Annotation of src/usr.bin/ssh/serverloop.c, Revision 1.61
1.1 deraadt 1: /*
1.11 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
5: * Server main loop for handling the interactive session.
1.28 deraadt 6: *
7: * As far as I am concerned, the code I have written for this software
8: * can be used freely for any purpose. Any derived versions of this
9: * software must be clearly marked as such, and if the derived work is
10: * incompatible with the protocol description in the RFC file, it must be
11: * called by a name other than "ssh" or "Secure Shell".
12: *
1.17 markus 13: * SSH2 support by Markus Friedl.
1.53 deraadt 14: * Copyright (c) 2000 Markus Friedl. All rights reserved.
1.28 deraadt 15: *
16: * Redistribution and use in source and binary forms, with or without
17: * modification, are permitted provided that the following conditions
18: * are met:
19: * 1. Redistributions of source code must retain the above copyright
20: * notice, this list of conditions and the following disclaimer.
21: * 2. Redistributions in binary form must reproduce the above copyright
22: * notice, this list of conditions and the following disclaimer in the
23: * documentation and/or other materials provided with the distribution.
24: *
25: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.17 markus 35: */
1.1 deraadt 36:
37: #include "includes.h"
1.61 ! beck 38: RCSID("$OpenBSD: serverloop.c,v 1.60 2001/04/05 23:39:20 markus Exp $");
1.33 djm 39:
1.1 deraadt 40: #include "xmalloc.h"
41: #include "packet.h"
42: #include "buffer.h"
1.42 markus 43: #include "log.h"
1.1 deraadt 44: #include "servconf.h"
1.54 djm 45: #include "sshpty.h"
1.16 markus 46: #include "channels.h"
47: #include "compat.h"
1.41 markus 48: #include "ssh1.h"
1.17 markus 49: #include "ssh2.h"
1.40 markus 50: #include "auth.h"
1.17 markus 51: #include "session.h"
1.16 markus 52: #include "dispatch.h"
1.26 markus 53: #include "auth-options.h"
1.42 markus 54: #include "serverloop.h"
55: #include "misc.h"
1.56 markus 56: #include "kex.h"
1.1 deraadt 57:
1.32 markus 58: extern ServerOptions options;
59:
1.56 markus 60: /* XXX */
61: extern Kex *xxx_kex;
62:
1.1 deraadt 63: static Buffer stdin_buffer; /* Buffer for stdin data. */
64: static Buffer stdout_buffer; /* Buffer for stdout data. */
65: static Buffer stderr_buffer; /* Buffer for stderr data. */
66: static int fdin; /* Descriptor for stdin (for writing) */
67: static int fdout; /* Descriptor for stdout (for reading);
68: May be same number as fdin. */
69: static int fderr; /* Descriptor for stderr. May be -1. */
70: static long stdin_bytes = 0; /* Number of bytes written to stdin. */
71: static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
72: static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
73: static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
74: static int stdin_eof = 0; /* EOF message received from client. */
75: static int fdout_eof = 0; /* EOF encountered reading from fdout. */
76: static int fderr_eof = 0; /* EOF encountered readung from fderr. */
1.50 markus 77: static int fdin_is_tty = 0; /* fdin points to a tty. */
1.1 deraadt 78: static int connection_in; /* Connection to client (input). */
79: static int connection_out; /* Connection to client (output). */
1.60 markus 80: static int connection_closed = 0; /* Connection to client closed. */
81: static u_int buffer_high; /* "Soft" max buffer size. */
1.1 deraadt 82:
1.12 markus 83: /*
84: * This SIGCHLD kludge is used to detect when the child exits. The server
85: * will exit after that, as soon as forwarded connections have terminated.
86: */
1.1 deraadt 87:
1.20 deraadt 88: static pid_t child_pid; /* Pid of the child. */
1.1 deraadt 89: static volatile int child_terminated; /* The child has terminated. */
90: static volatile int child_wait_status; /* Status from wait(). */
91:
1.16 markus 92: void server_init_dispatch(void);
93:
1.61 ! beck 94: int client_alive_timeouts = 0;
! 95:
1.19 markus 96: void
1.10 markus 97: sigchld_handler(int sig)
1.1 deraadt 98: {
1.10 markus 99: int save_errno = errno;
1.20 deraadt 100: pid_t wait_pid;
101:
1.10 markus 102: debug("Received SIGCHLD.");
103: wait_pid = wait((int *) &child_wait_status);
104: if (wait_pid != -1) {
105: if (wait_pid != child_pid)
106: error("Strange, got SIGCHLD and wait returned pid %d but child is %d",
107: wait_pid, child_pid);
108: if (WIFEXITED(child_wait_status) ||
109: WIFSIGNALED(child_wait_status))
110: child_terminated = 1;
111: }
112: signal(SIGCHLD, sigchld_handler);
113: errno = save_errno;
1.1 deraadt 114: }
1.19 markus 115: void
1.17 markus 116: sigchld_handler2(int sig)
117: {
118: int save_errno = errno;
119: debug("Received SIGCHLD.");
120: child_terminated = 1;
121: signal(SIGCHLD, sigchld_handler2);
122: errno = save_errno;
123: }
1.1 deraadt 124:
1.11 deraadt 125: /*
126: * Make packets from buffered stderr data, and buffer it for sending
127: * to the client.
