Annotation of src/usr.bin/ssh/mux.c, Revision 1.88
1.88 ! djm 1: /* $OpenBSD: mux.c,v 1.87 2021/04/03 06:18:40 djm Exp $ */
1.1 djm 2: /*
3: * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: /* ssh session multiplexing support */
1.2 djm 19:
1.1 djm 20: #include <sys/types.h>
21: #include <sys/queue.h>
22: #include <sys/stat.h>
23: #include <sys/socket.h>
24: #include <sys/un.h>
25:
26: #include <errno.h>
27: #include <fcntl.h>
1.10 djm 28: #include <poll.h>
1.1 djm 29: #include <signal.h>
30: #include <stdarg.h>
31: #include <stddef.h>
32: #include <stdlib.h>
33: #include <stdio.h>
34: #include <string.h>
35: #include <unistd.h>
36: #include <util.h>
37: #include <paths.h>
38:
1.10 djm 39: #include "atomicio.h"
1.1 djm 40: #include "xmalloc.h"
41: #include "log.h"
42: #include "ssh.h"
1.18 markus 43: #include "ssh2.h"
1.1 djm 44: #include "pathnames.h"
45: #include "misc.h"
46: #include "match.h"
1.73 markus 47: #include "sshbuf.h"
1.1 djm 48: #include "channels.h"
49: #include "msg.h"
50: #include "packet.h"
51: #include "monitor_fdpass.h"
52: #include "sshpty.h"
1.74 markus 53: #include "sshkey.h"
1.1 djm 54: #include "readconf.h"
55: #include "clientloop.h"
1.62 markus 56: #include "ssherr.h"
1.78 djm 57:
1.1 djm 58: /* from ssh.c */
59: extern int tty_flag;
60: extern Options options;
61: extern int stdin_null_flag;
62: extern char *host;
1.8 dtucker 63: extern int subsystem_flag;
1.72 markus 64: extern struct sshbuf *command;
1.10 djm 65: extern volatile sig_atomic_t quit_pending;
1.1 djm 66:
1.2 djm 67: /* Context for session open confirmation callback */
68: struct mux_session_confirm_ctx {
1.10 djm 69: u_int want_tty;
70: u_int want_subsys;
71: u_int want_x_fwd;
72: u_int want_agent_fwd;
1.73 markus 73: struct sshbuf *cmd;
1.2 djm 74: char *term;
75: struct termios tio;
76: char **env;
1.17 djm 77: u_int rid;
1.2 djm 78: };
79:
1.48 djm 80: /* Context for stdio fwd open confirmation callback */
81: struct mux_stdio_confirm_ctx {
82: u_int rid;
83: };
84:
1.18 markus 85: /* Context for global channel callback */
86: struct mux_channel_confirm_ctx {
87: u_int cid; /* channel id */
88: u_int rid; /* request id */
89: int fid; /* forward id */
90: };
91:
1.1 djm 92: /* fd to control socket */
93: int muxserver_sock = -1;
94:
1.10 djm 95: /* client request id */
96: u_int muxclient_request_id = 0;
97:
1.1 djm 98: /* Multiplexing control command */
99: u_int muxclient_command = 0;
100:
101: /* Set when signalled. */
102: static volatile sig_atomic_t muxclient_terminate = 0;
103:
104: /* PID of multiplex server */
105: static u_int muxserver_pid = 0;
106:
1.10 djm 107: static Channel *mux_listener_channel = NULL;
108:
109: struct mux_master_state {
110: int hello_rcvd;
111: };
1.1 djm 112:
1.10 djm 113: /* mux protocol messages */
114: #define MUX_MSG_HELLO 0x00000001
115: #define MUX_C_NEW_SESSION 0x10000002
116: #define MUX_C_ALIVE_CHECK 0x10000004
117: #define MUX_C_TERMINATE 0x10000005
118: #define MUX_C_OPEN_FWD 0x10000006
119: #define MUX_C_CLOSE_FWD 0x10000007
120: #define MUX_C_NEW_STDIO_FWD 0x10000008
1.25 djm 121: #define MUX_C_STOP_LISTENING 0x10000009
1.62 markus 122: #define MUX_C_PROXY 0x1000000f
1.10 djm 123: #define MUX_S_OK 0x80000001
124: #define MUX_S_PERMISSION_DENIED 0x80000002
125: #define MUX_S_FAILURE 0x80000003
126: #define MUX_S_EXIT_MESSAGE 0x80000004
127: #define MUX_S_ALIVE 0x80000005
128: #define MUX_S_SESSION_OPENED 0x80000006
1.18 markus 129: #define MUX_S_REMOTE_PORT 0x80000007
1.28 djm 130: #define MUX_S_TTY_ALLOC_FAIL 0x80000008
1.62 markus 131: #define MUX_S_PROXY 0x8000000f
1.10 djm 132:
133: /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
134: #define MUX_FWD_LOCAL 1
135: #define MUX_FWD_REMOTE 2
136: #define MUX_FWD_DYNAMIC 3
137:
1.66 djm 138: static void mux_session_confirm(struct ssh *, int, int, void *);
139: static void mux_stdio_confirm(struct ssh *, int, int, void *);
1.10 djm 140:
1.76 djm 141: static int mux_master_process_hello(struct ssh *, u_int,
1.66 djm 142: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 143: static int mux_master_process_new_session(struct ssh *, u_int,
1.66 djm 144: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 145: static int mux_master_process_alive_check(struct ssh *, u_int,
1.66 djm 146: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 147: static int mux_master_process_terminate(struct ssh *, u_int,
1.66 djm 148: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 149: static int mux_master_process_open_fwd(struct ssh *, u_int,
1.66 djm 150: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 151: static int mux_master_process_close_fwd(struct ssh *, u_int,
1.66 djm 152: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 153: static int mux_master_process_stdio_fwd(struct ssh *, u_int,
1.66 djm 154: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 155: static int mux_master_process_stop_listening(struct ssh *, u_int,
1.66 djm 156: Channel *, struct sshbuf *, struct sshbuf *);
1.76 djm 157: static int mux_master_process_proxy(struct ssh *, u_int,
1.66 djm 158: Channel *, struct sshbuf *, struct sshbuf *);
1.10 djm 159:
160: static const struct {
161: u_int type;
1.66 djm 162: int (*handler)(struct ssh *, u_int, Channel *,
163: struct sshbuf *, struct sshbuf *);
1.10 djm 164: } mux_master_handlers[] = {
1.76 djm 165: { MUX_MSG_HELLO, mux_master_process_hello },
166: { MUX_C_NEW_SESSION, mux_master_process_new_session },
167: { MUX_C_ALIVE_CHECK, mux_master_process_alive_check },
168: { MUX_C_TERMINATE, mux_master_process_terminate },
169: { MUX_C_OPEN_FWD, mux_master_process_open_fwd },
170: { MUX_C_CLOSE_FWD, mux_master_process_close_fwd },
171: { MUX_C_NEW_STDIO_FWD, mux_master_process_stdio_fwd },
172: { MUX_C_STOP_LISTENING, mux_master_process_stop_listening },
173: { MUX_C_PROXY, mux_master_process_proxy },
1.10 djm 174: { 0, NULL }
175: };
1.1 djm 176:
1.83 djm 177: /* Cleanup callback fired on closure of mux client _session_ channel */
1.10 djm 178: /* ARGSUSED */
1.42 dtucker 179: static void
1.66 djm 180: mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused)
1.1 djm 181: {
1.66 djm 182: Channel *cc, *c = channel_by_id(ssh, cid);
1.1 djm 183:
1.85 djm 184: debug3_f("entering for channel %d", cid);
1.10 djm 185: if (c == NULL)
1.85 djm 186: fatal_f("channel_by_id(%i) == NULL", cid);
1.10 djm 187: if (c->ctl_chan != -1) {
1.66 djm 188: if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.85 djm 189: fatal_f("channel %d missing control channel %d",
190: c->self, c->ctl_chan);
1.10 djm 191: c->ctl_chan = -1;
1.67 djm 192: cc->remote_id = 0;
193: cc->have_remote_id = 0;
1.66 djm 194: chan_rcvd_oclose(ssh, cc);
1.1 djm 195: }
1.66 djm 196: channel_cancel_cleanup(ssh, c->self);
1.1 djm 197: }
198:
1.83 djm 199: /* Cleanup callback fired on closure of mux client _control_ channel */
1.10 djm 200: /* ARGSUSED */
1.1 djm 201: static void
1.66 djm 202: mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused)
1.1 djm 203: {
1.66 djm 204: Channel *sc, *c = channel_by_id(ssh, cid);
1.1 djm 205:
1.85 djm 206: debug3_f("entering for channel %d", cid);
1.10 djm 207: if (c == NULL)
1.85 djm 208: fatal_f("channel_by_id(%i) == NULL", cid);
1.67 djm 209: if (c->have_remote_id) {
1.66 djm 210: if ((sc = channel_by_id(ssh, c->remote_id)) == NULL)
1.85 djm 211: fatal_f("channel %d missing session channel %u",
212: c->self, c->remote_id);
1.67 djm 213: c->remote_id = 0;
214: c->have_remote_id = 0;
1.10 djm 215: sc->ctl_chan = -1;
1.39 djm 216: if (sc->type != SSH_CHANNEL_OPEN &&
217: sc->type != SSH_CHANNEL_OPENING) {
1.85 djm 218: debug2_f("channel %d: not open", sc->self);
1.66 djm 219: chan_mark_dead(ssh, sc);
1.12 djm 220: } else {
1.14 djm 221: if (sc->istate == CHAN_INPUT_OPEN)
1.66 djm 222: chan_read_failed(ssh, sc);
1.14 djm 223: if (sc->ostate == CHAN_OUTPUT_OPEN)
1.66 djm 224: chan_write_failed(ssh, sc);
1.12 djm 225: }
1.1 djm 226: }
1.66 djm 227: channel_cancel_cleanup(ssh, c->self);
1.1 djm 228: }
229:
1.10 djm 230: /* Check mux client environment variables before passing them to mux master. */
231: static int
232: env_permitted(char *env)
1.1 djm 233: {
1.10 djm 234: int i, ret;
235: char name[1024], *cp;
1.1 djm 236:
1.10 djm 237: if ((cp = strchr(env, '=')) == NULL || cp == env)
1.1 djm 238: return 0;
1.10 djm 239: ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
240: if (ret <= 0 || (size_t)ret >= sizeof(name)) {
1.85 djm 241: error_f("name '%.100s...' too long", env);
1.1 djm 242: return 0;
243: }
244:
1.10 djm 245: for (i = 0; i < options.num_send_env; i++)
246: if (match_pattern(name, options.send_env[i]))
247: return 1;
1.1 djm 248:
1.10 djm 249: return 0;
250: }
1.1 djm 251:
1.10 djm 252: /* Mux master protocol message handlers */
1.1 djm 253:
1.10 djm 254: static int
1.76 djm 255: mux_master_process_hello(struct ssh *ssh, u_int rid,
1.73 markus 256: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 257: {
258: u_int ver;
259: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1.73 markus 260: int r;
1.1 djm 261:
1.10 djm 262: if (state == NULL)
1.85 djm 263: fatal_f("channel %d: c->mux_ctx == NULL", c->self);
1.10 djm 264: if (state->hello_rcvd) {
1.85 djm 265: error_f("HELLO received twice");
1.10 djm 266: return -1;
267: }
1.73 markus 268: if ((r = sshbuf_get_u32(m, &ver)) != 0) {
1.85 djm 269: error_fr(r, "parse");
1.10 djm 270: return -1;
271: }
272: if (ver != SSHMUX_VER) {
1.85 djm 273: error_f("unsupported multiplexing protocol version %u "
274: "(expected %u)", ver, SSHMUX_VER);
1.10 djm 275: return -1;
276: }
1.85 djm 277: debug2_f("channel %d client version %u", c->self, ver);
