1 /* $OpenBSD: mux.c,v 1.12 2010/01/27 13:26:17 djm Exp $ */
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 /* ssh session multiplexing support */
22 * - Better signalling from master to slave, especially passing of
24 * - Better fall-back from mux slave error to new connection.
25 * - ExitOnForwardingFailure
26 * - Maybe extension mechanisms for multi-X11/multi-agent forwarding
27 * - Support ~^Z in mux slaves.
28 * - Inspect or control sessions in master.
29 * - If we ever support the "signal" channel request, send signals on
35 #include <sys/types.h>
36 #include <sys/param.h>
38 #include <sys/socket.h>
57 # ifdef HAVE_SYS_POLL_H
58 # include <sys/poll.h>
70 #include "openbsd-compat/sys-queue.h"
74 #include "pathnames.h"
81 #include "monitor_fdpass.h"
85 #include "clientloop.h"
89 extern int force_tty_flag;
90 extern Options options;
91 extern int stdin_null_flag;
93 extern int subsystem_flag;
94 extern Buffer command;
95 extern volatile sig_atomic_t quit_pending;
96 extern char *stdio_forward_host;
97 extern int stdio_forward_port;
99 /* Context for session open confirmation callback */
100 struct mux_session_confirm_ctx {
104 u_int want_agent_fwd;
111 /* fd to control socket */
112 int muxserver_sock = -1;
114 /* client request id */
115 u_int muxclient_request_id = 0;
117 /* Multiplexing control command */
118 u_int muxclient_command = 0;
120 /* Set when signalled. */
121 static volatile sig_atomic_t muxclient_terminate = 0;
123 /* PID of multiplex server */
124 static u_int muxserver_pid = 0;
126 static Channel *mux_listener_channel = NULL;
128 struct mux_master_state {
132 /* mux protocol messages */
133 #define MUX_MSG_HELLO 0x00000001
134 #define MUX_C_NEW_SESSION 0x10000002
135 #define MUX_C_ALIVE_CHECK 0x10000004
136 #define MUX_C_TERMINATE 0x10000005
137 #define MUX_C_OPEN_FWD 0x10000006
138 #define MUX_C_CLOSE_FWD 0x10000007
139 #define MUX_C_NEW_STDIO_FWD 0x10000008
140 #define MUX_S_OK 0x80000001
141 #define MUX_S_PERMISSION_DENIED 0x80000002
142 #define MUX_S_FAILURE 0x80000003
143 #define MUX_S_EXIT_MESSAGE 0x80000004
144 #define MUX_S_ALIVE 0x80000005
145 #define MUX_S_SESSION_OPENED 0x80000006
147 /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
148 #define MUX_FWD_LOCAL 1
149 #define MUX_FWD_REMOTE 2
150 #define MUX_FWD_DYNAMIC 3
152 static void mux_session_confirm(int, void *);
154 static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *);
155 static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *);
156 static int process_mux_alive_check(u_int, Channel *, Buffer *, Buffer *);
157 static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *);
158 static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
159 static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
160 static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
162 static const struct {
164 int (*handler)(u_int, Channel *, Buffer *, Buffer *);
165 } mux_master_handlers[] = {
166 { MUX_MSG_HELLO, process_mux_master_hello },
167 { MUX_C_NEW_SESSION, process_mux_new_session },
168 { MUX_C_ALIVE_CHECK, process_mux_alive_check },
169 { MUX_C_TERMINATE, process_mux_terminate },
170 { MUX_C_OPEN_FWD, process_mux_open_fwd },
171 { MUX_C_CLOSE_FWD, process_mux_close_fwd },
172 { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
176 /* Cleanup callback fired on closure of mux slave _session_ channel */
179 mux_master_session_cleanup_cb(int cid, void *unused)
181 Channel *cc, *c = channel_by_id(cid);
183 debug3("%s: entering for channel %d", __func__, cid);
185 fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
186 if (c->ctl_chan != -1) {
187 if ((cc = channel_by_id(c->ctl_chan)) == NULL)
188 fatal("%s: channel %d missing control channel %d",
189 __func__, c->self, c->ctl_chan);
192 chan_rcvd_oclose(cc);
194 channel_cancel_cleanup(c->self);
197 /* Cleanup callback fired on closure of mux slave _control_ channel */
200 mux_master_control_cleanup_cb(int cid, void *unused)
202 Channel *sc, *c = channel_by_id(cid);
204 debug3("%s: entering for channel %d", __func__, cid);
206 fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
207 if (c->remote_id != -1) {
208 if ((sc = channel_by_id(c->remote_id)) == NULL)
209 debug2("%s: channel %d n session channel %d",
210 __func__, c->self, c->remote_id);
213 if (sc->type != SSH_CHANNEL_OPEN) {
214 debug2("%s: channel %d: not open", __func__, sc->self);
217 chan_read_failed(sc);
218 chan_write_failed(sc);
221 channel_cancel_cleanup(c->self);
224 /* Check mux client environment variables before passing them to mux master. */
226 env_permitted(char *env)
229 char name[1024], *cp;
231 if ((cp = strchr(env, '=')) == NULL || cp == env)
233 ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
234 if (ret <= 0 || (size_t)ret >= sizeof(name)) {
235 error("env_permitted: name '%.100s...' too long", env);
239 for (i = 0; i < options.num_send_env; i++)
240 if (match_pattern(name, options.send_env[i]))
246 /* Mux master protocol message handlers */
249 process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
252 struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
255 fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
256 if (state->hello_rcvd) {
257 error("%s: HELLO received twice", __func__);
260 if (buffer_get_int_ret(&ver, m) != 0) {
262 error("%s: malformed message", __func__);
265 if (ver != SSHMUX_VER) {
266 error("Unsupported multiplexing protocol version %d "
267 "(expected %d)", ver, SSHMUX_VER);
270 debug2("%s: channel %d slave version %u", __func__, c->self, ver);