128: */
1.19 markus 129: void
1.46 itojun 130: make_packets_from_stderr_data(void)
1.1 deraadt 131: {
1.10 markus 132: int len;
1.1 deraadt 133:
1.10 markus 134: /* Send buffered stderr data to the client. */
135: while (buffer_len(&stderr_buffer) > 0 &&
1.14 deraadt 136: packet_not_very_much_data_to_write()) {
1.10 markus 137: len = buffer_len(&stderr_buffer);
138: if (packet_is_interactive()) {
139: if (len > 512)
140: len = 512;
141: } else {
142: /* Keep the packets at reasonable size. */
143: if (len > packet_get_maxsize())
144: len = packet_get_maxsize();
145: }
146: packet_start(SSH_SMSG_STDERR_DATA);
147: packet_put_string(buffer_ptr(&stderr_buffer), len);
148: packet_send();
149: buffer_consume(&stderr_buffer, len);
150: stderr_bytes += len;
151: }
1.1 deraadt 152: }
153:
1.11 deraadt 154: /*
155: * Make packets from buffered stdout data, and buffer it for sending to the
156: * client.
157: */
1.19 markus 158: void
1.46 itojun 159: make_packets_from_stdout_data(void)
1.1 deraadt 160: {
1.10 markus 161: int len;
1.1 deraadt 162:
1.10 markus 163: /* Send buffered stdout data to the client. */
164: while (buffer_len(&stdout_buffer) > 0 &&
1.14 deraadt 165: packet_not_very_much_data_to_write()) {
1.10 markus 166: len = buffer_len(&stdout_buffer);
167: if (packet_is_interactive()) {
168: if (len > 512)
169: len = 512;
170: } else {
171: /* Keep the packets at reasonable size. */
172: if (len > packet_get_maxsize())
1.45 stevesk 173: len = packet_get_maxsize();
1.10 markus 174: }
175: packet_start(SSH_SMSG_STDOUT_DATA);
176: packet_put_string(buffer_ptr(&stdout_buffer), len);
177: packet_send();
178: buffer_consume(&stdout_buffer, len);
179: stdout_bytes += len;
180: }
1.1 deraadt 181: }
182:
1.11 deraadt 183: /*
184: * Sleep in select() until we can do something. This will initialize the
185: * select masks. Upon return, the masks will indicate which descriptors
186: * have data or can accept data. Optionally, a maximum time can be specified
187: * for the duration of the wait (0 = infinite).
188: */
1.19 markus 189: void
1.43 markus 190: wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
191: u_int max_time_milliseconds)
1.1 deraadt 192: {
1.10 markus 193: struct timeval tv, *tvp;
194: int ret;
1.61 ! beck 195: int client_alive_scheduled = 0;
! 196:
! 197: /*
! 198: * if using client_alive, set the max timeout accordingly,
! 199: * and indicate that this particular timeout was for client
! 200: * alive by setting the client_alive_scheduled flag.
! 201: *
! 202: * this could be randomized somewhat to make traffic
! 203: * analysis more difficult, but we're not doing it yet.
! 204: */
! 205: if (max_time_milliseconds == 0 && options.client_alive_interval) {
! 206: client_alive_scheduled = 1;
! 207: max_time_milliseconds = options.client_alive_interval * 1000;
! 208: } else
! 209: client_alive_scheduled = 0;
1.1 deraadt 210:
1.10 markus 211: /* When select fails we restart from here. */
1.1 deraadt 212: retry_select:
213:
1.43 markus 214: /* Allocate and update select() masks for channel descriptors. */
1.57 markus 215: channel_prepare_select(readsetp, writesetp, maxfdp, 0);
1.10 markus 216:
1.17 markus 217: if (compat20) {
1.22 markus 218: /* wrong: bad condition XXX */
1.17 markus 219: if (channel_not_very_much_buffered_data())
1.43 markus 220: FD_SET(connection_in, *readsetp);
1.17 markus 221: } else {
1.25 markus 222: /*
223: * Read packets from the client unless we have too much
224: * buffered stdin or channel data.
