]>
Commit | Line | Data |
---|---|---|
1 | /* $OpenBSD: mux.c,v 1.9 2010/01/09 05:04:24 djm Exp $ */ | |
2 | /* | |
3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | |
4 | * | |
5 | * Permission to use, copy, modify, and distribute this software for any | |
6 | * purpose with or without fee is hereby granted, provided that the above | |
7 | * copyright notice and this permission notice appear in all copies. | |
8 | * | |
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
16 | */ | |
17 | ||
18 | /* ssh session multiplexing support */ | |
19 | ||
20 | #include "includes.h" | |
21 | ||
22 | /* | |
23 | * TODO: | |
24 | * 1. partial reads in muxserver_accept_control (maybe make channels | |
25 | * from accepted connections) | |
26 | * 2. Better signalling from master to slave, especially passing of | |
27 | * error messages | |
28 | * 3. Better fall-back from mux slave error to new connection. | |
29 | * 3. Add/delete forwardings via slave | |
30 | * 4. ExitOnForwardingFailure (after #3 obviously) | |
31 | * 5. Maybe extension mechanisms for multi-X11/multi-agent forwarding | |
32 | * 6. Document the mux mini-protocol somewhere. | |
33 | * 7. Support ~^Z in mux slaves. | |
34 | * 8. Inspect or control sessions in master. | |
35 | * 9. If we ever support the "signal" channel request, send signals on | |
36 | * sessions in master. | |
37 | */ | |
38 | ||
39 | #include <sys/types.h> | |
40 | #include <sys/param.h> | |
41 | #include <sys/stat.h> | |
42 | #include <sys/socket.h> | |
43 | #include <sys/un.h> | |
44 | ||
45 | #include <errno.h> | |
46 | #include <fcntl.h> | |
47 | #include <signal.h> | |
48 | #include <stdarg.h> | |
49 | #include <stddef.h> | |
50 | #include <stdlib.h> | |
51 | #include <stdio.h> | |
52 | #include <string.h> | |
53 | #include <unistd.h> | |
54 | #ifdef HAVE_PATHS_H | |
55 | #include <paths.h> | |
56 | #endif | |
57 | ||
58 | #ifdef HAVE_UTIL_H | |
59 | # include <util.h> | |
60 | #endif | |
61 | ||
62 | #ifdef HAVE_LIBUTIL_H | |
63 | # include <libutil.h> | |
64 | #endif | |
65 | ||
66 | #include "openbsd-compat/sys-queue.h" | |
67 | #include "xmalloc.h" | |
68 | #include "log.h" | |
69 | #include "ssh.h" | |
70 | #include "pathnames.h" | |
71 | #include "misc.h" | |
72 | #include "match.h" | |
73 | #include "buffer.h" | |
74 | #include "channels.h" | |
75 | #include "msg.h" | |
76 | #include "packet.h" | |
77 | #include "monitor_fdpass.h" | |
78 | #include "sshpty.h" | |
79 | #include "key.h" | |
80 | #include "readconf.h" | |
81 | #include "clientloop.h" | |
82 | ||
83 | /* from ssh.c */ | |
84 | extern int tty_flag; | |
85 | extern int force_tty_flag; | |
86 | extern Options options; | |
87 | extern int stdin_null_flag; | |
88 | extern char *host; | |
89 | extern int subsystem_flag; | |
90 | extern Buffer command; | |
91 | ||
92 | /* Context for session open confirmation callback */ | |
93 | struct mux_session_confirm_ctx { | |
94 | int want_tty; | |
95 | int want_subsys; | |
96 | int want_x_fwd; | |
97 | int want_agent_fwd; | |
98 | Buffer cmd; | |
99 | char *term; | |
100 | struct termios tio; | |
101 | char **env; | |
102 | }; | |
103 | ||
104 | /* fd to control socket */ | |
105 | int muxserver_sock = -1; | |
106 | ||
107 | /* Multiplexing control command */ | |
108 | u_int muxclient_command = 0; | |
109 | ||
110 | /* Set when signalled. */ | |
111 | static volatile sig_atomic_t muxclient_terminate = 0; | |
112 | ||
113 | /* PID of multiplex server */ | |
114 | static u_int muxserver_pid = 0; | |
115 | ||
116 | ||