272 /* No extensions are presently defined */
273 while (buffer_len(m) > 0) {
274 char *name = buffer_get_string_ret(m, NULL);
275 char *value = buffer_get_string_ret(m, NULL);
277 if (name == NULL || value == NULL) {
282 debug2("Unrecognised slave extension \"%s\"", name);
286 state->hello_rcvd = 1;
291 process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
294 struct mux_session_confirm_ctx *cctx;
295 char *reserved, *cmd, *cp;
296 u_int i, j, len, env_len, escape_char, window, packetmax;
299 /* Reply for SSHMUX_COMMAND_OPEN */
300 cctx = xcalloc(1, sizeof(*cctx));
302 cmd = reserved = NULL;
303 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
304 buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
305 buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
306 buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 ||
307 buffer_get_int_ret(&cctx->want_subsys, m) != 0 ||
308 buffer_get_int_ret(&escape_char, m) != 0 ||
309 (cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
310 (cmd = buffer_get_string_ret(m, &len)) == NULL) {
314 if (reserved != NULL)
316 if (cctx->term != NULL)
318 error("%s: malformed message", __func__);
326 while (buffer_len(m) > 0) {
327 #define MUX_MAX_ENV_VARS 4096
328 if ((cp = buffer_get_string_ret(m, &len)) == NULL) {
332 if (!env_permitted(cp)) {
336 cctx->env = xrealloc(cctx->env, env_len + 2,
338 cctx->env[env_len++] = cp;
339 cctx->env[env_len] = NULL;
340 if (env_len > MUX_MAX_ENV_VARS) {
341 error(">%d environment variables received, ignoring "
342 "additional", MUX_MAX_ENV_VARS);
347 debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
348 "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
349 cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
350 cctx->want_subsys, cctx->term, cmd, env_len);
352 buffer_init(&cctx->cmd);
353 buffer_append(&cctx->cmd, cmd, strlen(cmd));
357 /* Gather fds from client */
358 for(i = 0; i < 3; i++) {
359 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
360 error("%s: failed to receive fd %d from slave",
362 for (j = 0; j < i; j++)
364 for (j = 0; j < env_len; j++)
369 buffer_free(&cctx->cmd);
373 buffer_put_int(r, MUX_S_FAILURE);
374 buffer_put_int(r, rid);
375 buffer_put_cstring(r,
376 "did not receive file descriptors");
381 debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
382 new_fd[0], new_fd[1], new_fd[2]);
384 /* XXX support multiple child sessions in future */
385 if (c->remote_id != -1) {
386 debug2("%s: session already open", __func__);
388 buffer_put_int(r, MUX_S_FAILURE);
389 buffer_put_int(r, rid);
390 buffer_put_cstring(r, "Multiple sessions not supported");
397 for (i = 0; i < env_len; i++)
401 buffer_free(&cctx->cmd);
405 if (options.control_master == SSHCTL_MASTER_ASK ||
406 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
407 if (!ask_permission("Allow shared connection to %s? ", host)) {
408 debug2("%s: session refused by user", __func__);
410 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
411 buffer_put_int(r, rid);
412 buffer_put_cstring(r, "Permission denied");
417 /* Try to pick up ttymodes from client before it goes raw */
418 if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
419 error("%s: tcgetattr: %s", __func__, strerror(errno));
421 /* enable nonblocking unless tty */
422 if (!isatty(new_fd[0]))
423 set_nonblock(new_fd[0]);
424 if (!isatty(new_fd[1]))
425 set_nonblock(new_fd[1]);
426 if (!isatty(new_fd[2]))
427 set_nonblock(new_fd[2]);
429 window = CHAN_SES_WINDOW_DEFAULT;
430 packetmax = CHAN_SES_PACKET_DEFAULT;
431 if (cctx->want_tty) {
436 nc = channel_new("session", SSH_CHANNEL_OPENING,
437 new_fd[0], new_fd[1], new_fd[2], window, packetmax,
438 CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
440 nc->ctl_chan = c->self; /* link session -> control channel */
441 c->remote_id = nc->self; /* link control -> session channel */
443 if (cctx->want_tty && escape_char != 0xffffffff) {
444 channel_register_filter(nc->self,
445 client_simple_escape_filter, NULL,
446 client_filter_cleanup,
447 client_new_escape_filter_ctx((int)escape_char));
450 debug2("%s: channel_new: %d linked to control channel %d",
451 __func__, nc->self, nc->ctl_chan);
453 channel_send_open(nc->self);
454 channel_register_open_confirm(nc->self, mux_session_confirm, cctx);
455 channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 0);
458 /* XXX defer until mux_session_confirm() fires */
459 buffer_put_int(r, MUX_S_SESSION_OPENED);
460 buffer_put_int(r, rid);
461 buffer_put_int(r, nc->self);
467 process_mux_alive_check(u_int rid, Channel *c, Buffer *m, Buffer *r)
469 debug2("%s: channel %d: alive check", __func__, c->self);
472 buffer_put_int(r, MUX_S_ALIVE);
473 buffer_put_int(r, rid);
474 buffer_put_int(r, (u_int)getpid());
480 process_mux_terminate(u_int rid, Channel *c, Buffer *m, Buffer *r)
482 debug2("%s: channel %d: terminate request", __func__, c->self);
484 if (options.control_master == SSHCTL_MASTER_ASK ||
485 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
486 if (!ask_permission("Terminate shared connection to %s? ",
488 debug2("%s: termination refused by user", __func__);
489 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
490 buffer_put_int(r, rid);
491 buffer_put_cstring(r, "Permission denied");
497 buffer_put_int(r, MUX_S_OK);
498 buffer_put_int(r, rid);
499 /* XXX exit happens too soon - message never makes it to client */
504 format_forward(u_int ftype, Forward *fwd)
510 xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
511 (fwd->listen_host == NULL) ?
