1 /* $OpenBSD: serverloop.c,v 1.141 2006/07/22 20:48:23 stevesk Exp $ */
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * Server main loop for handling the interactive session.
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
14 * SSH2 support by Markus Friedl.
15 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 #include <sys/types.h>
42 #include <sys/socket.h>
44 #include <netinet/in.h>
68 #include "auth-options.h"
69 #include "serverloop.h"
73 extern ServerOptions options;
77 extern Authctxt *the_authctxt;
78 extern int use_privsep;
80 static Buffer stdin_buffer; /* Buffer for stdin data. */
81 static Buffer stdout_buffer; /* Buffer for stdout data. */
82 static Buffer stderr_buffer; /* Buffer for stderr data. */
83 static int fdin; /* Descriptor for stdin (for writing) */
84 static int fdout; /* Descriptor for stdout (for reading);
85 May be same number as fdin. */
86 static int fderr; /* Descriptor for stderr. May be -1. */
87 static long stdin_bytes = 0; /* Number of bytes written to stdin. */
88 static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
89 static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
90 static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
91 static int stdin_eof = 0; /* EOF message received from client. */
92 static int fdout_eof = 0; /* EOF encountered reading from fdout. */
93 static int fderr_eof = 0; /* EOF encountered readung from fderr. */
94 static int fdin_is_tty = 0; /* fdin points to a tty. */
95 static int connection_in; /* Connection to client (input). */
96 static int connection_out; /* Connection to client (output). */
97 static int connection_closed = 0; /* Connection to client closed. */
98 static u_int buffer_high; /* "Soft" max buffer size. */
99 static int client_alive_timeouts = 0;
102 * This SIGCHLD kludge is used to detect when the child exits. The server
103 * will exit after that, as soon as forwarded connections have terminated.
106 static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */
108 /* Cleanup on signals (!use_privsep case only) */
109 static volatile sig_atomic_t received_sigterm = 0;
112 static void server_init_dispatch(void);
115 * we write to this pipe if a SIGCHLD is caught in order to avoid
116 * the race between select() and child_terminated
118 static int notify_pipe[2];
122 if (pipe(notify_pipe) < 0) {
123 error("pipe(notify_pipe) failed %s", strerror(errno));
124 } else if ((fcntl(notify_pipe[0], F_SETFD, 1) == -1) ||
125 (fcntl(notify_pipe[1], F_SETFD, 1) == -1)) {
126 error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
127 close(notify_pipe[0]);
128 close(notify_pipe[1]);
130 set_nonblock(notify_pipe[0]);
131 set_nonblock(notify_pipe[1]);
134 notify_pipe[0] = -1; /* read end */
135 notify_pipe[1] = -1; /* write end */
140 if (notify_pipe[1] != -1)
141 write(notify_pipe[1], "", 1);
144 notify_prepare(fd_set *readset)
146 if (notify_pipe[0] != -1)
147 FD_SET(notify_pipe[0], readset);
150 notify_done(fd_set *readset)
154 if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
155 while (read(notify_pipe[0], &c, 1) != -1)
156 debug2("notify_done: reading");
161 sigchld_handler(int sig)
163 int save_errno = errno;
164 child_terminated = 1;
166 mysignal(SIGCHLD, sigchld_handler);
174 sigterm_handler(int sig)
176 received_sigterm = sig;
180 * Make packets from buffered stderr data, and buffer it for sending
184 make_packets_from_stderr_data(void)
188 /* Send buffered stderr data to the client. */
189 while (buffer_len(&stderr_buffer) > 0 &&
190 packet_not_very_much_data_to_write()) {
191 len = buffer_len(&stderr_buffer);
192 if (packet_is_interactive()) {
196 /* Keep the packets at reasonable size. */
197 if (len > packet_get_maxsize())
198 len = packet_get_maxsize();
200 packet_start(SSH_SMSG_STDERR_DATA);
201 packet_put_string(buffer_ptr(&stderr_buffer), len);
203 buffer_consume(&stderr_buffer, len);
209 * Make packets from buffered stdout data, and buffer it for sending to the
