1 /* $OpenBSD: serverloop.c,v 1.136 2006/07/05 02:42:09 stevesk Exp $ */
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * Server main loop for handling the interactive session.
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
14 * SSH2 support by Markus Friedl.
15 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 #include <sys/types.h>
42 #include <sys/socket.h>
44 #include <netinet/in.h>
63 #include "auth-options.h"
64 #include "serverloop.h"
68 extern ServerOptions options;
72 extern Authctxt *the_authctxt;
73 extern int use_privsep;
75 static Buffer stdin_buffer; /* Buffer for stdin data. */
76 static Buffer stdout_buffer; /* Buffer for stdout data. */
77 static Buffer stderr_buffer; /* Buffer for stderr data. */
78 static int fdin; /* Descriptor for stdin (for writing) */
79 static int fdout; /* Descriptor for stdout (for reading);
80 May be same number as fdin. */
81 static int fderr; /* Descriptor for stderr. May be -1. */
82 static long stdin_bytes = 0; /* Number of bytes written to stdin. */
83 static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
84 static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
85 static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
86 static int stdin_eof = 0; /* EOF message received from client. */
87 static int fdout_eof = 0; /* EOF encountered reading from fdout. */
88 static int fderr_eof = 0; /* EOF encountered readung from fderr. */
89 static int fdin_is_tty = 0; /* fdin points to a tty. */
90 static int connection_in; /* Connection to client (input). */
91 static int connection_out; /* Connection to client (output). */
92 static int connection_closed = 0; /* Connection to client closed. */
93 static u_int buffer_high; /* "Soft" max buffer size. */
94 static int client_alive_timeouts = 0;
97 * This SIGCHLD kludge is used to detect when the child exits. The server
98 * will exit after that, as soon as forwarded connections have terminated.
101 static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */
103 /* Cleanup on signals (!use_privsep case only) */
104 static volatile sig_atomic_t received_sigterm = 0;
107 static void server_init_dispatch(void);
110 * we write to this pipe if a SIGCHLD is caught in order to avoid
111 * the race between select() and child_terminated
113 static int notify_pipe[2];
117 if (pipe(notify_pipe) < 0) {
118 error("pipe(notify_pipe) failed %s", strerror(errno));
119 } else if ((fcntl(notify_pipe[0], F_SETFD, 1) == -1) ||
120 (fcntl(notify_pipe[1], F_SETFD, 1) == -1)) {
121 error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
122 close(notify_pipe[0]);
123 close(notify_pipe[1]);
125 set_nonblock(notify_pipe[0]);
126 set_nonblock(notify_pipe[1]);
129 notify_pipe[0] = -1; /* read end */
130 notify_pipe[1] = -1; /* write end */
135 if (notify_pipe[1] != -1)
136 write(notify_pipe[1], "", 1);
139 notify_prepare(fd_set *readset)
141 if (notify_pipe[0] != -1)
142 FD_SET(notify_pipe[0], readset);
145 notify_done(fd_set *readset)
149 if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
150 while (read(notify_pipe[0], &c, 1) != -1)
151 debug2("notify_done: reading");
156 sigchld_handler(int sig)
158 int save_errno = errno;
159 child_terminated = 1;
161 mysignal(SIGCHLD, sigchld_handler);
169 sigterm_handler(int sig)
171 received_sigterm = sig;
175 * Make packets from buffered stderr data, and buffer it for sending
179 make_packets_from_stderr_data(void)
183 /* Send buffered stderr data to the client. */
184 while (buffer_len(&stderr_buffer) > 0 &&
185 packet_not_very_much_data_to_write()) {
186 len = buffer_len(&stderr_buffer);
187 if (packet_is_interactive()) {
191 /* Keep the packets at reasonable size. */
192 if (len > packet_get_maxsize())
193 len = packet_get_maxsize();
195 packet_start(SSH_SMSG_STDERR_DATA);
196 packet_put_string(buffer_ptr(&stderr_buffer), len);
198 buffer_consume(&stderr_buffer, len);
204 * Make packets from buffered stdout data, and buffer it for sending to the