512 (options.gateway_ports ? "*" : "LOCALHOST") :
513 fwd->listen_host, fwd->listen_port,
514 fwd->connect_host, fwd->connect_port);
516 case MUX_FWD_DYNAMIC:
517 xasprintf(&ret, "dynamic forward %.200s:%d -> *",
518 (fwd->listen_host == NULL) ?
519 (options.gateway_ports ? "*" : "LOCALHOST") :
520 fwd->listen_host, fwd->listen_port);
523 xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
524 (fwd->listen_host == NULL) ?
525 "LOCALHOST" : fwd->listen_host,
527 fwd->connect_host, fwd->connect_port);
530 fatal("%s: unknown forward type %u", __func__, ftype);
536 compare_host(const char *a, const char *b)
538 if (a == NULL && b == NULL)
540 if (a == NULL || b == NULL)
542 return strcmp(a, b) == 0;
546 compare_forward(Forward *a, Forward *b)
548 if (!compare_host(a->listen_host, b->listen_host))
550 if (a->listen_port != b->listen_port)
552 if (!compare_host(a->connect_host, b->connect_host))
554 if (a->connect_port != b->connect_port)
561 process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
564 char *fwd_desc = NULL;
566 int i, ret = 0, freefwd = 1;
568 fwd.listen_host = fwd.connect_host = NULL;
569 if (buffer_get_int_ret(&ftype, m) != 0 ||
570 (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
571 buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
572 (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
573 buffer_get_int_ret(&fwd.connect_port, m) != 0) {
574 error("%s: malformed message", __func__);
579 if (*fwd.listen_host == '\0') {
580 xfree(fwd.listen_host);
581 fwd.listen_host = NULL;
583 if (*fwd.connect_host == '\0') {
584 xfree(fwd.connect_host);
585 fwd.connect_host = NULL;
588 debug2("%s: channel %d: request %s", __func__, c->self,
589 (fwd_desc = format_forward(ftype, &fwd)));
591 if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
592 ftype != MUX_FWD_DYNAMIC) {
593 logit("%s: invalid forwarding type %u", __func__, ftype);
595 xfree(fwd.listen_host);
596 xfree(fwd.connect_host);
597 buffer_put_int(r, MUX_S_FAILURE);
598 buffer_put_int(r, rid);
599 buffer_put_cstring(r, "Invalid forwarding request");
602 /* XXX support rport0 forwarding with reply of port assigned */
603 if (fwd.listen_port == 0 || fwd.listen_port >= 65536) {
604 logit("%s: invalid listen port %u", __func__,
608 if (fwd.connect_port >= 65536 || (ftype != MUX_FWD_DYNAMIC &&
609 ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) {
610 logit("%s: invalid connect port %u", __func__,
614 if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL) {
615 logit("%s: missing connect host", __func__);
619 /* Skip forwards that have already been requested */
622 case MUX_FWD_DYNAMIC:
623 for (i = 0; i < options.num_local_forwards; i++) {
624 if (compare_forward(&fwd,
625 options.local_forwards + i)) {
627 debug2("%s: found existing forwarding",
629 buffer_put_int(r, MUX_S_OK);
630 buffer_put_int(r, rid);
636 for (i = 0; i < options.num_remote_forwards; i++) {
637 if (compare_forward(&fwd,
638 options.remote_forwards + i))
644 if (options.control_master == SSHCTL_MASTER_ASK ||
645 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
646 if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
647 debug2("%s: forwarding refused by user", __func__);
648 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
649 buffer_put_int(r, rid);
650 buffer_put_cstring(r, "Permission denied");
655 if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
656 if (options.num_local_forwards + 1 >=
657 SSH_MAX_FORWARDS_PER_DIRECTION ||
658 channel_setup_local_fwd_listener(fwd.listen_host,
659 fwd.listen_port, fwd.connect_host, fwd.connect_port,
660 options.gateway_ports) < 0) {
662 logit("slave-requested %s failed", fwd_desc);
663 buffer_put_int(r, MUX_S_FAILURE);
664 buffer_put_int(r, rid);
665 buffer_put_cstring(r, "Port forwarding failed");
668 add_local_forward(&options, &fwd);
671 /* XXX wait for remote to confirm */
672 if (options.num_remote_forwards + 1 >=
673 SSH_MAX_FORWARDS_PER_DIRECTION ||
674 channel_request_remote_forwarding(fwd.listen_host,
675 fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
677 add_remote_forward(&options, &fwd);
680 buffer_put_int(r, MUX_S_OK);
681 buffer_put_int(r, rid);
683 if (fwd_desc != NULL)
686 if (fwd.listen_host != NULL)
687 xfree(fwd.listen_host);
688 if (fwd.connect_host != NULL)
689 xfree(fwd.connect_host);
695 process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
698 char *fwd_desc = NULL;
702 fwd.listen_host = fwd.connect_host = NULL;
703 if (buffer_get_int_ret(&ftype, m) != 0 ||
704 (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
705 buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
706 (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