213 make_packets_from_stdout_data(void)
217 /* Send buffered stdout data to the client. */
218 while (buffer_len(&stdout_buffer) > 0 &&
219 packet_not_very_much_data_to_write()) {
220 len = buffer_len(&stdout_buffer);
221 if (packet_is_interactive()) {
225 /* Keep the packets at reasonable size. */
226 if (len > packet_get_maxsize())
227 len = packet_get_maxsize();
229 packet_start(SSH_SMSG_STDOUT_DATA);
230 packet_put_string(buffer_ptr(&stdout_buffer), len);
232 buffer_consume(&stdout_buffer, len);
238 client_alive_check(void)
242 /* timeout, check to see how many we have had */
243 if (++client_alive_timeouts > options.client_alive_count_max)
244 packet_disconnect("Timeout, your session not responding.");
247 * send a bogus global/channel request with "wantreply",
248 * we should get back a failure
250 if ((channel_id = channel_find_open()) == -1) {
251 packet_start(SSH2_MSG_GLOBAL_REQUEST);
252 packet_put_cstring("keepalive@openssh.com");
253 packet_put_char(1); /* boolean: want reply */
255 channel_request_start(channel_id, "keepalive@openssh.com", 1);
261 * Sleep in select() until we can do something. This will initialize the
262 * select masks. Upon return, the masks will indicate which descriptors
263 * have data or can accept data. Optionally, a maximum time can be specified
264 * for the duration of the wait (0 = infinite).
267 wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
268 u_int *nallocp, u_int max_time_milliseconds)
270 struct timeval tv, *tvp;
272 int client_alive_scheduled = 0;
275 * if using client_alive, set the max timeout accordingly,
276 * and indicate that this particular timeout was for client
277 * alive by setting the client_alive_scheduled flag.
279 * this could be randomized somewhat to make traffic
280 * analysis more difficult, but we're not doing it yet.
283 max_time_milliseconds == 0 && options.client_alive_interval) {
284 client_alive_scheduled = 1;
285 max_time_milliseconds = options.client_alive_interval * 1000;
288 /* Allocate and update select() masks for channel descriptors. */
289 channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, 0);
293 /* wrong: bad condition XXX */
294 if (channel_not_very_much_buffered_data())
296 FD_SET(connection_in, *readsetp);
299 * Read packets from the client unless we have too much
300 * buffered stdin or channel data.
302 if (buffer_len(&stdin_buffer) < buffer_high &&
303 channel_not_very_much_buffered_data())
304 FD_SET(connection_in, *readsetp);
306 * If there is not too much data already buffered going to
307 * the client, try to get some more data from the program.
309 if (packet_not_very_much_data_to_write()) {
311 FD_SET(fdout, *readsetp);
313 FD_SET(fderr, *readsetp);
316 * If we have buffered data, try to write some of that data
319 if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
320 FD_SET(fdin, *writesetp);
322 notify_prepare(*readsetp);
325 * If we have buffered packet data going to the client, mark that
328 if (packet_have_data_to_write())
329 FD_SET(connection_out, *writesetp);
332 * If child has terminated and there is enough buffer space to read
333 * from it, then read as much as is available and exit.
335 if (child_terminated && packet_not_very_much_data_to_write())
336 if (max_time_milliseconds == 0 || client_alive_scheduled)
337 max_time_milliseconds = 100;
339 if (max_time_milliseconds == 0)
342 tv.tv_sec = max_time_milliseconds / 1000;
343 tv.tv_usec = 1000 * (max_time_milliseconds % 1000);
347 /* Wait for something to happen, or the timeout to expire. */
348 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
351 memset(*readsetp, 0, *nallocp);
352 memset(*writesetp, 0, *nallocp);
354 error("select: %.100s", strerror(errno));
355 } else if (ret == 0 && client_alive_scheduled)
356 client_alive_check();
358 notify_done(*readsetp);
362 * Processes input from the client and the program. Input data is stored
363 * in buffers and processed later.