208 make_packets_from_stdout_data(void)
212 /* Send buffered stdout data to the client. */
213 while (buffer_len(&stdout_buffer) > 0 &&
214 packet_not_very_much_data_to_write()) {
215 len = buffer_len(&stdout_buffer);
216 if (packet_is_interactive()) {
220 /* Keep the packets at reasonable size. */
221 if (len > packet_get_maxsize())
222 len = packet_get_maxsize();
224 packet_start(SSH_SMSG_STDOUT_DATA);
225 packet_put_string(buffer_ptr(&stdout_buffer), len);
227 buffer_consume(&stdout_buffer, len);
233 client_alive_check(void)
237 /* timeout, check to see how many we have had */
238 if (++client_alive_timeouts > options.client_alive_count_max)
239 packet_disconnect("Timeout, your session not responding.");
242 * send a bogus global/channel request with "wantreply",
243 * we should get back a failure
245 if ((channel_id = channel_find_open()) == -1) {
246 packet_start(SSH2_MSG_GLOBAL_REQUEST);
247 packet_put_cstring("keepalive@openssh.com");
248 packet_put_char(1); /* boolean: want reply */
250 channel_request_start(channel_id, "keepalive@openssh.com", 1);
256 * Sleep in select() until we can do something. This will initialize the
257 * select masks. Upon return, the masks will indicate which descriptors
258 * have data or can accept data. Optionally, a maximum time can be specified
259 * for the duration of the wait (0 = infinite).
262 wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
263 u_int *nallocp, u_int max_time_milliseconds)
265 struct timeval tv, *tvp;
267 int client_alive_scheduled = 0;
270 * if using client_alive, set the max timeout accordingly,
271 * and indicate that this particular timeout was for client
272 * alive by setting the client_alive_scheduled flag.
274 * this could be randomized somewhat to make traffic
275 * analysis more difficult, but we're not doing it yet.
278 max_time_milliseconds == 0 && options.client_alive_interval) {
279 client_alive_scheduled = 1;
280 max_time_milliseconds = options.client_alive_interval * 1000;
283 /* Allocate and update select() masks for channel descriptors. */
284 channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, 0);
288 /* wrong: bad condition XXX */
289 if (channel_not_very_much_buffered_data())
291 FD_SET(connection_in, *readsetp);
294 * Read packets from the client unless we have too much
295 * buffered stdin or channel data.
297 if (buffer_len(&stdin_buffer) < buffer_high &&
298 channel_not_very_much_buffered_data())
299 FD_SET(connection_in, *readsetp);
301 * If there is not too much data already buffered going to
302 * the client, try to get some more data from the program.
304 if (packet_not_very_much_data_to_write()) {
306 FD_SET(fdout, *readsetp);
308 FD_SET(fderr, *readsetp);
311 * If we have buffered data, try to write some of that data
314 if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
315 FD_SET(fdin, *writesetp);
317 notify_prepare(*readsetp);
320 * If we have buffered packet data going to the client, mark that
323 if (packet_have_data_to_write())
324 FD_SET(connection_out, *writesetp);
327 * If child has terminated and there is enough buffer space to read
328 * from it, then read as much as is available and exit.
330 if (child_terminated && packet_not_very_much_data_to_write())
331 if (max_time_milliseconds == 0 || client_alive_scheduled)
332 max_time_milliseconds = 100;
334 if (max_time_milliseconds == 0)
337 tv.tv_sec = max_time_milliseconds / 1000;
338 tv.tv_usec = 1000 * (max_time_milliseconds % 1000);
342 /* Wait for something to happen, or the timeout to expire. */
343 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
346 memset(*readsetp, 0, *nallocp);
347 memset(*writesetp, 0, *nallocp);
349 error("select: %.100s", strerror(errno));
350 } else if (ret == 0 && client_alive_scheduled)
351 client_alive_check();
353 notify_done(*readsetp);
357 * Processes input from the client and the program. Input data is stored
358 * in buffers and processed later.