1.10 djm 278:
279: /* No extensions are presently defined */
1.73 markus 280: while (sshbuf_len(m) > 0) {
281: char *name = NULL;
1.76 djm 282: size_t value_len = 0;
1.73 markus 283:
284: if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 ||
1.76 djm 285: (r = sshbuf_get_string_direct(m, NULL, &value_len)) != 0) {
1.85 djm 286: error_fr(r, "parse extension");
1.73 markus 287: return -1;
1.1 djm 288: }
1.85 djm 289: debug2_f("Unrecognised extension \"%s\" length %zu",
290: name, value_len);
1.41 djm 291: free(name);
1.1 djm 292: }
1.10 djm 293: state->hello_rcvd = 1;
294: return 0;
295: }
296:
1.73 markus 297: /* Enqueue a "ok" response to the reply buffer */
298: static void
299: reply_ok(struct sshbuf *reply, u_int rid)
300: {
301: int r;
302:
303: if ((r = sshbuf_put_u32(reply, MUX_S_OK)) != 0 ||
304: (r = sshbuf_put_u32(reply, rid)) != 0)
1.85 djm 305: fatal_fr(r, "reply");
1.73 markus 306: }
307:
308: /* Enqueue an error response to the reply buffer */
309: static void
310: reply_error(struct sshbuf *reply, u_int type, u_int rid, const char *msg)
311: {
312: int r;
313:
314: if ((r = sshbuf_put_u32(reply, type)) != 0 ||
315: (r = sshbuf_put_u32(reply, rid)) != 0 ||
316: (r = sshbuf_put_cstring(reply, msg)) != 0)
1.85 djm 317: fatal_fr(r, "reply");
1.73 markus 318: }
319:
1.10 djm 320: static int
1.76 djm 321: mux_master_process_new_session(struct ssh *ssh, u_int rid,
1.73 markus 322: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 323: {
324: Channel *nc;
325: struct mux_session_confirm_ctx *cctx;
1.73 markus 326: char *cmd, *cp;
327: u_int i, j, env_len, escape_char, window, packetmax;
328: int r, new_fd[3];
1.1 djm 329:
330: /* Reply for SSHMUX_COMMAND_OPEN */
1.10 djm 331: cctx = xcalloc(1, sizeof(*cctx));
332: cctx->term = NULL;
1.17 djm 333: cctx->rid = rid;
1.73 markus 334: cmd = NULL;
1.36 djm 335: cctx->env = NULL;
336: env_len = 0;
1.73 markus 337: if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
338: (r = sshbuf_get_u32(m, &cctx->want_tty)) != 0 ||
339: (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 ||
340: (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 ||
341: (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 ||
342: (r = sshbuf_get_u32(m, &escape_char)) != 0 ||
343: (r = sshbuf_get_cstring(m, &cctx->term, NULL)) != 0 ||
344: (r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) {
1.10 djm 345: malf:
1.41 djm 346: free(cmd);
1.36 djm 347: for (j = 0; j < env_len; j++)
1.41 djm 348: free(cctx->env[j]);
349: free(cctx->env);
350: free(cctx->term);
351: free(cctx);
1.85 djm 352: error_f("malformed message");
1.10 djm 353: return -1;
1.1 djm 354: }
355:
1.10 djm 356: #define MUX_MAX_ENV_VARS 4096
1.73 markus 357: while (sshbuf_len(m) > 0) {
358: if ((r = sshbuf_get_cstring(m, &cp, NULL)) != 0)
1.10 djm 359: goto malf;
360: if (!env_permitted(cp)) {
1.41 djm 361: free(cp);
1.10 djm 362: continue;
363: }
1.51 deraadt 364: cctx->env = xreallocarray(cctx->env, env_len + 2,
1.10 djm 365: sizeof(*cctx->env));
366: cctx->env[env_len++] = cp;
367: cctx->env[env_len] = NULL;
368: if (env_len > MUX_MAX_ENV_VARS) {
1.85 djm 369: error_f(">%d environment variables received, "
370: "ignoring additional", MUX_MAX_ENV_VARS);
1.10 djm 371: break;
372: }
1.1 djm 373: }
374:
1.85 djm 375: debug2_f("channel %d: request tty %d, X %d, agent %d, subsys %d, "
376: "term \"%s\", cmd \"%s\", env %u", c->self,
1.10 djm 377: cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
378: cctx->want_subsys, cctx->term, cmd, env_len);
1.1 djm 379:
1.73 markus 380: if ((cctx->cmd = sshbuf_new()) == NULL)
1.85 djm 381: fatal_f("sshbuf_new");
1.73 markus 382: if ((r = sshbuf_put(cctx->cmd, cmd, strlen(cmd))) != 0)
1.85 djm 383: fatal_fr(r, "sshbuf_put");
1.41 djm 384: free(cmd);
1.11 djm 385: cmd = NULL;
1.1 djm 386:
387: /* Gather fds from client */
388: for(i = 0; i < 3; i++) {
1.10 djm 389: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
1.85 djm 390: error_f("failed to receive fd %d from client", i);
1.1 djm 391: for (j = 0; j < i; j++)
392: close(new_fd[j]);
393: for (j = 0; j < env_len; j++)
1.41 djm 394: free(cctx->env[j]);
395: free(cctx->env);
396: free(cctx->term);
1.73 markus 397: sshbuf_free(cctx->cmd);
1.41 djm 398: free(cctx);
1.73 markus 399: reply_error(reply, MUX_S_FAILURE, rid,
1.10 djm 400: "did not receive file descriptors");
401: return -1;
1.1 djm 402: }
403: }
404:
1.85 djm 405: debug3_f("got fds stdin %d, stdout %d, stderr %d",
1.1 djm 406: new_fd[0], new_fd[1], new_fd[2]);
407:
1.10 djm 408: /* XXX support multiple child sessions in future */
1.67 djm 409: if (c->have_remote_id) {
1.85 djm 410: debug2_f("session already open");
1.73 markus 411: reply_error(reply, MUX_S_FAILURE, rid,
412: "Multiple sessions not supported");
1.10 djm 413: cleanup:
1.1 djm 414: close(new_fd[0]);
415: close(new_fd[1]);
416: close(new_fd[2]);
1.41 djm 417: free(cctx->term);
1.1 djm 418: if (env_len != 0) {
419: for (i = 0; i < env_len; i++)
1.41 djm 420: free(cctx->env[i]);
421: free(cctx->env);
1.1 djm 422: }
1.73 markus 423: sshbuf_free(cctx->cmd);
1.41 djm 424: free(cctx);
1.1 djm 425: return 0;
426: }
1.10 djm 427:
428: if (options.control_master == SSHCTL_MASTER_ASK ||
429: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
430: if (!ask_permission("Allow shared connection to %s? ", host)) {
1.85 djm 431: debug2_f("session refused by user");
1.73 markus 432: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
433: "Permission denied");
1.10 djm 434: goto cleanup;
435: }
436: }
437:
438: /* Try to pick up ttymodes from client before it goes raw */
439: if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
1.85 djm 440: error_f("tcgetattr: %s", strerror(errno));
1.1 djm 441:
442: window = CHAN_SES_WINDOW_DEFAULT;
443: packetmax = CHAN_SES_PACKET_DEFAULT;
444: if (cctx->want_tty) {
445: window >>= 1;
446: packetmax >>= 1;
447: }
1.10 djm 448:
1.66 djm 449: nc = channel_new(ssh, "session", SSH_CHANNEL_OPENING,
1.1 djm 450: new_fd[0], new_fd[1], new_fd[2], window, packetmax,
1.88 ! djm 451: CHAN_EXTENDED_WRITE, "client-session", CHANNEL_NONBLOCK_STDIO);
1.1 djm 452:
1.10 djm 453: nc->ctl_chan = c->self; /* link session -> control channel */
1.86 djm 454: c->remote_id = nc->self; /* link control -> session channel */
1.67 djm 455: c->have_remote_id = 1;
1.10 djm 456:
1.2 djm 457: if (cctx->want_tty && escape_char != 0xffffffff) {
1.66 djm 458: channel_register_filter(ssh, nc->self,
1.2 djm 459: client_simple_escape_filter, NULL,
1.4 djm 460: client_filter_cleanup,
1.2 djm 461: client_new_escape_filter_ctx((int)escape_char));
462: }
1.1 djm 463:
1.85 djm 464: debug2_f("channel_new: %d linked to control channel %d",
465: nc->self, nc->ctl_chan);
1.10 djm 466:
1.66 djm 467: channel_send_open(ssh, nc->self);
468: channel_register_open_confirm(ssh, nc->self, mux_session_confirm, cctx);
1.17 djm 469: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1.66 djm 470: channel_register_cleanup(ssh, nc->self,
471: mux_master_session_cleanup_cb, 1);
1.10 djm 472:
1.17 djm 473: /* reply is deferred, sent by mux_session_confirm */
1.1 djm 474: return 0;
475: }
476:
1.10 djm 477: static int
1.76 djm 478: mux_master_process_alive_check(struct ssh *ssh, u_int rid,
1.73 markus 479: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.1 djm 480: {
1.73 markus 481: int r;
482:
1.85 djm 483: debug2_f("channel %d: alive check", c->self);
1.1 djm 484:
1.10 djm 485: /* prepare reply */
1.73 markus 486: if ((r = sshbuf_put_u32(reply, MUX_S_ALIVE)) != 0 ||
487: (r = sshbuf_put_u32(reply, rid)) != 0 ||
488: (r = sshbuf_put_u32(reply, (u_int)getpid())) != 0)
1.85 djm 489: fatal_fr(r, "reply");
1.1 djm 490:
1.10 djm 491: return 0;
1.1 djm 492: }
493:
494: static int
1.76 djm 495: mux_master_process_terminate(struct ssh *ssh, u_int rid,
1.73 markus 496: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.1 djm 497: {
1.85 djm 498: debug2_f("channel %d: terminate request", c->self);
1.1 djm 499:
1.10 djm 500: if (options.control_master == SSHCTL_MASTER_ASK ||
501: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
502: if (!ask_permission("Terminate shared connection to %s? ",
503: host)) {
1.85 djm 504: debug2_f("termination refused by user");
1.73 markus 505: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
506: "Permission denied");
1.10 djm 507: return 0;
508: }
509: }
1.1 djm 510:
1.10 djm 511: quit_pending = 1;
1.73 markus 512: reply_ok(reply, rid);
1.10 djm 513: /* XXX exit happens too soon - message never makes it to client */
514: return 0;
1.1 djm 515: }
516:
1.10 djm 517: static char *
1.46 millert 518: format_forward(u_int ftype, struct Forward *fwd)
1.1 djm 519: {
1.10 djm 520: char *ret;
1.1 djm 521:
1.10 djm 522: switch (ftype) {
523: case MUX_FWD_LOCAL:
524: xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
1.46 millert 525: (fwd->listen_path != NULL) ? fwd->listen_path :
1.10 djm 526: (fwd->listen_host == NULL) ?
1.46 millert 527: (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
1.10 djm 528: fwd->listen_host, fwd->listen_port,
1.46 millert 529: (fwd->connect_path != NULL) ? fwd->connect_path :
1.10 djm 530: fwd->connect_host, fwd->connect_port);
531: break;
532: case MUX_FWD_DYNAMIC:
533: xasprintf(&ret, "dynamic forward %.200s:%d -> *",
534: (fwd->listen_host == NULL) ?
1.46 millert 535: (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
1.87 djm 536: fwd->listen_host, fwd->listen_port);
1.10 djm 537: break;
538: case MUX_FWD_REMOTE:
539: xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
1.46 millert 540: (fwd->listen_path != NULL) ? fwd->listen_path :
1.10 djm 541: (fwd->listen_host == NULL) ?