225: */
226: if (buffer_len(&stdin_buffer) < buffer_high &&
1.17 markus 227: channel_not_very_much_buffered_data())
1.43 markus 228: FD_SET(connection_in, *readsetp);
1.25 markus 229: /*
230: * If there is not too much data already buffered going to
231: * the client, try to get some more data from the program.
232: */
233: if (packet_not_very_much_data_to_write()) {
234: if (!fdout_eof)
1.43 markus 235: FD_SET(fdout, *readsetp);
1.25 markus 236: if (!fderr_eof)
1.43 markus 237: FD_SET(fderr, *readsetp);
1.25 markus 238: }
239: /*
240: * If we have buffered data, try to write some of that data
241: * to the program.
242: */
243: if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
1.43 markus 244: FD_SET(fdin, *writesetp);
1.17 markus 245: }
1.10 markus 246:
1.12 markus 247: /*
248: * If we have buffered packet data going to the client, mark that
249: * descriptor.
250: */
1.10 markus 251: if (packet_have_data_to_write())
1.43 markus 252: FD_SET(connection_out, *writesetp);
1.10 markus 253:
1.12 markus 254: /*
255: * If child has terminated and there is enough buffer space to read
256: * from it, then read as much as is available and exit.
257: */
1.10 markus 258: if (child_terminated && packet_not_very_much_data_to_write())
1.61 ! beck 259: if (max_time_milliseconds == 0 || client_alive_scheduled)
1.10 markus 260: max_time_milliseconds = 100;
261:
262: if (max_time_milliseconds == 0)
263: tvp = NULL;
264: else {
265: tv.tv_sec = max_time_milliseconds / 1000;
266: tv.tv_usec = 1000 * (max_time_milliseconds % 1000);
267: tvp = &tv;
268: }
1.17 markus 269: if (tvp!=NULL)
1.51 markus 270: debug3("tvp!=NULL kid %d mili %d", child_terminated, max_time_milliseconds);
1.10 markus 271:
272: /* Wait for something to happen, or the timeout to expire. */
1.43 markus 273: ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
1.10 markus 274:
1.61 ! beck 275: if (ret == -1) {
1.10 markus 276: if (errno != EINTR)
277: error("select: %.100s", strerror(errno));
278: else
279: goto retry_select;
280: }
1.61 ! beck 281: if (ret == 0 && client_alive_scheduled) {
! 282: /* timeout, check to see how many we have had */
! 283: client_alive_timeouts++;
! 284:
! 285: if (client_alive_timeouts > options.client_alive_count_max ) {
! 286: packet_disconnect(
! 287: "Timeout, your session not responding.");
! 288: } else {
! 289: /*
! 290: * send a bogus channel request with "wantreply"
! 291: * we should get back a failure
! 292: */
! 293: int id;
! 294:
! 295: id = channel_find_open();
! 296: if (id != -1) {
! 297: channel_request_start(id,
! 298: "keepalive@openssh.com", 1);
! 299: packet_send();
! 300: } else
! 301: packet_disconnect(
! 302: "No open channels after timeout!");
! 303: }
! 304: }
1.1 deraadt 305: }
306:
1.11 deraadt 307: /*
308: * Processes input from the client and the program. Input data is stored
309: * in buffers and processed later.
310: */
1.19 markus 311: void
1.10 markus 312: process_input(fd_set * readset)
1.1 deraadt 313: {
1.10 markus 314: int len;
315: char buf[16384];
1.1 deraadt 316:
1.10 markus 317: /* Read and buffer any input data from the client. */
318: if (FD_ISSET(connection_in, readset)) {
319: len = read(connection_in, buf, sizeof(buf));
320: if (len == 0) {
321: verbose("Connection closed by remote host.");
1.60 markus 322: connection_closed = 1;
323: if (compat20)
324: return;
1.10 markus 325: fatal_cleanup();
1.23 markus 326: } else if (len < 0) {
327: if (errno != EINTR && errno != EAGAIN) {
328: verbose("Read error from remote host: %.100s", strerror(errno));
329: fatal_cleanup();
330: }
331: } else {
332: /* Buffer any received data. */
333: packet_process_incoming(buf, len);
1.10 markus 334: }
335: }
1.17 markus 336: if (compat20)
337: return;
338:
1.10 markus 339: /* Read and buffer any available stdout data from the program. */
340: if (!fdout_eof && FD_ISSET(fdout, readset)) {
341: len = read(fdout, buf, sizeof(buf));
1.23 markus 342: if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
343: /* do nothing */
344: } else if (len <= 0) {
1.10 markus 345: fdout_eof = 1;
1.23 markus 346: } else {
1.10 markus 347: buffer_append(&stdout_buffer, buf, len);
348: fdout_bytes += len;
349: }
350: }
351: /* Read and buffer any available stderr data from the program. */
352: if (!fderr_eof && FD_ISSET(fderr, readset)) {
353: len = read(fderr, buf, sizeof(buf));
1.23 markus 354: if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
355: /* do nothing */
356: } else if (len <= 0) {
1.10 markus 357: fderr_eof = 1;
1.23 markus 358: } else {
1.10 markus 359: buffer_append(&stderr_buffer, buf, len);
1.23 markus 360: }
1.10 markus 361: }
1.1 deraadt 362: }
363:
1.11 deraadt 364: /*
365: * Sends data from internal buffers to client program stdin.
