1 /* $OpenBSD: serverloop.c,v 1.140 2006/07/20 15:26:15 stevesk Exp $ */
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * Server main loop for handling the interactive session.
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
14 * SSH2 support by Markus Friedl.
15 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 #include <sys/types.h>
42 #include <sys/socket.h>
44 #include <netinet/in.h>
67 #include "auth-options.h"
68 #include "serverloop.h"
72 extern ServerOptions options;
76 extern Authctxt *the_authctxt;
77 extern int use_privsep;
79 static Buffer stdin_buffer; /* Buffer for stdin data. */
80 static Buffer stdout_buffer; /* Buffer for stdout data. */
81 static Buffer stderr_buffer; /* Buffer for stderr data. */
82 static int fdin; /* Descriptor for stdin (for writing) */
83 static int fdout; /* Descriptor for stdout (for reading);
84 May be same number as fdin. */
85 static int fderr; /* Descriptor for stderr. May be -1. */
86 static long stdin_bytes = 0; /* Number of bytes written to stdin. */
87 static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
88 static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
89 static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
90 static int stdin_eof = 0; /* EOF message received from client. */
91 static int fdout_eof = 0; /* EOF encountered reading from fdout. */
92 static int fderr_eof = 0; /* EOF encountered readung from fderr. */
93 static int fdin_is_tty = 0; /* fdin points to a tty. */
94 static int connection_in; /* Connection to client (input). */
95 static int connection_out; /* Connection to client (output). */
96 static int connection_closed = 0; /* Connection to client closed. */
97 static u_int buffer_high; /* "Soft" max buffer size. */
98 static int client_alive_timeouts = 0;
101 * This SIGCHLD kludge is used to detect when the child exits. The server
102 * will exit after that, as soon as forwarded connections have terminated.
105 static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */
107 /* Cleanup on signals (!use_privsep case only) */
108 static volatile sig_atomic_t received_sigterm = 0;
111 static void server_init_dispatch(void);
114 * we write to this pipe if a SIGCHLD is caught in order to avoid
115 * the race between select() and child_terminated
117 static int notify_pipe[2];
121 if (pipe(notify_pipe) < 0) {
122 error("pipe(notify_pipe) failed %s", strerror(errno));
123 } else if ((fcntl(notify_pipe[0], F_SETFD, 1) == -1) ||
124 (fcntl(notify_pipe[1], F_SETFD, 1) == -1)) {
125 error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
126 close(notify_pipe[0]);
127 close(notify_pipe[1]);
129 set_nonblock(notify_pipe[0]);
130 set_nonblock(notify_pipe[1]);
133 notify_pipe[0] = -1; /* read end */
134 notify_pipe[1] = -1; /* write end */
139 if (notify_pipe[1] != -1)
140 write(notify_pipe[1], "", 1);
143 notify_prepare(fd_set *readset)
145 if (notify_pipe[0] != -1)
146 FD_SET(notify_pipe[0], readset);
149 notify_done(fd_set *readset)
153 if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
154 while (read(notify_pipe[0], &c, 1) != -1)
155 debug2("notify_done: reading");
160 sigchld_handler(int sig)
162 int save_errno = errno;
163 child_terminated = 1;
165 mysignal(SIGCHLD, sigchld_handler);
173 sigterm_handler(int sig)
175 received_sigterm = sig;
179 * Make packets from buffered stderr data, and buffer it for sending
183 make_packets_from_stderr_data(void)
187 /* Send buffered stderr data to the client. */
188 while (buffer_len(&stderr_buffer) > 0 &&
189 packet_not_very_much_data_to_write()) {
190 len = buffer_len(&stderr_buffer);
191 if (packet_is_interactive()) {
195 /* Keep the packets at reasonable size. */
196 if (len > packet_get_maxsize())
197 len = packet_get_maxsize();
199 packet_start(SSH_SMSG_STDERR_DATA);
200 packet_put_string(buffer_ptr(&stderr_buffer), len);
202 buffer_consume(&stderr_buffer, len);
208 * Make packets from buffered stdout data, and buffer it for sending to the