366 process_input(fd_set *readset)
371 /* Read and buffer any input data from the client. */
372 if (FD_ISSET(connection_in, readset)) {
373 len = read(connection_in, buf, sizeof(buf));
375 verbose("Connection closed by %.100s",
376 get_remote_ipaddr());
377 connection_closed = 1;
381 } else if (len < 0) {
382 if (errno != EINTR && errno != EAGAIN) {
383 verbose("Read error from remote host "
385 get_remote_ipaddr(), strerror(errno));
389 /* Buffer any received data. */
390 packet_process_incoming(buf, len);
396 /* Read and buffer any available stdout data from the program. */
397 if (!fdout_eof && FD_ISSET(fdout, readset)) {
399 len = read(fdout, buf, sizeof(buf));
400 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
403 } else if (len <= 0) {
405 } else if ((!isatty(fdout) && len <= 0) ||
406 (isatty(fdout) && (len < 0 || (len == 0 && errno != 0)))) {
410 buffer_append(&stdout_buffer, buf, len);
414 /* Read and buffer any available stderr data from the program. */
415 if (!fderr_eof && FD_ISSET(fderr, readset)) {
417 len = read(fderr, buf, sizeof(buf));
418 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
421 } else if (len <= 0) {
423 } else if ((!isatty(fderr) && len <= 0) ||
424 (isatty(fderr) && (len < 0 || (len == 0 && errno != 0)))) {
428 buffer_append(&stderr_buffer, buf, len);
434 * Sends data from internal buffers to client program stdin.
437 process_output(fd_set *writeset)
444 /* Write buffered data to program stdin. */
445 if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
446 data = buffer_ptr(&stdin_buffer);
447 dlen = buffer_len(&stdin_buffer);
448 len = write(fdin, data, dlen);
449 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
451 } else if (len <= 0) {
455 shutdown(fdin, SHUT_WR); /* We will no longer send. */
458 /* Successful write. */
459 if (fdin_is_tty && dlen >= 1 && data[0] != '\r' &&
460 tcgetattr(fdin, &tio) == 0 &&
461 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
463 * Simulate echo to reduce the impact of
466 packet_send_ignore(len);
469 /* Consume the data from the buffer. */
470 buffer_consume(&stdin_buffer, len);
471 /* Update the count of bytes written to the program. */
475 /* Send any buffered packet data to the client. */
476 if (FD_ISSET(connection_out, writeset))
481 * Wait until all buffered output has been sent to the client.
482 * This is used when the program terminates.
487 /* Send any buffered stdout data to the client. */
488 if (buffer_len(&stdout_buffer) > 0) {
489 packet_start(SSH_SMSG_STDOUT_DATA);
490 packet_put_string(buffer_ptr(&stdout_buffer),
491 buffer_len(&stdout_buffer));
493 /* Update the count of sent bytes. */
494 stdout_bytes += buffer_len(&stdout_buffer);
496 /* Send any buffered stderr data to the client. */
497 if (buffer_len(&stderr_buffer) > 0) {
498 packet_start(SSH_SMSG_STDERR_DATA);
499 packet_put_string(buffer_ptr(&stderr_buffer),
500 buffer_len(&stderr_buffer));
502 /* Update the count of sent bytes. */
503 stderr_bytes += buffer_len(&stderr_buffer);
505 /* Wait until all buffered data has been written to the client. */
510 process_buffered_input_packets(void)
512 dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? xxx_kex : NULL);
516 * Performs the interactive session. This handles data transmission between
517 * the client and the program. Note that the notion of stdin, stdout, and