707 buffer_get_int_ret(&fwd.connect_port, m) != 0) {
708 error("%s: malformed message", __func__);
713 if (*fwd.listen_host == '\0') {
714 xfree(fwd.listen_host);
715 fwd.listen_host = NULL;
717 if (*fwd.connect_host == '\0') {
718 xfree(fwd.connect_host);
719 fwd.connect_host = NULL;
722 debug2("%s: channel %d: request %s", __func__, c->self,
723 (fwd_desc = format_forward(ftype, &fwd)));
725 /* XXX implement this */
726 buffer_put_int(r, MUX_S_FAILURE);
727 buffer_put_int(r, rid);
728 buffer_put_cstring(r, "unimplemented");
731 if (fwd_desc != NULL)
733 if (fwd.listen_host != NULL)
734 xfree(fwd.listen_host);
735 if (fwd.connect_host != NULL)
736 xfree(fwd.connect_host);
742 process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
745 char *reserved, *chost;
749 chost = reserved = NULL;
750 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
751 (chost = buffer_get_string_ret(m, NULL)) == NULL ||
752 buffer_get_int_ret(&cport, m) != 0) {
753 if (reserved != NULL)
757 error("%s: malformed message", __func__);
762 debug2("%s: channel %d: request stdio fwd to %s:%u",
763 __func__, c->self, chost, cport);
765 /* Gather fds from client */
766 for(i = 0; i < 2; i++) {
767 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
768 error("%s: failed to receive fd %d from slave",
770 for (j = 0; j < i; j++)
775 buffer_put_int(r, MUX_S_FAILURE);
776 buffer_put_int(r, rid);
777 buffer_put_cstring(r,
778 "did not receive file descriptors");
783 debug3("%s: got fds stdin %d, stdout %d", __func__,
784 new_fd[0], new_fd[1]);
786 /* XXX support multiple child sessions in future */
787 if (c->remote_id != -1) {
788 debug2("%s: session already open", __func__);
790 buffer_put_int(r, MUX_S_FAILURE);
791 buffer_put_int(r, rid);
792 buffer_put_cstring(r, "Multiple sessions not supported");
800 if (options.control_master == SSHCTL_MASTER_ASK ||
801 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
802 if (!ask_permission("Allow forward to to %s:%u? ",
804 debug2("%s: stdio fwd refused by user", __func__);
806 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
807 buffer_put_int(r, rid);
808 buffer_put_cstring(r, "Permission denied");
813 /* enable nonblocking unless tty */
814 if (!isatty(new_fd[0]))
815 set_nonblock(new_fd[0]);
816 if (!isatty(new_fd[1]))
817 set_nonblock(new_fd[1]);
819 nc = channel_connect_stdio_fwd(chost, cport, new_fd[0], new_fd[1]);
821 nc->ctl_chan = c->self; /* link session -> control channel */
822 c->remote_id = nc->self; /* link control -> session channel */
824 debug2("%s: channel_new: %d linked to control channel %d",
825 __func__, nc->self, nc->ctl_chan);
827 channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 0);
830 /* XXX defer until channel confirmed */
831 buffer_put_int(r, MUX_S_SESSION_OPENED);
832 buffer_put_int(r, rid);
833 buffer_put_int(r, nc->self);
838 /* Channel callbacks fired on read/write from mux slave fd */
840 mux_master_read_cb(Channel *c)
842 struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
845 u_int type, rid, have, i;
849 if (c->mux_ctx == NULL) {
850 state = xcalloc(1, sizeof(state));
852 channel_register_cleanup(c->self,
853 mux_master_control_cleanup_cb, 0);
857 buffer_put_int(&out, MUX_MSG_HELLO);
858 buffer_put_int(&out, SSHMUX_VER);
860 buffer_put_string(&c->output, buffer_ptr(&out),
863 debug3("%s: channel %d: hello sent", __func__, c->self);
870 /* Channel code ensures that we receive whole packets */
871 if ((ptr = buffer_get_string_ptr_ret(&c->input, &have)) == NULL) {
873 error("%s: malformed message", __func__);
876 buffer_append(&in, ptr, have);
878 if (buffer_get_int_ret(&type, &in) != 0)
880 debug3("%s: channel %d packet type 0x%08x len %u",
881 __func__, c->self, type, buffer_len(&in));
883 if (type == MUX_MSG_HELLO)
886 if (!state->hello_rcvd) {
887 error("%s: expected MUX_MSG_HELLO(0x%08x), "
888 "received 0x%08x", __func__, MUX_MSG_HELLO, type);
891 if (buffer_get_int_ret(&rid, &in) != 0)
895 for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
896 if (type == mux_master_handlers[i].type) {
897 ret = mux_master_handlers[i].handler(rid, c, &in, &out);
901 if (mux_master_handlers[i].handler == NULL) {
902 error("%s: unsupported mux message 0x%08x", __func__, type);
903 buffer_put_int(&out, MUX_S_FAILURE);
904 buffer_put_int(&out, rid);
905 buffer_put_cstring(&out, "unsupported request");
908 /* Enqueue reply packet */
909 if (buffer_len(&out) != 0) {
910 buffer_put_string(&c->output, buffer_ptr(&out),
920 mux_exit_message(Channel *c, int exitval)
925 debug3("%s: channel %d: exit message, evitval %d", __func__, c->self,
928 if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
