: exit(0);
1.62 markus 2367: case SSHMUX_COMMAND_PROXY:
2368: mux_client_proxy(sock);
2369: return (sock);
1.10 djm 2370: default:
2371: fatal("unrecognised muxclient_command %d", muxclient_command);
2372: }
1.1 djm 2373: }