366: */
1.19 markus 367: void
1.10 markus 368: process_output(fd_set * writeset)
1.1 deraadt 369: {
1.47 dugsong 370: struct termios tio;
1.10 markus 371: int len;
1.1 deraadt 372:
1.10 markus 373: /* Write buffered data to program stdin. */
1.17 markus 374: if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
1.10 markus 375: len = write(fdin, buffer_ptr(&stdin_buffer),
1.14 deraadt 376: buffer_len(&stdin_buffer));
1.23 markus 377: if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
378: /* do nothing */
379: } else if (len <= 0) {
1.3 markus 380: #ifdef USE_PIPES
1.10 markus 381: close(fdin);
1.3 markus 382: #else
1.15 markus 383: if (fdin != fdout)
1.10 markus 384: close(fdin);
385: else
386: shutdown(fdin, SHUT_WR); /* We will no longer send. */
1.3 markus 387: #endif
1.10 markus 388: fdin = -1;
389: } else {
1.47 dugsong 390: /* Successful write. */
1.50 markus 391: if (fdin_is_tty && tcgetattr(fdin, &tio) == 0 &&
1.49 markus 392: !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
1.48 deraadt 393: /*
394: * Simulate echo to reduce the impact of
395: * traffic analysis
396: */
1.52 markus 397: packet_send_ignore(len);
1.47 dugsong 398: packet_send();
399: }
400: /* Consume the data from the buffer. */
1.10 markus 401: buffer_consume(&stdin_buffer, len);
402: /* Update the count of bytes written to the program. */
403: stdin_bytes += len;
404: }
405: }
406: /* Send any buffered packet data to the client. */
407: if (FD_ISSET(connection_out, writeset))
408: packet_write_poll();
1.1 deraadt 409: }
410:
1.11 deraadt 411: /*
412: * Wait until all buffered output has been sent to the client.
413: * This is used when the program terminates.
414: */
1.19 markus 415: void
1.46 itojun 416: drain_output(void)
1.1 deraadt 417: {
1.10 markus 418: /* Send any buffered stdout data to the client. */
419: if (buffer_len(&stdout_buffer) > 0) {
420: packet_start(SSH_SMSG_STDOUT_DATA);
421: packet_put_string(buffer_ptr(&stdout_buffer),
422: buffer_len(&stdout_buffer));
423: packet_send();
424: /* Update the count of sent bytes. */
425: stdout_bytes += buffer_len(&stdout_buffer);
426: }
427: /* Send any buffered stderr data to the client. */
428: if (buffer_len(&stderr_buffer) > 0) {
429: packet_start(SSH_SMSG_STDERR_DATA);
430: packet_put_string(buffer_ptr(&stderr_buffer),
431: buffer_len(&stderr_buffer));
432: packet_send();
433: /* Update the count of sent bytes. */
434: stderr_bytes += buffer_len(&stderr_buffer);
435: }
436: /* Wait until all buffered data has been written to the client. */
437: packet_write_wait();
1.1 deraadt 438: }
439:
1.19 markus 440: void
1.46 itojun 441: process_buffered_input_packets(void)
1.16 markus 442: {
1.56 markus 443: dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? xxx_kex : NULL);
1.16 markus 444: }
445:
1.11 deraadt 446: /*
447: * Performs the interactive session. This handles data transmission between
448: * the client and the program. Note that the notion of stdin, stdout, and
449: * stderr in this function is sort of reversed: this function writes to
450: * stdin (of the child program), and reads from stdout and stderr (of the
451: * child program).
