2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Created: Sun Sep 10 00:30:37 1995 ylo
6 * Server main loop for handling the interactive session.
9 * SSH2 support by Markus Friedl.
10 * Copyright (c) 2000 Markus Friedl. All rights reserved.
27 static Buffer stdin_buffer; /* Buffer for stdin data. */
28 static Buffer stdout_buffer; /* Buffer for stdout data. */
29 static Buffer stderr_buffer; /* Buffer for stderr data. */
30 static int fdin; /* Descriptor for stdin (for writing) */
31 static int fdout; /* Descriptor for stdout (for reading);
32 May be same number as fdin. */
33 static int fderr; /* Descriptor for stderr. May be -1. */
34 static long stdin_bytes = 0; /* Number of bytes written to stdin. */
35 static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
36 static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
37 static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
38 static int stdin_eof = 0; /* EOF message received from client. */
39 static int fdout_eof = 0; /* EOF encountered reading from fdout. */
40 static int fderr_eof = 0; /* EOF encountered readung from fderr. */
41 static int connection_in; /* Connection to client (input). */
42 static int connection_out; /* Connection to client (output). */
43 static unsigned int buffer_high;/* "Soft" max buffer size. */
44 static int max_fd; /* Max file descriptor number for select(). */
47 * This SIGCHLD kludge is used to detect when the child exits. The server
48 * will exit after that, as soon as forwarded connections have terminated.
50 * After SIGCHLD child_has_selected is set to 1 after the first pass
51 * through the wait_until_can_do_something() select(). This ensures
52 * that the child's output gets a chance to drain before it is yanked.
55 static int child_pid; /* Pid of the child. */
56 static volatile int child_terminated; /* The child has terminated. */
57 static volatile int child_has_selected; /* Child has had chance to drain. */
58 static volatile int child_wait_status; /* Status from wait(). */
60 void server_init_dispatch(void);
63 sigchld_handler(int sig)
65 int save_errno = errno;
67 debug("Received SIGCHLD.");
68 wait_pid = wait((int *) &child_wait_status);
70 if (wait_pid != child_pid)
71 error("Strange, got SIGCHLD and wait returned pid %d but child is %d",
73 if (WIFEXITED(child_wait_status) ||
74 WIFSIGNALED(child_wait_status))
76 child_has_selected = 0;
78 signal(SIGCHLD, sigchld_handler);
82 sigchld_handler2(int sig)
84 int save_errno = errno;
85 debug("Received SIGCHLD.");
87 signal(SIGCHLD, sigchld_handler2);
92 * Make packets from buffered stderr data, and buffer it for sending
96 make_packets_from_stderr_data()
100 /* Send buffered stderr data to the client. */
101 while (buffer_len(&stderr_buffer) > 0 &&
102 packet_not_very_much_data_to_write()) {
103 len = buffer_len(&stderr_buffer);
104 if (packet_is_interactive()) {
108 /* Keep the packets at reasonable size. */
109 if (len > packet_get_maxsize())
110 len = packet_get_maxsize();
112 packet_start(SSH_SMSG_STDERR_DATA);
113 packet_put_string(buffer_ptr(&stderr_buffer), len);
115 buffer_consume(&stderr_buffer, len);
121 * Make packets from buffered stdout data, and buffer it for sending to the
125 make_packets_from_stdout_data()
129 /* Send buffered stdout data to the client. */
130 while (buffer_len(&stdout_buffer) > 0 &&
131 packet_not_very_much_data_to_write()) {
132 len = buffer_len(&stdout_buffer);
133 if (packet_is_interactive()) {
137 /* Keep the packets at reasonable size. */
138 if (len > packet_get_maxsize())
139 len = packet_get_maxsize();
141 packet_start(SSH_SMSG_STDOUT_DATA);
142 packet_put_string(buffer_ptr(&stdout_buffer), len);
144 buffer_consume(&stdout_buffer, len);
150 * Sleep in select() until we can do something. This will initialize the
151 * select masks. Upon return, the masks will indicate which descriptors
152 * have data or can accept data. Optionally, a maximum time can be specified
153 * for the duration of the wait (0 = infinite).