117 | /* ** Multiplexing master support */ | |
118 | ||
119 | /* Prepare a mux master to listen on a Unix domain socket. */ | |
120 | void | |
121 | muxserver_listen(void) | |
122 | { | |
123 | struct sockaddr_un addr; | |
124 | mode_t old_umask; | |
125 | int addr_len; | |
126 | ||
127 | if (options.control_path == NULL || | |
128 | options.control_master == SSHCTL_MASTER_NO) | |
129 | return; | |
130 | ||
131 | debug("setting up multiplex master socket"); | |
132 | ||
133 | memset(&addr, '\0', sizeof(addr)); | |
134 | addr.sun_family = AF_UNIX; | |
135 | addr_len = offsetof(struct sockaddr_un, sun_path) + | |
136 | strlen(options.control_path) + 1; | |
137 | ||
138 | if (strlcpy(addr.sun_path, options.control_path, | |
139 | sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) | |
140 | fatal("ControlPath too long"); | |
141 | ||
142 | if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) | |
143 | fatal("%s socket(): %s", __func__, strerror(errno)); | |
144 | ||
145 | old_umask = umask(0177); | |
146 | if (bind(muxserver_sock, (struct sockaddr *)&addr, addr_len) == -1) { | |
147 | muxserver_sock = -1; | |
148 | if (errno == EINVAL || errno == EADDRINUSE) { | |
149 | error("ControlSocket %s already exists, " | |
150 | "disabling multiplexing", options.control_path); | |
151 | close(muxserver_sock); | |
152 | muxserver_sock = -1; | |
153 | xfree(options.control_path); | |
154 | options.control_path = NULL; | |
155 | options.control_master = SSHCTL_MASTER_NO; | |
156 | return; | |
157 | } else | |
158 | fatal("%s bind(): %s", __func__, strerror(errno)); | |
159 | } | |
160 | umask(old_umask); | |
161 | ||
162 | if (listen(muxserver_sock, 64) == -1) | |
163 | fatal("%s listen(): %s", __func__, strerror(errno)); | |
164 | ||
165 | set_nonblock(muxserver_sock); | |
166 | } | |
167 | ||
168 | /* Callback on open confirmation in mux master for a mux client session. */ | |
169 | static void | |
170 | mux_session_confirm(int id, void *arg) | |
171 | { | |
172 | struct mux_session_confirm_ctx *cctx = arg; | |
173 | const char *display; | |
174 | Channel *c; | |
175 | int i; | |
176 | ||
177 | if (cctx == NULL) | |
178 | fatal("%s: cctx == NULL", __func__); | |
179 | if ((c = channel_lookup(id)) == NULL) | |
180 | fatal("%s: no channel for id %d", __func__, id); | |
181 | ||
182 | display = getenv("DISPLAY"); | |
183 | if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { | |
184 | char *proto, *data; | |
185 | /* Get reasonable local authentication information. */ | |
186 | client_x11_get_proto(display, options.xauth_location, | |
187 | options.forward_x11_trusted, &proto, &data); | |
188 | /* Request forwarding with authentication spoofing. */ | |
189 | debug("Requesting X11 forwarding with authentication spoofing."); | |
190 | x11_request_forwarding_with_spoofing(id, display, proto, data); | |
191 | /* XXX wait for reply */ | |
192 | } | |
193 | ||
194 | if (cctx->want_agent_fwd && options.forward_agent) { | |
195 | debug("Requesting authentication agent forwarding."); | |
196 | channel_request_start(id, "auth-agent-req@openssh.com", 0); | |
197 | packet_send(); | |
198 | } | |
199 | ||
200 | client_session2_setup(id, cctx->want_tty, cctx->want_subsys, | |
201 | cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env); | |
202 | ||
203 | c->open_confirm_ctx = NULL; | |
204 | buffer_free(&cctx->cmd); | |
205 | xfree(cctx->term); | |
206 | if (cctx->env != NULL) { | |
207 | for (i = 0; cctx->env[i] != NULL; i++) | |
208 | xfree(cctx->env[i]); | |
209 | xfree(cctx->env); | |