518 * stderr in this function is sort of reversed: this function writes to
519 * stdin (of the child program), and reads from stdout and stderr (of the
523 server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
525 fd_set *readset = NULL, *writeset = NULL;
528 int wait_status; /* Status returned by wait(). */
529 pid_t wait_pid; /* pid returned by wait(). */
530 int waiting_termination = 0; /* Have displayed waiting close message. */
531 u_int max_time_milliseconds;
532 u_int previous_stdout_buffer_bytes;
533 u_int stdout_buffer_bytes;
536 debug("Entering interactive session.");
538 /* Initialize the SIGCHLD kludge. */
539 child_terminated = 0;
540 mysignal(SIGCHLD, sigchld_handler);
543 signal(SIGTERM, sigterm_handler);
544 signal(SIGINT, sigterm_handler);
545 signal(SIGQUIT, sigterm_handler);
548 /* Initialize our global variables. */
556 /* we don't have stderr for interactive terminal sessions, see below */
560 if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
563 connection_in = packet_get_connection_in();
564 connection_out = packet_get_connection_out();
568 previous_stdout_buffer_bytes = 0;
570 /* Set approximate I/O buffer size. */
571 if (packet_is_interactive())
574 buffer_high = 64 * 1024;
577 /* Initialize max_fd to the maximum of the known file descriptors. */
578 max_fd = MAX(connection_in, connection_out);
579 max_fd = MAX(max_fd, fdin);
580 max_fd = MAX(max_fd, fdout);
582 max_fd = MAX(max_fd, fderr);
585 /* Initialize Initialize buffers. */
586 buffer_init(&stdin_buffer);
587 buffer_init(&stdout_buffer);
588 buffer_init(&stderr_buffer);
591 * If we have no separate fderr (which is the case when we have a pty
592 * - there we cannot make difference between data sent to stdout and
593 * stderr), indicate that we have seen an EOF from stderr. This way
594 * we don't need to check the descriptor everywhere.
599 server_init_dispatch();
601 /* Main loop of the server for the interactive session mode. */
604 /* Process buffered packets from the client. */
605 process_buffered_input_packets();
608 * If we have received eof, and there is no more pending
609 * input data, cause a real eof by closing fdin.
611 if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
615 shutdown(fdin, SHUT_WR); /* We will no longer send. */
618 /* Make packets from buffered stderr data to send to the client. */
619 make_packets_from_stderr_data();
622 * Make packets from buffered stdout data to send to the
623 * client. If there is very little to send, this arranges to
624 * not send them now, but to wait a short while to see if we
625 * are getting more data. This is necessary, as some systems
626 * wake up readers from a pty after each separate character.
628 max_time_milliseconds = 0;
629 stdout_buffer_bytes = buffer_len(&stdout_buffer);
630 if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 &&
631 stdout_buffer_bytes != previous_stdout_buffer_bytes) {
632 /* try again after a while */
633 max_time_milliseconds = 10;
636 make_packets_from_stdout_data();
638 previous_stdout_buffer_bytes = buffer_len(&stdout_buffer);
640 /* Send channel data to the client. */
641 if (packet_not_very_much_data_to_write())
642 channel_output_poll();
645 * Bail out of the loop if the program has closed its output
646 * descriptors, and we have no more data to send to the
647 * client, and there is no pending buffered data.