212 make_packets_from_stdout_data(void)
216 /* Send buffered stdout data to the client. */
217 while (buffer_len(&stdout_buffer) > 0 &&
218 packet_not_very_much_data_to_write()) {
219 len = buffer_len(&stdout_buffer);
220 if (packet_is_interactive()) {
224 /* Keep the packets at reasonable size. */
225 if (len > packet_get_maxsize())
226 len = packet_get_maxsize();
228 packet_start(SSH_SMSG_STDOUT_DATA);
229 packet_put_string(buffer_ptr(&stdout_buffer), len);
231 buffer_consume(&stdout_buffer, len);
237 client_alive_check(void)
241 /* timeout, check to see how many we have had */
242 if (++client_alive_timeouts > options.client_alive_count_max)
243 packet_disconnect("Timeout, your session not responding.");
246 * send a bogus global/channel request with "wantreply",
247 * we should get back a failure
249 if ((channel_id = channel_find_open()) == -1) {
250 packet_start(SSH2_MSG_GLOBAL_REQUEST);
251 packet_put_cstring("keepalive@openssh.com");
252 packet_put_char(1); /* boolean: want reply */
254 channel_request_start(channel_id, "keepalive@openssh.com", 1);
260 * Sleep in select() until we can do something. This will initialize the
261 * select masks. Upon return, the masks will indicate which descriptors
262 * have data or can accept data. Optionally, a maximum time can be specified
263 * for the duration of the wait (0 = infinite).
266 wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
267 u_int *nallocp, u_int max_time_milliseconds)
269 struct timeval tv, *tvp;
271 int client_alive_scheduled = 0;
274 * if using client_alive, set the max timeout accordingly,
275 * and indicate that this particular timeout was for client
276 * alive by setting the client_alive_scheduled flag.
278 * this could be randomized somewhat to make traffic
279 * analysis more difficult, but we're not doing it yet.
282 max_time_milliseconds == 0 && options.client_alive_interval) {
283 client_alive_scheduled = 1;
284 max_time_milliseconds = options.client_alive_interval * 1000;
287 /* Allocate and update select() masks for channel descriptors. */
288 channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, 0);
292 /* wrong: bad condition XXX */
293 if (channel_not_very_much_buffered_data())
295 FD_SET(connection_in, *readsetp);
298 * Read packets from the client unless we have too much
299 * buffered stdin or channel data.
301 if (buffer_len(&stdin_buffer) < buffer_high &&
302 channel_not_very_much_buffered_data())
303 FD_SET(connection_in, *readsetp);
305 * If there is not too much data already buffered going to
306 * the client, try to get some more data from the program.
308 if (packet_not_very_much_data_to_write()) {
310 FD_SET(fdout, *readsetp);
312 FD_SET(fderr, *readsetp);
315 * If we have buffered data, try to write some of that data
318 if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
319 FD_SET(fdin, *writesetp);
321 notify_prepare(*readsetp);
324 * If we have buffered packet data going to the client, mark that
327 if (packet_have_data_to_write())
328 FD_SET(connection_out, *writesetp);
331 * If child has terminated and there is enough buffer space to read
332 * from it, then read as much as is available and exit.
334 if (child_terminated && packet_not_very_much_data_to_write())
335 if (max_time_milliseconds == 0 || client_alive_scheduled)
336 max_time_milliseconds = 100;
338 if (max_time_milliseconds == 0)
341 tv.tv_sec = max_time_milliseconds / 1000;
342 tv.tv_usec = 1000 * (max_time_milliseconds % 1000);
346 /* Wait for something to happen, or the timeout to expire. */
347 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
350 memset(*readsetp, 0, *nallocp);
351 memset(*writesetp, 0, *nallocp);
353 error("select: %.100s", strerror(errno));
354 } else if (ret == 0 && client_alive_scheduled)
355 client_alive_check();
357 notify_done(*readsetp);
361 * Processes input from the client and the program. Input data is stored
362 * in buffers and processed later.