210 | } | |
211 | xfree(cctx); | |
212 | } | |
213 | ||
214 | /* | |
215 | * Accept a connection on the mux master socket and process the | |
216 | * client's request. Returns flag indicating whether mux master should | |
217 | * begin graceful close. | |
218 | */ | |
219 | int | |
220 | muxserver_accept_control(void) | |
221 | { | |
222 | Buffer m; | |
223 | Channel *c; | |
224 | int client_fd, new_fd[3], ver, allowed, window, packetmax; | |
225 | socklen_t addrlen; | |
226 | struct sockaddr_storage addr; | |
227 | struct mux_session_confirm_ctx *cctx; | |
228 | char *cmd; | |
229 | u_int i, j, len, env_len, mux_command, flags, escape_char; | |
230 | uid_t euid; | |
231 | gid_t egid; | |
232 | int start_close = 0; | |
233 | ||
234 | /* | |
235 | * Accept connection on control socket | |
236 | */ | |
237 | memset(&addr, 0, sizeof(addr)); | |
238 | addrlen = sizeof(addr); | |
239 | if ((client_fd = accept(muxserver_sock, | |
240 | (struct sockaddr*)&addr, &addrlen)) == -1) { | |
241 | error("%s accept: %s", __func__, strerror(errno)); | |
242 | return 0; | |
243 | } | |
244 | ||
245 | if (getpeereid(client_fd, &euid, &egid) < 0) { | |
246 | error("%s getpeereid failed: %s", __func__, strerror(errno)); | |
247 | close(client_fd); | |
248 | return 0; | |
249 | } | |
250 | if ((euid != 0) && (getuid() != euid)) { | |
251 | error("control mode uid mismatch: peer euid %u != uid %u", | |
252 | (u_int) euid, (u_int) getuid()); | |
253 | close(client_fd); | |
254 | return 0; | |
255 | } | |
256 | ||
257 | /* XXX handle asynchronously */ | |
258 | unset_nonblock(client_fd); | |
259 | ||
260 | /* Read command */ | |
261 | buffer_init(&m); | |
262 | if (ssh_msg_recv(client_fd, &m) == -1) { | |
263 | error("%s: client msg_recv failed", __func__); | |
264 | close(client_fd); | |
265 | buffer_free(&m); | |
266 | return 0; | |
267 | } | |
268 | if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { | |
269 | error("%s: wrong client version %d", __func__, ver); | |
270 | buffer_free(&m); | |
271 | close(client_fd); | |
272 | return 0; | |
273 | } | |
274 | ||
275 | allowed = 1; | |
276 | mux_command = buffer_get_int(&m); | |
277 | flags = buffer_get_int(&m); | |
278 | ||
279 | buffer_clear(&m); | |
280 | ||
281 | switch (mux_command) { | |
282 | case SSHMUX_COMMAND_OPEN: | |
283 | if (options.control_master == SSHCTL_MASTER_ASK || | |
284 | options.control_master == SSHCTL_MASTER_AUTO_ASK) | |
285 | allowed = ask_permission("Allow shared connection " | |
286 | "to %s? ", host); | |
287 | /* continue below */ | |
288 | break; | |
289 | case SSHMUX_COMMAND_TERMINATE: | |
290 | if (options.control_master == SSHCTL_MASTER_ASK || | |
291 | options.control_master == SSHCTL_MASTER_AUTO_ASK) | |
292 | allowed = ask_permission("Terminate shared connection " | |
293 | "to %s? ", host); | |
294 | if (allowed) | |
295 | start_close = 1; | |
296 | /* FALLTHROUGH */ | |
297 | case SSHMUX_COMMAND_ALIVE_CHECK: | |
298 | /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */ | |
299 | buffer_clear(&m); | |
300 | buffer_put_int(&m, allowed); | |
301 | buffer_put_int(&m, getpid()); | |
302 | if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { | |
303 | error("%s: client msg_send failed", __func__); | |
304 | close(client_fd); | |
305 | buffer_free(&m); | |
306 | return start_close; | |
307 | } | |
308 | buffer_free(&m); | |
309 | close(client_fd); | |
310 | return start_close; | |
311 | default: | |
312 | error("Unsupported command %d", mux_command); | |
313 | buffer_free(&m); | |
314 | close(client_fd); | |