452: */
1.19 markus 453: void
1.20 deraadt 454: server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
1.1 deraadt 455: {
1.43 markus 456: fd_set *readset = NULL, *writeset = NULL;
457: int max_fd;
1.20 deraadt 458: int wait_status; /* Status returned by wait(). */
459: pid_t wait_pid; /* pid returned by wait(). */
1.10 markus 460: int waiting_termination = 0; /* Have displayed waiting close message. */
1.38 markus 461: u_int max_time_milliseconds;
462: u_int previous_stdout_buffer_bytes;
463: u_int stdout_buffer_bytes;
1.10 markus 464: int type;
465:
466: debug("Entering interactive session.");
467:
468: /* Initialize the SIGCHLD kludge. */
469: child_pid = pid;
470: child_terminated = 0;
471: signal(SIGCHLD, sigchld_handler);
472:
473: /* Initialize our global variables. */
474: fdin = fdin_arg;
475: fdout = fdout_arg;
476: fderr = fderr_arg;
1.23 markus 477:
478: /* nonblocking IO */
479: set_nonblock(fdin);
480: set_nonblock(fdout);
1.24 markus 481: /* we don't have stderr for interactive terminal sessions, see below */
482: if (fderr != -1)
483: set_nonblock(fderr);
1.50 markus 484:
485: if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
486: fdin_is_tty = 1;
1.23 markus 487:
1.10 markus 488: connection_in = packet_get_connection_in();
489: connection_out = packet_get_connection_out();
490:
491: previous_stdout_buffer_bytes = 0;
492:
493: /* Set approximate I/O buffer size. */
494: if (packet_is_interactive())
495: buffer_high = 4096;
496: else
497: buffer_high = 64 * 1024;
498:
499: /* Initialize max_fd to the maximum of the known file descriptors. */
1.43 markus 500: max_fd = MAX(fdin, fdout);
501: if (fderr != -1)
502: max_fd = MAX(max_fd, fderr);
503: max_fd = MAX(max_fd, connection_in);
504: max_fd = MAX(max_fd, connection_out);
1.10 markus 505:
506: /* Initialize Initialize buffers. */
507: buffer_init(&stdin_buffer);
508: buffer_init(&stdout_buffer);
509: buffer_init(&stderr_buffer);
510:
1.12 markus 511: /*
512: * If we have no separate fderr (which is the case when we have a pty
513: * - there we cannot make difference between data sent to stdout and
514: * stderr), indicate that we have seen an EOF from stderr. This way
515: * we don\'t need to check the descriptor everywhere.
516: */
1.10 markus 517: if (fderr == -1)
518: fderr_eof = 1;
519:
1.16 markus 520: server_init_dispatch();
521:
1.10 markus 522: /* Main loop of the server for the interactive session mode. */
523: for (;;) {
524:
525: /* Process buffered packets from the client. */
526: process_buffered_input_packets();
527:
1.12 markus 528: /*
529: * If we have received eof, and there is no more pending
530: * input data, cause a real eof by closing fdin.
531: */
1.10 markus 532: if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
1.3 markus 533: #ifdef USE_PIPES
1.10 markus 534: close(fdin);
1.3 markus 535: #else
1.15 markus 536: if (fdin != fdout)
1.10 markus 537: close(fdin);
538: else
539: shutdown(fdin, SHUT_WR); /* We will no longer send. */
1.3 markus 540: #endif
1.10 markus 541: fdin = -1;
542: }
1.12 markus 543: /* Make packets from buffered stderr data to send to the client. */
1.10 markus 544: make_packets_from_stderr_data();
545:
1.12 markus 546: /*
547: * Make packets from buffered stdout data to send to the
548: * client. If there is very little to send, this arranges to
549: * not send them now, but to wait a short while to see if we
550: * are getting more data. This is necessary, as some systems
551: * wake up readers from a pty after each separate character.
552: */
1.10 markus 553: max_time_milliseconds = 0;
554: stdout_buffer_bytes = buffer_len(&stdout_buffer);
555: if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 &&
556: stdout_buffer_bytes != previous_stdout_buffer_bytes) {
557: /* try again after a while */
558: max_time_milliseconds = 10;
559: } else {
560: /* Send it now. */
561: make_packets_from_stdout_data();
562: }
563: previous_stdout_buffer_bytes = buffer_len(&stdout_buffer);
564:
565: /* Send channel data to the client. */
566: if (packet_not_very_much_data_to_write())
567: channel_output_poll();
568:
1.12 markus 569: /*
570: * Bail out of the loop if the program has closed its output
571: * descriptors, and we have no more data to send to the
572: * client, and there is no pending buffered data.