365 process_input(fd_set *readset)
370 /* Read and buffer any input data from the client. */
371 if (FD_ISSET(connection_in, readset)) {
372 len = read(connection_in, buf, sizeof(buf));
374 verbose("Connection closed by %.100s",
375 get_remote_ipaddr());
376 connection_closed = 1;
380 } else if (len < 0) {
381 if (errno != EINTR && errno != EAGAIN) {
382 verbose("Read error from remote host "
384 get_remote_ipaddr(), strerror(errno));
388 /* Buffer any received data. */
389 packet_process_incoming(buf, len);
395 /* Read and buffer any available stdout data from the program. */
396 if (!fdout_eof && FD_ISSET(fdout, readset)) {
398 len = read(fdout, buf, sizeof(buf));
399 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
402 } else if (len <= 0) {
404 } else if ((!isatty(fdout) && len <= 0) ||
405 (isatty(fdout) && (len < 0 || (len == 0 && errno != 0)))) {
409 buffer_append(&stdout_buffer, buf, len);
413 /* Read and buffer any available stderr data from the program. */
414 if (!fderr_eof && FD_ISSET(fderr, readset)) {
416 len = read(fderr, buf, sizeof(buf));
417 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
420 } else if (len <= 0) {
422 } else if ((!isatty(fderr) && len <= 0) ||
423 (isatty(fderr) && (len < 0 || (len == 0 && errno != 0)))) {
427 buffer_append(&stderr_buffer, buf, len);
433 * Sends data from internal buffers to client program stdin.
436 process_output(fd_set *writeset)
443 /* Write buffered data to program stdin. */
444 if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
445 data = buffer_ptr(&stdin_buffer);
446 dlen = buffer_len(&stdin_buffer);
447 len = write(fdin, data, dlen);
448 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
450 } else if (len <= 0) {
454 shutdown(fdin, SHUT_WR); /* We will no longer send. */
457 /* Successful write. */
458 if (fdin_is_tty && dlen >= 1 && data[0] != '\r' &&
459 tcgetattr(fdin, &tio) == 0 &&
460 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
462 * Simulate echo to reduce the impact of
465 packet_send_ignore(len);
468 /* Consume the data from the buffer. */
469 buffer_consume(&stdin_buffer, len);
470 /* Update the count of bytes written to the program. */
474 /* Send any buffered packet data to the client. */
475 if (FD_ISSET(connection_out, writeset))
480 * Wait until all buffered output has been sent to the client.
481 * This is used when the program terminates.
486 /* Send any buffered stdout data to the client. */
487 if (buffer_len(&stdout_buffer) > 0) {
488 packet_start(SSH_SMSG_STDOUT_DATA);
489 packet_put_string(buffer_ptr(&stdout_buffer),
490 buffer_len(&stdout_buffer));
492 /* Update the count of sent bytes. */
493 stdout_bytes += buffer_len(&stdout_buffer);
495 /* Send any buffered stderr data to the client. */
496 if (buffer_len(&stderr_buffer) > 0) {
497 packet_start(SSH_SMSG_STDERR_DATA);
498 packet_put_string(buffer_ptr(&stderr_buffer),
499 buffer_len(&stderr_buffer));
501 /* Update the count of sent bytes. */
502 stderr_bytes += buffer_len(&stderr_buffer);
504 /* Wait until all buffered data has been written to the client. */
509 process_buffered_input_packets(void)
511 dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? xxx_kex : NULL);
515 * Performs the interactive session. This handles data transmission between
516 * the client and the program. Note that the notion of stdin, stdout, and