315 | return 0; | |
316 | } | |
317 | ||
318 | /* Reply for SSHMUX_COMMAND_OPEN */ | |
319 | buffer_clear(&m); | |
320 | buffer_put_int(&m, allowed); | |
321 | buffer_put_int(&m, getpid()); | |
322 | if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { | |
323 | error("%s: client msg_send failed", __func__); | |
324 | close(client_fd); | |
325 | buffer_free(&m); | |
326 | return 0; | |
327 | } | |
328 | ||
329 | if (!allowed) { | |
330 | error("Refused control connection"); | |
331 | close(client_fd); | |
332 | buffer_free(&m); | |
333 | return 0; | |
334 | } | |
335 | ||
336 | buffer_clear(&m); | |
337 | if (ssh_msg_recv(client_fd, &m) == -1) { | |
338 | error("%s: client msg_recv failed", __func__); | |
339 | close(client_fd); | |
340 | buffer_free(&m); | |
341 | return 0; | |
342 | } | |
343 | if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { | |
344 | error("%s: wrong client version %d", __func__, ver); | |
345 | buffer_free(&m); | |
346 | close(client_fd); | |
347 | return 0; | |
348 | } | |
349 | ||
350 | cctx = xcalloc(1, sizeof(*cctx)); | |
351 | cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; | |
352 | cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; | |
353 | cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0; | |
354 | cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0; | |
355 | cctx->term = buffer_get_string(&m, &len); | |
356 | escape_char = buffer_get_int(&m); | |
357 | ||
358 | cmd = buffer_get_string(&m, &len); | |
359 | buffer_init(&cctx->cmd); | |
360 | buffer_append(&cctx->cmd, cmd, strlen(cmd)); | |
361 | ||
362 | env_len = buffer_get_int(&m); | |
363 | env_len = MIN(env_len, 4096); | |
364 | debug3("%s: receiving %d env vars", __func__, env_len); | |
365 | if (env_len != 0) { | |
366 | cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env)); | |
367 | for (i = 0; i < env_len; i++) | |
368 | cctx->env[i] = buffer_get_string(&m, &len); | |
369 | cctx->env[i] = NULL; | |
370 | } | |
371 | ||
372 | debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__, | |
373 | cctx->want_tty, cctx->want_subsys, cmd); | |
374 | xfree(cmd); | |
375 | ||
376 | /* Gather fds from client */ | |
377 | for(i = 0; i < 3; i++) { | |
378 | if ((new_fd[i] = mm_receive_fd(client_fd)) == -1) { | |
379 | error("%s: failed to receive fd %d from slave", | |
380 | __func__, i); | |
381 | for (j = 0; j < i; j++) | |
382 | close(new_fd[j]); | |
383 | for (j = 0; j < env_len; j++) | |
384 | xfree(cctx->env[j]); | |
385 | if (env_len > 0) | |
386 | xfree(cctx->env); | |
387 | xfree(cctx->term); | |
388 | buffer_free(&cctx->cmd); | |
389 | close(client_fd); | |
390 | xfree(cctx); | |
391 | return 0; | |
392 | } | |
393 | } | |
394 | ||
395 | debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__, | |
396 | new_fd[0], new_fd[1], new_fd[2]); | |
397 | ||
398 | /* Try to pick up ttymodes from client before it goes raw */ | |
399 | if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1) | |
400 | error("%s: tcgetattr: %s", __func__, strerror(errno)); | |
401 | ||
402 | /* This roundtrip is just for synchronisation of ttymodes */ | |
403 | buffer_clear(&m); | |
404 | if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { | |
405 | error("%s: client msg_send failed", __func__); | |
406 | close(client_fd); | |
407 | close(new_fd[0]); | |
408 | close(new_fd[1]); | |
409 | close(new_fd[2]); | |
410 | buffer_free(&m); | |
411 | xfree(cctx->term); | |
412 | if (env_len != 0) { | |
413 | for (i = 0; i < env_len; i++) | |