929 fatal("%s: channel %d missing mux channel %d",
930 __func__, c->self, c->ctl_chan);
932 /* Append exit message packet to control socket output queue */
934 buffer_put_int(&m, MUX_S_EXIT_MESSAGE);
935 buffer_put_int(&m, c->self);
936 buffer_put_int(&m, exitval);
938 buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
942 /* Prepare a mux master to listen on a Unix domain socket. */
944 muxserver_listen(void)
946 struct sockaddr_un addr;
950 if (options.control_path == NULL ||
951 options.control_master == SSHCTL_MASTER_NO)
954 debug("setting up multiplex master socket");
956 memset(&addr, '\0', sizeof(addr));
957 addr.sun_family = AF_UNIX;
958 sun_len = offsetof(struct sockaddr_un, sun_path) +
959 strlen(options.control_path) + 1;
961 if (strlcpy(addr.sun_path, options.control_path,
962 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
963 fatal("ControlPath too long");
965 if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
966 fatal("%s socket(): %s", __func__, strerror(errno));
968 old_umask = umask(0177);
969 if (bind(muxserver_sock, (struct sockaddr *)&addr, sun_len) == -1) {
971 if (errno == EINVAL || errno == EADDRINUSE) {
972 error("ControlSocket %s already exists, "
973 "disabling multiplexing", options.control_path);
974 close(muxserver_sock);
976 xfree(options.control_path);
977 options.control_path = NULL;
978 options.control_master = SSHCTL_MASTER_NO;
981 fatal("%s bind(): %s", __func__, strerror(errno));
985 if (listen(muxserver_sock, 64) == -1)
986 fatal("%s listen(): %s", __func__, strerror(errno));
988 set_nonblock(muxserver_sock);
990 mux_listener_channel = channel_new("mux listener",
991 SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
992 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
993 0, addr.sun_path, 1);
994 mux_listener_channel->mux_rcb = mux_master_read_cb;
995 debug3("%s: mux listener channel %d fd %d", __func__,
996 mux_listener_channel->self, mux_listener_channel->sock);
999 /* Callback on open confirmation in mux master for a mux client session. */
1001 mux_session_confirm(int id, void *arg)
1003 struct mux_session_confirm_ctx *cctx = arg;
1004 const char *display;
1009 fatal("%s: cctx == NULL", __func__);
1010 if ((c = channel_by_id(id)) == NULL)
1011 fatal("%s: no channel for id %d", __func__, id);
1013 display = getenv("DISPLAY");
1014 if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1016 /* Get reasonable local authentication information. */
1017 client_x11_get_proto(display, options.xauth_location,
1018 options.forward_x11_trusted, &proto, &data);
1019 /* Request forwarding with authentication spoofing. */
1020 debug("Requesting X11 forwarding with authentication spoofing.");
1021 x11_request_forwarding_with_spoofing(id, display, proto, data);
1022 /* XXX wait for reply */
1025 if (cctx->want_agent_fwd && options.forward_agent) {
1026 debug("Requesting authentication agent forwarding.");
1027 channel_request_start(id, "auth-agent-req@openssh.com", 0);
1031 client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
1032 cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env);
1034 c->open_confirm_ctx = NULL;
1035 buffer_free(&cctx->cmd);
1037 if (cctx->env != NULL) {
1038 for (i = 0; cctx->env[i] != NULL; i++)
1039 xfree(cctx->env[i]);
1045 /* ** Multiplexing client support */
1047 /* Exit signal handler */
1049 control_client_sighandler(int signo)
1051 muxclient_terminate = signo;
1055 * Relay signal handler - used to pass some signals from mux client to
1059 control_client_sigrelay(int signo)
1061 int save_errno = errno;
1063 if (muxserver_pid > 1)
1064 kill(muxserver_pid, signo);
1070 mux_client_read(int fd, Buffer *b, u_int need)
1078 pfd.events = POLLIN;
1079 p = buffer_append_space(b, need);
1080 for (have = 0; have < need; ) {
1081 if (muxclient_terminate) {
1085 len = read(fd, p + have, need - have);
1088 #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1092 (void)poll(&pfd, 1, -1);
1110 mux_client_write_packet(int fd, Buffer *m)
1119 pfd.events = POLLOUT;
1120 buffer_init(&queue);
1121 buffer_put_string(&queue, buffer_ptr(m), buffer_len(m));
1123 need = buffer_len(&queue);
1124 ptr = buffer_ptr(&queue);
1126 for (have = 0; have < need; ) {
1127 if (muxclient_terminate) {
1128 buffer_free(&queue);
1132 len = write(fd, ptr + have, need - have);
1135 #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1139 (void)poll(&pfd, 1, -1);
1145 buffer_free(&queue);
1151 buffer_free(&queue);
1157 buffer_free(&queue);
1162 mux_client_read_packet(int fd, Buffer *m)
1169 buffer_init(&queue);
1170 if (mux_client_read(fd, &queue, 4) != 0) {
1171 if ((oerrno = errno) == EPIPE)