517 * stderr in this function is sort of reversed: this function writes to
518 * stdin (of the child program), and reads from stdout and stderr (of the
522 server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
524 fd_set *readset = NULL, *writeset = NULL;
527 int wait_status; /* Status returned by wait(). */
528 pid_t wait_pid; /* pid returned by wait(). */
529 int waiting_termination = 0; /* Have displayed waiting close message. */
530 u_int max_time_milliseconds;
531 u_int previous_stdout_buffer_bytes;
532 u_int stdout_buffer_bytes;
535 debug("Entering interactive session.");
537 /* Initialize the SIGCHLD kludge. */
538 child_terminated = 0;
539 mysignal(SIGCHLD, sigchld_handler);
542 signal(SIGTERM, sigterm_handler);
543 signal(SIGINT, sigterm_handler);
544 signal(SIGQUIT, sigterm_handler);
547 /* Initialize our global variables. */
555 /* we don't have stderr for interactive terminal sessions, see below */
559 if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
562 connection_in = packet_get_connection_in();
563 connection_out = packet_get_connection_out();
567 previous_stdout_buffer_bytes = 0;
569 /* Set approximate I/O buffer size. */
570 if (packet_is_interactive())
573 buffer_high = 64 * 1024;
576 /* Initialize max_fd to the maximum of the known file descriptors. */
577 max_fd = MAX(connection_in, connection_out);
578 max_fd = MAX(max_fd, fdin);
579 max_fd = MAX(max_fd, fdout);
581 max_fd = MAX(max_fd, fderr);
584 /* Initialize Initialize buffers. */
585 buffer_init(&stdin_buffer);
586 buffer_init(&stdout_buffer);
587 buffer_init(&stderr_buffer);
590 * If we have no separate fderr (which is the case when we have a pty
591 * - there we cannot make difference between data sent to stdout and
592 * stderr), indicate that we have seen an EOF from stderr. This way
593 * we don't need to check the descriptor everywhere.
598 server_init_dispatch();
600 /* Main loop of the server for the interactive session mode. */
603 /* Process buffered packets from the client. */
604 process_buffered_input_packets();
607 * If we have received eof, and there is no more pending
608 * input data, cause a real eof by closing fdin.
610 if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
614 shutdown(fdin, SHUT_WR); /* We will no longer send. */
617 /* Make packets from buffered stderr data to send to the client. */
618 make_packets_from_stderr_data();
621 * Make packets from buffered stdout data to send to the
622 * client. If there is very little to send, this arranges to
623 * not send them now, but to wait a short while to see if we
624 * are getting more data. This is necessary, as some systems
625 * wake up readers from a pty after each separate character.
627 max_time_milliseconds = 0;
628 stdout_buffer_bytes = buffer_len(&stdout_buffer);
629 if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 &&
630 stdout_buffer_bytes != previous_stdout_buffer_bytes) {
631 /* try again after a while */
632 max_time_milliseconds = 10;
635 make_packets_from_stdout_data();
637 previous_stdout_buffer_bytes = buffer_len(&stdout_buffer);
639 /* Send channel data to the client. */
640 if (packet_not_very_much_data_to_write())
641 channel_output_poll();
644 * Bail out of the loop if the program has closed its output
645 * descriptors, and we have no more data to send to the
646 * client, and there is no pending buffered data.