156 wait_until_can_do_something(fd_set * readset, fd_set * writeset,
157 unsigned int max_time_milliseconds)
159 struct timeval tv, *tvp;
162 /* When select fails we restart from here. */
165 /* Initialize select() masks. */
169 * Read packets from the client unless we have too much buffered
170 * stdin or channel data.
173 // wrong: bad conditionXXX
174 if (channel_not_very_much_buffered_data())
175 FD_SET(connection_in, readset);
177 if (buffer_len(&stdin_buffer) < 4096 &&
178 channel_not_very_much_buffered_data())
179 FD_SET(connection_in, readset);
183 * If there is not too much data already buffered going to the
184 * client, try to get some more data from the program.
186 if (!compat20 && packet_not_very_much_data_to_write()) {
188 FD_SET(fdout, readset);
190 FD_SET(fderr, readset);
194 /* Set masks for channel descriptors. */
195 channel_prepare_select(readset, writeset);
198 * If we have buffered packet data going to the client, mark that
201 if (packet_have_data_to_write())
202 FD_SET(connection_out, writeset);
204 /* If we have buffered data, try to write some of that data to the
206 if (!compat20 && fdin != -1 && buffer_len(&stdin_buffer) > 0)
207 FD_SET(fdin, writeset);
209 /* Update the maximum descriptor number if appropriate. */
210 if (channel_max_fd() > max_fd)
211 max_fd = channel_max_fd();
214 * If child has terminated and there is enough buffer space to read
215 * from it, then read as much as is available and exit.
217 if (child_terminated && packet_not_very_much_data_to_write())
218 if (max_time_milliseconds == 0)
219 max_time_milliseconds = 100;
221 if (max_time_milliseconds == 0)
224 tv.tv_sec = max_time_milliseconds / 1000;
225 tv.tv_usec = 1000 * (max_time_milliseconds % 1000);
229 debug("tvp!=NULL kid %d mili %d", child_terminated, max_time_milliseconds);
231 /* Wait for something to happen, or the timeout to expire. */
232 ret = select(max_fd + 1, readset, writeset, NULL, tvp);
236 error("select: %.100s", strerror(errno));
241 if (child_terminated)
242 child_has_selected = 1;
246 * Processes input from the client and the program. Input data is stored
247 * in buffers and processed later.
250 process_input(fd_set * readset)
255 /* Read and buffer any input data from the client. */
256 if (FD_ISSET(connection_in, readset)) {
257 len = read(connection_in, buf, sizeof(buf));
259 verbose("Connection closed by remote host.");
263 * There is a kernel bug on Solaris that causes select to
264 * sometimes wake up even though there is no data available.
266 if (len < 0 && errno == EAGAIN)
270 verbose("Read error from remote host: %.100s", strerror(errno));
273 /* Buffer any received data. */
274 packet_process_incoming(buf, len);
279 /* Read and buffer any available stdout data from the program. */
280 if (!fdout_eof && FD_ISSET(fdout, readset)) {
281 len = read(fdout, buf, sizeof(buf));
285 buffer_append(&stdout_buffer, buf, len);
289 /* Read and buffer any available stderr data from the program. */
290 if (!fderr_eof && FD_ISSET(fderr, readset)) {
291 len = read(fderr, buf, sizeof(buf));
295 buffer_append(&stderr_buffer, buf, len);
300 * Sends data from internal buffers to client program stdin.
303 process_output(fd_set * writeset)
307 /* Write buffered data to program stdin. */
308 if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
309 len = write(fdin, buffer_ptr(&stdin_buffer),
310 buffer_len(&stdin_buffer));
318 shutdown(fdin, SHUT_WR); /* We will no longer send. */
322 /* Successful write. Consume the data from the buffer. */
323 buffer_consume(&stdin_buffer, len);
324 /* Update the count of bytes written to the program. */
328 /* Send any buffered packet data to the client. */
329 if (FD_ISSET(connection_out, writeset))
334 * Wait until all buffered output has been sent to the client.
335 * This is used when the program terminates.