414 | xfree(cctx->env[i]); | |
415 | xfree(cctx->env); | |
416 | } | |
417 | return 0; | |
418 | } | |
419 | buffer_free(&m); | |
420 | ||
421 | /* enable nonblocking unless tty */ | |
422 | if (!isatty(new_fd[0])) | |
423 | set_nonblock(new_fd[0]); | |
424 | if (!isatty(new_fd[1])) | |
425 | set_nonblock(new_fd[1]); | |
426 | if (!isatty(new_fd[2])) | |
427 | set_nonblock(new_fd[2]); | |
428 | ||
429 | set_nonblock(client_fd); | |
430 | ||
431 | window = CHAN_SES_WINDOW_DEFAULT; | |
432 | packetmax = CHAN_SES_PACKET_DEFAULT; | |
433 | if (cctx->want_tty) { | |
434 | window >>= 1; | |
435 | packetmax >>= 1; | |
436 | } | |
437 | ||
438 | c = channel_new("session", SSH_CHANNEL_OPENING, | |
439 | new_fd[0], new_fd[1], new_fd[2], window, packetmax, | |
440 | CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); | |
441 | ||
442 | c->ctl_fd = client_fd; | |
443 | if (cctx->want_tty && escape_char != 0xffffffff) { | |
444 | channel_register_filter(c->self, | |
445 | client_simple_escape_filter, NULL, | |
446 | client_filter_cleanup, | |
447 | client_new_escape_filter_ctx((int)escape_char)); | |
448 | } | |
449 | ||
450 | debug3("%s: channel_new: %d", __func__, c->self); | |
451 | ||
452 | channel_send_open(c->self); | |
453 | channel_register_open_confirm(c->self, mux_session_confirm, cctx); | |
454 | return 0; | |
455 | } | |
456 | ||
457 | /* ** Multiplexing client support */ | |
458 | ||
459 | /* Exit signal handler */ | |
460 | static void | |
461 | control_client_sighandler(int signo) | |
462 | { | |
463 | muxclient_terminate = signo; | |
464 | } | |
465 | ||
466 | /* | |
467 | * Relay signal handler - used to pass some signals from mux client to | |
468 | * mux master. | |
469 | */ | |
470 | static void | |
471 | control_client_sigrelay(int signo) | |
472 | { | |
473 | int save_errno = errno; | |
474 | ||
475 | if (muxserver_pid > 1) | |
476 | kill(muxserver_pid, signo); | |
477 | ||
478 | errno = save_errno; | |
479 | } | |
480 | ||
481 | /* Check mux client environment variables before passing them to mux master. */ | |
482 | static int | |
483 | env_permitted(char *env) | |
484 | { | |
485 | int i, ret; | |
486 | char name[1024], *cp; | |
487 | ||
488 | if ((cp = strchr(env, '=')) == NULL || cp == env) | |
489 | return (0); | |
490 | ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env); | |
491 | if (ret <= 0 || (size_t)ret >= sizeof(name)) | |
492 | fatal("env_permitted: name '%.100s...' too long", env); | |
493 | ||
494 | for (i = 0; i < options.num_send_env; i++) | |
495 | if (match_pattern(name, options.send_env[i])) | |
496 | return (1); | |
497 | ||
498 | return (0); | |
499 | } | |
500 | ||
501 | /* Multiplex client main loop. */ | |
502 | void | |
503 | muxclient(const char *path) | |
504 | { | |
505 | struct sockaddr_un addr; | |
506 | int i, r, fd, sock, exitval[2], num_env, addr_len; | |
507 | Buffer m; | |
508 | char *term; | |
509 | extern char **environ; | |
510 | u_int allowed, flags; | |
511 | ||
512 | if (muxclient_command == 0) | |
513 | muxclient_command = SSHMUX_COMMAND_OPEN; | |
514 | ||
515 | switch (options.control_master) { | |
516 | case SSHCTL_MASTER_AUTO: | |
517 | case SSHCTL_MASTER_AUTO_ASK: | |
518 | debug("auto-mux: Trying existing master"); | |
519 | /* FALLTHROUGH */ | |
520 | case SSHCTL_MASTER_NO: | |
521 | break; | |
522 | default: | |
523 | return; | |
524 | } | |
525 | ||
526 | memset(&addr, '\0', sizeof(addr)); | |
527 | addr.sun_family = AF_UNIX; | |
528 | addr_len = offsetof(struct sockaddr_un, sun_path) + | |
529 | strlen(path) + 1; | |