361 process_input(fd_set *readset)
366 /* Read and buffer any input data from the client. */
367 if (FD_ISSET(connection_in, readset)) {
368 len = read(connection_in, buf, sizeof(buf));
370 verbose("Connection closed by %.100s",
371 get_remote_ipaddr());
372 connection_closed = 1;
376 } else if (len < 0) {
377 if (errno != EINTR && errno != EAGAIN) {
378 verbose("Read error from remote host "
380 get_remote_ipaddr(), strerror(errno));
384 /* Buffer any received data. */
385 packet_process_incoming(buf, len);
391 /* Read and buffer any available stdout data from the program. */
392 if (!fdout_eof && FD_ISSET(fdout, readset)) {
394 len = read(fdout, buf, sizeof(buf));
395 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
398 } else if (len <= 0) {
400 } else if ((!isatty(fdout) && len <= 0) ||
401 (isatty(fdout) && (len < 0 || (len == 0 && errno != 0)))) {
405 buffer_append(&stdout_buffer, buf, len);
409 /* Read and buffer any available stderr data from the program. */
410 if (!fderr_eof && FD_ISSET(fderr, readset)) {
412 len = read(fderr, buf, sizeof(buf));
413 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
416 } else if (len <= 0) {
418 } else if ((!isatty(fderr) && len <= 0) ||
419 (isatty(fderr) && (len < 0 || (len == 0 && errno != 0)))) {
423 buffer_append(&stderr_buffer, buf, len);
429 * Sends data from internal buffers to client program stdin.
432 process_output(fd_set *writeset)
439 /* Write buffered data to program stdin. */
440 if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
441 data = buffer_ptr(&stdin_buffer);
442 dlen = buffer_len(&stdin_buffer);
443 len = write(fdin, data, dlen);
444 if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
446 } else if (len <= 0) {
450 shutdown(fdin, SHUT_WR); /* We will no longer send. */
453 /* Successful write. */
454 if (fdin_is_tty && dlen >= 1 && data[0] != '\r' &&
455 tcgetattr(fdin, &tio) == 0 &&
456 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
458 * Simulate echo to reduce the impact of
461 packet_send_ignore(len);
464 /* Consume the data from the buffer. */
465 buffer_consume(&stdin_buffer, len);
466 /* Update the count of bytes written to the program. */
470 /* Send any buffered packet data to the client. */
471 if (FD_ISSET(connection_out, writeset))
476 * Wait until all buffered output has been sent to the client.
477 * This is used when the program terminates.
482 /* Send any buffered stdout data to the client. */
483 if (buffer_len(&stdout_buffer) > 0) {
484 packet_start(SSH_SMSG_STDOUT_DATA);
485 packet_put_string(buffer_ptr(&stdout_buffer),
486 buffer_len(&stdout_buffer));
488 /* Update the count of sent bytes. */
489 stdout_bytes += buffer_len(&stdout_buffer);
491 /* Send any buffered stderr data to the client. */
492 if (buffer_len(&stderr_buffer) > 0) {
493 packet_start(SSH_SMSG_STDERR_DATA);
494 packet_put_string(buffer_ptr(&stderr_buffer),
495 buffer_len(&stderr_buffer));
497 /* Update the count of sent bytes. */
498 stderr_bytes += buffer_len(&stderr_buffer);
500 /* Wait until all buffered data has been written to the client. */
505 process_buffered_input_packets(void)
507 dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? xxx_kex : NULL);
511 * Performs the interactive session. This handles data transmission between
512 * the client and the program. Note that the notion of stdin, stdout, and