1172 debug3("%s: read header failed: %s", __func__, strerror(errno));
1176 need = get_u32(buffer_ptr(&queue));
1177 if (mux_client_read(fd, &queue, need) != 0) {
1179 debug3("%s: read body failed: %s", __func__, strerror(errno));
1183 ptr = buffer_get_string_ptr(&queue, &have);
1184 buffer_append(m, ptr, have);
1185 buffer_free(&queue);
1190 mux_client_hello_exchange(int fd)
1196 buffer_put_int(&m, MUX_MSG_HELLO);
1197 buffer_put_int(&m, SSHMUX_VER);
1200 if (mux_client_write_packet(fd, &m) != 0)
1201 fatal("%s: write packet: %s", __func__, strerror(errno));
1205 /* Read their HELLO */
1206 if (mux_client_read_packet(fd, &m) != 0) {
1211 type = buffer_get_int(&m);
1212 if (type != MUX_MSG_HELLO)
1213 fatal("%s: expected HELLO (%u) received %u",
1214 __func__, MUX_MSG_HELLO, type);
1215 ver = buffer_get_int(&m);
1216 if (ver != SSHMUX_VER)
1217 fatal("Unsupported multiplexing protocol version %d "
1218 "(expected %d)", ver, SSHMUX_VER);
1219 debug2("%s: master version %u", __func__, ver);
1220 /* No extensions are presently defined */
1221 while (buffer_len(&m) > 0) {
1222 char *name = buffer_get_string(&m, NULL);
1223 char *value = buffer_get_string(&m, NULL);
1225 debug2("Unrecognised master extension \"%s\"", name);
1234 mux_client_request_alive(int fd)
1238 u_int pid, type, rid;
1240 debug3("%s: entering", __func__);
1243 buffer_put_int(&m, MUX_C_ALIVE_CHECK);
1244 buffer_put_int(&m, muxclient_request_id);
1246 if (mux_client_write_packet(fd, &m) != 0)
1247 fatal("%s: write packet: %s", __func__, strerror(errno));
1251 /* Read their reply */
1252 if (mux_client_read_packet(fd, &m) != 0) {
1257 type = buffer_get_int(&m);
1258 if (type != MUX_S_ALIVE) {
1259 e = buffer_get_string(&m, NULL);
1260 fatal("%s: master returned error: %s", __func__, e);
1263 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1264 fatal("%s: out of sequence reply: my id %u theirs %u",
1265 __func__, muxclient_request_id, rid);
1266 pid = buffer_get_int(&m);
1269 debug3("%s: done pid = %u", __func__, pid);
1271 muxclient_request_id++;
1277 mux_client_request_terminate(int fd)
1283 debug3("%s: entering", __func__);
1286 buffer_put_int(&m, MUX_C_TERMINATE);
1287 buffer_put_int(&m, muxclient_request_id);
1289 if (mux_client_write_packet(fd, &m) != 0)
1290 fatal("%s: write packet: %s", __func__, strerror(errno));
1294 /* Read their reply */
1295 if (mux_client_read_packet(fd, &m) != 0) {
1296 /* Remote end exited already */
1297 if (errno == EPIPE) {
1301 fatal("%s: read from master failed: %s",
1302 __func__, strerror(errno));
1305 type = buffer_get_int(&m);
1306 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1307 fatal("%s: out of sequence reply: my id %u theirs %u",
1308 __func__, muxclient_request_id, rid);
1312 case MUX_S_PERMISSION_DENIED:
1313 e = buffer_get_string(&m, NULL);
1314 fatal("Master refused termination request: %s", e);
1316 e = buffer_get_string(&m, NULL);
1317 fatal("%s: termination request failed: %s", __func__, e);
1319 fatal("%s: unexpected response from master 0x%08x",
1323 muxclient_request_id++;
1327 mux_client_request_forward(int fd, u_int ftype, Forward *fwd)
1333 fwd_desc = format_forward(ftype, fwd);
1334 debug("Requesting %s", fwd_desc);
1338 buffer_put_int(&m, MUX_C_OPEN_FWD);
1339 buffer_put_int(&m, muxclient_request_id);
1340 buffer_put_int(&m, ftype);
1341 buffer_put_cstring(&m,
1342 fwd->listen_host == NULL ? "" : fwd->listen_host);
1343 buffer_put_int(&m, fwd->listen_port);
1344 buffer_put_cstring(&m,
1345 fwd->connect_host == NULL ? "" : fwd->connect_host);
1346 buffer_put_int(&m, fwd->connect_port);
1348 if (mux_client_write_packet(fd, &m) != 0)
1349 fatal("%s: write packet: %s", __func__, strerror(errno));
1353 /* Read their reply */
1354 if (mux_client_read_packet(fd, &m) != 0) {
1359 type = buffer_get_int(&m);
1360 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1361 fatal("%s: out of sequence reply: my id %u theirs %u",
1362 __func__, muxclient_request_id, rid);
1366 case MUX_S_PERMISSION_DENIED:
1367 e = buffer_get_string(&m, NULL);
1369 error("Master refused forwarding request: %s", e);
1372 e = buffer_get_string(&m, NULL);
1374 error("%s: session request failed: %s", __func__, e);
1377 fatal("%s: unexpected response from master 0x%08x",
1382 muxclient_request_id++;
1387 mux_client_request_forwards(int fd)
1391 debug3("%s: requesting forwardings: %d local, %d remote", __func__,
1392 options.num_local_forwards, options.num_remote_forwards);
1394 /* XXX ExitOnForwardingFailure */
1395 for (i = 0; i < options.num_local_forwards; i++) {
1396 if (mux_client_request_forward(fd,
1397 options.local_forwards[i].connect_port == 0 ?