542: "LOCALHOST" : fwd->listen_host,
543: fwd->listen_port,
1.46 millert 544: (fwd->connect_path != NULL) ? fwd->connect_path :
1.10 djm 545: fwd->connect_host, fwd->connect_port);
1.1 djm 546: break;
547: default:
1.85 djm 548: fatal_f("unknown forward type %u", ftype);
1.1 djm 549: }
1.10 djm 550: return ret;
551: }
1.1 djm 552:
1.10 djm 553: static int
554: compare_host(const char *a, const char *b)
555: {
556: if (a == NULL && b == NULL)
557: return 1;
558: if (a == NULL || b == NULL)
559: return 0;
560: return strcmp(a, b) == 0;
561: }
1.1 djm 562:
1.10 djm 563: static int
1.46 millert 564: compare_forward(struct Forward *a, struct Forward *b)
1.10 djm 565: {
566: if (!compare_host(a->listen_host, b->listen_host))
567: return 0;
1.46 millert 568: if (!compare_host(a->listen_path, b->listen_path))
569: return 0;
1.10 djm 570: if (a->listen_port != b->listen_port)
571: return 0;
572: if (!compare_host(a->connect_host, b->connect_host))
573: return 0;
1.46 millert 574: if (!compare_host(a->connect_path, b->connect_path))
575: return 0;
1.10 djm 576: if (a->connect_port != b->connect_port)
577: return 0;
1.1 djm 578:
1.10 djm 579: return 1;
580: }
1.1 djm 581:
1.18 markus 582: static void
1.66 djm 583: mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
1.18 markus 584: {
585: struct mux_channel_confirm_ctx *fctx = ctxt;
586: char *failmsg = NULL;
1.46 millert 587: struct Forward *rfwd;
1.18 markus 588: Channel *c;
1.73 markus 589: struct sshbuf *out;
1.79 djm 590: u_int port;
1.73 markus 591: int r;
1.18 markus 592:
1.66 djm 593: if ((c = channel_by_id(ssh, fctx->cid)) == NULL) {
1.18 markus 594: /* no channel for reply */
1.85 djm 595: error_f("unknown channel");
1.18 markus 596: return;
597: }
1.73 markus 598: if ((out = sshbuf_new()) == NULL)
1.85 djm 599: fatal_f("sshbuf_new");
1.53 djm 600: if (fctx->fid >= options.num_remote_forwards ||
601: (options.remote_forwards[fctx->fid].connect_path == NULL &&
602: options.remote_forwards[fctx->fid].connect_host == NULL)) {
1.18 markus 603: xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
604: goto fail;
605: }
606: rfwd = &options.remote_forwards[fctx->fid];
1.85 djm 607: debug_f("%s for: listen %d, connect %s:%d",
1.18 markus 608: type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
1.46 millert 609: rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path :
610: rfwd->connect_host, rfwd->connect_port);
1.18 markus 611: if (type == SSH2_MSG_REQUEST_SUCCESS) {
612: if (rfwd->listen_port == 0) {
1.79 djm 613: if ((r = sshpkt_get_u32(ssh, &port)) != 0)
1.85 djm 614: fatal_fr(r, "parse port");
1.79 djm 615: if (port > 65535) {
616: fatal("Invalid allocated port %u for "
617: "mux remote forward to %s:%d", port,
618: rfwd->connect_host, rfwd->connect_port);
619: }
620: rfwd->allocated_port = (int)port;
1.52 djm 621: debug("Allocated port %u for mux remote forward"
1.18 markus 622: " to %s:%d", rfwd->allocated_port,
623: rfwd->connect_host, rfwd->connect_port);
1.73 markus 624: if ((r = sshbuf_put_u32(out,
625: MUX_S_REMOTE_PORT)) != 0 ||
626: (r = sshbuf_put_u32(out, fctx->rid)) != 0 ||
627: (r = sshbuf_put_u32(out,
628: rfwd->allocated_port)) != 0)
1.85 djm 629: fatal_fr(r, "reply");
1.70 djm 630: channel_update_permission(ssh, rfwd->handle,
1.87 djm 631: rfwd->allocated_port);
1.18 markus 632: } else {
1.73 markus 633: reply_ok(out, fctx->rid);
1.18 markus 634: }
635: goto out;
636: } else {
1.31 markus 637: if (rfwd->listen_port == 0)
1.70 djm 638: channel_update_permission(ssh, rfwd->handle, -1);
1.46 millert 639: if (rfwd->listen_path != NULL)
640: xasprintf(&failmsg, "remote port forwarding failed for "
641: "listen path %s", rfwd->listen_path);
642: else
643: xasprintf(&failmsg, "remote port forwarding failed for "
644: "listen port %d", rfwd->listen_port);
1.53 djm 645:
1.87 djm 646: debug2_f("clearing registered forwarding for listen %d, "
1.85 djm 647: "connect %s:%d", rfwd->listen_port,
1.53 djm 648: rfwd->connect_path ? rfwd->connect_path :
649: rfwd->connect_host, rfwd->connect_port);
650:
651: free(rfwd->listen_host);
652: free(rfwd->listen_path);
653: free(rfwd->connect_host);
654: free(rfwd->connect_path);
655: memset(rfwd, 0, sizeof(*rfwd));
1.18 markus 656: }
657: fail:
1.85 djm 658: error_f("%s", failmsg);
1.73 markus 659: reply_error(out, MUX_S_FAILURE, fctx->rid, failmsg);
1.41 djm 660: free(failmsg);
1.18 markus 661: out:
1.73 markus 662: if ((r = sshbuf_put_stringb(c->output, out)) != 0)
1.85 djm 663: fatal_fr(r, "enqueue");
1.73 markus 664: sshbuf_free(out);
1.18 markus 665: if (c->mux_pause <= 0)
1.85 djm 666: fatal_f("mux_pause %d", c->mux_pause);
1.18 markus 667: c->mux_pause = 0; /* start processing messages again */
668: }
669:
1.10 djm 670: static int
1.76 djm 671: mux_master_process_open_fwd(struct ssh *ssh, u_int rid,
1.73 markus 672: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 673: {
1.46 millert 674: struct Forward fwd;
1.10 djm 675: char *fwd_desc = NULL;
1.46 millert 676: char *listen_addr, *connect_addr;
1.10 djm 677: u_int ftype;
1.44 djm 678: u_int lport, cport;
1.73 markus 679: int r, i, ret = 0, freefwd = 1;
1.10 djm 680:
1.54 djm 681: memset(&fwd, 0, sizeof(fwd));
682:
1.46 millert 683: /* XXX - lport/cport check redundant */
1.73 markus 684: if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
685: (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
686: (r = sshbuf_get_u32(m, &lport)) != 0 ||
687: (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
688: (r = sshbuf_get_u32(m, &cport)) != 0 ||
1.46 millert 689: (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
690: (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
1.85 djm 691: error_f("malformed message");
1.10 djm 692: ret = -1;
693: goto out;
694: }
1.46 millert 695: if (*listen_addr == '\0') {
696: free(listen_addr);
697: listen_addr = NULL;
698: }
699: if (*connect_addr == '\0') {
700: free(connect_addr);
701: connect_addr = NULL;
702: }
703:
704: memset(&fwd, 0, sizeof(fwd));
1.44 djm 705: fwd.listen_port = lport;
1.46 millert 706: if (fwd.listen_port == PORT_STREAMLOCAL)
707: fwd.listen_path = listen_addr;
708: else
709: fwd.listen_host = listen_addr;
1.44 djm 710: fwd.connect_port = cport;
1.46 millert 711: if (fwd.connect_port == PORT_STREAMLOCAL)
712: fwd.connect_path = connect_addr;
713: else
714: fwd.connect_host = connect_addr;
1.10 djm 715:
1.85 djm 716: debug2_f("channel %d: request %s", c->self,
1.10 djm 717: (fwd_desc = format_forward(ftype, &fwd)));
718:
719: if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
720: ftype != MUX_FWD_DYNAMIC) {
1.85 djm 721: logit_f("invalid forwarding type %u", ftype);
1.10 djm 722: invalid:
1.46 millert 723: free(listen_addr);
724: free(connect_addr);
1.73 markus 725: reply_error(reply, MUX_S_FAILURE, rid,
726: "Invalid forwarding request");
1.10 djm 727: return 0;
728: }
1.46 millert 729: if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) {
1.85 djm 730: logit_f("streamlocal and dynamic forwards "
731: "are mutually exclusive");
1.46 millert 732: goto invalid;
733: }
734: if (fwd.listen_port != PORT_STREAMLOCAL && fwd.listen_port >= 65536) {
1.85 djm 735: logit_f("invalid listen port %u", fwd.listen_port);
1.10 djm 736: goto invalid;
737: }
1.66 djm 738: if ((fwd.connect_port != PORT_STREAMLOCAL &&
739: fwd.connect_port >= 65536) ||
740: (ftype != MUX_FWD_DYNAMIC && ftype != MUX_FWD_REMOTE &&
741: fwd.connect_port == 0)) {
1.85 djm 742: logit_f("invalid connect port %u",
1.10 djm 743: fwd.connect_port);
744: goto invalid;
745: }
1.66 djm 746: if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL &&
747: fwd.connect_path == NULL) {
1.85 djm 748: logit_f("missing connect host");
1.10 djm 749: goto invalid;
750: }
751:
752: /* Skip forwards that have already been requested */
753: switch (ftype) {
754: case MUX_FWD_LOCAL:
755: case MUX_FWD_DYNAMIC:
756: for (i = 0; i < options.num_local_forwards; i++) {
757: if (compare_forward(&fwd,
758: options.local_forwards + i)) {
759: exists:
1.85 djm 760: debug2_f("found existing forwarding");
1.73 markus 761: reply_ok(reply, rid);
1.10 djm 762: goto out;
763: }
764: }
765: break;
766: case MUX_FWD_REMOTE:
767: for (i = 0; i < options.num_remote_forwards; i++) {
1.73 markus 768: if (!compare_forward(&fwd, options.remote_forwards + i))
769: continue;
770: if (fwd.listen_port != 0)
771: goto exists;
1.85 djm 772: debug2_f("found allocated port");
1.73 markus 773: if ((r = sshbuf_put_u32(reply,
774: MUX_S_REMOTE_PORT)) != 0 ||
775: (r = sshbuf_put_u32(reply, rid)) != 0 ||
776: (r = sshbuf_put_u32(reply,
777: options.remote_forwards[i].allocated_port)) != 0)
1.85 djm 778: fatal_fr(r, "reply FWD_REMOTE");
1.73 markus 779: goto out;
1.10 djm 780: }
781: break;
782: }
783:
784: if (options.control_master == SSHCTL_MASTER_ASK ||
785: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
786: if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
1.85 djm 787: debug2_f("forwarding refused by user");
1.73 markus 788: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
789: "Permission denied");
1.10 djm 790: goto out;
791: }
792: }
793:
794: if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
1.66 djm 795: if (!channel_setup_local_fwd_listener(ssh, &fwd,
1.46 millert 796: &options.fwd_opts)) {
1.10 djm 797: fail:
1.85 djm 798: logit_f("requested %s failed", fwd_desc);
1.73 markus 799: reply_error(reply, MUX_S_FAILURE, rid,
800: "Port forwarding failed");
1.10 djm 801: goto out;
802: }
803: add_local_forward(&options, &fwd);
804: freefwd = 0;
805: } else {
1.18 markus 806: struct mux_channel_confirm_ctx *fctx;
807:
1.66 djm 808: fwd.handle = channel_request_remote_forwarding(ssh, &fwd);
1.31 markus 809: if (fwd.handle < 0)
1.10 djm 810: goto fail;
811: add_remote_forward(&options, &fwd);
1.18 markus 812: fctx = xcalloc(1, sizeof(*fctx));
813: fctx->cid = c->self;
814: fctx->rid = rid;
1.20 djm 815: fctx->fid = options.num_remote_forwards - 1;
1.18 markus 816: client_register_global_confirm(mux_confirm_remote_forward,
817: fctx);
1.10 djm 818: freefwd = 0;
1.18 markus 819: c->mux_pause = 1; /* wait for mux_confirm_remote_forward */
820: /* delayed reply in mux_confirm_remote_forward */
821: goto out;
1.10 djm 822: }
1.73 markus 823: reply_ok(reply, rid);
1.10 djm 824: out:
1.41 djm 825: free(fwd_desc);
1.10 djm 826: if (freefwd) {
1.41 djm 827: free(fwd.listen_host);
1.46 millert 828: free(fwd.listen_path);
1.41 djm 829: free(fwd.connect_host);
1.46 millert 830: free(fwd.connect_path);
1.10 djm 831: }
832: return ret;
833: }
834:
835: static int
1.76 djm 836: mux_master_process_close_fwd(struct ssh *ssh, u_int rid,
1.73 markus 837: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 838: {
1.46 millert 839: struct Forward fwd, *found_fwd;
1.10 djm 840: char *fwd_desc = NULL;
1.30 djm 841: const char *error_reason = NULL;
1.46 millert 842: char *listen_addr = NULL, *connect_addr = NULL;
1.10 djm 843: u_int ftype;
1.73 markus 844: int r, i, ret = 0;
1.44 djm 845: u_int lport, cport;
1.54 djm 846:
847: memset(&fwd, 0, sizeof(fwd));
1.10 djm 848:
1.73 markus 849: if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
850: (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
851: (r = sshbuf_get_u32(m, &lport)) != 0 ||
852: (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
853: (r = sshbuf_get_u32(m, &cport)) != 0 ||
1.46 millert 854: (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
855: (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
1.85 djm 856: error_f("malformed message");
1.10 djm 857: ret = -1;
858: goto out;
859: }
860:
1.46 millert 861: if (*listen_addr == '\0') {
862: free(listen_addr);
863: listen_addr = NULL;
1.10 djm 864: }
1.46 millert 865: if (*connect_addr == '\0') {
866: free(connect_addr);
867: connect_addr = NULL;
1.10 djm 868: }
869:
1.46 millert 870: memset(&fwd, 0, sizeof(fwd));
871: fwd.listen_port = lport;
872: if (fwd.listen_port == PORT_STREAMLOCAL)
873: fwd.listen_path = listen_addr;
874: else
875: fwd.listen_host = listen_addr;
876: fwd.connect_port = cport;
877: if (fwd.connect_port == PORT_STREAMLOCAL)
878: fwd.connect_path = connect_addr;
879: else
880: fwd.connect_host = connect_addr;
881:
1.85 djm 882: debug2_f("channel %d: request cancel %s", c->self,
1.10 djm 883: (fwd_desc = format_forward(ftype, &fwd)));
884:
1.30 djm 885: /* make sure this has been requested */
886: found_fwd = NULL;
887: switch (ftype) {
888: case MUX_FWD_LOCAL:
889: case MUX_FWD_DYNAMIC:
890: for (i = 0; i < options.num_local_forwards; i++) {
891: if (compare_forward(&fwd,
892: options.local_forwards + i)) {
893: found_fwd = options.local_forwards + i;
894: break;
895: }
896: }
897: break;
898: case MUX_FWD_REMOTE:
899: for (i = 0; i < options.num_remote_forwards; i++) {
900: if (compare_forward(&fwd,
901: options.remote_forwards + i)) {
902: found_fwd = options.remote_forwards + i;
903: break;
904: }
905: }
906: break;
907: }
908:
909: if (found_fwd == NULL)
910: error_reason = "port not forwarded";
911: else if (ftype == MUX_FWD_REMOTE) {
912: /*
913: * This shouldn't fail unless we confused the host/port
914: * between options.remote_forwards and permitted_opens.
1.31 markus 915: * However, for dynamic allocated listen ports we need
1.46 millert 916: * to use the actual listen port.
1.30 djm 917: */
1.66 djm 918: if (channel_request_rforward_cancel(ssh, found_fwd) == -1)
1.30 djm 919: error_reason = "port not in permitted opens";
920: } else { /* local and dynamic forwards */
921: /* Ditto */
1.66 djm 922: if (channel_cancel_lport_listener(ssh, &fwd, fwd.connect_port,
1.46 millert 923: &options.fwd_opts) == -1)
1.30 djm 924: error_reason = "port not found";
925: }
926:
1.73 markus 927: if (error_reason != NULL)
928: reply_error(reply, MUX_S_FAILURE, rid, error_reason);
929: else {
930: reply_ok(reply, rid);
1.41 djm 931: free(found_fwd->listen_host);
1.46 millert 932: free(found_fwd->listen_path);
1.41 djm 933: free(found_fwd->connect_host);
1.46 millert 934: free(found_fwd->connect_path);
1.30 djm 935: found_fwd->listen_host = found_fwd->connect_host = NULL;
1.46 millert 936: found_fwd->listen_path = found_fwd->connect_path = NULL;
1.30 djm 937: found_fwd->listen_port = found_fwd->connect_port = 0;
938: }
1.10 djm 939: out:
1.41 djm 940: free(fwd_desc);
1.46 millert 941: free(listen_addr);
942: free(connect_addr);
1.10 djm 943:
944: return ret;
945: }
946:
947: static int
1.76 djm 948: mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid,
1.73 markus 949: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.10 djm 950: {
951: Channel *nc;
1.73 markus 952: char *chost = NULL;
1.10 djm 953: u_int cport, i, j;
1.73 markus 954: int r, new_fd[2];
1.48 djm 955: struct mux_stdio_confirm_ctx *cctx;
1.10 djm 956:
1.73 markus 957: if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
958: (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
959: (r = sshbuf_get_u32(m, &cport)) != 0) {
1.41 djm 960: free(chost);
1.85 djm 961: error_f("malformed message");
1.10 djm 962: return -1;
963: }
964:
1.85 djm 965: debug2_f("channel %d: stdio fwd to %s:%u", c->self, chost, cport);
1.10 djm 966:
967: /* Gather fds from client */
968: for(i = 0; i < 2; i++) {
969: if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
1.85 djm 970: error_f("failed to receive fd %d from client", i);
1.10 djm 971: for (j = 0; j < i; j++)
972: close(new_fd[j]);
1.41 djm 973: free(chost);
1.10 djm 974:
975: /* prepare reply */
1.73 markus 976: reply_error(reply, MUX_S_FAILURE, rid,
1.10 djm 977: "did not receive file descriptors");
978: return -1;
979: }
980: }
981:
1.85 djm 982: debug3_f("got fds stdin %d, stdout %d", new_fd[0], new_fd[1]);
1.10 djm 983:
984: /* XXX support multiple child sessions in future */
1.67 djm 985: if (c->have_remote_id) {
1.85 djm 986: debug2_f("session already open");
1.73 markus 987: reply_error(reply, MUX_S_FAILURE, rid,
988: "Multiple sessions not supported");
1.10 djm 989: cleanup:
990: close(new_fd[0]);
991: close(new_fd[1]);
1.41 djm 992: free(chost);
1.10 djm 993: return 0;
994: }
995:
996: if (options.control_master == SSHCTL_MASTER_ASK ||
997: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
1.23 dtucker 998: if (!ask_permission("Allow forward to %s:%u? ",
1.10 djm 999: chost, cport)) {
1.85 djm 1000: debug2_f("stdio fwd refused by user");
1.73 markus 1001: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
1002: "Permission denied");
1.10 djm 1003: goto cleanup;
1004: }
1005: }
1006:
1.88 ! djm 1007: nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1],
! 1008: CHANNEL_NONBLOCK_STDIO);
1.75 djm 1009: free(chost);
1.10 djm 1010:
1011: nc->ctl_chan = c->self; /* link session -> control channel */
1.86 djm 1012: c->remote_id = nc->self; /* link control -> session channel */
1.67 djm 1013: c->have_remote_id = 1;
1.10 djm 1014:
1.85 djm 1015: debug2_f("channel_new: %d control %d", nc->self, nc->ctl_chan);
1.10 djm 1016:
1.66 djm 1017: channel_register_cleanup(ssh, nc->self,
1018: mux_master_session_cleanup_cb, 1);
1.10 djm 1019:
1.48 djm 1020: cctx = xcalloc(1, sizeof(*cctx));
1021: cctx->rid = rid;
1.66 djm 1022: channel_register_open_confirm(ssh, nc->self, mux_stdio_confirm, cctx);
1.48 djm 1023: c->mux_pause = 1; /* stop handling messages until open_confirm done */
1024:
1025: /* reply is deferred, sent by mux_session_confirm */
1026: return 0;
1027: }
1028:
1029: /* Callback on open confirmation in mux master for a mux stdio fwd session. */
1030: static void
1.66 djm 1031: mux_stdio_confirm(struct ssh *ssh, int id, int success, void *arg)
1.48 djm 1032: {
1033: struct mux_stdio_confirm_ctx *cctx = arg;
1034: Channel *c, *cc;
1.73 markus 1035: struct sshbuf *reply;
1036: int r;
1.48 djm 1037:
1038: if (cctx == NULL)
1.85 djm 1039: fatal_f("cctx == NULL");
1.66 djm 1040: if ((c = channel_by_id(ssh, id)) == NULL)
1.85 djm 1041: fatal_f("no channel for id %d", id);
1.66 djm 1042: if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.85 djm 1043: fatal_f("channel %d lacks control channel %d",
1.48 djm 1044: id, c->ctl_chan);
1.73 markus 1045: if ((reply = sshbuf_new()) == NULL)
1.85 djm 1046: fatal_f("sshbuf_new");
1.48 djm 1047:
1048: if (!success) {
1.85 djm 1049: debug3_f("sending failure reply");
1.73 markus 1050: reply_error(reply, MUX_S_FAILURE, cctx->rid,
1051: "Session open refused by peer");
1.48 djm 1052: /* prepare reply */
1053: goto done;
1054: }
1055:
1.85 djm 1056: debug3_f("sending success reply");
1.10 djm 1057: /* prepare reply */
1.73 markus 1058: if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 ||
1059: (r = sshbuf_put_u32(reply, cctx->rid)) != 0 ||
1060: (r = sshbuf_put_u32(reply, c->self)) != 0)
1.85 djm 1061: fatal_fr(r, "reply");
1.48 djm 1062:
1063: done:
1064: /* Send reply */
1.73 markus 1065: if ((r = sshbuf_put_stringb(cc->output, reply)) != 0)
1.85 djm 1066: fatal_fr(r, "enqueue");
1.73 markus 1067: sshbuf_free(reply);
1.10 djm 1068:
1.48 djm 1069: if (cc->mux_pause <= 0)
1.85 djm 1070: fatal_f("mux_pause %d", cc->mux_pause);
1.48 djm 1071: cc->mux_pause = 0; /* start processing messages again */
1072: c->open_confirm_ctx = NULL;
1073: free(cctx);
1.10 djm 1074: }
1075:
1.25 djm 1076: static int
1.76 djm 1077: mux_master_process_stop_listening(struct ssh *ssh, u_int rid,
1.73 markus 1078: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.25 djm 1079: {
1.85 djm 1080: debug_f("channel %d: stop listening", c->self);
1.25 djm 1081:
1082: if (options.control_master == SSHCTL_MASTER_ASK ||
1083: options.control_master == SSHCTL_MASTER_AUTO_ASK) {
1084: if (!ask_permission("Disable further multiplexing on shared "
1085: "connection to %s? ", host)) {
1.85 djm 1086: debug2_f("stop listen refused by user");
1.73 markus 1087: reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
1088: "Permission denied");
1.25 djm 1089: return 0;
1090: }
1091: }
1092:
1093: if (mux_listener_channel != NULL) {
1.66 djm 1094: channel_free(ssh, mux_listener_channel);
1.25 djm 1095: client_stop_mux();
1.41 djm 1096: free(options.control_path);
1.25 djm 1097: options.control_path = NULL;
1098: mux_listener_channel = NULL;
1099: muxserver_sock = -1;
1100: }
1101:
1.73 markus 1102: reply_ok(reply, rid);
1.25 djm 1103: return 0;
1104: }
1105:
1.62 markus 1106: static int
1.76 djm 1107: mux_master_process_proxy(struct ssh *ssh, u_int rid,
1.73 markus 1108: Channel *c, struct sshbuf *m, struct sshbuf *reply)
1.62 markus 1109: {
1.73 markus 1110: int r;
1111:
1.85 djm 1112: debug_f("channel %d: proxy request", c->self);
1.62 markus 1113:
1114: c->mux_rcb = channel_proxy_downstream;
1.73 markus 1115: if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 ||
1116: (r = sshbuf_put_u32(reply, rid)) != 0)
1.85 djm 1117: fatal_fr(r, "reply");
1.62 markus 1118:
1119: return 0;
1120: }
1121:
1.83 djm 1122: /* Channel callbacks fired on read/write from mux client fd */
1.10 djm 1123: static int
1.66 djm 1124: mux_master_read_cb(struct ssh *ssh, Channel *c)
1.10 djm 1125: {
1126: struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1.73 markus 1127: struct sshbuf *in = NULL, *out = NULL;
1128: u_int type, rid, i;
1129: int r, ret = -1;
1130:
1131: if ((out = sshbuf_new()) == NULL)
1.85 djm 1132: fatal_f("sshbuf_new");
1.10 djm 1133:
1134: /* Setup ctx and */
1135: if (c->mux_ctx == NULL) {
1.19 djm 1136: state = xcalloc(1, sizeof(*state));
1.10 djm 1137: c->mux_ctx = state;
1.66 djm 1138: channel_register_cleanup(ssh, c->self,
1.10 djm 1139: mux_master_control_cleanup_cb, 0);
1140:
1141: /* Send hello */
1.73 markus 1142: if ((r = sshbuf_put_u32(out, MUX_MSG_HELLO)) != 0 ||
1143: (r = sshbuf_put_u32(out, SSHMUX_VER)) != 0)
1.85 djm 1144: fatal_fr(r, "reply");
1.10 djm 1145: /* no extensions */
1.73 markus 1146: if ((r = sshbuf_put_stringb(c->output, out)) != 0)
1.85 djm 1147: fatal_fr(r, "enqueue");
1148: debug3_f("channel %d: hello sent", c->self);
1.73 markus 1149: ret = 0;
1150: goto out;
1.10 djm 1151: }
1152:
1153: /* Channel code ensures that we receive whole packets */
1.73 markus 1154: if ((r = sshbuf_froms(c->input, &in)) != 0) {
1.10 djm 1155: malf:
1.85 djm 1156: error_f("malformed message");
1.10 djm 1157: goto out;
1158: }
1159:
1.73 markus 1160: if ((r = sshbuf_get_u32(in, &type)) != 0)
1.10 djm 1161: goto malf;
1.85 djm 1162: debug3_f("channel %d packet type 0x%08x len %zu", c->self,
1163: type, sshbuf_len(in));
1.10 djm 1164:
1165: if (type == MUX_MSG_HELLO)
1166: rid = 0;
1167: else {
1168: if (!state->hello_rcvd) {
1.85 djm 1169: error_f("expected MUX_MSG_HELLO(0x%08x), "
1170: "received 0x%08x", MUX_MSG_HELLO, type);
1.10 djm 1171: goto out;
1.1 djm 1172: }
1.73 markus 1173: if ((r = sshbuf_get_u32(in, &rid)) != 0)
1.10 djm 1174: goto malf;
1175: }
1176:
1177: for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
1178: if (type == mux_master_handlers[i].type) {
1.66 djm 1179: ret = mux_master_handlers[i].handler(ssh, rid,
1.73 markus 1180: c, in, out);
1.10 djm 1181: break;
1.1 djm 1182: }
1.10 djm 1183: }
1184: if (mux_master_handlers[i].handler == NULL) {
1.85 djm 1185: error_f("unsupported mux message 0x%08x", type);
1.73 markus 1186: reply_error(out, MUX_S_FAILURE, rid, "unsupported request");
1.10 djm 1187: ret = 0;
1188: }
1189: /* Enqueue reply packet */
1.85 djm 1190: if (sshbuf_len(out) != 0 &&
1191: (r = sshbuf_put_stringb(c->output, out)) != 0)
1192: fatal_fr(r, "enqueue");
1.10 djm 1193: out:
1.73 markus 1194: sshbuf_free(in);
1195: sshbuf_free(out);
1.10 djm 1196: return ret;
1197: }
1198:
1199: void
1.66 djm 1200: mux_exit_message(struct ssh *ssh, Channel *c, int exitval)
1.10 djm 1201: {
1.73 markus 1202: struct sshbuf *m;
1.10 djm 1203: Channel *mux_chan;
1.73 markus 1204: int r;
1.10 djm 1205:
1.85 djm 1206: debug3_f("channel %d: exit message, exitval %d", c->self, exitval);
1.10 djm 1207:
1.66 djm 1208: if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.85 djm 1209: fatal_f("channel %d missing mux %d", c->self, c->ctl_chan);
1.10 djm 1210:
1211: /* Append exit message packet to control socket output queue */
1.73 markus 1212: if ((m = sshbuf_new()) == NULL)
1.85 djm 1213: fatal_f("sshbuf_new");
1.73 markus 1214: if ((r = sshbuf_put_u32(m, MUX_S_EXIT_MESSAGE)) != 0 ||
1215: (r = sshbuf_put_u32(m, c->self)) != 0 ||
1216: (r = sshbuf_put_u32(m, exitval)) != 0 ||
1217: (r = sshbuf_put_stringb(mux_chan->output, m)) != 0)
1.85 djm 1218: fatal_fr(r, "reply");
1.73 markus 1219: sshbuf_free(m);
1.10 djm 1220: }
1221:
1.28 djm 1222: void
1.66 djm 1223: mux_tty_alloc_failed(struct ssh *ssh, Channel *c)
1.28 djm 1224: {
1.73 markus 1225: struct sshbuf *m;
1.28 djm 1226: Channel *mux_chan;
1.73 markus 1227: int r;
1.28 djm 1228:
1.85 djm 1229: debug3_f("channel %d: TTY alloc failed", c->self);
1.28 djm 1230:
1.66 djm 1231: if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.85 djm 1232: fatal_f("channel %d missing mux %d", c->self, c->ctl_chan);
1.28 djm 1233:
1234: /* Append exit message packet to control socket output queue */
1.73 markus 1235: if ((m = sshbuf_new()) == NULL)
1.85 djm 1236: fatal_f("sshbuf_new");
1.73 markus 1237: if ((r = sshbuf_put_u32(m, MUX_S_TTY_ALLOC_FAIL)) != 0 ||
1238: (r = sshbuf_put_u32(m, c->self)) != 0 ||
1239: (r = sshbuf_put_stringb(mux_chan->output, m)) != 0)
1.85 djm 1240: fatal_fr(r, "reply");
1.73 markus 1241: sshbuf_free(m);
1.28 djm 1242: }
1243:
1.10 djm 1244: /* Prepare a mux master to listen on a Unix domain socket. */
1245: void
1.66 djm 1246: muxserver_listen(struct ssh *ssh)
1.10 djm 1247: {
1248: mode_t old_umask;
1.22 djm 1249: char *orig_control_path = options.control_path;
1250: char rbuf[16+1];
1251: u_int i, r;
1.47 djm 1252: int oerrno;
1.10 djm 1253:
1254: if (options.control_path == NULL ||
1255: options.control_master == SSHCTL_MASTER_NO)
1.1 djm 1256: return;
1.10 djm 1257:
1258: debug("setting up multiplex master socket");
1259:
1.22 djm 1260: /*
1261: * Use a temporary path before listen so we can pseudo-atomically
1262: * establish the listening socket in its final location to avoid
1263: * other processes racing in between bind() and listen() and hitting
1264: * an unready socket.
1265: */
1266: for (i = 0; i < sizeof(rbuf) - 1; i++) {
1267: r = arc4random_uniform(26+26+10);
1268: rbuf[i] = (r < 26) ? 'a' + r :
1269: (r < 26*2) ? 'A' + r - 26 :
1270: '0' + r - 26 - 26;
1271: }
1272: rbuf[sizeof(rbuf) - 1] = '\0';
1273: options.control_path = NULL;
1274: xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf);
1.85 djm 1275: debug3_f("temporary control path %s", options.control_path);
1.22 djm 1276:
1.10 djm 1277: old_umask = umask(0177);
1.46 millert 1278: muxserver_sock = unix_listener(options.control_path, 64, 0);
1.47 djm 1279: oerrno = errno;
1.46 millert 1280: umask(old_umask);
1281: if (muxserver_sock < 0) {
1.47 djm 1282: if (oerrno == EINVAL || oerrno == EADDRINUSE) {
1.10 djm 1283: error("ControlSocket %s already exists, "
1284: "disabling multiplexing", options.control_path);
1.22 djm 1285: disable_mux_master:
1.26 djm 1286: if (muxserver_sock != -1) {
1287: close(muxserver_sock);
1288: muxserver_sock = -1;
1289: }
1.41 djm 1290: free(orig_control_path);
1291: free(options.control_path);
1.10 djm 1292: options.control_path = NULL;
1293: options.control_master = SSHCTL_MASTER_NO;
1294: return;
1.46 millert 1295: } else {
1296: /* unix_listener() logs the error */
1297: cleanup_exit(255);
1298: }
1.10 djm 1299: }
1300:
1.22 djm 1301: /* Now atomically "move" the mux socket into position */
1302: if (link(options.control_path, orig_control_path) != 0) {
1303: if (errno != EEXIST) {
1.85 djm 1304: fatal_f("link mux listener %s => %s: %s",
1.22 djm 1305: options.control_path, orig_control_path,
1306: strerror(errno));
1307: }
1308: error("ControlSocket %s already exists, disabling multiplexing",
1309: orig_control_path);
1310: unlink(options.control_path);
1311: goto disable_mux_master;
1312: }
1313: unlink(options.control_path);
1.41 djm 1314: free(options.control_path);
1.22 djm 1315: options.control_path = orig_control_path;
1316:
1.10 djm 1317: set_nonblock(muxserver_sock);
1318:
1.66 djm 1319: mux_listener_channel = channel_new(ssh, "mux listener",
1.10 djm 1320: SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
1321: CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1.22 djm 1322: 0, options.control_path, 1);
1.10 djm 1323: mux_listener_channel->mux_rcb = mux_master_read_cb;
1.85 djm 1324: debug3_f("mux listener channel %d fd %d",
1.10 djm 1325: mux_listener_channel->self, mux_listener_channel->sock);
1326: }
1327:
1328: /* Callback on open confirmation in mux master for a mux client session. */
1329: static void
1.66 djm 1330: mux_session_confirm(struct ssh *ssh, int id, int success, void *arg)
1.10 djm 1331: {
1332: struct mux_session_confirm_ctx *cctx = arg;
1333: const char *display;
1.17 djm 1334: Channel *c, *cc;
1.73 markus 1335: int i, r;
1336: struct sshbuf *reply;
1.10 djm 1337:
1338: if (cctx == NULL)
1.85 djm 1339: fatal_f("cctx == NULL");
1.66 djm 1340: if ((c = channel_by_id(ssh, id)) == NULL)
1.85 djm 1341: fatal_f("no channel for id %d", id);
1.66 djm 1342: if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
1.85 djm 1343: fatal_f("channel %d lacks control channel %d",
1.17 djm 1344: id, c->ctl_chan);
1.73 markus 1345: if ((reply = sshbuf_new()) == NULL)
1.85 djm 1346: fatal_f("sshbuf_new");
1.17 djm 1347:
1348: if (!success) {
1.85 djm 1349: debug3_f("sending failure reply");
1.73 markus 1350: reply_error(reply, MUX_S_FAILURE, cctx->rid,
1351: "Session open refused by peer");
1.17 djm 1352: goto done;
1353: }
1.10 djm 1354:
1355: display = getenv("DISPLAY");
1356: if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1357: char *proto, *data;
1.21 djm 1358:
1.10 djm 1359: /* Get reasonable local authentication information. */
1.66 djm 1360: if (client_x11_get_proto(ssh, display, options.xauth_location,
1.21 djm 1361: options.forward_x11_trusted, options.forward_x11_timeout,
1.58 djm 1362: &proto, &data) == 0) {
1363: /* Request forwarding with authentication spoofing. */
1364: debug("Requesting X11 forwarding with authentication "
1365: "spoofing.");
1.66 djm 1366: x11_request_forwarding_with_spoofing(ssh, id,
1367: display, proto, data, 1);
1.58 djm 1368: /* XXX exit_on_forward_failure */
1.66 djm 1369: client_expect_confirm(ssh, id, "X11 forwarding",
1.58 djm 1370: CONFIRM_WARN);
1371: }
1.10 djm 1372: }
1373:
1374: if (cctx->want_agent_fwd && options.forward_agent) {
1375: debug("Requesting authentication agent forwarding.");
1.66 djm 1376: channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
1.79 djm 1377: if ((r = sshpkt_send(ssh)) != 0)
1.85 djm 1378: fatal_fr(r, "send");
1.10 djm 1379: }
1380:
1.66 djm 1381: client_session2_setup(ssh, id, cctx->want_tty, cctx->want_subsys,
1.73 markus 1382: cctx->term, &cctx->tio, c->rfd, cctx->cmd, cctx->env);
1.10 djm 1383:
1.85 djm 1384: debug3_f("sending success reply");
1.17 djm 1385: /* prepare reply */
1.73 markus 1386: if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 ||
1387: (r = sshbuf_put_u32(reply, cctx->rid)) != 0 ||
1388: (r = sshbuf_put_u32(reply, c->self)) != 0)
1.85 djm 1389: fatal_fr(r, "reply");
1.17 djm 1390:
1391: done:
1392: /* Send reply */
1.73 markus 1393: if ((r = sshbuf_put_stringb(cc->output, reply)) != 0)
1.85 djm 1394: fatal_fr(r, "enqueue");
1.73 markus 1395: sshbuf_free(reply);
1.17 djm 1396:
1397: if (cc->mux_pause <= 0)
1.85 djm 1398: fatal_f("mux_pause %d", cc->mux_pause);
1.17 djm 1399: cc->mux_pause = 0; /* start processing messages again */
1.10 djm 1400: c->open_confirm_ctx = NULL;
1.73 markus 1401: sshbuf_free(cctx->cmd);
1.41 djm 1402: free(cctx->term);
1.10 djm 1403: if (cctx->env != NULL) {
1404: for (i = 0; cctx->env[i] != NULL; i++)
1.41 djm 1405: free(cctx->env[i]);
1406: free(cctx->env);
1.1 djm 1407: }
1.41 djm 1408: free(cctx);
1.10 djm 1409: }
1410:
1411: /* ** Multiplexing client support */
1412:
1413: /* Exit signal handler */
1414: static void
1415: control_client_sighandler(int signo)
1416: {
1417: muxclient_terminate = signo;
1418: }
1419:
1420: /*
1421: * Relay signal handler - used to pass some signals from mux client to
1422: * mux master.
1423: */
1424: static void
1425: control_client_sigrelay(int signo)
1426: {
1427: int save_errno = errno;
1428:
1429: if (muxserver_pid > 1)
1430: kill(muxserver_pid, signo);
1431:
1432: errno = save_errno;
1433: }
1.1 djm 1434:
1.10 djm 1435: static int
1.73 markus 1436: mux_client_read(int fd, struct sshbuf *b, size_t need)
1.10 djm 1437: {
1.73 markus 1438: size_t have;
1.10 djm 1439: ssize_t len;
1440: u_char *p;
1441: struct pollfd pfd;
1.73 markus 1442: int r;
1.10 djm 1443:
1444: pfd.fd = fd;
1445: pfd.events = POLLIN;
1.73 markus 1446: if ((r = sshbuf_reserve(b, need, &p)) != 0)
1.85 djm 1447: fatal_fr(r, "reserve");
1.10 djm 1448: for (have = 0; have < need; ) {
1449: if (muxclient_terminate) {
1450: errno = EINTR;
1451: return -1;
1452: }
1453: len = read(fd, p + have, need - have);
1.80 deraadt 1454: if (len == -1) {
1.10 djm 1455: switch (errno) {
1456: case EAGAIN:
1457: (void)poll(&pfd, 1, -1);
1458: /* FALLTHROUGH */
1459: case EINTR:
1460: continue;
1461: default:
1462: return -1;
1463: }
1464: }
1465: if (len == 0) {
1466: errno = EPIPE;
1467: return -1;
1468: }
1.73 markus 1469: have += (size_t)len;
1.1 djm 1470: }
1.10 djm 1471: return 0;
1472: }
1.1 djm 1473:
1.10 djm 1474: static int
1.73 markus 1475: mux_client_write_packet(int fd, struct sshbuf *m)
1.10 djm 1476: {
1.73 markus 1477: struct sshbuf *queue;
1.10 djm 1478: u_int have, need;
1.73 markus 1479: int r, oerrno, len;
1480: const u_char *ptr;
1.10 djm 1481: struct pollfd pfd;
1482:
1483: pfd.fd = fd;
1484: pfd.events = POLLOUT;
1.73 markus 1485: if ((queue = sshbuf_new()) == NULL)
1.85 djm 1486: fatal_f("sshbuf_new");
1.73 markus 1487: if ((r = sshbuf_put_stringb(queue, m)) != 0)
1.85 djm 1488: fatal_fr(r, "enqueue");
1.10 djm 1489:
1.73 markus 1490: need = sshbuf_len(queue);
1491: ptr = sshbuf_ptr(queue);
1.10 djm 1492:
1493: for (have = 0; have < need; ) {
1494: if (muxclient_terminate) {
1.73 markus 1495: sshbuf_free(queue);
1.10 djm 1496: errno = EINTR;
1497: return -1;
1498: }
1499: len = write(fd, ptr + have, need - have);
1.80 deraadt 1500: if (len == -1) {
1.10 djm 1501: switch (errno) {
1502: case EAGAIN:
1503: (void)poll(&pfd, 1, -1);
1504: /* FALLTHROUGH */
1505: case EINTR:
1506: continue;
1507: default:
1508: oerrno = errno;
1.73 markus 1509: sshbuf_free(queue);
1.10 djm 1510: errno = oerrno;
1511: return -1;
1512: }
1513: }
1514: if (len == 0) {
1.73 markus 1515: sshbuf_free(queue);
1.10 djm 1516: errno = EPIPE;
1517: return -1;
1518: }
1519: have += (u_int)len;
1520: }
1.73 markus 1521: sshbuf_free(queue);
1.10 djm 1522: return 0;
1523: }
1.1 djm 1524:
1.10 djm 1525: static int
1.73 markus 1526: mux_client_read_packet(int fd, struct sshbuf *m)
1.10 djm 1527: {
1.73 markus 1528: struct sshbuf *queue;
1529: size_t need, have;
1.45 djm 1530: const u_char *ptr;
1.73 markus 1531: int r, oerrno;
1.10 djm 1532:
1.73 markus 1533: if ((queue = sshbuf_new()) == NULL)
1.85 djm 1534: fatal_f("sshbuf_new");
1.73 markus 1535: if (mux_client_read(fd, queue, 4) != 0) {
1.10 djm 1536: if ((oerrno = errno) == EPIPE)
1.85 djm 1537: debug3_f("read header failed: %s",
1.43 dtucker 1538: strerror(errno));
1.73 markus 1539: sshbuf_free(queue);
1.10 djm 1540: errno = oerrno;
1541: return -1;
1542: }
1.73 markus 1543: need = PEEK_U32(sshbuf_ptr(queue));
1544: if (mux_client_read(fd, queue, need) != 0) {
1.10 djm 1545: oerrno = errno;
1.85 djm 1546: debug3_f("read body failed: %s", strerror(errno));
1.73 markus 1547: sshbuf_free(queue);
1.10 djm 1548: errno = oerrno;
1549: return -1;
1550: }
1.73 markus 1551: if ((r = sshbuf_get_string_direct(queue, &ptr, &have)) != 0 ||
1552: (r = sshbuf_put(m, ptr, have)) != 0)
1.85 djm 1553: fatal_fr(r, "dequeue");
1.73 markus 1554: sshbuf_free(queue);
1.10 djm 1555: return 0;
1556: }
1.1 djm 1557:
1.10 djm 1558: static int
1559: mux_client_hello_exchange(int fd)
1560: {
1.73 markus 1561: struct sshbuf *m;
1.10 djm 1562: u_int type, ver;
1.73 markus 1563: int r, ret = -1;
1.1 djm 1564:
1.73 markus 1565: if ((m = sshbuf_new()) == NULL)
1.85 djm 1566: fatal_f("sshbuf_new");
1.73 markus 1567: if ((r = sshbuf_put_u32(m, MUX_MSG_HELLO)) != 0 ||
1568: (r = sshbuf_put_u32(m, SSHMUX_VER)) != 0)
1.85 djm 1569: fatal_fr(r, "assemble hello");
1.10 djm 1570: /* no extensions */
1571:
1.73 markus 1572: if (mux_client_write_packet(fd, m) != 0) {
1.85 djm 1573: debug_f("write packet: %s", strerror(errno));
1.65 djm 1574: goto out;
1575: }
1.1 djm 1576:
1.73 markus 1577: sshbuf_reset(m);
1.10 djm 1578:
1579: /* Read their HELLO */
1.73 markus 1580: if (mux_client_read_packet(fd, m) != 0) {
1.85 djm 1581: debug_f("read packet failed");
1.65 djm 1582: goto out;
1.10 djm 1583: }
1584:
1.73 markus 1585: if ((r = sshbuf_get_u32(m, &type)) != 0)
1.85 djm 1586: fatal_fr(r, "parse type");
1.65 djm 1587: if (type != MUX_MSG_HELLO) {
1.85 djm 1588: error_f("expected HELLO (%u) got %u", MUX_MSG_HELLO, type);
1.65 djm 1589: goto out;
1590: }
1.73 markus 1591: if ((r = sshbuf_get_u32(m, &ver)) != 0)
1.85 djm 1592: fatal_fr(r, "parse version");
1.65 djm 1593: if (ver != SSHMUX_VER) {
1594: error("Unsupported multiplexing protocol version %d "
1.10 djm 1595: "(expected %d)", ver, SSHMUX_VER);
1.65 djm 1596: goto out;
1597: }
1.85 djm 1598: debug2_f("master version %u", ver);
1.10 djm 1599: /* No extensions are presently defined */
1.73 markus 1600: while (sshbuf_len(m) > 0) {
1601: char *name = NULL;
1.10 djm 1602:
1.73 markus 1603: if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 ||
1604: (r = sshbuf_skip_string(m)) != 0) { /* value */
1.85 djm 1605: error_fr(r, "parse extension");
1.73 markus 1606: goto out;
1607: }
1.10 djm 1608: debug2("Unrecognised master extension \"%s\"", name);
1.41 djm 1609: free(name);
1.5 djm 1610: }
1.65 djm 1611: /* success */
1612: ret = 0;
1613: out:
1.73 markus 1614: sshbuf_free(m);
1.65 djm 1615: return ret;
1.10 djm 1616: }
1617:
1618: static u_int
1619: mux_client_request_alive(int fd)
1620: {
1.73 markus 1621: struct sshbuf *m;
1.10 djm 1622: char *e;
1623: u_int pid, type, rid;
1.73 markus 1624: int r;
1.10 djm 1625:
1.85 djm 1626: debug3_f("entering");
1.10 djm 1627:
1.73 markus 1628: if ((m = sshbuf_new()) == NULL)
1.85 djm 1629: fatal_f("sshbuf_new");
1.73 markus 1630: if ((r = sshbuf_put_u32(m, MUX_C_ALIVE_CHECK)) != 0 ||
1631: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
1.85 djm 1632: fatal_fr(r, "assemble");
1.10 djm 1633:
1.73 markus 1634: if (mux_client_write_packet(fd, m) != 0)
1.85 djm 1635: fatal_f("write packet: %s", strerror(errno));
1.10 djm 1636:
1.73 markus 1637: sshbuf_reset(m);
1.1 djm 1638:
1.10 djm 1639: /* Read their reply */
1.73 markus 1640: if (mux_client_read_packet(fd, m) != 0) {
1641: sshbuf_free(m);
1.10 djm 1642: return 0;
1643: }
1644:
1.73 markus 1645: if ((r = sshbuf_get_u32(m, &type)) != 0)
1.85 djm 1646: fatal_fr(r, "parse type");
1.10 djm 1647: if (type != MUX_S_ALIVE) {
1.73 markus 1648: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 1649: fatal_fr(r, "parse error message");
1650: fatal_f("master returned error: %s", e);
1.5 djm 1651: }
1.10 djm 1652:
1.73 markus 1653: if ((r = sshbuf_get_u32(m, &rid)) != 0)
1.85 djm 1654: fatal_fr(r, "parse remote ID");
1.73 markus 1655: if (rid != muxclient_request_id)
1.85 djm 1656: fatal_f("out of sequence reply: my id %u theirs %u",
1657: muxclient_request_id, rid);
1.73 markus 1658: if ((r = sshbuf_get_u32(m, &pid)) != 0)
1.85 djm 1659: fatal_fr(r, "parse PID");
1.73 markus 1660: sshbuf_free(m);
1.10 djm 1661:
1.85 djm 1662: debug3_f("done pid = %u", pid);
1.10 djm 1663:
1664: muxclient_request_id++;
1665:
1666: return pid;
1667: }
1668:
1669: static void
1670: mux_client_request_terminate(int fd)
1671: {
1.73 markus 1672: struct sshbuf *m;
1.10 djm 1673: char *e;
1674: u_int type, rid;
1.73 markus 1675: int r;
1.10 djm 1676:
1.85 djm 1677: debug3_f("entering");
1.10 djm 1678:
1.73 markus 1679: if ((m = sshbuf_new()) == NULL)
1.85 djm 1680: fatal_f("sshbuf_new");
1.73 markus 1681: if ((r = sshbuf_put_u32(m, MUX_C_TERMINATE)) != 0 ||
1682: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
1.85 djm 1683: fatal_fr(r, "request");
1.10 djm 1684:
1.73 markus 1685: if (mux_client_write_packet(fd, m) != 0)
1.85 djm 1686: fatal_f("write packet: %s", strerror(errno));
1.1 djm 1687:
1.73 markus 1688: sshbuf_reset(m);
1.1 djm 1689:
1.10 djm 1690: /* Read their reply */
1.73 markus 1691: if (mux_client_read_packet(fd, m) != 0) {
1.10 djm 1692: /* Remote end exited already */
1693: if (errno == EPIPE) {
1.73 markus 1694: sshbuf_free(m);
1.10 djm 1695: return;
1.2 djm 1696: }
1.85 djm 1697: fatal_f("read from master failed: %s", strerror(errno));
1.10 djm 1698: }
1699:
1.73 markus 1700: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
1701: (r = sshbuf_get_u32(m, &rid)) != 0)
1.85 djm 1702: fatal_fr(r, "parse");
1.73 markus 1703: if (rid != muxclient_request_id)
1.85 djm 1704: fatal_f("out of sequence reply: my id %u theirs %u",
1705: muxclient_request_id, rid);
1.10 djm 1706: switch (type) {
1707: case MUX_S_OK:
1708: break;
1709: case MUX_S_PERMISSION_DENIED:
1.73 markus 1710: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 1711: fatal_fr(r, "parse error message");
1.10 djm 1712: fatal("Master refused termination request: %s", e);
1713: case MUX_S_FAILURE:
1.73 markus 1714: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 1715: fatal_fr(r, "parse error message");
1716: fatal_f("termination request failed: %s", e);
1.10 djm 1717: default:
1.85 djm 1718: fatal_f("unexpected response from master 0x%08x", type);
1.10 djm 1719: }
1.73 markus 1720: sshbuf_free(m);
1.10 djm 1721: muxclient_request_id++;
1722: }
1723:
1724: static int
1.46 millert 1725: mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd)
1.10 djm 1726: {
1.73 markus 1727: struct sshbuf *m;
1.10 djm 1728: char *e, *fwd_desc;
1.73 markus 1729: const char *lhost, *chost;
1.10 djm 1730: u_int type, rid;
1.73 markus 1731: int r;
1.10 djm 1732:
1733: fwd_desc = format_forward(ftype, fwd);
1.30 djm 1734: debug("Requesting %s %s",
1735: cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
1.41 djm 1736: free(fwd_desc);
1.10 djm 1737:
1.73 markus 1738: type = cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD;
1739: if (fwd->listen_path != NULL)
1740: lhost = fwd->listen_path;
1741: else if (fwd->listen_host == NULL)
1742: lhost = "";
1743: else if (*fwd->listen_host == '\0')
1744: lhost = "*";
1745: else
1746: lhost = fwd->listen_host;
1747:
1748: if (fwd->connect_path != NULL)
1749: chost = fwd->connect_path;
1750: else if (fwd->connect_host == NULL)
1751: chost = "";
1752: else
1753: chost = fwd->connect_host;
1754:
1755: if ((m = sshbuf_new()) == NULL)
1.85 djm 1756: fatal_f("sshbuf_new");
1.73 markus 1757: if ((r = sshbuf_put_u32(m, type)) != 0 ||
1758: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
1759: (r = sshbuf_put_u32(m, ftype)) != 0 ||
1760: (r = sshbuf_put_cstring(m, lhost)) != 0 ||
1761: (r = sshbuf_put_u32(m, fwd->listen_port)) != 0 ||
1762: (r = sshbuf_put_cstring(m, chost)) != 0 ||
1763: (r = sshbuf_put_u32(m, fwd->connect_port)) != 0)
1.85 djm 1764: fatal_fr(r, "request");
1.10 djm 1765:
1.73 markus 1766: if (mux_client_write_packet(fd, m) != 0)
1.85 djm 1767: fatal_f("write packet: %s", strerror(errno));
1.10 djm 1768:
1.73 markus 1769: sshbuf_reset(m);
1.10 djm 1770:
1771: /* Read their reply */
1.73 markus 1772: if (mux_client_read_packet(fd, m) != 0) {
1773: sshbuf_free(m);
1.10 djm 1774: return -1;
1775: }
1776:
1.73 markus 1777: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
1778: (r = sshbuf_get_u32(m, &rid)) != 0)
1.85 djm 1779: fatal_fr(r, "parse");
1.73 markus 1780: if (rid != muxclient_request_id)
1.85 djm 1781: fatal_f("out of sequence reply: my id %u theirs %u",
1782: muxclient_request_id, rid);
1.73 markus 1783:
1.10 djm 1784: switch (type) {
1785: case MUX_S_OK:
1.1 djm 1786: break;
1.18 markus 1787: case MUX_S_REMOTE_PORT:
1.30 djm 1788: if (cancel_flag)
1.85 djm 1789: fatal_f("got MUX_S_REMOTE_PORT for cancel");
1.73 markus 1790: if ((r = sshbuf_get_u32(m, &fwd->allocated_port)) != 0)
1.85 djm 1791: fatal_fr(r, "parse port");
1.52 djm 1792: verbose("Allocated port %u for remote forward to %s:%d",
1.18 markus 1793: fwd->allocated_port,
1794: fwd->connect_host ? fwd->connect_host : "",
1795: fwd->connect_port);
1796: if (muxclient_command == SSHMUX_COMMAND_FORWARD)
1.55 djm 1797: fprintf(stdout, "%i\n", fwd->allocated_port);
1.18 markus 1798: break;
1.10 djm 1799: case MUX_S_PERMISSION_DENIED:
1.73 markus 1800: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 1801: fatal_fr(r, "parse error message");
1.73 markus 1802: sshbuf_free(m);
1.10 djm 1803: error("Master refused forwarding request: %s", e);
1804: return -1;
1805: case MUX_S_FAILURE:
1.73 markus 1806: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 1807: fatal_fr(r, "parse error message");
1.73 markus 1808: sshbuf_free(m);
1.85 djm 1809: error_f("forwarding request failed: %s", e);
1.10 djm 1810: return -1;
1.1 djm 1811: default:
1.85 djm 1812: fatal_f("unexpected response from master 0x%08x", type);
1.10 djm 1813: }
1.73 markus 1814: sshbuf_free(m);
1.10 djm 1815:
1816: muxclient_request_id++;
1817: return 0;
1818: }
1819:
1820: static int
1.30 djm 1821: mux_client_forwards(int fd, int cancel_flag)
1.10 djm 1822: {
1.30 djm 1823: int i, ret = 0;
1.10 djm 1824:
1.85 djm 1825: debug3_f("%s forwardings: %d local, %d remote",
1.30 djm 1826: cancel_flag ? "cancel" : "request",
1.10 djm 1827: options.num_local_forwards, options.num_remote_forwards);
1828:
1829: /* XXX ExitOnForwardingFailure */
1830: for (i = 0; i < options.num_local_forwards; i++) {
1.30 djm 1831: if (mux_client_forward(fd, cancel_flag,
1.10 djm 1832: options.local_forwards[i].connect_port == 0 ?
1833: MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1834: options.local_forwards + i) != 0)
1.30 djm 1835: ret = -1;
1.10 djm 1836: }
1837: for (i = 0; i < options.num_remote_forwards; i++) {
1.30 djm 1838: if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE,
1.10 djm 1839: options.remote_forwards + i) != 0)
1.30 djm 1840: ret = -1;
1.10 djm 1841: }
1.30 djm 1842: return ret;
1.10 djm 1843: }
1844:
1845: static int
1846: mux_client_request_session(int fd)
1847: {
1.73 markus 1848: struct sshbuf *m;
1849: char *e;
1850: const char *term;
1851: u_int echar, rid, sid, esid, exitval, type, exitval_seen;
1.10 djm 1852: extern char **environ;
1.84 djm 1853: int r, i, rawmode;
1.10 djm 1854:
1.85 djm 1855: debug3_f("entering");
1.10 djm 1856:
1857: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1.85 djm 1858: error_f("master alive request failed");
1.10 djm 1859: return -1;
1.1 djm 1860: }
1861:
1.81 dtucker 1862: ssh_signal(SIGPIPE, SIG_IGN);
1.10 djm 1863:
1.84 djm 1864: if (stdin_null_flag && stdfd_devnull(1, 0, 0) == -1)
1.85 djm 1865: fatal_f("stdfd_devnull failed");
1.1 djm 1866:
1.73 markus 1867: if ((term = getenv("TERM")) == NULL)
1868: term = "";
1869: echar = 0xffffffff;
1870: if (options.escape_char != SSH_ESCAPECHAR_NONE)
1871: echar = (u_int)options.escape_char;
1872:
1873: if ((m = sshbuf_new()) == NULL)
1.85 djm 1874: fatal_f("sshbuf_new");
1.73 markus 1875: if ((r = sshbuf_put_u32(m, MUX_C_NEW_SESSION)) != 0 ||
1876: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
1877: (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */
1878: (r = sshbuf_put_u32(m, tty_flag)) != 0 ||
1879: (r = sshbuf_put_u32(m, options.forward_x11)) != 0 ||
1880: (r = sshbuf_put_u32(m, options.forward_agent)) != 0 ||
1881: (r = sshbuf_put_u32(m, subsystem_flag)) != 0 ||
1882: (r = sshbuf_put_u32(m, echar)) != 0 ||
1883: (r = sshbuf_put_cstring(m, term)) != 0 ||
1884: (r = sshbuf_put_stringb(m, command)) != 0)
1.85 djm 1885: fatal_fr(r, "request");
1.10 djm 1886:
1.71 djm 1887: /* Pass environment */
1.10 djm 1888: if (options.num_send_env > 0 && environ != NULL) {
1889: for (i = 0; environ[i] != NULL; i++) {
1.73 markus 1890: if (!env_permitted(environ[i]))
1891: continue;
1892: if ((r = sshbuf_put_cstring(m, environ[i])) != 0)
1.85 djm 1893: fatal_fr(r, "request sendenv");
1.10 djm 1894: }
1.5 djm 1895: }
1.73 markus 1896: for (i = 0; i < options.num_setenv; i++) {
1897: if ((r = sshbuf_put_cstring(m, options.setenv[i])) != 0)
1.85 djm 1898: fatal_fr(r, "request setenv");
1.73 markus 1899: }
1.5 djm 1900:
1.73 markus 1901: if (mux_client_write_packet(fd, m) != 0)
1.85 djm 1902: fatal_f("write packet: %s", strerror(errno));
1.10 djm 1903:
1904: /* Send the stdio file descriptors */
1905: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1906: mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1907: mm_send_fd(fd, STDERR_FILENO) == -1)
1.85 djm 1908: fatal_f("send fds failed");
1.10 djm 1909:
1.85 djm 1910: debug3_f("session request sent");
1.1 djm 1911:
1.10 djm 1912: /* Read their reply */
1.73 markus 1913: sshbuf_reset(m);
1914: if (mux_client_read_packet(fd, m) != 0) {
1.85 djm 1915: error_f("read from master failed: %s", strerror(errno));
1.73 markus 1916: sshbuf_free(m);
1.10 djm 1917: return -1;
1918: }
1919:
1.73 markus 1920: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
1921: (r = sshbuf_get_u32(m, &rid)) != 0)
1.85 djm 1922: fatal_fr(r, "parse");
1.73 markus 1923: if (rid != muxclient_request_id)
1.85 djm 1924: fatal_f("out of sequence reply: my id %u theirs %u",
1925: muxclient_request_id, rid);
1.73 markus 1926:
1.10 djm 1927: switch (type) {
1928: case MUX_S_SESSION_OPENED:
1.73 markus 1929: if ((r = sshbuf_get_u32(m, &sid)) != 0)
1.85 djm 1930: fatal_fr(r, "parse session ID");
1931: debug_f("master session id: %u", sid);
1.10 djm 1932: break;
1933: case MUX_S_PERMISSION_DENIED:
1.73 markus 1934: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 1935: fatal_fr(r, "parse error message");
1.24 djm 1936: error("Master refused session request: %s", e);
1.73 markus 1937: sshbuf_free(m);
1.10 djm 1938: return -1;
1939: case MUX_S_FAILURE:
1.73 markus 1940: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 1941: fatal_fr(r, "parse error message");
1942: error_f("session request failed: %s", e);
1.73 markus 1943: sshbuf_free(m);
1.10 djm 1944: return -1;
1945: default:
1.73 markus 1946: sshbuf_free(m);
1.85 djm 1947: error_f("unexpected response from master 0x%08x", type);
1.10 djm 1948: return -1;
1949: }
1950: muxclient_request_id++;
1.1 djm 1951:
1.57 semarie 1952: if (pledge("stdio proc tty", NULL) == -1)
1.85 djm 1953: fatal_f("pledge(): %s", strerror(errno));
1.57 semarie 1954:
1.81 dtucker 1955: ssh_signal(SIGHUP, control_client_sighandler);
1956: ssh_signal(SIGINT, control_client_sighandler);
1957: ssh_signal(SIGTERM, control_client_sighandler);
1958: ssh_signal(SIGWINCH, control_client_sigrelay);
1.1 djm 1959:
1.28 djm 1960: rawmode = tty_flag;
1.1 djm 1961: if (tty_flag)
1.27 djm 1962: enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1.1 djm 1963:
1964: /*
1965: * Stick around until the controlee closes the client_fd.
1.10 djm 1966: * Before it does, it is expected to write an exit message.
1967: * This process must read the value and wait for the closure of
1968: * the client_fd; if this one closes early, the multiplex master will
1969: * terminate early too (possibly losing data).
1.1 djm 1970: */
1.10 djm 1971: for (exitval = 255, exitval_seen = 0;;) {
1.73 markus 1972: sshbuf_reset(m);
1973: if (mux_client_read_packet(fd, m) != 0)
1.1 djm 1974: break;
1.73 markus 1975: if ((r = sshbuf_get_u32(m, &type)) != 0)
1.85 djm 1976: fatal_fr(r, "parse type");
1.28 djm 1977: switch (type) {
1978: case MUX_S_TTY_ALLOC_FAIL:
1.73 markus 1979: if ((r = sshbuf_get_u32(m, &esid)) != 0)
1.85 djm 1980: fatal_fr(r, "parse session ID");
1.73 markus 1981: if (esid != sid)
1.85 djm 1982: fatal_f("tty alloc fail on unknown session: "
1983: "my id %u theirs %u", sid, esid);
1.28 djm 1984: leave_raw_mode(options.request_tty ==
1985: REQUEST_TTY_FORCE);
1986: rawmode = 0;
1987: continue;
1988: case MUX_S_EXIT_MESSAGE:
1.73 markus 1989: if ((r = sshbuf_get_u32(m, &esid)) != 0)
1.85 djm 1990: fatal_fr(r, "parse session ID");
1.73 markus 1991: if (esid != sid)
1.85 djm 1992: fatal_f("exit on unknown session: "
1993: "my id %u theirs %u", sid, esid);
1.28 djm 1994: if (exitval_seen)
1.85 djm 1995: fatal_f("exitval sent twice");
1.73 markus 1996: if ((r = sshbuf_get_u32(m, &exitval)) != 0)
1.85 djm 1997: fatal_fr(r, "parse exitval");
1.28 djm 1998: exitval_seen = 1;
1999: continue;
2000: default:
1.73 markus 2001: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 2002: fatal_fr(r, "parse error message");
2003: fatal_f("master returned error: %s", e);
1.1 djm 2004: }
2005: }
2006:
1.10 djm 2007: close(fd);
1.28 djm 2008: if (rawmode)
2009: leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1.10 djm 2010:
1.1 djm 2011: if (muxclient_terminate) {
1.69 dtucker 2012: debug2("Exiting on signal: %s", strsignal(muxclient_terminate));
1.10 djm 2013: exitval = 255;
2014: } else if (!exitval_seen) {
1.1 djm 2015: debug2("Control master terminated unexpectedly");
1.10 djm 2016: exitval = 255;
1.1 djm 2017: } else
1.10 djm 2018: debug2("Received exit status from master %d", exitval);
1.1 djm 2019:
2020: if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
2021: fprintf(stderr, "Shared connection to %s closed.\r\n", host);
2022:
1.10 djm 2023: exit(exitval);
2024: }
2025:
2026: static int
1.62 markus 2027: mux_client_proxy(int fd)
2028: {
1.73 markus 2029: struct sshbuf *m;
1.62 markus 2030: char *e;
2031: u_int type, rid;
1.73 markus 2032: int r;
1.62 markus 2033:
1.73 markus 2034: if ((m = sshbuf_new()) == NULL)
1.85 djm 2035: fatal_f("sshbuf_new");
1.73 markus 2036: if ((r = sshbuf_put_u32(m, MUX_C_PROXY)) != 0 ||
2037: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
1.85 djm 2038: fatal_fr(r, "request");
1.73 markus 2039: if (mux_client_write_packet(fd, m) != 0)
1.85 djm 2040: fatal_f("write packet: %s", strerror(errno));
1.62 markus 2041:
1.73 markus 2042: sshbuf_reset(m);
1.62 markus 2043:
2044: /* Read their reply */
1.73 markus 2045: if (mux_client_read_packet(fd, m) != 0) {
2046: sshbuf_free(m);
1.62 markus 2047: return 0;
2048: }
1.73 markus 2049: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
2050: (r = sshbuf_get_u32(m, &rid)) != 0)
1.85 djm 2051: fatal_fr(r, "parse");
1.73 markus 2052: if (rid != muxclient_request_id)
1.85 djm 2053: fatal_f("out of sequence reply: my id %u theirs %u",
2054: muxclient_request_id, rid);
1.62 markus 2055: if (type != MUX_S_PROXY) {
1.73 markus 2056: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 2057: fatal_fr(r, "parse error message");
2058: fatal_f("master returned error: %s", e);
1.62 markus 2059: }
1.73 markus 2060: sshbuf_free(m);
1.62 markus 2061:
1.85 djm 2062: debug3_f("done");
1.62 markus 2063: muxclient_request_id++;
2064: return 0;
2065: }
2066:
2067: static int
1.10 djm 2068: mux_client_request_stdio_fwd(int fd)
2069: {
1.73 markus 2070: struct sshbuf *m;
1.10 djm 2071: char *e;
2072: u_int type, rid, sid;
1.84 djm 2073: int r;
1.10 djm 2074:
1.85 djm 2075: debug3_f("entering");
1.10 djm 2076:
2077: if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1.85 djm 2078: error_f("master alive request failed");
1.10 djm 2079: return -1;
2080: }
2081:
1.81 dtucker 2082: ssh_signal(SIGPIPE, SIG_IGN);
1.10 djm 2083:
1.84 djm 2084: if (stdin_null_flag && stdfd_devnull(1, 0, 0) == -1)
1.85 djm 2085: fatal_f("stdfd_devnull failed");
1.10 djm 2086:
1.73 markus 2087: if ((m = sshbuf_new()) == NULL)
1.85 djm 2088: fatal_f("sshbuf_new");
1.73 markus 2089: if ((r = sshbuf_put_u32(m, MUX_C_NEW_STDIO_FWD)) != 0 ||
2090: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
2091: (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */
2092: (r = sshbuf_put_cstring(m, options.stdio_forward_host)) != 0 ||
2093: (r = sshbuf_put_u32(m, options.stdio_forward_port)) != 0)
1.85 djm 2094: fatal_fr(r, "request");
1.10 djm 2095:
1.73 markus 2096: if (mux_client_write_packet(fd, m) != 0)
1.85 djm 2097: fatal_f("write packet: %s", strerror(errno));
1.10 djm 2098:
2099: /* Send the stdio file descriptors */
2100: if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
2101: mm_send_fd(fd, STDOUT_FILENO) == -1)
1.85 djm 2102: fatal_f("send fds failed");
1.10 djm 2103:
1.56 semarie 2104: if (pledge("stdio proc tty", NULL) == -1)
1.85 djm 2105: fatal_f("pledge(): %s", strerror(errno));
1.56 semarie 2106:
1.85 djm 2107: debug3_f("stdio forward request sent");
1.10 djm 2108:
2109: /* Read their reply */
1.73 markus 2110: sshbuf_reset(m);
1.10 djm 2111:
1.73 markus 2112: if (mux_client_read_packet(fd, m) != 0) {
1.85 djm 2113: error_f("read from master failed: %s", strerror(errno));
1.73 markus 2114: sshbuf_free(m);
1.10 djm 2115: return -1;
2116: }
2117:
1.73 markus 2118: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
2119: (r = sshbuf_get_u32(m, &rid)) != 0)
1.85 djm 2120: fatal_fr(r, "parse");
1.73 markus 2121: if (rid != muxclient_request_id)
1.85 djm 2122: fatal_f("out of sequence reply: my id %u theirs %u",
2123: muxclient_request_id, rid);
1.10 djm 2124: switch (type) {
2125: case MUX_S_SESSION_OPENED:
1.73 markus 2126: if ((r = sshbuf_get_u32(m, &sid)) != 0)
1.85 djm 2127: fatal_fr(r, "parse session ID");
2128: debug_f("master session id: %u", sid);
1.10 djm 2129: break;
2130: case MUX_S_PERMISSION_DENIED:
1.73 markus 2131: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 2132: fatal_fr(r, "parse error message");
1.73 markus 2133: sshbuf_free(m);
1.24 djm 2134: fatal("Master refused stdio forwarding request: %s", e);
1.10 djm 2135: case MUX_S_FAILURE:
1.73 markus 2136: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 2137: fatal_fr(r, "parse error message");
1.73 markus 2138: sshbuf_free(m);
1.48 djm 2139: fatal("Stdio forwarding request failed: %s", e);
1.10 djm 2140: default:
1.73 markus 2141: sshbuf_free(m);
1.85 djm 2142: error_f("unexpected response from master 0x%08x", type);
1.10 djm 2143: return -1;
2144: }
2145: muxclient_request_id++;
2146:
1.81 dtucker 2147: ssh_signal(SIGHUP, control_client_sighandler);
2148: ssh_signal(SIGINT, control_client_sighandler);
2149: ssh_signal(SIGTERM, control_client_sighandler);
2150: ssh_signal(SIGWINCH, control_client_sigrelay);
1.10 djm 2151:
2152: /*
2153: * Stick around until the controlee closes the client_fd.
2154: */
1.73 markus 2155: sshbuf_reset(m);
2156: if (mux_client_read_packet(fd, m) != 0) {
1.10 djm 2157: if (errno == EPIPE ||
2158: (errno == EINTR && muxclient_terminate != 0))
2159: return 0;
1.85 djm 2160: fatal_f("mux_client_read_packet: %s", strerror(errno));
1.10 djm 2161: }
1.85 djm 2162: fatal_f("master returned unexpected message %u", type);
1.10 djm 2163: }
2164:
1.25 djm 2165: static void
2166: mux_client_request_stop_listening(int fd)
2167: {
1.73 markus 2168: struct sshbuf *m;
1.25 djm 2169: char *e;
2170: u_int type, rid;
1.73 markus 2171: int r;
1.25 djm 2172:
1.85 djm 2173: debug3_f("entering");
1.25 djm 2174:
1.73 markus 2175: if ((m = sshbuf_new()) == NULL)
1.85 djm 2176: fatal_f("sshbuf_new");
1.73 markus 2177: if ((r = sshbuf_put_u32(m, MUX_C_STOP_LISTENING)) != 0 ||
2178: (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
1.85 djm 2179: fatal_fr(r, "request");
1.25 djm 2180:
1.73 markus 2181: if (mux_client_write_packet(fd, m) != 0)
1.85 djm 2182: fatal_f("write packet: %s", strerror(errno));
1.25 djm 2183:
1.73 markus 2184: sshbuf_reset(m);
1.25 djm 2185:
2186: /* Read their reply */
1.73 markus 2187: if (mux_client_read_packet(fd, m) != 0)
1.85 djm 2188: fatal_f("read from master failed: %s", strerror(errno));
1.25 djm 2189:
1.73 markus 2190: if ((r = sshbuf_get_u32(m, &type)) != 0 ||
2191: (r = sshbuf_get_u32(m, &rid)) != 0)
1.85 djm 2192: fatal_fr(r, "parse");
1.73 markus 2193: if (rid != muxclient_request_id)
1.85 djm 2194: fatal_f("out of sequence reply: my id %u theirs %u",
2195: muxclient_request_id, rid);
1.73 markus 2196:
1.25 djm 2197: switch (type) {
2198: case MUX_S_OK:
2199: break;
2200: case MUX_S_PERMISSION_DENIED:
1.73 markus 2201: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 2202: fatal_fr(r, "parse error message");
1.25 djm 2203: fatal("Master refused stop listening request: %s", e);
2204: case MUX_S_FAILURE:
1.73 markus 2205: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
1.85 djm 2206: fatal_fr(r, "parse error message");
2207: fatal_f("stop listening request failed: %s", e);
1.25 djm 2208: default:
1.85 djm 2209: fatal_f("unexpected response from master 0x%08x", type);
1.25 djm 2210: }
1.73 markus 2211: sshbuf_free(m);
1.25 djm 2212: muxclient_request_id++;
2213: }
2214:
1.10 djm 2215: /* Multiplex client main loop. */
1.62 markus 2216: int
1.10 djm 2217: muxclient(const char *path)
2218: {
2219: struct sockaddr_un addr;
2220: int sock;
2221: u_int pid;
2222:
2223: if (muxclient_command == 0) {
1.60 dtucker 2224: if (options.stdio_forward_host != NULL)
1.10 djm 2225: muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
2226: else
2227: muxclient_command = SSHMUX_COMMAND_OPEN;
2228: }
2229:
2230: switch (options.control_master) {
2231: case SSHCTL_MASTER_AUTO:
2232: case SSHCTL_MASTER_AUTO_ASK:
2233: debug("auto-mux: Trying existing master");
2234: /* FALLTHROUGH */
2235: case SSHCTL_MASTER_NO:
2236: break;
2237: default:
1.62 markus 2238: return -1;
1.10 djm 2239: }
2240:
2241: memset(&addr, '\0', sizeof(addr));
2242: addr.sun_family = AF_UNIX;
2243:
2244: if (strlcpy(addr.sun_path, path,
2245: sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1.61 dtucker 2246: fatal("ControlPath too long ('%s' >= %u bytes)", path,
1.87 djm 2247: (unsigned int)sizeof(addr.sun_path));
1.10 djm 2248:
1.80 deraadt 2249: if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
1.85 djm 2250: fatal_f("socket(): %s", strerror(errno));
1.10 djm 2251:
1.64 guenther 2252: if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
1.10 djm 2253: switch (muxclient_command) {
2254: case SSHMUX_COMMAND_OPEN:
2255: case SSHMUX_COMMAND_STDIO_FWD:
2256: break;
2257: default:
2258: fatal("Control socket connect(%.100s): %s", path,
2259: strerror(errno));
2260: }
1.22 djm 2261: if (errno == ECONNREFUSED &&
2262: options.control_master != SSHCTL_MASTER_NO) {
2263: debug("Stale control socket %.100s, unlinking", path);
2264: unlink(path);
2265: } else if (errno == ENOENT) {
1.10 djm 2266: debug("Control socket \"%.100s\" does not exist", path);
1.22 djm 2267: } else {
1.10 djm 2268: error("Control socket connect(%.100s): %s", path,
2269: strerror(errno));
2270: }
2271: close(sock);
1.62 markus 2272: return -1;
1.10 djm 2273: }
2274: set_nonblock(sock);
2275:
2276: if (mux_client_hello_exchange(sock) != 0) {
1.85 djm 2277: error_f("master hello exchange failed");
1.10 djm 2278: close(sock);
1.62 markus 2279: return -1;
1.10 djm 2280: }
2281:
2282: switch (muxclient_command) {
2283: case SSHMUX_COMMAND_ALIVE_CHECK:
2284: if ((pid = mux_client_request_alive(sock)) == 0)
1.85 djm 2285: fatal_f("master alive check failed");
1.55 djm 2286: fprintf(stderr, "Master running (pid=%u)\r\n", pid);
1.10 djm 2287: exit(0);
2288: case SSHMUX_COMMAND_TERMINATE:
2289: mux_client_request_terminate(sock);
1.63 dtucker 2290: if (options.log_level != SYSLOG_LEVEL_QUIET)
2291: fprintf(stderr, "Exit request sent.\r\n");
1.18 markus 2292: exit(0);
2293: case SSHMUX_COMMAND_FORWARD:
1.30 djm 2294: if (mux_client_forwards(sock, 0) != 0)
1.85 djm 2295: fatal_f("master forward request failed");
1.10 djm 2296: exit(0);
2297: case SSHMUX_COMMAND_OPEN:
1.30 djm 2298: if (mux_client_forwards(sock, 0) != 0) {
1.85 djm 2299: error_f("master forward request failed");
1.62 markus 2300: return -1;
1.10 djm 2301: }
2302: mux_client_request_session(sock);
1.62 markus 2303: return -1;
1.10 djm 2304: case SSHMUX_COMMAND_STDIO_FWD:
2305: mux_client_request_stdio_fwd(sock);
1.25 djm 2306: exit(0);
2307: case SSHMUX_COMMAND_STOP:
2308: mux_client_request_stop_listening(sock);
1.63 dtucker 2309: if (options.log_level != SYSLOG_LEVEL_QUIET)
2310: fprintf(stderr, "Stop listening request sent.\r\n");
1.30 djm 2311: exit(0);
2312: case SSHMUX_COMMAND_CANCEL_FWD:
2313: if (mux_client_forwards(sock, 1) != 0)
1.85 djm 2314: error_f("master cancel forward request failed");
1.10 djm 2315: exit(0);
1.62 markus 2316: case SSHMUX_COMMAND_PROXY:
2317: mux_client_proxy(sock);
2318: return (sock);
1.10 djm 2319: default:
2320: fatal("unrecognised muxclient_command %d", muxclient_command);
2321: }
1.1 djm 2322: }