513 * stderr in this function is sort of reversed: this function writes to
514 * stdin (of the child program), and reads from stdout and stderr (of the
518 server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
520 fd_set *readset = NULL, *writeset = NULL;
523 int wait_status; /* Status returned by wait(). */
524 pid_t wait_pid; /* pid returned by wait(). */
525 int waiting_termination = 0; /* Have displayed waiting close message. */
526 u_int max_time_milliseconds;
527 u_int previous_stdout_buffer_bytes;
528 u_int stdout_buffer_bytes;
531 debug("Entering interactive session.");
533 /* Initialize the SIGCHLD kludge. */
534 child_terminated = 0;
535 mysignal(SIGCHLD, sigchld_handler);
538 signal(SIGTERM, sigterm_handler);
539 signal(SIGINT, sigterm_handler);
540 signal(SIGQUIT, sigterm_handler);
543 /* Initialize our global variables. */
551 /* we don't have stderr for interactive terminal sessions, see below */
555 if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
558 connection_in = packet_get_connection_in();
559 connection_out = packet_get_connection_out();
563 previous_stdout_buffer_bytes = 0;
565 /* Set approximate I/O buffer size. */
566 if (packet_is_interactive())
569 buffer_high = 64 * 1024;
572 /* Initialize max_fd to the maximum of the known file descriptors. */
573 max_fd = MAX(connection_in, connection_out);
574 max_fd = MAX(max_fd, fdin);
575 max_fd = MAX(max_fd, fdout);
577 max_fd = MAX(max_fd, fderr);
580 /* Initialize Initialize buffers. */
581 buffer_init(&stdin_buffer);
582 buffer_init(&stdout_buffer);
583 buffer_init(&stderr_buffer);
586 * If we have no separate fderr (which is the case when we have a pty
587 * - there we cannot make difference between data sent to stdout and
588 * stderr), indicate that we have seen an EOF from stderr. This way
589 * we don't need to check the descriptor everywhere.
594 server_init_dispatch();
596 /* Main loop of the server for the interactive session mode. */
599 /* Process buffered packets from the client. */
600 process_buffered_input_packets();
603 * If we have received eof, and there is no more pending
604 * input data, cause a real eof by closing fdin.
606 if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
610 shutdown(fdin, SHUT_WR); /* We will no longer send. */
613 /* Make packets from buffered stderr data to send to the client. */
614 make_packets_from_stderr_data();
617 * Make packets from buffered stdout data to send to the
618 * client. If there is very little to send, this arranges to
619 * not send them now, but to wait a short while to see if we
620 * are getting more data. This is necessary, as some systems
621 * wake up readers from a pty after each separate character.
623 max_time_milliseconds = 0;
624 stdout_buffer_bytes = buffer_len(&stdout_buffer);
625 if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 &&
626 stdout_buffer_bytes != previous_stdout_buffer_bytes) {
627 /* try again after a while */
628 max_time_milliseconds = 10;
631 make_packets_from_stdout_data();
633 previous_stdout_buffer_bytes = buffer_len(&stdout_buffer);
635 /* Send channel data to the client. */
636 if (packet_not_very_much_data_to_write())
637 channel_output_poll();
640 * Bail out of the loop if the program has closed its output
641 * descriptors, and we have no more data to send to the
642 * client, and there is no pending buffered data.