340 /* Send any buffered stdout data to the client. */
341 if (buffer_len(&stdout_buffer) > 0) {
342 packet_start(SSH_SMSG_STDOUT_DATA);
343 packet_put_string(buffer_ptr(&stdout_buffer),
344 buffer_len(&stdout_buffer));
346 /* Update the count of sent bytes. */
347 stdout_bytes += buffer_len(&stdout_buffer);
349 /* Send any buffered stderr data to the client. */
350 if (buffer_len(&stderr_buffer) > 0) {
351 packet_start(SSH_SMSG_STDERR_DATA);
352 packet_put_string(buffer_ptr(&stderr_buffer),
353 buffer_len(&stderr_buffer));
355 /* Update the count of sent bytes. */
356 stderr_bytes += buffer_len(&stderr_buffer);
358 /* Wait until all buffered data has been written to the client. */
363 process_buffered_input_packets()
365 dispatch_run(DISPATCH_NONBLOCK, NULL);
369 * Performs the interactive session. This handles data transmission between
370 * the client and the program. Note that the notion of stdin, stdout, and
371 * stderr in this function is sort of reversed: this function writes to
372 * stdin (of the child program), and reads from stdout and stderr (of the
376 server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg)
378 int wait_status, wait_pid; /* Status and pid returned by wait(). */
379 int waiting_termination = 0; /* Have displayed waiting close message. */
380 unsigned int max_time_milliseconds;
381 unsigned int previous_stdout_buffer_bytes;
382 unsigned int stdout_buffer_bytes;
385 debug("Entering interactive session.");
387 /* Initialize the SIGCHLD kludge. */
389 child_terminated = 0;
390 child_has_selected = 0;
391 signal(SIGCHLD, sigchld_handler);
393 /* Initialize our global variables. */
397 connection_in = packet_get_connection_in();
398 connection_out = packet_get_connection_out();
400 previous_stdout_buffer_bytes = 0;
402 /* Set approximate I/O buffer size. */
403 if (packet_is_interactive())
406 buffer_high = 64 * 1024;
408 /* Initialize max_fd to the maximum of the known file descriptors. */
412 if (fderr != -1 && fderr > max_fd)
414 if (connection_in > max_fd)
415 max_fd = connection_in;
416 if (connection_out > max_fd)
417 max_fd = connection_out;
419 /* Initialize Initialize buffers. */
420 buffer_init(&stdin_buffer);
421 buffer_init(&stdout_buffer);
422 buffer_init(&stderr_buffer);
425 * If we have no separate fderr (which is the case when we have a pty
426 * - there we cannot make difference between data sent to stdout and
427 * stderr), indicate that we have seen an EOF from stderr. This way
428 * we don\'t need to check the descriptor everywhere.
433 server_init_dispatch();
435 /* Main loop of the server for the interactive session mode. */
437 fd_set readset, writeset;
439 /* Process buffered packets from the client. */
440 process_buffered_input_packets();
443 * If we have received eof, and there is no more pending
444 * input data, cause a real eof by closing fdin.
446 if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
453 shutdown(fdin, SHUT_WR); /* We will no longer send. */
457 /* Make packets from buffered stderr data to send to the client. */
458 make_packets_from_stderr_data();
461 * Make packets from buffered stdout data to send to the
462 * client. If there is very little to send, this arranges to
463 * not send them now, but to wait a short while to see if we
464 * are getting more data. This is necessary, as some systems
465 * wake up readers from a pty after each separate character.
467 max_time_milliseconds = 0;
468 stdout_buffer_bytes = buffer_len(&stdout_buffer);
469 if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 &&
470 stdout_buffer_bytes != previous_stdout_buffer_bytes) {
471 /* try again after a while */
472 max_time_milliseconds = 10;
475 make_packets_from_stdout_data();
477 previous_stdout_buffer_bytes = buffer_len(&stdout_buffer);
479 /* Send channel data to the client. */
480 if (packet_not_very_much_data_to_write())
481 channel_output_poll();
484 * Bail out of the loop if the program has closed its output
485 * descriptors, and we have no more data to send to the
486 * client, and there is no pending buffered data.
