X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/e78a59f5a91fcf70eb5f225b43568ac2ebd167c3..22d89d24e31f308cfaf0407fd29451f042ebb8d6:/serverloop.c diff --git a/serverloop.c b/serverloop.c index 0ea57faa..50e89aee 100644 --- a/serverloop.c +++ b/serverloop.c @@ -2,12 +2,36 @@ * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved - * Created: Sun Sep 10 00:30:37 1995 ylo * Server main loop for handling the interactive session. - */ -/* + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * * SSH2 support by Markus Friedl. * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" @@ -23,6 +47,7 @@ #include "ssh2.h" #include "session.h" #include "dispatch.h" +#include "auth-options.h" static Buffer stdin_buffer; /* Buffer for stdin data. */ static Buffer stdout_buffer; /* Buffer for stdout data. */ @@ -52,18 +77,19 @@ static int max_fd; /* Max file descriptor number for select(). */ * that the child's output gets a chance to drain before it is yanked. */ -static int child_pid; /* Pid of the child. */ +static pid_t child_pid; /* Pid of the child. */ static volatile int child_terminated; /* The child has terminated. */ static volatile int child_has_selected; /* Child has had chance to drain. */ static volatile int child_wait_status; /* Status from wait(). */ void server_init_dispatch(void); -void +void sigchld_handler(int sig) { int save_errno = errno; - int wait_pid; + pid_t wait_pid; + debug("Received SIGCHLD."); wait_pid = wait((int *) &child_wait_status); if (wait_pid != -1) { @@ -78,13 +104,12 @@ sigchld_handler(int sig) signal(SIGCHLD, sigchld_handler); errno = save_errno; } -void +void sigchld_handler2(int sig) { int save_errno = errno; debug("Received SIGCHLD."); child_terminated = 1; - signal(SIGCHLD, sigchld_handler2); errno = save_errno; } @@ -92,7 +117,7 @@ sigchld_handler2(int sig) * Make packets from buffered stderr data, and buffer it for sending * to the client. */ -void +void make_packets_from_stderr_data() { int len; @@ -121,7 +146,7 @@ make_packets_from_stderr_data() * Make packets from buffered stdout data, and buffer it for sending to the * client. */ -void +void make_packets_from_stdout_data() { int len; @@ -152,7 +177,7 @@ make_packets_from_stdout_data() * have data or can accept data. Optionally, a maximum time can be specified * for the duration of the wait (0 = infinite). */ -void +void wait_until_can_do_something(fd_set * readset, fd_set * writeset, unsigned int max_time_milliseconds) { @@ -164,33 +189,37 @@ retry_select: /* Initialize select() masks. */ FD_ZERO(readset); + FD_ZERO(writeset); - /* - * Read packets from the client unless we have too much buffered - * stdin or channel data. - */ if (compat20) { - // wrong: bad conditionXXX + /* wrong: bad condition XXX */ if (channel_not_very_much_buffered_data()) FD_SET(connection_in, readset); } else { - if (buffer_len(&stdin_buffer) < 4096 && + /* + * Read packets from the client unless we have too much + * buffered stdin or channel data. + */ + if (buffer_len(&stdin_buffer) < buffer_high && channel_not_very_much_buffered_data()) FD_SET(connection_in, readset); + /* + * If there is not too much data already buffered going to + * the client, try to get some more data from the program. + */ + if (packet_not_very_much_data_to_write()) { + if (!fdout_eof) + FD_SET(fdout, readset); + if (!fderr_eof) + FD_SET(fderr, readset); + } + /* + * If we have buffered data, try to write some of that data + * to the program. + */ + if (fdin != -1 && buffer_len(&stdin_buffer) > 0) + FD_SET(fdin, writeset); } - - /* - * If there is not too much data already buffered going to the - * client, try to get some more data from the program. - */ - if (!compat20 && packet_not_very_much_data_to_write()) { - if (!fdout_eof) - FD_SET(fdout, readset); - if (!fderr_eof) - FD_SET(fderr, readset); - } - FD_ZERO(writeset); - /* Set masks for channel descriptors. */ channel_prepare_select(readset, writeset); @@ -201,11 +230,6 @@ retry_select: if (packet_have_data_to_write()) FD_SET(connection_out, writeset); - /* If we have buffered data, try to write some of that data to the - program. */ - if (!compat20 && fdin != -1 && buffer_len(&stdin_buffer) > 0) - FD_SET(fdin, writeset); - /* Update the maximum descriptor number if appropriate. */ if (channel_max_fd() > max_fd) max_fd = channel_max_fd(); @@ -246,7 +270,7 @@ retry_select: * Processes input from the client and the program. Input data is stored * in buffers and processed later. */ -void +void process_input(fd_set * readset) { int len; @@ -258,20 +282,15 @@ process_input(fd_set * readset) if (len == 0) { verbose("Connection closed by remote host."); fatal_cleanup(); + } else if (len < 0) { + if (errno != EINTR && errno != EAGAIN) { + verbose("Read error from remote host: %.100s", strerror(errno)); + fatal_cleanup(); + } + } else { + /* Buffer any received data. */ + packet_process_incoming(buf, len); } - /* - * There is a kernel bug on Solaris that causes select to - * sometimes wake up even though there is no data available. - */ - if (len < 0 && errno == EAGAIN) - len = 0; - - if (len < 0) { - verbose("Read error from remote host: %.100s", strerror(errno)); - fatal_cleanup(); - } - /* Buffer any received data. */ - packet_process_incoming(buf, len); } if (compat20) return; @@ -279,9 +298,11 @@ process_input(fd_set * readset) /* Read and buffer any available stdout data from the program. */ if (!fdout_eof && FD_ISSET(fdout, readset)) { len = read(fdout, buf, sizeof(buf)); - if (len <= 0) + if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + /* do nothing */ + } else if (len <= 0) { fdout_eof = 1; - else { + } else { buffer_append(&stdout_buffer, buf, len); fdout_bytes += len; } @@ -289,17 +310,20 @@ process_input(fd_set * readset) /* Read and buffer any available stderr data from the program. */ if (!fderr_eof && FD_ISSET(fderr, readset)) { len = read(fderr, buf, sizeof(buf)); - if (len <= 0) + if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + /* do nothing */ + } else if (len <= 0) { fderr_eof = 1; - else + } else { buffer_append(&stderr_buffer, buf, len); + } } } /* * Sends data from internal buffers to client program stdin. */ -void +void process_output(fd_set * writeset) { int len; @@ -308,7 +332,9 @@ process_output(fd_set * writeset) if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { len = write(fdin, buffer_ptr(&stdin_buffer), buffer_len(&stdin_buffer)); - if (len <= 0) { + if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + /* do nothing */ + } else if (len <= 0) { #ifdef USE_PIPES close(fdin); #else @@ -334,7 +360,7 @@ process_output(fd_set * writeset) * Wait until all buffered output has been sent to the client. * This is used when the program terminates. */ -void +void drain_output() { /* Send any buffered stdout data to the client. */ @@ -359,10 +385,10 @@ drain_output() packet_write_wait(); } -void +void process_buffered_input_packets() { - dispatch_run(DISPATCH_NONBLOCK, NULL); + dispatch_run(DISPATCH_NONBLOCK, NULL, NULL); } /* @@ -372,10 +398,12 @@ process_buffered_input_packets() * stdin (of the child program), and reads from stdout and stderr (of the * child program). */ -void -server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) +void +server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) { - int wait_status, wait_pid; /* Status and pid returned by wait(). */ + fd_set readset, writeset; + int wait_status; /* Status returned by wait(). */ + pid_t wait_pid; /* pid returned by wait(). */ int waiting_termination = 0; /* Have displayed waiting close message. */ unsigned int max_time_milliseconds; unsigned int previous_stdout_buffer_bytes; @@ -394,6 +422,14 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) fdin = fdin_arg; fdout = fdout_arg; fderr = fderr_arg; + + /* nonblocking IO */ + set_nonblock(fdin); + set_nonblock(fdout); + /* we don't have stderr for interactive terminal sessions, see below */ + if (fderr != -1) + set_nonblock(fderr); + connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); @@ -434,7 +470,6 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) /* Main loop of the server for the interactive session mode. */ for (;;) { - fd_set readset, writeset; /* Process buffered packets from the client. */ process_buffered_input_packets(); @@ -604,7 +639,7 