649 if (fdout_eof && fderr_eof && !packet_have_data_to_write() &&
650 buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) {
651 if (!channel_still_open())
653 if (!waiting_termination) {
654 const char *s = "Waiting for forwarded connections to terminate...\r\n";
656 waiting_termination = 1;
657 buffer_append(&stderr_buffer, s, strlen(s));
659 /* Display list of open channels. */
660 cp = channel_open_message();
661 buffer_append(&stderr_buffer, cp, strlen(cp));
665 max_fd = MAX(connection_in, connection_out);
666 max_fd = MAX(max_fd, fdin);
667 max_fd = MAX(max_fd, fdout);
668 max_fd = MAX(max_fd, fderr);
669 max_fd = MAX(max_fd, notify_pipe[0]);
671 /* Sleep in select() until we can do something. */
672 wait_until_can_do_something(&readset, &writeset, &max_fd,
673 &nalloc, max_time_milliseconds);
675 if (received_sigterm) {
676 logit("Exiting on signal %d", received_sigterm);
677 /* Clean up sessions, utmp, etc. */
681 /* Process any channel events. */
682 channel_after_select(readset, writeset);
684 /* Process input from the client and from program stdout/stderr. */
685 process_input(readset);
687 /* Process output to the client and to program stdin. */
688 process_output(writeset);
695 /* Cleanup and termination code. */
697 /* Wait until all output has been sent to the client. */
700 debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
701 stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
703 /* Free and clear the buffers. */
704 buffer_free(&stdin_buffer);
705 buffer_free(&stdout_buffer);
706 buffer_free(&stderr_buffer);
708 /* Close the file descriptors. */
723 /* We no longer want our SIGCHLD handler to be called. */
724 mysignal(SIGCHLD, SIG_DFL);
726 while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0)
728 packet_disconnect("wait: %.100s", strerror(errno));
730 error("Strange, wait returned pid %ld, expected %ld",
731 (long)wait_pid, (long)pid);
733 /* Check if it exited normally. */
734 if (WIFEXITED(wait_status)) {
735 /* Yes, normal exit. Get exit status and send it to the client. */
736 debug("Command exited with status %d.", WEXITSTATUS(wait_status));
737 packet_start(SSH_SMSG_EXITSTATUS);
738 packet_put_int(WEXITSTATUS(wait_status));
743 * Wait for exit confirmation. Note that there might be
744 * other packets coming before it; however, the program has
745 * already died so we just ignore them. The client is
746 * supposed to respond with the confirmation when it receives
750 type = packet_read();
752 while (type != SSH_CMSG_EXIT_CONFIRMATION);
754 debug("Received exit confirmation.");
757 /* Check if the program terminated due to a signal. */
758 if (WIFSIGNALED(wait_status))
759 packet_disconnect("Command terminated on signal %d.",
760 WTERMSIG(wait_status));
762 /* Some weird exit cause. Just exit. */
763 packet_disconnect("wait returned status %04x.", wait_status);
768 collect_children(void)
774 /* block SIGCHLD while we check for dead children */
776 sigaddset(&nset, SIGCHLD);
777 sigprocmask(SIG_BLOCK, &nset, &oset);
778 if (child_terminated) {
779 debug("Received SIGCHLD.");
780 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
781 (pid < 0 && errno == EINTR))
783 session_close_by_pid(pid, status);
784 child_terminated = 0;
786 sigprocmask(SIG_SETMASK, &oset, NULL);
790 server_loop2(Authctxt *authctxt)
792 fd_set *readset = NULL, *writeset = NULL;
793 int rekeying = 0, max_fd, nalloc = 0;
795 debug("Entering interactive session for SSH2.");
797 mysignal(SIGCHLD, sigchld_handler);
798 child_terminated = 0;
799 connection_in = packet_get_connection_in();
800 connection_out = packet_get_connection_out();
803 signal(SIGTERM, sigterm_handler);
804 signal(SIGINT, sigterm_handler);
805 signal(SIGQUIT, sigterm_handler);
810 max_fd = MAX(connection_in, connection_out);
811 max_fd = MAX(max_fd, notify_pipe[0]);
813 server_init_dispatch();
816 process_buffered_input_packets();
818 rekeying = (xxx_kex != NULL && !xxx_kex->done);
820 if (!rekeying && packet_not_very_much_data_to_write())
821 channel_output_poll();
822 wait_until_can_do_something(&readset, &writeset, &max_fd,
825 if (received_sigterm) {
826 logit("Exiting on signal %d", received_sigterm);
827 /* Clean up sessions, utmp, etc. */
833 channel_after_select(readset, writeset);
834 if (packet_need_rekeying()) {
835 debug("need rekeying");
837 kex_send_kexinit(xxx_kex);
840 process_input(readset);
841 if (connection_closed)
843 process_output(writeset);
852 /* free all channels, no more reads and writes */
855 /* free remaining sessions, e.g. remove wtmp entries */
856 session_destroy_all(NULL);
860 server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
862 debug("Got %d/%u for keepalive", type, seq);
864 * reset timeout, since we got a sane answer from the client.