644 if (fdout_eof && fderr_eof && !packet_have_data_to_write() &&
645 buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) {
646 if (!channel_still_open())
648 if (!waiting_termination) {
649 const char *s = "Waiting for forwarded connections to terminate...\r\n";
651 waiting_termination = 1;
652 buffer_append(&stderr_buffer, s, strlen(s));
654 /* Display list of open channels. */
655 cp = channel_open_message();
656 buffer_append(&stderr_buffer, cp, strlen(cp));
660 max_fd = MAX(connection_in, connection_out);
661 max_fd = MAX(max_fd, fdin);
662 max_fd = MAX(max_fd, fdout);
663 max_fd = MAX(max_fd, fderr);
664 max_fd = MAX(max_fd, notify_pipe[0]);
666 /* Sleep in select() until we can do something. */
667 wait_until_can_do_something(&readset, &writeset, &max_fd,
668 &nalloc, max_time_milliseconds);
670 if (received_sigterm) {
671 logit("Exiting on signal %d", received_sigterm);
672 /* Clean up sessions, utmp, etc. */
676 /* Process any channel events. */
677 channel_after_select(readset, writeset);
679 /* Process input from the client and from program stdout/stderr. */
680 process_input(readset);
682 /* Process output to the client and to program stdin. */
683 process_output(writeset);
690 /* Cleanup and termination code. */
692 /* Wait until all output has been sent to the client. */
695 debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
696 stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
698 /* Free and clear the buffers. */
699 buffer_free(&stdin_buffer);
700 buffer_free(&stdout_buffer);
701 buffer_free(&stderr_buffer);
703 /* Close the file descriptors. */
718 /* We no longer want our SIGCHLD handler to be called. */
719 mysignal(SIGCHLD, SIG_DFL);
721 while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0)
723 packet_disconnect("wait: %.100s", strerror(errno));
725 error("Strange, wait returned pid %ld, expected %ld",
726 (long)wait_pid, (long)pid);
728 /* Check if it exited normally. */
729 if (WIFEXITED(wait_status)) {
730 /* Yes, normal exit. Get exit status and send it to the client. */
731 debug("Command exited with status %d.", WEXITSTATUS(wait_status));
732 packet_start(SSH_SMSG_EXITSTATUS);
733 packet_put_int(WEXITSTATUS(wait_status));
738 * Wait for exit confirmation. Note that there might be
739 * other packets coming before it; however, the program has
740 * already died so we just ignore them. The client is
741 * supposed to respond with the confirmation when it receives
745 type = packet_read();
747 while (type != SSH_CMSG_EXIT_CONFIRMATION);
749 debug("Received exit confirmation.");
752 /* Check if the program terminated due to a signal. */
753 if (WIFSIGNALED(wait_status))
754 packet_disconnect("Command terminated on signal %d.",
755 WTERMSIG(wait_status));
757 /* Some weird exit cause. Just exit. */
758 packet_disconnect("wait returned status %04x.", wait_status);
763 collect_children(void)
769 /* block SIGCHLD while we check for dead children */
771 sigaddset(&nset, SIGCHLD);
772 sigprocmask(SIG_BLOCK, &nset, &oset);
773 if (child_terminated) {
774 debug("Received SIGCHLD.");
775 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
776 (pid < 0 && errno == EINTR))
778 session_close_by_pid(pid, status);
779 child_terminated = 0;
781 sigprocmask(SIG_SETMASK, &oset, NULL);
785 server_loop2(Authctxt *authctxt)
787 fd_set *readset = NULL, *writeset = NULL;
788 int rekeying = 0, max_fd, nalloc = 0;
790 debug("Entering interactive session for SSH2.");
792 mysignal(SIGCHLD, sigchld_handler);
793 child_terminated = 0;
794 connection_in = packet_get_connection_in();
795 connection_out = packet_get_connection_out();
798 signal(SIGTERM, sigterm_handler);
799 signal(SIGINT, sigterm_handler);
800 signal(SIGQUIT, sigterm_handler);
805 max_fd = MAX(connection_in, connection_out);
806 max_fd = MAX(max_fd, notify_pipe[0]);
808 server_init_dispatch();
811 process_buffered_input_packets();
813 rekeying = (xxx_kex != NULL && !xxx_kex->done);
815 if (!rekeying && packet_not_very_much_data_to_write())
816 channel_output_poll();
817 wait_until_can_do_something(&readset, &writeset, &max_fd,
820 if (received_sigterm) {
821 logit("Exiting on signal %d", received_sigterm);
822 /* Clean up sessions, utmp, etc. */
828 channel_after_select(readset, writeset);
829 if (packet_need_rekeying()) {
830 debug("need rekeying");
832 kex_send_kexinit(xxx_kex);
835 process_input(readset);
836 if (connection_closed)
838 process_output(writeset);
847 /* free all channels, no more reads and writes */
850 /* free remaining sessions, e.g. remove wtmp entries */
851 session_destroy_all(NULL);
855 server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
857 debug("Got %d/%u for keepalive", type, seq);
859 * reset timeout, since we got a sane answer from the client.