530 | ||
531 | if (strlcpy(addr.sun_path, path, | |
532 | sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) | |
533 | fatal("ControlPath too long"); | |
534 | ||
535 | if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) | |
536 | fatal("%s socket(): %s", __func__, strerror(errno)); | |
537 | ||
538 | if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) { | |
539 | if (muxclient_command != SSHMUX_COMMAND_OPEN) { | |
540 | fatal("Control socket connect(%.100s): %s", path, | |
541 | strerror(errno)); | |
542 | } | |
543 | if (errno == ENOENT) | |
544 | debug("Control socket \"%.100s\" does not exist", path); | |
545 | else { | |
546 | error("Control socket connect(%.100s): %s", path, | |
547 | strerror(errno)); | |
548 | } | |
549 | close(sock); | |
550 | return; | |
551 | } | |
552 | ||
553 | if (stdin_null_flag) { | |
554 | if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) | |
555 | fatal("open(/dev/null): %s", strerror(errno)); | |
556 | if (dup2(fd, STDIN_FILENO) == -1) | |
557 | fatal("dup2: %s", strerror(errno)); | |
558 | if (fd > STDERR_FILENO) | |
559 | close(fd); | |
560 | } | |
561 | ||
562 | term = getenv("TERM"); | |
563 | ||
564 | flags = 0; | |
565 | if (tty_flag) | |
566 | flags |= SSHMUX_FLAG_TTY; | |
567 | if (subsystem_flag) | |
568 | flags |= SSHMUX_FLAG_SUBSYS; | |
569 | if (options.forward_x11) | |
570 | flags |= SSHMUX_FLAG_X11_FWD; | |
571 | if (options.forward_agent) | |
572 | flags |= SSHMUX_FLAG_AGENT_FWD; | |
573 | ||
574 | signal(SIGPIPE, SIG_IGN); | |
575 | ||
576 | buffer_init(&m); | |
577 | ||
578 | /* Send our command to server */ | |
579 | buffer_put_int(&m, muxclient_command); | |
580 | buffer_put_int(&m, flags); | |
581 | if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) { | |
582 | error("%s: msg_send", __func__); | |
583 | muxerr: | |
584 | close(sock); | |
585 | buffer_free(&m); | |
586 | if (muxclient_command != SSHMUX_COMMAND_OPEN) | |
587 | cleanup_exit(255); | |
588 | logit("Falling back to non-multiplexed connection"); | |
589 | xfree(options.control_path); | |
590 | options.control_path = NULL; | |
591 | options.control_master = SSHCTL_MASTER_NO; | |
592 | return; | |
593 | } | |
594 | buffer_clear(&m); | |
595 | ||
596 | /* Get authorisation status and PID of controlee */ | |
597 | if (ssh_msg_recv(sock, &m) == -1) { | |
598 | error("%s: Did not receive reply from master", __func__); | |
599 | goto muxerr; | |
600 | } | |
601 | if (buffer_get_char(&m) != SSHMUX_VER) { | |
602 | error("%s: Master replied with wrong version", __func__); | |
603 | goto muxerr; | |
604 | } | |
605 | if (buffer_get_int_ret(&allowed, &m) != 0) { | |
606 | error("%s: bad server reply", __func__); | |
607 | goto muxerr; | |
608 | } | |
609 | if (allowed != 1) { | |
610 | error("Connection to master denied"); | |
611 | goto muxerr; | |
612 | } | |
613 | muxserver_pid = buffer_get_int(&m); | |
614 | ||
615 | buffer_clear(&m); | |
616 | ||
617 | switch (muxclient_command) { | |
618 | case SSHMUX_COMMAND_ALIVE_CHECK: | |
619 | fprintf(stderr, "Master running (pid=%d)\r\n", | |
620 | muxserver_pid); | |
621 | exit(0); | |
622 | case SSHMUX_COMMAND_TERMINATE: | |
623 | fprintf(stderr, "Exit request sent.\r\n"); | |
624 | exit(0); | |
625 | case SSHMUX_COMMAND_OPEN: | |
626 | buffer_put_cstring(&m, term ? term : ""); | |
627 | if (options.escape_char == SSH_ESCAPECHAR_NONE) | |
628 | buffer_put_int(&m, 0xffffffff); | |
629 | else | |
630 | buffer_put_int(&m, options.escape_char); | |
631 | buffer_append(&command, "\0", 1); | |