648 if (fdout_eof && fderr_eof && !packet_have_data_to_write() &&
649 buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) {
650 if (!channel_still_open())
652 if (!waiting_termination) {
653 const char *s = "Waiting for forwarded connections to terminate...\r\n";
655 waiting_termination = 1;
656 buffer_append(&stderr_buffer, s, strlen(s));
658 /* Display list of open channels. */
659 cp = channel_open_message();
660 buffer_append(&stderr_buffer, cp, strlen(cp));
664 max_fd = MAX(connection_in, connection_out);
665 max_fd = MAX(max_fd, fdin);
666 max_fd = MAX(max_fd, fdout);
667 max_fd = MAX(max_fd, fderr);
668 max_fd = MAX(max_fd, notify_pipe[0]);
670 /* Sleep in select() until we can do something. */
671 wait_until_can_do_something(&readset, &writeset, &max_fd,
672 &nalloc, max_time_milliseconds);
674 if (received_sigterm) {
675 logit("Exiting on signal %d", received_sigterm);
676 /* Clean up sessions, utmp, etc. */
680 /* Process any channel events. */
681 channel_after_select(readset, writeset);
683 /* Process input from the client and from program stdout/stderr. */
684 process_input(readset);
686 /* Process output to the client and to program stdin. */
687 process_output(writeset);
694 /* Cleanup and termination code. */
696 /* Wait until all output has been sent to the client. */
699 debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
700 stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
702 /* Free and clear the buffers. */
703 buffer_free(&stdin_buffer);
704 buffer_free(&stdout_buffer);
705 buffer_free(&stderr_buffer);
707 /* Close the file descriptors. */
722 /* We no longer want our SIGCHLD handler to be called. */
723 mysignal(SIGCHLD, SIG_DFL);
725 while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0)
727 packet_disconnect("wait: %.100s", strerror(errno));
729 error("Strange, wait returned pid %ld, expected %ld",
730 (long)wait_pid, (long)pid);
732 /* Check if it exited normally. */
733 if (WIFEXITED(wait_status)) {
734 /* Yes, normal exit. Get exit status and send it to the client. */
735 debug("Command exited with status %d.", WEXITSTATUS(wait_status));
736 packet_start(SSH_SMSG_EXITSTATUS);
737 packet_put_int(WEXITSTATUS(wait_status));
742 * Wait for exit confirmation. Note that there might be
743 * other packets coming before it; however, the program has
744 * already died so we just ignore them. The client is
745 * supposed to respond with the confirmation when it receives
749 type = packet_read();
751 while (type != SSH_CMSG_EXIT_CONFIRMATION);
753 debug("Received exit confirmation.");
756 /* Check if the program terminated due to a signal. */
757 if (WIFSIGNALED(wait_status))
758 packet_disconnect("Command terminated on signal %d.",
759 WTERMSIG(wait_status));
761 /* Some weird exit cause. Just exit. */
762 packet_disconnect("wait returned status %04x.", wait_status);
767 collect_children(void)
773 /* block SIGCHLD while we check for dead children */
775 sigaddset(&nset, SIGCHLD);
776 sigprocmask(SIG_BLOCK, &nset, &oset);
777 if (child_terminated) {
778 debug("Received SIGCHLD.");
779 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
780 (pid < 0 && errno == EINTR))
782 session_close_by_pid(pid, status);
783 child_terminated = 0;
785 sigprocmask(SIG_SETMASK, &oset, NULL);
789 server_loop2(Authctxt *authctxt)
791 fd_set *readset = NULL, *writeset = NULL;
792 int rekeying = 0, max_fd, nalloc = 0;
794 debug("Entering interactive session for SSH2.");
796 mysignal(SIGCHLD, sigchld_handler);
797 child_terminated = 0;
798 connection_in = packet_get_connection_in();
799 connection_out = packet_get_connection_out();
802 signal(SIGTERM, sigterm_handler);
803 signal(SIGINT, sigterm_handler);
804 signal(SIGQUIT, sigterm_handler);
809 max_fd = MAX(connection_in, connection_out);
810 max_fd = MAX(max_fd, notify_pipe[0]);
812 server_init_dispatch();
815 process_buffered_input_packets();
817 rekeying = (xxx_kex != NULL && !xxx_kex->done);
819 if (!rekeying && packet_not_very_much_data_to_write())
820 channel_output_poll();
821 wait_until_can_do_something(&readset, &writeset, &max_fd,
824 if (received_sigterm) {
825 logit("Exiting on signal %d", received_sigterm);
826 /* Clean up sessions, utmp, etc. */
832 channel_after_select(readset, writeset);
833 if (packet_need_rekeying()) {
834 debug("need rekeying");
836 kex_send_kexinit(xxx_kex);
839 process_input(readset);
840 if (connection_closed)
842 process_output(writeset);
851 /* free all channels, no more reads and writes */
854 /* free remaining sessions, e.g. remove wtmp entries */
855 session_destroy_all(NULL);
859 server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
861 debug("Got %d/%u for keepalive", type, seq);
863 * reset timeout, since we got a sane answer from the client.