860 * even if this was generated by something other than
861 * the bogus CHANNEL_REQUEST we send for keepalives.
863 client_alive_timeouts = 0;
867 server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
872 /* Stdin data from the client. Append it to the buffer. */
873 /* Ignore any data if the client has closed stdin. */
876 data = packet_get_string(&data_len);
878 buffer_append(&stdin_buffer, data, data_len);
879 memset(data, 0, data_len);
884 server_input_eof(int type, u_int32_t seq, void *ctxt)
887 * Eof from the client. The stdin descriptor to the
888 * program will be closed when all buffered data has
891 debug("EOF received for stdin.");
897 server_input_window_size(int type, u_int32_t seq, void *ctxt)
899 u_int row = packet_get_int();
900 u_int col = packet_get_int();
901 u_int xpixel = packet_get_int();
902 u_int ypixel = packet_get_int();
904 debug("Window change received.");
907 pty_change_window_size(fdin, row, col, xpixel, ypixel);
911 server_request_direct_tcpip(void)
915 char *target, *originator;
916 int target_port, originator_port;
918 target = packet_get_string(NULL);
919 target_port = packet_get_int();
920 originator = packet_get_string(NULL);
921 originator_port = packet_get_int();
924 debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
925 originator, originator_port, target, target_port);
927 /* XXX check permission */
928 sock = channel_connect_to(target, target_port);
933 c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
934 sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
935 CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
940 server_request_tun(void)
946 mode = packet_get_int();
948 case SSH_TUNMODE_POINTOPOINT:
949 case SSH_TUNMODE_ETHERNET:
952 packet_send_debug("Unsupported tunnel device mode.");
955 if ((options.permit_tun & mode) == 0) {
956 packet_send_debug("Server has rejected tunnel device "
961 tun = packet_get_int();
962 if (forced_tun_device != -1) {
963 if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
965 tun = forced_tun_device;
967 sock = tun_open(tun, mode);
970 c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
971 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
973 #if defined(SSH_TUN_FILTER)
974 if (mode == SSH_TUNMODE_POINTOPOINT)
975 channel_register_filter(c->self, sys_tun_infilter,
981 packet_send_debug("Failed to open the tunnel device.");
986 server_request_session(void)
990 debug("input_session_request");
993 * A server session has no fd to read or write until a
994 * CHANNEL_REQUEST for a shell is made, so we set the type to
995 * SSH_CHANNEL_LARVAL. Additionally, a callback for handling all
996 * CHANNEL_REQUEST messages is registered.