488 if (((fdout_eof && fderr_eof) ||
489 (child_terminated && child_has_selected)) &&
490 !packet_have_data_to_write() &&
491 (buffer_len(&stdout_buffer) == 0) &&
492 (buffer_len(&stderr_buffer) == 0)) {
493 if (!channel_still_open())
495 if (!waiting_termination) {
496 const char *s = "Waiting for forwarded connections to terminate...\r\n";
498 waiting_termination = 1;
499 buffer_append(&stderr_buffer, s, strlen(s));
501 /* Display list of open channels. */
502 cp = channel_open_message();
503 buffer_append(&stderr_buffer, cp, strlen(cp));
507 /* Sleep in select() until we can do something. */
508 wait_until_can_do_something(&readset, &writeset,
509 max_time_milliseconds);
511 /* Process any channel events. */
512 channel_after_select(&readset, &writeset);
514 /* Process input from the client and from program stdout/stderr. */
515 process_input(&readset);
517 /* Process output to the client and to program stdin. */
518 process_output(&writeset);
521 /* Cleanup and termination code. */
523 /* Wait until all output has been sent to the client. */
526 debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
527 stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
529 /* Free and clear the buffers. */
530 buffer_free(&stdin_buffer);
531 buffer_free(&stdout_buffer);
532 buffer_free(&stderr_buffer);
534 /* Close the file descriptors. */
547 /* Stop listening for channels; this removes unix domain sockets. */
548 channel_stop_listening();
550 /* Wait for the child to exit. Get its exit status. */
551 wait_pid = wait(&wait_status);
554 * It is possible that the wait was handled by SIGCHLD
555 * handler. This may result in either: this call
556 * returning with EINTR, or: this call returning ECHILD.
558 if (child_terminated)
559 wait_status = child_wait_status;
561 packet_disconnect("wait: %.100s", strerror(errno));
563 /* Check if it matches the process we forked. */
565 error("Strange, wait returned pid %d, expected %d",
569 /* We no longer want our SIGCHLD handler to be called. */
570 signal(SIGCHLD, SIG_DFL);
572 /* Check if it exited normally. */
573 if (WIFEXITED(wait_status)) {
574 /* Yes, normal exit. Get exit status and send it to the client. */
575 debug("Command exited with status %d.", WEXITSTATUS(wait_status));
576 packet_start(SSH_SMSG_EXITSTATUS);
577 packet_put_int(WEXITSTATUS(wait_status));
582 * Wait for exit confirmation. Note that there might be
583 * other packets coming before it; however, the program has
584 * already died so we just ignore them. The client is
585 * supposed to respond with the confirmation when it receives
590 type = packet_read(&plen);
592 while (type != SSH_CMSG_EXIT_CONFIRMATION);
594 debug("Received exit confirmation.");
597 /* Check if the program terminated due to a signal. */
598 if (WIFSIGNALED(wait_status))
599 packet_disconnect("Command terminated on signal %d.",
600 WTERMSIG(wait_status));
602 /* Some weird exit cause. Just exit. */
603 packet_disconnect("wait returned status %04x.", wait_status);
610 fd_set readset, writeset;
615 debug("Entering interactive session for SSH2.");
617 signal(SIGCHLD, sigchld_handler2);
618 child_terminated = 0;
619 connection_in = packet_get_connection_in();
620 connection_out = packet_get_connection_out();
621 max_fd = connection_in;
622 if (connection_out > max_fd)
623 max_fd = connection_out;
624 server_init_dispatch();
627 process_buffered_input_packets();
628 if (!had_channel && channel_still_open())
630 if (had_channel && !channel_still_open()) {
631 debug("!channel_still_open.");
634 if (packet_not_very_much_data_to_write())
635 channel_output_poll();
636 wait_until_can_do_something(&readset, &writeset, 0);
637 if (child_terminated) {
638 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
639 session_close_by_pid(pid, status);
640 child_terminated = 0;
642 channel_after_select(&readset, &writeset);
643 process_input(&readset);
644 process_output(&writeset);
646 signal(SIGCHLD, SIG_DFL);
647 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
648 session_close_by_pid(pid, status);
649 channel_stop_listening();
653 server_input_stdin_data(int type, int plen)
656 unsigned int data_len;
658 /* Stdin data from the client. Append it to the buffer. */
659 /* Ignore any data if the client has closed stdin. */
662 data = packet_get_string(&data_len);
663 packet_integrity_check(plen, (4 + data_len), type);