865 * even if this was generated by something other than
866 * the bogus CHANNEL_REQUEST we send for keepalives.
868 client_alive_timeouts = 0;
872 server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
877 /* Stdin data from the client. Append it to the buffer. */
878 /* Ignore any data if the client has closed stdin. */
881 data = packet_get_string(&data_len);
883 buffer_append(&stdin_buffer, data, data_len);
884 memset(data, 0, data_len);
889 server_input_eof(int type, u_int32_t seq, void *ctxt)
892 * Eof from the client. The stdin descriptor to the
893 * program will be closed when all buffered data has
896 debug("EOF received for stdin.");
902 server_input_window_size(int type, u_int32_t seq, void *ctxt)
904 u_int row = packet_get_int();
905 u_int col = packet_get_int();
906 u_int xpixel = packet_get_int();
907 u_int ypixel = packet_get_int();
909 debug("Window change received.");
912 pty_change_window_size(fdin, row, col, xpixel, ypixel);
916 server_request_direct_tcpip(void)
920 char *target, *originator;
921 int target_port, originator_port;
923 target = packet_get_string(NULL);
924 target_port = packet_get_int();
925 originator = packet_get_string(NULL);
926 originator_port = packet_get_int();
929 debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
930 originator, originator_port, target, target_port);
932 /* XXX check permission */
933 sock = channel_connect_to(target, target_port);
938 c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
939 sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
940 CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
945 server_request_tun(void)
951 mode = packet_get_int();
953 case SSH_TUNMODE_POINTOPOINT:
954 case SSH_TUNMODE_ETHERNET:
957 packet_send_debug("Unsupported tunnel device mode.");
960 if ((options.permit_tun & mode) == 0) {
961 packet_send_debug("Server has rejected tunnel device "
966 tun = packet_get_int();
967 if (forced_tun_device != -1) {
968 if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
970 tun = forced_tun_device;
972 sock = tun_open(tun, mode);
975 c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
976 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
978 #if defined(SSH_TUN_FILTER)
979 if (mode == SSH_TUNMODE_POINTOPOINT)
980 channel_register_filter(c->self, sys_tun_infilter,
986 packet_send_debug("Failed to open the tunnel device.");
991 server_request_session(void)
995 debug("input_session_request");
998 * A server session has no fd to read or write until a
999 * CHANNEL_REQUEST for a shell is made, so we set the type to
1000 * SSH_CHANNEL_LARVAL. Additionally, a callback for handling all
1001 * CHANNEL_REQUEST messages is registered.