1398 MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1399 options.local_forwards + i) != 0)
1402 for (i = 0; i < options.num_remote_forwards; i++) {
1403 if (mux_client_request_forward(fd, MUX_FWD_REMOTE,
1404 options.remote_forwards + i) != 0)
1411 mux_client_request_session(int fd)
1415 u_int i, rid, sid, esid, exitval, type, exitval_seen;
1416 extern char **environ;
1419 debug3("%s: entering", __func__);
1421 if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1422 error("%s: master alive request failed", __func__);
1426 signal(SIGPIPE, SIG_IGN);
1428 if (stdin_null_flag) {
1429 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1430 fatal("open(/dev/null): %s", strerror(errno));
1431 if (dup2(devnull, STDIN_FILENO) == -1)
1432 fatal("dup2: %s", strerror(errno));
1433 if (devnull > STDERR_FILENO)
1437 term = getenv("TERM");
1440 buffer_put_int(&m, MUX_C_NEW_SESSION);
1441 buffer_put_int(&m, muxclient_request_id);
1442 buffer_put_cstring(&m, ""); /* reserved */
1443 buffer_put_int(&m, tty_flag);
1444 buffer_put_int(&m, options.forward_x11);
1445 buffer_put_int(&m, options.forward_agent);
1446 buffer_put_int(&m, subsystem_flag);
1447 buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ?
1448 0xffffffff : (u_int)options.escape_char);
1449 buffer_put_cstring(&m, term == NULL ? "" : term);
1450 buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command));
1452 if (options.num_send_env > 0 && environ != NULL) {
1453 /* Pass environment */
1454 for (i = 0; environ[i] != NULL; i++) {
1455 if (env_permitted(environ[i])) {
1456 buffer_put_cstring(&m, environ[i]);
1461 if (mux_client_write_packet(fd, &m) != 0)
1462 fatal("%s: write packet: %s", __func__, strerror(errno));
1464 /* Send the stdio file descriptors */
1465 if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1466 mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1467 mm_send_fd(fd, STDERR_FILENO) == -1)
1468 fatal("%s: send fds failed", __func__);
1470 debug3("%s: session request sent", __func__);
1472 /* Read their reply */
1474 if (mux_client_read_packet(fd, &m) != 0) {
1475 error("%s: read from master failed: %s",
1476 __func__, strerror(errno));
1481 type = buffer_get_int(&m);
1482 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1483 fatal("%s: out of sequence reply: my id %u theirs %u",
1484 __func__, muxclient_request_id, rid);
1486 case MUX_S_SESSION_OPENED:
1487 sid = buffer_get_int(&m);
1488 debug("%s: master session id: %u", __func__, sid);
1490 case MUX_S_PERMISSION_DENIED:
1491 e = buffer_get_string(&m, NULL);
1493 error("Master refused forwarding request: %s", e);
1496 e = buffer_get_string(&m, NULL);
1498 error("%s: forwarding request failed: %s", __func__, e);
1502 error("%s: unexpected response from master 0x%08x",
1506 muxclient_request_id++;
1508 signal(SIGHUP, control_client_sighandler);
1509 signal(SIGINT, control_client_sighandler);
1510 signal(SIGTERM, control_client_sighandler);
1511 signal(SIGWINCH, control_client_sigrelay);
1514 enter_raw_mode(force_tty_flag);
1517 * Stick around until the controlee closes the client_fd.
1518 * Before it does, it is expected to write an exit message.
1519 * This process must read the value and wait for the closure of
1520 * the client_fd; if this one closes early, the multiplex master will
1521 * terminate early too (possibly losing data).