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) /* NOTREACHED */ } -void +void server_loop2(void) { fd_set readset, writeset; @@ -638,6 +673,9 @@ server_loop2(void) while ((pid = waitpid(-1, &status, WNOHANG)) > 0) session_close_by_pid(pid, status); child_terminated = 0; + signal(SIGCHLD, sigchld_handler2); + if (used_sessions() == 0) + break; } channel_after_select(&readset, &writeset); process_input(&readset); @@ -650,7 +688,7 @@ server_loop2(void) } void -server_input_stdin_data(int type, int plen) +server_input_stdin_data(int type, int plen, void *ctxt) { char *data; unsigned int data_len; @@ -667,7 +705,7 @@ server_input_stdin_data(int type, int plen) } void -server_input_eof(int type, int plen) +server_input_eof(int type, int plen, void *ctxt) { /* * Eof from the client. The stdin descriptor to the @@ -680,7 +718,7 @@ server_input_eof(int type, int plen) } void -server_input_window_size(int type, int plen) +server_input_window_size(int type, int plen, void *ctxt) { int row = packet_get_int(); int col = packet_get_int(); @@ -697,25 +735,36 @@ int input_direct_tcpip(void) { int sock; - char *host, *originator; - int host_port, originator_port; + char *target, *originator; + int target_port, originator_port; - host = packet_get_string(NULL); - host_port = packet_get_int(); + target = packet_get_string(NULL); + target_port = packet_get_int(); originator = packet_get_string(NULL); originator_port = packet_get_int(); + packet_done(); + + debug("open direct-tcpip: from %s port %d to %s port %d", + originator, originator_port, target, target_port); + /* XXX check permission */ - sock = channel_connect_to(host, host_port); - xfree(host); + if (no_port_forwarding_flag) { + xfree(target); + xfree(originator); + return -1; + } + sock = channel_connect_to(target, target_port); + xfree(target); xfree(originator); if (sock < 0) return -1; return channel_new("direct-tcpip", SSH_CHANNEL_OPEN, - sock, sock, -1, 4*1024, 32*1024, 0, xstrdup("direct-tcpip")); + sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, + CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip")); } -void -server_input_channel_open(int type, int plen) +void +server_input_channel_open(int type, int plen, void *ctxt) { Channel *c = NULL; char *ctype; @@ -730,11 +779,12 @@ server_input_channel_open(int type, int plen) rwindow = packet_get_int(); rmaxpack = packet_get_int(); - log("channel_input_open: ctype %s rchan %d win %d max %d", + debug("server_input_channel_open: ctype %s rchan %d win %d max %d", ctype, rchan, rwindow, rmaxpack); if (strcmp(ctype, "session") == 0) { debug("open session"); + packet_done(); /* * A server session has no fd to read or write * until a CHANNEL_REQUEST for a shell is made, @@ -743,7 +793,8 @@ server_input_channel_open(int type, int plen) * CHANNEL_REQUEST messages is registered. */ id = channel_new(ctype, SSH_CHANNEL_LARVAL, - -1, -1, -1, 0, 32*1024, 0, xstrdup("server-session")); + -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT, + 0, xstrdup("server-session")); if (session_open(id) == 1) { channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST, session_input_channel_req, (void *)0); @@ -754,7 +805,6 @@ server_input_channel_open(int type, int plen) channel_free(id); } } else if (strcmp(ctype, "direct-tcpip") == 0) { - debug("open direct-tcpip"); id = input_direct_tcpip(); if (id >= 0) c = channel_lookup(id); @@ -783,7 +833,7 @@ server_input_channel_open(int type, int plen) xfree(ctype); } -void +void server_init_dispatch_20() { debug("server_init_dispatch_20"); @@ -798,7 +848,7 @@ server_init_dispatch_20() dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request); dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); } -void +void server_init_dispatch_13() { debug("server_init_dispatch_13"); @@ -813,7 +863,7 @@ server_init_dispatch_13() dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); } -void +void server_init_dispatch_15() { server_init_dispatch_13(); @@ -821,7 +871,7 @@ server_init_dispatch_15() dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof); dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose); } -void +void server_init_dispatch() { if (compat20)