864 * even if this was generated by something other than
865 * the bogus CHANNEL_REQUEST we send for keepalives.
867 client_alive_timeouts = 0;
871 server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
876 /* Stdin data from the client. Append it to the buffer. */
877 /* Ignore any data if the client has closed stdin. */
880 data = packet_get_string(&data_len);
882 buffer_append(&stdin_buffer, data, data_len);
883 memset(data, 0, data_len);
888 server_input_eof(int type, u_int32_t seq, void *ctxt)
891 * Eof from the client. The stdin descriptor to the
892 * program will be closed when all buffered data has
895 debug("EOF received for stdin.");
901 server_input_window_size(int type, u_int32_t seq, void *ctxt)
903 u_int row = packet_get_int();
904 u_int col = packet_get_int();
905 u_int xpixel = packet_get_int();
906 u_int ypixel = packet_get_int();
908 debug("Window change received.");
911 pty_change_window_size(fdin, row, col, xpixel, ypixel);
915 server_request_direct_tcpip(void)
919 char *target, *originator;
920 int target_port, originator_port;
922 target = packet_get_string(NULL);
923 target_port = packet_get_int();
924 originator = packet_get_string(NULL);
925 originator_port = packet_get_int();
928 debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
929 originator, originator_port, target, target_port);
931 /* XXX check permission */
932 sock = channel_connect_to(target, target_port);
937 c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
938 sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
939 CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
944 server_request_tun(void)
950 mode = packet_get_int();
952 case SSH_TUNMODE_POINTOPOINT:
953 case SSH_TUNMODE_ETHERNET:
956 packet_send_debug("Unsupported tunnel device mode.");
959 if ((options.permit_tun & mode) == 0) {
960 packet_send_debug("Server has rejected tunnel device "
965 tun = packet_get_int();
966 if (forced_tun_device != -1) {
967 if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
969 tun = forced_tun_device;
971 sock = tun_open(tun, mode);
974 c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
975 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
977 #if defined(SSH_TUN_FILTER)
978 if (mode == SSH_TUNMODE_POINTOPOINT)
979 channel_register_filter(c->self, sys_tun_infilter,
985 packet_send_debug("Failed to open the tunnel device.");
990 server_request_session(void)
994 debug("input_session_request");
997 * A server session has no fd to read or write until a
998 * CHANNEL_REQUEST for a shell is made, so we set the type to
999 * SSH_CHANNEL_LARVAL. Additionally, a callback for handling all
1000 * CHANNEL_REQUEST messages is registered.