1523 for (exitval = 255, exitval_seen = 0;;) {
1525 if (mux_client_read_packet(fd, &m) != 0)
1527 type = buffer_get_int(&m);
1528 if (type != MUX_S_EXIT_MESSAGE) {
1529 e = buffer_get_string(&m, NULL);
1530 fatal("%s: master returned error: %s", __func__, e);
1532 if ((esid = buffer_get_int(&m)) != sid)
1533 fatal("%s: exit on unknown session: my id %u theirs %u",
1534 __func__, sid, esid);
1535 debug("%s: master session id: %u", __func__, sid);
1537 fatal("%s: exitval sent twice", __func__);
1538 exitval = buffer_get_int(&m);
1543 leave_raw_mode(force_tty_flag);
1545 if (muxclient_terminate) {
1546 debug2("Exiting on signal %d", muxclient_terminate);
1548 } else if (!exitval_seen) {
1549 debug2("Control master terminated unexpectedly");
1552 debug2("Received exit status from master %d", exitval);
1554 if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
1555 fprintf(stderr, "Shared connection to %s closed.\r\n", host);
1561 mux_client_request_stdio_fwd(int fd)
1565 u_int type, rid, sid;
1568 debug3("%s: entering", __func__);
1570 if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1571 error("%s: master alive request failed", __func__);
1575 signal(SIGPIPE, SIG_IGN);
1577 if (stdin_null_flag) {
1578 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1579 fatal("open(/dev/null): %s", strerror(errno));
1580 if (dup2(devnull, STDIN_FILENO) == -1)
1581 fatal("dup2: %s", strerror(errno));
1582 if (devnull > STDERR_FILENO)
1587 buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
1588 buffer_put_int(&m, muxclient_request_id);
1589 buffer_put_cstring(&m, ""); /* reserved */
1590 buffer_put_cstring(&m, stdio_forward_host);
1591 buffer_put_int(&m, stdio_forward_port);
1593 if (mux_client_write_packet(fd, &m) != 0)
1594 fatal("%s: write packet: %s", __func__, strerror(errno));
1596 /* Send the stdio file descriptors */
1597 if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1598 mm_send_fd(fd, STDOUT_FILENO) == -1)
1599 fatal("%s: send fds failed", __func__);
1601 debug3("%s: stdio forward request sent", __func__);
1603 /* Read their reply */
1606 if (mux_client_read_packet(fd, &m) != 0) {
1607 error("%s: read from master failed: %s",
1608 __func__, strerror(errno));
1613 type = buffer_get_int(&m);
1614 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1615 fatal("%s: out of sequence reply: my id %u theirs %u",
1616 __func__, muxclient_request_id, rid);
1618 case MUX_S_SESSION_OPENED:
1619 sid = buffer_get_int(&m);
1620 debug("%s: master session id: %u", __func__, sid);
1622 case MUX_S_PERMISSION_DENIED:
1623 e = buffer_get_string(&m, NULL);
1625 fatal("Master refused forwarding request: %s", e);
1627 e = buffer_get_string(&m, NULL);
1629 fatal("%s: stdio forwarding request failed: %s", __func__, e);
1632 error("%s: unexpected response from master 0x%08x",
1636 muxclient_request_id++;
1638 signal(SIGHUP, control_client_sighandler);
1639 signal(SIGINT, control_client_sighandler);
1640 signal(SIGTERM, control_client_sighandler);
1641 signal(SIGWINCH, control_client_sigrelay);
1644 * Stick around until the controlee closes the client_fd.
1647 if (mux_client_read_packet(fd, &m) != 0) {
1648 if (errno == EPIPE ||
1649 (errno == EINTR && muxclient_terminate != 0))
1651 fatal("%s: mux_client_read_packet: %s",
1652 __func__, strerror(errno));
1654 fatal("%s: master returned unexpected message %u", __func__, type);
1657 /* Multiplex client main loop. */
1659 muxclient(const char *path)
1661 struct sockaddr_un addr;
1666 if (muxclient_command == 0) {
1667 if (stdio_forward_host != NULL)
1668 muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
1670 muxclient_command = SSHMUX_COMMAND_OPEN;
1673 switch (options.control_master) {
1674 case SSHCTL_MASTER_AUTO:
1675 case SSHCTL_MASTER_AUTO_ASK:
1676 debug("auto-mux: Trying existing master");
1678 case SSHCTL_MASTER_NO:
1684 memset(&addr, '\0', sizeof(addr));
1685 addr.sun_family = AF_UNIX;
1686 sun_len = offsetof(struct sockaddr_un, sun_path) +
1689 if (strlcpy(addr.sun_path, path,
1690 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1691 fatal("ControlPath too long");
1693 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1694 fatal("%s socket(): %s", __func__, strerror(errno));
1696 if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) {
1697 switch (muxclient_command) {
1698 case SSHMUX_COMMAND_OPEN:
1699 case SSHMUX_COMMAND_STDIO_FWD:
1702 fatal("Control socket connect(%.100s): %s", path,
1705 if (errno == ENOENT)
1706 debug("Control socket \"%.100s\" does not exist", path);
1708 error("Control socket connect(%.100s): %s", path,
1716 if (mux_client_hello_exchange(sock) != 0) {
1717 error("%s: master hello exchange failed", __func__);
1722 switch (muxclient_command) {
1723 case SSHMUX_COMMAND_ALIVE_CHECK:
1724 if ((pid = mux_client_request_alive(sock)) == 0)
1725 fatal("%s: master alive check failed", __func__);
1726 fprintf(stderr, "Master running (pid=%d)\r\n", pid);
1728 case SSHMUX_COMMAND_TERMINATE:
1729 mux_client_request_terminate(sock);
1730 fprintf(stderr, "Exit request sent.\r\n");
1732 case SSHMUX_COMMAND_OPEN:
1733 if (mux_client_request_forwards(sock) != 0) {
1734 error("%s: master forward request failed", __func__);
1737 mux_client_request_session(sock);
1739 case SSHMUX_COMMAND_STDIO_FWD:
1740 mux_client_request_stdio_fwd(sock);
1743 fatal("unrecognised muxclient_command %d", muxclient_command);
andersk / openssh.git / blob