664 buffer_append(&stdin_buffer, data, data_len);
665 memset(data, 0, data_len);
670 server_input_eof(int type, int plen)
673 * Eof from the client. The stdin descriptor to the
674 * program will be closed when all buffered data has
677 debug("EOF received for stdin.");
678 packet_integrity_check(plen, 0, type);
683 server_input_window_size(int type, int plen)
685 int row = packet_get_int();
686 int col = packet_get_int();
687 int xpixel = packet_get_int();
688 int ypixel = packet_get_int();
690 debug("Window change received.");
691 packet_integrity_check(plen, 4 * 4, type);
693 pty_change_window_size(fdin, row, col, xpixel, ypixel);
697 input_direct_tcpip(void)
700 char *host, *originator;
701 int host_port, originator_port;
703 host = packet_get_string(NULL);
704 host_port = packet_get_int();
705 originator = packet_get_string(NULL);
706 originator_port = packet_get_int();
707 /* XXX check permission */
708 sock = channel_connect_to(host, host_port);
713 return channel_new("direct-tcpip", SSH_CHANNEL_OPEN,
714 sock, sock, -1, 4*1024, 32*1024, 0, xstrdup("direct-tcpip"));
718 server_input_channel_open(int type, int plen)
728 ctype = packet_get_string(&len);
729 rchan = packet_get_int();
730 rwindow = packet_get_int();
731 rmaxpack = packet_get_int();
733 log("channel_input_open: ctype %s rchan %d win %d max %d",
734 ctype, rchan, rwindow, rmaxpack);
736 if (strcmp(ctype, "session") == 0) {
737 debug("open session");
739 * A server session has no fd to read or write
740 * until a CHANNEL_REQUEST for a shell is made,
741 * so we set the type to SSH_CHANNEL_LARVAL.
742 * Additionally, a callback for handling all
743 * CHANNEL_REQUEST messages is registered.
745 id = channel_new(ctype, SSH_CHANNEL_LARVAL,
746 -1, -1, -1, 0, 32*1024, 0, xstrdup("server-session"));
747 if (session_open(id) == 1) {
748 channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
749 session_input_channel_req, (void *)0);
750 channel_register_cleanup(id, session_close_by_channel);
751 c = channel_lookup(id);
753 debug("session open failed, free channel %d", id);
756 } else if (strcmp(ctype, "direct-tcpip") == 0) {
757 debug("open direct-tcpip");
758 id = input_direct_tcpip();
760 c = channel_lookup(id);
763 debug("confirm %s", ctype);
764 c->remote_id = rchan;
765 c->remote_window = rwindow;
766 c->remote_maxpacket = rmaxpack;
768 packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
769 packet_put_int(c->remote_id);
770 packet_put_int(c->self);
771 packet_put_int(c->local_window);
772 packet_put_int(c->local_maxpacket);
775 debug("failure %s", ctype);
776 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
777 packet_put_int(rchan);
778 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
779 packet_put_cstring("bla bla");
780 packet_put_cstring("");
787 server_init_dispatch_20()
789 debug("server_init_dispatch_20");
790 dispatch_init(&dispatch_protocol_error);
791 dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
792 dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
793 dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
794 dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
795 dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
796 dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
797 dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
798 dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
799 dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
802 server_init_dispatch_13()
804 debug("server_init_dispatch_13");
806 dispatch_set(SSH_CMSG_EOF, &server_input_eof);
807 dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data);
808 dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size);
809 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
810 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
811 dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
812 dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
813 dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
814 dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
817 server_init_dispatch_15()
819 server_init_dispatch_13();
820 debug("server_init_dispatch_15");
821 dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
822 dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
825 server_init_dispatch()
828 server_init_dispatch_20();
830 server_init_dispatch_13();
832 server_init_dispatch_15();