632 | buffer_put_cstring(&m, buffer_ptr(&command)); | |
633 | ||
634 | if (options.num_send_env == 0 || environ == NULL) { | |
635 | buffer_put_int(&m, 0); | |
636 | } else { | |
637 | /* Pass environment */ | |
638 | num_env = 0; | |
639 | for (i = 0; environ[i] != NULL; i++) { | |
640 | if (env_permitted(environ[i])) | |
641 | num_env++; /* Count */ | |
642 | } | |
643 | buffer_put_int(&m, num_env); | |
644 | for (i = 0; environ[i] != NULL && num_env >= 0; i++) { | |
645 | if (env_permitted(environ[i])) { | |
646 | num_env--; | |
647 | buffer_put_cstring(&m, environ[i]); | |
648 | } | |
649 | } | |
650 | } | |
651 | break; | |
652 | default: | |
653 | fatal("unrecognised muxclient_command %d", muxclient_command); | |
654 | } | |
655 | ||
656 | if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) { | |
657 | error("%s: msg_send", __func__); | |
658 | goto muxerr; | |
659 | } | |
660 | ||
661 | if (mm_send_fd(sock, STDIN_FILENO) == -1 || | |
662 | mm_send_fd(sock, STDOUT_FILENO) == -1 || | |
663 | mm_send_fd(sock, STDERR_FILENO) == -1) { | |
664 | error("%s: send fds failed", __func__); | |
665 | goto muxerr; | |
666 | } | |
667 | ||
668 | /* | |
669 | * Mux errors are non-recoverable from this point as the master | |
670 | * has ownership of the session now. | |
671 | */ | |
672 | ||
673 | /* Wait for reply, so master has a chance to gather ttymodes */ | |
674 | buffer_clear(&m); | |
675 | if (ssh_msg_recv(sock, &m) == -1) | |
676 | fatal("%s: msg_recv", __func__); | |
677 | if (buffer_get_char(&m) != SSHMUX_VER) | |
678 | fatal("%s: wrong version", __func__); | |
679 | buffer_free(&m); | |
680 | ||
681 | signal(SIGHUP, control_client_sighandler); | |
682 | signal(SIGINT, control_client_sighandler); | |
683 | signal(SIGTERM, control_client_sighandler); | |
684 | signal(SIGWINCH, control_client_sigrelay); | |
685 | ||
686 | if (tty_flag) | |
687 | enter_raw_mode(force_tty_flag); | |
688 | ||
689 | /* | |
690 | * Stick around until the controlee closes the client_fd. | |
691 | * Before it does, it is expected to write this process' exit | |
692 | * value (one int). This process must read the value and wait for | |
693 | * the closure of the client_fd; if this one closes early, the | |
694 | * multiplex master will terminate early too (possibly losing data). | |
695 | */ | |
696 | exitval[0] = 0; | |
697 | for (i = 0; !muxclient_terminate && i < (int)sizeof(exitval);) { | |
698 | r = read(sock, (char *)exitval + i, sizeof(exitval) - i); | |
699 | if (r == 0) { | |
700 | debug2("Received EOF from master"); | |
701 | break; | |
702 | } | |
703 | if (r == -1) { | |
704 | if (errno == EINTR) | |
705 | continue; | |
706 | fatal("%s: read %s", __func__, strerror(errno)); | |
707 | } | |
708 | i += r; | |
709 | } | |
710 | ||
711 | close(sock); | |
712 | leave_raw_mode(force_tty_flag); | |
713 | if (i > (int)sizeof(int)) | |
714 | fatal("%s: master returned too much data (%d > %lu)", | |
715 | __func__, i, (u_long)sizeof(int)); | |
716 | if (muxclient_terminate) { | |
717 | debug2("Exiting on signal %d", muxclient_terminate); | |
718 | exitval[0] = 255; | |
719 | } else if (i < (int)sizeof(int)) { | |
720 | debug2("Control master terminated unexpectedly"); | |
721 | exitval[0] = 255; | |
722 | } else | |
723 | debug2("Received exit status from master %d", exitval[0]); | |
724 | ||
725 | if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET) | |
726 | fprintf(stderr, "Shared connection to %s closed.\r\n", host); | |
727 | ||
728 | exit(exitval[0]); | |
729 | } |