1002 c = channel_new("session", SSH_CHANNEL_LARVAL,
1003 -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
1004 0, "server-session", 1);
1005 if (session_open(the_authctxt, c->self) != 1) {
1006 debug("session open failed, free channel %d", c->self);
1010 channel_register_cleanup(c->self, session_close_by_channel, 0);
1015 server_input_channel_open(int type, u_int32_t seq, void *ctxt)
1020 u_int rmaxpack, rwindow, len;
1022 ctype = packet_get_string(&len);
1023 rchan = packet_get_int();
1024 rwindow = packet_get_int();
1025 rmaxpack = packet_get_int();
1027 debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
1028 ctype, rchan, rwindow, rmaxpack);
1030 if (strcmp(ctype, "session") == 0) {
1031 c = server_request_session();
1032 } else if (strcmp(ctype, "direct-tcpip") == 0) {
1033 c = server_request_direct_tcpip();
1034 } else if (strcmp(ctype, "tun@openssh.com") == 0) {
1035 c = server_request_tun();
1038 debug("server_input_channel_open: confirm %s", ctype);
1039 c->remote_id = rchan;
1040 c->remote_window = rwindow;
1041 c->remote_maxpacket = rmaxpack;
1042 if (c->type != SSH_CHANNEL_CONNECTING) {
1043 packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
1044 packet_put_int(c->remote_id);
1045 packet_put_int(c->self);
1046 packet_put_int(c->local_window);
1047 packet_put_int(c->local_maxpacket);
1051 debug("server_input_channel_open: failure %s", ctype);
1052 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
1053 packet_put_int(rchan);
1054 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
1055 if (!(datafellows & SSH_BUG_OPENFAILURE)) {
1056 packet_put_cstring("open failed");
1057 packet_put_cstring("");
1065 server_input_global_request(int type, u_int32_t seq, void *ctxt)
1071 rtype = packet_get_string(NULL);
1072 want_reply = packet_get_char();
1073 debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
1075 /* -R style forwarding */
1076 if (strcmp(rtype, "tcpip-forward") == 0) {
1078 char *listen_address;
1079 u_short listen_port;
1081 pw = the_authctxt->pw;
1082 if (pw == NULL || !the_authctxt->valid)
1083 fatal("server_input_global_request: no/invalid user");
1084 listen_address = packet_get_string(NULL);
1085 listen_port = (u_short)packet_get_int();
1086 debug("server_input_global_request: tcpip-forward listen %s port %d",
1087 listen_address, listen_port);
1089 /* check permissions */
1090 if (!options.allow_tcp_forwarding ||
1091 no_port_forwarding_flag
1092 #ifndef NO_IPPORT_RESERVED_CONCEPT
1093 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
1097 packet_send_debug("Server has disabled port forwarding.");
1099 /* Start listening on the port */
1100 success = channel_setup_remote_fwd_listener(
1101 listen_address, listen_port, options.gateway_ports);
1103 xfree(listen_address);
1104 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
1105 char *cancel_address;
1106 u_short cancel_port;
1108 cancel_address = packet_get_string(NULL);
1109 cancel_port = (u_short)packet_get_int();
1110 debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
1111 cancel_address, cancel_port);
1113 success = channel_cancel_rport_listener(cancel_address,
1115 xfree(cancel_address);
1118 packet_start(success ?
1119 SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
1121 packet_write_wait();
1127 server_input_channel_req(int type, u_int32_t seq, void *ctxt)
1130 int id, reply, success = 0;
1133 id = packet_get_int();
1134 rtype = packet_get_string(NULL);
1135 reply = packet_get_char();
1137 debug("server_input_channel_req: channel %d request %s reply %d",
1140 if ((c = channel_lookup(id)) == NULL)
1141 packet_disconnect("server_input_channel_req: "
1142 "unknown channel %d", id);
1143 if (c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN)
1144 success = session_input_channel_req(c, rtype);
1146 packet_start(success ?
1147 SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1148 packet_put_int(c->remote_id);
1155 server_init_dispatch_20(void)
1157 debug("server_init_dispatch_20");
1158 dispatch_init(&dispatch_protocol_error);
1159 dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
1160 dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
1161 dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
1162 dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
1163 dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
1164 dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1165 dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1166 dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
1167 dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
1168 dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
1170 dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
1171 dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
1172 dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
1174 dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
1177 server_init_dispatch_13(void)
1179 debug("server_init_dispatch_13");
1180 dispatch_init(NULL);
1181 dispatch_set(SSH_CMSG_EOF, &server_input_eof);
1182 dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data);
1183 dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size);
1184 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
1185 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
1186 dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
1187 dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1188 dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1189 dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
1192 server_init_dispatch_15(void)
1194 server_init_dispatch_13();
1195 debug("server_init_dispatch_15");
1196 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
1197 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
1200 server_init_dispatch(void)
1203 server_init_dispatch_20();
1205 server_init_dispatch_13();
1207 server_init_dispatch_15();