573: */
1.10 markus 574: if (fdout_eof && fderr_eof && !packet_have_data_to_write() &&
575: buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) {
576: if (!channel_still_open())
1.16 markus 577: break;
1.10 markus 578: if (!waiting_termination) {
579: const char *s = "Waiting for forwarded connections to terminate...\r\n";
580: char *cp;
581: waiting_termination = 1;
582: buffer_append(&stderr_buffer, s, strlen(s));
583:
584: /* Display list of open channels. */
585: cp = channel_open_message();
586: buffer_append(&stderr_buffer, cp, strlen(cp));
587: xfree(cp);
588: }
589: }
590: /* Sleep in select() until we can do something. */
1.43 markus 591: wait_until_can_do_something(&readset, &writeset, &max_fd,
592: max_time_milliseconds);
1.10 markus 593:
594: /* Process any channel events. */
1.43 markus 595: channel_after_select(readset, writeset);
1.10 markus 596:
597: /* Process input from the client and from program stdout/stderr. */
1.43 markus 598: process_input(readset);
1.10 markus 599:
600: /* Process output to the client and to program stdin. */
1.43 markus 601: process_output(writeset);
1.10 markus 602: }
1.43 markus 603: if (readset)
604: xfree(readset);
605: if (writeset)
606: xfree(writeset);
1.10 markus 607:
608: /* Cleanup and termination code. */
609:
610: /* Wait until all output has been sent to the client. */
611: drain_output();
612:
613: debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
614: stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
615:
616: /* Free and clear the buffers. */
617: buffer_free(&stdin_buffer);
618: buffer_free(&stdout_buffer);
619: buffer_free(&stderr_buffer);
620:
621: /* Close the file descriptors. */
622: if (fdout != -1)
623: close(fdout);
624: fdout = -1;
625: fdout_eof = 1;
626: if (fderr != -1)
627: close(fderr);
628: fderr = -1;
629: fderr_eof = 1;
630: if (fdin != -1)
631: close(fdin);
632: fdin = -1;
633:
634: /* Stop listening for channels; this removes unix domain sockets. */
635: channel_stop_listening();
636:
637: /* Wait for the child to exit. Get its exit status. */
638: wait_pid = wait(&wait_status);
1.37 deraadt 639: if (wait_pid == -1) {
1.11 deraadt 640: /*
641: * It is possible that the wait was handled by SIGCHLD
642: * handler. This may result in either: this call
643: * returning with EINTR, or: this call returning ECHILD.
644: */
1.10 markus 645: if (child_terminated)
646: wait_status = child_wait_status;
647: else
648: packet_disconnect("wait: %.100s", strerror(errno));
649: } else {
650: /* Check if it matches the process we forked. */
651: if (wait_pid != pid)
1.11 deraadt 652: error("Strange, wait returned pid %d, expected %d",
1.13 markus 653: wait_pid, pid);
1.10 markus 654: }
655:
656: /* We no longer want our SIGCHLD handler to be called. */
657: signal(SIGCHLD, SIG_DFL);
658:
659: /* Check if it exited normally. */
660: if (WIFEXITED(wait_status)) {
661: /* Yes, normal exit. Get exit status and send it to the client. */
662: debug("Command exited with status %d.", WEXITSTATUS(wait_status));
663: packet_start(SSH_SMSG_EXITSTATUS);
664: packet_put_int(WEXITSTATUS(wait_status));
665: packet_send();
666: packet_write_wait();
667:
1.12 markus 668: /*
669: * Wait for exit confirmation. Note that there might be
670: * other packets coming before it; however, the program has
671: * already died so we just ignore them. The client is
672: * supposed to respond with the confirmation when it receives
673: * the exit status.
674: */
1.10 markus 675: do {
676: int plen;
677: type = packet_read(&plen);
678: }
679: while (type != SSH_CMSG_EXIT_CONFIRMATION);
680:
681: debug("Received exit confirmation.");
682: return;
683: }
684: /* Check if the program terminated due to a signal. */
685: if (WIFSIGNALED(wait_status))
686: packet_disconnect("Command terminated on signal %d.",
687: WTERMSIG(wait_status));
688:
689: /* Some weird exit cause. Just exit. */
690: packet_disconnect("wait returned status %04x.", wait_status);
691: /* NOTREACHED */
1.16 markus 692: }
693:
1.19 markus 694: void
1.17 markus 695: server_loop2(void)
696: {
1.43 markus 697: fd_set *readset = NULL, *writeset = NULL;
1.60 markus 698: int rekeying = 0, max_fd, status;
1.17 markus 699: pid_t pid;
700:
701: debug("Entering interactive session for SSH2.");
702:
703: signal(SIGCHLD, sigchld_handler2);
704: child_terminated = 0;
705: connection_in = packet_get_connection_in();
706: connection_out = packet_get_connection_out();
1.43 markus 707:
708: max_fd = MAX(connection_in, connection_out);
709:
1.17 markus 710: server_init_dispatch();
711:
712: for (;;) {
713: process_buffered_input_packets();
1.58 markus 714:
1.59 markus 715: rekeying = (xxx_kex != NULL && !xxx_kex->done);
1.58 markus 716:
717: if (!rekeying && packet_not_very_much_data_to_write())
1.17 markus 718: channel_output_poll();
1.58 markus 719: wait_until_can_do_something(&readset, &writeset, &max_fd,
720: rekeying);
1.17 markus 721: if (child_terminated) {
722: while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
723: session_close_by_pid(pid, status);
724: child_terminated = 0;
725: }
1.58 markus 726: if (!rekeying)
727: channel_after_select(readset, writeset);
1.43 markus 728: process_input(readset);
1.60 markus 729: if (connection_closed)
730: break;
1.43 markus 731: process_output(writeset);
732: }
733: if (readset)
734: xfree(readset);
735: if (writeset)
736: xfree(writeset);
737:
1.17 markus 738: signal(SIGCHLD, SIG_DFL);
739: while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
740: session_close_by_pid(pid, status);
741: channel_stop_listening();
742: }
743:
1.16 markus 744: void
1.61 ! beck 745: server_input_channel_failure(int type, int plen, void *ctxt)
! 746: {
! 747: debug("Got CHANNEL_FAILURE for keepalive");
! 748: /*
! 749: * reset timeout, since we got a sane answer from the client.