1003 c = channel_new("session", SSH_CHANNEL_LARVAL,
1004 -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
1005 0, "server-session", 1);
1006 if (session_open(the_authctxt, c->self) != 1) {
1007 debug("session open failed, free channel %d", c->self);
1011 channel_register_cleanup(c->self, session_close_by_channel, 0);
1016 server_input_channel_open(int type, u_int32_t seq, void *ctxt)
1021 u_int rmaxpack, rwindow, len;
1023 ctype = packet_get_string(&len);
1024 rchan = packet_get_int();
1025 rwindow = packet_get_int();
1026 rmaxpack = packet_get_int();
1028 debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
1029 ctype, rchan, rwindow, rmaxpack);
1031 if (strcmp(ctype, "session") == 0) {
1032 c = server_request_session();
1033 } else if (strcmp(ctype, "direct-tcpip") == 0) {
1034 c = server_request_direct_tcpip();
1035 } else if (strcmp(ctype, "tun@openssh.com") == 0) {
1036 c = server_request_tun();
1039 debug("server_input_channel_open: confirm %s", ctype);
1040 c->remote_id = rchan;
1041 c->remote_window = rwindow;
1042 c->remote_maxpacket = rmaxpack;
1043 if (c->type != SSH_CHANNEL_CONNECTING) {
1044 packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
1045 packet_put_int(c->remote_id);
1046 packet_put_int(c->self);
1047 packet_put_int(c->local_window);
1048 packet_put_int(c->local_maxpacket);
1052 debug("server_input_channel_open: failure %s", ctype);
1053 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
1054 packet_put_int(rchan);
1055 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
1056 if (!(datafellows & SSH_BUG_OPENFAILURE)) {
1057 packet_put_cstring("open failed");
1058 packet_put_cstring("");
1066 server_input_global_request(int type, u_int32_t seq, void *ctxt)
1072 rtype = packet_get_string(NULL);
1073 want_reply = packet_get_char();
1074 debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
1076 /* -R style forwarding */
1077 if (strcmp(rtype, "tcpip-forward") == 0) {
1079 char *listen_address;
1080 u_short listen_port;
1082 pw = the_authctxt->pw;
1083 if (pw == NULL || !the_authctxt->valid)
1084 fatal("server_input_global_request: no/invalid user");
1085 listen_address = packet_get_string(NULL);
1086 listen_port = (u_short)packet_get_int();
1087 debug("server_input_global_request: tcpip-forward listen %s port %d",
1088 listen_address, listen_port);
1090 /* check permissions */
1091 if (!options.allow_tcp_forwarding ||
1092 no_port_forwarding_flag
1093 #ifndef NO_IPPORT_RESERVED_CONCEPT
1094 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
1098 packet_send_debug("Server has disabled port forwarding.");
1100 /* Start listening on the port */
1101 success = channel_setup_remote_fwd_listener(
1102 listen_address, listen_port, options.gateway_ports);
1104 xfree(listen_address);
1105 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
1106 char *cancel_address;
1107 u_short cancel_port;
1109 cancel_address = packet_get_string(NULL);
1110 cancel_port = (u_short)packet_get_int();
1111 debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
1112 cancel_address, cancel_port);
1114 success = channel_cancel_rport_listener(cancel_address,
1116 xfree(cancel_address);
1119 packet_start(success ?
1120 SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
1122 packet_write_wait();
1128 server_input_channel_req(int type, u_int32_t seq, void *ctxt)
1131 int id, reply, success = 0;
1134 id = packet_get_int();
1135 rtype = packet_get_string(NULL);
1136 reply = packet_get_char();
1138 debug("server_input_channel_req: channel %d request %s reply %d",
1141 if ((c = channel_lookup(id)) == NULL)
1142 packet_disconnect("server_input_channel_req: "
1143 "unknown channel %d", id);
1144 if (c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN)
1145 success = session_input_channel_req(c, rtype);
1147 packet_start(success ?
1148 SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1149 packet_put_int(c->remote_id);
1156 server_init_dispatch_20(void)
1158 debug("server_init_dispatch_20");
1159 dispatch_init(&dispatch_protocol_error);
1160 dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
1161 dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
1162 dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
1163 dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
1164 dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
1165 dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1166 dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1167 dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
1168 dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
1169 dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
1171 dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
1172 dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
1173 dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
1175 dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
1178 server_init_dispatch_13(void)
1180 debug("server_init_dispatch_13");
1181 dispatch_init(NULL);
1182 dispatch_set(SSH_CMSG_EOF, &server_input_eof);
1183 dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data);
1184 dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size);
1185 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
1186 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
1187 dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
1188 dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1189 dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1190 dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
1193 server_init_dispatch_15(void)
1195 server_init_dispatch_13();
1196 debug("server_init_dispatch_15");
1197 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
1198 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
1201 server_init_dispatch(void)
1204 server_init_dispatch_20();
1206 server_init_dispatch_13();
1208 server_init_dispatch_15();