998 c = channel_new("session", SSH_CHANNEL_LARVAL,
999 -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
1000 0, "server-session", 1);
1001 if (session_open(the_authctxt, c->self) != 1) {
1002 debug("session open failed, free channel %d", c->self);
1006 channel_register_cleanup(c->self, session_close_by_channel, 0);
1011 server_input_channel_open(int type, u_int32_t seq, void *ctxt)
1016 u_int rmaxpack, rwindow, len;
1018 ctype = packet_get_string(&len);
1019 rchan = packet_get_int();
1020 rwindow = packet_get_int();
1021 rmaxpack = packet_get_int();
1023 debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
1024 ctype, rchan, rwindow, rmaxpack);
1026 if (strcmp(ctype, "session") == 0) {
1027 c = server_request_session();
1028 } else if (strcmp(ctype, "direct-tcpip") == 0) {
1029 c = server_request_direct_tcpip();
1030 } else if (strcmp(ctype, "tun@openssh.com") == 0) {
1031 c = server_request_tun();
1034 debug("server_input_channel_open: confirm %s", ctype);
1035 c->remote_id = rchan;
1036 c->remote_window = rwindow;
1037 c->remote_maxpacket = rmaxpack;
1038 if (c->type != SSH_CHANNEL_CONNECTING) {
1039 packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
1040 packet_put_int(c->remote_id);
1041 packet_put_int(c->self);
1042 packet_put_int(c->local_window);
1043 packet_put_int(c->local_maxpacket);
1047 debug("server_input_channel_open: failure %s", ctype);
1048 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
1049 packet_put_int(rchan);
1050 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
1051 if (!(datafellows & SSH_BUG_OPENFAILURE)) {
1052 packet_put_cstring("open failed");
1053 packet_put_cstring("");
1061 server_input_global_request(int type, u_int32_t seq, void *ctxt)
1067 rtype = packet_get_string(NULL);
1068 want_reply = packet_get_char();
1069 debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
1071 /* -R style forwarding */
1072 if (strcmp(rtype, "tcpip-forward") == 0) {
1074 char *listen_address;
1075 u_short listen_port;
1077 pw = the_authctxt->pw;
1078 if (pw == NULL || !the_authctxt->valid)
1079 fatal("server_input_global_request: no/invalid user");
1080 listen_address = packet_get_string(NULL);
1081 listen_port = (u_short)packet_get_int();
1082 debug("server_input_global_request: tcpip-forward listen %s port %d",
1083 listen_address, listen_port);
1085 /* check permissions */
1086 if (!options.allow_tcp_forwarding ||
1087 no_port_forwarding_flag
1088 #ifndef NO_IPPORT_RESERVED_CONCEPT
1089 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
1093 packet_send_debug("Server has disabled port forwarding.");
1095 /* Start listening on the port */
1096 success = channel_setup_remote_fwd_listener(
1097 listen_address, listen_port, options.gateway_ports);
1099 xfree(listen_address);
1100 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
1101 char *cancel_address;
1102 u_short cancel_port;
1104 cancel_address = packet_get_string(NULL);
1105 cancel_port = (u_short)packet_get_int();
1106 debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
1107 cancel_address, cancel_port);
1109 success = channel_cancel_rport_listener(cancel_address,
1111 xfree(cancel_address);
1114 packet_start(success ?
1115 SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
1117 packet_write_wait();
1123 server_input_channel_req(int type, u_int32_t seq, void *ctxt)
1126 int id, reply, success = 0;
1129 id = packet_get_int();
1130 rtype = packet_get_string(NULL);
1131 reply = packet_get_char();
1133 debug("server_input_channel_req: channel %d request %s reply %d",
1136 if ((c = channel_lookup(id)) == NULL)
1137 packet_disconnect("server_input_channel_req: "
1138 "unknown channel %d", id);
1139 if (c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN)
1140 success = session_input_channel_req(c, rtype);
1142 packet_start(success ?
1143 SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1144 packet_put_int(c->remote_id);
1151 server_init_dispatch_20(void)
1153 debug("server_init_dispatch_20");
1154 dispatch_init(&dispatch_protocol_error);
1155 dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
1156 dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
1157 dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
1158 dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
1159 dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
1160 dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1161 dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1162 dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
1163 dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
1164 dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
1166 dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
1167 dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
1168 dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
1170 dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
1173 server_init_dispatch_13(void)
1175 debug("server_init_dispatch_13");
1176 dispatch_init(NULL);
1177 dispatch_set(SSH_CMSG_EOF, &server_input_eof);
1178 dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data);
1179 dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size);
1180 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
1181 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
1182 dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
1183 dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1184 dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1185 dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
1188 server_init_dispatch_15(void)
1190 server_init_dispatch_13();
1191 debug("server_init_dispatch_15");
1192 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
1193 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
1196 server_init_dispatch(void)
1199 server_init_dispatch_20();
1201 server_init_dispatch_13();
1203 server_init_dispatch_15();