! 750: * even if this was generated by something other than
! 751: * the bogus CHANNEL_REQUEST we send for keepalives.
! 752: */
! 753: client_alive_timeouts = 0;
! 754: }
! 755:
! 756:
! 757: void
1.31 markus 758: server_input_stdin_data(int type, int plen, void *ctxt)
1.16 markus 759: {
760: char *data;
1.38 markus 761: u_int data_len;
1.16 markus 762:
763: /* Stdin data from the client. Append it to the buffer. */
764: /* Ignore any data if the client has closed stdin. */
765: if (fdin == -1)
766: return;
767: data = packet_get_string(&data_len);
768: packet_integrity_check(plen, (4 + data_len), type);
769: buffer_append(&stdin_buffer, data, data_len);
770: memset(data, 0, data_len);
771: xfree(data);
772: }
773:
774: void
1.31 markus 775: server_input_eof(int type, int plen, void *ctxt)
1.16 markus 776: {
777: /*
778: * Eof from the client. The stdin descriptor to the
779: * program will be closed when all buffered data has
780: * drained.
781: */
782: debug("EOF received for stdin.");
783: packet_integrity_check(plen, 0, type);
784: stdin_eof = 1;
785: }
786:
787: void
1.31 markus 788: server_input_window_size(int type, int plen, void *ctxt)
1.16 markus 789: {
790: int row = packet_get_int();
791: int col = packet_get_int();
792: int xpixel = packet_get_int();
793: int ypixel = packet_get_int();
794:
795: debug("Window change received.");
796: packet_integrity_check(plen, 4 * 4, type);
797: if (fdin != -1)
798: pty_change_window_size(fdin, row, col, xpixel, ypixel);
799: }
800:
1.35 markus 801: Channel *
802: server_request_direct_tcpip(char *ctype)
1.17 markus 803: {
1.35 markus 804: int sock, newch;
1.18 markus 805: char *target, *originator;
806: int target_port, originator_port;
1.17 markus 807:
1.18 markus 808: target = packet_get_string(NULL);
809: target_port = packet_get_int();
1.17 markus 810: originator = packet_get_string(NULL);
811: originator_port = packet_get_int();
1.18 markus 812: packet_done();
1.25 markus 813:
1.35 markus 814: debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
1.25 markus 815: originator, originator_port, target, target_port);
1.26 markus 816:
1.17 markus 817: /* XXX check permission */
1.18 markus 818: sock = channel_connect_to(target, target_port);
819: xfree(target);
1.17 markus 820: xfree(originator);
821: if (sock < 0)
1.35 markus 822: return NULL;
1.36 markus 823: newch = channel_new(ctype, SSH_CHANNEL_CONNECTING,
1.29 markus 824: sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
1.34 markus 825: CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"), 1);
1.35 markus 826: return (newch >= 0) ? channel_lookup(newch) : NULL;
827: }
828:
829: Channel *
830: server_request_session(char *ctype)
831: {
832: int newch;
833:
834: debug("input_session_request");
835: packet_done();
836: /*
837: * A server session has no fd to read or write until a
838: * CHANNEL_REQUEST for a shell is made, so we set the type to
839: * SSH_CHANNEL_LARVAL. Additionally, a callback for handling all
840: * CHANNEL_REQUEST messages is registered.
841: */
842: newch = channel_new(ctype, SSH_CHANNEL_LARVAL,
843: -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT,
844: 0, xstrdup("server-session"), 1);
845: if (session_open(newch) == 1) {
846: channel_register_callback(newch, SSH2_MSG_CHANNEL_REQUEST,
847: session_input_channel_req, (void *)0);
848: channel_register_cleanup(newch, session_close_by_channel);
849: return channel_lookup(newch);
850: } else {
851: debug("session open failed, free channel %d", newch);
852: channel_free(newch);
853: }
854: return NULL;
1.17 markus 855: }
856:
1.19 markus 857: void
1.31 markus 858: server_input_channel_open(int type, int plen, void *ctxt)
1.17 markus 859: {
860: Channel *c = NULL;
861: char *ctype;
1.38 markus 862: u_int len;
1.17 markus 863: int rchan;
864: int rmaxpack;
865: int rwindow;
866:
867: ctype = packet_get_string(&len);
868: rchan = packet_get_int();
869: rwindow = packet_get_int();
870: rmaxpack = packet_get_int();
871:
1.30 markus 872: debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
1.17 markus 873: ctype, rchan, rwindow, rmaxpack);
874:
875: if (strcmp(ctype, "session") == 0) {
1.35 markus 876: c = server_request_session(ctype);
1.17 markus 877: } else if (strcmp(ctype, "direct-tcpip") == 0) {
1.35 markus 878: c = server_request_direct_tcpip(ctype);
1.17 markus 879: }
880: if (c != NULL) {
1.35 markus 881: debug("server_input_channel_open: confirm %s", ctype);
1.17 markus 882: c->remote_id = rchan;
883: c->remote_window = rwindow;
884: c->remote_maxpacket = rmaxpack;
885:
886: packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
887: packet_put_int(c->remote_id);
888: packet_put_int(c->self);
889: packet_put_int(c->local_window);
890: packet_put_int(c->local_maxpacket);
891: packet_send();
892: } else {
1.35 markus 893: debug("server_input_channel_open: failure %s", ctype);
1.17 markus 894: packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
895: packet_put_int(rchan);
896: packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
897: packet_put_cstring("bla bla");
898: packet_put_cstring("");
899: packet_send();
900: }
901: xfree(ctype);
902: }
903:
1.45 stevesk 904: void
1.35 markus 905: server_input_global_request(int type, int plen, void *ctxt)
906: {
907: char *rtype;
908: int want_reply;
909: int success = 0;
910:
911: rtype = packet_get_string(NULL);
912: want_reply = packet_get_char();
913: debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
1.45 stevesk 914:
1.55 markus 915: /* -R style forwarding */
1.35 markus 916: if (strcmp(rtype, "tcpip-forward") == 0) {
917: struct passwd *pw;
918: char *listen_address;
919: u_short listen_port;
920:
921: pw = auth_get_user();
922: if (pw == NULL)
923: fatal("server_input_global_request: no user");
924: listen_address = packet_get_string(NULL); /* XXX currently ignored */
925: listen_port = (u_short)packet_get_int();
926: debug("server_input_global_request: tcpip-forward listen %s port %d",
927: listen_address, listen_port);
928:
929: /* check permissions */
930: if (!options.allow_tcp_forwarding ||
931: no_port_forwarding_flag ||
932: (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) {
933: success = 0;
934: packet_send_debug("Server has disabled port forwarding.");
935: } else {
936: /* Start listening on the port */
1.44 markus 937: success = channel_request_forwarding(
1.35 markus 938: listen_address, listen_port,
939: /*unspec host_to_connect*/ "<unspec host>",
940: /*unspec port_to_connect*/ 0,
941: options.gateway_ports, /*remote*/ 1);
942: }
943: xfree(listen_address);
944: }
945: if (want_reply) {
946: packet_start(success ?
947: SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
948: packet_send();
949: packet_write_wait();
950: }
951: xfree(rtype);
952: }
953:
1.19 markus 954: void
1.46 itojun 955: server_init_dispatch_20(void)
1.17 markus 956: {
957: debug("server_init_dispatch_20");
958: dispatch_init(&dispatch_protocol_error);
959: dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
960: dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
961: dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
962: dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
963: dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
964: dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
965: dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
966: dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
967: dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
1.35 markus 968: dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
1.61 ! beck 969: /* client_alive */
! 970: dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_channel_failure);
1.56 markus 971: /* rekeying */
972: dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
1.17 markus 973: }
1.19 markus 974: void
1.46 itojun 975: server_init_dispatch_13(void)
1.16 markus 976: {
977: debug("server_init_dispatch_13");
978: dispatch_init(NULL);
979: dispatch_set(SSH_CMSG_EOF, &server_input_eof);
980: dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data);
981: dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size);
982: dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
983: dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
984: dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
985: dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
986: dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
987: dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
988: }
1.19 markus 989: void
1.46 itojun 990: server_init_dispatch_15(void)
1.16 markus 991: {
992: server_init_dispatch_13();
993: debug("server_init_dispatch_15");
994: dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
995: dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
996: }
1.19 markus 997: void
1.46 itojun 998: server_init_dispatch(void)
1.16 markus 999: {
1.17 markus 1000: if (compat20)
1001: server_init_dispatch_20();
1002: else if (compat13)
1.16 markus 1003: server_init_dispatch_13();
1004: else
1005: server_init_dispatch_15();
1.1 deraadt 1006: }
1.61 ! beck 1007: